Youry's Blog

Youry's Blog

Archive for the ‘Warning’ Category

Yosemite, iOS 8, Spotlight, and Privacy: What you need to know By Rene Ritchie, Monday, Oct 20, 2014 a 8:31 pm EDT

leave a comment »

According to Landon Fuller, who collected the data in the first place,
this is not just about Spotlight, and the data will continue to be
sent to Apple even if Spotlight Suggestions -- or any of a number of
other seemingly relevant system configuration options -- are disabled.

See

https://github.com/fix-macosx/yosemite-phone-home

for the raw data and analysis, without either the Apple apologism of
iMore or the journalistic spin of the Washington Post article they
cite.

Of course it is in Apple's interest to say that they care about
security and privacy, to emphasize how much effort they put into
minimizing data (we've heard this one from James Clapper before!), and
to claim that their snooping serves to benefit users by providing more
accurate answers.  None of this changes the surveillance they have
built into their system or how difficult it is to avoid!

Yosemite, iOS 8, Spotlight, and Privacy: What you need to know
By Rene Ritchie, Monday, Oct 20, 2014 a 8:31 pm EDT
http://www.imore.com/yosemite-ios-8-spotlight-and-privacy-what-you-need-know

A story made the rounds earlier today calling into question the new Spotlight Suggestions feature in OS X Yosemite and iOS 8. In an effort to garner attention, it reports the collection and usage of the information required to enable this feature in a needlessly scary way. As any long time reader knows, security and privacy are always at odds with convenience, yet features like Spotlight Suggestions — and Siri before it — do an excellent job balancing as much convenience as possible with maintaining as much privacy and security as possible. Here’s Apple’s statement on the matter:

“We are absolutely committed to protecting our users’ privacy and have built privacy right into our products,” Apple told iMore. “For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn’t retain IP addresses from users’ devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn’t use a persistent identifier, so a user’s search history can’t be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded.

“We also worked closely with Microsoft to protect our users’ privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users’ IP addresses.

“You can also easily opt out of Spotlight Suggestions, Bing or Location Services for Spotlight.”

Here’s the original charge:

Apple has begun automatically collecting the locations of users and the queries they type when searching for files with the newest Mac operating system, a function that has provoked backlash for a company that portrays itself as a leader on privacy.

The “backlash” cited by the sensationalistic story is not the result of the story but the result of sensationalism, and that’s disappointing. We depend on major publications to provide us with accurate information for our benefit, not for their own benefit. Where they could have taken the time to look into it, assess the facts, and help people understand, they chose to double down on FUD, and that’s not only disappointing, it’s distressing.

So what are the facts? Apple discloses how Spotlight Suggestions work in both the Spotlight section of System Preferences on the Mac, and in the Spotlight section of Settings > General on iPhones and iPads.

There’s also a Spotlight Suggestion check box on both so that you, the person using the device, can easily turn it off if you value privacy and security over convenience. (And if you are such a person, and have already disabled location services, Spotlight honors that setting and doesn’t send the information.)

Apple links to the following text right from the prefs/settings pane on both OS X and iOS. Not only is it simple to find, it’s plainly written and understandable:

When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft’s Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services.

If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac.

You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Mac by clicking on “Details” next to System Services and then deselecting “Spotlight Suggestions”. If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region.

Apple has also posted a privacy section on their website, and an updated version of their iOS 8 security document that reiterate what they’re doing and their long-standing position on privacy. Here’s the relevant parts:

To make suggestions more relevant to users, Spotlight Suggestions includes user context and search feedback with search query requests sent to Apple.

Context sent with search requests provides Apple with: i) the device’s approximate location; ii) the device type (e.g., Mac, iPhone, iPad, or iPod); iii) the client app, which is either Spotlight or Safari; iv) the device’s default language and region settings; v) the three most recently used apps on the device; and vi) an anonymous session ID. All communication with the server is encrypted via HTTPS.

The white paper goes on to explain how locations are blurred, anonymous IDs are only kept for 15 minutes, recent apps are only included if they’re on a white list of popular apps, etc. (It starts on page 40 of the above-linked PDF if you’re curious about the specifics.)

So, again, Apple is only doing what they need to do to provide the conveniences of the feature they announced — the same way they’ve needed to collect enough data to answer questions with Siri in the past, or show you locations on Maps, or find your iPhone, iPad or Mac, and the list goes on.

If you don’t like or want it, you can turn it off. That’s the real story here — education. How it works, and what you can do with it and about it.

If you have any concerns or questions about Spotlight Suggestions, let me know in the comments!

Written by youryblog

October 24, 2014 at 2:17 PM

It’s Judgment Day for Killer Robots at the United Nations

leave a comment »

It’s Judgment Day for Killer Robots at the United Nations
The Wall Street Journal (05/13/14) Amir Mizroch  (from ACM tech news on 14 May 2014)

The United Nations on Tuesday began its first-ever multinational convention on “lethal autonomous weapons systems.” The meeting is taking place over three days in Geneva under the framework of the Convention on Certain Conventional Weapons, which aims to ban or restrict conventional weapons considered to cause unnecessary or unjustifiable suffering to combatants or civilians. The 117 member-states will attempt to define what an autonomous weapon is and whether it fits into the definition governed under the convention, and delve into legal and ethics questions. The meeting will hear from robotics, military, and human rights law experts, as well as from the International Committee of the Red Cross (ICRC), which held a seminar on the issue in March. The ICRC said in its report there was a sense of “deep discomfort with the idea of allowing machines to make life-and-death decisions on the battlefield with little or no human involvement.” Georgia Institute of Technology professor Ronald C. Arkin, who will participate in the meeting, believes autonomous weapons could reduce human casualties in war. However, he says the systems should not be deployed unless they can comply with international humanitarian law.

View Full Article – May Require Paid Subscription

Written by youryblog

May 14, 2014 at 5:46 PM

The Patent, Used as a Sword (New York Times)

leave a comment »

The Patent, Used as a Sword By CHARLES DUHIGG and STEVE LOHR Published: October 7, 2012 New York Times
http://www.nytimes.com/2012/10/08/technology/patent-wars-among-tech-giants-can-stifle-competition.html?_r=1&smid=li-share&goback=.gde_3746653_member_173015486

“When Apple announced last year that all iPhones would come with a voice-activated assistant named Siri, capable of answering spoken questions, Michael Phillips’s heart sank…”

“For three decades, Mr. Phillips had focused on writing software to allow computers to understand human speech.
… in 2008, Mr. Phillips’s company, Vlingo, had been contacted by a much larger voice recognition firm called Nuance. “I have patents that can prevent you from practicing in this market,” Nuance’s chief executive, Paul Ricci, told Mr. Phillips, according to executives involved in that conversation.” see more in the full paper

Written by youryblog

October 9, 2012 at 10:25 AM

Posted in Business, SW Eng./Dev., Warning

Tagged with

Java has become one of the weakest links in a PC’s and Mac’s defenses

leave a comment »

“Java, the programming language designed to make the web fun and interactive, has become one of the weakest links in a PC’s and Mac’s defenses against external threats. Consider the most recent Java vulnerability, a weakness currently being exploited by malware distributors: When Oracle, Java’s maker, released an emergency update to fix the software, security analysts reported that even the hot-off-the-presses code contains additional vulnerabilities.”

http://www.linkedin.com/groupItem?view=&srchtype=discussedNews&gid=35521&item=158999839&type=member&trk=eml-anet_dig-b_pd-ttl-cn&ut=1oTfSseTUnUBo1

Written by youryblog

September 21, 2012 at 6:56 PM

Posted in SW Eng./Dev., Warning

Remembering Nikola Tesla: Lessons for Today’s IT Leaders

leave a comment »

Very good paper about Tesla and his life from http://www.cioinsight.com by By Marc J. Schiller 2012-07-09

see http://www.cioinsight.com/c/a/Expert-Voices/Remembering-Nikola-Tesla-Lessons-for-Todays-IT-Leaders/?kc=EWWHNEMNL07112012STR3

“Nikola Tesla was born 156 years ago on July 10. Tesla’s contributions to the world of technology are vast, including the Tesla coil, modern radio, the induction motor, and most famously the alternating current (AC) electrical supply system that powers the world. His life and experience hold lessons for all aspiring technologists who, just like Tesla, are eager to bring the benefits of technology to a large community of people.”

This is for me only, to remember that life have many surprises and many of them are not positive.

Written by youryblog

July 11, 2012 at 7:06 PM

More than 6 million LinkedIn passwords stolen (By David Goldman @CNNMoneyTech June 7, 2012)

leave a comment »

More than 6 million LinkedIn passwords stolen By David Goldman @CNNMoneyTech June 7, 2012: 9:34 AM ET

Surprise! I thought that LinkedIn has a good security. They have a lot of IT professional and they have probably not a bad budget for IT. Sorry for them. I already changed my password for new one, but need to update all passwords on other sites. I think this is a time when we should use only generated passwords and store them in an online system, which has very good protection and security. It’s difficult but possible. At least one company or one organization should have a good security and even not for free.I think everybody will be agree to pay couple dollars per year to protect all accounts and all passwords. We have hundred millions users in Internet. I think this is a good multi-hundred million business for one web-site.

Youry

Written by youryblog

June 13, 2012 at 2:15 PM

N.J. Mayor, Son Arrested for Computer Hacking By CIOinsight 2012-05-28

leave a comment »

N.J. Mayor, Son Arrested for Computer Hacking By CIOinsight 2012-05-28:

“Felix Roque, mayor of West New York, NJ, and his son have been charged with conspiring to bring down a Website calling for the mayor’s recall and intimidate anyone involved with it.”

What could I say. Surprised.

Written by youryblog

May 30, 2012 at 1:22 PM