LastPass Free is changing and users aren’t going to be happy

Here’s what you need to know

LastPass is making some changes to LastPass Free that will most likely piss-off users who rely on LastPass as their primary password manager. The big difference is that LastPass Free users will have to choose between mobile or desktop for their unlimited device access, rather than getting the system on both.

Here’s What’s Changing

We’re making changes to how Free users access LastPass across device types. LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type.

Also

In addition to this change, as of May 17th, 2021, email support will only be available for Premium and Families customers. LastPass Free users will always have access to our Support Center which has a robust library of self-help resources available 24/7 plus access to our LastPass Community, which is actively monitored by LastPass specialists. 

After March 16th, if you want to use LastPass on desktop and mobile you’ll need a Premium account. With this change, you may want to look into a different password manager. Bitwarden offers a Free account that you might want to consider.

Here are the instructions on how to export your vault from LastPass and import it to Bitwarden.

Google apps will stop certain tracking to avoid the iOS “Allow Tracking” prompt

With iOS 14, Apple is requiring app developers to tell users about and have them opt-in to tracking. Google today announced that “when Apple’s policy goes into effect, it will no longer use information (such as IDFA) that falls under ATT for the handful of our iOS apps that currently use it for advertising purposes. As such, we will not show the ATT prompt on those apps, in line with Apple’s guidance.”

I don’t use Google’s apps but for those of you who do this should be a welcome change.

Firefox 85 adds supercookie protection. What about Safari?

In technology news today Mozilla announced that it has added built-in protection from supercookies to Firefox 85. “Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies,” Mozilla explains in a blog post. “By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next.”

With Safari being my main browser and Firefox being secondary I wondered if Safari might have the same protection from supercookie tracking? To my surprise, it does and has since 2018.

“Quietly and without fanfare Apple has rolled out a change to its Safari browser that munches one of the web’s most advanced “super cookies” into crumbs.” Apple burns the HSTS super cookie WebKit blog: Protecting Against HSTS Abuse

What I’ve read recently – December 18, 2020

Each week I post links to a few articles that I’ve read and found deserving of sharing.

Links

My Hunt for the Original McDonald’s French-Fry Recipe | Atlas Obscura

This is a fun read especially if you’re old enough to have eaten the original McDonald’s French-Fry as I did.

From Julia Child to Paul Bocuse to James Beard, some of the biggest names in food history are also people who have professed their love for the same french fry—a french fry that, in no exaggerated manner, birthed an empire. A french fry that no one has eaten in more than 30 years.

McDonald’s original french fries were cooked in beef tallow. For that fact, they were bullied out of production by a well-funded, well-intentioned businessman and self-proclaimed health advocate named Phil Sokolof, who unknowingly dethroned what many fans claim was the greatest french fry to ever meet mass production. “The french fries were very good,” Child said in a 1995 interview, “and then the nutritionists got at them … and they’ve been limp ever since … I’m always very strong about criticizing them, hoping maybe they’ll change.”

Why use a HIPAA-compliant password manager

Bitwarden is officially HIPAA-compliant, after receiving a HIPAA Security Rule Assessment Report from AuditOne in December 2020. This acknowledgement adds to our other notable regulatory compliance including GDPR, CCPA, SOC 2, SOC 3, and Privacy Shield.

iOS 14 users report missing notifications from Messages app – 9to5Mac

A bug resulting in missing text message notifications is continuing to affect iPhone users with iOS 14. While the issue appeared to at first to be exclusive to the iPhone 12 series, it appears to be affecting nearly any iPhone model running iOS 14 — and the early signs are that iOS 14.3 doesn’t fix the problem either.

Anti-tracking rules will be enforced, Federighi warns developers – 9to5Mac

Apple’s software engineering SVP Craig Federighi has warned that developers must follow the company’s anti-tracking rules, or else their apps will be removed from the App Store…

The new App Tracking Transparency rules were initially meant to be part of iOS 14, but were delayed after protests by Facebook and advertisers. They are now expected to come into force during the summer, at which point apps will have to display a privacy pop-up asking permission to enable ad-tracking.

Federighi issued the warning in uncompromising terms during an interview with the British newspaper the Telegraph.

Apple launches recall program for iPhone 11 display with touch issues – 9to5Mac

Apple today announced another Replacement Program, this time for iPhone 11. According to the company, some iPhone 11 users are experiencing problems in which the display stops responding to touch.

Ecosia now a default search engine option on iOS, iPadOS, macOS | AppleInsider

Ecosia is a search engine that promotes privacy first and plants trees around the world, and with Mondays updates, it is now available as a default search engine setting on iOS, iPadOS, and macOS.

Cloudflare and Apple design a new privacy-friendly internet protocol – TechCrunch

Engineers at Cloudflare and Apple say they’ve developed a new internet protocol that will shore up one of the biggest holes in internet privacy that many don’t know even exists. Dubbed Oblivious DNS-over-HTTPS, or ODoH for short, the new protocol makes it far more difficult for internet providers to know which websites you visit.

Epic and Apple

I’m guessing you’re aware of what’s going on between Epic and Apple. It’s been the big story in tech news for a few weeks. Yesterday Apple terminated Epic’s App Store account, as threatened, following a legal dispute between the companies. This is headed for the courts and is going to be playing out over the next several months.

I’m enjoying watching this battle. Its two big tech companies fighting it out over a lot of money. I do tend to side with Apple on this because of the brazen and calculating way Epic has brought this on them self.

The Apple pundits have differing opinions on who’s right or wrong but I like Jason Snell and David Sparks take on this kerfuffle.

Jason Snell:
Epic versus Apple? I’m rooting for the users

The thing is, I don’t really back all the actions of either party in this kerfuffle. Instead, I’m squarely on the side of the people who use technology. Let’s leave aside the tech giants. What are the outcomes that would most benefit regular users?

So who am I rooting for in this case? I’m hoping that the judges, along with the legislators and regulators, don’t get distracted by the sight of two large, profitable companies squabbling in court and lose sight of the most important party in this case—the people who use these products every day.

David Sparks:
Apple’s Troubles and MacSparky Coverage — MacSparky

Lately, Apple has been dealing with several percolating problems. Governments, at home and abroad, are interested in their business practices. Troubles between the United States and China are now threatening Apple’s business in one of its biggest markets. Big and small developers are now finding ways to exert pressure against the existing App Store model.

I have had several readers/listeners write in asking me to cover these topics more, but to be honest, I’m just not that interested.

I am much more concerned about all of the families that have lost loved ones and all of the people out of work due to this pandemic than the troubles of a $2 trillion company.

Sling TV holding prices while YouTube TV raises prices

Yesterday I was reading M.G. Siegler’s article about YouTube TV’s June 30th, 2020 30% price increase. He also speaks to how streaming tv is becoming bundled just like cable tv.

Coincidentally, that same day I got an email from Sling TV telling its users that our price is not going up and that our current price is guaranteed for the next 12 months. After reading Siegler’s article that was good news because I figured Sling might follow in the footsteps of YouTube TV.

If you’re not happy with YouTube TV’s price increase you might want to take a look at Sling. They’re offering:

Year Price Guarantee for all new and existing customers. For customers who sign up for SLING TV or who have an existing account by August, 1, 2020 SLING TV will automatically guarantee their current price on any SLING TV service through August 1, 2021 (that’s just $30 per month for SLING Orange or SLING Blue).

My thoughts on Apple & Google’s COVID-19 contact tracing

From what I’ve read Apple and Google’s COVID-19 contact tracing seems like a good idea and one that I’ll most likely use. It appears to be the best technological solution to date for governmental authorities to partially lift the lockdown orders that are currently in place. That said I do have privacy concerns.

According to the Verge, this is how we’ll use the tracking tool. “Google and Apple are using Bluetooth LE signals for contact tracing. When two people are near each other, their phones can exchange an anonymous identification key, recording that they’ve had close contact. If one person is later diagnosed with COVID-19, they can share that information through an app. The system will notify other users they’ve been close to, so those people can self-quarantine if necessary. Ideally, this means you won’t have to reveal your name, location, or other personal data.”

Apple and Google stress that “user privacy and security is central to the design”. So here’s the best explanation as to how privacy will be protected that I’ve found.

Ars Technica

But while mobile-based contact tracing may be more effective, it also poses a serious threat to individual privacy, since it opens the door to central databases that track the movements and social interactions of potentially millions, and possibly billions, of people. The platform Apple and Google are developing uses an innovative cryptographic scheme that aims to allow the contact tracing to work as scale without posing a risk to the privacy of those who opt into the system.

Privacy advocates—with at least one notable exception—mostly gave the system a qualified approval, saying that while the scheme removed some of the most immediate threats, it may still be open to abuse.

“To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement,” Jennifer Granick, surveillance and cybersecurity counsel for the American Civil Liberties Union, wrote in a statement. “We will remain vigilant moving forward to make sure any contact tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”

Unlike traditional contact tracing, the phone platform doesn’t collect names, locations, or other identifying information. Instead, when two or more users opting into the system come into physical contact, their phones use BLE to swap anonymous identifier beacons. The identifiers—which in technical jargon are known as rolling proximity identifiers—change roughly every 15 minutes to prevent wireless tracking of a device.

As the users move about and come into proximity with others, their phones continue to exchange these anonymous identifiers. Periodically, the users’ devices will also download broadcast beacon identifiers of anyone who has tested positive for COVID-19 and has been in the same local region.

In the event someone reports to the system that she has tested positive, her phone will contact a central server and upload identifiers of all the users she has come into contact with over the last 14 days. The server then pushes a notification to the affected users.

Web Finds for October 2, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

Apple, Firefox tools aim to thwart Facebook, Google tracking
New protections in Apple’s Safari and Mozilla’s Firefox browsers aim to prevent companies from turning “cookie” data files used to store sign-in details and preferences into broader trackers that take note of what you read, watch and research on other sites.
Via AP News

National Cybersecurity Awareness Month: Cybersecurity at Home | US-CERT
October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities.

NCCIC encourages users and administrators to review NCSA’s guidance for online safety basicsand the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for additional information.
Via US-Cert

How to Delete Your Facebook Account: A Checklist
Here’s a guide on how to delete your Facebook account.
Via lifehacker

Previous Web Finds are here.

Facebook gets hacked again. 50 Million users personal information put at risk.

I’m sure you’ve already read or heard about the latest Facebook hack involving the personal information of at least 50 million users. The hack was revealed in a Facebook blog post yesterday. If you haven’t here are the details.

Mike Isaac and Sheera Frenkel, writing for the New York Times

Facebook, already facing scrutiny over how it handles the private information of its users, said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users.

According to TechCrunch, Instagram and other third-party sites that use Facebook Login may not be out of the woods either.

In a follow-up call on Friday’s revelation that Facebook has suffered a security breach affecting at least 50 million accounts, the company clarified that Instagram users were not out of the woods — nor were any other third-party services that utilized Facebook Login. Facebook Login is the tool that allows users to sign in with a Facebook account instead of traditional login credentials and many users choose it as a convenient way to sign into a variety of apps and services.

As I’ve written before, now is a good time to delete your Facebook account. Between getting hacked and selling your personal data for advertising purposes Zuckerberg and his gang just can’t be trusted.

Facebook is using your 2FA phone number to target you with ads

Facebook has stooped to the lowest possible level. TechCrunch has exposed the fact that Facebook is using 2FA phone numbers to target users with ads. Zuckerberg and his gang are taking the number users are using to additionally secure their accounts and using it for ad targeting.

Some months ago Facebook did say that users who were getting spammed with Facebook notifications to the number they provided for 2FA was a bug. “The last thing we want is for people to avoid helpful security features because they fear they will receive unrelated notifications,” Facebook then-CSO Alex Stamos wrote in a blog post at the time.

I guess the bug wasn’t a bug after all. Just another Facebook lie.

Facebook has confirmed it does in fact use phone numbers that users provided it for security purposes to also target them with ads.

Specifically a phone number handed over for two factor authentication (2FA) — a security technique that adds a second layer of authentication to help keep accounts secure.

Here’s the statement, attributed to a Facebook spokesperson: “We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.”

If you haven’t deleted your Facebook account yet now would be a good time to do so.