No VPNs in China: Why Apple withdrew VPN apps from its China App Store

Apple recently removed several virtual private network (VPN) apps from its App Store in China. Three VPN providers confirmed removal, and Apple provided a statement that said that regulations put in place in January were the cause. “We have been required to remove some VPN apps in China that do not meet the new regulations,” Apple said in the statement. Last January, China began to more strictly enforce existing regulations that require internet services to obtain licenses.

During Apple’s earnings call on Tuesday, CEO Tim Cook said that not all VPN apps were removed in China. “We were required by the government to remove some of the VPN apps from the app store that don’t meet these new regulations,” but hundreds remain, he said, including apps developed by firms outside China.

VPNs allow encrypted tunnels of internet traffic between a user’s device and a destination VPN server elsewhere on the internet. While it originated as a corporate tool decades ago to allow employees secure access into a company’s internal network, VPNs are used by hundreds of millions of people for privacy in democracies and dictatorships alike. They’re also widely used to get around media lockouts that prevents people in one area from viewing video or listening to audio that isn’t licensed for their country or region.

Read more »

0

Update to iOS 10.3.3 now: Apple patches serious Wi-Fi exploit

iOS users should update immediately to version 10.3.3 to eliminate the risk of a Wi-Fi-based exploit that can be carried out by an attacker in proximity to a device—or potentially through a compromised Wi-Fi router—without any interaction from the user at all.

In the iOS 10.3.3 update, Apple patched a bug that arises from how three models of Broadcom wireless chips, which Apple uses in iOS hardware, processes data. The chips are designed for smartphones and tablets, and aren’t used in Macs or other full-featured PCs. Security researcher Rich Mogull of Securosis said, “As described, the Broadcom vulnerability is extremely serious, but we will need to see the full exploit details to determine the real risk to users on all the various devices out there.”

Instructions on how to install the iOS 10.3.3 update
Read more »

0

iOS

How iOS 11 changes location tracking on your iPhone and iPad

In iOS 11, Apple offersa better way to know what apps are users, which will hopefully lead to apps that are better behaved. This is seemingly an outcome from Uber (and potentially other apps) gathering information from users when the app isn’t in use (although in Uber's case, they may not have crossed a line).

Apple’s guidelines for background location services allow for updates of specific needs, such as with navigation or fitness apps. But there’s no realistic way for Apple to know precisely how apps are tracking data, so the company has to rely on outside reports. A couple of academic efforts to let users track in-app information flow revealed that location (and other private data) may be sent without appropriate disclosure. While Apple provides a small visual cue in the status bar, users have to be paying attention to spot it and might not know what the tiny arrow that appears and disappears means.

The new sophistication and user-interface elements in iOS 11 should make this all a lot clearer. Apple is offering a carrot and stick and cudgel to move the ecosystem further along.

Read more »

0

macOS High Sierra: The new Safari takes steps to reduce persistent user tracking, but is it enough?

In macOS High Sierra, third parties will have a more difficult time sharing any tracking information via Safari. It’s all part of Apple’s approach to privacy, and it's not just lip service. While such policies certainly helps the company from a marketing standpoint, they're also routinely turned into product features.

The new feature seems to have the potential to make it harder for unrelated sites to follow you around the internet. But some experts believe that, while a noble technology to deploy, the action has already shifted to a different front that Apple can’t help with directly.

You’re the product

Read more »

0

How safe is iMessage in the cloud?

Of all the problems iMessage has, Apple says it plans to solve a persistent one: having access to all your conversations on every device, instead of messages and data lying scattered across all the Macs, iPhones, and iPads you use. But is this the right problem to solve?

Apple’s Craig Federighi explained at the 2017 Worldwide Developers Conference that iMessage will be stored in iCloud with “end-to-end encryption,” but provided no other details. Later, he mentioned that Siri training will sync across iCloud instead of being siloed on each of your Apple devices, and that training and marking faces in Photos’ People album will do the same—and with end-to-end encryption.

Despite that encryption promise, this concerns me. It’s better to have the least amount of personal and private information pass through other systems, instead of directly between two devices. It’s especially good to have the least amount of private data stored elsewhere, except if the encryption for that data is firmly under your control or fully independently vetted.

Read more »

0

How to keep your data secure when you travel with your Mac, iPad, and iPhone

Summer is here, and that means vacation travel is up. At U.S. borders, customs officers may ask for your passwords to unlock your devices, or provide access to online accounts, especially social media.

According to many experts, you can refuse, but your devices could be seized and retained for an extended period of time and/or the data copied (even if it’s encrypted and effectively unretrievable). If you’re not a permanent resident of the U.S., you might be denied entry.

If you're worried that you might have to hand over a device with valuable information, then consider this: the less data on hand, the less risk of exposure you have. With this in mind, you could choose to agree to allow device inspection, because there would be nothing of importance to disclose.

Read more »

0

How to use HTTPS to improve web security

HTTP over Transport Layer Security, also know as https, can go a long way to improving the security and privacy on a website. When you see a site's URL with https://, that site exercises good care on its internal security to protect user data and against break-ins

Here are several approaches you can take to improve web security in the way you browse, share links, and configure your own sites, using https.

Install HTTPS Everywhere in Firefox and Chrome. HTTPS Everywhere from the Electronic Frontier Foundation (in conjunction with the Tor Project) automatically redirects from an insecure to a secure site wherever possible. The browser plug-in is available for Chrome, Firefox, and Opera, and Firefox for Android. Safari (and Internet Explorer) aren’t supported because of design choices in the extension architecture in those browsers.

Read more »

0