Security

Companies embracing SMS for account logins should be blamed for SIM-swap attacks

Spencer Dailey

[UPDATE Since this was posted in 2024: Major US telcos like AT&T, T-Mobile, and Verizon have suffered a months-long breach (the ongoing Salt Typhoon attack). These companies, of course, pass along the unencrypted SMSes vital to countless log in flows, account re-activations, and password resets. They are now known to themselves be compromised. With all… Continue reading Companies embracing SMS for account logins should be blamed for SIM-swap attacks

Apple

Apple’s new iOS feature to charge battery up to an “80% Limit” shouldn’t just be for the iPhone 15

Spencer Dailey

[There is very lively discussion on Reddit, where it’s trending at #1 both on r/ios and r/apple. There are a bunch of worthy suggestions there on how to improve the feature even more, but one thing’s clear: iPhone users would love to see this come to more devices.] Apple has recently made bold claims about… Continue reading Apple’s new iOS feature to charge battery up to an “80% Limit” shouldn’t just be for the iPhone 15

Apple · Browsers

As a web game dev, one point in favor of an App Store debut (and many against)

Spencer Dailey

As I round the corner on my latest (yet to be announced) game, I’m faced with a harsh reality: needing to publish to the Play & App Store. Why? Unlike my first two games, this upcoming one relies on swiping mechanics, where the player needs to reliably input left/right & up/down gestures. Certain aspects of… Continue reading As a web game dev, one point in favor of an App Store debut (and many against)

mediagazing

Meta and LinkedIn will never rival Twitter for reporters, unless they copy TweetDeck

Spencer Dailey

As a professional media gazer, I have noticed many people leave Twitter over the last six months, amid the platform’s chaos. But many have decided to return in some capacity. I love Mastodon, but I am not a writer needing to care about large audiences. The nerdy, club atmosphere of the fediverse is just what… Continue reading Meta and LinkedIn will never rival Twitter for reporters, unless they copy TweetDeck

Apple · Full Dark, Max Bleak · Security

Political spam texts are out of control, and customers have no effective recourse.

Spencer Dailey

Late last year, in a span of under two weeks, I received dozens of political spam texts around Austin’s Prop A ballot measure. I’m sure countless people around the world also get unsolicited garbage texts. Such text campaigns threaten to alter voter turnout and turn people against each other. Because SMS texts lack authentication, users… Continue reading Political spam texts are out of control, and customers have no effective recourse.

Full Dark, Max Bleak · Security

Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication

Spencer Dailey

Bad news folks. Corporate America is rushing ahead with voice-based authentication. I know because I recently called my ISP, Spectrum, which tried to enroll me in Voice ID. I declined. (“With Voice ID, you don’t have to worry about remembering security codes or passwords.” Ok, sure 🤪) And I also called my bank, Chase, which… Continue reading Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication

Apple · Privacy · Security

Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.

Spencer Dailey

With its CSAM scanning tool (soon to be pushed to iPhones with iOS 15 and maybe Macs with Monterey), Apple has created what it promises is a “safe” surveillance experience. It will catch the absolute worst scumbags on the planet. It is launching in just the US. Turn it off by simply discontinuing your usage… Continue reading Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.

Apple · Privacy

Apple’s Private Relay will thwart ISPs’ gross mishandling of our browsing histories and rock the surveillance establishment in countries where it’s available

Spencer Dailey

Internet Service Providers selling out customers’ privacy is awful, old news On April 3, 2017, Trump did what no one asked for, except for an army of telco lobbyists: he quietly signed an order from Congress to explicitly allow ISPs to sell users’ browsing history without users’ permission. There was no photo shoot or fanfare:… Continue reading Apple’s Private Relay will thwart ISPs’ gross mishandling of our browsing histories and rock the surveillance establishment in countries where it’s available

Browsers · Security

When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)

Spencer Dailey

From a Stack Overflow question: “a hacked version of a Google Chrome extension I use was distributed via Chrome’s automatic extension updates. Is it possible to stop Google Chrome from automatically updating extensions?” The answer is there’s not an easy way to disable them in Chrome. But there should be, and this post explains why.… Continue reading When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)

imessages

Your iPhone (and iCloud backups) are full of gigabytes-worth of old iMessages that are virtually impossible to read

Spencer Dailey

[Find lively discussions of this post on Reddit and Hacker News.] Many iPhone owners have iMessages from years ago that they can’t access. For example, my wife and I simply want to read the first few messages that we exchanged in 2017, but we can’t. A friend of mine recently had to prove she had… Continue reading Your iPhone (and iCloud backups) are full of gigabytes-worth of old iMessages that are virtually impossible to read

About and Selected Writings - expand

I'm an editor at Techmeme, a consultant at DiMare Dailey Studio, and the developer of the Mac app CurrentKey. You can find me on Bluesky, Mastodon, and LinkedIn.

Selected Writings

mediagazing

Meta and LinkedIn will never rival Twitter for reporters, unless they copy TweetDeck

Spencer Dailey

As a professional media gazer, I have noticed many people leave Twitter over the last six months, amid the platform’s chaos. But many have decided to return in some capacity. I love Mastodon, but I am not a writer needing to care about large audiences. The nerdy, club atmosphere of the fediverse is just what… Continue reading Meta and LinkedIn will never rival Twitter for reporters, unless they copy TweetDeck

Apple · Full Dark, Max Bleak · Security

Political spam texts are out of control, and customers have no effective recourse.

Spencer Dailey

Late last year, in a span of under two weeks, I received dozens of political spam texts around Austin’s Prop A ballot measure. I’m sure countless people around the world also get unsolicited garbage texts. Such text campaigns threaten to alter voter turnout and turn people against each other. Because SMS texts lack authentication, users… Continue reading Political spam texts are out of control, and customers have no effective recourse.

Full Dark, Max Bleak · Security

Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication

Spencer Dailey

Bad news folks. Corporate America is rushing ahead with voice-based authentication. I know because I recently called my ISP, Spectrum, which tried to enroll me in Voice ID. I declined. (“With Voice ID, you don’t have to worry about remembering security codes or passwords.” Ok, sure 🤪) And I also called my bank, Chase, which… Continue reading Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication

Apple · Privacy · Security

Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.

Spencer Dailey

With its CSAM scanning tool (soon to be pushed to iPhones with iOS 15 and maybe Macs with Monterey), Apple has created what it promises is a “safe” surveillance experience. It will catch the absolute worst scumbags on the planet. It is launching in just the US. Turn it off by simply discontinuing your usage… Continue reading Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.

Apple · Privacy

Apple’s Private Relay will thwart ISPs’ gross mishandling of our browsing histories and rock the surveillance establishment in countries where it’s available

Spencer Dailey

Internet Service Providers selling out customers’ privacy is awful, old news On April 3, 2017, Trump did what no one asked for, except for an army of telco lobbyists: he quietly signed an order from Congress to explicitly allow ISPs to sell users’ browsing history without users’ permission. There was no photo shoot or fanfare:… Continue reading Apple’s Private Relay will thwart ISPs’ gross mishandling of our browsing histories and rock the surveillance establishment in countries where it’s available

Browsers · Security

When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)

Spencer Dailey

From a Stack Overflow question: “a hacked version of a Google Chrome extension I use was distributed via Chrome’s automatic extension updates. Is it possible to stop Google Chrome from automatically updating extensions?” The answer is there’s not an easy way to disable them in Chrome. But there should be, and this post explains why.… Continue reading When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)

imessages

Your iPhone (and iCloud backups) are full of gigabytes-worth of old iMessages that are virtually impossible to read

Spencer Dailey

[Find lively discussions of this post on Reddit and Hacker News.] Many iPhone owners have iMessages from years ago that they can’t access. For example, my wife and I simply want to read the first few messages that we exchanged in 2017, but we can’t. A friend of mine recently had to prove she had… Continue reading Your iPhone (and iCloud backups) are full of gigabytes-worth of old iMessages that are virtually impossible to read