In the United States, Apple makes a big show of defying the government, by giving citizens tools to assert our right to privacy. In China, Apple is actively collaborating with the government against the people.
Tim Cook’s statements explaining his willingness to oppose the government were strong, to:
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
But Cook has gotten quiet when it comes to the mass crackdown in China:
Recently, the Chinese Ministry of Industry and Information Technology (MIIT) requested that CallKit functionality be deactivated in all apps available on the China App Store.
During our review, we found that your app currently includes Callkit functionality and has China listed as an available territory in iTunes Connect.
This app cannot be approved with CallKit functionality active in China.
So Apple will comply with any request made by the Chinese government. So much for caring about making the users less safe!
Google has an ability to track your every move, especially if you’re using a phone with Google functionality inside. Should the FTC investigate?
Democrats Ed Markey (Mass.) and Richard Blumenthal (Conn.) are pressing the FTC to look into it. Google has many means of tracking your movements. GPS is only one of them.
It’s not just theoretical, either. Google sells geotargeting information as part of its core businesses, advertising:
You can choose locations such as entire countries, areas within a country like cities or territories, and even a radius around a location, or your Google My Business locations, for your ads to show. AdWords may also suggest related locations that you can choose to target based on your current settings.
The letter by Markey and Blumenthal is exactly right. They say that “Most consumers do not understand the level, granularity, and reach of Google’s data collection,” which is true. Google’s made it their mission to learn everything they can about you by any means necessary.
Should they even be allowed to do that surreptitiously?
For over 25 years, people have relied on cryptography to protect themselves from more powerful snoops, such as governments. Some panicked tweets have gone out, that have done more to mislead than aid people. Here are the facts.
According to Sebastian Schnitzel, every major means of encrypting email is broken. Pretty Good Privacy (PGP, a cryptography core), GNU Privacy Guard (GPG, an open source clone of PGP), and S/MIME (a protocol for encrypting email) are implicated. He recommends that people stop using encrypted emails.
But there’s more to it than that. The GNU Privacy Guard team was not even notified. That is a clear indicator that PGP and GPG have nothing to do with the security hole in question. So we’re left with S/MIME. And guess what: the real problem is that email clients are loading external websites linked in emails, such as images.
The key line, buried way down in “EFAIL” website:
The EFAIL attacks abuse active content, mostly in the form of HTML images, styles, etc.
So stop using HTML email, and you’re fine. Relax, folks. It’s just bad clients doing bad things. Cryptography is secure. Just stop loading HTML.