March 21, 2023

Snippet: Forget A TikTok Ban, We Need To Regulate Data Brokers And Pass A Real Privacy Law ☍

Karl Bode for Techdirt:

And they don’t want to actually fix the mess they created. U.S. corporations don’t want to make slightly less money under a policy framework that empowers consumers, and the U.S. government doesn’t want to have to get a warrant for all of that data it buys from brokers.

So you get what we have here: a big dumb performance in which we pretend that banning a single app actually does anything of use. After all, the Chinese, Russian, and U.S. governments can all just buy data from the poorly regulated data broker market. They don’t need TikTok for surveillance and propaganda; they have plenty of data brokers and U.S. tech giants for that.

At the point, it’s irrelevant if TikTok is siphoning data to the Chinese government—our lawmakers are posturing instead of doing something beneficial for the people because we already know that plenty of other places (grocery stores, streaming devices, internet providers, and social networks) are vacuuming up and selling data about us whether we like it or not.

A bit of a related note, my Instagram was suspended this weekend without me even posting any content (presumably accessing it on my computer with an ad-blocker-equipped browser was enough?) That leaves me a little extra salty towards the Facebook Meta empire.

Snippet: iOS 16.4 Allows Health Authorities to End Their Support for Apple’s COVID-19 Exposure Notifications Feature ☍

Chance Miller for 9to5Mac:

Back in 2020, Apple and Google teamed up to launch the Exposure Notifications API for COVID-19 contact tracing. The feature aimed to alert you to potential COVID-19 exposures, allowing you to get a test and isolate yourself if necessary.

Three years later, Apple is now giving health agencies the ability to sunset their adoption of the Exposure Notifications API.

In iOS 16.4, Apple has added underlying support for health departments to end their support of the Exposure Notifications API. When a health authority decides to end support for the feature, users will see a message on their iPhone informing them of that decision.

I thought this was a great idea in light of trying to gather as much data and precautionary awareness as we could, yet sadly the politicization of the pandemic and state governments being bad at tech in general prevented a lot of areas from even utilizing this feature. Then again, we’ve also seen how pathetic the roll-out of driver’s licenses in Wallet, too.

Snippet: DPReview To Close ☍

Scott Everett:

After nearly 25 years of operation, DPReview will be closing in the near future. This difficult decision is part of the annual operating plan review that our parent company shared earlier this year.

The site will remain active until April 10, and the editorial team is still working on reviews and looking forward to delivering some of our best-ever content.

Everyone on our staff was a reader and fan of DPReview before working here, and we’re grateful for the communities that formed around the site.

Disappointing as it was always an interesting read, even after smartphones because the default camera for most people. Reading between the lines, I suspect this is another moment where Amazon sucks.

March 17, 2023

Snippet: Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems ☍

Tim Willis for Google’s Project Zero:

In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for Internet-to-baseband remote code execution. Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

The fourteen other related vulnerabilities (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076 and nine other vulnerabilities that are yet to be assigned CVE-IDs) were not as severe, as they require either a malicious mobile network operator or an attacker with local access to the device.

This vulnerability affects a lot of Android devices, so be sure to see if yours is affected. Although the fix is to temporarily disable Wi-Fi calling and VoLTE, most carriers in the US require VoLTE for calls—T-Mobile is the only national carrier that still is running a small 2G network that could work if VoLTE is turned off. Nonetheless, it’s worth watching for developments in this area and applying any patch as soon as it becomes available.

March 16, 2023

Snippet: Just Buy This Brother Laser Printer Everyone Has, It’s Fine ☍

Nilay Patel for The Verge:

Here’s the best printer in 2023: the Brother laser printer that everyone has. Stop thinking about it and just buy one. It will be fine!

Seriously, ask around or just look in the background of Zoom calls: there’s a black Brother laser printer sitting there. Some people have the bare-bones Brother HL-L2305DW, which costs like $120. We have the $270 Brother MFC-L2750DW, which adds a sheet-fed scanner, because my wife is a lawyer and scans things for judges or whatever she does with it. It doesn’t matter. We only bought that one to replace our previous Brother laser printer that we lost in a move, and even then, I didn’t even look at the model numbers. It has been connected to our Wi-Fi for like six years straight, and I have never replaced the toner. It prints Amazon return labels from my phone without complaining, and it does not feel like the CEO of Inkjet Supply and Hostage Situations Incorporated is waiting to mug me or enable DRM at the slightest provocation.

This has to be one of the best posts on The Verge ever.