09 November 2023

Apple's LIES: iPhones have been exposing your unique MAC despite Apple’s promises otherwise

“From the get-go, this feature was useless,” researcher says of feature put into iOS 14.


Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised. Despite promises that this never-changing address would be hidden and replaced with a private one that was unique to each SSID, Apple devices have continued to display the real one, which in turn got broadcast to every other connected device on the network.

The problem is that a Wi-Fi media access control address—typically called a media access control address or simply a MAC—can be used to track individuals from network to network, in much the way a license plate number can be used to track a vehicle as it moves around a city. Case in point: In 2013, a researcher unveiled a proof-of-concept device that logged the MAC of all devices it came into contact with. The idea was to distribute lots of them throughout a neighborhood or city and build a profile of iPhone users, including the social media sites they visited and the many locations they visited each day.

In the decade since, HTTPS-encrypted communications have become standard, so the ability of people on the same network to monitor other people's traffic is generally not feasible. Still, a permanent MAC provides plenty of trackability, even now.

As I wrote at the time:

Enter CreepyDOL, a low-cost, distributed network of Wi-Fi sensors that stalks people as they move about neighborhoods or even entire cities. At 4.5 inches by 3.5 inches by 1.25 inches, each node is small enough to be slipped into a wall socket at the nearby gym, cafe, or break room. And with the ability for each one to share the Internet traffic it collects with every other node, the system can assemble a detailed dossier of personal data, including the schedules, e-mail addresses, personal photos, and current or past whereabouts of the person or people it monitors.

In 2020, Apple released iOS 14 with a feature that, by default, hid Wi-Fi MACs when devices connected to a network. Instead, the device displayed what Apple called a “private Wi-Fi address” that was different for each SSID. Over time, Apple has enhanced the feature, for instance, by allowing users to assign a new private Wi-Fi address for a given SSID.

On Wednesday, Apple released iOS 17.1. Among the various fixes was a patch for a vulnerability, tracked as CVE-2023-42846, which prevented the privacy feature from working. Tommy Mysk, one of the two security researchers Apple credited with discovering and reporting the vulnerability (Talal Haj Bakry was the other), told Ars that he tested all recent iOS releases and found the flaw dates back to version 14, released in September 2020.

“From the get-go, this feature was useless because of this bug,” he said. “We couldn't stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode.”

When an iPhone or any other device joins a network, it triggers a multicast message that is sent to all other devices on the network. By necessity, this message must include a MAC. Beginning with iOS 14, this value was, by default, different for each SSID.

To the casual observer, the feature appeared to work as advertised. The “source” listed in the request was the private Wi-Fi address. Digging a little further, however, it became clear that the real permanent MAC was still broadcast to all other connected devices, just in a different field of the request.

Mysk published a short video showing a Mac using the Wireshark packet sniffer to monitor traffic on the local network the Mac is connected to. When an iPhone running iOS prior to version 17.1 joins, it shares its real Wi-Fi MAC on port 5353/UDP.


In fairness to Apple, the feature wasn't useless, because it did prevent passive sniffing by devices such as the above-referenced CreepyDOL. But the failure to remove the real MAC from port 5353/UDP still meant that anyone connected to a network could pull the unique identifier with no trouble.

The fallout for most iPhone and iPad users is likely to be minimal, if at all. But for people with strict privacy threat models, the failure of these devices to hide real MACs for three years could be a real problem, particularly given Apple's express promise that using the feature "helps reduce tracking of your iPhone across different Wi-Fi networks."

Apple hasn’t explained how a failure as basic as this one escaped notice for so long. The advisory the company issued Wednesday said only that the fix worked by “removing the vulnerable code.”

This post has been updated to add paragraphs 3 and 11 to provide additional context.

Source: arstechnica

07 November 2023

Adobe tells users they can get sued for using old versions of Photoshop

You bought it, you own it? Think again!

Adobe Tells Users They Can Get Sued for Using Old Versions of Photoshop


"You are no longer licensed to use the software," Adobe told them. 

Adobe is warning some owners of its Creative Cloud software applications that they’re no longer allowed to use older versions of the software. It’s yet another example of how in the modern era, you increasingly don’t actually own the things you’ve spent your hard-earned money on.

Adobe this week began sending some users of its Lightroom Classic, Photoshop, Premiere, Animate, and Media Director programs a letter warning them that they were no longer legally authorized to use the software they may have thought they owned.

“We have recently discontinued certain older versions of Creative Cloud applications and and a result, under the terms of our agreement, you are no longer licensed to use them,” Adobe said in the email. “Please be aware that should you continue to use the discontinued version(s), you may be at risk of potential claims of infringement by third parties.” Users were less than enthusiastic about the sudden restrictions.

[ ](https://twitter.com/KupoGames/status/1126905276693667841/photo/1?refsrc=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1126905276693667841&refurl=https%3A%2F%2Fappleinsider.com%2Farticles%2F19%2F05%2F13%2Fadobe-warning-of-legal-problems-if-users-keep-using-old-versions-of-creative-cloud-apps)The company didn’t inform users why they needed to discontinue use of the software, but the company’s Twitter account indicated the issue stems from “ongoing litigation.” AppleInsider, which first reported the notices, pointed to a copyright lawsuit filed last year by Dolby Labs.

In a controversial move, Adobe pivoted away from the standard software model to the cloud-based subscription model in 2013, resulting in notably higher revenues (and higher prices for customers). Dolby’s lawsuit accused Adobe of copyright violations related to how the licensing costs Adobe paid to Dolby would be calculated under this new model. In a statement to Motherboard, Adobe confirmed the letter's authenticity, but wouldn’t provide any additional detail beyond what was included in the notices. It’s yet another example of how the products we buy in the modern era can lose functionality or stop working entirely on a lark. Be it a game console that loses features with a firmware update or entertainment products that just suddenly disappear, it’s a problem that’s increasing popping up in the always online era.

Dylan Gilbert, a copyright expert with consumer group Public Knowledge, said in this instance users aren’t likely to have much in the way of legal recourse to the sudden shift. “Unless Adobe has violated the terms of its licensing agreement by this sudden discontinuance of support for an earlier software version, which is unlikely, these impacted users have to just grin and bear it,” Gilbert said. Gilbert noted that consumers now live in a world in which consumers almost never actually own anything that contains software. In this new reality, end users are forced to agree to “take it or leave it” end user license agreements (EULAs), in which the licensor can change its terms of service without notice. “Even if Adobe is fully in the right here with regard to the Dolby dispute, it has the power to force its customers to upgrade to newer more expensive versions at its whim, which illustrates the undue power and influence of EULAs over the lives of consumers,” Gilbert said. “We should be able to own the things we buy.” Activist, author, and copyright expert Cory Doctorow agreed, telling Motherboard in an email that this kind of thinking has increasingly permeated countless sectors, including DRM-based media, software as a service, and even client-server games. Both Doctorow and Gilbert noted that this kind of shifting landscape can often be particularly problematic for artists and creators, who often don’t want to risk ongoing projects by suddenly jumping to new versions of software that may contain unforeseen bugs.

“When your tools are designed to treat you as a mere tenant, rather than an owner, you're subject to the whims, machinations, and unforeseeable risks of the landlord from whom you rent,” Doctorow noted. “And your legal rights are likely defined by a ‘contract’ that you clicked through a million years ago, which says that you agree that you don't have any legal rights.” It’s a comical, lopsided arrangement that copyright experts say isn’t changing anytime soon, leaving consumers with only one real option: when possible, don’t buy products from companies with a history of pulling the carpet out from beneath your feet.

Source: vice.com




06 November 2023

How a foreign entity removed Australian parliamentary records from the internet


MANY people believe that Australians live in a democratic nation, but the reality is far from this.

People may also believe that 'free speech' is available to them on this medium called the internet.

One way of describing the reality we live in is that of a totalitarian, fascist corporatocracy both in reality and on the ether.

Parliamentary speeches are a public record, and most importantly, hansards are legal documents.

Australian parliamentary member Craig Kelly, had his recorded parliamentary speeches expunged from 'his' YouTube channel, meaning his voice on the Google's platform was removed.

See 2 hour interview with Craig Kelly within the following link:


Now that's not very 'democratic' is it?

It's more of a sinister agenda.


Good allegedly has or 'had' a motto: "Don't be evil". Is this because it has the capacity to easily be evil?

Well, Google is factually 'evil', where it lies, i.e. provides false information, deceives its users and is responsible for slowing down the internet and saturating user's bandwidth with approximately 60% advertising material.

For privacy and security Google products are not recommended, such as spyware loaded smartphones using Google's Android, such as the ones made by Samsung, Motorola, Nokia etc.