The rise and fall of Adobe Flash
Before Adobe Flash Player sunsets this December, we talk its legacy with those who built it.
Written by ArsTechnica/ Courtesy of
Few technologies have yielded such divisive and widespread passion as Flash. Many gush over its versatility and ease of use as a creative platform or its critical role in the rise of web video. Others abhor Flash-based advertising and Web design, or they despise the resource-intensiveness of the Flash Player plugin in its later years.
Whichever side of the love-hate divide you land on, there’s no denying the fact that Flash changed how we consume, create, and interact with content on the Web. For better and worse, it helped shape the Internet of today.
But now, after roughly 25 years, Flash is finally nearing its end. In less than six months—December 2020—Adobe will officially end support and distribution of Flash Player, the browser plugin we all associate most strongly with the technology. And already, months ahead of this end-of-life switch, Flash has been disabled in most Web browsers (often flagged as a security risk should you choose to override the default settings). Even Google Chrome, long the browser of choice for Flash content, will soon remove Flash Player.
Technically speaking, the technology will live on. The Flash authoring tool is part of Adobe Animate, while the rendering engine is included in Adobe AIR—which will be handed over to enterprise electronics company Harman International for ongoing maintenance, as it’s still widely used in the enterprise arena. But it’s safe to say that, after a decade in decline, Flash as we know it is about to say goodbye.
In recognition of its service to content creators and consumers of all stripes, of its contribution to the proliferation of online video and multimedia, and of that divisiveness that’s followed the platform around, the time has come to revisit the rise and fall of Flash—with a little help from its principal creator, Jonathan Gay; a raft of Web resources; and interviews with others who had a hand in its ultimate success.
Birth, or a wave of the future
Sometime around the middle of 1992, Jonathan Gay decided he wanted to start a company to make something. What, precisely, he’d not figured out. But something.
More than eight years earlier, his friend and former boss Charlie Jackson had founded Silicon Beach Software—a Mac-focused software company that had great success with its Dark Castle games and the SuperPaint and Digital Darkroom creative tools. Gay had been there from day one as a teenage programmer working afternoons after school. (Not just any programmer, either, but the “most phenomenal programmer” that Jackson had ever seen.) Then early in 1990, to fund his dream of competing for the United States in international rapid-fire pistol shooting (a dream he later fulfilled), Jackson sold Silicon Beach to Aldus Corporation.
Gay asked Jackson for help starting this new company, but Jackson still had six months remaining on his non-compete agreement with Aldus and couldn’t do anything until then. He told Gay to take that time to think of a product. The pair soon landed on the idea of making software for GO Corporation’s PenPoint operating system, an OS designed specifically for tablet computers and personal digital assistants.
It was impressive technology. PenPoint-based tablets could be the next big thing, and the new EO Personal Communicator, made by a company spun out from GO’s hardware division, seemed particularly impressive.
Silicon Beach had built its success on being early to market—on embracing the Macintosh before bigger companies jumped in. This new company, which they named FutureWave, would endeavor to do the same. “The idea was, ‘We can own the graphics space on this tablet,'” Jackson told Ars. “So we started to design a vector drawing program. And we called this SmartSketch.”
With the combined business acumen of FutureWave’s three co-founders—marketing VP Michelle Welsh was the other one—plus Gay and programmer Robert Tatsumi’s technical wizardry, SmartSketch quickly took shape. But the gamble backfired when AT&T bought a majority stake in the company behind the EO tablet—also called EO—and subsequently killed the product, then bought GO and, to cut a long story short, effectively killed them too.
“I think we sold two copies,” Jackson said. “And one was to the architect who was designing Bill Gates’ house.”
FutureWave soon ported SmartSketch to Windows and Mac, and they hoped to find an audience that appreciated their efforts “to make drawing on a computer as easy as it is drawing on paper.” But the company struggled to pull attention away from their many larger competitors (Corel, Adobe, Autodesk, etc).
Their course changed when Wacom—which had been bundling SmartSketch with some of its digitizer tablets—ran into budgetary problems and needed to pull out of SIGGRAPH ’95. They gave their booth to FutureWave and told the tiny startup to bring lots of SmartSketch boxes—as it’s always a good event for product sales. “We didn’t sell anything,” recalled Gay. “It was pretty embarrassing.”
Across the aisle, a company called Animo had a Disney-style animation package for television and movie production. Lots of people were drawn to that booth, and many of them stopped by FutureWave’s space to look at SmartSketch—whereupon they’d recommend FutureWave make a rotoscoping app. “We thought there was never going to be a market for an animation tool,” said Gay, “but it sounded like a fun thing to build.”
Around the same time, Jackson had been struggling to convince retailers to stock SmartSketch. Then he noticed that CompUSA had kiosks and shelves of products in prime positioning with the phrase ‘made for the Web’ stamped on them. So, he told Gay they needed to do something for the Web.
Gay wondered if maybe somehow they could combine these ideas together: a cel-based animation program that could produce animations that play on webpages.
They initially called this new program SmartSketch Animator, though they would later rename it CelAnimator and then FutureSplash Animator. And to fulfill the Web requirement, they hacked together a prototype Web animation player—the FutureSplash Player—in Java.
They’d grown tired of running a company with no money and no market traction, however, so before they shipped they decided to try to sell the technology. Their friend and fellow Silicon Beach co-founder Eric Zocher—who was VP of engineering at Adobe—set up a meeting for them with Adobe CEO John Warnock.
“I still remember getting on the airplane with a 486 mini desktop in a duffel bag to go meet with John Warnock and show him our incredibly slow Java prototype,” said Gay. “It was doing like two frames a second of this simple animation. It worked, but it was just really slow.”
Read the original article over at ArsTechnica.com.
New ThiefQuest Mac ransomware is even more sinister than it appears
ThiefQuest or EvilQuest can grab passwords and credit card numbers.
Written by Lily Hay Newman / Courtesy of ArsTechnica
The threat of ransomware may seem ubiquitous, but there haven’t been too many strains tailored specifically to infect Apple’s Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. (Researchers originally dubbed it EvilQuest until they discovered the Steam game series of the same name.)
In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or “second stage,” attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.
“Looking at the code, if you split the ransomware logic from all the other backdoor logic the two pieces completely make sense as individual malware. But compiling them together you’re kind of like what?” says Patrick Wardle, principal security researcher at the Mac management firm Jamf. “My current gut feeling about all of this is that someone basically was designing a piece of Mac malware that would give them the ability to completely remotely control an infected system. And then they also added some ransomware capability as a way to make extra money.”
Though ThiefQuest is packed with menacing features, it’s unlikely to infect your Mac anytime soon unless you download pirated, unvetted software. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton. K7’s Devadoss notes that the malware itself is designed to look like a “Google Software Update program.” So far, though, the researchers say that it doesn’t seem to have a significant number of downloads, and no one has paid a ransom to the bitcoin address the attackers provide.
For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It’s a good reminder to get your software from trustworthy sources, like developers whose code is “signed” by Apple to prove its legitimacy, or from Apple’s App Store itself. But if you’re someone who already torrents programs and is used to ignoring Apple’s flags, ThiefQuest illustrates the risks of that approach.
Apple declined to comment for this story.
What does it want?
Though ThiefQuest has an extensive suite of capabilities in fusing ransomware with spyware, it’s unclear for what ends, particularly because the ransomware component seems incomplete. The malware shows a ransom note that demands payment, but it only lists a static bitcoin address where victims can send money. Given bitcoin’s anonymity features, attackers who intended to decrypt a victim’s systems upon receiving payment would have no way to tell who had paid already and who hadn’t. Additionally, the note doesn’t list an email address that victims can use to correspond with the attackers about receiving a decryption key—another sign that the malware may not actually be intended as ransomware. Jamf’s Wardle also found in his analysis that, while the malware has all the components it would need to decrypt the files, they don’t seem to be set up to actually function in the wild.
The researchers also emphasize that attackers looking to conduct clandestine reconnaissance with spyware usually want to be as discrete and inconspicuous as possible. Adding ransomware into the mix simply announces the malware’s presence and would likely change a user’s behavior on the device, because all of their files are being encrypted and they’re seeing a dramatic ransom note on their screen. It’s not a situation where you would be likely to do some casual online shopping or log into your bank account. By the same token, ransomware doesn’t usually need to establish persistence on a device and endure through reboots, because it simply needs to initiate the encryption process. When a program announces itself as malware and then persists, it simply makes it more likely that the security community will flag and analyze the software to block it in the future.
“I would think if your main goal was data exfiltration you would want to stay in the background, do that as silently as possible, and have the best chance of going undetected,” Malwarebytes’ Reed says. “So I don’t really understand the point of this very noisy ransomware. When I installed it for testing, every 30 seconds the computer was screaming at me, beeping at me all the time. It’s really noisy in both the literal and digital sense.”
The malware does include some obfuscation features to help it hide out. The malware won’t run if it detects certain security tools like Norton Antivirus. It also lays low if it’s being opened in a digital environment that’s often used for security testing, like a sandbox or virtual machine. And when analyzing the code itself, the researchers say that some components were carefully obscured so it would be difficult to understand what they do. Strangely, though, others were left out in the open for anyone to see.
Wardle theorizes that the malware may have been intended to quietly run its spyware module first, collect valuable data, and only launch the noisy ransomware as a last-ditch effort to gather some funds from a victim before moving on. In testing, some researchers found it harder than others to induce the malware to start encrypting files as part of its ransomware functionality, which may support Wardle’s theory. But the malware is buggy, and for now it’s unclear what the developers’ true intent is.
Given that the malware is being distributed through torrents, seems to focus on stealing money, and still has some kinks, the researchers say it was likely created by criminal hackers rather than nation-state spies looking to conduct espionage. It’s not entirely uncommon in the realm of Windows malware to don a ransomware guise as a distraction or false flag. The NotPetya malware, which caused the most impactful and costly cyberattack in history, pretended to be ransomware, after all. Still, given how rare Mac ransomware is, it’s surprising to see ThiefQuest take such a murky approach.
Perhaps the malware is using ransomware’s hallmark file encryption as a destructive tool in an attempt to permanently lock users out of their computers. Or maybe ThiefQuest is just looking to get as much money out of victims as possible. The real question with Mac ransomware, as always, is what will come next?
Read the original article over at ArsTechnica.com.
Doomscrolling Is Slowly Eroding Your Mental Health
Doomscrolling through your phone for an extra two hours every night won’t stop the apocalypse—but it could stop you from being psychologically prepared for it.
Article courtesy of Wired
It’s 11:37 pm and the pattern shows no signs of shifting. At 1:12 am, it’s more of the same. Thumb down, thumb up. Twitter, Instagram, and—if you’re feeling particularly wrought/masochistic—Facebook. Ever since the Covid-19 pandemic left a great many people locked down in their homes in early March, the evening ritual has been codifying: Each night ends the way the day began, with an endless scroll through social media in a desperate search for clarity.
To those who have become purveyors of the perverse exercise, like The New York Times’ Kevin Roose, this habit has become known as doomsurfing, or “falling into deep, morbid rabbit holes filled with coronavirus content, agitating myself to the point of physical discomfort, erasing any hope of a good night’s sleep.” For those who prefer their despair be portable, the term is doomscrolling, and as protests over racial injustice and police brutality following the death of George Floyd have joined the Covid-19 crisis in the news cycle, it’s only gotten more intense. The constant stream of news and social media never ends.
Of course, a late-night scroll is nothing new—it’s the kind of thing therapists often hear about when couples say one or the other isn’t providing enough attention. But it used to be that Sunday nights in bed were spent digging through Twitter for Game of Thrones hot takes, or armchair quarterbacking the day’s game. Now, the only thing to binge-watch is the world’s collapse into crisis. Coronavirus deaths (473,000 worldwide and counting), unemployment rates (around 13 percent in the US), protesters in the street on any given day marching for racial justice (countless thousands)—the faucet of data runs nonstop. There are unlimited seasons, and the promise of some answer, or perhaps even some good news, always feels one click away.
But it’s not. Right now, people are living at a time with no easy solutions, a moment with a lot of conflicting “facts” in a rapidly changing landscape. According to Nicole Ellison, who studies communication and social media at the University of Michigan’s School of Information, that means there’s a “lot of demand on cognitive processing to make sense of this. There’s no overarching narrative that helps us.” That, she adds, only compounds the stress and anxiety they’re already feeling.
For years people have questioned the net benefits of platforms like Twitter and Facebook, and while some studies have found social media, when used responsibly, can have positive effects on mental health, it can also lead to anxiety and depression. Or, at the bare minimum, FOMO. And that’s just the result of looking at too many brunch photos or links to celebrity gossip. Add in a global pandemic and civil unrest—and the possibility that social media networks are incentivized to push trending topics into your feeds—and the problem intensifies. “In a situation like that, we engage in these more narrow, immediate survival-oriented behaviors. We’re in fight-or-flight mode,” Ellison says. “Combine that with the fact that, socially, many of us are not going into work and standing around the coffee maker engaging in collective sense-making, and the result is we don’t have a lot of those social resources available to us in the same way.”
The doom and gloom isn’t all the media’s fault, though. Mesfin Bekalu, a research scientist at the Lee Kum Sheung Center for Health and Happiness at Harvard’s T. H. Chan School of Public Health, notes that while a lot of the news is bad, “as humans we have a ‘natural’ tendency to pay more attention to negative news.” This, along with social media algorithms, makes doomscrolling—and its impacts—almost inevitable. “Since the 1970s, we know of the ‘mean world syndrome’—the belief that the world is a more dangerous place to live in than it actually is—as a result of long-term exposure to violence-related content on television,” Bekalu says. “So, doomscrolling can lead to the same long-term effects on mental health unless we mount interventions that address users’ behaviors and guide the design of social media platforms in ways that improve mental health and well-being.”
The effects of doomscrolling also vary depending on who’s doing it. Allissa Richardson, a professor at USC’s Annenberg School of Communication and Journalism, notes that when she was researching her new book Bearing Witness While Black: African Americans, Smartphones, and the New Protest #Journalism, she spoke to many activists who didn’t participate in doomscrolling simply because, they said, “I can’t see myself being killed over and over again in this tiny square on my phone.” Being able to participate in, and then opt out of, excessive social media use is, she notes, a privilege, which is why, when it comes to social media, many black users turn to Verzuz battles on Instagram Live and other forms of black joy as an act of resistance. “Doomscrolling for black people works in the inverse, we’re actually trying to look for something separate and apart from bad things,” Richardson says. “For many nonblack Americans, this has been an incredibly enriching time, and doomscrolling for them is a deep dive into the things maybe they weren’t educated well about in the first place or maybe did have an inkling about but were ignoring.”
To that end, there have been some upsides to the constant clicking. Social media is helping people stay connected during lockdown, and as the conversation shifted away from Covid-19 and toward racial justice and the Black Lives Matter movement, it’s become a tool for active engagement—spreading news about protests, bail funds, community resources—rather than just a forum for the passive consumption of pandemic updates. Yet the late-night digging, the endless reading of bad news, is draining. (It can also, Richardson notes, endanger protesters whose identities get spread around in other people’s feeds.) It’s a compulsion that’s only gotten worse in recent months, and one that points to humanity’s quest to find coping mechanisms when many of them have been stripped away.
So, the doomscrolling continues. The actual origins of the term are a bit murky, though many point to this tweet from October 2018 as a possible forebear. More recently, doomscrolling was designated one of Merriam-Webster’s Words We’re Watching, and Dictionary.com named it one of its New Words We Created Because of Coronavirus.
There’s something else in the etymology, though. Particularly in the word doom. Originally, the word had connotations that related it to judgement day and the end of the world, but now it’s just as likely to be associated with destruction or ruin. The act of doomscrolling, then, is to roll toward annihilation. Or, to borrow a phrase from Joan Didion (writing during America’s last traumatic, generation-defining year, 1968), it is an act of slouching toward quietus. Taken biblically, it has a Revelation tone. Each swipe through the timeline marks the end of a day of reckoning—for the state of the world at large and for the person attached to each appendage doing the scrolling. Simultaneously, each person watches the demise of so much, while also slowly destroying themselves. (This rush to judgement could also explain why so many public figures are now facing cancelation.) Didion lifted “slouching towards Bethlehem” from W. B. Yeats’ poem “The Second Coming,” itself a reflection on the destruction caused by World War I written amidst the 1918 flu pandemic. It’s only natural that the world’s scrolling reflects those writers’ apocryphal Apocalypse visions.
At the same time, it doesn’t have to. Doomscrolling will never actually stop the doom itself. Feeling informed can be a salve, but being overwhelmed by tragedy serves no purpose. The current year is nothing if not a marathon; trying to sprint to the end of one’s feed will only cause burnout and a decline in mental health among the people whose level-headedness is needed most. That means you, dear reader. Amidst all of the pain, isolation, and destruction of the past six months, it’s not worth it to add on to the strain with two hours of excess Twitter every night. Perhaps now just needs to be the End Times for your timeline.
Read the original article over at Wired.com.
Every New iPhone Feature Apple Revealed for iOS 14
Your home screen is changing, and your car keys may become optional. Here’s what you can expect in iOS 14.
The iPhone’s software is getting a facelift this year. At its virtual WWDC (Worldwide Developers Conference), Apple previewed the many upgrades coming to your iPhone in the next version of its mobile operating system, iOS 14. Notably, your home screen could look very different in the future, and the iPhone could become your new set of car keys in a few years’ time.
We’ve collected all the top upgrades you’ll find in iOS 14 when it debuts later this fall, and some small changes too.
For years, the iPhone home screen has been a grid of app icons that go on for pages and pages. That’s beginning to change. In iOS 14, you can hide pages of apps you don’t use often, and a scroll to the right will let you access your new App Library. It’s quite similar to the app drawer on Android phones, but instead of more icons in an endless vertical stream, apps are grouped into various categories like Social, Productivity, and Entertainment.
The top two categories (which look like big folders) are Suggested and Recent Apps. Suggested Apps uses machine learning to recommend apps you might want to use next, and Recent Apps shows apps you recently used or installed. There’s also a search bar at the top.
Until now, the iPhone’s widgets have been relegated to the Today View on the left of the main screen. Now, you can pull these widgets out and into your home screen (just like on Android) and get alternate sizes for them. This allows you to customize how your phone looks, and quickly access certain functions, like switching music tracks with your music app’s widget. To see all the widgets available with the apps you have installed, there’s a Widget Library. Developers can start making new home screen widgets for their respective apps.
One particular widget Apple called out is Smart Stack, which bundles together a variety of widgets into one oblong-shaped box. You can swipe through this widget to see the others, and the Smart Stack also automatically changes based on the time of day and your usual activity. For example, in the morning, Smart Stack might show you a morning news briefing. In the afternoon, it might switch to your calendar widget, and in the evening, it might show your fitness activity summary.
If you’re watching a movie on your iPhone but you need to switch to a messaging app to respond to someone, Apple’s new picture-in-picture mode means you don’t need to hit the pause button. Instead, you’ll see a floating screen over your home screen (or any other app). You can resize it, drag it around, and control video playback. You can even minimize it to the side of the screen but still have audio playing if you need your iPhone’s full screen for something else.
Siri Gets a Revamp
A new version of Siri won’t take up your whole screen when you just want to ask a question. Instead, Siri now looks like a small bubble at the bottom of the screen. Ask it for the weather, and you’ll see a pop-up notification at the top of the screen with the answer. It’s a little smarter, too. It can access information from across the web (to some degree), and can also now send audio messages for you in the Messages app.
A Translate App
Apple’s moving in on Google, offering a new Translate app. At the moment, it supports 11 languages, and an on-device mode keeps text and voice translations private. If you turn your iPhone into landscape view, the app will turn on Conversation mode, which offers a side-by-side view that makes it easy for both parties to see the translation.
Your Messages app is getting a slew of updates. First, you can now pin important conversations to the very top of the app. These will appear as big circles, different from the other threads in the app, and you can pin up to nine threads. For group messages, you’ll see bubble images of everyone in a group at the top of the screen, and people who have been more active than others will appear slightly bigger (you can also set a group photo). In group chats, you can reply inline to specific messages and view this as a separate thread. You can also type someone’s name to “mention” someone, similar to using the @ function on other messaging apps like Facebook Messenger or Slack. With the latter feature, you can have conversations only send a notification if you have been mentioned.
There are new Memoji designs to choose from, including 20 new hair and headwear styles, more face coverings, and age options. There are three new Memoji stickers too: a hug, a fistbump, and blush.
Maps & CarPlay Updates
The redesigned Apple Maps that Apple introduced last year will be coming to three new countries in 2020: the UK, Ireland, and Canada. Apple says it’s working with trusted brands to offer integrated travel guides into Apple Maps, which will include recommendations for places around you. Perhaps even more helpful, Maps will now tell you when you are approaching a speed or red-light camera.
Cycling navigation is also coming to Maps. It will take into account elevation, so you’ll know if you’ll be dealing with a lot of hills. Unfortunately, it will only be available in New York, Los Angeles, the San Francisco Bay Area, Shanghai, and Beijing to start. More cities are on the way in the coming months. You can ask Siri for cycling directions.
If you have an electric car, you’ll be happy to learn that Apple is adding EV routing into Maps. It takes into account temperature, weather, elevation, and other information to automatically add charging stations to your route if you’ll need to juice up soon. It’s working on deep integration with car manufacturers like BMW and Ford, so it will know exactly which stations will support your car.
If your car supports Apple’s CarPlay service, you will soon be able to tap your phone to the door of the car to unlock it via NFC technology, just like paying with Apple Pay. If you lose your iPhone, you can turn off keys remotely via iCloud. You can even “share” your car keys via iMessage, and set restricted driver profiles, which can limit things like acceleration, top speed, and more. The first car to support this feature will be the 2021 BMW 5 Series, and it will likely take a number of years for a good portion of vehicles to support it.
Apple wants to make it easier for you to find and use new apps based on what you are doing and where you are. This comes in the form of App Clips, which are bite-sized versions (10-megabytes or less) of apps that you can use for one-off instances. For example, if you’re browsing Panera’s menu in Safari or looking up the closest restaurants near you in Maps, an App Clip might pop up from the bottom of your screen. It’s a lightweight version of the Panera app you can use to check the menu and place an order for pick up. It relies on Apple Pay and Apple’s sign-in instead of requiring you to make a Panera account if you don’t have one.
Another example is using an App Clip to pay for a parking meter or to rent a scooter. These App Clips can be found by tappable NFC tags, or QR codes around you. If you need to find the App Clip again, you can see them in the new App Library, so you can download the full app later if you want. It’s very similar to Android Instant Apps, which Google introduced a few years ago.
Other Small Changes
Those are some of the major iOS 14 upgrades. Here are some smaller tidbits. If you want to read every single update, check out Apple’s iOS 14 preview website.
- You can change the default email and web browser apps. So you can replace Apple’s Mail app with Gmail, for example.
- Universal Search now won’t interrupt whatever you’re doing; and you can use it to search for anything: you can search for installed apps, find contacts, search within apps, and complete web searches.
- You can search for emojis with the keyboard.
- You’ll be able to port your existing account with an app to “Sign in With Apple.”
- The keyboard’s dictation feature now uses the same engine as the one used for Siri, meaning your dictations will be more accurate. It’s also running on-device, so it works offline.
- When you get a call, the notification will be a banner at the top instead of taking up the whole screen.
- You can share your approximate location with apps instead of your precise location.
- You’ll now see a pop-up notification when an app wants to track you across apps and websites owned by other companies. You can ask the app not to track you, or allow it. This means it will reduce the amount of data collected by the app.
- Similarly, new cards in the App Store will show what kind of data apps might collect before you install an app. It’s meant to act just like the nutrition label on food packaging.
- You can share App Store subscriptions with your whole family.
- There is a camera recording indicator in the status bar.
- For camera upgrades, the camera can now shoot photos up to 90 percent faster, at up to four frames per second. QuickTake video is now available on the iPhone XR and XS. And you can quickly toggle the video resolution and frame rate in video mode. If you have an iPhone 11 or 11 Pro, Night mode now offers up a guidance indicator to make sure you stay steady during capture, and you can also cancel a Night mode shot midway instead of waiting until the end.
- The Health app now lets you add how much sleep you want to get every night. A Wind Down mode prepares your phone for bedtime and wake-up, so you can schedule things like playing soothing sounds. It automatically turns on Do Not Disturb and Sleep Mode. The latter will dim your phone screen, show the date, time, and next alarm.
- You can add captions to photos and videos in the Photos app.
- You can assign reminders to people you share lists with, and they will get a reminder.
When Can You Get iOS 14?
Apple will offer a public beta of iOS 14 in July, and the official update will arrive in the fall, usually around the time Apple launches new iPhones in September. Any phone that supported iOS 13 will be eligible for the update, including the iPhone 6S, the first-generation iPhone SE, and anything newer.
Read the original article over at Wired.com.
Amid pressure, Zoom will end-to-end encrypt all calls, free or paid
Bowing to critics, Zoom will offer E2EE if non-paying customers register an account.
Under pressure from privacy and human rights advocates, Zoom said on Wednesday that it will make end-to-end encryption available to both paying and non-paying users of its video conferencing service.
Previously, Zoom said it would provide end-to-end encryption to paying customers and a less-robust form of encryption, known as transit encryption, to non-paying customers. Zoom said the two-tier offering would allow law enforcement to regulate illicit content coming from users who don’t have accounts and, hence, are harder to track. Paying users, by contrast, had more traceability and, hence, were less likely to use the platform for illegal purposes.
Critics in privacy and human rights circles said the Zoom plans threatened to make privacy a premium feature rather than something that’s available by default. The critics called on Zoom to provide the same protections for all users.
On Wednesday, Zoom announced a new plan to extend end-to-end encryption, or E2EE, to non-paying users.
“To make this possible, Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message,” Zoom CEO Eric Yuan wrote in a post. “Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools—including our Report a User function—we can continue to prevent and fight abuse.”
The registration process is similar to those required by end-to-end messaging services Signal and WhatsApp. Users of each service must prove they have control of a valid phone number. When combined with Zoom measures designed to detect illicit behavior, Yuan said the registration will allow his company to offer E2EE to all users and at the same time enforce safety on its platform.
“This is great news,” Jon Callas, a cryptography expert and senior technology fellow at the American Civil Liberties Union, said in response to the announcement. “Strong encryption everywhere helps everyone. Zoom continues to show us that they’re serious about security and privacy.”
E2EE is vastly different from simply encrypting data in transit. Instead, it provides each user with keys that reside solely on their devices, where communications are encrypted and later decrypted (the encrypted data is usually encrypted a second time as it travels over the wire). With the service provider having no access to the keys that decrypt the data, it’s impossible for law enforcement or malicious insiders to access the human-readable content.
Security and privacy advocates say that this kind of protection is crucial as more and more sensitive information is transmitted over the Internet. Groups such as the Electronic Frontier Foundation argue that E2EE should be made available to all users, whether they pay or not. Currently, Zoom conferences receive only transport encryption with 256-bit AES keys distributed in Galois/Counter Mode over Zoom servers. Yuan said Zoom E2EE will go into beta next month.
Yuan said that once E2EE is implemented, it will be an option that can be turned on because it limits some meeting functionality, such as the ability to connect by traditional phone lines or SIP/H.323 hardware. Hosts will be able to turn E2EE on or off on a per-meeting basis. The CEO also said that account administrators will be able to enable and disable E2EE at the account and group level. An updated design from Zoom E2EE is here.
Read the original article over at ArsTechnica.com.
More than 7 in 10 Americans won’t use contact-tracing apps, data shows
That’s a decline from April, when only 1 in 2 rejected the contact-tracing apps.
Because of the lag between infection and the onset of symptoms, people can contract the SARS-CoV-2 virus and then pass it on, potentially to many others, before they know they’re infected and have to isolate. So being able to identify and warn individuals who have been exposed to an infected person—known as contact tracing—is widely acknowledged to be a vital part of any effective strategy to beat COVID-19. Which is why it is extremely dismaying to see survey data that says fewer than 3 in 10 Americans intend to use contact-tracing apps to allow that to happen.
The data was gathered from an online survey of just over 2,000 people in the United States, collected on June 1 by polling company Opinion Matters on behalf of the security company Avira. When asked if they planned to download a contact-tracing app, an overwhelming majority—71 percent—answered no. Not only is that bad, it appears to be a deterioration from earlier this year; in April, we covered a poll that found 1 in 2 Americans would probably or definitely not use a contact-tracing app.
Most of the resistance to downloading a contact-tracing app came from people over the age of 55. US Centers for Disease Control and Prevention data show that people aged 55 and over account for almost 80 percent of US COVID-19 deaths to date.
It’s a trust thing
Survey respondents who replied “no” to the first question were then asked to explain that decision with a multiple-choice poll. The most common reason cited was a concern about privacy; in all, 44 percent of those who said “no” to a contact-tracing app said they would not trust the technology to protect their digital privacy. But nearly as many (39 percent) also said they thought the apps created a false sense of security, and 37 percent said they believed the apps would not work to slow the spread of the pandemic. Thirty-five percent also indicated a lack of trust in the app providers.
Interestingly, this latest poll shows quite a divergence to April’s results when it comes to the organizations people would trust to keep their COVID data private.
Two months ago, 57 percent said they’d trust public health agencies, 47 percent said insurance companies, and 43 percent said they’d trust Big Tech. But in today’s poll, only 32 percent said they’d trust Google or Apple, and only 14 percent said they’d trust the government to keep their data private. That suggests a significant deterioration in trust when it comes to public health agencies like the CDC, although the questions asked were not identical, and there may be some differences in survey populations that make a precise comparison between the polls difficult.
Unfortunately, distrust in public health and medical tools to fight the pandemic appears to be widespread in the United States. In recent weeks, other surveys have shown that as few as 50 percent of Americans say they would be vaccinated against the disease, assuming a vaccine were available. Coupled with what appear to be politically motivated decisions to end public health restrictions on gatherings, it is likely that the eventual US death toll from the pandemic will be high indeed.
Read the original article over at ArsTechnica.com.
T-Mobile Outage Disrupts Wireless Network Across US, Companies Deny DDoS Attack
While social media is buzzing with reports of a major DDoS attack, there is currently scant evidence it caused the outages.
T-Mobile, Verizon, and AT&T customers are struggling to place calls across the US in what appears to be a T-Mobile outage.
The telco’s service is struggling with both voice and data, while users of other carriers are experiencing issues when they try to communicate with T-Mobile customers. Update: The T-Mobile issues have mostly resolved.
Likely just an internal error
“Our engineers are working to resolve a voice and data issue that has been affecting customers around the country,” T-Mobile’s president of technology Neville Ray said on Twitter.
“We’re sorry for the inconvenience and hope to have this fixed shortly.”
T-Mobile is the nation’s second largest carrier, after completing its acquisition of Sprint just a few months earlier.
Users from all major carriers have been complaining of errors and outages, but Verizon claims it is because they are trying to connect to T-Mobile users.
“Verizon’s network is performing well. We’re aware that another carrier is having network issues. Calls to and from that carrier may receive an error message,” a Verizon spokesperson said. “We understand Downdetector is falsely reporting Verizon network issues.”
Downdetector, a popular website for tracking outages and issues, is currently showing a number of major outages across telecoms operators and popular websites.
This, combined with a heavily shared imagefrom DDoS-tracker Digital Attack Map, which shows unreliable and unconfirmed data on attacks, appears to have led to a widespread belief on social media that the US is undergoing a major attack (the same tracker showed a similar map just yesterday).
The DDoS attack claim was even shared by Congressman Ted Liu, and is currently the fifth most popular trending hashtag on Twitter.
Separately, earlier this week CBR reported on a major – but unsuccessful – DDoS attack on AWS, which occurred in February, but has only now been publicly discussed. When shared on social media with the headline ‘AWS Hit With a Record 2.3 Tbps DDoS Attack,’ the date is not immediately clear, inadvertently fueling the theory that the US is being DDoS attacked.
There is currently no evidence that a major distributed denial of service attack is happening, although smaller attacks are happening constantly. One of the largest and most successful DDoS attacks happened in 2016, when the attack brought down DNS company Dyn – impacting AWS, as well as Twitter, SoundCloud, Spotify, Netflix, Reddit, Pagerduty, Shopify, Disqus, Freshbooks, Vox Media, PayPal, Etsy, Github, Heroku, Time, PlayStation, the Intercom app and more.
“I have found no indication these outages are DDoS related. Rather, there may be Sprint/T-Mobile issues related to a wonky update in the systems from the Sprint side to help merge with T-Mobile. Not sure what may be up with other carriers,” security researcher Brian Krebs tweeted.
Google Sued for $5 Billion for Tracking Users, Even Those Using ‘Incognito’ Mode
Yet another reminder that your “incognito” browsing is not as private as you believe.
If you’ve been browsing through some porn on a Google Chrome “incognito” window assuming that the trail will be wiped clean the minute you exit it, you’re in for some bad news. Turns out the incognito mode—which gives users the choice to search the internet without their activity being saved to the browser or device—is not really all that “incognito”. A class-action lawsuit was filed against the company on June 2 claiming that the internet giant illegally invades the privacy of users by tracking people, even when they choose to surf using the private mode.
The lawsuit, which seeks at least $5 billion in damages, said that even when a user chose private browsing to have his data protected, Google used tracking tools—like Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps—to gather user data. The incognito mode in Google’s Chrome gives users the chance to browse the internet without their activity being saved, but “Google tracks and collects consumer browsing history and other web activity data no matter what safeguards consumers undertake to protect their data privacy,” states the complaint. This helps Google learn about users’ friends, hobbies, favorite foods, shopping habits, and even the “most intimate and potentially embarrassing things” they search for online, the complaint further said.
The lawsuit was filed on behalf of three people—Chasom Brown and Maria Nguyen, and William Byatt—in California and while Google has faced several other lawsuits over its data collection, this one tries to use the Federal Wiretap Act—which states that users have the right to sue if their private conversations are intercepted. The lawsuit claims that Google intercepts the contents of communication between users and websites by collecting browsing history. The lawsuit also said that Google’s practices deceived consumers into believing that they maintain control of the information shared with the company.
“Incognito mode in Chrome gives you the choice to browse the internet without your activity being saved to your browser or device,” Google spokesman Jose Castaneda, strongly disputed these claims and said to The New York Times. “As we clearly state each time you open a new incognito tab, websites might be able to collect information about your browsing activity during your session.”
A joint study from Microsoft, Carnegie Mellon University and University of Pennsylvania last year investigated more than 22,000 sex websites—which most people visit with their private mode enabled—and revealed that 93 percent of these pages tracked and leaked users’ data to third-party organisations.
Read the original article over at Vice.com.
How to uninstall Cortana in Windows 10 2004
Microsoft’s digital assistant Cortana is evolving and it’s here to stay, but it’s no secret that many Windows 10 users aren’t really big fans of Cortana.
Starting with the release of Windows 10 May 2020 Update, Cortana is now a standalone app and it’s no longer an integral part of the platform.
By default, Cortana ‘app’ is added to the Startup programs which are automatically run when you turn on your PC. If you don’t use Cortana or you want to disable its background presence on Windows 10, you can switch off the feature by following these steps:
- Open Task Manager by pressing CTRL+Shift+Escape keys together
- Click on the tab titled ‘Start-up’.
- Look for a program called Cortana.
- Click on Cortana to highlight it.
- Click the ‘Disable’ option located at bottom-right.
How to uninstall the Cortana app on Windows 10
Since Cortana is now available as a standalone app on Windows 10, you can fire up the Windows PowerShell app and uninstall the app package.
To remove the Cortana app from your current user account, follow these steps:
- Open Start menu.
- Simply type ‘PowerShell’.
- In the PowerShell window, type and enter the following command:
Get-AppxPackage -allusers Microsoft.549981C3F5F10 | Remove-AppxPackage
- Reboot your system.
In PowerShell window, you can also run the following command to remove Cortana from all user accounts:
Get-AppxPackage * Microsoft.549981C3F5F10 * -AllUsers | Remove-AppxPackage
If you want to completely remove the Cortana package from everywhere including ‘WindowsApps’ folder, run the following command:
Remove-AppxProvisionedPackage -Online -PackageName Microsoft.549981C3F5F10_1.1911.21713.0_neutral_ ~ _8wekyb3d8bbwe
The above PowerShell commands remove the Cortana app and all traces of the digital assistant.
You can always reinstall the Cortana app by downloading the package from the Microsoft Store.
Read the original article courtesy of BleepingComputer.com.
Brave Browser busted for autocompleting URLs to versions it profits from
Brave advertises itself as a fast, secure, and private web browser, but it’s been caught quietly earning revenue by redirecting users through affiliate links for certain search queries.
Article courtesy of ZDNet.com.
The browser is trying to carve out a new business model by offering users the choice of viewing ads in exchange for their cryptocurrency, the Basic Attention Token (BAT).
Users can also tip websites they regularly visit in BAT credits based on the idea that website visitors want to pay sites based on user attention to content instead of ads served. It now has 15 million users who have chosen it for its privacy promises.
But, as reported by cryptocurrency news site Decrypt, Brave was caught redirecting the typed URL for Binance, a popular crypto exchange, to a different version of the site’s URL that they earned revenue from. It was doing this without gaining the consent of Brave users.
The redirect was discovered by Yannick Eckl who revealed on Twitter over the weekend that typing in binance[.]us or binance[.]com in Brave redirects the user to the affiliate link ‘binance[.]us/en?ref=35089877’, which earns Brave money.
Brave promoted a deal it struck with Binance in March to bring the exchange’s widget to the browser as part of its effort to create a different business model to other browsers, such as Mozilla’s Firefox, which has historically earned most of its revenues from deals with search-engine providers, such as Google. The widget was designed to make it easier for Brave users to trade cryptocurrency.
The practice is a betrayal of trust for Brave users and potentially its affiliates too, which arguably shouldn’t be paying Brave for visitors who type the affiliate’s URL directly into the browser’s address bar.
Eich, Brave’s CEO, apologized for the redirects and offered an explanation for the behavior, claiming it was a “mistake”.
“It’s not great, and sorry again. I’m sad about it, too,” he wrote.
“We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.”
However, other Twitter users challenged the idea that Brave had simply made a mistake. Further research of Brave’s GitHub repository revealed it was also redirecting the URLs of Ledger, Trezor and Coinbase to URLs that Brave profits from.
In defense of the apparent error, Eich also explained that Brave is “trying to build a viable business that puts users first by aligning interests via private ads that pay user >= what we make on fixed fee schedule, no browser data in the clear on any of our servers, and so on. But we seek skin-in-game affiliate revenue too”.
“The autocomplete default was inspired by search query clientid attribution that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions. Sorry for this mistake – we are clearly not perfect, but we correct course quickly,” he wrote.
He stressed that Brave was not rewriting links in webpages and never would. The behavior was limited to autocompletions when users type in a URL in the browser’s address bar, according to Eich.
Users who don’t want URLs to the crypto sites to be automatically converted to ones that profit Brave can disable the feature ‘Show Brave-suggested sites in autocomplete suggestions’. A future update will switch the setting off by default.
Read the original article courtesy of ZDNet.com