Shared posts

04 Sep 20:08

★ Online Privacy Should Be Modeled on Real-World Privacy

by John Gruber

This new ad from Apple touting iPhone privacy protection is good, and genuinely funny. But what makes it funny — the premise is a series of people loudly sharing in the real world the sort of information that gets unknowingly tracked online — is actually the perfect analogy to help explain how the tracking industry — what ought to be considered the privacy theft industry — has grown into existence.

Consider the new ad-tracking privacy protection feature in iOS 14. The tracking industry, led by Facebook, is up in arms about it — apparently such that Apple might delay enforcing it for a few more months, according to this report today by Alex Heath for The Information (paywalled, alas — here’s MacRumors’s summary). Heath’s report closes thus:

Branch CEO Alex Austin, whose company specializes in measuring the effectiveness of ads in mobile apps, called Apple’s proposed change to IDFA “unworkable for the app ecosystem.”

“Apple’s move has gone too far, disproportionately disrupting a vibrant app ecosystem by throwing the baby out with the bathwater,” he told The Information.

The entitlement of these fuckers is just off the charts. They have zero right, none, to the tracking they’ve been getting away with. We, as a society, have implicitly accepted it because we never really noticed it. You, the user, have no way of seeing it happen. Our brains are naturally attuned to detect and viscerally reject, with outrage and alarm, real-world intrusions into our privacy. Real-world marketers could never get away with tracking us like online marketers do.

Imagine if you were out shopping, went into a drug store, examined a few bottles of sunscreen, but left the store without purchasing anything. And then immediately a stranger approached you with an offer for sunscreen. Such an encounter would trigger a fight or flight reaction — the needle on your innate creepometer would shoot right into the red. (Not to mention that if real-world tracking were like online tracking, you’d get the same creepy offer to buy sunscreen even if you just bought some. Tracking-based offers are both creepy, and, at times, annoyingly stupid.)

Or imagine if you found out that public billboards were taking photos of people who glance at them, logging those photos to a database, and using facial recognition to match them with photos taken at point-of-sale terminals in retail stores. That way, if, say, you were photographed looking at an ad for a soft drink, and later — hours, days, weeks — purchased that same soft drink, the billboard advertisement you glanced at hours, days, or weeks before could get “credit” for your purchase.

We wouldn’t tolerate it. But that’s basically how online ad tracking works.

The tracking industry is correct that iOS 14 users are going to overwhelmingly deny permission to track them. That’s not because Apple’s permission dialog is unnecessarily scaring them — it’s because Apple’s permission dialog is accurately explaining what is going on in plain language, and it is repulsive. Apple’s tracking permission dialog is something no sane person would agree to because this sort of tracking is something no sane person would agree to.

Just because there is now a multi-billion-dollar industry based on the abject betrayal of our privacy doesn’t mean the sociopaths who built it have any right whatsoever to continue getting away with it. They talk in circles but their argument boils down to entitlement: they think our privacy is theirs for the taking because they’ve been getting away with taking it without our knowledge, and it is valuable. No action Apple can take against the tracking industry is too strong.

07 Nov 19:40

Face Off: Will iPhone X and Face ID Revolutionize Biometric Security?

by Rob Henderson

Every September, I find myself glued to a monitor for Apple’s yearly presentation to unveil the newest iPhone. Call me whatever you’d like; fanboy, diehard or sucker, I enjoy seeing the latest and greatest from the tech giant.

Some years, updates to the iPhone are things I feel I can live without. Better cameras, faster speeds and flashy new colors are features that I usually feel don’t warrant an upgrade all on their own. However, this year’s announcement of the iPhone X had me wanting a new phone like never before. Today I’ll be discussing what I think is the standout feature of the new iPhone and why I think it’s going to revolutionize biometric security on devices.

Defining Mobile Phones

In 2007, Apple revolutionized the mobile phone and changed the entire industry forever with the original iPhone. It was expensive, tied to a single network and a complete walled garden when it came to software and hardware. However, it would set the standard for mobile phones for the next decade.

Opponents of the iPhone were around even before the phone had been announced and that trend continues to this day. Whether it’s dislike for the device or the company itself, there’s never a shortage of people pointing out what they dislike about the new iPhone or which device had the same technology before Apple.

I’m not arguing that the iPhone or any of its features have been the first of their kind, but I will say that once a feature or change comes to the iPhone, it tends to become the mainstream in the industry. A great example of this is all the hate that Apple weathered after removing the headphone jack to make space for other components, starting with the iPhone 7.

Courage

As soon as the iPhone 7 was announced, people were crying from the rooftops that removing the headphone jack was the worst thing for a phone manufacturer to do. With one fell swoop, Apple had taken away the ability for a user to plug in any device with the ubiquitous 1/8” jack. Not only that, but Apple’s Head of Marketing Phil Schiller was endlessly ridiculed for stating their reason for removing the headphone jack was “courage.”

They’re features that are here to stay, like it or not.

However, I’d like to draw your attention to the announcement and launch of a brand new phone this year by one of Apple’s competitors, Google. The Pixel 2 was announced in early October and everyone was a bit taken aback by a design choice Google made for their newest device. You guessed it, they removed the headphone jack.

My point with this example is to illustrate something that happens with Apple products. Occasionally, Apple will remove or add features that may seem counter intuitive at the time. Sometimes these features seem like a great idea and sometimes they’re a head scratcher. (Like a single USB-C port on a “Pro” laptop.) However, more often than not, they’re features that are here to stay, like it or not. That brings me to one of the more controversial features of the new iPhone X, Face ID.

Face ID

Image Courtesy of Apple

Beginning with the iPhone 5S, Apple introduced us to Touch ID, a biometric security feature that allowed a user’s fingerprint to unlock the phone. Many users, myself included, didn’t lock their iPhones prior to the introduction of Touch ID. I considered it too much of a time waste to swipe my lock screen and enter a passcode to unlock my phone. However, with Touch ID, I only had to put my thumb on the home button to unlock the device.

Over the next few years, users began storing more and more important information on their phones and protecting that information using Touch ID. In fact, it was now considered odd to not lock your phone, especially with how easy Touch ID was to use. It definitely wasn’t as fast as just swiping your lock screen with no password, but it was what I considered an acceptable delay to keep my information private.

The announcement of the iPhone X saw the complete removal of the Home Button and the dawn of Apple’s newest biometric security feature, Face ID. No longer do you need to rest your finger on a button to open your phone, you can just raise the phone to your face and swipe up. Apple’s keynote announcement wasn’t even finished before articles and comments were being published citing security concerns with this new technology. After all, other companies had tried facial recognition technology before, with mostly poor results.

However, unlike some of the skeptics, I was extremely excited for Face ID; especially after I did some digging into how the technology actually worked.

The Secure Enclave

One of the most popular arguments you’ll hear against facial recognition technology is not wanting to provide facial data to a device, or more specifically to the company behind that device. Strapping on our medium-sized tin foil hats for just a second, it would be easy to see how uploading thousands of images including your face could allow a company or government to build a substantial facial recognition database. Might make you think twice before uploading that cute snapchat selfie next time.

However, Apple runs their authentication a bit differently using what they call the Secure Enclave. Without getting too technical, this security feature means that the authentication is all performed on the device itself and that no information is sent to a server. So what this means is that when your new iPhone X is scanning your face to unlock the device or authenticate a payment, the information is being encrypted and transmitted to and from the processor directly on the device.

Now, all of this is predicated on the belief that Apple isn’t secretly uploading this information through some sort of backdoor. However, Apple’s had a pretty good track record when it comes to security, including their recent refusal to create a master key for iOS devices.

From A Touch to A Look

With Touch ID, Apple’s statistics showed that there was a 1 in 50,000 chance that someone other than you could unlock your device using Touch ID. That means their information showed that 1 in 50,000 people had a fingerprint enough like yours to “fool” the device into thinking it was you. That might sound like a pretty small chance, but with almost 7 billion people on Earth, that means 140,000 people could potentially unlock your phone.

Face ID improves that number dramatically, with only 1 in 1,000,000 people having a face similar enough to yours to unlock the phone using Face ID. That drops that 140,000 people down to 7,000. However, there’s a specific case where the odds of one of those 7,000 people being around you grows and that’s twins. Multiple tests have shown that identical twins may be able to unlock an iPhone with Face ID and it’s even something that Apple mentioned in their keynote. So if you’re a twin, you may want to consider just using a numerical passcode.

TrueDepth and Attention Detection

Image Courtesy of Apple

Face ID doesn’t work like many think it would, in that it doesn’t just simply take a photo of your face to authenticate. The infrared TrueDepth Camera system uses a dot projector to display a grid of thousands of dots onto your face and based on the pattern of the dots, the system can mathematically calculate whether or not it’s you or someone else. In addition to being a super cool way of mapping your face, it also means that the phone can authenticate you no matter what the lighting conditions are, or whether there’s light at all.

This means that simply holding up a photo of your face won’t fool the system into unlocking. In fact, Apple even claims to have done testing with some of the best Hollywood mask makers to produce 3D masks of people’s faces. In the end, the phone was still able to determine that it was a fake.

In addition to the TrueDepth system, Apple has also provided a feature called Attention Awareness. This simply means that if you’re not looking directly at the phone when it’s authenticating, it won’t unlock. So you can sleep soundly, knowing that someone can’t simply point your phone at your face while you’re snoring away and gain access to your device. This feature can be disabled however, meaning the phone will unlock simply upon recognizing your face.

Face ID in Practice

So now that we’ve got an understanding of the security of Face ID, let’s talk about the actual use of it. I’ve had my iPhone X for almost 72 hours now and I couldn’t be more impressed with Face ID as a technology. Now that I have the feature, I can’t imagine using an iPhone without it. There are a number of subtle things you notice when using Face ID and the first one is how unobtrusive it is.

It’s a complete game changer in not only privacy, but speed and efficiency.

Several features, when paired with Face ID, make unlocking the iPhone X a speedy and intuitive task. With Raise to Wake, the phone’s screen turns on whenever the motion processor senses you’ve raised the phone up. From there, you can swipe up on the lock screen to indicate to the phone you’d like to unlock the phone.

However, before you’ve even swiped, Face ID has already begun the authentication process and I’ve found that unless I’m specifically trying to beat it, my swipe usually comes after Face ID has already unlocked.

One of the best things about Face ID is what happens if you don’t swipe the lock screen at all. By default with the iPhone X, the contents of notifications are hidden. Rather than the standard method of showing you the app name and then a small amount of content from the notification, the phone simply shows you the app name and “Notification” underneath. However, after raising the phone and allowing Face ID to recognize you, the notifications are unhidden and displayed to you. This sounds simple but it’s a complete game changer in not only privacy, but speed and efficiency.

With older iPhones, 3D touching a notification like a text message would allow you to respond right from the lock screen, but it would require you to place your finger on the home button to authenticate. I found it faster most of the time to just unlock the phone and open the messages app to respond. However, now that you’re not having to put your finger on a scanner, dealing with notifications right from the lock screen is extremely fast.

I’ve found that Face ID is a great feature because it requires less action on my part and makes the iPhone experience much more seamless than previous versions. For instance, using the password manger 1Password with Face ID is a breeze because I don’t need to break concentration and use a Touch ID sensor. I can simply open the app and wait for Face ID to authenticate, then complete my search for the information I need.

The other great thing is how accurate Face ID is. I’ve had only a handful of times when it’s failed to recognize me on the first try and that’s usually been me testing different angles or sunglasses. One downside to the infrared TrueDepth camera is that it’s only compatible with certain sunglasses. My beloved Ray Ban Wayfarers unfortunately don’t allow the sensor to see if my eyes are open. However, the Gatorz Wraptors I have work just fine. I actually think we’ll start to see sunglass companies printing “Works with Face ID” in the near future.

Conclusion

As I mentioned above, Apple has a habit of introducing a feature and fully committing to it. I think Face ID is the next step in biometric security and I think Apple is fully invested in it, so I wouldn’t hold out hope on Touch ID making a return in the future. Honestly at this point, I wouldn’t want to go back to Touch ID anyway.

While this article focused heavily on the Face ID feature of the iPhone X, there are a ton of other features that make this iPhone such a great device. Things like the OLED screen spanning almost the entire device, as well as the “wireless” charging. (It’s actually inductive, but it’s still super cool.) If you’re on the fence about picking one up, I’d highly recommend it.

The post Face Off: Will iPhone X and Face ID Revolutionize Biometric Security? appeared first on ITS Tactical.

21 Mar 22:51

Creating objective rules for spending

by Ellen Cannon

This guest post is from Mr. F, an Australian reader in his mid-20s who works for the government.

We’re often told to “spend money on what’s important,” “spend according to your values” or “spend on whatever takes up most of your time.” So, for example, you should spend money when it comes to things like education, or family, or on a mattress.

That’s a good guide, but in day-to-day situations you often have to make a number of smaller decisions about when and where to spend money, and it’s not entirely clear how you should be applying these guidelines. Even when you set aside money for specific categories, there’s always an implicit choice to be made – should I spend the money now, or should I wait until later in the week/month/year to exhaust this budget item?

For example, let’s say you’re an avid computer gamer, and you see a game or two on sale. You weren’t really looking to buy the games now, but it would be nice to have them, and you would definitely play them and get hours of entertainment out of them. What should you do? In a lot of situations, you could justify either decision. If gaming is important to you and you would use the games, then a strong case can be made for making the purchase, especially if they’re only on sale for a short while. On the other hand, it’s not a strict need (nor even a strict want!), and you may want to spend the money you have set aside for entertainment on other things. Importantly, you want to make sure the decision you make is being made for the right reasons and not just because you kind of happen to be in the mood to splash out, or not.

In other words, you need some sort of objective standard.

Creating objective rules

Anyone who’s done performance reviews or project management will no doubt have come across “S.M.A.R.T. goals” (specific, measurable, attainable, relevant, timely). The point is to create clear goals for individuals that can be assessed in an objective fashion. So instead of the goal being “get better at sales,” the goal is “improve sales numbers by 10 percent in the next financial year.”

A similar philosophy can be used in developing personal finance rules:

Specific/Measurable These two are closely related. You want to create rules that have clear criteria that can be objectively measured. This usually means having a numerical basis for the rules. For example, you can only get take-out once a week. A good way to know if you have an objectively measurable rule is to ask yourself if someone else could look at your spending, and easily work out whether it complied with the rule or not.

Attainable There are really two concepts bundled up in this word. The first is that the rules you set have to be rules that you will be able to follow. There’s no point setting incredibly harsh rules for yourself that you’ll either be unable to follow or will follow but will be miserable doing so.

The second concept, which is related to the first, is that to some extent there has to be some flexibility. The reality is that we are all human. We have finite willpower, we have changing desires and some days we just don’t feel up to the task of being frugal.

Now, I understand that this may seem like it conflicts with the idea of making specific/measurable rules, but ultimately it’s about striking a balance. For example, you might restrict yourself to buying clothes only when they cost less than $50, but perhaps once a month you are allowed to splash out on an item above this mark. These little indulgences are important and in fact go a long way to helping you stick to your rules.

Relevant This is really about explaining why you make the rule. You want the rule to be a manifestation of your overall personal finance philosophy. As you formulate your rule, you should think about whether it aligns with your broader finance goals.

Timely This is perhaps the least applicable, but I still think it has some relevance. I think a good rule is one that is time-based, partly because it adds discipline but also because it makes it easier for you to “reset” if things go wrong.

I’ve found these kinds of rules give me a good basis for measuring my decisions, and not getting caught in a situation where I try to retrospectively justify my actions. It also helps me avoid feeling guilty about spending money, or indeed, feeling overly cheap when I elect not to spend money.

I’ve already decided what’s important to me, and I’ve determined an objective standard for what constitutes sensible spending in advance. This means I can spend (or not) confident in the knowledge that I’m not being profligate (or cheap), and that I won’t regret it later.

Some of my rules in practice

I use this to simplify a lot of decisions I make. For example, I usually take lunch from home; sometimes I make things specifically for lunch, other times I’ll take leftovers. However I do enjoy eating different things, and lunches are a good way to meet up with friends who also work, so I allow myself one or occasionally two days per week where I’ll buy lunch. I’ve actually ended up creating a set of rules that guide my decision-making over lunch:

  • If I buy lunch twice, at least one of them has to be a cheaper option (wherever possible).
  • If I have bought lunch already in the week (or am planning to buy lunch later), I have to take leftovers whenever they are available.
  • If it gets to Friday and I haven’t bought lunch, and there are leftovers on Thursday night, I can elect to buy lunch on Friday if I want.

These allow me to spend according to my overarching principles, but they also give me flexibility to adapt to the uncertainties of life. Perhaps most importantly, they’re not so draconian that I can’t follow them: I’ve got the option if I’m busy or having a tough week to buy lunch more often, but if things are going well and I’m up for it, then sometimes I will go the whole week without buying lunch.

Another tough one I’ve found is going out in the evenings to meet friends. I think we can all agree that seeing our friends and family is an important priority and worthy of spending money on, but it can get out of control. Of course you can suggest a DVD night instead of going to the movies, or a potluck instead of going out to a restaurant, but if everyone’s working and has a busy life, sometimes it’s just not viable. So, inevitably you’ll end up in the city, meeting people for dinner, drinks, movies, shows, etc.

The rule I apply is that if multiple events are planned, and one of them includes a meal (say, catching dinner and then going for drinks), I try to substitute the meal by eating at home instead. For example, the other night I was going to a friend’s house to play cards, and since a number of us worked in the city, they made plans to get dinner and maybe a beer after work, and then drive out to my friend’s place. This represented an easy decision: While I wanted to see the guys and catch up, I knew I would be doing that anyway later than night. If I went out beforehand I’d easily end up spending $30-$40 on dinner and drinks.

Returning, then, to the computer game example, I’ve found that, on a dollars-per-hour basis, computer games are one of the cheapest ways to entertain yourself (for comparison, just think about how many hours of entertainment you get from a $20 movie ticket). As a result, I allow myself to buy games that are well-reviewed or look like they’ll be of interest to me, if I see them on sale. Alternatively, if I hear/read about a game, or there is a new game coming out that I want, I can only buy it if I can find it on sale, or if I can find it cheaper than what I can get it for on Steam (eBay is usually a good source of games, especially second-hand games). This means I only buy games when they are cheap, and I force myself to look for cheaper options to buy newer games.

Making your own rules

In my mind, things like “spend money on what’s important” or “spend according to your values” represent the Why, whereas the concrete rules above represent the How. If you really want to put your spending philosophy into practice, you need to sit down and think about some concrete rules. It makes life a lot easier in the long run. What are some of your rules?

Reminder: This is a post from one of your fellow readers. Please be nice. It can be scary to put your story out in public for the first time. Remember that this guest author isn’t a professional writer, and is just learning about money like you are. Unduly nasty comments will be removed.