Categories
computing mobile

Sign-in with Apple means privacy, security

At first sight sign-in with Apple looks like another attempt by a tech giant to collect user data.

It isn’t. Apple aims to reverse that data collection.

Facebook and Google offer single sign-in services. These are used to monitor people’s online activity.

Single sign-in reduces friction as you move around on-line sites that ask for a log-in. It speeds things up. That’s important in an impatient world.

Sign-in downsides

The downside is that Facebook and Google get to learn a lot more about account holder online activity.

You may view this as innocent, ominous or simply a tax paid to live in the digital world. You may not care.

Other downsides are greater security and privacy risks. In the past single sign-on services have been hacked.

Sign-in with Apple is different. It is more secure. There is built-in two-factor authentication support and anti-fraud detection.

You can use it to sign-in to websites. It also works with iOS apps. That way you know the apps you use are not sharing your private data with someone you may not trust.

Also, you choose if an app developer gets to see your email address. That’s optional.

If you choose not to share, Apple generates a disposable email address for that app. If, say, the app developer starts spamming you, you can kill the email address and lose nothing.

Sign-in with Apple works with Android phones and Windows computers, but you’ll get most from it if you have Apple hardware. It integrates with iOS and Apple Keychain. It also works with Apple TV and Apple Watch.

Sign-in with Apple stays private

There’s no lock-in. On the other hand, it might give privacy aware users who shop elsewhere another reason to consider Apple products.

Apple insists app developers using the App Store offer the service if they offer the Google or Facebook alternative. Otherwise it is optional.

At first I was wary of the idea. Now I’m keen. I’ve never used the Google or Facebook sign-ins and got used to doing things the slow, but more private, way. Now that’s unnecessary.

Of course, you have to trust Apple when it says that it doesn’t interpret collected data or keep track of your log-ins.

The difference here is that we know for certain Facebook and Google do this. Apple makes its money from hardware and services. Facebook and Google are all about surveillance capitalism.

See: Let’s Clarify some Misunderstandings around Sign In with Apple • Aaron Parecki

Categories
computing

Hacking the Treasury, or not

New Zealand’s media enjoyed a day where computer, or maybe cyber, hacking made the headlines.

Here’s the RNZ take:

National Party ‘Budget leak’: Treasury ‘deliberately hacked’ — RNZ website

There is a lot to unpack in the story. You can find that elsewhere. One thing that needs clarification is what is meant by the word ‘hacking’.

Hacking is a term that’s meaning changes depending on who uses it.

Hacking once meant one thing…

It means one thing to old school computer programmers — kids note that’s what people who wrote computer software were called before the job description was upgraded to developer.

For those people a hacker can be someone who cuts a piece of code.

It can mean someone who writes good code or it can mean someone who writes bodged code. I never quite caught the nuance there but definitely heard it used both ways in different contexts.

You may argue, but for most people this meaning of hacker is now archaic.

… it then meant another thing

It means another thing to people who work in and around computer security. Most of the time they take care not to use the word hacker. I assume that’s a least in part because there can be slightly glamorous connotations.

Or it could be they are lanugage pedants who don’t want to get in a fitght.

Many modern computer security folk prefer terms like bad actor, which makes me think of Tom Cruise.

Or maybe they talk about attackers. At one industry event, some high flying US security experts kept referring to hostiles.

Whatever. The key here is that in some security and enterprise system circles the word hacker can, but doesn’t always, refer to a person who manages to breach a system’s perimeter security and get inside.

Once again there are nuances.

Media see hacker another way

For the more excitable parts of the media, a hacker is someone who wears a balaclava while using a computer. They might also wear military fatigues.

You don’t often get to see the computer, but if you do, it’s often an old fashioned-looking computer, never a tablet or a phone, which seems odd to me, but there you go.

Another feature of this kind of hacker is they ofter work with green, text-based screens. What they do may be advanced and scary, but their computer hardware seems to come from the cold war era. More Trabant than Tesla.

Much of the media and the general public think of hackers as people who do bad things with computers. It’s not just newspapers, radio and TV journalists. When you see computer crime in movies or TV shows, the bad guys are hackers.

Far be it for me to cast aspersions on my colleagues, but there is something a tad click-baity about hacker.

As an aside, I’ve written before about how the word cyber now seems to be related to hacker. In a nutshell when something computery is good, the prefix is computer. When it’s bad the prefix is cyber.

See, “Cyber” is a bad thing…

Which explains why the great unwashed now understands the term hacker in this context.

Guilty your honour

I’ve found myself using the term, most likely incorrectly in your eyes, on TV and radio precisely because it is a shortcut to explaining things to the audience.

You might only have 120 seconds to explain something complicated. If you spend that qualifying terms defining the attack like a crusty old classics academic deconstructing Ancient Greek texts you’ve lost the audience.

It’s all Greek to them anyway.

Treasury hack

So, was this week’s Treasury Hack actually a hacking attack or was it something else? It appears that someone found some data that was stored on a web page or series of pages that had not yet been made public.

You can, I sometimes do, stumble over things like this by accident.

Now that’s not necessary hacking as we know it in 2019. It might well have been described as hacking in 1999.

You can sometimes get to these pages using spiders. This is something Google does every day. No-one thinks of that as hacking.

Dozens, even hundreds of pages on this site are spidered every day. This can include deleted pages, draft posts and posts that will never formally see the light of day,

Hostiles everywhere

If I look at the weblogs there are also thousands of probs every day where people — let’s call them hostiles, after all, it starts with an H — are looking for ways to compromise my security.

Some are easy to spot as they are calling URLs that don’t exist on my site, but might exist on some sites and can contain known vulnerabilities.

I just checked. This site, that’s little old me, had 1486 let’s say, dubious, calls in the last 24 hours.

If I’m getting that. And trust me, there is no information on here worth stealing, then a government system like Treasury will be getting an order of magnitude more probes. At least.

Another aside: There might not be anything worth stealing, but it could be worth gaining access to launch a bot attack or other mischief.

Is that hacking? Not in the sense computer professionals and geeks use the term. But it is in the sense that the media use the term and the sense the general public has come to understand the word.

You don’t have to like seeing the word used this way, but you don’t have any control over it. Those people speak a different language to you. They know what it means to them.

Categories
mobile telecommunications

Huawei blacklist – A guide for everyday users

The US government has blacklisted Huawei. As a result Google has stopped providing and supporting the Android software used on Huawei phones. American chip makers can no long supply technology to Huawei. The Huawei blacklist is part of a wider trade dispute between the US and China. 

Does the Huawei blacklist mean I have to stop using my phone?

No. If you already have a Huawei it will carry on working as normal for now.

Could China be spying on me through my Huawei phone?

Don’t be silly. If you’re like the average Android phone user you already let Facebook, Google and others spy on you. They make money that way.

If China wanted to casually spy on you it could buy data from one of those companies. If you’re a serious intelligence target for Chinese agents they’re probably able to spy on you regardless of your phone’s brand.

Is my Huawei phone a security risk?

No more than any other Android phone. Android is more prone to malware and nasty stuff than other phones, but this changes nothing in that department.

Huawei has not always been the best at providing necessary software updates and security patches in the past. The company says it will go on supporting existing customers.

I was thinking of buying a Huawei phone…

That’s probably not a great idea although if sales slump you may be able to pick up a bargain.

If you buy a Huawei phone today you’ll get updates for the current version of Android. It’s most likely you’ll get upgrades for the next version. After that things start to get tricky.

At the moment we’re on Android Pie. The next version, Android Q is due in a few months. Huawei has had all the code for both of these.

The next version, R, should turn up in about 14 months. The way things stand today Huawei won’t get that code.

Without official support, you could be cut adrift from the Android mothership in as little as 14 months. Huawei says it will continue with security upgrades, but you may struggle to run some apps once R is mainstream.

What about other Chinese Android phone brands?

How much of a gambler are you? The recent Huawei blacklist is specific to one company, but it’s part of an escalating trade war between the US and China. If you count yourself as cautious, then wait to see how the dust settles before buying an alternative Chinese brand.

Isn’t Android supposed to be open source?

Only up to a point.

Android has a number of layers. At the top there’s Huawei’s own software overlay, that’s EMUI on the premium phones. There’s a service layer which connects to things like the Google Play store, Maps and Gmail.

There’s a low level layer that connects the operating system to the hardware. The underlying Android operating system, AOSP is open source. Huawei will still be able to use that. It will be updated as normal.

However, Google usually shares this code with favoured phone makers months before the code is made public. Phone makers pay vast sums for this.

The blockade means Huawei will now get the code on release day, so users may wait months for upgrades.

This is how AOSP works for many smaller Chinese phone makers. If you’ve tried one of those phones you’ll know the customer experience often leaves much to be desired.

Yet it’s also how Huawei’s Chinese phone business works, so the company already knows how to deal with the restrictions.

The real problem is with those services or those of us living in western countries. If Google makes changes there could be problems for existing phone users.

Will I be cut off from Google services?

No. At least not for the foreseeable future. You might not get any new services introduced from next year on.

Is any of this covered by the Commerce Act?

That’s a good question. The simple answer is you probably won’t be able to use the Commerce Act as a way of getting your money back if the phone goes on working as normal. Although there’s an interesting precedent that suggests otherwise.

In the longer term you may have a case if a lack of software updates means the phone is, in effect, rendered useless before a reasonable period of time. 

If this happens, it won’t matter if Huawei is no longer active in New Zealand (see below). The phone retailer is liable, not the manufacturer.

What does this mean for Huawei’s phone business in New Zealand?

It’s possible the spat between the US and China blows over in a few weeks and things will return to normal. If not, it will soon be hard for Huawei to sell phones here. Anecdotal evidence says customers are already avoiding the brand.

That’s a shame because Huawei makes some of the best Android phones. It is the number three phone brand here. While it may not always look like it, Huawei acts to keep Samsung and Apple competitive.

Phones account for about half of Huawei’s revenue worldwide. Half of its sales are in China where losing Google isn’t a problem. So a quarter of the company’s revenue is at risk.

On the other hand, no-one knows if Huawei make much, if any, profit from phone sales. The Huawei blacklist could lead to the company exiting the phone market outside of China. If that’s the case, it could be doing Huawei a favour.

Categories
telecommunications

America isolates Huawei — dangerous move with few winners

President Donald Trump’s latest attack on Huawei did not come as a surprise.

Earlier this month the US banned American companies from using equipment made by firms that pose a risk to national security. Chinese technology giant Huawei wasn’t named. It wasn’t necessary. Everyone got the hint.

At the same time, the US government asked American firms to withhold technology from those companies.

Google pulls Android Support

In the most dramatic move to date, Google said last week it would no longer supply the proprietary parts of its Android mobile operating system to Huawei.

At the same time American chip makers said they have stopped supplying the company. It turns out Huawei has been stockpiling some parts in anticipation of this move.

There has since been a temporary halt on the parts supply ban for existing Huawei products. Parts for new sales, which for a technology company come around fast, are still banned.

Billions at stake

We don’t know how Huawei’s investors reacted to the news, the company is in private ownership.

We do know that if the ban stays it will cost American firms billions of dollars in years to come. It could shut them out of the world’s largest consumer market. That’s been reflected in the share prices of Huawei’s US suppliers.

Trump, and America in general has been ratcheting up the pressure on Huawei for the best part of a year.

Things kicked-off in earnest months ago. Then, American officials warned the world that Chinese spies might use Huawei’s network hardware and phones.

It’s a story Huawei has denied often since spying accusations first emerged in Australia some years ago. Huawei also denies it has links to Chinese military.

Intelligence threat

More recently America threatened to withhold intelligence material for any ally with Huawei hardware on their networks.

It would be easy to dismiss America’s attack on Huawei as mere protectionism. That’s a clear part of what’s going on. Trump has since suggested he could clear up this spat if China cuts a new trade agreement with the US.

There is no evidence Huawei uses its network to spy on behalf of the Chinese government.

There is no smoking gun. Huawei’s accusers have not managed to dredge up any plausible documented evidence.

That speaks volumes.

Where Huawei is a threat

Still, Huawei represents a risk. That’s because Huawei dominates the telecommunications hardware market like no other company.

Telecommunications is essential, critical and strategic. It is a key infrastructure. Without it commerce and finance grind to a halt. So does almost everything else. Telecommunications touches almost every aspect of modern life.

America has suggested that while there’s no evidence of Huawei spying, it could hold countries to ransom.

Should, say, relations with a country deteriorate enough, China’s government might insist Huawei shuts networks. That would be a crippling blow to any economy.

Trade repercussions

It’s possible, but unlikely. The long-term repercussions for Chinese trade would be disastrous. Even threatening this would be fatal. After all who would trade with a partner who behaves like that?

And anyway, a shut-down would escalate matters. It could even tip relations over the brink with some countries. China can be aggressive, but there is no sign it is looking for a war.

There is more pressing long-term economic risk to America and the West. For the first time in living memory a Chinese company holds the key to an important, must have technology.

5G mobile

Huawei leads the way in 5G mobile telecommunications. Its technology is months, if not years, ahead of its rivals. The company has been the driving force behind the move to 5G for the past four or five years. Until the latest US intervention, it looked like Huawei would stay out in front.

A lot of the words and projections for 5G are hype. Yes it means more wireless bandwidth, but it is no more transformational than 4G or 3G.

Even so 5G is set to become a vital component of every country’s critical infrastructure. It’s not only about voice calls or web surfing. The technology is able to control power networks, sewage and logistics.

Huawei dominating this technology puts it in a very powerful position. By extension this could extend to China. The fear is the country could call in its favours from its home grown technology success story.

Technological dominance

We seen this kind of technology-lead dominance before. IBM was, in effect, the entire computing market until the late 1960s. It stayed in control of the sector until the 1980s. After that time Microsoft Windows and Intel processors defined the PC era.

In part these technologies contributed to America’s economic and technological pre-eminence. They helped America assert and project military power on a hitherto unseen scale.

There’s a fear Huawei and China could do the same1. Older readers may remember America had similar fears about Japanese technology. It appeared to pull ahead during the 1980s. The difference there was that Japan was never a military rival. 

Huawei already accounts for about a third of all telecommunications network hardware. Until recently it was on a growth trajectory. There is no reason to think that without intervention that proportion could climb to IBM or Microsoft levels of monopoly control.

Yet this frightens strategic thinkers in the US and other western nations.

Part of their concern is they worry about what it might mean for their industries if a Chinese company dominates a strategic market. They know how powerful this can be.

Embargoes

The US has often embargoed key technology product sales to out-of-favour countries. Indeed, an early chapter in the current Huawei spat came when the US accused it of violating Iran trade sanctions.

All this means Huawei doesn’t need to install backdoors in its 5G network hardware to be a threat. Not does it need to push out malicious code during software updates. There is no kill switch, but even if there was, it would be unnecessary. 

Huawei prepared for the US action. It stockpiled essential parts. It has its own mobile operating system under development and has worked to decouple its supply chains from the US.

Google that!

It’s hard to see how Huawei can stay competitive in phones without access to new Google software. It needs to offer Google search, Google Maps and other services that are now off limits. Chinese customers might live without them, customers in other markets demand and expect these services.

Huawei may stay competitive in network equipment in markets where it is still welcome. It may need US chips and software. China could, in theory either develop its own or source both elsewhere. That’s assuming the US doesn’t lean hard on other countries.

At this point things can go one of two ways. If it’s about the US putting trade pressure on China, things could blow over, albeit with some damage.

Huawei knock-out?

That’s the optimistic view. A more negative view is that America aimed to knock out China’s most prestigious technology company. It did so either to make a point or to stop Huawei from becoming too powerful.

This can backfire. China is powerful, rich and smart. America may have a more advanced software industry. It’s chip makers may be better, but China could view this as a wake up call to bolster its own industries.

Only a brave person would bet on China not catching up if it puts its shoulder to the wheel. America may have created the monster it had hoped to strangle at birth.

Disclaimer Huawei has flown me overseas three times in the last five years. I aim to take a balanced view of this story, but I’m only human. If you think I’m missing anything important feel free to comment.


  1. This argument forgets the UK government revelation that Huawei’s network software is a shambles. ↩︎
Categories
review

D-Link Omna Wire-Free Indoor-Outdoor Camera Kit review

D-link’s Omna Wire-Free kit packs two weatherproof wireless cameras, base station and a year’s cloud recording.

If you need home or small business security cameras, D-Link has a kit that will have you set-up in no time. The Omna Wire-Free Indoor-Outdoor Camera Kit makes what could be a tricky task dead simple.

It took about as long to get the home surveillance system working as it will take you to read this review. About six minutes from opening the box to being able to check two remote wireless cameras. Of course, mounting them in a permanent spot will take a little longer.

Not cheap, but worth it

At NZ$900, Omna Wire-Free isn’t cheap, but if you need security in a hurry, it’s hard to go past D-Link’s kit.

The ensemble comes in a sizeable box. Inside there’s a base station, D-Link calls it a hub. It looks a like a Wi-fi router. In effect, that’s what it is.

You need a spare power socket for the hub and an unused Ethernet port on your router. Neither of these are givens in modern homes. It makes sense to place the hub close to your router. If your router is near your home entertainment hardware, you’ll have to live with more distracting flashing lights.

Two cameras, hub Omna D-link kit

The box also contains two wireless cameras. They’re about the size of a large apple or orange. Both are curvy, but have a flat base. D-Link supplied some mounting hardware, but there is only a single outdoor mount.

You connect the hub to power and your network. Then, you hit a sync button on the side of each camera and it will connect to the hub.

The next stage is downloading the Mydlink app. There are versions for iOS and for Android.

This brings us to the trickiest and most long-winded part of the set-up. You need to sign-up for a mydlink account and wait for a confirmation email to arrive. You may also need to scan the QR code on the back of the hub to get the software running.

At this point you should be in business and able to see what the two cameras are picking up.

Motion detection

Both cameras can handle motion detection. This feature can work in darkness. The cameras are robust and waterproof enough to put outside. That includes, say, up a tree in the garden.

When the cameras detect movement they capture the scene in 1080P resolution. It’s higher definition than you’d expect. You can choose to send the video footage to D-Link’s cloud storage. Or, you can capture it on a local SD-card or even an old-fashioned hard drive.

D-Link is following the now-common practice of adding online services to hardware. You get a year’s subscription to a basic cloud storage service when you first install the system. After that it costs. The price goes up depending on who long you want to store videos. If you have ten cameras and want to store 30 days of video the cost is US$100 a year.

There’s obvious value in this. If criminals rob or trash your place, there’s a chance they will find or even steal your hard drive or the SD card. If they are at all clued up about home security they may even look for it so they can destroy the evidence.

Local storage

The flip side is local storage is free. There’s no subscription to remember and you can get immediately at the data.

It wasn’t possible to test D-Link’s claim that the camera batteries will work for 11 months between charges. Yet after a few weeks there was no sign of them running down. Even so, if you mount the cameras in hard to reach places, recharging them could be painful. You have to unmount them and take them close to a power supply.

One nice touch is that you can buy extra cameras to expand your security network. D-Link doesn’t appear to sell spare matching cameras. It offers a range of options from A$150. It’s not clear from the documentation if you can add any existing home cameras to the hub.

Phone app

D-Link’s Mydlink phone app works well enough. Yet the 1080p resolution is overkill given the size of most mobile phone screens. The pictures are crisp and clear, even in low-light conditions. It’s hard to fault the product in the set up of video capture department.

That said, there doesn’t appear to be an option to watch live footage on a PC or laptop. If there is, it passed me by. It does work with Google Home, so it may be possible to Chromecast images to a large screen TV. I didn’t test this.

A more subtle shortcoming is the weird latency in the system. It can take ages for the camera image to appear on the app.

In testing on different occasions it would take two or three minutes to get from waking the phone to a live feed. Sometimes the app would appear to hang at this point only to spring back into life. Even a two-minute hold up feels like this could be long enough for a home invader to get through the front door and on their way to your bedroom.

As an aside, I’m also not comfortable with the assumption I keep my phone next to my bed at night. I’ve found that’s a surefire way to interfere with a good night’s sleep.

One last niggle, D-Link needs to work on the phone app. The user interface is poor at the best of times. If you’re panicking as someone crawls about outside it isn’t good enough.

Verdict: D-Link Omna Wire-Free Indoor-Outdoor Camera Kit

D-Link’s Omna Wire-Free Indoor-Outdoor Camera Kit takes the hard work out of getting a home security system up and running. Buying separate devices, mixing and matching them, then making them work with software is not for the fainthearted. The price is good considering the amount of work you won’t need to do.

The hardware performance is impressive. It’s better than I’ve seen on any home system. D-Link still needs to work on the software; both the user interface and the time lag to get images on screen. Still, I’d recommend this for anyone who needs home or small business security.