* Posts by mmm_yeah

12 posts • joined 21 Jul 2020

What Microsoft's Windows 11 will probably look like

mmm_yeah
WTF?

I really hope this is a joke.

Microsoft promises end-to-end encrypted Teams calls for some, invites you to go passwordless with Azure AD

mmm_yeah

Re: "Microsoft", "cloud", "passwordless authentication"......................

“Passwordless” isn’t the same thing as biometrics. Biometrics data, like PINs, are just “gestures” for unlocking a security component such as a hardware FIDO2 token or Windows Hello (which may or may not be backed by a TPM), which among other things are engineered to resist brute-force attacks. The decision to accept or reject such a gesture is made locally. Unlike the password, no biometrics data or PIN is transmitted over the network.

Going passwordless essentially means that instead of passwords (which are often low-quality and reused), you’re now identified by a pair of public/private keys, and the private key is protected by a tamper-resistant token. If somebody steals your token, they _probably_ doesn’t have your PIN or biometrics to use it. You’ll have the opportunity to disassociate the token with your account or, if they try and fail too many (e.g., 5) times, the token will clear itself. Either way, the keypair is rendered useless.

Plus, nobody can guess your password—with or without your knowledge—if you don’t have a password in the first place.

You can argue that biometrics are fundamentally identifiers and are therefore unsuitable even as a way to locally unlock a security token. Actually PINs can get reused (and shoulder-surfed) as well. The point is these risks are much more manageable and eliminating passwords gives the user much more convenience and very often much better security.

Signal boost: Secure chat app is wobbly at the moment. Not surprising after gaining 30m+ users in a week, though

mmm_yeah

I mean, it’s been more than a year and their “Unregister From TextSecure” form is still broken.

Australia sues Facebook for slurping user data from Onavo Protect VPN app

mmm_yeah

They aren’t suing Microsoft and that’s relevant.

I assume you’re trolling.

mmm_yeah

> This included details about Onavo Protect users’ internet and app activity, such as records of every app they accessed and the number of seconds each day they spent using those apps.

Isn’t that what Microsoft collects from Windows users by default (and full browsing history if using Edge)?

China's Chang'e-5 lands on the Moon to scratch surface

mmm_yeah
Thumb Down

> The US put their missions on live TV, to show both failures and successes as they happened.

Chang'e 5's launch was publicly aired, as were most other high-profile Chinese space missions. I'm not sure how the landing could have been put "on live TV" though.

> The Chinese made sure that it successfully landed before announcing it.

Should they claim a success before they have confirmed it?

> A little insecurity there, it would seem.

Nah, bro. Just admit you're just a racist pig who wish to see them fail.

Apple's privacy pledges: We sent dev checks over plain HTTP, logged IP addresses. We bypass firewall apps

mmm_yeah

He understands. He repeatedly expressed sympathy. He endorsed. He was happily running Big Sur.

It's like he's trying to avoid offending Apple or something.

But it's good to know he's real happy.

Microsoft wants to show enterprises that Edge means business, rather than the thing you use to download Chrome

mmm_yeah
FAIL

Enterprise?

If you manage O365 for your organization, you might want to think twice before deploying Edge, since your users won’t be able to sync their browser settings without an Azure Information Protection P1 license. A standalone AIP P1 license costs $5 per user per month. Depending on your license structure, it can be quite expensive.

Oh, I already checked, and settings-sync-for-everyone isn’t on their roadmap.

Microsoft accused of sharing data of Office 365 business subscribers with Facebook and its app devs

mmm_yeah

That page also tells you why in the “Causes” section, right above what you quoted.

“This issue occurs if Facebook integration isn't available for your organization. Validation rules block access to features that don't apply to certain organizations. Even though you can't disable the feature, you don't have to be concerned about the feature being used by people in your organization. If the Facebook contact sync feature isn't available for your organization, this means that the feature is blocked at a deeper level.”

I’m not sure how you could’ve missed it, quite honestly.

mmm_yeah

Re: Sounds scary...

> […] but there’s nothing to suggest non-Facebook users are safe from any data slurping by Facebook if the software company have any agreements going with Facebook.

Yeah, so um… So how can Microsoft’s business user data be “slurped” by Facebook, other than by using this “Facebook contact sync” feature (which requires the user explicitly creating a Facebook connection first)? I read the legal complaint and didn’t find any.

mmm_yeah

Re: Sounds scary...

> That's not what I understood reading the article. It says: "whether or not the customers or their contacts are Facebook users".

Sure, that was my understanding as well, until I read the legal complaint itself.

mmm_yeah

Sounds scary...

But if I understand it correctly, “sharing data with Facebook” only happens when Facebook contact sync in Exchange Online is turned on (by default) and a user sets up a Facebook connection.

The only place in the complaint where I found _how_ “Facebook-sharing” is done is in paragraph 76, on page 18:

> Even if a customer discovers and disables this Facebook-sharing “feature” after activating Office 365 or Exchange Online services, the damage has already been done. At that point, the business customer’s contacts have been shared with Facebook. As Microsoft explains in an obscure technical instruction, “[o]nce contacts are transferred to Facebook, they cannot be deleted from Facebook’s systems except by Facebook.”

Googling the quote leads you to an outdated document titled “Office 365 Midsize Business, Office 365 Enterprise, Office 365 Education & Office 365 Government Advanced Privacy Options for Administrators”, on a non-Microsoft domain. The quote appears in a section named “Facebook Contact Sync” (next to “LinkedIn Contact Sync”). These two features are still documented on the current Microsoft Docs website.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021