new web technologies

Verizon Won’t Stop Tracking Users, But At Least You Can Opt Out Now


The saga of last year's privacy controversy over Verizon’s user-tracking behavior continues on. The latest chapter involves the wireless carrier magnanimously deciding Friday to let subscribers opt out of the program, the New York Times reported. 

Not that the idea came purely from the goodness of its heart. As the NYT noted, the decision came less than a day after the Senate Committee on Commerce, Science and Transportation wrote to Verizon’s chief executive, Lowell C. McAdam, to question his company’s behavior.

Next thing you know, Verizon agreed to let people jump off the good ship “Privacy Fail.”

Shhhh! We’re Tracking You

The fiasco started last year, when a tweet by the Electronic Frontier Foundation’s Jacob Hoffman-Andrews pointed out Verizon’s user-tracking tactics—primarily because few, if any, people realized what the wireless operator was doing.

Hoffman-Andrews cited an Ad Age article about Verizon's advertising business that mentioned the company’s use of PrecisionID, a tool developed by Verizon’s data marketer, Precision Market Insights. Its website describes PrecisionID as “a deterministic identifier matched to devices on Verizon’s wireless network powering data-driven marketing and addressable advertising solutions…”

The system works by tacking on snippets of code—sometimes called “perma-cookies” or “supercookies”—to mobile traffic headers moving through Verizon's cellular network. This “UIDH” identifier allows the carrier to track its subscribers' mobile browsing activity for advertising purposes. Ad Age’s Mark Bergen wrote, "Precision packages the request as a hashed, aggregated and anonymous unique identifier, and turns it into a lucrative chunk of data for advertisers.”

See also: Why Verizon Is Tracking All Your Mobile Web Traffic

In a Google AdSense world, user-tracking may not seem that outrageous. The difference: Google makes no secret of its ad-targeting behavior, and people knowingly accept those terms in order to use the search giant's free services. Verizon Wireless subscribers pay (sometimes hefty) subscription fees, but they apparently didn’t know they were being tracked.

Instead, they became unwitting participants in a program whose security remains in question. As the NYT points out, Verizon must secure those unique identifiers or supercookies, to ensure external attackers can’t get their hands on them.

Verizon "Takes Privacy Seriously" (Kinda) 

Even if people knew about the program, they would have had no way out until now. The company offered no mechanism to decline participation, like it does with other advertising initiatives. It makes sense, in some ways. If no one knows they’re being tracked, where’s the need? Another possibility: Putting something out there might trigger unwanted attention, and Verizon only puts it out there because it’s forced to now.

That is, of course, not the way the carrier positions its decision. According to its latest press statement:

Verizon takes customer privacy seriously and it is a central consideration as we develop new products and services. As the mobile advertising ecosystem evolves, and our advertising business grows, delivering solutions with best-in-class privacy protections remains our focus. 

We listen to our customers and provide them the ability to opt out of our advertising programs. We have begun working to expand the opt-out to include the identifier referred to as the UIDH, and expect that to be available soon. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs.

The announcement looks like a concession, and a minor one at that. Because if it was serious about privacy, then Verizon would have made user-tracking opt-in, i.e. turned off by default and only activated with consent. Instead, the program is opt-out, indicating it may be turned on by default. That would put the onus on users to be aware and proactive enough shut it down. 

Earlier in January, the Electronic Frontier Foundation began a petition against Verizon and Turn, a partner that makes digital marketing software. The digital rights group seeks punitive federal action for the lack of consumer disclosures over the tracking activity. The petition received more than 2,000 signatures as of Friday. 

Lead photo by Kangrex


Date: Fri, 30 Jan 2015 18:03:06 -0800
Author: :: Category: Mobile



back to top

YouTube Fired Flash, Clearing HTML5's Last Obstacle For World Domination


After 10 years, YouTube gave Adobe Flash the heave-ho as its default video player on Tuesday. Instead, the site announced it would default to HTML5 to play its never-ending roster of cat clips, Taylor Swift tributes and movie previews.

A few years ago, the move would have been unthinkable. In 2010, Adobe bragged that as much as 75% of the Web’s videos used Flash. But as of last year, HTML5’s popularity seemed cemented, with more than 80% of the market using it.

See also: Congrats, HTML5—You’re All Grown Up Now

For YouTube, the change seems natural. Around the time Adobe staked its claim, five years ago, the site began offering HTML5 as an option, setting the foundation. Now, in practical terms, most people probably won’t even know the difference. But the change speaks volumes about the state of online videos, its evolution and HTML5's place in it. 

How Flash Started To Dim

Apple usually isn’t the first to bring a new technology to market, but it wastes no time in sending old ones—like floppy disks, CDs, Firewire and others—packing. Flash was one of its most infamous targets. 

Co-founder Steve Jobs abhorred it, so the iPhone never supported it. Jobs even went an extra step and posted a polemic damning the technology, in response to Adobe taking aim at the iPad’s lack of Flash support. 

The big-screen device was designed for enjoying entertainment—at least those not piped in by Adobe’s standard. Jobs explained, citing Flash's lack of openness, poor performance, battery drain, lack of touch support and other issues.

We have routinely asked Adobe to show us Flash performing well on a mobile device, any mobile device, for a few years now. We have never seen it. Adobe publicly said that Flash would ship on a smartphone in early 2009, then the second half of 2009, then the first half of 2010, and now they say the second half of 2010. We think it will eventually ship, but we’re glad we didn’t hold our breath. Who knows how it will perform?

That was in 2010, the year Apple sold nearly 40 million iPhones, and moved almost 15 million of its first iPads. Although the tablet’s momentum has been stalling out lately, back then, its growth and popularity in the market had only just begun. Developers couldn’t afford to overlook such a huge user base, so this war wound up accelerating more activity around HTML5.

Not that there was really a choice. The following year, Adobe killed off Flash mobile development and even joined the HTML5 bandwagon.

Becoming A Streaming TV Star

Unlike Adobe’s aging multimedia technology, HTML5 works on all devices. It also plays into the larger trend to "write once and distribute everywhere." Developers of all types can just run with HTML5 and know that their videos would play on computers, smartphones and tablets, as well as televisions, i.e. the biggest screen in most people’s lives.

Streaming TV is an area of intense focus for YouTube. The site has become a fundamental part of living room tech, to the point now that most options seem incomplete without it. Google, which bought the video purveyor for $1.65 billion in 2006, knew it would become important; and if it didn’t, then it definitely knows now. The company’s most successful TV product to date, Chromecast, only offered YouTube, Netflix and two Google Play media services when it launched in 2013. But that was enough to rocket it to the top of Amazon’s list of bestselling electronics.

Meanwhile, HTML5’s prominence in TV app development started to come into focus.

See also: HTML5's "Dirty Little Secret": It's Already Everywhere, Even In Mobile

Differing approaches can make development complicated, developers have told me. Roku, for example, uses its own proprietary BrightStar scripting language. For a while, it looked like every TV and console maker would use their own coding languages, making app development across so many different systems a resource-intensive nightmare. Fortunately, most major smart TV and streaming set-top platforms wound up rallying behind HTML5—including those from Samsung, LG, Opera TV and others (though not Roku).

In other words, TV streaming apps have become something akin to glorified Web apps. YouTube’s change in default from Flash to HTML5 plays directly into that.

See also: HTML5 Catches Up To Apple

Not that Flash is entirely dead. It's still a popular choice for browser-based gaming, apparently even more so than HTML5. The latter can’t handle animations or back-and-forth interactions on its own, requiring other tools like CSS3 and Javascript. But when it comes to video, it’s clear now which one dominates—and that may only scratch the surface.

In emerging markets, developer interest in HTML5 has surged. In places like South Asia, South America, the Middle East and Africa, HTML5 is even more popular than iOS—which means that the technology Apple helped make popular is giving it a run for its money. 

Lead photo screenshot from YouTube video by Gilbert Gottfried


Date: Fri, 30 Jan 2015 11:44:27 -0800
Author: :: Category: Play



back to top

How To Safely Share Passwords With Others Who Need Them


It’s easy to poke fun at companies that treat sensitive information recklessly, sending or receiving plaintext passwords via unencrypted email or chat, or storing customer information in ways that are far from secure. But it can be a logistical nightmare to let multiple remote employees log into a shared account in a secure fashion.

Luckily, there are a few options to make this a little easier. Here's a quick run-through of some of the best options.

LastPass

Like most password managers, LastPass lets users to log in with just one master password; the tool stores all of their other passwords. Among other things, this makes it easy to create long and complex passwords and to use different passwords for each login account.

In addition, LastPass’ enterprise accounts will let you share login data between individuals and across teams, with customizable permissions. That means that you can choose who has access to which folders, and make changes that are synced automatically. Enterprise accounts cost anywhere from $18 to $24 a year per user, depending on the number of users.

It’s also possible for a Premium account holder to share password information in a single file with up to five other LastPass users, which could be useful for tiny startups, partnerships, or people needing to share passwords with friends or family members. Premium accounts cost $12 a year, and only the main account holder needs to have one.

Because LastPass is cloud-based, it makes things easier for people logging into multiple computers, but has some drawbacks as well. For instance, you'll be uploading your passwords—though not your master password—to the cloud, though in encrypted form.

In addition, “[a] third party service [like LastPass] will be able to see which sites you have an account on ... not the password itself, but when you’re accessing each password,” says privacy and security researcher Runa Sandvik, technical advisor for Freedom of the Press Foundation.

KeePass and KeePassX

“Keepass and Keepass X may not be as pretty as all the other tools, but it is open source, it is free, and it works,” Sandvik says. This password manager is one you have on your computer, so no third party knows when you access different sites. However, you do need to make sure you’re backing up the database frequently. (Let's just say that losing your database of passwords would be ... bad.)

To share passwords with others, you need to create a database, enter the password, send the database to another person, and somehow securely send them the password to open the database. We’ll discuss that a little later.

OneLogin

OneLogin is another cloud-based option. OneLogin allows users to log into multiple cloud services using a single sign-on account. It can integrate with a company’s "active directory" of user accounts and permissions.

Another benefit is that OneLogin can integrate with a large variety of enterprise applications. Plans range from $2 to $8 a month; there's a free version as well.

1Password 

1Password is a personal privacy manager tool that allows users to create several password vaults, and share a single password vault with a group of people who also have 1Password installed. However, you do need to use Dropbox to synchronize the data.

"That is a sharing solution is suitable for a family and a small team, but it's not an enterprise solution or one for a big company," says security adviser Per Thorseim, founder of the Passwords hacker conference. Licenses cost $49+.

SplashID Safe for Teams

SplashID is an enterprise product that allows large teams or companies to share passwords and other information with larger groups of people, such as entire departments or large companies. The IT team can create users and groups and permissions, so only people who need access to passwords can see them, or to review logs of records and usage.

Dashlane

Dashlane for Teams is yet another privacy tool that works on the company level. It syncs passwords within a team, which is helpful any time someone needs to change a password, as the change will get pushed out to all team members and their devices.

Dashlane also sends security alerts to users' devices when an account may have been compromised. A security dashboard provides tips for making an account even more secure. 

Licenses cost $39.99 a year for each user. There's also a freemium version with very limited features.

Strip

Strip is another enterprise solution that has team password sharing. It allows synchronization over Dropbox, Google Drive, and local Wi-Fi, and creates local backups of data.

Don’t Forget Two-Factor Authentication

LastPass, 1Password, and Onelogin support two-factor authentication, which adds an extra step to checking a user’s identity when they log into a website. For instance, logging into the service require not just a password, but an authorization code that's texted to a user's phone.

Two-factor authentication is challenging to use with tools like Twitter if you have a distributed team, since a single phone number must be used, but there are often other options. Google, for example, allows users to generate backup codes, which can be shared with remote users who don’t have access to the mobile device to which the SMS code.

How To Safely Share Just One Password

Suppose you need to send someone just one password, and would rather not deal with the hassle of setting up shared-passworld tools. Or, similarly, say you sent someone a KeePass database, but then also need to send them a password so they can open it. 

“The challenge is that even if you were to store a shared password, you’d still need a password to get into the database in the first place,” Sandvik explains. So what's the easiest way to safely share that single password?

Options might include sending encrypted emails, which require a bit of technical know-how, or using encrypted phone or messaging apps. Open Whisper Systems’ RedPhone (Android) and Signal (iOS) apps are particularly user-friendly.

SnapPass is open-source software used at Pinterest that allows people to send a URL to someone that links to a password. It may require a bit of tinkering to set it up; it stores passwords in a Redis database on the user’s own computer system. 

 “The URL leads to the password,” says web operations consultant Dave Dash, a former internal tools engineer at Pinterest who built SnapPass. He continued:

You can only click on it once and it expires after a few days. If I need to set up an account on any system for someone, I could send them the URL, and then they’d have the password and could then change it for added security.

Dash recommends that anyone setting this up make sure that the application and database aren't publicly accessible. It's also wise to limit the number of people who have access to the running application and its associated database.

Of course, there are non-technical solutions as well. You could, for instance, send a password through a different channel than the one used for login information—you could send one through email and another via chat, for instance.

This is the same concept that banks use when they send a debit card in one envelope and a temporary code in a separate one, and mail them out on different days, although of course it's not foolproof. “That’s an option, but it assumes that NSA isn’t the entity you’re worried about,” Sandvik points out.

 If nothing else, just promise us you won't store all of your passwords in plaintext in a directory called “passwords.” 

Photo by Tit Bonač


Date: Fri, 30 Jan 2015 11:35:45 -0800
Author: :: Category: Web



back to top

The Scoop On Microsoft's New Outlook App For iPhone and Android


Acompli built an Outlook-like mobile app that was so good, Microsoft bought it, renamed it and just released it as the company's own official Outlook app for iOS and Android

Microsoft has been pushing to extend the reach of its Office productivity software to iPhones and iPads, as well as a preview version for Android tablets. (The latter now loses the "preview" label, graduating to a full release.) Meanwhile, the company also gave Windows mobile users Office apps and its own version of the email and calendar software. The lack of Outlook apps for iOS and Android, the world's most popular mobile platforms, seemed like a huge gaping hole. 

Turns out, Acompli managed to fill that annoying, inefficient void just fine. 

See also: Microsoft Office Comes To iOS For Free

Like Outlook, Acompli combined email, appointments, contacts and an attachment manager into one app, so users don’t have to bounce between separate, incompatible applications. Microsoft acquired Acompli last December, and appears to have wasted no time in slapping a new name on it and pushing it out the door. Here’s what you need to know. 

Building A Better Outlook: Mission Acompli'ed

There’s no question that Outlook on the desktop is a powerhouse email client. On Apple’s iOS and Google’s Android platforms, however, it looked like a power failure. 

The Microsoft program has been dominant on the desktop literally for decades—which is no surprise, since it comes bundled with versions of Microsoft Office. But before Thursday, Outlook on iPhones and Androids existed mostly as glorified Web apps for Office 365 users or via numerous third-party Outlook alternatives. 

See also: How To Get Started With Microsoft Office On iPad

Most of the choices paled in comparison to full-fledged Outlook, but one managed to do better. Launched less than a year ago, Acompli garnered immediate rave reviews after its April 2014 release and quickly became a hit—so much so that Microsoft itself couldn’t resist scooping it up. 

For the startup, the deal gave it access to "over a billion Office users,” Javier Soltero, co-founder of Acompli and now general manager for Outlook, wrote on the Microsoft Office blog. It also allowed for "tighter integration with Office and [the official] Outlook, the most popular desktop email app on the planet.” 

The new Outlook is a dead ringer for the old Acompli, an app I’ve been using on the iPhone for several months now. In that time, three features have stood out for me: choice of Web browsers, priority message filtering and the attachment viewer. 

I can choose Chrome as the default Web browser for email or document links, instead of Safari. The "focused inbox" for priority messages may not be perfect at picking out important emails, but it's helpful enough to be handy. The app also offers a handy attachment viewer that integrates with cloud storage providers such as Dropbox, Google Drive, Box and, of course, Microsoft's OneDrive service. 

All of these features remain in the new app. At least for now. However, Microsoft plans to make a lot of changes, and in rapid fire. 

"For our Acompli users, Outlook will be a familiar experience, as we’re developing the apps from this code base," the Official Microsoft Blog states. "You will see us continue to rapidly update the Outlook app, delivering on the familiar Outlook experience our customers know and love.”

In other words, Microsoft wants the former Acompli app to resemble the Outlook experience, and it's in a hurry to get it there. How much of a hurry became plain when Julia White, Microsoft’s general manager of Office, told the Verge, "We have been and we’ll continue to update the app weekly." 

Those updates will likely lead to heavier emphasis on the company’s own offerings. Hopefully that won't come at the expense of integration with Google Drive or other external cloud storage services. 

Super Email Busting Powers

When it comes to email on Acompli—er, Outlook—support for Gmail, Yahoo and iCloud, as well as Microsoft's own Outlook.com and Exchange, won’t go anywhere. In fact, it would benefit Microsoft to link up with as many major email providers as possible, to keep users relying on the app. 

Outlook also offers one of the most popular email features these days: Like with Google’s Inbox, Dropbox’s Mailbox and the now-defunct Acompli, users can swipe to schedule, archive or delete. 

The finger-flinging really slaps a jetpack on the act of zipping through piles of email messages, which should appeal to the businesses and workers that form Microsoft's key user base. 

Serving businesses has always been a primary focus for Microsoft, which has seen competition heat up in this area—most recently by Amazon, which just introduced its own WorkMail service. White said, “we’ll be rounding out the really important business and organizational capability of the app too,” though she didn’t elaborate on what exactly that means yet. But with weekly updates, we may not have long to find out.

For now, Outlook for iOS and a preview for Android are both available for download. Early user reviews seem solid for the iPhone version, and generally positive on Android, though apparently some people report various bugs. That’s understandable, given that the preview app is essentially an early beta-type release. 

The user interface supports 30 languages, and the apps require iOS 8.0 and higher, or Android 4.0 and above. To check them out, visit the Apple App Store or Google Play, or play the promo video embedded below. 

Lead photo by Adriana Lee for ReadWrite; all others courtesy of Microsoft


Date: Fri, 30 Jan 2015 06:00:00 -0800
Author: :: Category: Mobile



back to top

White House Privacy Bill Would Reportedly Crimp Data Harvesting


The White House's forthcoming online-privacy bill will would place restrictions on the handling of consumer data while giving more power to the Federal Trade Commission to enforce those restrictions, Politico reported.

The current draft would require Internet companies like Google and Facebook—as well as online advertisers and mobile app developers—to get user permission before collecting or sharing personal information. The report also says the FTC would gain the power to levy fines against companies that violate online privacy laws. 

Earlier this month, the White House said it will introduce a version of its Consumer Privacy Bill of Rights by February 26:

Online interactions should be governed by clear principles ... that look at the context in which data is collected and ensure that users’ expectations are not abused.

Related online-privacy legislation the Obama administration intends to propose includes the Student Digital Privacy Act, a measure based on California legislation that would prevent companies from selling student data for non-educational purposes.

But critics said the bill, which will face a hostile reception in the Republican Congress, will need to stake out some serious enforcement powers.

"It's encouraging that the Obama administration is proposing more privacy reforms," Mark. M Jaycox, legislative analyst for the Electronic Frontier Foundation, said in an email interview. "But they can't be hollow bills."

For instance, he noted:

EFF supported the California bill that the administration is basing its student privacy proposal on. But just this morning, Education Week reported the administration bill does not contain an explicit prohibition on vendors amassing profiles of K-12 students for non-educational uses.

Jaycox added that the student-privacy bill also won't prohibit companies from collecting information in an educational context and then using it to target advertising to students elsewhere.

Critics like Jaycox argue that weaknesses in the student privacy bills could foreshadow similar problems with the consumer privacy bill. Outsiders, however, haven't yet seen the language of either bill firsthand. Politico attributed its reporting to sources that offered a limited reading of the draft legislation.

Photo courtesy of the White House


Date: Thu, 29 Jan 2015 16:06:12 -0800
Author: :: Category: Web



back to top