www. O S N E W S .com
News Features Interviews
BlogContact Editorials
.
Meet the online tracking device that is virtually impossible to block
By Thom Holwerda on 2014-07-22 08:49:25

A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.

First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it.

Advertising companies will become increasingly... 'Creative' to find some way of tracking us that circumvents known laws and technological barriers. However, I doubt you have to worry about the small fish - worry about what the biggest internet advertising company in the world has cooking in its labs.

0  Comments - Email a friend - Printer friendly - Related stories
.
Win access to a game, then proceed to pirate it
By Thom Holwerda on 2014-07-22 08:44:10

Modern Combat 5 has been cracked and uploaded to multiple torrenting websites over the weekend. MC5 is a first person shooter for iOS, Android and Windows 8. The developer and publisher, Gameloft, ran a contest recently and invited players into the game early. One of those winners apparently cracked the game and began distributing it online.

Modern Combat's dev team is not pleased with the situation.

Horrible. You win a contest for early access, and then you turn around and stab them in the back like this. You must be a pretty terrible human being to do something like this.

0  Comments - Email a friend - Printer friendly - Related stories
.
Explaining Continuity: tying iOS 8 and OS X Yosemite together
By Thom Holwerda on 2014-07-21 21:13:25

Continuity isn't a monolithic feature of the new operating systems so much as it is a range of features, each with its own hardware requirements and mode of operation. As we already did for iOS 8's Extensions, in this article we'll be using Apple's developer documentation, WWDC videos, and early reports from forums and rumor sites to explain the technology behind these features. We'll speak in brief about how phone integration and AirDrop work. Then, we'll examine how Handoff works and how developers can integrate Handoff support into their own iOS and OS X applications.

Ars takes a look at Apple's Continuity.

10  Comments - Email a friend - Printer friendly - Related stories
.
Backdoors and surveillance mechanisms in iOS devices
By Thom Holwerda on 2014-07-19 19:06:32

Jonathan Zdziarski's paper about backdoors, attack points and surveillance mechanisms built into iOS is quite, quite interesting.

recent revelations exposed the use (or abuse) of operating system features in the surveillance of targeted individuals by the National Security Agency (NSA), of whom some subjects appear to be American citizens. This paper identifies the most probable techniques that were used, based on the descriptions provided by the media, and today’s possible techniques that could be exploited in the future, based on what may be back doors, bypass switches, general weaknesses, or surveillance mechanisms intended for enterprise use in current release versions of iOS. More importantly, I will identify several services and mechanisms that can be abused by a government agency or malicious party to extract intelligence on a subject, including services that may in fact be back doors introduced by the manufacturer. A number of techniques will also be examined in order to harden the operating system against attempted espionage, including counter-forensics techniques.

This paper is actually half a year old - give or take - but it's gotten a lot of attention recently due to, well, the fact that he has uploaded a PowerPoint from a talk about these matters, which is obviously a little bit more accessible than a proper scientific journal article.

For instance, despite Apple's claims of not being able to read your encrypted iMessages, there's this:

In October 2013, Quarkslab exposed design flaws in Apple's iMessage protocol demonstrating that Apple does, despite its vehement denial, have the technical capability to intercept private iMessage traffic if they so desired, or were coerced to under a court order. The iMessage protocol is touted to use end-to-end encryption, however Quarkslab revealed in their research that the asymmetric keys generated to perform this encryption are exchanged through key directory servers centrally managed by Apple, which allow for substitute keys to be injected to allow eavesdropping to be performed. Similarly, the group revealed that certificate pinning, a very common and easy-to-implement certificate chain security mechanism, was not implemented in iMessage, potentially allowing malicious parties to perform MiTM attacks against iMessage in the same fashion.

There are also several services in iOS that facilitate organisations like the NSA, yet these features have no reason to be there. They are not referenced by any (known) Apple software, do not require developer mode (so they're not debugging tools or anything), and are available on every single iOS device.

One example of these services is a packet sniffer, com.apple.pcapd, which "dumps network traffic and HTTP request/response data traveling into and out of the device" and "can be targeted via WiFi for remote monitoring". It runs on every iOS device. Then there's com.apple.mobile.file_relay, which "completely bypasses Apple’s backup encryption for end-user security", "has evolved considerably, even in iOS 7, to expose much personal data", and is "very intentionally placed and intended to dump data from the device by request".

This second one, especially, only gave relatively limited access in iOS 2.x, but in iOS 7 has grown to give access to pretty much everything, down to "a complete metadata disk sparseimage of the iOS file system, sans actual content", meaning time stamps, file names, names of all installed applications and their documents, configured email accounts, and lot more. As you can see, the exposed information goes quite deep.

Apple is a company that continuously claims it cares about security and your privacy, but yet they actively make it easy to get to all your personal data. There's a massive contradiction between Apple's marketing fluff on the one hand, and the reality of the access iOS provides to your personal data on the other - down to outright lies about Apple not being able to read your iMessages.

Those of us who aren't corporate cheerleaders are not surprised by this in the slightest - Apple, Microsoft, Google, they're all the same - but I still encounter people online every day who seem to believe the marketing nonsense Apple puts out. People, it doesn't get much clearer than this: Apple does not care about your privacy any more or less than its competitors.

54  Comments - Email a friend - Printer friendly - Related stories
.
Google tests new Chrome OS UI that's more Android
By Thom Holwerda on 2014-07-18 23:39:36

Ars Technica reports about Project Athena:

Google-watchers may have already head about "Project Athena," a Chrome OS-related experiment of Google's that has appeared in the Chromium source code a few times in the past. Today we got our first official look at the new interface via Francois Beaufort, a Chrome enthusiast who was hired by Google last year after leaking several high-profile Chrome features.

It looks a heck of a lot like Material Design and Android L UI behaviour coming to Chrome OS. Fascinating to see where this is going, but one thing appears to be clear: in the tug of war between Chrome OS and Android, the latter has won.

18  Comments - Email a friend - Printer friendly - Related stories
.
Lenovo stops selling small Windows tablets due to lack of demand
By Thom Holwerda on 2014-07-18 23:33:01

Lenovo has stopped selling Windows tablets with screen sizes under 10 inches in the U.S. due to lack of interest.

Lenovo has stopped selling two small-screen Windows tablets with 8-inch screens: the ThinkPad 8, which was announced in January and a model of Miix 2, which started shipping in October last year.

This is not a quip, but an honest question: is the size qualifier here really necessary? I.e., do Windows tablets sell in any meaningful number at all, regardless of size? Windows laptops and desktops surely still sell well, but Windows tablets?

Like smartphones, I'm pretty sure this market is dominated by iOS and Android, and Lenovo throwing the towel in the ring here doesn't bode well for any possible third ecosystems - and that sucks.

19  Comments - Email a friend - Printer friendly - Related stories
.
Official guide detailing how to port Sailfish OS to Android devices
By Thom Holwerda on 2014-07-18 09:12:46

This is a guide to help you understand how you can port Sailfish OS to devices running the CyanogenMod flavour of Android.

[...]

By following this guide you can set up a Mer-core based Linux system that will run on an Android device, on top of the existing Android Hardware Adaptation kernel and drivers.

This is the official guide detailing how to port Sailfish OS to run on any Android device supported by CyanogenMod 10.x.

4  Comments - Email a friend - Printer friendly - Related stories
.
Microsoft kills Series 40, Asha
By Thom Holwerda on 2014-07-17 17:17:01

This news will probably fall through the cracks in most reporting about Microsoft's massive layoffs, but aside from the Nokia X, Microsoft is also killing off Series 40 and Asha.

Nokia might have been famous for its feature phones, but Microsoft is planning to wind that business down over the course of the next 18 months. In an internal memo sent to Microsoft employees, Jo Harlow, who heads up the phone business under Microsoft devices, reveals the focus is very much on Windows Phone. Development and investment for Asha, Series 40, and Nokia X handsets will shift to what is described as "maintenance mode," and services to support existing devices will be shut down over the next 18 months. "This means there will be no new features or updates to services on any mobile phones platform as a result of these plans," says Harlow, in the internal memo seen by The Verge.

The story of Series 40 started in 1999 with the iconic Nokia 7110, and it will now end with the Nokia Asha 210 (I think?), or the Nokia Asha 230 if you consider the Asha Software Platform to be Series 40 (nobody really seems to know for sure just how related the two are). In 2012 Nokia announced it had sold over 1.5 billion Series 40 devices, making it one of the most successful software platforms of all time.

It makes sense for Microsoft to kill these platforms. Windows Phone handles devices with lower specifications relatively well, something which the company will hopefully only improve. It does mean the end of an iconic operating system that is intrinsically tied to Nokia, a company who spread the mobile phone and its infrastructure to all four corners in the world, paving the way for pompous phone upstarts like Apple and Google.

One small tidbit I will always associate with Series 40 and Nokia are the signal reception and battery life bars flanking the sides of the early Series 40 user interface like the pillars of the Parthenon. Beautifully elegant and clever use of the limited screen real estate available at the time.

23  Comments - Email a friend - Printer friendly - Related stories
.
Microsoft announces massive layoffs, kills Nokia X phones
By Thom Holwerda on 2014-07-17 13:17:30

As expected, Microsoft's CEO Satya Nadella has just announced an absolutely massive amount of layoffs.

With this in mind, we will begin to reduce the size of our overall workforce by up to 18,000 jobs in the next year. Of that total, our work toward synergies and strategic alignment on Nokia Devices and Services is expected to account for about 12,500 jobs, comprising both professional and factory workers.

It's clear where the focus of the layoffs lies: Nokia Devices and Services. When Lumia sales couldn't keep up with the rest of the market or Nokia's collapsing Symbian sales, people stated "Nokia is fine!". When Microsoft had to bail out Nokia's devices division to make sure it wouldn't die or be sold off to a competitor, these same people maintained that "Nokia is fine!". Now that Microsoft will layoff half of the Nokia staff it acquired, I'm sure people will still maintain that "Nokia is just fine!".

Sarcasm aside, the fact that 66% of the layoffs will consist of former Nokia staff further confirms what I have been saying all along: Microsoft purchased Nokia's devices division to make sure that Nokia wouldn't go Android (Nokia X!), that Nokia wouldn't sell its troublesome devices division to a competitor, or, worse yet, that Nokia would eventually be forced to shut it down altogether. In short, Microsoft acquired Nokia's devices division to save Windows Phone. The evidence is out there for all to see, and denying this at this point borders on the pathetic.

Anywho, this is terrible news for all the people involved, but with this industry doing relatively well, I hope they will be able to find new jobs easily. There are quite a number of companies who would love to get their hands on Nokia talent, so let's all wish them the best of luck in the weeks and months ahead.

Not unsurprisingly, Nadella specifically announced the end of the Nokia X Android endeavour.

In addition, we plan to shift select Nokia X product designs to become Lumia products running Windows. This builds on our success in the affordable smartphone space and aligns with our focus on Windows Universal Apps.

Microsoft plans to continue selling and supporting existing Nokia X products, so if you've bought one you'll at least continue to get support. If you were thinking about buying one - I really, really wouldn't.

56  Comments - Email a friend - Printer friendly - Related stories
.
Google+ drops real name policy
By Thom Holwerda on 2014-07-16 10:39:25

We know you've been calling for this change for a while. We know that our names policy has been unclear, and this has led to some unnecessarily difficult experiences for some of our users. For this we apologize, and we hope that today's change is a step toward making Google+ the welcoming and inclusive place that we want it to be. Thank you for expressing your opinions so passionately, and thanks for continuing to make Google+ the thoughtful community that it is.

Good move, but Google+? Who cares about Google+?

40  Comments - Email a friend - Printer friendly - Related stories
.
Read some older news
.
News Features Interviews
BlogContact Editorials
.
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?