blah64

About

Username
blah64
Joined
Visits
58
Last Active
Roles
member
Points
248
Badges
0
Posts
993

Reactions

163Like0Dislike17Informative

  • Apple agrees to open iPhone NFC for UK's Brexit app by end of 2019

    blah64blah64
    StrangeDays said:
    mac_128 said:
    uroshnor said:
    So the article does not really describe likely what’s is happening.

    Right now , iOS reads NDEF format over NFC, and can respond in a few other formats. (And its pretty strict, it doesn’t do Smart Posters for example, which are a modification of NDEF).

    E-Passports can be encoded in as few different ways, but most are BAC encoded. This means the NFC data is an encrypted blob, and the encryption key is derived from the data on the photo page.

    That’s why at a check in kiosk, you usually put your e-Passport face down and the photo page is being scanned concurrently with reading the chip.

    If you try it today, the Phone realists the epassport is there, but it rejects the encrypted data as invalidly formatted.

    Apple doesn’t need to open up access to the NFC subsystem to read an e-passport, they just need to add an API that supports reading the common encrypted passport formats (eg reading a BAC e-Passport with a supplied key). If they were being super slick, they’d have an API that extracted the key material from an image of the photograph page in the vision framework, and you could pass that straight on to the CoreNFC code.

    If they can do that its super-slick flow, and may even enable Apple Wallet to hold government grade identity cards.

    I would like nothing more than to have my government issued IDs in my Apple Wallet. On the other hand, then my device might become more open to scrutiny by customs and border agencies, and even local police. 
    In Louisiana we already have our state government issued ID on iOS, currently via an app. A new protocol was developed for police stops which employs a hands-off approach. I’ve been pulled over once and so it was. 
    Do tell!  I will be the last person to ever put my state-issued government ID on a mobile device, but I'm quite interested to know what the protocol is in Louisiana, and how it went down for you in a real-world situation.  It's also important to consider how policies evolve and where and how they can be abused.
    GeorgeBMacmac_128watto_cobra

  • Man pleads guilty to hacking celebrity Apple accounts for spending spree

    blah64blah64
    jbdragon said:
    Hacking is not the same thing as phishing.  Mixing them up confuses people.  Turn on 2 factor and you should be protected from phishing even if you happen to fall for their phishing scam.   Turn on 2 factor for every site that you can and that includes iCloud!!!

    Two-factor is great, as long as the 2nd factor isn't SMS.  Texting is not secure or protected in any way, shape, or form, and if your important accounts are password-resettable via SMS authentication then you are playing a dangerous game depending on 2FA. 

    Of course you're also playing a dangerous game if you don't use anything, but the rise of SMS-based 2FA is appalling because it has fooled people into thinking it's safe instead of moving toward solutions that actually are safe.  Why have so many organizations implemented texting-based "protections"?  Simply because it's easy for them, not because it's safe.  Most people text all day without giving a single thought to the fact that it's completely insecure, and businesses take advantage of the fact.  Be smarter.
    watto_cobra

  • Apple's Tim Cook tours China, meets with Vice Premier ahead of March 25 event

    blah64blah64
    GeorgeBMac said:
    Apparently Tim does not see China as a threat but as a very capable partner.   Smart.
    Very clearly, they are both.  And I'm quite sure he does understand this.
    watto_cobra

  • 'Privacy. That's iPhone' ad campaign launches, highlights Apple's stance on user protectio...

    blah64blah64
    cpsro said:
    If Apple truly cared about our privacy, iOS would let users disable Internet access for individual apps. Lots of apps don't need the Internet to perform the tasks for which users installed them.
    The problem is: developers rely on Internet access to track us (for profit). iOS would instantly lose developer support to Android*... or so Apple likely fears. But our privacy is too important.

    *The EFF recently publicly called for Android to be imbued with the ability to disable Internet access for individual apps. And the same plea was made for iOS.
    ^^THIS^^ !!

    Something I've been advocating for years.

    There's more than one way to address this problem.
    1) As you mention, disabling internet access *by* specific apps.
    2) Disabling internet access *to* specific servers or domains.

    The latter is more akin to what Little Snitch does, and frankly, we desperate need something like Little Snitch for iOS, but it would affect a lot of developers that embed all kinds of third party trackers in their apps.  Apple has thus far decided in favor of allowing developers to take this path of embedding spyware in their apps because so many developers have decided this is how they want to make money.  Personally, I think it's a disgrace, and the whole concept of hidden costs in things that people think are "free" is a huge problem worldwide, far beyond apps.

    As it looks like Apple is accelerating their push to be recognized as one of the corporate leaders in data privacy, perhaps now is the time to start pushing them to either:
    a) Open up more of the developer APIs to allow for something like Little Snitch for iOS
    b) Build it themselves

    As consumers we do have some, if limited, power to bring this to Apple management's attention.  Now is a good time.  Start writing.
    fastasleep

  • Facebook embroiled in yet another privacy scandal, this time involving your phone number

    blah64blah64
    seanismorris said:
    The solution is obvious, don’t use Facebook.  Stop the spread of the disease...
    This is not true. 

    Even if you don't use fb, some portion of your friends do, and they probably have you in their contacts list which they share with fb.  For many people that means not just your phone number(s) but your birthday, your address, nickname, your email address(s); depending on your relationship with each person, perhaps your work email address, employer, job title and whatever other notes they have about you.

    As soon as fb has that data, which is really, really hard to prevent leakage of, they are able to tie it together with other stuff that's tied to your phone number.  For example, do you use a grocery store tracking ("loyalty") card?  Grocery stores sell that data to brokers, who in turn share and sell to many companies and other data brokers, including fb.  Now they can track your shopping schedule and everything you eat.  Ever order pizza?  That's a favorite, because now they have your phone number and home address, so that gets tied together and sold upstream as well.

    Not using fb is a good start, but the problem runs much deeper (and wider) than that.
    gatorguy