What can Google track of you across the web? The results may astound you with the ways that Google can follow you around the web. It is such pervasive surveillance network, that it is almost easier to ask, where they can’t’ track you than it is to ask where they can track you. As far as we can see from the outside-looking-in, there is no other entity even remotely close to being able to track you so extensively.
Apple introduced RCS support to iPhones as part of an iOS 18 update in September. While Apple’s proprietary iMessage system already supported E2EE, this wasn’t extended to RCS messaging because the previous RCS standard didn’t provide cross-platform support. Google Messages also enabled E2EE by default for RCS texts, but only conversations between Google Messages users were E2EE, and not those exchanged with iMessage users or users of other RCS clients on Android.
This is huge. It will remove the palpable discomfort I feel when communicating with Android users resistant to installing Signal (which is a distinctly animated group, in my experience — one I have a very difficult time understanding).
…Apple’s development of exclaves represents a major shift in its security architecture. Essentially, Apple is trying to realize the security advantages of a microkernel without tossing the monolithic aspects of XNU.
Based on the references to exclaves in the XNU source for Apple’s Arm-compatible M4 chips and the A18 processors used in iPhone 16, our source argues that exclaves form the basis of a significant redesign of XNU’s security model.
“In iOS 18, exclaves refer to specific resources that are separated from the main iOS kernel (XNU) and cannot be accessed by it, even if the kernel is compromised,” the researcher [Random Augustine] explained in a document shared with The Register.
“These resources are predefined when the OS is built, are identified by name or id, have different types, are initialized at boot time, and are organized into unique domains.”
These resources include:
Shared memory buffers that can be accessed by both the kernel and the exclave, with the option to make them read-only or read-write to XNU.
Audio buffers and sensors that are used for securing features like the camera and microphone access indicators.
Conclaves that group multiple resources into their own secure domains.
Services that offer executable code within the exclave space when called upon by threads in XNU.
These resources are protected from XNU via enclave-specific page-types via the Secure Page Table Monitor, a hardware security functionality introduced with the arrival of the A15 chip and iOS 17. This makes Apple’s operating systems more secure by compartmentalizing sensitive services, such that the compromise of one doesn’t process access to the entire kernel address space.
Fascinating.
The obvious reason Apple would undertake this work is to improve security generally, which benefits the super-corp and its customers. The less obvious reason is that AI workloads running on-device and communicating with Apple’s Private Cloud Compute infrastructure potentially expand the attack surface, so it makes sense to mitigate the blast radius of attacks by adopting microkernel architecture.
Of course, this user never requested that my on-device experiences be "enriched" by phoning home to Cupertino. This choice was made by Apple, silently, without my consent.
From my own perspective, computing privacy is simple: if something happens entirely on my computer, then it's private, whereas if my computer sends data to the manufacturer of the computer, then it's not private, or at least not entirely private. Thus, the only way to guarantee computing privacy is to not send data off the device.
Turn off Enhanced Visual Search (in the Settings app > Apps > Photos) on every device.
Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers.
The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.
iMessage and FaceTime Audio, always. If you need to communicate with an Android user, Signal.
China’s recent breach of the innermost workings of the U.S. telecommunications system reached far deeper than the Biden administration has described, the chairman of the Senate Intelligence Committee said on Thursday, with hackers able to listen in on telephone conversations and read text messages.
“The barn door is still wide open, or mostly open,” the Democratic chairman, Senator Mark Warner of Virginia, a former telecommunications executive, said in an interview on Thursday.
U.S. officials said that since the hack was exposed, the Chinese intruders had seemingly disappeared, suspending their intrusion so their full activity could not be discovered. But Mr. Warner said it would be wrong to conclude that the Chinese had been ousted from the nation’s telecommunications system, or that investigators even understood how deeply they were embedded.
The exact reason for the reboots is unclear, but the document authors, who appear to be law enforcement officials in Detroit, Michigan, hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.
Every phone call you make and text you send passes through an invisible system so critical that the FBI queries it millions of times annually. Most Americans have never heard of it. But this “ultimate little black book”–a system that maps not just phone numbers, but traces the patterns of number ownership and manages important parts of our daily communications–is about to vanish behind layers of private ownership and regulatory resistance.
The tool, called Locate X and made by a company called Babel Street, then narrows down to the movements of a specific device which had visited the clinic. This phone started at a residence in Alabama in mid-June. It then went by a Lowe’s Home Improvement store, traveled along a highway, went past a gas station, visited a church, crossed over into Florida, and then stopped at the abortion clinic for approximately two hours. They had only been to the clinic once, according to the data.
The device then headed back, and crossed back over into Alabama. The tool also showed their potential home, based on the high frequency at which the device stopped there. The tool clearly shows this home address on its map interface.
In other words, someone had traveled from Alabama, where abortion is illegal after the June 2022 overturning of Roe v. Wade, to an abortion clinic in Florida, where abortion is limited but still available early in a pregnancy. Based on the data alone, it is unclear who exactly this person is or what they were doing, whether they were receiving an abortion themselves, assisting someone seeking one, or going to the clinic for another reason. But it would be trivial for U.S. authorities, some of which already have access to this tool, to go one step further and unmask this or other abortion clinic visitors.
No matter what, teaching people they can add their IDs to their phones means some people will inevitably leave the house without physical ID, and that means creating the opportunity for cops to demand phones — which you should never, ever do.
Don't.
Ever.
This is among one of those many, many privacy stances most people do not understand. "I don't have anything to hide," they say. "Let the cops have my phone — I don't care." Or alternatively, "I don't care if Google tracks me — I don't have anything to hide."
Let's be honest — most people don't understand how a computer works, let alone how databases compiled by thousands of computers put together tracking profiles that know everything about them. They don't know how invasive it all is, how they're handing over their entire lives when they hand over their phones (or consent to tracking).
Police officers are scanning for Teslas that may have ambiently recorded nearby crimes on their external cameras — and even going as far as to attempt to tow the vehicles away to inspect the footage.
President of the Richmond Police Officers Association Ben Therriault told the Chronicle that officers usually attempt to ask for the owner's consent first, but sometimes resort to towing the vehicles anyway.
…the court found that even though investigators seek warrants for geofence location data, these searches are inherently unconstitutional. As the court noted, geofence warrants require a provider, almost always Google, to search “the entirety” of its reserve of location data “while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result.” Therefore, “the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient.”
Hackers broke into a cloud platform used by AT&T and downloaded call and text records of “nearly all” of AT&T’s cellular customers across a several month period, AT&T announced early on Friday.
The worst telcom hack in history. (That we know of.)
Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.
At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.
The US Constitution's Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law.
Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis.
Automakers and data brokers that have partnered to collect detailed driving data from millions of Americans say they have drivers’ permission to do so. But the existence of these partnerships is nearly invisible to drivers, whose consent is obtained in fine print and murky privacy policies that few read.
Especially troubling is that some drivers with vehicles made by G.M. say they were tracked even when they did not turn on the feature — called OnStar Smart Driver — and that their insurance rates went up as a result.
A mother in Alabama said parents couldn’t ignore the reality of this new economy.
“Social media is the way of our future, and I feel like they’ll be behind if they don’t know what’s going on,” the mother said. “You can’t do anything without it now.”
One 12-year-old girl in Maryland, who spoke with The Times alongside her mother, described the thrill of seeing other girls she knows wear a brand she represents in Instagram posts.
“People are actually being influenced by me,” she said.
One of the biggest looming threats to many forms of encryption is quantum computing. The strength of the algorithms used in virtually all messaging apps relies on mathematical problems that are easy to solve in one direction and extremely hard to solve in the other. Unlike a traditional computer, a quantum computer with sufficient resources can solve these problems in considerably less time.
No one knows how soon that day will come. One common estimate is that a quantum computer with 20 million qubits (a basic unit of measurement) will be able to crack a single 2,048-bit RSA key in about eight hours. The biggest known quantum computer to date has 433 qubits.
Whenever that future arrives, cryptography engineers know it’s inevitable. They also know that it’s likely some adversaries will collect and stockpile as much encrypted data now and decrypt it once quantum advances allow for it. The moves by both Apple and Signal aim to defend against that eventuality using Kyber, one of several PQC algorithms currently endorsed by the National Institute of Standards and Technology.
Apple is a corporation and I am proud of their stance on user privacy.
The National Security Agency (NSA) has admitted to buying records from data brokers detailing which websites and apps Americans use, US Senator Ron Wyden (D-Ore.) revealed Thursday.
Getting your DNA or your loved ones’ DNA sequenced means you are potentially putting people who are related to those people at risk in ways that are easily predictable, but also in ways we cannot yet predict because these databases are still relatively new. I am writing this article right now because of the hack, but my stance on this issue has been the same for years, for reasons outside of the hack.