{"id":25161,"date":"2022-01-23T14:33:01","date_gmt":"2022-01-23T22:33:01","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=25161"},"modified":"2022-01-23T14:38:57","modified_gmt":"2022-01-23T22:38:57","slug":"sb-2022-01-23","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2022\/01\/sb-2022-01-23\/","title":{"rendered":"Security Bits \u2014 23 January 2022"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>&#x1f1fa;&#x1f1f8; Un-redactions in an ongoing antitrust case against Google led by the state of Texas have revealed more details on how Google abuse their position of power in the ad world \u2014 in effect, they represent both parties in an auction they run and profit from and use that to inflate their earnings: <a href=\"https:\/\/www.wired.com\/story\/google-antitrust-ad-market-lawsuit\/\">www.wired.com\/\u2026<\/a><\/li>\n<li>Apple have patched the HomeKit bug we talked about last time: <a href=\"https:\/\/www.macobserver.com\/news\/product-news\/apple-ios-15-2-1\/\">Apple Releases iOS 15.2.1 Update That Fixes HomeKit Bug \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f1f7;&#x1f1fa; Russian authorities claim to have arrested key members of the REvil ransomware gang responsible for the Colonial Pipeline attack in the US \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/01\/14\/revil-ransomware-crew-allegedly-busted-in-russia-says-fsb\/\">nakedsecurity.sophos.com\/\u2026<\/a> &amp; <a href=\"https:\/\/krebsonsecurity.com\/2022\/01\/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; The bill to force side-loading on mobile devices continues to make its way through the legislative process, and Apple continue to be deeply unhappy about it \u2014 <a href=\"https:\/\/www.imore.com\/apple-slams-senate-antitrust-bills-over-major-consumer-harms\">www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 1 \u2014 &#x1f9ef; The Safari 15 Data Leak Bug Reported by FingerprintJS<\/h2>\n<p>The folks at FingerprintJS (a grey-hat company that sells browser fingerprinting services) have released details of a subtle privacy leak in Safari 15 on iOS &amp; macOS.<\/p>\n<p><strong>TL;DR<\/strong> \u2014 there is a leak, but it&#8217;s extremely limited, and nowhere near as bad as most of the headlines would make you believe.<\/p>\n<p>Cookies are an age-old mechanism for storing small snippets of unstructured data in our browsers. Websites had browsers cookies, and the browsers store them until the next time they visit the same website, at which point they hand them back. The information they store is literally a string of text.<\/p>\n<p>Modern web apps (so-called <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Progressive_web_apps\">progressive web apps<\/a>) have valid reasons for storing more data in a more structured way within the browser, so the <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/IndexedDB_API\/Using_IndexedDB\">IndexedDB<\/a> API was developed to allow JavaScript to store structured data in the browser.<\/p>\n<p>Like cookies and JavaScript in general, IndexedDB databases should be protected by browsers&#8217; <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy\">same-origin policy<\/a>. In Safari 15 that&#8217;s <em>almost<\/em> completely true, but not quite. Safari doesn&#8217;t leak the contents of one website&#8217;s local database to JavaScript running on another website (that would be a catastrophic failure), but it does leak the names of all the databases that exist, and the databases are named for the URLs of the web apps that created them. This means <strong>one website can know you use another website if an appropriately named IndexedDB database exists<\/strong>. Because the databases are named for the URLs that created them, and because some sites embed unique identifiers in their URLs, the database names also leak those identifiers. It would be a catastrophic security blunder to embed secrets in web app URLs, so these leaked IDs are not going to be things like keys or passwords, but more generic tokens like session or user IDs.<\/p>\n<p>Apple are aware of the bug and working on a fix.<\/p>\n<p>Until Apple patch this bug, it&#8217;s possible for a malicious website to know you use any other website that uses IndexedDB local storage, and depending on the site, also the user you log in as. No actual data is leaked.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li><a href=\"https:\/\/arstechnica.com\/?p=1826566\">Safari and iOS users: Your browsing activity is being leaked in real-time \u2014 arstechnica.com<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apples-working-fix-safari-bug-opened-your-browsing-history-websites\">Apple&#8217;s working to fix a Safari bug that opens your browsing history up to websites \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 2 \u2014 iCloud Private Relay Teething Troubles<\/h2>\n<p>It&#8217;s been a very confusing few weeks in terms of Apple&#8217;s iCloud Private Relay.<\/p>\n<p>First and foremost, remember this is still a beta feature!<\/p>\n<p>The first development was new that EU carriers asking the European Commission to ban iCloud relay because of <em>&#8216;digital sovereignty&#8217;<\/em> and because it hides data from them. I&#8217;ve tried to read their reasoning, but it just looks like technobabble to me. My honest opinion is that it&#8217;s intended to sound technical and intimidating, but not actually say anything, because they&#8217;re basically cranky about it preventing them spying on their customers to use monetise them as a second income stream.<\/p>\n<p>This was followed a few days later with reports that some American users were unable to use PrivateRelay, and that it was being blocked by carriers. Initially many in the tech press jumped to the conclusion that it must be American carriers being evil, but it turns out to be more complicated than that.<\/p>\n<p>There is still a lot of confusion, but some of all of the following three things are going on:<\/p>\n<ol>\n<li>Some carriers are intentionally disabling the feature for some customers, but for a really good reason \u2014 those customers have chosen to enable parental controls on their internet connection, and that&#8217;s literally impossible with PrivateRelay enabled. (How could the carrier filter web connections it can&#8217;t see?)<\/li>\n<li>There exists an obscure per-cellular-network toggle for controlling privacy protection that overrides the PrivateRelay toggle in the iCloud preferences. Some American users found that obscure toggle disabled, and it&#8217;s not at all clear why that is. It could be a setting pushed down by carriers.<\/li>\n<li>American carriers are claiming the latest version of iOS introduced a bug that&#8217;s disabling the feature. Apple has denied this, saying they didn&#8217;t change the PrivateRelay code at all in that update.<\/li>\n<\/ol>\n<p>The situation in Europe is clear as glass \u2014 the carriers want permission to prevent users protecting themselves from being spied on, but the situation in America is clear as mud, the carriers could be up to no good, or it could be a bug.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>&#x1f1ea;&#x1f1fa; <a href=\"https:\/\/www.imore.com\/eu-carriers-want-kill-icloud-private-relay-over-digital-sovereignty-worries\">EU carriers want to kill iCloud Private Relay over &#8216;digital sovereignty&#8217; worries \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; Some of the initial, then updated reporting from the US: <a href=\"https:\/\/9to5mac.com\/2022\/01\/10\/t-mobile-block-icloud-private-relay\/\">T-Mobile begins blocking iPhone users from enabling iCloud Private Relay in the US \u2014 9to5mac.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/arstechnica.com\/?p=1825105\">T-Mobile says it isn\u2019t widely blocking iCloud Private Relay \u2014 arstechnica.com<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.imore.com\/t-mobile-says-apple-blame-icloud-private-relay-being-blocked\">T-Mobile says Apple is to blame for iCloud Private Relay being turned off \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> a nice translation of Apple&#8217;s recent white paper on how iCloudRelay works from nerd-speak to human-speak: <a href=\"https:\/\/www.wired.com\/story\/how-apple-icloud-private-relay-works\/\">How Apple&#8217;s iCloud Private Relay Can Keep You Safe \u2014 www.wired.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>It was an important Patch Tuesday for Windows users: <a href=\"https:\/\/krebsonsecurity.com\/2022\/01\/wormable-flaw-leads-january-2022-patch-tuesday\/\">\u2018Wormable\u2019 Flaw Leads January 2022 Patch Tuesday \u2014 krebsonsecurity.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/01\/12\/wormable-windows-http-hole-what-you-need-to-know\/\">Wormable Windows HTTP hole \u2013 what you need to know \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/01\/14\/serious-security-linux-full-disk-encryption-bug-fixed-patch-now\/\">Serious Security: Linux full-disk encryption bug fixed \u2013 patch now! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/01\/11\/home-routers-with-netusb-support-could-have-critical-kernel-hole\/\">Home routers with NetUSB support could have critical kernel hole \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/red-cross-data-breach\/\">Red Cross Data Breach Affects 515,000 Vulnerable People \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>A timely reminder on the dangers of plugging in random USB devices: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware\/\">FBI: Hackers use BadUSB to target defense firms with ransomware \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>QR-code-based scams are on the rise, so remember that scanning a QR code is the equivalent of clicking a link, and check the URL when you arrive: <a href=\"https:\/\/www.macobserver.com\/tips\/beware-of-fake-qr-codes\/\">Beware of Fake QR Codes on Parking Meters That Steal Your Money \u2014 www.macobserver.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> &#x1f3a7; <a href=\"https:\/\/overcast.fm\/+HLr6JlyVY\">Checklist 263: Avoiding QR Code Phishing Scams \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>If you use Teslamate to monitor your Tesla&#8217;s stats, be sure to patch, because a German teen found a nasty vulnerability which has now been patched \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/teen-hacker-finds-way-to-control-teslas-remotely\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>I was curious how long Apple would allow people stay on iOS 14, now we know: <a href=\"https:\/\/www.imore.com\/apple-no-longer-letting-people-stay-ios-14-prompts-ios-15-update-instead\">Apple is no longer letting people stay on iOS 14, prompts iOS 15 update instead \u2014 www.imore.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/apple-says-it-was-never-going-let-people-ignore-ios-15-forever\">Apple says it was never going to let people ignore iOS 15 forever \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> Apple have updated earlier security bulletins to add more detail about the vulnerabilities iOS 15 fixes \u2014 <a href=\"https:\/\/www.imore.com\/major-iphone-security-flaws-fixed-ios-15-revealed-apple\">www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1ec;&#x1f1e7; The UK government has paid over half a million pounds for an ad campaign designed to turn the public against end-to-end encryption. The released documents reveal government officials asserting that the public are ignorant of the facts, so they are vulnerable to manipulation. The agency was also instructed to be careful not to trigger a debate on law enforcement -v- privacy and security tradeoffs \u2014 <a href=\"https:\/\/www.rollingstone.com\/culture\/culture-news\/revealed-uk-government-publicity-blitz-to-undermine-privacy-encryption-1285453\/\">www.rollingstone.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> hopefully all the publicity this story is getting will make UK residents less <em>vulnerable<\/em> to this government disinformation campaign. And yes, I do mean disinformation rather than misinformation \u2014 I consider this malicious propaganda because the intention is explicitly to avoid debate and hinder public understanding of the issues)\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.intego.com\/mac-security-blog\/10-ways-end-to-encryption-protects-your-data-your-privacy-and-your-bank-balance\/\">10 Ways End-to-Encryption Protects Your Data, Your Privacy, and Your Bank Balance \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; After years of fraud powered by identity theft, the US IRS is moving to tighten security for online filing by out-sourcing verification to a private company, ID.me \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2022\/01\/irs-will-soon-require-selfies-for-online-access\/\">IRS Will Soon Require Selfies for Online Access \u2013 Krebs on Security \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; A US court has found that cyber insurance companies can&#8217;t just declare a cyber-attack <em>cyberwar<\/em> so as to get out of paying up: <a href=\"https:\/\/www.macobserver.com\/news\/merck-wins-dispute-notpetya\/\">Merck Wins Court Dispute Over \u2018NotPetya\u2019 Attack \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f1ea;&#x1f1fa; A court in Austria has found that as it&#8217;s currently deployed, Google Analytics breaches the GDPR, and is hence not legally usable within the EU. There are similar cases pending in other European courts, if they go the same way, enforcement is likely, and Google may be forced to finally allow customers choose where their data is stored \u2014 <a href=\"https:\/\/tutanota.com\/blog\/posts\/google-analytics\/\">tutanota.com\/\u2026<\/a><\/li>\n<li>Mozilla is partnering with journalists at <em>The Markup<\/em> to run the <em>Facebook Pixel Hunt<\/em> a study to track Facebook&#8217;s tracking \u2014 <a href=\"https:\/\/rally.mozilla.org\/current-studies\/facebook-pixel-hunt\/index.html\">rally.mozilla.org\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.macobserver.com\/link\/protonmail-blocks-tracking-pixels\/\">ProtonMail Now Blocks Tracking Pixels and Hides Your IP address \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1e9;&#x1f1ea; <a href=\"https:\/\/torrentfreak.com\/adblocking-does-not-constitute-copyright-infringement-court-rules-220118\/\">Adblocking Does Not Constitute Copyright Infringement, Court Rules \u2014 torrentfreak.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.macobserver.com\/news\/congress-introduces-tldr-bill\/\">Congress Introduces \u2018TLDR\u2019 Bill to Combat Confusing Terms of Service \u2014 www.macobserver.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> it would be really nice if this became law, and was adopted in other countries too. Also, top-marks  for a world-class <a href=\"https:\/\/en.wikipedia.org\/wiki\/Backronym\">backronym<\/a>: &#8216;Terms Of Service Labeling, Design, and Readability Act&#8217;)<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/objective-see-goes-non-profit\/\">Mac Security Tools Company \u2018Objective-See\u2019 Goes Non-Profit \u2014 www.macobserver.com\/\u2026<\/a> (This is Patrick Wardle&#8217;s company)<\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>A nice breakdown of what Apple&#8217;s <em>Legacy Contacts<\/em> feature does and doesn&#8217;t allow access to \u2014 <a href=\"https:\/\/www.imore.com\/what-information-apple-id-legacy-contacts-access\">www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; A good explanation of why many period trackers violate user privacy for profit: <a href=\"https:\/\/overcast.fm\/+Ys-3v3Bxw\">Short Wave: When Tracking Your Period Lets Companies Track You \u2014  overcast.fm\/\u2026<\/a> (Also, Shortwave is an excellent short daily science podcast I highly recommend)<\/li>\n<li>An actively maintained list of known Pegasus spyware victims \u2014 <a href=\"https:\/\/www.haaretz.com\/israel-news\/MAGAZINE-nso-pegasus-spyware-file-complete-list-of-individuals-targeted-1.10549510\">www.haaretz.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>Some worthy reads on the current AirTags panic\n<ul>\n<li><a href=\"https:\/\/www.macstories.net\/linked\/are-airtags-causing-stalking-or-making-us-more-aware-of-it\/\">Are AirTags Causing Stalking or Making Us More Aware of It? &#8211; MacStories \u2014 www.macstories.net\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/tidbits.com\/2022\/01\/11\/airtags-hidden-stalking-menace-or-latest-overblown-urban-myth\/\">AirTags: Hidden Stalking Menace or Latest Overblown Urban Myth? \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/blog.mollywhite.net\/blockchains-are-not-what-they-say\/\">Blockchain-based systems are not what they say they are \u2014 blog.mollywhite.net\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>&#x1f3a6; A physicist on TikTok explains how gravity is the weakest of the forces &#8211; shared by Allison and recommend following @evanthorizon: <a href=\"https:\/\/www.tiktok.com\/@evanthorizon\/video\/7055416495089847599\">www.tiktok.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. &#x1f1fa;&#x1f1f8; Un-redactions in an ongoing antitrust case against Google led by the state of Texas have revealed more details on how Google abuse their position of power in the ad world \u2014 in effect, [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[5032,5033,2079,5031,50,569],"class_list":["post-25161","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-fingerprintjs","tag-icloud-private-relay","tag-patch","tag-safari-leak-bug","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=25161"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25161\/revisions"}],"predecessor-version":[{"id":25171,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25161\/revisions\/25171"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=25161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=25161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=25161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}