Endless OS Functionality Controls Simplify Computing

Endless OS Functionality Controls Simplify Computing

Endless OS is an unusual Linux distro in that its user interface is more like an Android smartphone or tablet than a Linux desktop computer platform.

Version 3.5.4, released on Jan. 17, brings parental controls and other refinements that make this distro a cool alternative to the Chromebook for home, educational and community use. Endless OS goes a long way to eliminating the learning curve attached to using more traditional Linux OSes.

This ease-of-use performance makes it a good selling point as a computing platform for kids and for groups of users within a school — as well as in other agencies that control what users can access and configure.

Endless OS app drawer display

The EOS desktop lacks a main menu button. Instead, an app drawer display fills the screen much like a smartphone or tablet.

That is precisely the target user base envisioned in the marketing plan of U.S.-headquartered Endless Solutions, the company behind the operating system.

The Endless OS community’s goal is to build a global platform for digital literacy. It has outlined two strategies to pursue that mission.

Endless Options

One marketing strategy is the company’s simplified EOS desktop. It eliminates the technology barrier that often inhibits newcomers to computing in general, and Linux in particular.

The second strategy is the sale of a new breed of affordable desktop computers shipped with the Endless OS. You buy the box and plug in your own monitors, mouse and keyboard.

Choices include various sized oval, elliptical, square and rectangular boxes. Colors vary too. So do the memory and storage options.

The resource needs of Endless computers, much like Chromebooks, are far from heavy. The OS runs well on 1-GB, 2-GB and 4-GB configurations. eMMC cards and hard drive storage offer a range of options from 32 GB to 128 GB.

For this review, my focus is strictly the free-to-download-and-use operating system. Endless OS is fast — especially on computers with extra RAM. Plus, it is easy to install and easier to use.

Endless gives new users a familiar computer system with a large bundled collection of more than100 personal, business and educational applications to meet nearly any need. This distro is ready to use out of the box, and it offers some helpful tools to make computing easier for young and old.

Under the Hood

Endless OS is based on Debian Linux and a heavily modified GNOME desktop environment. EOS has no traditional Debian package manager. Instead, An upgrade tool automatically checks for updates and handles them in the background. Another feature is a locked-down OS that limits a user’s ability to change settings. This makes Endless OS unlike most other Linux distros.

The developers caution that even though Endless OS has a Debian base, using it is not the same as running Debian Linux. Pure Debian systems use .deb packages for the system files and applications. Instead of a true package manager tool, Endless OS is fitted with

It is not a package manager per se. Rather, it is an upgrade system that performs atomic upgrades of complete file system trees.

This is a non-destructive atomic technique to deploy operating system updates without affecting the running state of the system. OSTree makes the updating process safer and more hardened against breaking the system when applying automatic updates.

Misleading Website

New Linux users can download the Endless OS from their Windows or macOS computers. They also can burn the ISO files to run the installation media with disc-burning software on either platform.

However, the Endless OS website makes it seem as though you must burn the ISO files to a USB drive to test and install the operating system. Nowhere does it mention the DVD option.

Especially for new users, creating a bootable USB drive to run a live session of Endless OS can be frustratingly hit-or-miss. Endless OS runs fine from a DVD disc, which is a reliable process.

More Misdirection

Another potential stumbling block might appear when trying to download the ISO file. The Endless OS website uses only torrent connections rather than direct downloads from its own servers.

Torrent file exchanges let you download the desired file from an unknown computer connected to a torrent network. At the same time, the torrent software grabs whatever installation files it finds in your computer’s downloads folder.

The potential problem for new users is knowing about the need to use a torrent application.The download link on the Endless OS website requires torrent software, but that process is not mentioned.

I could not locate any direct download links on the Endless OS website. I also could not find any other software repositories that offered a non-torrent option for direct downloads of Endless OS.

The Endless OS website has a section titled, “Where can I download the Endless OS ISO image files directly?” The answer is apparently you can’t. You can download an image file directly and use it to create your own Endless USB stick or test Endless OS in a virtual machine. However, there is no direct download link, so you are stuck using the torrent method.

The virtual machine option is one you should consider to test Endless OS. The virtual machine method bypasses having to burn the files onto a DVD or a USB drive once you download the ISO file.

I had no trouble running Endless OS in a virtual machine, but I still had to burn a DVD or USB configuration in order to install Endless to a hard drive for permanent use.

Matching Your Needs

You can download two versions of Endless OS. The Basic version is about 2 GB. It comes with only a few preloaded applications. Your computer needs at least 32 GB of free space on the hard drive to handle installation of the full version.

The Basic version is fine to check out the user interface and confirm that it is compatible with your hardware. If you install the basic version, you can open the App Center to browse, download and install more than a hundred free applications.

To get real usefulness from this distro, though, you should get the full version, especially if you have limited Internet access. It does not make much sense to play whack-a-mole , downloading useful applications that you will need regularly one at a time.

The Full version provides about 100 software titles already installed. Because of the additional software inventory, the download size of this ISO file is much larger than the Basic version’s ISO download. It is about 16 GB.

Why bundle so many applications? Some computing veterans might view this as unnecessary crapware. That is not the case with Endless OS. The developers provide a large variety of software titles to make Endless computing functional and self-sufficient for users with little or no Internet access. You will not find many of the software titles in Endless OS common offerings in other Linux distros. That can be a big advantage to trying the Endless OS.

Endless OS comes with special categories of applications, including Astronomy, Cooking, Maternity, Health, Celebrities, Special Needs and more. The software titles include games and productivity software, as well as travel and educational materials. A Wikipedia section provides access to more than 50,000 articles.

Software Strategy

Having a reliable collection of reference tools and educational software installed lets you get schoolwork and personal learning done without being online. Of course, you can not update email or research the latest trending topics without an Internet connection.

If you are an Android device user, be sure to check out the Android companion app. It lets you sync your Android-powered mobile phones and tablets with Endless OS. The Android app is available from the Google Play Store for free.

Your installed apps are often a goldmine of information you have yet to peruse. Click the tab at the top to open “Recommended Stories.” This action provides highlights and links to content from your installed apps.

A textbook showcase of sorts is bundled for offline reading. You get a textbook app with FlexBooks from the C-12 Foundation. You also get content from Khan Academy, and videos about a variety of subjects.

Apps to Go

I like the concept of having a computer that does not always require an Internet connection — especially for controlled environments likes schools and library computer rooms, or “study centers” in remote locations.

Even for home and business settings, a “partially air-gapped” computer can be beneficial. Sometimes it is a benefit to be isolated from watching live content on Youtube or getting lost in social media posts.

If you need to add more applications, the Endless OS app store mixes traditional apps with Endless-specific apps. The More Apps option on the home screen opens the app store.

Endless OS app store

The app store mixes traditional software titles with Endless-specific applications.

This is an Endless version of the GNOME Software app. A symbol distinguishes between apps you already have and those that require a download.

Some Surprises Included

Endless OS is not like your typical Linux distro in several ways. One of the more unusual things is having to sign an end user license agreement.

A second more-than-trivial thing about Endless OS is the way it handles system files. They are read-only. This approach comes with some security benefits.

Mainly, it makes it much more unlikely that malware or hacking can mess with the system’s integrity. Only app updates can tinker with system files. This is similar to the way Chrome OS operates on Chromebooks.

Yet another design element that differs from other Linux distros is how the modified GNOME interface works. For instance, when Endless OS starts, the screen displays an app drawer to launch apps.

Desktop Overview

The user interface offers a few surprises also. The EOS desktop lacks a main menu button anywhere on the panel or taskbar. The button to the far left of the panel does not pop up a menu. Instead, it shows the desktop.

The panel has a few launcher buttons to display documents, the app center, and the Web browser on the left. On the right end of the panel bar are the usual icons in the system tray.

Instead of a pop-up menu, launch icons fill the screen. The layout and functionality closely resemble an Android device or the GNOME application display, except for the taskbar at the bottom of the screen.

Click on the app to launch the activity. Right-click on an open application’s icon in the taskbar to pin it there.

A search window sits at the top center of the screen above the application icons. Start typing an application name to see a list of matching installed apps and a list of possible matches available in the app center. Tap on an icon to launch the application or load the URL in the Web browser.

Endless Limitations

Endless OS lacks virtual workspaces and applets to run on the panel bar. A virtual workspace is an essential feature in most Linux desktops.

Sometimes the goal of simplifying the user interface ends up crippling the functionality. That is the case with Endless OS. New users probably will not miss these two features, but experienced Linux users no doubt will find EOS too limiting.

Further, the desktop environment is so locked down that the settings panel hardly has any usefulness. The EOS desktop is mostly a one-size-fits-all configuration. It only lets you fiddle with some basic settings.

Endless OS settings control panel

Endless OS sacrifices extensive setting controls in favor of simplified computing with mostly unchangeable default settings.

All the settings appear in a single panel. There is not much to configure other than options for background, power, mouse/touchpad and such.

One silver lining exists in the mostly featureless settings panel. This latest release brings parental controls. It lets you control which apps users can install or launch, at least to a degree.

For instance, you can not restrict access to built-in apps, including the Web browser, file manager, text editor and video player. The app center displays apps based on their content rating. You can set the display to show only age-appropriate content, for instance.

You also can restrict access to certain apps already installed on the system, or you can prohibit certain users from installing new apps entirely.

Bottom Line

The endless OS offers many computing options. It is easy to use. It is not a Linux solution for sophisticated users, however.

The developers designed this distro to fulfill the demands of underserved users in the developing world. Most of the users live in places where access to information is restricted and computers are expensive.

However, this unique Linux distro with its EOS desktop can have endless uses for schools, church groups and business settings. Endless OS also can be a frustration-free computing platform for students and non tech-savvy users.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Let’s block ads! (Why?)

Link to original source

A Practical Guide to Protecting Your Privacy Online

This story was originally published on Nov. 7, 2018, and is brought to you today as part of our Best of ECT News series.

Do you take your online privacy seriously?

Most people don’t. They have an ideal scenario of just how private their online activities should be, but they rarely do anything to actually achieve it.

The problem is that bad actors know and rely on this fact, and that’s why there’s been a
steady rise in identity theft cases from 2013 to 2017. The victims of these cases often suffer a loss of reputation or financial woes.

If you take your online privacy seriously, follow this 10-step guide to protect it.

1. Shield Yourself From Snoopy ISPs

You may not be aware of it, but your ISP already might know
all about your online searches.

Each time you search for something online, your browser sends a query to a DNS server. Before the query reaches a DNS server, however, it first has to go through your ISP. Needless to say, your ISP easily can read and monitor these queries, which gives it a window into your online activity.

Not all ISPs monitor your browser queries but the ones that don’t are the exception and not the rule. Most ISPs will keep records of your Web browsing for a period of a few months to a year. Most ISPs don’t record your texts, but they do keep records of who texted you.

There are two ways to protect your privacy if you don’t want your ISP monitoring your browser queries: 1) Switch to an ISP that doesn’t monitor your online data, if practicable; or 2) Get a VPN to protect your data (more on this later).

2. Guard Your Login Credentials

One thing most people take for granted is the login credentials they use to access their many online accounts. Your username and password are the only things keeping your information and privileges from getting into the wrong hands. This is why it’s important to make them as strong as possible.

Choose a strong username that is simple and easy to remember but can’t easily be linked to your identity. This is to prevent hackers from correctly guessing your username based on your name, age, or date of birth. You’d be surprised just how cunningly hackers can find this information. Also, never use your Social Security Number as your username.

Next, pick a strong password. There are many ways to do this, but we can narrow them down to two options: 1) Learn how to make strong passwords; or 2) Use a password manager app.

Learning how to make a strong password requires time and imagination. Do you want to know what the most common passwords are? They are “1234,” “12345,” “0000,” “password” and “qwerty” — no imagination at all. A password combining your name and date of birth won’t cut it. Nor will a password that uses any word found in the dictionary.

You need to use a combination of upper and lower case letters, numbers, and even symbols (if allowed). Complexity is what matters, not length, since a complex password will take centuries for a computer to figure out. In fact, you can
try your password if you want to see just how long it will take to crack.

If you don’t have the time and imagination to formulate a strong and complex password, you can use one of the
six best password managers. These apps not only save you the hassle of memorizing your complex passwords but also auto-fill online login forms and formulate strong passwords for you.

Whether you want to learn how to make strong passwords or choose to install a password manager app is up to you. What you should never neglect, though, is 2FA (2-factor authentication). 2FA adds an extra layer of protection for your passwords in case someone ever does learn what they are. In fact, you may already have tried it when logging into an account on a new device.

The app or service requires you to key in the access code sent to another one of your devices (usually your phone) before you are given access to your account. Failing to provide this access code locks you out of your account. This means that even if hackers obtain your login credentials in some way, they still can’t log into your account without the access code.

Never use the same usernames or passwords for different accounts. This prevents hackers from accessing multiple accounts with just one or more of your login credentials. Also, never share your login credentials with anybody —
not even your significant other.

3. Secure Your WiFi

Have you ever heard of a
KRACK attack? It’s a proof-of-concept cyberattack carried out by infiltrating your WiFi connection. The hacker then can steal information like browsing data, personal information, and even text message contents.

The problem is that not even WPA2 encryption can stop it. This is actually why The WiFi Alliance started development of WPA3, which it officially introduced this summer.

Do you need WPA3 to defend against KRACK attacks? No. You just need to install security updates when they become available. This is because security updates ensure that a key is installed only once, thereby, preventing KRACK attacks. You can add additional layers of protection by visiting only HTTPS sites and by using a VPN.

You also can use a VPN to protect your device whenever you connect to a public network. It prevents hackers from stealing your information via a MitM (Man in the Middle) attack, or if the network you’ve connected to is actually a rogue network.

4. Browse With Confidence

If you read through your browser company’s Terms of Use and Privacy Policy, you might find that they actually track your online activities. They then sell this information to ad companies that use methods like analytics to create a profile for each user. This information then is used to create those annoying targeted ads.

How do they do this?

Answer: Web cookies.

For the most part, Web cookies are harmless. They’re used to remember your online preferences like Web form entries and shopping cart contents. However, some cookies (third-party cookies) are made specifically to remain active even on websites they didn’t originate from. They also track your online behavior through the sites you visit and monitor what you click on.

This is why it’s a good idea to clear Web cookies every once in a while. You may be tempted to change your browser settings to simply reject all cookies, but that would result in an overall inconvenient browsing experience.

Another way to address the monitoring issue is to use your browser’s Incognito mode. Your browser won’t save any visited sites, cookies, or online forms while in this mode, but your activities may be visible to the websites you visit, your employer or school, and your ISP.

The best way I’ve found so far is to replace your browser with an anonymous browser.

One example is TOR (The Onion Browser). TOR is a browser made specifically to protect user privacy. It does this by wrapping your online data in several layers of encryption and then “bouncing” it for the same number of times before finally arriving at the right DNS server.

Another example is Epic Browser. While this browser doesn’t run on an onion network like TOR, it does do away with the usual privacy threats, including browsing history, DNS pre-fetching, third-party cookies, Web or DNS caches, and auto-fill features. It automatically deletes all session data once you close the browser.

SRWare Iron will be familiar to Google Chrome users, since it’s based on the open source Chromium project. Unlike Chrome, however, it gets rid of data privacy concerns like usage of a unique user ID and personalized search suggestions.

These three are the best ones I’ve found, but there are other alternatives out there. Whatever privacy browser you choose, make sure it’s compatible with your VPN, as not all privacy browsers are VPN-compatible — and vice-versa.

5. Search Safely

Presenting risks similar to popular browsers are the search engines many people use. Most browser companies also produce their own search engine, which — like the browser — also tracks your online searches. These searches then can be traced to your personal identity by linking them to your computer, account, or IP address.

Aside from that, search engines keep information on your location and usage for up to several days. What most people don’t know is that persons in the legal field actually are allowed to use the information collected by search engines.

If this concerns you at all, you may want to switch to a private search engine. These private search engines often work in the same way: They obtain search results from various sources, and they don’t use personalized search results.

Some of the more popular private search engines include DuckDuckGo, Fireball, and Search Encrypt.

6. Use a VPN

What is a VPN, and why do I strongly recommend it?

A VPN (virtual private network) is a type of software that protects your Internet browsing by encrypting your online data and hiding your true IP address.

Since you already know how online searches are carried out, you already know that browser queries are easily readable by your ISP — or anyone else, for that matter. This is because your online data is, by default, unencrypted. It’s made up of plain text contained in data packets.

You also already know that not even built-in WPA2 encryption is good enough to protect against certain attacks.

This is where a VPN comes in. The VPN courses your online data through secure tunnels until it gets to its intended DNS server. Anyone intercepting your browsing data will find unreadable jargon instead.

You may hear advice against trusting VPNs with your security. I’m actually inclined to partially agree — not all VPNs are secure. However, that doesn’t mean all VPNs are not secure.

The unsecured VPNs I’m referring to are the “free lunch” types that promise to be free forever but actually use or sell your data to ad companies. Use only the safest VPN services you can find.

A VPN is primarily a security tool. While you may enjoy some privacy from its functions, you will want to pair it with a privacy browser and search engine to get the full privacy experience.

A VPN can’t secure your computer or device from malware that’s already present. This is why I always recommend using a VPN together with a good antivirus and firewall program.

Some popular browsers run WebRTC protocols by default. You have to turn off this protocol. This protocol compromises a VPN’s security by allowing your true IP address to be read.

7. Beware of Phishing

You may have the best VPN, anonymous browser, and private search engine on the market, but they won’t do you much good if you’re hooked by a phishing scam.

Phishing employs psychological analysis and social engineering to trick users into clicking a malicious link. This malicious link can contain anything from viruses to cryptojackers.

While phishing attacks usually are sent to many individuals, there’s a more personalized form called “spearphishing.” In that case, the hackers attempt to scam a specific person (usually a high-ranking officer at a company) by using information that’s available only to a select few people that the target knows.

So, how do you avoid being reeled in by phishing attacks?

The first option is to learn how to identify phishing attempts. Beware of messages from people you don’t know. Hover over a link before clicking it to make sure it navigates to the site it portrays. Most importantly, remember that if it’s too good to be true, it most likely is.

The second option is to install an antiphishing toolbar. This software prevents phishing by checking the links you click against a list of sites known to host malware or those that trick you into disclosing financial or personal information.

It then will prompt you, once it determines the link to be connected to one of those sites, and provide you with a path back to safety.

The best examples I’ve found are OpenDNS, Windows Defender Browser Protection, and Avira Browser Safety.

8. Encrypt Your Messages

If you’ve been following tech news in the recent months, you may have found an item about the FBI wanting
to break Facebook Messenger’s encryption. Say what you will about the social network giant, but this news reveals one thing: Even the FBI can’t crack encrypted messages without help.

This is why you should always use “encryption mode” in your messaging apps. Apps like Signal, Telegram, and Threema all come with end-to-end encryption and support for text, calls, and even video calls.

If you require constant use of emails, ProtonMail, Tutanota, Mailinator, and MailFence are great alternatives to popular email services that actually monitor your email content.

9. Share Carefully on Social Media

Social media has become one of the best ways to keep in touch with important people in our lives. Catching up to everyone we care about is just a few clicks away. That said, we’re not the only ones looking at their profiles.

Hackers actually frequent social media sites as they hunt for any personal information they can steal. They even can circumvent your “friends only” information by adding you as a friend using a fake account. I don’t think I need to mention the problems hackers can cause once they’ve stolen your identity.

This is why you should exercise caution about what you share on social media. You never know if hackers are using the photos you share to target you for their next attack. You may want to skip out on filling out your profile completely. Avoid giving your phone or home number, and perhaps use a private email to sign up.

10. Update Frequently

You may have heard this before but it’s worth repeating now: Don’t ignore system updates. You may not be aware of it, but updates fix many vulnerabilities that could jeopardize your online privacy.

Most people put off installing updates since they always seem to come at inopportune times. Sometimes we just can’t put up with the dip in performance or Internet speed while updates are being installed.

It’s usually best to suffer what minor inconvenience they cause early rather than risk getting caught in the whirlwind of problems hackers can cause if you should get targeted. Most software and apps now come with an auto-update feature, so you won’t have to manually search and download them.

Bottom Line

Privacy is a human right, and our online privacy should be taken seriously. Don’t neglect to take the necessary steps to protect yours.

Beware of your Internet service provider, and always protect your login credentials no matter how strong they are. Remember to check the network you’re connecting to before you log in.

Watch what your browser and search engine are doing, and consider replacing them with more private ones. Prepare against phishing by learning to identify attempts and installing an antiphishing toolbar.

Always use encrypted messaging, and watch what you share on social media. Finally, never ignore system updates when they become available.

Follow these steps and you’ll soon be on your way to a more private browsing experience.

John Mason, an avid privacy advocate, is founder of
TheBestVPN and serves as its chief researcher.

Let’s block ads! (Why?)

Link to original source

Apple Banishes Facebook Data Reaper From iPhones

By John P. Mello Jr.

Jan 31, 2019 9:12 AM PT

Apple on Tuesday blocked a Facebook app that paid users for total access to all network data passing through their mobile phones.

The controversy over use of the Facebook Research app first was reported by TechCrunch, which revealed that Facebook was paying users US$20 a month for root network access to their phones.

Facebook was on-boarding users of the program, which included teenagers, through Apple’s Enterprise system, which Apple said was a violation of its policy.

The Enterprise system is supposed to be used only for the distribution of internal corporate apps to employees, not to paid external testers, TechCrunch explained.

“Facebook was collecting data on virtually anything they did on their mobile device,” said Shane Green, U.S. CEO in the Washington, D.C. offices of
Digi.me, a personal data management service.

“The VPN they used for this tracks all data coming in or out of the device at a raw, unencrypted level, so there was virtually nothing a user was doing on a mobile device that Facebook couldn’t get access to if it chose,” he told TechNewsWorld.

“I haven’t personally seen a program that invasive before,” Green added. “Coming from a company like Facebook, it’s even more worrisome.”

Innocent Research?

Facebook spokesperson Arielle Argyres told TechNewsWorld that key facts about the market research program were being ignored.

“There was nothing ‘secret’ about this,” she said. “It was literally called the ‘Facebook Research App.'”

“It wasn’t spying, as all of the people who signed up to participate went through a clear on-boarding process, asking for their permission and were paid to participate,” Argyres continued.

“Finally,” she added, “less than 5 percent of the people who chose to participate in this market research program were teens — all of them with signed parental consent forms.”

Spying on Competitors

Since 2016, Facebook has been paying users in the 13 to 35 year-old age bracket $20 a month, plus referral fees, to install the Facebook Research app, TechCrunch reported.
Facebook even asked users for screenshots of their Amazon ordering pages.

The program is administered through testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, according to the TechCrunch story.

“Facebook is trying to spy on its competitors,” said Matt Stoller, a spokesperson for
Freedom From Facebook, a group of organizations advocating the break-up of the social network.

“They want to make sure they can spy on anybody that might be creating competitive products,” he told TechNewsWorld.

“What they were looking for when they bought Onavo, which is where Research came from, was a surveillance application so they could see what their competitors were doing and which competitors were gaining traction.”

Onavo Gets Boot

Facebook last summer removed Onavo Protect from the Apple App store after Apple determined the software violated its data collection policies for apps.

Onavo, an Israeli company acquired by Facebook in 2013, makes a program that gives its users security alerts and access to a Virtual Private Network.

However, the software also monitors apps, sending user data back to Facebook, which has been known to use it to identify competitors and even spur acquisitions.

Under Apple’s rules, apps are forbidden from collecting information about other apps on a device for the purpose of analytics, advertising or marketing.

What’s more, apps must make clear to a user which data they’re collecting and how it will be used.

Onavo Protect is still available on Google Play, which is the Android counterpart to Apple’s App Store.

Feeding Addiction

Spying on competitors isn’t Facebook’s only goal with Research, maintained Stoller, who is also a fellow at the
Open Markets Institute.

“They’re also trying to figure out how to potentially encourage children, teenagers and adults to be more addicted to their services,” he said.

“To subject children to addictive services like the ones Facebook delivers is wrong,” Stoller added, “and to have Facebook spying on them so they can improve the addictiveness of their product is also wrong.”

Apple also revoked Facebook’s Enterprise Certificate, which, according to the TechCrunch article, is proving to be problematic.

The revocation has broken all of Facebook’s legitimate employee-apps, it explained, including pre-launch internal-testing versions of Facebook and Instagram, as well as the employee apps for coordinating office collaboration, commutes, seeing the day’s lunch schedule, and more.

“Apple knew they would be disrupting Facebook’s internal operations. They didn’t care,” Digi.me’s Green said.

“They felt that this was a grievous enough breach of faith and responsibility by Facebook to warrant pulling the plug on the whole thing,” he added. “And this is just the beginning. I think we’re going to see a much bigger escalation now that Apple has positioned itself as a more privacy-centric company.”

Corrupt Business Model

Despite explosive stories in recent months about abuse of its members’ data, Facebook seems unable to learn from its mistakes. That may be because of its business model, said Green.

“Their business model has an insatiable appetite for data about people, so they’re constantly pushing the boundaries of how they can collect more data and get permission to use it however they want to,” he explained.

“There’s a whole history before Cambridge Analytica, where Facebook was accused of confusing users to get them to not mark posts private,” Green recalled. “The model is fundamentally corrupt at this point. They just can’t stop collecting as much data as they want. That’s how they’re rewarded internally. That’s how their stock is valued.”

Facebook’s days of pushing the norms for data collection may be in their twilight, though.

“Facebook was so huge for so long that they were able to violate social norms and make mistakes in a brazen way, because no one was going to walk away from Facebook,” said Karen North, director of the Annenberg
Online Communities program at the University of Southern California in Los Angeles.

“They were arrogant about that. They would do things and say, ‘People will like it once they get used to it,’ and people got used to things because they didn’t want to walk away from Facebook,” she told TechNewsWorld.

“The reality now is there isn’t the same kind of loyalty to Facebook,” North added. “They’re headed toward a time when people aren’t willing to adapt and forgive.”

John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.

Let’s block ads! (Why?)

Link to original source

Apple Squashes FaceTime Eavesdropping Bug

By John P. Mello Jr.

Jan 30, 2019 5:00 AM PT

Apple on Monday suspended its Group FaceTime application following reports that a bug in the software allowed callers to eavesdrop on the people they were calling.

The flaw let a person making a FaceTime call listen through the phone of the person called before the call was accepted or rejected.

It also allowed access to the front-facing camera in an iPhone, both 9 to 5 Mac and BuzzFeed reported.

After making a FaceTime call from an iPhone X to an iPhone 8, a user could hear audio from the iPhone 8 before any action was taken on the call, BuzzFeed explained.

Then, when the volume down button was pressed, video streaming from the front-facing camera could be seen on the iPhone X, even though the call on the iPhone 8 hadn’t been acted upon.

A user could activate video functionality from a called phone by pressing the power button from the lock screen, 9 to 5 Mac reported.

The eavesdropping bug didn’t seem to work on phones in “Do Not Disturb” mode, BuzzFeed noted.

Serious Issue

Although Apple acted quickly once news of the bug went viral, the flaw is a grave one.

“The bug is serious, but thankfully Apple was in a position to mitigate it by forcing the feature to be inoperable on their server-side end,” said Will Strafach, president of the
Sudo Security Group, an iOS security company in Greenwich, Connecticut.

“I don’t see a long-term impact, since Apple has now disabled the functionality and is quickly pushing an update,” he told TechNewsWorld, “but I am sure this will be joked about for some time, similar to the ‘goto fail’ bug a few years ago.”

What makes the bug so serious is that it allows any user to be spied on without their knowledge, said Mike Murray, chief security officer for
Lookout, a San Francisco maker of mobile security products.

“All software has bugs and every company makes mistakes. What impacts a company’s reputation in the long term is their ability to respond to these issues,” he told TechNewsWorld.

“Apple has already published an initial mitigation and rumors have a patch being released in short order,” Murray continued. “This is what should be expected from a company that takes user privacy and security seriously.”

Sky Not Falling

Not everyone is wringing their hands over the “fly on the wall” bug.

“According to the rest of the world, the sky is falling right now,” observed Tyler Reguly, manager of security R&D at Portland, Oregon-based Tripwire, a cybersecurity threat detection and prevention company.

“This FaceTime bug is the most critical defect we’ve ever encountered if social media is to be believed. I’m not sure I buy into that,” he told TechNewsWorld.

“Is this bug a really stupid mistake and evidence that maybe Apple doesn’t put as much thought into features as they should? Definitely,” Reguly continued.

“As a colleague put it, ‘How do you design a communication protocol such that it allowed communication before the connection is established?” he wondered.

“There is no doubt that Apple has some egg on their face over this one,” Reguly said. “The simple fact is that stupid bugs exist everywhere because code is written by people, and people make mistakes and bad choices. It would be nice if we lived in an infallible society, but we don’t.”

Twitterverse Speaks

The FaceTime bug became a source of levity on Twitter.

“I am not responsible for #FaceTime’s bug. Although, I do intend to take full advantage of it,” wrote @immortalhuey.

Another user imagined what the bug could do for family relations. “I love this #facetime bug,” wrote @Pornhub. “Imma call you and spy on you while you ignore me….MOM.”

@Taylorownsme13 added this tongue-in-cheek comment to the bug feed: “So are you telling me that my friends will hear me talk about how much I hate them and how their calls annoy me before I answer and be a fake bitch?”

Other denizens of the twittersphere, though, had more serious thoughts about Apple’s snafu.

“So everyone freaks out over this #FaceTime bug that basically let’s anyone turn your phone into a listening device, BUT nobody gives a fuck that the Government does this to almost ALL ‘smart’ devices as a matter of course,” declared @Socal_crypto.

“Never wanted iPhone. After this never will,” added @theBeganovich.

Delayed Reaction?

Twitter is also where questions about Apple’s responsiveness to bug reports have been raised.

“It has been alleged that this bug was reported days ago,” Sudo’s Strafach explained.

“My hope is that this will be a teachable moment on how their bug report triage processes can be improved in order to get reports to the right people more quickly,” he said.

“I believe this bug serves as a reminder that mobile phones may be powerful tools these days, but they are created by humans who can make mistakes sometimes,” Strafach added. “I think a lot of people already understand that, but incidents such as this bug serve as a visceral reminder which can be easily understood.”

Pocket Protection

While access to Group FaceTime has been suspended, Lookout’s Murray still recommends disabling the application until Apple provides a more permanent fix to the problem.

“More important than this single issue is to remember that the phone in our pocket is a powerful computer with access to all of your private life, and it should be protected like it,” he cautioned.

“Many mobile malware families have the ability to listen in through the microphone, just like this Apple bug,” Murray added. “A vulnerability like this reminds us how easily phones can be used to steal personal information. The malware authors and nation-state attackers already know that.”

The FaceTime bug illustrates that even the most diligent companies can falter from time to time, noted George Gerchow, CSO of Redwood City, California-based
Sumo Logic, an analytics company focusing on security, operations and business information.

“Even though Apple has gone through great strides to protect their users’ information,” he told TechNewsWorld, “this latest bug is yet another reinforcement that privacy continues to remain a major concern, regardless of your company’s size or security and privacy investments.”

John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.

Let’s block ads! (Why?)

Link to original source

Apple Rumored Plotting a Game Subscription Service

By John P. Mello Jr.

Jan 29, 2019 5:00 AM PT

A “Netflix for Games” type of service may be in Apple’s future. Apple has been developing a subscription service that will function for games much like Netflix does for movies and TV series, according to a Cheddar

It’s still unclear what the subscription fee would be or what kinds of games would be offered on the service, noted Cheddar, which bills itself as a “post-cable news, media, and entertainment company.”

Whatever the fee for the offering, it could be tough for Apple to find an audience for a streaming service, maintained David Cole, an analyst at
DFC Intelligence, a market research firm in San Diego.

“Streaming was a huge topic six or seven years ago, when there were a lot of startups looking to get into the space,” he told TechNewsWorld. “What they found out was that people weren’t willing to pay a whole lot of money for that kind of service.”

Tough Sell

What’s more, big players like Amazon and Google have announced their intentions to join current kingpins Microsoft and Sony in the streaming market, Cole said. “It’s a very competitive landscape.”

Apple’s audience for the service — primarily users of its phones and tablets — may not go flocking to it, either, he continued.

“Xbox and PlayStation consumers are heavy-duty gamers. They’re willing to plunk down (US)$400 for a game system and $60 apiece for a game, and it’s still tough to get them to pay for a subscription service,” Cole observed.

“Apple faces the same challenge, but their consumer is not going to be into the games as much as a consumer who has bought an Xbox or PlayStation,” he pointed out. “Charging a Netflix-like monthly subscription fee is really tough. Anything over $5 a month is a lot.”

Focus on Casual Gamers

Apple will tailor its service to its user base, predicted Mark N. Vena, senior analyst at Moor Insights and Strategy, a technology analyst and advisory firm based in Austin, Texas.

“I suspect Apple will be going after more mainstream, family-oriented types of games. It’s hard for me to believe that they’ll go after hard-core games, where the gaming is first-person shooter and more violent,” he told TechNewsWorld. “They’ll probably target casual users — users who play sports-oriented games, trivia games, games that don’t require a lot of graphics power.”

The move could be a good one for Apple, Vena said. “If they stay in their lane and focus on phone and tablet mainstream games, and stay away from ultraviolent games, which would sully their brand, it will broaden their service appeal.”

Good Strategic Fit

A move into subscription gaming seems to fit in with Apple’s media strategy, noted Ross Rubin, principal analyst at Reticle Research, a consumer technology advisory firm in New York City.

“Apple is making lots of moves to offer subscription services in all major media,” he told TechNewsWorld.

“They have music. They acquired a company that offered all-you-can-eat magazine subscriptions. They’re working on a video service. So this would be consistent with that,” Rubin said.

“With 5G and faster 4G networks coming, that’s going to lend itself very well to launching streaming game services,” he noted. “Regardless of whether Apple does it or not, we’re going to see many more companies launch streaming game services because latency — which is key for this kind of service — will be lower than it has ever been on a cellular network.”

Latency can make a video streaming service frustrating, but it typically doesn’t outright ruin the experience, said Billy Nayden, research analyst at Dallas-based Parks Associates, a market research and consulting company specializing in consumer technology products.

That’s not the case with streaming games, however.

“Because of the responsiveness required to play video games, latency issues are far more crippling,” Nayden told TechNewsWorld. “Apple must ensure their streaming service does not have any latency issues for that reason.”

The 5G Difference

5G could be a game-changer for streaming gaming, said Michael Goodman, director for digital media at Newton, Massachusetts-based Strategy Analytics, a research, advisory and analytics firm.

“Over the past 15 to 20 years the landscape is littered with streaming game services that have tried and failed,” he told TechNewsWorld.

“The big difference this time is 5G, which — at least in theory — should minimize, if not get rid of, latency issues associated with streaming gaming all together,” he said. “This is why we are seeing all these companies, such as Microsoft, Google, Amazon, Verizon, and now Apple, get excited by streaming.”

Latency isn’t the only problem facing streaming gaming services, however.

“Streaming game services just have not been able to come up with a licensing model that compensates publishers with lost retail revenue if they offer new releases via streaming services,” Goodman observed,

Game Publishers Problem

A video game sells for around $60. A streaming service charges $10 to $15 a month per subscriber. That money needs to be split among multiple publishers, Goodman noted.

“As a result of that, publishers have been more than willing to make back catalogs that are no longer selling available to streaming game services, but not new releases, and it is the new releases that drive the market,” he explained.

The player best positioned to make streaming work is Microsoft, Goodman maintained.
“Given all the internal game development studios they own, they can seed any streaming service with new releases from internal sources.”

However, “subscription gaming” need not mean streaming gaming.

“Considering where Apple is today, I would venture to assume it’s considering an app-based model rather than a new cloud gaming service,” said Michael Inouye, principal analyst at Scottsdale, Arizona-based ABI Research, a technology advisory company.

An app-based model typically allows a subscriber to download all the games they want and play them as long as their subscription remains active.

“Subscription services are gaining popularity across content markets from video to music and gaming, so it could offer value to the mobile gaming segment as well,” Inouye told TechNewsWorld.

“Even if Apple does not launch a subscription service,” he added, “it still behooves the company to explore this model because of the success other markets are experiencing, and to ensure they remain competitive.”

Calming Investors

A pure game play by Apple would be “hugely complicated, expensive and dangerous for the company,” maintained Charles King, principal analyst at Pund-IT, a technology advisory firm in Hayward, California.

That risk is reduced if Apple acts as a broker in a Netflix-type model.

“That’s considerably less fraught,” King told TechNewsWorld. “The company could kick off the service after inking agreements with game developers, but like Netflix, over time it could also develop its own unique games and deliver them with the service platform.”

A subscription game offering could bolster services revenues significantly at a time when the company’s hardware sales appear to have plateaued, he added. “That should help calm investors and analysts who have helped drive the company’s stock price down.”

In 2018, consumer global spending on games was $129 billion, according to Piers Harding-Rolls, director at IHS Markit, a research, analysis and advisory firm headquartered in London.

“Games are very sticky, drive device usage, and are globally appreciated,” he told TechNewsWorld.

“For the leading tech companies, having a games service strategy is as important as having a video or music service strategy,” Harding-Rolls continued. “If Apple is confirmed to be working on a gaming service, it could help drive adoption of its devices, reduce churn, and also drive direct services revenue.”

John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.

Let’s block ads! (Why?)

Link to original source