Apple released a new beta version of iOS 12.2 yesterday. While the final version isn’t available just yet, here’s what you should expect: new Animojis and a fake 5G logo if you’re an AT&T customer.
If you have an iPhone X, XS, XS Max or XR, you’ll see new animals in the Animoji collection. As 9to5mac spotted, you will be able to record a video message and replace your head with a giraffe, an owl, a shark or a warthog. These Animojis will also work during FaceTime calls.
Here’s a picture from 9to5mac with the new lineup:
More interestingly, Apple succumbed to AT&T’s marketing plot to rename 4G to 5G. MacRumors noticed that some AT&T users now have a “5G E” icon in the top-right corner when they upgrade to the beta version of iOS 12.2. Some Android phones already show a 5G E icon after an AT&T update.
But don’t get fooled, this isn’t 5G — this icon replaces the LTE icon. AT&T has basically rebranded LTE with carrier aggregation as 5G Evolution. But it still runs on the same network.
Here’s a picture from the MacRumors forums:
The same thing happened in the U.S. during the transition from 3G to 4G. AT&T decided to rebrand its 3G HSPA+ network to 4G. It’s the reason why many carriers talk about LTE instead of 4G.
AT&T confused everyone back then, and the company is about to do the same again. It’s too bad Apple is helping AT&T with this iOS update.
Disclosure: TechCrunch is a Verizon Media company.
3D printing has changed the way people approach hardware design, but most printers share a …
All across the United States, the leaders at large tech companies like Apple, Google, and Facebook are engaged in a delicate dance with thousands of employees who have recently become convinced that physically commuting to an office every day is an empty and unacceptable demand from their employers.
The COVID-19 pandemic forced these companies to operate with mostly remote workforces for months straight. And since many of them are based in areas with relatively high vaccination rates, the calls to return to the physical office began to sound over the summer.
But thousands of high-paid workers at these companies aren’t having it. Many of them don’t want to go back to the office full-time, even if they’re willing to do so a few days a week. Workers are even pointing to how effective they were when fully remote and using that to question why they have to keep living in the expensive cities where these offices are located.
Some tech leaders (like Twitter’s Jack Dorsey) agreed, or at least they saw the writing on the wall. They enacted permanent or semipermanent changes to their companies’ policies to make partial or even full-time remote work the norm. Others (like Apple’s Tim Cook) are working hard to find a way to get everyone back in their assigned seats as soon as is practical, despite organized resistance.
In either case, the work cultures at tech companies that make everything from the iPhone to Google search are facing a major wave of transformation.
It didn’t start in 2020
The gospel of a remote-work future has long been preached by a dedicated cadre in Silicon Valley and other tech startup hubs. Influencers, writers, and business consulting gurus have for years been saying that, thanks to today’s technology, working in an office is destined to be a thing of the past.
There is no apparent justification for resisting remote work besides a sort of management control-freak insecurity, proponents argue. And to support their case, they point to studies that suggest that some employees in certain kinds of jobs are happier and more productive when remote work is an option. Studies also debunk the assumption that productivity is always lower when remote work is the norm.
The movement reached something of a fever pitch in the late 2000s, when tech-unicorn optimism was sweeping the business world and some prominent executives in the new wave of startups seemed cozy with the idea. But remote work went on to face dramatic setbacks. Notably, Yahoo!—then known as one of the most remote-friendly large tech companies—changed course in the early 2010s under the leadership of then-CEO Marissa Mayer, who mandated that a vast fleet of remote workers had to relocate and show up at their assigned desks.
Since that and other similar incidents around that time, the remote-work movement has been quieter.
Remote-work advocates and the business establishment seemed to settle into a compromise. Companies like Google or Twitter would let employees work from home periodically as the need arose (for example, to take care of a sick child or even for the occasional mental health day). But in most cases, the culture dictated that workers not play this card too often. Remote work was a privilege, not a right, and employees usually could not relocate out of daily commuting range from the cities where these companies were based.
As housing prices skyrocketed and traffic worsened in cities like San Francisco, Seattle, Los Angeles, and Austin—and as economic inequalities worsened in those places as a result—prominent commentators still occasionally penned op-eds that essentially said, “Gee, maybe some of these problems would be lessened if business leaders were more open to remote work.” But the most radical vision of the remote-work movement nonetheless seemed dead in the water.
And then the pandemic happened.
The involuntary revolution
Companies whose leaders long claimed remote work would never function were left with no other options. In traditional businesses, the digital-transformation movement accelerated dramatically to meet the need. And in some tech startups, the transition was so seamless that many employees (and even managers) found themselves wondering why all this hadn’t been tried before.
There are exceptions in some kinds of tech companies, of course. For example, large game development studios struggled to maintain prior levels of productivity in the new remote way of working, leading to delays or a reduction in quality for some releases. But more often than not, the changes made in response to the pandemic led people to believe that this remote thing might actually work out after all.
Between the threat of future pandemics in crowded cities and insane housing prices in tech hubs, a lot of workers recently began to make plans to evacuate from places like the Bay Area for cheaper, greener pastures—but with the hope that they could keep their high-paying jobs.
According to Glassdoor’s data, the average software engineer salary in pricy tech hotspot San Jose, California, is $137,907. Shockingly, that’s not enough to bankroll the whole American dream in the Bay Area. But if that hypothetical engineer relocates to St. Louis or Tucson on that salary, they can live like royalty.
An Apple divided
Few tech companies have experienced as much widely publicized drama over this issue as Apple. Though many employees in the Cupertino headquarters and elsewhere mostly worked from home through much of 2020, CEO Tim Cook emailed staff in early June 2021 that a policy change was imminent.
Employees would be required to return to the office for at least three days of every week beginning in September. They would also be able to go fully remote for up to two weeks per year, provided they secure management approval.
Employees then circulated a survey amongst themselves to reveal that Cook’s mandate was out of step with what they wanted or expected, according to reporting by The Verge’s Zoe Schiffer. Ninety percent of the survey’s 1,749 respondents said they “strongly agree” that “location-flexible working options are a very important issue for me.” Workers wrote a letter to Cook asking him to rethink the new policy. Sixty-eight percent agreed “that the lack of location flexibility would likely cause them to leave Apple.”
The threats may be legitimate because some other tech companies (like Twitter) have taken a much more permissive approach. These companies may give dissatisfied Apple employees somewhere else to go.
Apple executives did not back down from their plan. Over the summer, the upcoming change has led to turmoil in the industry giant, with longtime employees pledging to quit over a required return to the office. Some workers went to the press with claims that Apple management has begun rejecting remote-work requests more than normal in response.
A few Apple employees wrote another letter arguing for a compromise: more lenient remote-work policies in exchange for a system wherein employees in cities with lower costs of living would accept proportionally lower salaries. However, this proposal angered other employees still, who argue that Apple can afford to pay them a competitive salary regardless of where they choose to relocate to mid- or post-pandemic.
Postponed on account of delta
But now the battle over remote-work culture at companies like Apple looks like it is going to be extended. This summer’s initial optimism about an imminent return to normal in the wealthy parts of the world has waned across the industry. Credit the rapid spread of the delta COVID-19 variant and rising cases among the unvaccinated in the US.
The state of California reintroduced an indoor mask mandate, even for people who are vaccinated, because studies have shown that even relatively healthy-seeming vaccinated individuals can spread the deadly delta variant to the vulnerable unvaccinated. California’s mandate directly affects many of these companies, and more states are likely to soon follow.
Apple has nudged its return-to-office plan amidst the internal turmoil and growing health concerns. The timeframe has reportedly moved from September to October, and there’s a strong possibility it will be pushed back even further.
This week, Twitter announced that it is closing the US offices it had recently partially reopened. Google extended its current work-from-home policy through mid-October, and Lyft postponed a plan to move back into its office this coming September all the way back to February of next year.
Several big tech firms are requiring some or all employees to get vaccinated to return to the office, including Lyft, Google, and Facebook. And even in companies that haven’t yet announced any vaccination requirement, like Apple, employees are being asked to fill out surveys disclosing their vaccination status.
Others like Microsoft are still pushing to get workers back at their desks, despite the new developments, though they might change course again in the near future. Microsoft has generally been more proactive than Apple in laying the groundwork for long-term hybrid work support, though, despite its plans to press forward with reopening offices.
Don’t expect these discussions to resolve soon. Some executives are still trying to get employees back at their desks, some employees are still saying “not so fast” or “not at all,” and COVID-19 is still sweeping the planet.
Every workplace is handling things differently, and whether the fully remote dream actually becomes a reality at some of these companies or not, long-time remote-work prophesiers are right about one thing: the old ways aren’t going to cut it anymore, and tech is never going to be the same again.
Scammers have been caught using a clever sleight of hand to impersonate the website for the Brave browser and using it in Google ads to push malware that takes control of browsers and steals sensitive data.
The attack worked by registering the domain xn--brav-yva[.]com, an encoded string that uses what’s known as punycode to represent bravė[.]com, a name that when displayed in browsers address bars is confusingly similar to brave.com, where people download the Brave browser. Bravė[.]com (note the accent over the letter E) was almost a perfect replica of brave.com, with one crucial exception: the “Download Brave” button grabbed a file that installed malware known both as ArechClient and SectopRat.
From Google to malware in 10 seconds flat
To drive traffic to the fake site, the scammers bought ads on Google that were displayed when people searched for things involving browsers. The ads looked benign enough. As the images below show, the domain shown for one ad was mckelveytees.com, a site that sells apparel for professionals.
But when people clicked on one of the ads, it directed them through several intermediary domains until they finally landed on bravė[.]com. Jonathan Sampson, a web developer who works on Brave, said that the file available for download there was an ISO image that was 303MB in size. Inside was a single executable.
VirusTotal immediately showed a handful of antimalware engines detecting the ISO and EXE. At the time this post went live, the ISO image had eight detections and the EXE had 16.
The malware detected goes under several names, including ArechClient and SectopRat. A 2019 analysis from security firm G Data found that it was a remote access trojan that was capable of streaming a user’s current desktop or creating a second invisible desktop that attackers could use to browse the Internet.
In a follow-on analysis published in February, G Data said the malware had been updated to add new features and capabilities, including encrypted communications with attacker-controlled command and control servers. A separate analysis found it had “capabilities like connecting to C2 Server, Profiling the System, Steal Browser History From Browsers like Chrome and Firefox.”
As shown in this passive DNS search from DNSDB Scout, the IP address that hosted the fake Brave site has been hosting other suspicious punycode domains, including xn--ldgr-xvaj.com, xn--sgnal-m3a.com, xn--teleram-ncb.com, and xn--brav-8va.com. Those translate into lędgėr.com, sīgnal.com teleģram.com, and bravę.com, respectively. All of the domains were registered through NameCheap.
An old attack that’s still in its prime
Martijn Grooten, a researcher for security firm Silent Push, got to wondering if the attacker behind this scam had been hosting other lookalike sites on other IPs. Using a Silent Push product, he searched for other punycode domains registered through NameCheap and using the same web host. He hit on seven additional sites that were also suspicious.
The results, including the punycode and translated domain, are:
Google removed the malicious ads once Brave brought them to the company’s attention. NameCheap took down the malicious domains after receiving a notification.
One of the things that’s so fiendish about these attacks is just how hard they are to detect. Because the attacker has complete control over the punycode domain, the impostor site will have a valid TLS certificate. When that domain hosts an exact replica of the spoofed website, even security-aware people can be fooled.
Sadly, there are no clear ways to avoid these threats other than by taking a few extra seconds to inspect the URL as it appears in the address bar. Attacks using punycode-based domains are nothing new. This week’s impersonation of Brave.com suggests they aren’t going out of vogue anytime soon.
For at least a decade, privacy advocates dreamed of a universal, legally enforceable “do not track” setting. Now, at least in the most populous state in the US, that dream has become a reality. So why isn’t Apple—a company that increasingly uses privacy as a selling point—helping its customers take advantage of it?
When California passed the California Consumer Privacy Act (CCPA) in 2018, the law came with a large asterisk. In theory, the CCPA gives California residents the right to tell websites not to sell their personal data. In practice, exercising that right means clicking through an interminable number of privacy policies and cookie notices, one by one, on every site you visit. Only a masochist or a die-hard privacy enthusiast would go to the trouble of clicking through to the cookie settings every time they’re looking up a menu or buying a vacuum. Privacy will remain, for most people, a right that exists only on paper until there’s a simple one-click way to opt out of tracking across the whole Internet.
The good news is that this ideal is inching closer and closer to reality. While the CCPA doesn’t explicitly mention a global opt-out, the regulations interpreting the law issued by the California attorney general in 2020 specified that businesses would have to honor one, just as they do individual requests. The technology for a universal opt-out didn’t actually exist yet, but last fall, a coalition of companies, nonprofits, and publishers unveiled a technical specification for a global privacy control that can send a CCPA-enforceable “do not track” signal at the browser or device level.
Today, if you live in California, you can enable the global privacy control by using a privacy browser like Brave or downloading a privacy extension, like DuckDuckGo or Privacy Badger, in whatever browser you already use. (Seriously, go do it. The full list of options is here.) Once you do, you’ll automatically tell sites you visit, “Do not sell my personal information” without having to click anything—and, unlike with previous efforts to create a universal opt-out, any decent-size company that does business in California will be legally obligated to comply, which requires adding just a few lines of code to their website.
The state of CCPA enforcement remains murky because some businesses object to the attorney general’s broad interpretation of the law. But California’s government has begun making clear that it intends to enforce the global privacy control requirement. (The more recently passed California Privacy Rights Act, which goes into full effect in 2023, makes this requirement more explicit.)
In mid-July, Digiday reported that Attorney General Rob Bonta’s office had “sent at least 10 and possibly more than 20 companies letters that call on them to honor the GPC.” And an item appeared on a recent list of CCPA enforcement actions on the attorney general’s website noting that a company had been forced to start honoring the signal.
Now, the bad news. While it’s a lot easier to install a privacy extension or browser than click through a million privacy pages, the vast majority of people are still unlikely to do so. (It remains to be seen whether DuckDuckGo papering America’s highways and cities with billboards will inspire a new wave of privacy connoisseurs.)
This matters quite a bit because online privacy rights are collective, not individual. The trouble with pervasive tracking is not merely that it can allow someone to access your personal location data and use it to ruin your life, as recently happened to a Catholic priest whose commercially available Grindr data revealed a pattern of frequenting gay bars. Even if you personally opt out of tracking, you’re still living in a world shaped by surveillance. Tracking-based advertising contributes to the decline of quality publications by eating away at the premium that advertisers pay to reach their audiences. Cheaper to find those readers on social media or even on bottom-feeding extremist news sites. It turbocharges the incentive to relentlessly maximize engagement on social media platforms. None of that will go away until a critical mass of people opt out of being tracked across the board.
That’s why one absence from the list of companies supporting the global privacy control is so conspicuous. Apple burnished its already strong reputation on privacy earlier this year by introducing App Tracking Transparency, a setting that flips the privacy default on iOS devices by forcing apps to get a user’s permission before sharing their data. That is a genuinely big step forward for privacy, since the difference between being opted out by default and opted in is enormous—and indeed, early reports suggest that most iPhone users are declining to give apps permission to track them.
But Apple, despite its stated (and heavily advertised) commitment to privacy, has not incorporated the global privacy control into Safari, the most popular mobile browser in the US and the second-most-popular desktop browser. Nor has it built it into iOS, which accounts for more than half of the US mobile operating system market. That means it’s not doing as much as it could to protect tens of millions of users from having their data sold and shared. The App Tracking Transparency framework is important, but it relies on Apple catching app developers who violate the policy. Safari’s tracking-prevention feature, meanwhile, relies on a technical approach to blocking cookies and other trackers that can often be circumvented.
“For years, companies have found ways to circumvent technical privacy protections. It’s basically an arms race,” says Ashkan Soltani, a privacy researcher who helped develop the global privacy control. “Technical tools are not enough. You need to have the force of law behind it.” That’s where the global privacy control is crucially different from existing tracking prevention. If a business disregards it, it isn’t just violating terms of service or evading some code—it’s breaking the law and risks being slapped with major fines or penalties.
So far, however, none of the biggest browsers have incorporated the feature, keeping it from widespread adoption. This is not shocking in the case of Google, which hasn’t added it to Chrome or Android: The world’s biggest surveillance advertising company is not exactly known for caring much about user privacy. (Google declined to comment for this story.) A Mozilla spokesperson said the company is “looking into the global privacy control and actively considering next steps in Firefox.” It isn’t clear why Apple hasn’t yet joined the party or whether it plans to in the future. The company didn’t respond to multiple requests for comment over the past week.
In the past, Apple has used software design and App Store policies to protect users, stepping into the vacuum created by the lack of comprehensive privacy legislation. Now, in California and any other states that follow its lead—Colorado, for example, will require businesses to honor the global privacy control starting in 2024—the law has finally gotten ahead of the technology. The public won’t start seeing the full benefits until the private sector catches up. If even a privacy-centric company like Apple isn’t interested, though, the wait might be longer than you’d think.