Feedback & Followups
- We now have more details on how iOS 17’s new Check In safety feature will work: www.macobserver.com/…
- 🇪🇺 Six companies have confirmed to the EU Commission that they will fall under the Digital Markets Act (DMA) definition of a Gate Keeper — appleinsider.com/…
- 🇬🇧 Apple has joined the chorus of companies, industry associations, and public advocacy groups warning the UK government about the dangers of their ill-conceived Online Safely Bill which, as it stands, would ban effective and safe encryption in the UK — appleinsider.com/…
Deep Dive 1 — Firefox Update Their Support Matrix
With the release of Firefox 115 Mozilla have announced changes to their support plans for older OSes.
Firstly on the Windows end, Windows 7 & Windows 8 users will not get any more feature updates. They are being automatically migrated to Firefox 115 ESR, which will only provide security updates. Note that nothing older than Windows 7 will get any updates.
Similarly, Mac users on macOS 10.12 (Sierra), 10.13 (High Sierra) & 10.14 (Mojave) are also being migrated to 115 ESR for security-only updates. Again, nothing older gets any updates at all.
This is a very generous support matrix, and Mozilla definitely should not be criticised for this move. It makes no sense for an organisation to put resources into feature updates for obsolete OSes, and once the vendor drops support (as is the case for Windows 7 & 8, and macOS 11 Big Sur and older), even offering security updates is more than is reasonably required!
- Mozilla’s Release Notes — www.mozilla.org/…
- Firefox to end macOS Mojave, Windows 7/8 updates—Here’s why that’s a good thing — www.intego.com/…
- Firefox 115 is out, says farewell to users of older Windows and Mac versions — nakedsecurity.sophos.com/…
Deep Dive 2 — 🇫🇷 France’s Controversial New Surveillance Law
The French government is in the process of passing a large cybersecurity bill, and much of it is uncontroversial, some of it even good like placing requirements on cloud companies to protect the data they store. But, one aspect of the law is getting a lot of attention, and much of it missing all nuance and context.
The controversial part is the bit that grants law enforcement the right to enable ‘spying’ features on smart devices including phones, tablets, computers, and even cars.
There have been some amendments to the law as it’s made its way through the process, and there may well be more, so this is just the current state of play.
The first thing to note is that both of the provisions I’m about to describe need judicial approval, so it’s like getting a warrant in the US.
When investigating a crime whose sentence would be 5 or more years in prison, police can apply for the right to enable location tracking on a suspect.
“When justified by the nature and seriousness of the crime”, police can request the right to enable a camera or microphone, but only “for a strictly proportional duration”, and never more than 6 months. There are also explicit exclusions preventing the law being used to target doctors, journalists, lawyers, judges, and members of parliament.
Note that this law gives law enforcement the right to enable this tracking by whatever means they can, so it’s about giving the police the right to social engineer, hack, or use tools like Pegasus, there is no mandate on tech companies to alter their software to this for law enforcement.
This is nothing like mandating back doors, but it does set up a dangerous conflict of interest, one we’ve seen before with CIA leaks, the incentive to keep security vulnerabilities secret from the vendors, putting everyone at risk.
In the abstract, this sounds bad, but maybe this is better than what is happening in other major democracies now. E.g. in the US, there are secret courts and national security letters companies have to follow and can’t talk about, and we know lots of governments are buying tools like Pegasus.
So, is it really worse to put it into law, with clear rules, limitations, and oversight, than to just do it in secret like everyone else? Is France actually doing this better than its peers, rather than worse?
- French Assembly passes bill allowing police to remotely activate phone cameras and microphones for surveillance — www.engadget.com/…
- New French Bill Would Permit Law Enforcement Surveillance — www.bankinfosecurity.com/…
- Explained: The new law in France that will allow police to spy on its citizens — www.firstpost.com/…
- 🇺🇸 A US Federal District Judge has issued a controversial ruling that places an injunction on some branches of the federal government from even talking to social media companies about moderation. Legal opinion on the ruling appears to be that it’s broad, sweeping, and not based on law of precedent. Since this is a low-level federal court, appeals seem inevitable — www.cultofmac.com/…
- 🇷🇺 One of Russia’s biggest disinformation troll farms falls victim to the recent coup attempt: Prigozhin-controlled Russian media group shuts after mutiny — www.reuters.com/…
Just Because it’s Cool 😎
- Evidence to back Bart’s view that emoji have developed into their own language: Court rules ‘thumbs-up’ emoji counts as signing a contract — appleinsider.com/…
When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.
|A link to audio content, probably a podcast.
|A call to action.
|The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
|A link to graphical content, probably a chart, graph, or diagram.
|A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
|A link to an article behind a paywall.
|A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
|A tip of the hat to thank a member of the community for bringing the story to our attention.