Stop iPhone calls from ringing on other iDevices

Fortunately, you can turn it off. Here’s how:

Step 1: Starting with your own iPhone, tap the Settings icon, then scroll down until you find FaceTime.

facetime-iphone-cellular-calls-setting.jpg
Turn this setting off on all your iDevices.Screenshot by Rick Broida/CNET

Step 2: Tap it, then disable iPhone Cellular Calls.

Step 3: Repeat the process on every other iDevice that’s ringing when it shouldn’t be.

Presto! Calls will now go only to the phone number that was dialed. At least, that was my outcome. Your mileage may vary, of course, as there are some additional iOS settings that can affect the way calls and apps are shared. (There’s at least one Apple discussion thread devoted to this very topic.)

Apple faces dumb lawsuit over the size of iOS 8

iOS 8 has had its share of problems, and now we can throw one more on the pile: a lawsuit. Two plaintiffs have filed a suit claiming their 16GB iPhones and iPads don’t actually come with 16GB of storage, and iOS 8 takes up too much space—and Apple should make that clearer, in case we are all idiots who don’t get that operating systems do use storage.

Ars Technica’s iOS 8: Thoroughly Reviewed includes a look at how much more storage space iOS 8 consumes, versus a clean install of iOS 7.1.2, and it does gobble a significant chunk: about 740MB on iPhones and 1.03GB on iPads. If you’re using a 16GB device, that’s 4.5 to 6.4 percent. Which doesn’t sound like a ton, but 740MB can hold a lot of photos.

This lawsuit is still pretty silly on its face, for a couple of reasons. The plaintiffs want the class to include not just people who upgraded their devices to iOS 8, but people who bought new devices with iOS 8 preinstalled on them. But those people didn’t “lose” anything—they never had that storage space, because every computing device that ships with an operating system works the same. Some of the advertised space is taken up by the OS. That’s baseball.

The complaint comes with its own table of capacity figures, sort of like Ars Technica’s…except that the data displayed is “represented capacity” of 16GB versus the actual capacity with iOS 8 installed. So that particular table isn’t showing that iOS 8 hogs more space than iOS 7—just that it uses capacity, period.

Click here to read more

mb2

7 – 9 PM

The board has decided to have 4 meetings a year. These meetings will be held on different evenings at the same location as our current meetings, Giant Food Stores in Willow Grove. We will see which day is more convenient for members.

Q&A3x3

We will have our usual Q&A‘s at the November meeting so bring your questions and bring a friend or coworker who you think could benefit from our meeting. Review software for MacBUS and keep it – for free! We plan to give away books and software packages at meetings and all we ask in return is that you submit a review!

Annotate Attachments in Mail

Slowly but surely, Mail has transformed from a bare-bones app into a versatile message manager, and things only get better in Yosemite. If you want to highlight something on a photo, for example, you no longer need to do your work in an image editor first; after attaching it, click on the small arrow in the top-right corner of the photo and you’ll get a menu of editing options, including type, lines, shapes, and drawing tools.

Blocking Apple Pay

The Real Reason Some Merchants Are Blocking Apple Pay… for Now

Over the past few days, news emerged that some retailers, most notably Rite Aid, CVS, and Best Buy, started actively blocking Apple Pay at their cash registers, even though the hardware and software actually supported it. This didn’t just block Apple Pay, but also all other near-field communication (NFC) payments systems, such as Google Wallet. The point-of-sale (POS) terminals — that’s the technical name for credit card–capable cash registers — fully support all NFC payment options that meet industry standards, so to block Apple Pay the retailers had to completely disable NFC, in either hardware or software.

More

Man-in-the-Middle exploit discovered

A new exploit was recently discovered whereby requests to servers using unencrypted access (http://, instead of https://) could be redirected, allowing them to read packets, access credentials and gain access to other devices. The full post describes this is more detail, but the gist of it is try to use encrypted means whenever possible, especially when a potentially hostile environment – airport, coffeeshop, etc.

Fortunately, to correct this situation is fairly straightforward:

Applications > Utilities > Open Terminal app
verify vulnerability:
sysctl net.inet.ip.redirect | grep ": 1" && echo "DoubleDirect: VULNERABLE" || echo "DoubleDirect: SAFE"
If you see ‘Vulnerable’ then
sudo sysctl -w net.inet.ip.redirect=0
enter your password
verify fixed:

sysctl net.inet.ip.redirect | grep ": 1" && echo "DoubleDirect: VULNERABLE" || echo "DoubleDirect: SAFE"
should see ‘Safe’

How Verizon Wireless Is Tracking You All Around the Web

 

When Web publishers first started saving information about their visitors in tiny text files called “cookies,” much of the Internet freaked out: “You mean there’s some little program on my computer that follows me around the Internet?”

No, people like me would explain. Cookies don’t do anything on their own and can be read only by whatever site created them.

Or so we thought. What if the one company that stays with you wherever you go on the Internet — that is, your Internet provider — started inserting cookies in your webpages and could track your online habits for marketing purposes?

Those are the basics of the outrage over the discovery that Verizon Wireless is tagging most of its subscribers’ Internet traffic with individual identifiers as part of an advertising initiative.

As the Electronic Frontier Foundation’s Jacob Hoffman-Andrews wrote Monday, this Verizon tracking “effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy.”

And you can’t turn it off.

What Verizon does to your data
How can Verizon do this? When it relays an address request from a device on its network (your phone, for example) to a website you’re visiting, it adds a “Unique Identifier Header,” or “UIDH,” that ties the request to your account. For example, a Verizon LTE hotspot I’m testing has each request for a webpage silently stamped with 60 characters of gobbledygook beginning with “MTIxNzE0.”

You can’t see this on your smartphone or tablet, but the website you visit can read that UIDH and know you by it, even if you’re browsing in incognito mode.

You can consult specialized test pages that check for this tracking — for example, security researcher Kenneth White’s lessonslearned.org/sniff. The tech-policy lobby Access has since posted amibeingtracked.com, which goes easier on the jargon but takes an extra click.

Only sites that encrypt the connection between them and your browser can thwart this “header injection.” That includes most email, social media, and financial sites (as well as Yahoo Tech, so your emoji fascination is safe from Verizon’s scrutiny). But if the site you’re visiting doesn’t put that little lock icon in the browser toolbar, and you’re accessing it over Verizon’s wireless network, then it’s tracking you.

In a frequently asked questions page, Verizon says this system lets “select ad technology partners” target ads to “groups of customers … based on demographic and interest based information.”

You can opt out of that demographic and interest-based targeting by logging into your account’s privacy settings on the Web, using the My Verizon app on some phones, or by calling 866-211-0874. But note that this doesn’t stop Verizon from inserting the identifying headers into your Web traffic, it just tells it to not use the data.

Which, as White emphasized in an email, is “broadcast to every site and app service that users visit,” except encrypted connections.

Verizon says that’s not a risk because its headers change “frequently.” But it won’t say exactly how often they change or by how much.

And as Hoffman-Andrews (mentioned earlier here as a developer of the BlockTogether anti-harassment Twitter app) wrote in that EFF post, it’s trivial to link one header ID to its replacement by using other Web-tracking technologies like cookies.

Everybody else does not do the same thing
White’s site soon revealed that AT&T was also injecting these headers. But AT&T has implemented what it describes as a test of a possible advertising service in a more polite manner.

Although it’s not obvious from that company’s privacy-policy page, you can click a button at an opt-out page (mobileoptout.att.com), and then confirm at White and Access’ test pages that you no longer have tracking headers stapled to your traffic.

Sprint and T-Mobile, meanwhile, don’t engage in this tracking at all — even though they make a lot less money than AT&T or Verizon. (The latter happens to lead the industry in its proportion of over-$100-monthly subscribers.)

Verizon’s FAQ stresses that advertisers don’t actually see who its customers are, because it anonymizes the data provided through its “Relevant Mobile Advertising” and “Verizon Selects” programs.

In the abstract, that’s not too different from how Facebook lets its advertisers target its members by location, interest, and other criteria less specific than name and address. But Facebook is free, and its members expect to be advertised to. People pay to use Verizon and do not expect to have their behavior sold.

Further, you can tell an enormous amount about theoretically anonymized people if you can see almost everything they read online. Think about how quickly researchers could identify the people whose anonymized search traffic was released by AOL as part of a study in 2006; the same principle applies here.

Just because you can doesn’t mean you should
In one way the growth of the Internet has paralleled your standard mad-scientist movie: First somebody figures out a way to do something really interesting (in this case, track users more closely online), and only later do people start to ask, “Wait … is this a good idea?” A public discussion of the possible downside takes still longer.

Likewise, the architects of these mad plans never think they’ll get caught, until they inevitably do. From ISPs toying with using “deep packet inspection” to the National Security Agency’s “collect everything and sort it out later” overreach, we have seen this movie before.

With Verizon, though, one thing is different. The wireless industry has far more effective competition than residential broadband or the federal government. You can choose to take your business elsewhere if you don’t approve of Verizon’s conduct.

Or Verizon could recognize its untenable position and give its paying customers an easy way to opt out of this tracking. It shouldn’t be that hard … right?

Email Rob at rob@robpegoraro.com; follow him on Twitter at @robpegoraro.