Thursday, October 18, 2018

Apple's New Privacy Pages:
Your Reading Assignment!

--

In this day and age, when the western world is being increasingly China-fied and Russia-fied, IOW devolving into totalitarian surveillance states, it's wonderful to watch Apple resist and insist upon user privacy. Good on 'em!

It used to be that Apple merely provided semi-annual transparency reports, annual white papers on Apple gear security and some diffuse documents about securing, hardening our Apple devices. Now, everything has been gathered into one area on their website for easy access along with elaborations no doubt inspired by EU's GDPR, General Data Protection Regulations.


Where to start:


Privacy - Apple
The pages tend to be iOS centric, no surprise of late. But Apple's privacy policy is relevant to Mac gear as well. As we dig into the various sub-subjects, we find an elaborate exposition of Apple security details. Take an hour and dig around. If you require security on your Apple gear, it's worth the time to read through it all in order to know what Apple offers and how to put it to work for you.

Topics include:

  • Encryption (Get stuffed Australia surveillance maniacs!)
  • Apple Pay
  • iMessage, FaceTime
  • Health and fitness data
  • Analytics (under our control!)
  • Safari
  • iCloud
  • Education
  • Advertising
  • Photos
  • Siri & Dictation
  • HealthKit
  • Music
  • News
  • Maps
  • Siri & Spotlight
  • DeviceCheck
  • HomeKit
  • ResearchKit
  • CareKit
  • CloudKit
There are odds and ends here I'd hadn't been aware of!

The core of the Privacy site is Manage Your Privacy. All of us should dig through this page in order to maximize our understanding and control of our own privacy settings.


What everyone should read NOW:


Manage Your Privacy:

Each of these sections provides links to helpful, more detailed information. 

Of most immediate concern is this section under Manage your Apple ID:

Beware of phishing! Phishing spam has become increasingly elaborate and deceitful. The worst of these are the fake charge receipts. The idea is to send us scrambling to UNdo charges we are lead to believe have been made without our permission. They are remarkably successful, as has been demonstrated most explicitly in China in recent weeks. Apple provides further elaboration about phishing HERE 


It takes time to pour through all this, but it's well worth it.


.
--

Tuesday, October 16, 2018

iOS 12.0.1 Security Bug Workaround (O_o)

--

Yes, here we go again. The Bug:

New iPhone Bug Gives Anyone Access to Your Private Photos
...The new hack allows anyone with physical access to your locked iPhone to access your photo album, select photos and send them to anyone using Apple Messages. 
Since the new hack requires much less effort than the previous one, it leaves any iPhone user vulnerable to a skeptic or distrustful partner, curious college, friend or roommate who could access your iPhone's photo album and grab your private photos....
The new passcode bypass method works on all current iPhone models, including iPhone X and XS devices, running the latest version of the Apple mobile operating system, i.e., iOS 12 to 12.0.1
Until Apple comes up with a security patch, you can temporarily fix the issue by disabling Siri from the lockscreen. Here's how to disable Siri: 
Go to the SettingsFace ID & Passcode (Touch ID & Passcode on iPhones with Touch ID) and Disable Siri toggle under "Allow access when locked."
(Bolding mine).

If you kept the workaround for the similar bug in iOS 12.0, then you're already safe. 


The general consensus at this point is that it is UNSAFE to leave Siri on when the screen of an iOS device is locked. Therefore, we might want to leave Siri disabled when locked. That means we have to unlock the device first, then access Siri. As ever, it's convenience versus security. Take your pick, find your balance.


--