SIM-swap attacks continue year after year because companies (that know better) leaned into the awful idea of using SMS for password resets and account logins. These companies include Apple, Dropbox, PayPal, Block, Google, and many others. What is a SIM-swap attack? It’s where a bad guy asks a carrier to port your cell-phone number to… Continue reading Companies embracing SMS for account logins should be blamed for SIM-swap attacks
Apple has recently made bold claims about respecting the environment across business decisions. ♻️ And it seems to be making strides in many areas, like using recycled materials in products and clean energy in many aspects of its operations. 🎉 That’s why a deviation from this posture at last month’s event stood out: Only iPhone… Continue reading Apple’s new iOS feature to charge battery up to an “80% Limit” shouldn’t just be for the iPhone 15
As I round the corner on my latest (yet to be announced) game, I’m faced with a harsh reality: needing to publish to the Play & App Store. Why? Unlike my first two games, this upcoming one relies on swiping mechanics, where the player needs to reliably input left/right & up/down gestures. Certain aspects of… Continue reading As a web game dev, one point in favor of an App Store debut (and many against)
As a professional media gazer, I have noticed many people leave Twitter over the last six months, amid the platform’s chaos. But many have decided to return in some capacity. I love Mastodon, but I am not a writer needing to care about large audiences. The nerdy, club atmosphere of the fediverse is just what… Continue reading Meta and LinkedIn will never rival Twitter for reporters, unless they copy TweetDeck
Late last year, in a span of under two weeks, I received dozens of political spam texts around Austin’s Prop A ballot measure. I’m sure countless people around the world also get unsolicited garbage texts. Such text campaigns threaten to discourage voter turnout and turn people against each other. Because SMS texts lack authentication, users… Continue reading Political spam texts are out of control, and customers have no effective recourse.
Bad news folks. Corporate America is rushing ahead with voice-based authentication. I know because I recently called my ISP, Spectrum, which tried to enroll me in Voice ID. I declined. (“With Voice ID, you don’t have to worry about remembering security codes or passwords.” Ok, sure 🤪) And I also called my bank, Chase, which… Continue reading Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication
With its CSAM scanning tool (soon to be pushed to iPhones with iOS 15 and maybe Macs with Monterey), Apple has created what it promises is a “safe” surveillance experience. It will catch the absolute worst scumbags on the planet. It is launching in just the US. Turn it off by simply discontinuing your usage… Continue reading Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.
Internet Service Providers selling out customers’ privacy is awful, old news On April 3, 2017, Trump did what no one asked for, except for an army of telco lobbyists: he quietly signed an order from Congress to explicitly allow ISPs to sell users’ browsing history without users’ permission. There was no photo shoot or fanfare:… Continue reading Apple’s Private Relay will thwart ISPs’ gross mishandling of our browsing histories and rock the surveillance establishment in countries where it’s available
From a Stack Overflow question: “a hacked version of a Google Chrome extension I use was distributed via Chrome’s automatic extension updates. Is it possible to stop Google Chrome from automatically updating extensions?” The answer is there’s not an easy way to disable them in Chrome. But there should be, and this post explains why.… Continue reading When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)