Apple – A Geek With Guns

It’s a Tracking Device, Not a Smartphone

I like to refer smartphones as voluntary tracking devices. Cellular technology provides your location to the network provide as a side effect. Smartphones can also leak your location through other means. But location isn’t the only type of information collected by smartphones. Android has a sordid reputation when it comes to data collection. Part of this is because Google’s primary business is collecting information to sell to advertisers. Another part is that handset manufacturers can bake additional data collection into their Android devices. Another part is that Android lacked granular application permissions until more recent versions, which allowed application developers to collect more information.

Apple on the other hand has enjoyed a much better reputation. Part of this is because Apple’s primary business model was selling hardware (now its primary business model is selling services). But Apple also invested a lot in securing its platform. iOS provided users more granular control over what applications could access earlier than Android. It also included a lot of privacy enhancements. However, Apple’s reputation isn’t as deserved as one might think. Research shows that iOS collects a lot of information:

“Both iOS and Google Android share data with Apple/Google on average every 4.5 [minutes],” a research paper published last week by Trinity College in Dublin says. “The ‘essential’ data collection is extensive, and likely at odds with reasonable user expectations.”

Much of this data collection takes place after the phone is first turned on, before the user logs into an Apple or Google account, and even when all optional data-sharing settings are disabled.

“Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” the paper adds. “However, Google collects a notably larger volume of handset data than Apple.”

I can’t say that this surprises me. Apple is a publicly traded company, which means its executives are beholden to share holders interested almost exclusively in increasing the price of their shares. That means Apple’s executives needs to constantly increase the company’s revenue. User information is incredibly valuable. Mark Zuckerberg made a multi-billion dollar company out of collective user information. So it was unrealistic to expect Apple to leave that kind of potential revenue on the table. Even if Apple isn’t currently selling the information, it can start at any time. Moreover, if it has the information, it can be obtained by state agents via a warrant.

This brings up an obvious question. What smartphone should individuals concerned about privacy get? Unfortunately, Android and iOS are the two biggest players in the smartphone market. They are also the only two players readily available to consumers who aren’t tech savvy. GrapheneOS is an example of an Android version that offers better privacy than the stock versions found on most devices. But using it requires buying a supported Pixel and flashing GrapheneOS to it yourself. There are also phones that run mainline Linux such as the PinePhone and Librem 5. The problem with those devices is the state of the available software. Mainline Linux distributions designed for those phones are still in development and likely won’t meet the needs of most consumers.

Right now the market looks grim if you want a smartphone, are concerned about privacy, and aren’t tech savvy enough to flash third-party firmware to your phone.

Apple Gives Users More Time to Migrate

After doubling and tripling down on its decision to integrate spyware into iOS, Apple has announced a delay:

Apple provided this statement to Ars and other news organizations today:

Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material [CSAM]. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.

As the Electronic Frontier Foundation explains, a delay isn’t good enough. However, the delay grants iOS users more time to plan their migration. I’m happy to say that my migration has gone well. I received my Pixel 4a and flashed it with GrapheneOS. My initial impressions are very good. I’ll post a detailed initial impression after a few more days of usage. With that said, there are a handful of options available to those wishing to flee Apple’s new surveillance obsession.

I opted for a Google-free Android Open Source Project (AOSP) ROM. Android is a mature and widely support mobile operating system. It offers near feature parity with iOS since the two platforms have been copying from each other since their early days (both also copied a lot of the best ideas offered by Palm WebOS). The biggest flaw in Android is Google. Google-free AOSP ROMs such as LineageOS, /e/OS, GrapheneOS, and CalyxOS keep the good features offered by Android while removing the Google taint.

Another option is a mainline Linux phone like the PinePhone or Librem 5. Neither platform is mature enough to meet my current daily needs, but they might be mature enough to meet your daily needs. They’re worth investigating and I hope to eventually migrate from Google-free Android to a mainline Linux phone.

If you’re one of those odd ducks who uses their cellphone solely as a phone, an old-school dumbphone is worth considering. Because of how simple they are, dumbphones offer a limited attack surface (keep in mind that security updates on dumbphones are rare so if a major flaw exists, the only solution may be to buy a different phone) and aren’t capable of store even a faction of the personal information that smartphones can. They’re also dirt cheap and frequently more durable than smartphones. The tradeoff is they don’t offer any means of secure communications. You can’t install Element, Signal, or any other secure messaging application on them. But if you don’t use those, that’s probably not a deal breaker.

My suggestion to iOS users (and every other computing platform user) is to develop a migration plan if you haven’t already. I try to have at least one migration plan at hand for any computing platform I use. For example, when I was using a Mac, I had a migration plan for moving to Linux. It didn’t end up being an urgent need, but when I finally decided to upgrade from my 2012 MacBook Pro and Apple didn’t offer anything acceptable to me, I already had a plan. Now I use Fedora running on a ThinkPad and have a plan to migrate from that if needed.

When I ran iOS I also had a migration plan. My plan was to migrate to a mainline Linux phone. I knew this plan was a gamble because it would be a few years until such devices were mature enough for my daily use. Because of that I kept a list of Google-free AOSP ROMs and phones capable of running them. When Apple announced its surveillance plan, my migration plan to a mainline Linux phone wasn’t yet feasible. I had to bring myself more up to speed on AOSP ROMs and phones, but I was able to migrate away from iOS within a week of Apple’s announcement.

Apple didn’t provide a time frame for when it will introduce spyware to iOS. It could be months or years before Apple introduces it or the company could spring it on users with no warning. If you have a migration plan ready, you can react even if Apple gives no advanced warning. If Apple pushes back its surveillance plan indefinitely, you can continue using iOS (if you still trust Apple, which I don’t) knowing you’re ready to move if needed.

Apple Adds Big Brother to iOS

There are two dominate smartphone operating systems: Google’s Android and Apple’s iOS. Google’s business model depends on surveilling users. Apple has exploited this fact by making privacy a major selling point in its marketing material. When it comes to privacy, iOS is significantly better than Android… at least it was. Today it was revealed that Apple plans to add a feature to iOS that surveils users:

Child exploitation is a serious problem, and Apple isn’t the first tech company to bend its privacy-protective stance in an attempt to combat it. But that choice will come at a high price for overall user privacy. Apple can explain at length how its technical implementation will preserve privacy and security in its proposed backdoor, but at the end of the day, even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is still a backdoor.

[…]

There are two main features that the company is planning to install in every Apple device. One is a scanning feature that will scan all photos as they get uploaded into iCloud Photos to see if they match a photo in the database of known child sexual abuse material (CSAM) maintained by the National Center for Missing & Exploited Children (NCMEC). The other feature scans all iMessage images sent or received by child accounts—that is, accounts designated as owned by a minor—for sexually explicit material, and if the child is young enough, notifies the parent when these images are sent or received. This feature can be turned on or off by parents.

When Apple releases these “client-side scanning” functionalities, users of iCloud Photos, child users of iMessage, and anyone who talks to a minor through iMessage will have to carefully consider their privacy and security priorities in light of the changes, and possibly be unable to safely use what until this development is one of the preeminent encrypted messengers.

I’ve been pleasantly surprised by the amount of outrage I’ve seen online about this feature. I expected most people to praise this feature out of fear of being labeled a defender of child pornography if they criticized it. But even comments on Apple fanboy sites seem to be predominantly against this nonsense.

This move once again demonstrates the dangers of proprietary platforms. If, for example, a Linux distro decided to include a feature like this, users would have a number of options. They could migrate to another distro. They could rip the feature out. They could create a fork of the distro that didn’t include the spyware. This is because Linux is an open system and users maintain complete control over it.

Unfortunately, there aren’t a lot of options when it comes to open smartphones. The options that do exist aren’t readily accessible to non-technical users. Android Open Source Projects, which are versions of Android without Google’s proprietary bits, like LineageOS and GrapheneOS don’t come preinstalled on devices. Users have to flash those distros to supported devices. Smartphones developed to run mainline Linux like the PinePhone and Librem 5 still lack stable software. Most people are stuck with spyware infested smartphone. Exacerbating this issue is the fact that smartphones, unlike traditional x86-based computers, are themselves closed platforms (which is not to say x86-based platforms are entirely open, but they are generally much more open that embedded ARM devices) so developing open source operating systems for them is much harder.

Linux on a 2010 Mac Mini Part Two

Last week I mentioned my adventure of installing Linux on a 2010 Mac Mini. Although Ubuntu 18.10 did install and was working for a few days an update left the system unusable. After an update towards the end of last week the system would only boot to a black screen. From what I gathered online I wasn’t the only person who ran into this problem. Anyways, I ended up digging into the matter further.

I once again tried installing Fedora. When I tried to install Fedora 29, I was unable to stop it from booting to a black screen so I decided to try Fedora 28. Using basic graphics mode I was able to get Fedora 28 to boot to the live environment and from there install Fedora on the Mac Mini. After installation I was able to get my Fedora installation to boot. However, when I tried to install the Nvidia driver from RPM Fusion, the system would only boot to a black screen afterwards. I tried installing the Nvidia driver via the negativo17 repository but didn’t expect it to work since the driver distributed from that repository is based on version 418 and the last driver to support the Mac Mini’s GeForce 320M was version 340. Things went as expected. I then tried installing the Nvidia driver manually using a patched version of the 340 driver from here. Unfortunately, that driver doesn’t work with the 4.20 kernel so that was a no go as well.

The reason I hadn’t tried to install the Nvidia driver manually before was because I didn’t want to deal with supporting the setup in the future. As I was trying to install it using the previously linked instructions I felt justified because the guide isn’t nearly as straight forward as installing the driver from a repository. It became a moot point since manual installation didn’t work but it did make me think about the fact that any solution I settled upon would need to be maintained, which lead me to the idea of using Ubuntu 18.04 LTS. The LTS versions of Ubuntu are supported by Canonical for five years so if I could get 18.04 installed, the setup would have a decent chance of working for five years.

After passing the kernel the “nouveau.modeset=0” argument, just as I had to do with 18.10, I was able to boot into a live environment and install 18.04 to the hard drive. Likewise, I had to use the “nouveau.modeset=0” argument to boot into the installation. Once I was booted into the installation I was able to use “sudo apt install nvidia-340” to install the 340 version of the Nvidia driver. After rebooting everything worked properly. I’m hoping that future updates will be less likely to break this setup since the LTS releases of Ubuntu tend to be more stable than non-LTS versions.

So, yeah, if you want to get a currently supported Linux distro running on a 2010 Mac Mini, take a look at Ubuntu 18.04. It might be your best bet (if it continues to run properly for the next month or so, I’ll say it is your best bet).

Linux on a 2010 Mac Mini

I prefer repurposing old computers to throwing them away. A while ago I acquired a 2010 Mac Mini for $100. It has worked well. I even managed to install macOS Mojave on it using this patcher. However, I wanted to try installing Linux on it.

I first tried installing my go-to distro, Fedora (version 29 to be specific). Unfortunately, I immediately ran into problems. The Mac Mini has an Nvidia card that doesn’t play nicely with the nouveau driver in the kernel so I couldn’t bring up a graphical environment (I just got a black screen with a blinking cursor in the upper left corner). I tried booting the Fedora live distro with the “nouveau.modeset=0” parameter but to no avail.

So I decided to try Ubuntu (18.10). Ubuntu also initially failed to boot but it at least gave me an error message (related to the nouveau driver). When I booted it with the “nouveau.modeset=0” parameter I was able to get to the graphical interface and install Ubuntu. After installation I once again booted with the “nouveau.modeset=0” parameter and install Nvidia’s proprietary driver. After that the system now boots into Ubuntu without any trouble (installing the Nvidia driver also enabled audio output through HDMI).

If you’re having trouble installing Linux on a 2010 Mac Mini, try Ubuntu and try passing the “nouveau.modeset=0” parameter when booting and you may have better luck.

If You’re Good at Something, Never Do It for Free

A minor controversy has developed in the macOS world. Linuz Henze, a security researcher, has discovered a vulnerability in Keychain for macOS that allows an attacker to access stored passwords. However, Henze isn’t providing the details to Apple because Apple’s bug bounty program, for some stupid reason, doesn’t cover macOS vulnerabilities:

Security researcher Linuz Henze has shared a video demonstration of what is claimed to be a macOS Mojave exploit to access passwords stored in the Keychain. However, he has said he is not sharing his findings with Apple out of protest.

Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility.

However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.

Some people aren’t happy with Henze’s decision because his refusal to provide the exploit to Apple will make it harder for the company to fix the vulnerability. What these people are forgetting is that Henze isn’t refusing to provide the exploit to Apple, he’s refusing to provide it for free. In other words, he wants to be paid for his work. I don’t know many people who would willingly work for free. I certainly wouldn’t. Unless you would, you really should put the blame for this on Apple for refusing to pay for macOS exploits.

Disable FaceTime

If for some inexplicable reason you own an Apple device and haven’t already disabled FaceTime, you should do so now:

Users have discovered a bug in Apple’s FaceTime video-calling application that allows you to hear audio from a person you’re calling before they accept the call—a critical bug that could potentially be used as a tool by malicious users to invade the privacy of others.

You don’t want a caller to hear you bitching them out for being inconsiderate by calling you instead of having the decency to send a text message.

Corporate Euphemisms

Apple’s quest to make its products thinner at any cost is once again making some customers unhappy. There have been reports of iPad Pros arriving bent out of the box. I would be unhappy even if a $100 table arrived bent out of the box so it shouldn’t be surprising that I’d be unhappy if an $800+ tablet arrived bent out of the box. But now that Apple is positioning itself as a luxury products company, it’s striving to provide the same level of customer satisfaction as, say, Patek Philippe, right? After all, if you purchased a new Patek Philippe watch and it had any defect whatsoever, the company would likely bend over backwards to remedy the situation since it knows that, as a luxury products company, it lives an dies by its reputation for customer satisfaction. If you believed that, you would be incorrect.

Instead of addressing the issue of bent iPad Pros, Apple has taken the route of using corporate euphemisms to explain why bent iPad Pros are something with which customers will just have to live:

These precision manufacturing techniques and a rigorous inspection process ensure that these new iPad Pro models meet an even tighter specification for flatness than previous generations. This flatness specification allows for no more than 400 microns of deviation across the length of any side — less than the thickness of four sheets of paper. The new straight edges and the presence of the antenna splits may make subtle deviations in flatness more visible only from certain viewing angles that are imperceptible during normal use. These small variances do not affect the strength of the enclosure or the function of the product and will not change over time through normal use.

That’s a lot of words to say your brand new $800+ iPad Pro may arrive at your doorstep bent.

This issue reminds me a lot of the issue with the iPhone 4 where holding it in your left hand could cause cellular signal degradation (and thus drop your call). Instead of addressing the issue right away, Steve Jobs tried to argue that the solution was to hold the phone “correctly.” Eventually Apple opted for the half-assed solution of providing a free case, which was at least better than publishing an official page that used a lot of words to try to hand wave the problem away.

Between this and the high failure rate of the MacBook butterfly switch keyboards, Apple is having a rough start to its transition from a consumer electronics company into a luxury products company.

You’re Unboxing It Wrong

Apple has spent the last couple of years transitioning itself from a consumer electronics company to a luxury products company. For the most part it has been doing a good job of this. The company’s attention to detail on its products is easy to see. However, when you’re a luxury products company, expectations go up. Somebody who buys a Seiko 5 isn’t likely to throw a fit because the second hand doesn’t sweep smoothly. Somebody who spends the big bucks on a Rolex is probably going to be unhappy if their second hand isn’t gliding smoothly over the watch face. Likewise, somebody who buys an Amazon Fire table is probably willing to tolerate a number of limitations and defects. Somebody who spends no less than $799 on an iPad Pro is probably going to be unhappy if their brand new tablet is bent out of the box:

Apple has confirmed to The Verge that some of its 2018 iPad Pros are shipping with a very slight bend in the aluminum chassis. But according to the company, this is a side effect of the device’s manufacturing process and shouldn’t worsen over time or negatively affect the flagship iPad’s performance in any practical way. Apple does not consider it to be a defect.

The thing about being a luxury products company is that you need to make your customers feel special. Telling them that they have to live with a defect on a brand new product isn’t going to fly, especially when your cheaper competitors are apt to replace new products that have any kind of defect whatsoever (if you received a slightly bent Fire table, Amazon would probably get a replacement heading your away immediately).

Apple’s response on this matter is reminiscent of Steve Jobs’s response to people complaining about the iPhone 4 dropping calls when they held it in their left hand (for those who don’t know, he told them that they were holding it wrong). That might have flown when the iPhone was a reasonably priced option on the market but I have my doubts that such a cavalier attitude is going to fly now that Apple’s products are priced as high as they are.

Apple’s Diminishing Quality

Yesterday I was asked to recommend an Apple laptop (the laptop was going to somebody with a learning disability so the hurdle of transitioning them to a non-Apple platform was great and not a realistic option). As I was making my recommendation it really struck me just how far Apple’s laptops have fallen in the last few years.

In the past when somebody asked me if they should get AppleCare, I usually recommended against doing so. Apple’s laptops were pretty reliable and when they did fail, they could usually be repaired.

Apple’s current lineup has a significant problem. The new slim butterfly keyboards are notoriously fragile. A mere piece of debris getting under a key cap is enough to disable that key. This wouldn’t be a problem with a normal laptop keyboard because there is enough clearance to easily remove most debris that gets caught under a keycap. Moreover, even if the debris cannot be easily remove, the keycap usually can, which allows you to remove the offending debris. Getting a keycap off of a butterfly keyboard without wrecking the fragile butterfly mechanism isn’t easy. And if you do damage the mechanism, you’re stuck replacing the entire keyboard and that requires breaking a bunch of rivets that hold the keyboard to the top of the casing. This is why Apple replaces the entire top case when the keyboard needs to be replaced.

So you have a keyboard that cannot be serviced and has a high probability of failing. Strike one.

Strike two is the solid state drive (SSD). Apple no longer utilizes modular SSDs. Instead their SSDs are soldered to the mainboard. With SSDs failure is a matter of when, not if. This is because flash memory cells can only handle so many erase operations. SSD manufacturers attempt to prolong the life of their product with wear leveling but that only means that the time between failures is extended, it’s not eliminated. This isn’t a big deal with modular SSDs. If an SSD is modular and croaks, you replace the dead SSD with a new one. When an SSD that is soldered to the mainboard croaks, you end up having to replace the entire mainboard. Since the mainboard also has the processor and graphics card soldered to it, you necessary end up replacing those pricey components as well. What used to be a relatively cheap unavoidable repair has become an extremely expensive unavoidable repair.

Recommending an Apple laptop has become an exercise in presenting the least bad option. An expensive repair is a matter of when, not if. The keyboard is likely to suffer a premature death because of its design and lack of repairability. If the keyboard survives, the SSD will eventually die, necessitating replacing the entire mainboard (and thus the processor and graphics card). Instead of recommending a computer that I know will likely leave the buyer happy for years to come, recommending an Apple laptop involves tagging on a great number of caveats and warnings so that when the buyer is looking at an absurd repair bill, they aren’t doing so unexpectedly.