Notices by Soh Kam Yung (sohkamyung@mstdn.io)

Soh Kam Yung (sohkamyung@mstdn.io)'s status on Sunday, 13-Oct-2019 20:58:04 EDT Soh Kam Yung

Cryptographer Matthew Green on a change Apple made in iOS13: "Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tencent. This is being done as part of Apple’s “Fraudulent Website Warning”, which uses the Google-developed Safe Browsing technology as the back end."
#Privacy #Security #Encryption #Google #Apple #Tencent #Malware #WebBrowsers
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
In conversation Sunday, 13-Oct-2019 20:58:04 EDT from mstdn.io permalink
Attachments
1. How safe is Apple’s Safe Browsing?
  
  By Matthew Green from A Few Thoughts on Cryptographic Engineering
  This morning brings new and exciting news from the land of Apple. It appears that, at least on iOS 13, Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tencent. This is being done as part of Apple’s “Fraudulent Website Warning”, which uses the Google-developed Safe Browsing technology as the back end. This feature appears to be “on” by default in iOS Safari, meaning that millions of users could potentially be affected.
  
  (image source)
  
  As is the standard for this sort of news, Apple hasn’t provided much — well, any — detail on whose browsing history this will affect, or what sort of privacy mechanisms are in place to protect its users. The changes probably affect only Chinese-localized users (see Github commits, courtesy Eric Romang), although it’s difficult to know for certain. However, it’s notable that Apple’s warning appears on U.S.-registered iPhones.
  
  Regardless of which users are affected, Apple hasn’t said much about the privacy implications of shifting Safe Browsing to use Tencent’s servers. Since we lack concrete information, the best we can do is talk a bit about the technology and its implications. That’s what I’m going to do below.
  
  What is “Safe Browsing”, and is it actually safe?
  
  Several years ago Google noticed that web users tended to blunder into malicious sites as they browsed the web. This included phishing pages, as well as sites that attempted to push malware at users. Google also realized that, due to its unique vantage point, it had the most comprehensive list of those sites. Surely this could be deployed to protect users.
  
  The result was Google’s “safe browsing”. In the earliest version, this was simply an API at Google that would allow your browser to ask Google about the safety of any URL you visited. Since Google’s servers received the full URL, as well as your IP address (and possibly a tracking cookie to prevent denial of service), this first API was kind of a privacy nightmare. (This API still exists, and is supported today as the “Lookup API“.)
  
  To address these concerns, Google quickly came up with a safer approach to, um, “safe browsing”. The new approach was called the “Update API”, and it works like this:
  
  Google first computes the SHA256 hash of each unsafe URL in its database, and truncates each hash down to a 32-bit prefix to save space.
  
  Google sends the database of truncated hashes down to your browser.
  
  Each time you visit a URL, your browser hashes it and checks if its 32-bit prefix is contained in your local database.
  
  If the prefix is found in the browser’s local copy, your browser now sends the prefix to Google’s servers, which ship back a list of all full 256-bit hashes of the matching URLs, so your browser can check for an exact match.
  
  At each of these requests, Google’s servers see your IP address, as well as other identifying information such as database state. It’s also possible that Google may drop a cookie into your browser during some of these requests. The Safe Browsing API doesn’t say much about this today, but Ashkan Soltani noted this was happening back in 2012.
  
  It goes without saying that Lookup API is a privacy disaster. The “Update API” is much more private: in principle, Google should only learn the 32-bit hashes of some browsing requests. Moreover, those truncated 32-bit hashes won’t precisely reveal the identity of the URL you’re accessing, since there are likely to be many collisions in such a short identifier. This provides a form of k-anonymity.
  
  The weakness in this approach is that it only provides some privacy. The typical user won’t just visit a single URL, they’ll browse thousands of URLs over time. This means a malicious provider will have many “bites at the apple” (no pun intended) in order to de-anonymize that user. A user who browses many related websites — say, these websites — will gradually leak details about their browsing history to the provider, assuming the provider is malicious and can link the requests. (Updated to add: There has been some academic research on such threats.)
  
  And this is why it’s so important to know who your provider actually is.
  
  What does this mean for Apple and Tencent?
  
  That’s ultimately the question we should all be asking.
  
  The problem is that Safe Browsing “update API” has never been exactly “safe”. Its purpose was never to provide total privacy to users, but rather to degrade the quality of browsing data that providers collect. Within the threat model of Google, we (as a privacy-focused community) largely concluded that protecting users from malicious sites was worth the risk. That’s because, while Google certainly has the brainpower to extract a signal from the noisy Safe Browsing results, it seemed unlikely that they would bother. (Or at least, we hoped that someone would blow the whistle if they tried.)
  
  But Tencent isn’t Google. While they may be just as trustworthy, we deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them.
  
  We shouldn’t have to read the fine print
  
  When Apple wants to advertise a major privacy feature, they’re damned good at it. As an example: this past summer the company announced the release of the privacy-preserving “Find My” feature at WWDC, to widespread acclaim. They’ve also been happy to claim credit for their work on encryption, including technology such as iCloud Keychain.
  
  But lately there’s been a troubling silence out of Cupertino, mostly related to the company’s interactions with China. Two years ago, the company moved much of iCloud server infrastructure into mainland China, for default use by Chinese users. It seems that Apple had no choice in this, since the move was mandated by Chinese law. But their silence was deafening. Did the move involve transferring key servers for end-to-end encryption? Would non-Chinese users be affected? Reporters had to drag the answers out of the company, and we still don’t know many of them.
  
  In the Safe Browsing change we have another example of Apple making significant modifications to its privacy infrastructure, largely without publicity or announcement. We have learn about this stuff from the fine print. This approach to privacy issues does users around the world a disservice.
  
  It increasingly feels like Apple is two different companies: one that puts the freedom of its users first, and another that treats its users very differently. Maybe Apple feels it can navigate this split personality disorder and still maintain its integrity.
  
  I very much doubt it will work.
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Wednesday, 09-Oct-2019 05:06:37 EDT Soh Kam Yung
- Fitheach
A repost: @fitheach points out that County Donegal is in Ireland. Thanks! 🙂
A school in Stranorlar in County Donegal is part of the international Seismology in Schools network.
A teacher, Mr O'Donoghue, said, "It shows that they [the pupils] are making that connection with people who are suffering due to these catastrophes [earthquakes], so it gives them a sense of their place in the world and how connected we all are."
#Earthquakes #Education #Schools #Ireland
https://www.bbc.com/news/world-europe-4997

In conversation Wednesday, 09-Oct-2019 05:06:37 EDT from mstdn.io permalink
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Saturday, 05-Oct-2019 02:38:04 EDT Soh Kam Yung
- David Revoy
Wow. @davidrevoy on making "a big high quality comic book using only FLOSS from scratch!" Done with Krita, Inkscape, Scribus on Kubuntu 18.04.2 LTS.
#Software #Art #Comics #FLOSS
https://www.davidrevoy.com/article735/the-english-book-printed-project-production-report-1
In conversation Saturday, 05-Oct-2019 02:38:04 EDT from mstdn.io permalink
Attachments
1. The English book printed project: production report 1
  
  from David Revoy
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Tuesday, 24-Sep-2019 05:59:33 EDT Soh Kam Yung

The UK Supreme Court ruling is out. The proroguing of Parliament was ruled null and void:
""The prorogation was void and of no effect," Lady Hale says. "Parliament has not been prorogued.""
#Brexit #UK #Parliament #UKSupremeCourt
https://www.bbc.com/news/live/uk-politics-49807552
Summary (PDF) [ https://www.supremecourt.uk/cases/docs/uksc-2019-0192-summary.pdf ]
Full Judgement (PDF) [ https://www.supremecourt.uk/cases/docs/uksc-2019-0192-judgment.pdf ]

In conversation Tuesday, 24-Sep-2019 05:59:33 EDT from mstdn.io permalink
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Thursday, 19-Sep-2019 20:46:33 EDT Soh Kam Yung

Canberra, Australia's capital, is to switch to 100% renewable energy in 2020.
"From 1 January 2020, Canberra will join seven other districts around the world that produces or purchase the equivalent of their total electricity consumption from renewable sources, according to a report released on 18 September by policy think tank the Australia Institute in Canberra."
#Environment #RenewableEnergy #Cities
https://www.nature.com/articles/d41586-019-02804-0
In conversation Thursday, 19-Sep-2019 20:46:33 EDT from mstdn.io permalink
Attachments
1. Australia’s capital city switches to 100% renewable energy
  
  Canberra will be the first major region in the Southern Hemisphere to purchase all its energy from renewable sources.
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Thursday, 19-Sep-2019 05:33:46 EDT Soh Kam Yung

A pretty piece of hardware. A restored prototype Macintosh Portable M5120 in a acrylic case.
Amazingly, it ran on a lead-acid battery!
#VintageComputers #Apple #Macintosh
https://www.macrumors.com/2019/09/17/vintage-macintosh-portable-prototype-photos/
In conversation Thursday, 19-Sep-2019 05:33:46 EDT from mstdn.io permalink
Attachments
1. Vintage Prototype Macintosh Portable M5120 Shown Off in New Photos
  
  It's always interesting to get a look back at Apple's past, especially when it comes to prototype devices that were never actually released...
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Wednesday, 18-Sep-2019 22:57:34 EDT Soh Kam Yung
in reply to
- GCU Prosthetic Conscience
- Fitheach
@fitheach You may enjoy this version by A Capella Science version too. 🙂
https://www.youtube.com/watch?v=2rjbtsX7twc
@gcupc
In conversation Wednesday, 18-Sep-2019 22:57:34 EDT from mstdn.io permalink
Attachments
1. A Capella Science - Bohemian Gravity!
  
  By acapellascience from YouTube
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Tuesday, 27-Aug-2019 01:18:04 EDT Soh Kam Yung

A sign of the times. In the UK, "male and female sago palm cycads are producing cones at the same time outdoors. This means that cycads will be able to successfully reproduce at this latitude since at least the Cretaceous Period, roughly 120 million years ago."
#Biology #Cycads #Plants #GlobalWarming #ClimateChange #UK
http://www.indefenseofplants.com/blog/2019/8/25/a-pair-of-cycads-are-aiming-to-reproduce-in-the-uk-for-the-first-time-in-over-60-million-years
In conversation Tuesday, 27-Aug-2019 01:18:04 EDT from mstdn.io permalink
Attachments
1. A Pair of Cycads Aim to Reproduce in the UK for the First Time in 120 Million Years — In Defense of Plants
  
  from In Defense of Plants
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Sunday, 25-Aug-2019 07:09:14 EDT Soh Kam Yung

An obituary by The Economist for Steve Sawyer, leader of Greenpeace, who died on July 31st. He was there the day the French bombed and sunk the Rainbow Warrior, causing an global outcry and a rise in activism "against oil-drilling, mining, seal-hunting, whaling and dumping of toxic waste, as well as nuclear testing".
#Obituaries #Greenpeace #Environment #Society #Culture
https://www.economist.com/obituary/2019/08/22/obituary-steve-sawyer-died-on-july-31st

In conversation Sunday, 25-Aug-2019 07:09:14 EDT from mstdn.io permalink
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Friday, 05-Jul-2019 01:57:58 EDT Soh Kam Yung

An opened fruit of the Simpoh Air (Dillenia suffruticosa), still filled with seeds. I've seen birds happily feeding on them, but it looks like they haven't found this one yet. :-)
Spotted at the Pandan River, Singapore, this morning.
On iNaturalist [ https://www.inaturalist.org/observations/28211812 ].
#iNaturalist #Nature #Photography #Singapore #Plants #Plantae

In conversation Friday, 05-Jul-2019 01:57:58 EDT from mstdn.io permalink
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Sunday, 23-Jun-2019 05:44:31 EDT Soh Kam Yung

Saw a family of Rufous Woodpeckers (Micropternus brachyurus) moving together along a tree looking for food today at Tampines Eco Green, Singapore. This is something I haven't see before.
#iNaturalist #Nature #Singapore #Photography #Birds #Aves #Woodpeckers #Picidae
On iNaturalist [ https://www.inaturalist.org/observations/27489804 ]

In conversation Sunday, 23-Jun-2019 05:44:31 EDT from mstdn.io permalink
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Wednesday, 15-May-2019 21:04:35 EDT Soh Kam Yung

Very nice. China's Chang’e-4 mission may have discovered material from the moon's mantle. A sample return mission in the future might settle the findings.
#Moon #Exploration #Change4 #China
http://www.planetary.org/blogs/guest-blogs/2019/change-4-may-have-discovered.html

In conversation Wednesday, 15-May-2019 21:04:35 EDT from mstdn.io permalink
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Sunday, 17-Feb-2019 22:23:10 EST Soh Kam Yung

Lovely obituary in The Economist on the Mars Rover, Opportunity, declared lost on February 12th 2019.
#Obituary #TheEconomist #Exploration #Space #Planets #Mars #Rovers #Opportunity
https://www.economist.com/obituary/2019/02/15/obituary-opportunity-a-rover-on-mars-was-declared-lost-on-february-12th

In conversation Sunday, 17-Feb-2019 22:23:10 EST from mstdn.io permalink
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Sunday, 30-Dec-2018 19:51:25 EST Soh Kam Yung

RIP, Lawrence Roberts, designer of the Arpanet. Thanks to him, you are able to read this message.
#Obituaries #Personalities #Internet #Arpanet #ComputerHistory #Networking #History #Engineering #Networks
https://www.nytimes.com/2018/12/30/obituaries/lawrence-g-roberts-dies-at-81.html

In conversation Sunday, 30-Dec-2018 19:51:25 EST from mstdn.io permalink
Soh Kam Yung (sohkamyung@mstdn.io)'s status on Thursday, 06-Dec-2018 08:15:32 EST Soh Kam Yung
in reply to
- M. Grégoire
@mpjgregoire Sounds like they are using org-mode in Emacs too ("combination to-do list and notebook"). :-)

In conversation Thursday, 06-Dec-2018 08:15:32 EST from mstdn.io permalink

Public

Notices by Soh Kam Yung (sohkamyung@mstdn.io)