Kamis, 30 Mei 2019

Apple, Google, Microsoft, WhatsApp sign open letter condemning GCHQ proposal to listen in on encrypted chats - TechCrunch

An international coalition of civic society organizations, security and policy experts and tech companies — including Apple, Google, Microsoft and WhatsApp — has penned a critical slap-down to a surveillance proposal made last year by the UK’s intelligence agency, warning it would undermine trust and security and threaten fundamental rights.

“The GCHQ’s ghost protocol creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused,” they wrire.

“These cybersecurity risks mean that users cannot trust that their communications are secure, as users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression. Further, systems would be subject to new potential vulnerabilities and risks of abuse.”

GCHQ’s idea for a so-called ‘ghost protocol’ would be for state intelligence or law enforcement agencies to be invisibly CC’d by service providers into encrypted communications — on what’s billed as targeted, government authorized basis.

The agency set out the idea in an article published last fall on the Lawfare blog, written by the National Cyber Security Centre’s (NCSC) Ian Levy and GCHQ’s Crispin Robinson (NB: the NCSC is a public facing branch of GCHQ) — which they said was intended to open a discussion about the ‘going dark’ problem which robust encryption poses for security agencies.

The pair argued that such an “exceptional access mechanism” could be baked into encrypted platforms to enable end to end encryption to be bypassed by state agencies would could instruct the platform provider to add them as a silent listener to eavesdrop on a conversation — but without the encryption protocol itself being compromised.

“It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call,” Levy and Robinson argued. “You end up with everything still being end-to-end encrypted, but there’s an extra ‘end’ on this particular communication. This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today in traditional voice intercept solutions and certainly doesn’t give any government power they shouldn’t have.”

“We’re not talking about weakening encryption or defeating the end-to-end nature of the service. In a solution like this, we’re normally talking about suppressing a notification on a target’s device, and only on the device of the target and possibly those they communicate with. That’s a very different proposition to discuss and you don’t even have to touch the encryption.”

“[M]ass-scale, commodity, end-to-end encrypted services… today pose one of the toughest challenges for targeted lawful access to data and an apparent dichotomy around security,” they added.

However while encryption might technically remain intact in the scenario they sketch, their argument glosses over both the fact and risks of bypassing encryption via fiddling with authentication systems in order to enable deceptive third party snooping.

As the coalition’s letter points out, doing that would both undermine user trust and inject extra complexity — with the risk of fresh vulnerabilities that could be exploited by hackers.

Compromising authentication would also result in platforms themselves gaining a mechanism that they could use to snoop on users’ comms — thereby circumventing the wider privacy benefits provided by end to end encryption in the first place, perhaps especially when deployed on commercial messaging platforms.

So, in other words, just because what’s being asked for is not literally a backdoor in encryption that doesn’t mean it isn’t similarly risky for security and privacy and just as horrible for user trust and rights.

“Currently the overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people that they think they are, and only those people. The GCHQ’s ghost protocol completely undermines this trust relationship and the authentication process,” the coalition writes, also pointing out that authentication remains an active research area — and that work would likely dry up if the systems in question were suddenly made fundamentally untrustworthy on order of the state.

They further assert there’s no way for the security risk to be targeted to the individuals that state agencies want to specifically snoop on. Ergo, the added security risk is universal.

“The ghost protocol would introduce a security threat to all users of a targeted encrypted messaging application since the proposed changes could not be exposed only to a single target,” they warn. “In order for providers to be able to suppress notifications when a ghost user is added, messaging applications would need to rewrite the software that every user relies on. This means that any mistake made in the development of this new function could create an unintentional vulnerability that affects every single user of that application.”

There are more than 50 signatories to the letter in all, and others civic society and privacy rights groups Human Rights Watch, Reporters Without Borders, Liberty, Privacy International and the EFF, as well as veteran security professionals such as Bruce Schneier, Philip Zimmermann and Jon Callas, and policy experts such as former FTC CTO and Whitehouse security advisor, Ashkan Soltani .

While the letter welcomes other elements of the article penned by Levy and Robinson — which also set out a series of principles for defining a “minimum standard” governments should meet to have their requests accepted by companies in other countries (with the pair writing, for example, that “privacy and security protections are critical to public confidence” and “transparency is essential”) — it ends by urging GCHQ to abandon the ghost protocol idea altogether, and “avoid any alternative approaches that would similarly threaten digital security and human rights”.

Reached for a response to the coalition’s concerns, the NCSC sent us the following statement, attributed to Levy:

We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion.

It is pleasing to see support for the six principles and we welcome feedback on their practical application. We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.

Back in 2016 the UK passed updated surveillance legislation that affords state agencies expansive powers to snoop on and hack into digital comms. And with such an intrusive regime in place it may seem odd that GCHQ is pushing for even greater powers to snoop on people’s digital chatter.

Even robust end-to-end encryption can include exploitable vulnerabilities. One bug was disclosed affecting WhatsApp just a couple of weeks ago, for example (since fixed via an update).

However in the Lawfare article the GCHQ staffers argue that “lawful hacking” of target devices is not a panacea to governments’ “lawful access requirements” because it would require governments have vulnerabilities on the shelf to use to hack devices — which “is completely at odds with the demands for governments to disclose all vulnerabilities they find to protect the population”.

“That seems daft,” they conclude.

Yet it also seems daft — and predictably so — to suggest a ‘sidedoor’ in authentication systems as an alternative to a backdoor in encrypted messaging apps.

Let's block ads! (Why?)


https://techcrunch.com/2019/05/30/apple-google-microsoft-whatsapp-sign-open-letter-condemning-gchq-proposal-to-listen-in-on-encrypted-chats/

2019-05-30 09:44:08Z
52780305982076

MediaTek’s first 5G-enabled chipset will save battery life and space - The Verge

MediaTek has unveiled the world’s first mobile chipset with an integrated 5G modem. The 7nm chipset combines the company’s Helio M70 5G modem with ARM’s recently announced Cortex-A77 and Mali-G77, resulting in an integrated chip that should save on physical space inside the phone and battery life. The chip’s modem has a theoretical maximum download speed of 4.7 Gbps and upload speed of 2.5 Gbps, MediaTek says.

Although it’s not as fast as Qualcomm’s second generation X55 modem, which offers peak download speeds of up to 7 Gbps, MediaTek’s approach has the advantage of combining everything into a single chip. By comparison, Qualcomm’s modem is separate to the company’s SoCs, meaning it occupies more space and may draw extra power (depending on the two companies’ implementation of the technology).

From a technology perspective, MediaTek’s chip isn’t quite as advanced as Qualcomm’s latest modem, since it doesn’t appear to support mmWave along with sub-6Ghz. That shouldn’t be a problem for MediaTek’s primary markets in the short term, however, as Anandtech notes that the US is the only major region that’s currently rolling out mmWave. Otherwise the chip supports both standalone and non-standalone 5G, and is also backwards compatible with 2G to 4G networks.

After Intel’s exit from the 5G phone business and the US’s blacklisting of Huawei, the amount of competition in the 5G hardware business has reduced significantly, so it’s good to see that MediaTek is still offering Qualcomm some competition in the 5G space. MediaTek says the new chip should start shipping to device partners later this year, with the first releases expected in early 2020.

Let's block ads! (Why?)


https://www.theverge.com/circuitbreaker/2019/5/30/18645415/mediatek-integrated-5g-modem-specs-download-upload-speeds-sub-6ghz-helio-m70-arm-cortex-a77

2019-05-30 08:58:40Z
52780305413222

Rabu, 29 Mei 2019

Apple’s latest defense of the App Store shows how hard it is to compete with Apple - The Verge

As it faces both an antitrust lawsuit with huge implications and a formal EU investigation over its App Store tactics, Apple is today publicly defending itself against Spotify and other critics of the company’s massively successful software storefront.

“Today, the App Store is more vibrant and innovative than ever, offering equal opportunities to developers to deliver their apps and services across iPhone, iPad, Mac, Apple TV, and Apple Watch,” reads a new page at Apple’s website titled “App Store — Principles and Practices.” “We’re proud of the store we’ve built and the way we’ve built it.”

Apple says it has paid out $120 billion to App Store developers worldwide since the platform launched, and the company again touts the quick approval process and efficient work of its app review team, which now “represents 81 languages across three time zones.” Sixty percent of the approximately 100,000 apps and app updates reviewed each week are approved, with rejections mostly stemming from “minor bugs, followed by privacy concerns.” Apple notes that anyone who feels that they were unjustly rejected can have their situation looked at by the App Store Review Board.

But the most interesting parts of this new site relate to competition. In one section, Apple goes over the core, built-in apps on iOS and lists the many popular third-party options that are available from the App Store in each category as alternatives.

The company fails to mention that none of these apps can be chosen as the default messaging app, maps service, email client, web browser, or music player. That limitation isn’t always a deal-breaker — just ask WhatsApp, which is more popular than iMessage in many countries — but it still gives Apple’s services an advantage. Apple also claims that “developers have lots of choices for distributing their apps — from other app stores to smart TVs to gaming consoles. Not to mention the open internet, which Apple supports with Safari, and our customers regularly use with web apps like Instagram and Netflix.”

The message here seems to be that if companies don’t like Apple’s policies, they’ve got other options. Go find your riches on Android or make a Roku app. But developers have a huge financial incentive to be in the App Store. It’s often been reported that iOS users spend more money on apps than people with Android phones, and Apple leans on that advantage. “Even though other stores have more users and more app downloads, the App Store earns more money for developers,” the company notes. So ignoring the App Store isn’t exactly practical for businesses that want to make a lot of money. As for the open web, how often are you using Instagram or Netflix in the Safari browser on your iPhone or iPad instead of the app itself? On desktop, maybe, but Apple is about to let developers bring their iPad apps to the Mac, and how do you think you’ll be watching Netflix once that happens?

Apple also lists the various types of apps in the store, from completely free to paid to the many with in-app purchases or monthly subscriptions. You might not know that some of the essential apps you use every day are classified as “reader” apps because those companies have decided against giving Apple a cut of their in-app purchases and subscriptions. (Apple takes a 30 percent cut of subscriptions for the first year a customer is signed up and 15 percent for each year thereafter.)

This category includes Amazon Kindle, Netflix, and Spotify. Apple says customers of these services “enjoy access to that content inside the app on their Apple devices” and that “developers receive all of the revenue they generate from bringing the customer to the app.”

But here, again, Apple ignores a major gripe that developers have been raising for years: if an app doesn’t use Apple’s in-app purchase system, its developers are forbidden from telling their customers where and how they can pay outside of the App Store or providing a convenient link. “Not only is Netflix not allowed to link to their website, they can’t even tell the user they need to go to netflix.com to sign up,” John Gruber wrote back in January when Netflix stopped letting new customers subscribe through its iOS app. “Apple can make the rules — it’s their platform. But it’s just wrong that one of the rules is that apps aren’t allowed to explain the rules to users.”

Apple’s new site puts a big spotlight on the App Store’s unrivaled success and reach, but in some ways, it also brings more attention to how difficult it can be to compete against Apple.

Let's block ads! (Why?)


https://www.theverge.com/2019/5/29/18644045/apple-defends-app-store-policies-antitrust-eu-spotify

2019-05-29 14:21:01Z
52780305635134

Amazon Echo Show 5 smart display coming in June for $90 - CNET

echo-show-5-kitchen

Amazon's Echo Show 5 has a 5.5-inch screen and costs $90.

Amazon

Amazon didn't wait long after Google announced the Nest Hub Max at its May developer conference to introduce its latest smart display, the $90 Echo Show 5. 

But unlike the 10-inch Hub Max -- a direct competitor to the 10-inch second-gen Echo Show -- the Echo Show 5 is aimed at the entry level side of the smart display category. With a 5.5-inch display, the Echo Show 5 is smaller than the Echo Show, but only slightly smaller than the the seven-inch screen on the Google Nest Hub (formerly the Google Home Hub), the popular smart display Google released last fall. 

An even smaller Google Assistant-based display called the Lenovo Smart Alarm Clock debuted at CES 2019 with a four-inch touchscreen, and is expected to hit the stores this spring for $80. The Echo Show 5 appears to want to split the difference between that product, and the larger Nest Hub. 

Note that CNET may get a share of the revenue if you buy anything featured on our site.

Read moreAmazon's new Alexa features put added emphasis on privacy | Which Amazon Echo speaker should you buy? 

A nod to privacy

Like Amazon's other smart displays, the Echo Show 5 has a built-in camera, but this time the tech giant included a camera shutter that's integrated into the hardware, as well as a separate, dedicated camera and microphone off-button. 

Amazon also says it has added a privacy-oriented feature wherein you can say "Alexa, delete everything I said today," and it will purge the audio recordings of your Alexa conversations from Amazon's servers. This comes after reports that Amazon holds onto text recordings of your voice conversations with Alexa, even after you've deleted those audio clips. A US senator has asked Amazon CEO Jeff Bezos for more information about its privacy policies, including how it stores information.

Amazon isn't the only company dealing with privacy questions, though. Google is also facing questions for putting a camera into its Nest Hub Max device. Its original smart display, the Nest Hub, doesn't have a built-in camera. 

Keeping up with Google

Other features of the Echo Show 5 include an auto-screen brightness feature built around an ambient-light sensor, which sounds similar to the same feature in the Google Nest Hub. Amazon also says it's added a dedicated smart home control screen with more granular controls for any connected thermostats, light bulbs or other devices you've paired with Alexa. This is also similar to the smart display software Google introduced with the Nest Hub last year. 

The Echo Show 5 can handle all the standard Alexa commands as well, like asking Alexa general questions or the local weather forecast and to play your favorite podcast. You'll be able to view your security camera's video feed through the screen and also carry on a two-way conversation with your Ring doorbell -- features limited to Amazon's screen-equipped displays.

Amazon also promises upcoming support for WikiHow on the Echo Show 5, which should make it possible to get simple answers to questions like "Alexa, how do I clean my electric cooktop?" 

Available next month

Amazon plans to ship its latest smart display, which is available for preorder now, starting in June. 

The $90 Echo Show 5 comes in dark gray and white color finishes (that's "charcoal" and "sandstone" to the folks at Amazon) and you can buy an adjustable magnetic stand as an optional accessory for $20. 

It's a safe bet that the Echo Spot, Amazon's round, 2.5-inch smart display is dead at this point. Amazon said it would continue selling the Spot for $130, but it's hard to imagine it living for long next to the Echo Show 5 given the latter's larger display, lower cost, and more privacy-friendly features. The Echo Show even creates some problems for the $100 Amazon Echo speaker, which has fewer features than the $90 Echo Show 5 and no screen. Maybe this will be the device that makes me rethink smart displays?

Now playing: Watch this: The battle for the best smart display: Google Home Hub...

4:05

CNET Smart Home

Let's block ads! (Why?)


https://www.cnet.com/news/amazons-echo-show-5-smart-display-coming-in-june-for-90-dollars/

2019-05-29 14:15:00Z
52780304690255

Why Apple needs iPad apps on the Mac - The Verge

Let's block ads! (Why?)


https://www.youtube.com/watch?v=cYoGTl1vy1g

2019-05-29 14:00:04Z
52780304246565

Now you can order Alexa to forget what you just said - CNN

Amazon's new feature could help people worried about their smart speaker collecting too much information.
Starting Wednesday, you'll be able to say, "Alexa, delete everything I said today" for Alexa-enabled gadgets to wipe voice recordings made from midnight that day until that moment. In a couple weeks, you'll also be able to say "Alexa, delete what I just said" and it will expunge the voice recording of your most recent request.
The commands are part of a broader push toward privacy. The company also announced a $90 Echo Show 5 smart-screen device which comes with a physical cover for its front-facing camera.
Hey Siri, stop perpetuating sexist stereotypes, UN says
The privacy-focused moves come as consumers, consumer-privacy advocates and legislators are becoming increasingly wary of Alexa-enabled gadgets.
Earlier this month, a group of US senators and 19 consumer and public health advocates urged the Federal Trade Commission to investigate whether Amazon's Echo Dot Kids Edition is in violation of the Children's Online Privacy Protection Act. They alleged it doesn't follow the law's parental-consent requirement and allow parents to adequately delete their kids' information (an Amazon spokesperson told CNN Business that the device is COPPA compliant).
In April, Bloomberg reported that Amazon (AMZN) workers listen to audio clips to help the company improve Alexa's understanding of speech.
But the online retailer clearly wants people to feel comfortable placing Alexa-enabled gadgets all over the house. One of the marketing images for the Echo Show 5 shows it perched on a bedside table next to jewelry and a family photo. Amazon is the leader in the fast-growing smart speaker market, according to data from market-research firm Canalys — ahead of competitors such as Google and Apple, which have touted the various privacy features in their own competing devices.
Amazon's Echo Show 5 has a physical shutter to block its front-facing camera.
The camera cover on the Echo Show 5 is a first for one of Amazon's Alexa devices. Users can slide it over the camera and allow the device to continue listening for the wake word, "Alexa." As with existing Echo Show devices, a button electrically disconnects the microphone and camera.
Amazon also announced on Wednesday that in an effort to make it easier for users to do things such as delete spoken commands and see privacy settings, it is grouping Alexa privacy settings online into an Alexa Privacy Hub. Privacy controls will also remain available within Amazon's Alexa apps.

Let's block ads! (Why?)


https://www.cnn.com/2019/05/29/tech/alexa-delete-everything-privacy/index.html

2019-05-29 13:07:00Z
52780304690255

Apple publicly makes its case for the App Store - Engadget

Sponsored Links

Apple

Apple has published a lengthy post explaining and extolling the App Store's guidelines and developer program, following the Supreme Court's decision in an antitrust case related to its application emporium. On May 13th, the Supreme Court has ruled against the tech giant in a long-standing price-fixing suit, which accuses the company of maintaining a monopoly over iOS app distribution to keep prices high and to be able to take a 30 percent commission.

The court's decision allows customers to proceed with a lawsuit against Apple under antitrust laws -- something the company argued shouldn't be allowed, because it takes its cut from developers and not consumers themselves. After the ruling was announced, Apple released a statement to stress that the "App Store is not a monopoly by any metric" and that "[d]evelopers set the price they want to charge for their app[s]." It added: "[The company] has no role in that."

Today, Cupertino has reiterated those sentiments in its post, stressing that 84 percent of the apps in its Store are free and that it doesn't always earn anything from them. The company even detailed the pricing tiers developers can choose from, which all state that it only takes a 30 percent cut from paid apps or from in-app purchases and subscriptions within free ones.

All those lead to the final part of the post, which highlights a line that says the App Store is "[a] store that welcomes competition." The tech giant listed its own apps (such as Apple Music and Maps) alongside their competitors (such as Spotify and Waze) available on the App Store. Perhaps as a way to say that while it's true that the iOS platform doesn't allow downloads from third-party services, users still have a lot of non-Apple options to choose from. Apple also reminded everyone in the post that all those options went through a rigorous review process to ensure "that apps are held to a high standard for privacy, security, and content..."

While the Supreme Court sided with the plaintiffs in the antitrust case, that particular court battle is far from over, seeing as their victory only means they can proceed with a lawsuit. In its statement after the decision came out, Apple said it's "confident [it] will prevail when the facts are presented." The company's post likely gives us a glimpse of the "facts" it intends to present in court.

Source: Apple
In this article: app store, apple, gear, internet, mobile
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Shares
Share
Tweet
Share
Save
Comments

Let's block ads! (Why?)


https://www.engadget.com/2019/05/29/apple-makes-its-case-for-the-app-store/

2019-05-29 12:39:06Z
52780304246565