Closing Out February With Some Reading

It’s been a bit. I’ve already broken my promise of aiming for a reading list every other although that shouldn’t be the point at which I simply stop. It’s a habit to be built and will take a bit of nursing to get up to full steam.

We’ve run into a ton of interesting stories since the last reading list so I’m going to do my best to bridge the gap without risking irrelevance. At any rate, these will still be small slices of news that I enjoyed the most whether it’s bleeding edge or a few weeks behind.

Facebook’s Bypassing of the Apple App Store for its ‘Research’ App

Wired & TechCrunch

I had to include two links for this story as the Wired article does a great job of giving you a broad sense of what is going on as well as the larger impact involved. TechCrunch’s article is incredibly detail dense and gives an informed understanding of what has happened and how it happened. Both are helpful to understanding the whole issue and were worthy of being linked here.

In short, Facebook has been caught publishing an app that bypasses App Store and gives it in-depth access to all data on the user’s phone. Along with its usage of corporate certificates to bypass the App Store, the bigger problem that was identified was that this app was being pushed to children as young as 13 for only $20 a month. I don’t think that I can overstate how serious this is since it abuses an enterprise solution for pushing out the custom applications without needing to publish them in the App Store all for the sake of siphoning personal information. The downstream impact for Facebook has been that their enterprise certificate has been revoked for a blatant abuse which is a strong response from an Apple that has postured against data brokers.

Facebook will shut down its spyware VPN app Onavo

TechCrunch

Following up from the ‘Research’ application, TechCrunch published a report on Facebook’s push to shut down its Onavo VPN app. While offering VPN services seems rather innocuous, it was identified that the application was being used by Facebook to grab information about its users. This practice essentially undermined the purpose of the VPN systems and abused users who otherwise would have been looking for privacy and simply weren’t tech savvy enough to understand exactly what Facebook was seeking with its Terms of Service. I know the immediate reaction here is the dogma of “if you’re not buying anything, you are the product”. While true, that oversimplifies the expectations that people have on the web more generally. I’m not for taking down Facebook. It serves a powerful purpose throughout the world but I do believe that there could be a useful push back against practices like this.

Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies

New York Times

In 2015, President Obama was able to strike a deal with Chinese leader, Xi Jinping, to curb Chinese state-sponsored industrial espionage. Prior, the worry was that China was siphoning data from American military contractors in order to alleviate provide to Chinese companies and alleviate the need for their own expensive research and development. While there had been some minor indicators of Chinese hackers in that time, it had remained rather quiet. As of late, we’ve begun to see a resurgence of Chinese industrial hacking alongside Iranian hackers who appear to be doing so in response to the United States pulling out of the Iranian nuclear deal. This is an early story now although I’m sure that we’ll continue to see more on this over coming months and years.

CR19-010: The United States vs. Huawei

SANS Internet Storm Center

This link isn’t a news article, rather a direct link to the indictment that just came down from US District Court against Chinese telecom hardware maker, Huawei. While I’m strongly recommending simply reading the indictment, it’s hard to not preface this with the understanding that this is an exceptionally damning disclosure against Huawei that shows that they were explicitly breaking agreements and condoning corporate espionage from the highest levels. It doesn’t help that this came on the heels of the Huawei executive’s arrest although maybe the $2600 foldable phone that they announced will be a good talking point so this stays out of the public’s eye.

Chinese company leaves Muslim-tracking facial recognition database exposed online

ZDNet

If you’ve been living in the West, it’s okay that you’re unfamiliar with the contentious practices of the Chinese government to the Uyghur population although the storm around the Uyghur question has only been intensifying with China’s efforts of tracking becoming known via the leak of a database left public online. While the government in China has been exceptionally optimistic towards technology and the impact that it can have on society, we’ve also started seeing the darker side of possible applications as well with Xinjiang operating as the test case for a repressive state. These practices appear to rightfully draw attention from citizens of nations around the world although we’ll unfortunately see more of this approach going forward.