And is anyone here surprised by this?
Anyone at all?
580 posts • joined 23 Sep 2009
Anyone at all?
potential consequences of successful remote exploitation include voltage changes that could result in sensory denial, disability, and death
Similar to the existing Denial Of Sense attack, that uses alcohol as the vector.
This is absolutely the norm for how companies (and governments) use and handle data from FB, Google, Twitter, et al; and one would have to be profoundly [dense | gullible | oblivious | in denial | your pejorative here] to believe Zuck's (or any other social media exec's) protestations to the contrary.
I thought GDPR applied to natural people? This seems to be a company account.
"Corporations are people, too*, my friend."
-- Mitt Romney
* In the US, anyway.
The final product can be used in a Selective Laser Sintering (SLS) 3D printer
However, the precursor process works by extrusion.
Mine's the brown 3D-printed one. Probably best if you don't check the pockets.
Obviously they wouldn't call it that; but Google's Chromebook is eating Apple's lunch in the education market. That's partly due to the cost differential, of course; but also partly due to the fact that typing or writing -- key school activities, or at least they used to be -- are crap on a touch screen. If Apple could deliver iOS app compatibility in a reasonably-priced, thin, and light clamshell form factor, they might have something competitive -- assuming that they also sort out the device management thing.
Adults who mostly web-surf and email might also be interested in a laptop-lite that doesn't include the Google slurp.
If you query via Cloudflare only they can hit you with an optimized CDN endpoint straight away. [...] So there is a very clear self-interest here as well.
Well, sure. So what? They're indirectly monetizing the service by making their core paid-for service more attractive. From my viewpoint as both a consumer and a CloudFlare customer, that is vastly superior to the usual "log forever - mine - resell - repeat" monetization cycle that most internet companies use...
...but that's only the case if CloudFlare is being truthful about their DNS log retention and data usage. They claim to have engaged a firm to conduct annual audits, but who's to say if that means anything? The junk mortgage bonds that precipitated the global housing crisis and financial collapse were audited and rated, too.
The price difference between any cellular and non-cellular device (not just Apple) is usually around £100.
Which itself pales in comparison to the cellular service charges that will be paid over the life of the device.
Politicians consider themselves to be above the law.
We now return to our regular programming.
Things I disable when installing a browser:
* Browser "telemetry" / health reports / etc.
* Notifications / update subscriptions
* Persistent cookies
* Pocket (if Firefox)
* Media autoplay
I'm still limping along with an aging and increasingly creaky copy of Creative Suite 6, because Creative Cloud is blindingly expensive and an enormous PITA.
Looking ahead to when CS6 will no longer work, Adobe's rapacious CC pricing seems to be creating opportunities for others. There are several very decent cross-platform, multi-layer photo editors out there now at a range of price points -- especially if you don't need PhotoShop's more obscure features. I've also been impressed with the downloadable version of Gravit Designer as a simpler but capable alternative to Illustrator.
I understand that prisoners get a 'personalised experience'.
+1 Marcus. I laughed out loud at that one.
I'll try to spend my money into any company that still makes software which is actually meant to be used by me to achieve my aims, not to use me to achieve someone else's.
If you find such a company, please share it with the group.
The spyware-enabled, data-mined, location-stalked experience that Adobe is bleating about is not "personalized," it is mechanized.
Adobe Stalker Cloud "recognizes" me the same way the HID prox reader on the door at work recognizes my fob. In internet-marketer world, though, that's a "personalized experience" which is exactly the same as having a friendly human at the door, who opens it for me because s/he recognizes me as another human person.
I'm so effing sick of creating separate logins for every site. Unfortunately, the only OpenID logins that are widely supported are FU-book and Google.
I would pay for a SSO provider that (a) is well supported by sites that I want to use, and (b) does not sell my usage data -- including so-called "anonymized" data, which we all know is trivially easy to reverse. Stalk-free OpenID could be an add-on or bundle with another common web service -- domain/web hosting, or a privacy-focused mail service such as Proton Mail.
People take to the streets to protest the NSA and many other government agencies slurping up all their personal information while at the same time handing all that same information over to Facebook, Twitter, et al. People would never allow the police to place a microphone in their home but will pay Amazon and Google to do the same thing.
^^^ THIS ^^^
there's no reason why this cannot be just a per-user backup rather than being data-mined and combined with other users' contacts
I get sick of people drawing a false equivalency between Apple's and Google's use of user data.
There's a difference between "data storing" and "data mining." Apple has repeatedly stated that monetizing user data is not part of their business model. Compare that to Google, where it is their entire business model.
iOS does much more of its processing on the device, vs. Android where it's almost all done in the cloud. For example, when an iOS calendar reminder shows you the estimated travel time to the event location, that integration is performed locally on the device by iOS. Even if you never set up iCloud, stuff like that will still work.
On Android, that work is done by Google's servers. There's no technical reason why Android needs to send everything to Google to do that, of course; the devices are perfectly capable. It goes to the cloud so that Google can use it to
build a surveillance database of everything you do online and offline show you relevant ads.
As opposed to the FCC, which is firmly and fully committed to using the privacy of consumers to protect tools.
Don't assume that you are somehow immune to this -- no matter what country you live in. If the data exists and government thinks it would be useful, they will create the legal or semi-legal means to allow them to get it.
Can you imagine how much the service contract must've cost?
My favorite line on the Comper website:
Based on your basal body temperature data, Comper App can accurately predict your next accurately predict your nex (It's extra sentence that need to be deleted) menstrual cycle and ovulation.
...while elsewhere bragging about their attention to detail in the product design.
Which, if done at a luxury conference center, would no doubt be dubbed "glagging."
The only think I see of any use with any of this is saving energy by having better control of your heating when you're in
Every HVAC person I know says that the most efficient way to run most home systems is to set them at one temperature and leave them alone.
When you turn off the HVAC, the walls and objects in your house get cold (or hot, depending on climate / season). This means that when the system comes back on, it requires more energy to return the house to the desired temperature.
I have not done a/b testing of this on my own system; but I follow this advice, and my energy usage is generally in the lowest 1/3 among comparable homes, according to electric company data.
...trying to create "walled gardens" ... Just so they can rip customers off
The walled garden approach is more about data gathering than hardware revenue. Google, Amazon, etc collect mass quantities of data from these in-home sensors and their various control hubs and smart assistants. Each additional sensor that they can access means more of that sweet, sweet user data.
The real rip-off will come when they combine the above-mentioned sensor data with everything else that they know about you, and then use / monetize the resultant psychographic profile for their (and their "partners'") benefit, and to your detriment, over and over and over again.
I cannot for the life of me understand why anyone would willingly install a corporate surveillance device in their home -- much less an entire connected suite of them. Corporations exist for exactly one reason: to return value to shareholders. If data can be monetized, it will. (Spoiler alert: it can.) Anyone who thinks they're just collecting all this data "to improve your user experience" is (a) hopelessly ignorant, and (b) exactly their target market.
Thinking about it, once you have three or four (or more) small UPS's in the home, having one stonking great battery system starts to make sense.
US electric utilities are starting to move residential customers onto Time Of Use billing, where peak-hour electricity can cost 5x-10x more than off-peak*. If the rate differential is high enough, a "stonking great battery system" might pay for itself by storing cheaper off-peak power, and using it to partially offset demand during peak hours.
* The real point of "smart meters." Laying off all the meter readers was just a goodie grab-bag extra.
In practice this sort of thing doesn't use a Linux based commercial board such as they have picked
"I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail."
-- Abraham Maslow, The Psychology of Science, 1966
I waited eagerly for the new MBPs to come out as well. Fortunately, I went to Best Buy and tried typing on the "butterfly" keyboard before ordering. What a disappointment. I couldn't imagine why anyone would drop that much cash on a machine with such a crap keyboard.
I despise Windows 10, so ended up getting a refurb 2015 i7 MBP instead. Quite a bit cheaper than the new ones, and the slight step-down in power isn't an issue for my application. The keyboard is great; I make way fewer typing mistake on the MBP than I did on the Lenovo that it replaced.
Anyone in tech who needs Best Buy to fix their computers is not qualified to be reading The Register!
Agreed; but it's still good to be aware of these issues. This sort of bounty-hunting chicanery is probably fairly common at break-fix outsourcing companies as well.
I hereby award Christoph the coveted "Best Obligatory XKCD Of The Week" trophy.
there are always strings attached somewhere
Typically, those are attached to the guitar.
It's only a matter of time before there are web sites where you can select an audio file, type in your desired command, select a target device type, and then download your custom attack. Then the real fun begins.
Alexa, set the temperature to 40 C
OK Google, open the garage door. OK Google, close the garage door.
Siri, show all the pics in the folder named private on the TV
extensions.pocket.enabled > false
Without Facebook, how would we ever know that our high-school acquaintance's neighbor's ex-husband has commented on something?
When was the last time you bought any tech product that came with more than a "getting started" card? Sucks, but that's been the industry norm for over a decade now.
“If we move to a state of pervasive surveillance we lose that mobility.”
If?!? Dude, that train left the station years ago...
Plus, giving Google (or any tech company) your mobile number provides them with yet another way to cross-correlate you with other online and offline data that they have gathered.
IMO the only useful 2FA method that addresses the lost-device problem is to use an app like Authy, that allows you to back up your code generator settings and access them on another device. Of course, that means the backup mechanism itself becomes an attack target...
Dang. Security is hard...
Erection? That sir is clearly a paintbrush!
If the phone in the image is an iPhone 7, it might be his dongle.
Where do you get this idea that Google are doing something different to what apple, FS ebook, Microsoft, Yahoo and pretty much everyone else is doing?
Um, that's all you, my anonymous friend. My post didn't say that at all...
...leading some to fear their copy-paste actions were being snooped on and question the privacy protections on their OnePlus handsets.
Meanwhile, the phone is sending Google their GPS coordinates (or cell tower triangulations if location is off), all of their passwords, the contents of their email, all of their contacts, etc etc etc.
"When it comes to government investigations, it's our policy to cooperate with all valid searches and requests for data."
And of course, by "cooperate with" they mean "actively subvert."
When any part of the US government gives something a name or acronym that purports to guarantee, provide, or restore freedom / liberty / democracy / etc., you can be sure that it is in fact designed to do the opposite.
c.f. USA Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism); USA Freedom Act (which codifies indefinite detention, secret searches based on secret "warrants" that are rubber-stamped by a secret kangaroo court, secret and gag-ordered warrantless electronic searches via National Security Letter, etc.).
Now add the "restoring internet freedom order" to that list; except in this case, it's expanding the censorship and taxation powers of private companies instead of the government.
You are NOT REQUIRED to use Face ID (or Touch ID) at all. It has an off switch. You don't even have to train it.
If it doesn't work for some reason, you can still unlock the device with a PIN or password -- which you have to set up before you can even enable and train the biometric.
On restart, the biometric login is disabled until the password or PIN has been entered.
Apple stores all of the credentials -- bio and otherwise -- in an encrypted secure enclave, and said data never leaves the device.
This stuff is all well documented. Read more, harrumph less.
I still don't know how those phones sell.
The same way that Pixel 2s (also with no headphone jack) sell: briskly, as it turns out.
The courts have ruled very consistently that police can compel you to unlock a phone or computer if it's locked using biometrics. [...] This is just Apple's way of putting in a backdoor for Law Enforcement without having to call it one.
How is this argument specific to Apple? Samsung, Google, Moto, and many other devices also have fingerprint scanners, and/or more easily fooled facial recognition.
No one is forcing you to use biometrics, or any other convenience login. Delete the training and turn off the feature. Problem solved.
"all self-inflicted therefore warranty on our beautiful $15m system was void"
...but look at all the money we saved!
Yet another bowl of toxic hellstew.
Biting the hand that feeds IT © 1998–2018