Thanks for pointing out the stool scale. I went from "hahaha I'm sure this some kind of 'how shitty stuff is'" to "let me see how it works" to "oh, it's actually a useful medical chart" lol
Alt-tabbing (or cmd-Q if you’re done) back to your terminal window after running `subl` to edit a file is equivalent difficulty (as measured by keystrokes) to exiting nano or vim.
I'm on Linux and I just use one keystroke to switch (F2). I have F1 F2 F3 F4 keys binded to change to virtual desktops 1 2 3 4. 1 -> Console(s) 2 -> Editor (sublime) 3 -> Browser (Firefox) 4 -> Misc (File browser, other apps)
I've been using iterm for years mainly because it has a Quake style terminal window. I realise how I just can't get to grips with tabbing through screens on either macos and windows anymore, not with having multiple browser profiles (personal and work) and screens open. I should figure out a solution to that, but at the same time I decided that I should keep my various employers (I'm a contractor/consultant/temp/whatever) separated better, so, different browser profiles, password databases, etc.
Another thought: these $5 tags still seem as good or better than a DIY tag using the current version of OpenHaystack, right? Unless OpenHaystack supports UWB?
“The only clue that users seemingly had of Siri's alleged spying was eerily accurate targeted ads that appeared after they had just been talking about specific items like Air Jordans or brands like Olive Garden, Reuters noted (claims which remain disputed).”
It’s very common for users to associate their conversations with ads and believe that they are being listened to, across many platforms including those without microphones. The article does not appear to provide any non-anecdotal evidence of this.
It seems confirmed correct that yes siri does incorrectly activate, and anyone with an iphone knows this. What is unsubstantiated and denied by apple is that those siri recordings were used for advertising.
I was one of the people claiming this. I’ll tell you why I thought it.
1. I’m seeing ads for trending topics or those tied to things I’ve said or typed (targeted).
2. On one or two platforms, it was usually the same ads. Especially the targeted ones. They didn’t change often.
3. My friend and I discuss a rare topic.
4. Thirty minutes later, my app refreshes to show an ad on the rare topic from No. 3.
5. In each case, the only input for moving that information into a computer was my phone’s microphone.
6. Prior investigations showed some other devices, esp Alexa-style, were transmitting lots of data to their companies even when people weren’t talking to them. Their terms allowed their recordings to be used by the company, too.
So, we believed it was another example of a product listening in on us for money.
Just minutes ago, Siri said she didn’t understand what we were saying. We never said “Hey Siri” or anything remotely like that. It keeps happening at least once a week. It’s clearly listening to some degree when it’s not supposed to. The only question is if there’s a recording of that.
They do, Airtag hardware need to be signed to add to your iCloud account. But the actual location beacon messages are not linked to your iCloud account and can’t be associated with the sending airtag.
Changing the underlying find my network to break this would be challenging if not impossible while keeping the privacy protections in place. Apple can’t identify devices sending data to find my, and doesn’t log requests. Short of changes that would break compatibility with older devices it should be relatively stable.
OpenHaystack has been doing this for a few years now and Apple has made no efforts to restrict it.
I’ve been using FakeTag[0] and OpenHaystack[1] coupled with a vibration sensor to notify me when various things happen around my house. Inspired by this [2] article. It’s worked flawlessly for ~2 years.
You're correct in saying that it would be challenging for them to overhaul the entire network, but this library directly makes API calls to Apple's servers to request location reports. So while the tags would likely keep working, they could totally block the library or your account if they really wanted to.
> Apple can’t identify devices sending data to find my, and doesn’t log requests.
So what you're saying is that a decent firewall could still inspect the traffic, or the patterns thereof.
Also, this doesn't make any sense, as if Apple doesn't know which AirTag belongs to who, Find My would be very useless; and law enforcement would be furious.
Airtags are associated with your apple ID for safety, but when you make a request for the location from Find My it doesn’t include any information about which airtag you’re asking about; just a CSPRNG-incremented public key that changes every 15 minutes. The location data itself is not available to Apple.
The short answer is that it doesn't. The iCloud website only shows devices that are actively uploading their location to Apple, such as iPhones and iPads. AirTags are not shown there, as they use the FindMy network instead (the whole other-devices-find-your-airtags mechanism). This library focuses on the latter.
Apple devices can query your AirTag's location because they sync its shared secrets through the iCloud keychain, which is used to generate temporary keys that can be use to download and decrypt the tag's location.
As far as I understand, the keychain is indeed e2e encrypted and it requires at least one of your other devices to be online in order to sync. However last time I checked Apple still fails the mud puddle test, so there does have to be some kind of master key that decrypts the data in the case of account recovery.
It’s explained pretty well in link provided in comment your replying to.
The tl;dr is: The information is publicly available in an encrypted form that is only readable by the party with the key.
Think of it like this, when you mark an item as lost you publish a hashed public identification key, if another device detects that key it creates a location report encrypted with your public key and posts it to a public list of encrypted reports, you decrypt the report with your private key.
If you mean from another device other than one that your keychain is on, ie, a browser on a device you haven’t logged into before, you can’t.
You can get an active location through iCloud if the device is powered on or its last location before power off if the setting is enabled. But you can’t decrypt find my location reports without the private key, which is only available in devices you’ve logged into.
So you're saying that by logging into icloud.com and clicking on the "Find My" app, my web browser is downloading encrypted location reports from Apple's servers, and my web browser is decrypting them locally?
So Apple has no way to see anything even when developing the platform itself?
They must have a way to decrypt payloads or otherwise get into the system they built and control. The fact that they let law enforcement know when someone is stalking someone with an AirTag shows that the data is available to them. It’s silly to think otherwise, paper or not.
> The fact that they let law enforcement know when someone is stalking someone with an AirTag shows that the data is available to them.
Not technically correct. Apple devices (and Android phones with the appropriate app) detect if an unknown AirTag is moving with them and makes it home, possibly signalling a stalking attempt.
The heuristics for this happen locally; Apple isn't "aware" of this happening. That said, when you first set-up an AirTag, the serial is tied to your account. Therefore, when you physically find an unknown AirTag and report it to law enforcement, they can then subpoena (or get a warrant?) Apple for information on the AirTag owner's identity.
The serial itself, and any personal identifiers, are not used in the locating process, however.
This is well documented in the paper above, in articles, as well as in reverse engineering efforts.
