No tracking, no revenue: Apple’s privacy feature costs ad companies millions

This is a testament to the effectiveness of Safari’s Intelligent Tracking Prevention (ITP) announced in June of 2017.

For Safari version 11 users, ITP prevents tracking as we move around the internet through the management of cookies, small pieces of code that allow advertising technology companies to continually identify us as we browse.

Apple takes user privacy seriously. That’s one of the reasons why I use their products.

Alex Hern, writing for theguardian

Internet advertising firms are losing hundreds of millions of dollars following the introduction of a new privacy feature from Apple that prevents users from being tracked around the web.

Advertising technology firm Criteo, one of the largest in the industry, says that the Intelligent Tracking Prevention (ITP) feature for Safari, which holds 15% of the global browser market, is likely to cut its 2018 revenue by more than a fifth compared to projections made before ITP was announced.

With annual revenue in 2016 topping $730m, the overall cost of the privacy feature on just one company is likely to be in the hundreds of millions of dollars.

Web Finds for January 4, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

FAQ: What to Know About Apple Slowing Down iPhones to Prevent Unexpected Shutdowns
By now, you’ve probably seen headlines about Apple slowing down your iPhone, but it’s not nearly as simple or corrupt as it sounds. In this Q&A, we’ve taken the time to explain exactly what’s going on.
Via MacRumors

Apple’s $29 iPhone battery replacements are available starting today
Those $29 battery out-of-warranty replacements Apple promised are now available for impacted users with an iPhone 6 or later. The company was initially aiming for a late-January timeframe in the States when it first offered up the discount, following blowback against its admission that it had slowed down older model phones to maximize performance.
Via TechCrunch

Ad targeters are pulling data from your browser’s password manager
Nearly every web browser now comes with a password manager tool, a lightweight version of the same service offered by plugins like LastPass and 1Password. But according to new research from Princeton’s Center for Information Technology Policy, those same managers are being exploited as a way to track users from site to site.
Via The Verge

Protect your family from inappropriate content on iOS
Over Christmas, I am sure many of you have purchased new iPhones, iPads, iPod touches, and Macs for family members (assuming they are on the “good list” this year). One of the things that you want to consider is how you are protecting your children from the not so nice parts of the internet. I’m going to give you some options below that I hope will help create a safe computing environment for your home.
Via The Sweet Setup

Previous Web Finds are here.

Facebook is bad for society and has too much power over its users and their privacy

Let me start by saying I’ve never had a Facebook account. So far I’ve gotten along fine without one.

Now, if you’re one of its 2 billion users, reading these 5 articles should cause you take pause and re-examine your relationship with Facebook?

Facebook is tracking your likes, clicks, check-ins, and picture posts. They track your movements around the internet via the almost always present like button. Any site you visit with that button sends information back to Facebook about your browsing activities as long as your logged in. And remember, their also buying information about you from outside data brokers to supplement the information they already have.

Here are the five articles every Facebook user should read.

1. Facebook’s first president, on Facebook: ‘God only knows what it’s doing to our children’s brains’

The Facebook founders purposefully created something addictive, the social network’s first president told Axios in an interview.

“God only knows what it’s doing to our children’s brains,” Sean Parker said in the interview published Thursday.

With each like and comment, Facebook is “exploiting” human psychology on purpose to keep users hooked on a “social-validation feedback loop,” Parker said, adding that it is “exactly the kind of thing that a hacker like myself would come up with.”

2. Former Facebook exec says social media is ripping apart society

Another former Facebook executive has spoken out about the harm the social network is doing to civil society around the world. Chamath Palihapitiya, who joined Facebook in 2007 and became its vice president for user growth, said he feels “tremendous guilt” about the company he helped make. “I think we have created tools that are ripping apart the social fabric of how society works,” he told an audience at Stanford Graduate School of Business, before recommending people take a “hard break” from social media.

3. You Are the Product

What this means is that even more than it is in the advertising business, Facebook is in the surveillance business. Facebook, in fact, is the biggest surveillance-based enterprise in the history of mankind. It knows far, far more about you than the most intrusive government has ever known about its citizens. It’s amazing that people haven’t really understood this about the company. I’ve spent time thinking about Facebook, and the thing I keep coming back to is that its users don’t realise what it is the company does. What Facebook does is watch you, and then use what it knows about you and your behaviour to sell ads. I’m not sure there has ever been a more complete disconnect between what a company says it does – ‘connect’, ‘build communities’ – and the commercial reality. Note that the company’s knowledge about its users isn’t used merely to target ads but to shape the flow of news to them. Since there is so much content posted on the site, the algorithms used to filter and direct that content are the thing that determines what you see: people think their news feed is largely to do with their friends and interests, and it sort of is, with the crucial proviso that it is their friends and interests as mediated by the commercial interests of Facebook. Your eyes are directed towards the place where they are most valuable for Facebook.

4. How Facebook Figures Out Everyone You’ve Ever Met

More creepiness from Facebook.

You might assume Facebook’s friend recommendations would work the same way: You tell the social network who you are, and it tells you who you might know in the online world. But Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes:

5. Opinion | We Can’t Trust Facebook to Regulate Itself

As the world contemplates what to do about Facebook in the wake of its role in Russia’s election meddling, it must consider this history. Lawmakers shouldn’t allow Facebook to regulate itself. Because it won’t.

Facebook knows what you look like, your location, who your friends are, your interests, if you’re in a relationship or not, and what other pages you look at on the web.

The more data it has on offer, the more value it creates for advertisers. That means it has no incentive to police the collection or use of that data — except when negative press or regulators are involved. Facebook is free to do almost whatever it wants with your personal information, and has no reason to put safeguards in place.

PSA: Granting iPhone camera permissions allows apps to secretly take pictures and videos without you knowing

There’s been some buzz this week about a potential privacy issue with apps that you’ve granted access to your iPhone’s camera. They can take pictures and videos without you knowing. This is a privacy loophole discovered by security researcher Felix Krause.

You can read Krause’s technical paper here. Motherboard broke the story which you can read here.

Whenever you give iPhone apps permission to access your camera, the app can surreptitiously take pictures and videos of you as long as the app is in the foreground, a security researcher warned on Wednesday.

​What this means is that even if you don’t see the camera “open” in the form of an on-screen viewfinder, an app can still take photos and videos. It is unknown how many apps currently do this, but Krause created a test app as a proof-of-concept.

Again, this is not a bug or something you should be too worried about. But it’s good to be aware of how much power you’re giving apps when you grant them access to your iPhone’s cameras.

After reading this, I went into my iPhone’s Privacy settings to see what apps I’d granted access to my camera. It turns out I’ve only granted access to 3 which are apps I trust. With this information in mind, you may want to do the same. You’ll want to remove access to apps that don’t need access to your camera or that you don’t trust.

Equifax breach caused by failure to patch two-month-old bug

Negligence! If they would have patched their server(s) the day the patch was released this would have never happened.

This is inexcusable! Heads should roll. Maybe it’s time some people go to jail for this kind of sh^t.

Dan Goodin, writing for Ars Technica 9/13/2017, 8:12 PM

We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.

The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.

Up to now, Equifax has said only that criminals exploited an unspecified application vulnerability on its US site to gain access to certain files. Now, we know that the flaw was in Apache Struts and had been fixed months before the breach occurred.

Wading Through AccuWeather’s Bullshit Response

The other day a security researcher found that AccuWeather’s iOS app sends private location data without user’s permission to a Reveal Mobile a firm that monetizes user location information.

John Gruber has further investigated the story. You can read John’s post here.

John Gruber, writing on Daring Fireball

The accusation comes from Will Strafach, a respected security researcher who discovered the “actual information” by observing network traffic. He saw the AccuWeather iOS app sending his router’s name and MAC address to Reveal Mobile. This isn’t speculation. They were caught red-handed — go ahead and read Strafach’s original report.

I use the default iOS weather app so I’m sure it’s not doing the same thing. If you’re using AccuWeather delete it now.

iOS 11 has a way to quickly disable Touch ID and require a passcode

As reported, last week, by The Verge iOS 11 has a way to quickly and discreetly disable Touch ID.

According to The Verge:

Apple is adding an easy way to quickly disable Touch ID in iOS 11. A new setting, designed to automate emergency services calls, lets iPhone users tap the power button quickly five times to call 911. This doesn’t automatically dial the emergency services by default, but it brings up the option to and also temporarily disables Touch ID until you enter a passcode. Twitter users discovered the new option in the iOS 11 public beta, and The Verge has verified it works as intended.

This is a handy feature because it allows Touch ID to be disabled in circumstances where someone might be able to force a phone to be unlocked with a fingerprint. With Touch ID disabled in this way, there is no way to physically unlock an iPhone with Touch ID without the device’s passcode.

As a side note. Last week Mashable reported that according to a Virginia judge a cop can force you to unlock your phone with Touch id but not with a passcode.

As pointed out by John Gruber:

Until iOS 11 ships, it’s worth remembering that you’ve always been able to require your iPhone’s passcode to unlock it by powering it off. A freshly powered-on iPhone always requires the passcode to unlock.