Tech Brew Ride Home - Tues. 03/10 - Hold Me Closer, Tiny iPhone
Episode Date: March 10, 2020A leaked version of Apple’s iOS 14 reveals a treasure trove of details about an upcoming iPhone and iPad, augmented reality software, and tracking tags; an analytics company has secretly operated VP...N and ad-blocking apps and gathered data from tens of millions of users without proper disclosure, a company offering panopticon service to the state of Utah once developed disguised social-media scraping apps, Google adds quantum computing to its machine-learning open-source TensorFlow development kit, DoNotPay lets users share streaming and news logins, the latest on the coronavirus impact on the tech world, and things fall apart: political strife broke the knitting community at Ravelry. Sponsors Links: iOS 14 reveals iPhone 9 and updated iPad Pro details, new Apple TV remote, AirTags, more (9to5Mac) Apple developing new augmented reality app for iOS 14, testing Apple Store and Starbucks partnership (9to5Mac) Apple Watch Series 6 and watchOS 7 to include ‘Infograph Pro’ with tachymeter (9to5Mac) Apple Invents Foldable iPad and iPhone that could enter a ‘Joint Operating Mode’ Similar to Microsoft’s Surface Neo (Patently Apple) Popular VPN And Ad-Blocking Apps Are Secretly Harvesting User Data (BuzzFeed News) Twitter thread from Will Strafach on Sensor Tower apps (Twitter) Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media (Motherboard) Announcing TensorFlow Quantum: An Open Source Library for Quantum Machine Learning (Google AI Blog) Google launches TensorFlow Quantum, a machine learning framework for training quantum models (VentureBeat) DoNotPay Chrome browser extension (Chrome Web Store) Now you can share your Netflix account just by sending a link (Fast Company) How to clean your Apple products (Apple) All but four of Apple’s stores in mainland China have reopened after coronavirus shutdown (CNBC) Silicon Valley is effectively on lockdown over coronavirus (Cnet) Amazon Tells New York and New Jersey Employees to Stay Home Uber to offer drivers 14 days sick leave if they fall ill with coronavirus (CNN) Engineer Who Attended Cyber Event Contracts Coronavirus (Bloomberg News) How a ban on pro-Trump patterns unraveled the online knitting world (MIT Technology Review) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the TechMeme Ride Home for Tuesday, March 10th, 2020.
Today, a leaked version of Apple's iOS 14 reveals a treasure trove of details about an upcoming iPhone and iPad,
augmented reality software, and tracking tags.
An analytics company has secretly operated VPN and ad-blocking apps and gathered data from tens of millions of users without proper disclosure,
a company offering Panopticon service to the state of Utah, once developed disguised social media scraping apps,
Google adds quantum computing to its machine learning open source tensor flow development kit,
do not pay lets users share streaming and news logins, the latest on the coronavirus impact on the tech world,
and things fall apart.
Political strife tears apart the knitting community at Ravelry.
I'm Glenn Fleischman, in for Brian McCullough, and here's what you missed in the world of tech today.
Details about a new iPhone, iPad Pro, watch, and Apple TV appeared in a leaked version of iOS 14,
obtained by the site 9 to 5 Mac.
The early version of the next release of the operating system
also painted a clearer picture about putative air tags,
small tracking devices that Apple has been rumored
to be in the process of making for some time.
9 to 5 Mac has a strong record in its sourcing,
making its story quite credible.
However, early OS releases often include elements
that don't make it into the final releases
if hardware isn't ready or is canceled before release
or if software features are pulled or delayed.
The site found traces of an app,
called Gobee, which would provide more integrated support for augmented reality or AR all in one place.
This seemingly included hooks needed for Apple's rumored AR headset.
Third parties would be able to tap into the features too, and Apple is apparently trialing the software kit with Starbucks.
On the hardware side, there may be a replacement for the iPhone SE.
Apple pushed out the 4.9-inch iPhone SE as a late successor to its small format earlier models in March 2016,
after only releasing larger phones, Apple's only updated the SE's storage capacity since.
It stopped selling it new in September 2018.
2019 went by without a new version,
disappointing many people who have apparently held on to an iPhone SE or an earlier small phone,
even as iOS has left them behind.
9 to 5 Mac says an iPhone SE update called either the iPhone 9 or SE2
was scheduled to appear this month,
though the coronavirus spread could delay that.
A new minor update to iOS 13 would be required, but the site found code referring to the iPhone 9 in iOS 14.
One of the carrots for older iPhone users to update would apparently be Express Transit,
a contactless payment option on all iPhones starting with the iPhone 6S and included in the SE,
in which you can enable it and then pay on supporting transit systems like Transport for London
without performing any unlock operation.
This early version of iOS 14 also reveals a new iPad Pro model,
that would include a three-camera array like that found on iPhone 11 Pro models,
but also with a time-of-flight sensor,
which samples the distance of moving objects by bouncing light off them.
It's useful for augmented reality.
Many sources have said that Apple has had device tags under development.
That includes in testimony in front of Congress
about Apple's alleged trust-like behavior from the company Tile,
which has made Bluetooth-based tag trackers for some time.
Apple quietly built ultra-wideband or UWB wireless technology
into its iPhone 11 models, a technology at one point slated to be used for personal area networking
and incorporated into Bluetooth. While it didn't meet that bar years ago, Apple is using the latest
generation both for its low power and its ability to identify items in a space. That ability
started just with other iPhone 11 models, but air tags are apparently set to rely on UWB as well.
This would limit their use to newer phones, of course, but Apple has never shied away from providing
reasons to upgrade hardware to work with other new hardware software. These sensors would
also tie into the AR features noted earlier.
Airtag's work with the companies Find My Technology,
ostensibly including its secure crowdsourcing feature
that lets Apple devices that can't reach the internet,
broadcast an encrypted code
that other Apple users' devices nearby pick up and relay.
A similar feature has been part of the tile system
for people with the tile app installed for over five years.
But with relatively few tile users,
the feature isn't as effective as a billion iPhone and iPad owners.
Also revealed as more confirmation of a new Apple TV model, as well as,
GASP, a potential replacement for the awful Siri remote that Apple has remained shockingly committed to
since its introduction, despite its terrible usability.
Listeners, raise your hand if you own one and you rotate and press the bottom instead of the touch surface at least once a day?
Let me count. That's everyone.
All right.
Still, other disclosed features from the leaked OS release are details of two upcoming watchOS releases
which will add sleep tracking, parental management of kids' watches,
and blood oxygen level detection with a watch series 4.
In related Apple hardware news,
Patently Apple noted that the U.S. Patent and Trademark Office
published a new patent from Apple today
that seems to foretell the company's notion of a foldable computer.
The patent describes two devices that, in close proximity,
potentially magnetically connected,
would shift into a joint operating mode
in which hardware and computational power of each device are pooled
and images could span two displays.
A widely used analytics platform, Sensor Tower,
has been fingered in an investigation by BuzzFeed News's Craig Silverman
as secretly collecting massive amounts of data
from people who installed virtual private network or VPN apps
and ad-blocking apps in Android and in iOS.
Silverman wrote that the apps don't disclose their connection to Sensor Tower,
nor that the data is sent to the company's platform.
The apps represent over 35 million downloads.
These data transfers are seemingly in violation of both Apple and Google policies about disclosure and information gathering.
BuzzFeed noted that, quote, sensor tower's app intelligence platform is used by developers, venture capitalists, publishers, and others to track the popularity, usage trends, and revenue of apps, end quote.
The company admitted ownership to BuzzFeed and stated that the apps only collect anonymized, non-sensitive data at its head of mobile insights said, quote,
the vast majority of these apps listed are now defunct, inactive, and a few are in the private.
of sun setting, end quote. However, Silverman noted that many apps aren't available because they
were polled from Google Play and the Apple App Store. In reporting the story, Apple removed Adblock
Focus and said it's investigating Luna VPN. Google said it was investigating. As I record this,
Luna VPN remains on the Apple App Store. Buzzfeed says the recently active apps include ones
called Free and Unlimited VPN, LunaVPN, Mobile Data, and Ad Block Focus. In response to the story,
security researcher Will Strafak,
known as Atronic on Twitter,
posted a thread in which he highlighted
his exposure of these issues in the apps
in June 2019 on Twitter
and screen captures of a security submission
he had made to Apple on June 4th,
2019, about several of these apps,
which BuzzFeed and Straffack
separately found were related through information
embedded in the code, including developer
identifiers.
Straffack is the head of the company that makes
Guardian Mobile Firewall, a VPN and
tracker blocker that is designed to capture
no information about users at all.
Strafack and colleagues regularly released security research
garnered from their dissection of apps.
The sensor tower apps are particularly insidious
because they prompt users after installation
to download and approve a route certificate.
This route certificate allows the company's apps
to override and intercept HTTPS sessions
originating from the device by acting as an approved man in the middle.
HCTPS is now widely used for routine purposes like reading news,
but also to send medical, legal, and financial data
among many other private uses.
Remember, if you don't pay for a product, you are the product.
Hey, that's not the only company engaged and unwanted interception of data
via seemingly innocuous apps disclosed in the last day.
At Motherboard, reporters reveal that a set of apps targeted at social media
actually were designed to scrape information from users
and potentially feed it to an artificial intelligence company
that works with law enforcement.
Banjo is the company, and it released apps that include One Direction
fan app, EDM, fan app, and Formula Racing app, Motherboard reported, released by a company
secretly ran called Pink Unicorn Labs. Most were on Google Play, but at least one app was available
for iOS. The company was recently in the news for its contract with the state of Utah that lets it
acquire massive amounts of government-run video feeds to provide what it says will be real-time
alerts to police of crimes. While the apps found aren't currently active, they were removed in
2016 from Google Play, Motherboard spoke to several former employees under the guarantee of
anonymity, and reported that the apps asked users to sign into accounts on other social media.
Exactly what and how it all worked is unknown.
Quote, there are several ways these apps could have scraped social media, perhaps by sending
the saved login token to a server for Banjo to use later, or by using the app itself
to scrape information, but it is not totally clear which method Banjo used because the API
that the apps connected to is no longer live.
End quote.
Tellingly, one source who was connected with Banjo
said that when the Cambridge Analytica scandal
broke about that company's massive
exfiltration of user data from Facebook,
quote, the mood was apocalyptic, end quote.
Banjo didn't provide comment to motherboard on what it found.
Google didn't confirm why the apps were removed in 2016.
Twitter said it had found a violation by Banjo in 2017
but didn't offer details.
Facebook said it's investigating.
With all the stressful news involving tech,
you can take some solace about an interesting advance from Google.
It's released TensorFlow Quantum, free open source software that enhances its machine learning toolkit,
TensorFlow. First available in 2015, TensorFlow provides developers relatively easy access to sophisticated
deep neural network algorithms, allowing them to focus on the specific data set and problems
at hand instead of reinventing the wheel.
TensorFlow Quantum intends to bring the same ease of testing apps destined for quantum computers,
as is now available for conventional ones.
where in the very early days of quantum computing in relative terms, these devices allow the
superposition of all possible calculations and the collapse of those states to provide an outcome.
This allows certain kinds of problems to be solved at rates absurdly faster than current
computational systems allow, and that trends indicate. There's some concern that certain
popularly used encryption algorithms would fall instantly to the proper quantum code. However,
writing code for quantum computing is still a new and complicated area. Machine learning algorithms
tailored towards quantum computers
could provide dramatic breakthroughs
because of the speed.
It might result in vast improvements
in biomedical science and other arenas
in which machine learning is made inroads,
but computational limits on training
and processing are holding back development.
TensorFlow quantum isn't a set
of finished algorithms, but rather
a framework in which AI researchers and developers
can test out potential quantum machine learning models.
This software allows simulating quantum calculations
on so-called classical computers
and will ultimately move towards codes
that can execute an actual quantum computing processors.
Do Not Pay, made its name in automating the fight
against unfair parking tickets,
assisting you in canceling subscriptions,
and in getting paid when companies illegally place automated calls to you.
Now they're into sharing.
A new Chrome browser extension from the company released over the weekend
lets you share the credentials of services and publications
like Netflix, Hulu, Disney Plus, the New York Times,
The Washington Post, and others without giving away your password.
Instead, the extension grabs the login,
token with your permission, unlike the apps mentioned earlier, and transfers that to up to five
other people. Those people then use the extension which places the cookie on their browser
without having to pass them the password. Do NotPay's extension lets you kill those sessions on shared
browsers, and most services also offer an option in your account to log out of specific or
all active sessions elsewhere, which also makes the cookie-based token go defunct. This solves a problem
of sharing accounts with roommates, romantic partners, and other friends, and wanting to revoke access
without resetting the account password,
the login token gets passed
through an encrypted cookie,
managed by the extension,
and only decrypted by shared users
with the right credentials.
They never see login details.
The extension only works with browser tabs
on desktop operating systems,
so shared users have to use Chromecast,
AirPlay, or other screen sharing techniques
to watch on a TV set.
Do not play ToldFast Company
that it had considered offering the option
as a paid subscription service
at $13 a month,
but founder Joshua Browder told the publication
that, quote, letting users monetize their subscriptions might have raised legal issues,
but more importantly, it would have sullied the idea of account sharing as a communal act,
end quote.
I think the legal part is actually pretty significant.
There's also the ethical issue of paying for a service and violating the terms under which it's offered,
tempered with the difficulty or ease that various services make in legitimately sharing subscriptions under their terms.
Spotify, for instance, has a family plan that requires an ongoing, precise address verification step
that's a bit triconian for a simple music service.
Many services more reasonably limit the number of simultaneous sessions,
block or flag logins from geographically far-distant locations,
or require logging in with the account name and password
if it detects something that doesn't pass a digital smell test.
If Do Not Pay Solution becomes too popular, of course,
sites will implement checks,
much like the recently stepped-up ad-blocking code
that seems to have proliferated among content sites.
A now roundup of news related to the coronavirus pandemic,
You can get a daily summary of general virus-related news, by the way, by listening to Ride Home's Coronavirus Daily Briefing at Ridehome. Info.
Breaking news shortly before I recorded this is that an engineer from Connecticut who attended the RSA Security Conference in San Francisco in February,
quote, has tested positive for the coronavirus and is seriously ill with respiratory issues, end quote, according to Bloomberg News.
The 45-year-old man began having symptoms on February 28 and was hospitalized on March 6th.
He's now in a medically induced coma.
His identity has not been released.
His wife told the news agency that her husband was predisposed for pneumonia
due to an underlying heart condition.
Over 36,000 people attended RSA and attendees were given hygienic advice
and hand sanitizer dispensers were widely available.
In other news, Apple says it's okay to disinfect your devices, but read its instructions
carefully.
The company updated its cleaning fact yesterday, confusing people briefly.
When the update was published, unpublished, and then republished,
It seems stable for now. Apple notes that you can use a 70% isopropyl alcohol wipe or in a rare move of mentioning another brand name, Chlorox disinfecting wipes.
It says wipe hard, non-porous surfaces gently. This includes your monitor, top of keyboard, and other surfaces.
Do not use bleach. Do not get moisture inside. Do not submerge your products. Read more at Apple's site.
Speaking of Apple, the company has now reopened 38 of its 42 stores in mainland China.
It closed all stores in early February
and began reopening them slowly after February 9th.
Chinese factories and workplaces are just starting to gear back up after closures,
except in the most hard-hit areas.
And it's unclear whether the peak of infections is over in China
or a new wave will hit as people return to work in school.
Over the weekend, Apple CEO told staff around the world,
where possible, to work from home through March 13th this Friday,
Apple has long resisted allowing telecommuting for most of its employees,
who may have little experience with the prospect of setting up for a solid day,
work on their kitchen table or in a living room. Silicon Valley has a number of major shutdowns.
Microsoft's CEO, Satchanadella, has encouraged employees both in the Seattle area, which has
nearly 50,000 Microsoft employees, and around the San Francisco Bay Area and Silicon Valley to work
from home as possible through March 25th. Facebook, HP, Intel, LinkedIn, Lyft, Twitter,
and many others large and small have encouraged or pulled most workers to telecommute too.
Uber said it would offer its drivers and delivery people up to 14 days of paid sick leave if they
are diagnosed with coronavirus or are placed in quarantine, lifted and matched those terms but said
more loosely it would provide funds to drivers if they're diagnosed or put under quarantine by a
public health agency. Amazon told its employees in New York and New Jersey to stay home, in addition to
already authorizing or requiring that of workers in the greater Seattle area, where it employs over
40,000 people, and around San Francisco. Finally, politics and culture are tightly interwoven. That's true,
not just in person, but with online communities. MIT technology reviews.
walks us through the broken trust at Ravelry, a site devoted to knitting and crocheting that
has 8.5 million registered users, 500,000 active ones, and 40,000 subgroups, and hasn't had a
site design update since its 2007 launch. It's the Reddit of Raglan. It's not an apolitical
site, but discussions wind up being filtered into subgroups of like-minded people. 5,000 people
were active in a Ravelry subgroup for the Women's March on Washington after the inauguration
in 2017, which led to the popularization of the knitted pussy hats.
But in January 2019, when one knitter posted a beanie design that spelled out,
build the wall with a brick motif, people got angry.
In June, after Trump announced his re-election, the same knitter posted a Keep America
Great Cowl, which was flagged for hate speech.
She was banned on June 21st, and then, quote,
support of Donald Trump and his administration, and, quote, were banned on June 23rd.
Read the whole thing for a picture of society, knit small.
I mean, writ small.
Ritz small. And that's the news. I'm Glenn Fleischman in for Brian McCullough, who will be back
tomorrow. You can find me on Twitter at Glenn F. That's GLE, E, double N, F like Frank, and you can find
my how-to books on technology from Apple ID to Wi-Fi at take controlbooks.com. Thanks to the
editors at TechMeme, who tweet out every headline, they post every hour of the day at TechMeme.
It's a great way to keep current. Have a great evening.