Chrome 97 lets you erase all data and information a website stored on your visit

I don’t use Chrome but I know a lot of Mac users do use Chrome or a Chromium-based browser. Chrome 97 released yesterday comes with a significant Security & Privacy improvement that I want to bring to your attention.

Joe Fedewa, writing at How-To Geek

Chrome 97 makes some changes to the Privacy and Security settings. You can now delete all the data stored by a website. Previously, you could only delete individual cookies. This new setting can be found at Settings > Security and Privacy > Site Settings > View Permissions and Data Stored Across Sites.

🖇 Verizon opting iPhone users into data collection and tracking

Andrew Paul, writing at Input

A new program innocuously titled the “Verizon Custom Experience” is sold to users as a way for the company to “personalize our communications with you, give you more relevant product and service recommendations, and develop plans, services and offers that are more appealing to you.” To accomplish this, all a Verizon subscriber needs to do is… allow the company access to all the websites you visit, apps you use, as well as see everyone you happen to call and text.

Well, okay, so that’s a bit misleading. You don’t “need” to allow access — Verizon already default granted it. You can manually go in and change a few settings to remedy the situation, though. Here’s how.

Emma Roth, writing at The Verge

In April, T-Mobile started automatically enrolling users in a program that shares your data with advertisers unless you manually opt-out from your privacy settings. On AT&T’s privacy center, the company says that it collects web and browsing information, along with the apps you use, and that you can manage these settings from AT&T’s site.

I checked my account settings in the Verizon mobile app and sure enough I was opted-in. This is total fucking bullshit!

Here’s how to opt-out:

Visit the My Verizon app, then click on Settings (the gear in the top-right corner)
Once logged in, scroll down to Manage Privacy settings.
Select the phone you want to update.
Toggle off “Custom Experience” and “Custom Experience Plus.”

Goodbye 1Password

I stopped using 1Password in July 2019 when it stopped working with Safari 13 in macOS Catalina. At that time, I tried Enpass but eventually settled on Bitwarden which I’ve been happily using since. I went Premium about a year ago.

Even though I switched to Bitwarden, I didn’t delete 1Password from my devices, thinking that if Bitwarden didn’t work out that I might want to switch back. I never found a reason to switch back, and I’m glad I didn’t because now with 1Password 8 standalone vaults will no longer be supported.

Since standalone vaults are no longer supported with 1Password 8 I didn’t see any reason to keep it installed on my Mac, iPhone, and iPad. If you’re searching for an alternative, I can highly recommend Bitwarden.

🔗 Link Post: Daring Fireball: Annotating Apple’s Anti-Sideloading White Paper

There are a lot of articles about allowing sideloading on iOS floating around. I have read several of them. I found John Gruber’s to be the most thoughtful and want I to share it with you.

Continue reading “🔗 Link Post: Daring Fireball: Annotating Apple’s Anti-Sideloading White Paper” →

I didn’t get my one wish for iPadOS 15

I had only one wish for iPadOS 15, and it was that I wanted the Files app to become a true Finder equivalent and that didn’t happen. What we did get were some big improvements to multitasking that I’m looking forward to. Jason Snell and Myke Hurley in Episode 356 of the Upgrade podcast give a good review of how the new multitasking features will work.

Here’s something else that I’m excited about. Apple announced some major new privacy features that will make using iPhone, iPad, and Mac more private.

Sara Morrison writing for Vox

Apple announced on Monday at its annual Worldwide Developers Conference (WWDC) that its upcoming iOS 15 update will give iPhone users even more insight and control over their own data. Among other updates, you’ll soon be able to see who your apps are sharing your data with; you’ll be able to stop trackers from detecting if and when you open emails; and you’ll be able to keep your internet activity more private.

PSA: What Is Amazon Sidewalk and Why Should I Disable It Before June 8?

Brendan Hesse writing for Lifehacker:

On June 8, Amazon will launch a new feature called Sidewalk that creates small, public internet networks powered by Echo smart speakers and Ring home security products in your neighborhood. Yes, including yours—unless you disable the setting, which is turned on by default. That means if you don’t want your devices included in this particular tech experiment, you only have a week left to opt out.

Many of Apple’s privacy labels are false

I have to say this is disappointing to read. According to a Washington Post article, Apple’s big privacy product is built on a shaky foundation: the honor system. In tiny print on the detail page of each app label, Apple says, “This information has not been verified by Apple.”

Shame on the developers for lying, and double shame on Apple for not verifying.

I checked Apple’s new privacy ‘nutrition labels.’ Many were false.

You can trust Apple … right?

You go to your iPhone’s App Store to download a game. Under a new “App Privacy” label added last month, there’s a blue check mark, signaling that the app won’t share a lick of your data. It says: “Data not collected.”

Not necessarily. I downloaded a de-stressing app called the Satisfying Slime Simulator that gets the App Store’s highest-level label for privacy. It turned out to be the wrong kind of slimy, covertly sending information — including a way to track my iPhone — to Facebook, Google and other companies. Behind the scenes, apps can be data vampires, probing our phones to help target ads or sell information about us to data firms and even governments.

Google apps will stop certain tracking to avoid the iOS “Allow Tracking” prompt

With iOS 14, Apple is requiring app developers to tell users about and have them opt-in to tracking. Google today announced that “when Apple’s policy goes into effect, it will no longer use information (such as IDFA) that falls under ATT for the handful of our iOS apps that currently use it for advertising purposes. As such, we will not show the ATT prompt on those apps, in line with Apple’s guidance.”

I don’t use Google’s apps but for those of you who do this should be a welcome change.

Firefox 85 adds supercookie protection. What about Safari?

In technology news today Mozilla announced that it has added built-in protection from supercookies to Firefox 85. “Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies,” Mozilla explains in a blog post. “By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next.”

With Safari being my main browser and Firefox being secondary I wondered if Safari might have the same protection from supercookie tracking? To my surprise, it does and has since 2018.

“Quietly and without fanfare Apple has rolled out a change to its Safari browser that munches one of the web’s most advanced “super cookies” into crumbs.” Apple burns the HSTS super cookie WebKit blog: Protecting Against HSTS Abuse

Apple doubles down on iOS App Tracking Transparency

According to Craig Federighi, The aim of ATT is “to empower our users to decide when or if they want to allow an app to track them in a way that could be shared across other companies’ apps or websites”.

With Apple requiring developers to share privacy details needed for the new privacy labels on December 8 iOS App Tracking Transparency (ATT) has made its way into the news again thanks to the hysteria of adtech and with particular criticism coming from Facebook-owned WhatsApp.

Apple has used a speech to European lawmakers and privacy regulators to come out jabbing at what SVP Craig Federighi described as dramatic, “outlandish” and “false” claims being made by the adtech industry over a forthcoming change to iOS that will give users the ability to decline app tracking.

It’s good to see Apple standing strong on ATT to protect the privacy of its users.

If you’re interested, here’s a link to Craig Federighi’s speech.

UPDATE: iOS 14 has Zuckerberg/Facebook running scared

I’ve been working on an article about the iOS 14 privacy feature that has Facebook and other advertisers running scared. Facebook acknowledged that Apple’s upcoming iOS 14 could lead to a more than 50% drop in its Audience Network advertising business. (Doesn’t that just break your heart)

Today to my disappointment, Apple is holding off on introducing the default feature until early next year to allow developers more time to make the necessary changes to their apps. I guess this makes everything I’ve written all for naught. Oh, well.

By the way, did you know that you can manually limit targeted advertising and reset your identifier? If you do this an app will still be able to access your IDFA but it makes it much harder to build a profile on you. I reset my identifier once a month.

The advertising identifier on an Apple device does not identify you personally, but it can be used by advertisers to create a profile about you. If it’s never reset, that profile increases in detail, allowing advertisers to target ads to you based on your Internet activity.

Encryption as we know it is in jeopardy

I wrote an article on Medium this afternoon and I want to share it with you. It’s about a law the United States Congress is considering that will ruin online privacy and security as we know it.

Here’s a link to the article:
America’s LAED Act encryption ban must be stopped

My thoughts on Apple & Google’s COVID-19 contact tracing

From what I’ve read Apple and Google’s COVID-19 contact tracing seems like a good idea and one that I’ll most likely use. It appears to be the best technological solution to date for governmental authorities to partially lift the lockdown orders that are currently in place. That said I do have privacy concerns.

According to the Verge, this is how we’ll use the tracking tool. “Google and Apple are using Bluetooth LE signals for contact tracing. When two people are near each other, their phones can exchange an anonymous identification key, recording that they’ve had close contact. If one person is later diagnosed with COVID-19, they can share that information through an app. The system will notify other users they’ve been close to, so those people can self-quarantine if necessary. Ideally, this means you won’t have to reveal your name, location, or other personal data.”

Apple and Google stress that “user privacy and security is central to the design”. So here’s the best explanation as to how privacy will be protected that I’ve found.

Ars Technica

But while mobile-based contact tracing may be more effective, it also poses a serious threat to individual privacy, since it opens the door to central databases that track the movements and social interactions of potentially millions, and possibly billions, of people. The platform Apple and Google are developing uses an innovative cryptographic scheme that aims to allow the contact tracing to work as scale without posing a risk to the privacy of those who opt into the system.
Privacy advocates—with at least one notable exception—mostly gave the system a qualified approval, saying that while the scheme removed some of the most immediate threats, it may still be open to abuse.
“To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement,” Jennifer Granick, surveillance and cybersecurity counsel for the American Civil Liberties Union, wrote in a statement. “We will remain vigilant moving forward to make sure any contact tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”
Unlike traditional contact tracing, the phone platform doesn’t collect names, locations, or other identifying information. Instead, when two or more users opting into the system come into physical contact, their phones use BLE to swap anonymous identifier beacons. The identifiers—which in technical jargon are known as rolling proximity identifiers—change roughly every 15 minutes to prevent wireless tracking of a device.
As the users move about and come into proximity with others, their phones continue to exchange these anonymous identifiers. Periodically, the users’ devices will also download broadcast beacon identifiers of anyone who has tested positive for COVID-19 and has been in the same local region.
In the event someone reports to the system that she has tested positive, her phone will contact a central server and upload identifiers of all the users she has come into contact with over the last 14 days. The server then pushes a notification to the affected users.

My choice for a Safari 13 content blocker on Mac

With Safari 13 my favorite Mac ad and tracker blocker uBlock Origin, along with a few other extensions, no longer work. Because of this, I have switched to Firefox as my main browser. That said there will still be times when I will want to use Safari and will want an ad and tracker blocker.

I tried Ghostery Lite but I had two issues with it. It doesn’t block YouTube ads and I didn’t like the way it handles space left behind by blocked ads.

For now, I’ve settled on Wipr. Wipr blocks all ads, trackers, cryptocurrency miners, EU cookie and GDPR notices, and other annoyances. I also switched to Wipr for Safari on my iPhone and iPad in place of BlockBear. BlockerBear was working fine but for consistency, I switched to Wipr.

Day One encryption

I have been using Day One for going on three years now. One concern I’ve had is that journals by default are encrypted but with Day One holding the encryption key. This means that someone at Day One might be able to access my journals. Journals with Standard encryption are also exposed to a data breach or security glitch. This has caused me to limit what I write in them.

Now, after reading Shawn Blanc’s ”Best Journaling App for iPhone, iPad, and Mac” on The Sweet Setup I’ve taken his advice and enabled End-to-end encryption for all my journals.

Shawn Blanc:

End-to-end encryption is not turned on by default for providing the best type of security for your journal entries, as users must maintain their encryption key at all times to unlock journals if necessary. As Day One’s FAQ puts it:

When using end-to-end encryption, it is essential you save your encryption key in a secure location. If you lose your key, you will not be able to decrypt the journal data stored in the Day One Cloud. You’ll need to restore your data from an unencrypted locally-stored backup.

We recommend turning on end-to-end encryption whenever you create a new journal to ensure your data is always kept safe and secure. Save your encryption key in an app like 1Password or a locked note inside Notes.app and never lose the key.

Now no one has access to my journals without the encryption key. I keep it in 1Password.

What you need to know about the tech giants Amazon, Facebook, Google, Microsoft, and Apple

I just finished reading Kashmir Hill’s series of articles Life Without the Tech Giants. Here’s what I learned. It’s impossible to get along without them even if we’re boycotting their apps. Amazon, Facebook, Google, Microsoft, and Apple dominate the internet in ways I never realized.

This should be required reading for everyone who uses the internet. It is an education in the way the internet operates and how dependent it is on these five companies.

This is a story of how, over six weeks, I cut them out of my own life and tried to prevent them from knowing about me or monetizing me in any way—not just by putting my iPhone in a drawer for a week or only buying local, but by really, truly blocking these companies from accessing me and vice versa. I wanted to find out how hard it would be—or if I could even do it—given that these tech giants dominate the internet in so many invisible ways that it’s hard to even know them all.

To keep my devices from talking to the big five’s servers, and vice versa, Dhruv a technologist built a custom virtual private network, or VPN, for me, through which I sent all my internet traffic. He then used the VPN to block my devices from being able to use the IP addresses owned by Amazon, Google, Facebook, Microsoft, and/or Apple, depending on the week.

Week 1 Kashmir blocks Amazon
I Tried to Block Amazon From My Life. It Was Impossible

After reading this, news broke that Amazon purchased Eero the WiFi router that I personally use. This had made a lot of people unhappy. They don’t want Amazon sniffing all their internet traffic. I think Zack Whittaker’s TechCrunch article What Amazon’s purchase of Eero means for your privacy frames how we should think about this perfectly.

Everyone seems to forget Amazon’s massive cloud business. Most of the internet these days runs on Amazon Web Services, the company’s dedicated cloud unit that made up all of the company’s operating income in 2017. It’s a cash cow and an infrastructure giant, and its retail prowess is just part of the company’s business.

Think you can escape Amazon? Just look at what happened when Gizmodo’s Kashmir Hill tried to cut out Amazon from her life. She found it “impossible.” Why? Everything seems to rely on Amazon these days — from Spotify and Netflix’s back-end, popular consumer and government websites use it, and many other major apps and services rely on Amazon’s cloud. She ended up blocking 23 million IP addresses controlled by Amazon, and still struggled..

Week 2 Kashmir blocks Facebook
I Cut Facebook Out of My Life. Surprisingly, I Missed It

Week 3 Kashmir blocks Google
I Cut Google Out Of My Life. It Screwed Up Everything

Week 4 Kashmir blocks Microsoft
I Cut Microsoft Out of My Life—or So I Thought

Week 5 Kashmir blocks Apple
I Cut Apple Out of My Life. It Was Devastating

Week 6 Kashmir blocks all 5
I Cut the ‘Big Five’ Tech Giants From My Life. It Was Hell

Additional reading by technologist Dhruv Mehrotra the person who built Kashmir’s custom VPN.
Want to Really Block the Tech Giants? Here’s How

Cloudflare’s 1.1.1.1 privacy-first DNS service is now available as an iOS app

I’ve been using Cloudflare’s 1.1.1.1 DNS service on my Mac since reading a post by Kirk McElhearn on the Intego Mac Security Blog about the service. The service was introduced April 1st of this year and is designed to be faster than traditional DNS services and more private which is what got my attention.

There are a number of things to explain here. First, DNS, or domain name system, is the system that acts like a sort of phone book on the Internet. Instead of having to remember a numerical IP address, such as 96.126.119.191, you can type intego.com to go to the Intego website. There is a huge directory that records the correspondence between these numerical addresses and domain names to facilitate Internet usage, and to make it easy to move a domain from one server to another.

Most people rely on the DNS server provided by their ISP or phone company. By default, your Macs and iOS devices look for this DNS server, which is either specified in your router, or in the server your iPhone connects to, in order to perform this address translation. But you don’t need to use this DNS server; you can use any one you want. In many cases, ISP’s DNS servers may not be the fastest ones, and this can have a big effect on your Internet usage. For example, if a web page is made up of multiple elements, that are not all hosted on the same server, your browser has to request these elements at a number of servers, and each different domain name requires a new request.

In addition, some ISPs may record the metadata of your Internet activity, or the requests you make: the websites you visit, the servers you connect to, and more.

Now, months after announcing its privacy-focused DNS service, Cloudflare is introducing an iOS app. Having had a good experience using 1.1.1.1 on my Macs I didn’t hesitate to install the iOS app on my iPhone and iPad. I’ve been running the app now for several days and it has been working great and definitely seems to be faster.

For instructions on setting up 1.1.1.1 on your Mac visit this page using your Mac and scroll down to Setup on Mac. For iOS, you can download the app from the App Store, or to set it up manually visit this page using your iOS device and scroll down to Setup on iOS.

Web Finds for October 26, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

Apple’s Privacy Website Updated to Reflect Latest Measures Taken in iOS 12 and macOS Mojave – Mac Rumors
Apple updated its privacy website to reflect the latest measures it has implemented in iOS 12 and macOS Mojave to protect customers.
Via MacRumors

How to Request a Copy of Your Apple ID Account Data – Mac Rumors
Apple now allows its customers to download a copy of their personally identifiable data from Apple apps and services. This can include purchase or app usage history, Apple Music and Game Center statistics, marketing history, AppleCare support history, and any data stored on Apple servers, including the likes of calendars, photos, and documents.
Via MacRumors

Apple News’s Radical Approach: Humans Over Machines – The New York Times
Via The New York Times

Here’s How the New UltraFICO Credit Score Will Work
The biggest shift in three decades is coming to how FICO credit scores are calculated next year.
Via lifehacker

Previous Web Finds are here.

Web Finds for October 2, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

Apple, Firefox tools aim to thwart Facebook, Google tracking
New protections in Apple’s Safari and Mozilla’s Firefox browsers aim to prevent companies from turning “cookie” data files used to store sign-in details and preferences into broader trackers that take note of what you read, watch and research on other sites.
Via AP News

National Cybersecurity Awareness Month: Cybersecurity at Home | US-CERT
October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities.

NCCIC encourages users and administrators to review NCSA’s guidance for online safety basicsand the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for additional information.
Via US-Cert

How to Delete Your Facebook Account: A Checklist
Here’s a guide on how to delete your Facebook account.
Via lifehacker

Previous Web Finds are here.

Facebook gets hacked again. 50 Million users personal information put at risk.

I’m sure you’ve already read or heard about the latest Facebook hack involving the personal information of at least 50 million users. The hack was revealed in a Facebook blog post yesterday. If you haven’t here are the details.

Mike Isaac and Sheera Frenkel, writing for the New York Times

Facebook, already facing scrutiny over how it handles the private information of its users, said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users.

According to TechCrunch, Instagram and other third-party sites that use Facebook Login may not be out of the woods either.

In a follow-up call on Friday’s revelation that Facebook has suffered a security breach affecting at least 50 million accounts, the company clarified that Instagram users were not out of the woods — nor were any other third-party services that utilized Facebook Login. Facebook Login is the tool that allows users to sign in with a Facebook account instead of traditional login credentials and many users choose it as a convenient way to sign into a variety of apps and services.

As I’ve written before, now is a good time to delete your Facebook account. Between getting hacked and selling your personal data for advertising purposes Zuckerberg and his gang just can’t be trusted.