- Last Active
Twitter's text-based two-factor authentication becomes a paid-only featureThis is an interesting choice with somewhat dubious reasoning: pay us $8 for the continuing privilege of using the least secure MFA mechanism.
Most likely, the SMS's were too costly for Elon's liking, while Authenticator apps are both more secure and effectively free for Twitter to support. So from a financial perspective, it makes a lot of sense. From a security posture, forcing users off of SMS and over to an Authenticator app is a good long-term decision.
However, the outright disabling of nonconforming users' existing SMS MFA on March 20 is a terrible idea, as it will expose what is likely millions and millions of accounts to being compromised, should their passwords have been previously harvested. This will particularly impact users who rarely access Twitter anymore, if at all. A better approach here would be to retain the SMS MFA on those users indefinitely, but require them to explicitly disable MFA or switch to an Authenticator app the next time they access Twitter after 3/20. You should never just turn someone's MFA off without their explicit approval.
White House calls Apple and Google 'harmful' in bid to cut app store feesforegoneconclusion said:ranson said: I fail to understand how this compromises YOUR security. It's very simple. If YOU don't want to use a third party store or sideloading to have access to an app, then YOU don't have to. See, no security problem for you. But others, who want to put software on their phone that Apple has declined to list in their App Store, should have that opportunity, given it is their device that they own. None of that compromises YOUR security in any way.
Secondly, again, if the only reason you can trust an app is because it's in Apple's store, then you are holding on to a false sense of security. If you see an app in Apple's store, and think to yourself that the only reason you're buying is because it's in Apple's Store and you couldn't trust it otherwise; then you're doing it wrong.
White House calls Apple and Google 'harmful' in bid to cut app store feesHedware said:Somehow everybody gets asked except for consumers. As a owner of Apple products, I do not want my privacy and security compromised because some lazy developers want to have open skies. They should attempt to build some decent apps.
I hear the argument that "well, there are apps that will move to their own stores instead of Apple's, and then we can't trust the app maker to not do nefarious things." Fine, then don't install the app. If you can't trust their product because it's not in Apple's Store, then frankly, you can't trust the app at all and should not use it. Note that numerous scam apps are in the Apple Store already (see this AI article from just this morning), and popular apps like Tik Tok and Facebook actively track you in spite of the tracking transparency options. So again, if you think you wouldn't be able to trust them outside of the Apple store, those apps being in the Apple store is really no different. It's a completely false sense of security.
So nobody's security is unwillingly compromised here. We are adults, and we can make informed decisions about what apps to install, even when it runs counter to Apple's opinion. This harms no one except those who choose to go down that road and make bad choices.
iMessage may be coming to Android with SunbirdKTR said:This is like building a Mac clone. Apple legal shut them down. But we seegenovelle said:Considering the keys to Apple’s iMessage encryption lives on the device in the Secure Enclave I’m curious how this would work. Unless it intercepts text messages that have too much data and makes them more accessible and iMessage like.
Most (if not all modern) Android devices include a secure enclave as well. When the user signs in to iMessage for the first time on the device by authenticating with their iCloud credentials, that is when the client generates the encryption keys, stores the private key in the secure enclave, and registers the public key with the iMessage server. So long as they have fully rerverse-enginered the API protocol from sign-in to sending/receiving messages, then it is pretty straightforward and largely identical to the iPhone workflow for the same operations.
Musk taps over 50 Tesla employees to make Twitter changesbloggerblog said:That’s could become a controversial move since Tesla is a public traded company and Twitter is his private company. So borrowing employees from a public company can get weird.