Day: May 7, 2020

Posted on

India is forcing people to use its covid app, unlike any other democracy

https://www.technologyreview.com/2020/05/07/1001360/india-aarogya-setu-covid-app-mandatory/

The world has never seen anything quite like Aarogya Setu. Two months ago, India’s app for coronavirus contact tracing didn’t exist; now it has nearly 100 million users. Prime Minister Narendra Modi boosted it on release by urging every one of the country’s 1.3 billion people to download it, and the result was that within two weeks of launch it became the fastest app ever to reach 50 million downloads.

“We beat Pokémon Go,” says a smiling Arnab Kumar, who is leading development of the service for the Indian government.

But although the app’s growth is unprecedented, it is extraordinary in an even more important way: if you don’t install it, you might lose your job, get fined, or go to jail.

India is currently the only democratic nation in the world that is making its coronavirus tracking app mandatory for millions of people, according to MIT Technology Review’s Covid Tracing Tracker, a database of global contact tracing apps.

While official policy is that downloading the app is voluntary, the truth is that government employees are required to use it, while major private employers and landlords are mandating it as well. The city of Noida is now reportedly fining and even threatening to arrest anyone who fails to install the app on their phone.

It’s a dramatic step generating fierce criticism from civil liberties experts nationally, and from all over the globe.

Rahul Gandhi, a prominent member of the Indian parliament and former leader of the opposition Indian National Congress, is among those who have criticized the app, charging that it has “no institutional oversight” and raises “serious data security and privacy concerns.”

“Technology can help keep us safe,” Gandhi recently tweeted. “But fear must not be leveraged to track citizens without their consent.”

“There is an infringement on human rights that is not justified here,” says Estelle Massé, a senior policy analyst at the digital rights group Access Now. “There is a risk of initiating a tool that can be repurposed for surveillance after the pandemic.”

A massive all-in-one undertaking

MIT Technology Review’s database shows that India’s app is unique in a number of other ways, too. Many countries are developing limited services that use Bluetooth or GPS to give “exposure notifications” to people who have interacted with someone found to have covid-19. India’s app, though, is a massive all-in-one undertaking that far exceeds what most other countries are building. It tracks Bluetooth contact events and location—as many other apps do—but also gives each user a color-coded badge showing infection risk. And on top of this, Aarogya Setu (which means “a bridge to health” in Hindi) also offers access to telemedicine, an e-pharmacy, and diagnostic services. It’s whitelisted by all Indian telecom companies, so using it does not count against mobile data limits.

What the app lacks also sets it apart. India has no national data privacy law, and it’s not clear who has access to data from the app and in what situations. There are no strong, transparent policy or design limitations on accessing or using the data at this point. The list of developers, largely made up of private-sector volunteers, is not entirely public.

Kumar stresses that the app was built to the standards of a draft data privacy bill that is currently in the country’s parliament, and says access to the data it collects is strictly controlled. But critics have expressed concern because it is not open source, despite an Indian government mandate that its apps make their code available to the public. Kumar says that this is a goal for Aarogya Setu and will happen down the line, but he could not confirm a timeline or expected date.

When Aarogya Setu was first announced, the Indian government did seek consent, and using the app initially sounded voluntary. Today, at least 1 million people have been given orders to use it, including central government workers and employees of private companies like the food delivery services Zomato and Swiggy. It’s a well-practiced tactic in India, where “voluntary mandatory” technology has a history of being used as a gatekeeper to certain important rights.

While India is the only democracy to make its contact tracing app mandatory for millions of people, other democracies have struck deals with mobile phone companies to access location data from residents. In Europe, the data has largely been aggregated and anonymized. In Israel, law enforcement focused on the pandemic has used a phone tracking database normally reserved for counterterrorism purposes. The Israeli government’s tactics have been the subject of a legal battle that made its way up to the country’s Supreme Court and legislature.

Not transparent

Many of these difficulties can be traced to a lack of transparency. Neither the privacy policy nor the terms of service for the app were publicly accessible at the time of publication, and the developers have not shared them despite requests. Since the app is not open source, its code and methods can’t easily be reviewed by third parties, and there is no public sunset clause stating when the app will cease to be mandatory, although Kumar says data is deleted on a rolling basis after, at most, 60 days for sick individuals and 30 days for healthy people. And there is no clear road map for how far India’s national and state governments will go: one recent report said the government wants Aarogya Setu preinstalled on all new smartphones; another said the app may soon be required to travel.

In the early days of the app’s development, Kumar said it would leverage the technology being jointly developed by Apple and Google for iPhone and Android. That system will be released in just a few days, but it now comes with rules that include requiring user consent and banning location tracking—neither of which Aarogya Setu complies with. Kumar says Google engineers have been in close contact with Aarogya Setu’s developers, and his team will evaluate whether they can still implement the decentralized Silicon Valley system, which is intended to preserve privacy. Google and Apple have fast-tracked the app into both the Android and iOS app stores.

But there are still deep concerns that blurring the line between voluntary and mandatory, and between privacy-preserving and privacy-invading, will have long-term consequences.

“There is no effort made by the state to earn citizen trust,” says Anivar Aravind, executive director at the civic-technology organization Indic Project. “Here are a set of private-sector corporate volunteers, with no accountability, that built an app for governments that is forced to personal devices of everyone.”

via Technology Review Feed – Tech Review Top Stories https://ift.tt/1XdUwhl

May 7, 2020 at 01:18PM

Posted on

How to Transfer Google Authenticator to Another Android

https://lifehacker.com/how-to-transfer-google-authenticator-to-another-android-1843313800

Google Authenticator is getting its first big update since September of 2017, and you’ll enjoy more than just a few cosmetic upgrades once the updated app rolls out to your Android (and eventually, we hope, your iPhone/iPad).

Finally, you’ll be able to easily export your entire list of two-factor-authentication-protected accounts and import it to another device, a feature that has long made us recommend apps like Authy—security concerns aside—in place of Google’s offering.

Even more importantly, Google has finally set up Authenticator so you, and apps on your device, can’t take a screenshot of its contents on Android. If you attempt to do so, you’ll get a warning that “taking screenshots isn’t allowed by the app or your organization.”

These changes are great, but you might not have them yet; I didn’t have version 5.10 of the app when I just checked the Google Play Store, and I had to install it from APKMirror instead for the purposes of this article. Generally speaking, sideloading your apps isn’t the best security practice. While you shouldn’t encounter issues grabbing an app from APKMirror, since this is an app that’s a critical component to the online security of all of your accounts, you might want to err on the side of caution and wait for Google’s official update to roll out.

That said, were I impatient—or if I needed to move a ton of 2FA codes from one Android to another, but I didn’t want to waste time resetting 2FA on all of my accounts and re-enabling it manually—I’d go download the APK right now. Nobody will judge you; this is more a blanket warning against sideloading apps if you don’t really have to.

Once you’ve installed and fired up the new version of Google Authenticator, you’ll see a slightly redesigned screen that looks like this:

No screenshots of the authenticator keys, remember?
Photo: David Murphy

Tap on the triple-dot icon in the upper-right corner to pull up Google Authenticator’s almost-Settings menu, where you’ll see a new “Transfer accounts” option. Tap that, and you’ll get two prompts:

Notice the new “Recent activity” link that’s buried in the lower-left corner of this screen. Tap it, and you’ll be able to review any 2FA accounts that were added to the on the device you’re using. It’s a great way to see if someone has been messing with your 2FA setup, and something worth checking in case you’re ever concerned about the security of your authenticator app. It only appears to tell you about new additions, however, not deletions—something to keep in mind.

Back to exporting. To get started, simply tap on the “Export accounts” option within the “Transfer accounts” window. Once you’ve authenticated yourself using whatever security measures you’ve set up on your phone (such as a fingerprint), you’ll be able to select which accounts you want to transfer to your new device.

You’ll then get a QR code that you’ll then scan on a Google Authenticator (version 5.10+) app on another device—using the “Import accounts” feature from the “Transfer accounts” window. It’s as easy as that. You’ll get a notification on both devices (within Google Authenticator) that your accounts have been exported/imported:

Matchy-matchy
Photo: David Murphy

via Lifehacker https://lifehacker.com

May 7, 2020 at 02:36PM

Posted on

How VPN is Changing the Way we Use Internet

https://www.discovermagazine.com/technology/how-vpn-is-changing-the-way-we-use-internet

VPNs were already well on their way to changing how we browse the internet this year. We’re finally seeing VPN solutions moving into consumer awareness – it’s more and more likely that the average person on the street knows about VPNs or is willing to discover what a VPN is and how it can help.

Now other trends, like a growing number of data breaches and more remote work due to COVID-19 regulations, are making VPNs more important than ever in 2020. We’re entering a key new phase of online browsing and work: Here’s how VPNs are at the center of it.

Secure Remote Working Setups

VPNs are currently in the middle of a vast surge in use around the world as companies adopt remote work and work from home policies to stay active during COVID-19 lockdowns and social distancing measures practiced during the pandemic. On one hand, this is a great test for modern VPN services and how well they can quickly scale up with sudden new demand. On the other hand, it’s difficult for businesses practicing remote work setups for the first time, because the security needs are different: A VPN is the ideal option for encrypting data from home computers to business networks, but many businesses haven’t even considered using a VPN before.

This is why we’re seeing a lot more research and experimentation with implementing VPNs in business situations to protect data from remote work. A traditional method for this is setting up a VPN server hosted on a private network and instructing workers to use client apps on their own computers. This offers end to end encryption with some flexibility for companies that manage a lot of data. However, businesses that aren’t ready to migrate to such a full setup can use a more casual or free VPN setups that still provide benefits, and can be implemented very quickly when remote work is a sudden change.

The trend isn’t likely to stop, either. In many respects, COVID-19 pushed many industries into remote work solutions when they were balking at the change before. It was often overdue. When threats from the pandemic fade, a lot of organizations are going to find that their structure now incorporates remote work permanently. It just won’t be as feasible to return to the old situations. That means VPNs are becoming an integral part of more businesses networks, and faster than expected.

The New Habits of Hacking

“VPNs can protect your data from hacking” has been a frequent rallying cry in the industry for years now. Consumers looking into VPNs aren’t always sure how this works, but the increased frequency of wireless hacking attempts has now made it all too clear.

Hackers throw everything at the wall and see what sticks – what they can gain control of or steal, and how that can be used to make some easy cash. We’re seeing an uptick in many kinds of attacks, such as phishing emails from contact lists bought online (and usually stolen from companies). One popular hacking method is to simply find a public Wi-Fi network that’s ripe for exploitation and troll it for any unsecured connections where hackers can pick up in passing, and potentially sensitive, data. Hackers can’t do that when a VPN is busy encrypting all data moving through that connection.

Awareness of these tactics is finally hitting the average user, so people today understand that public Wi-Fi at malls, airports, cafes and other areas isn’t exactly safe, especially if the provider doesn’t take many security precautions.

The solution to these Wi-Fi attacks is multifold. When people start returning to public spaces, they’ll find a lot of 5G towers in place (when crazed conspiracy theorists aren’t burning them down) and a lot more Wi-Fi 6 capable networks, which will help with security. However, a VPN is the user’s primarily tool in protecting themselves instead of relying on network upgrades as they move around. VPNs are quickly becoming as common as luggage when traveling, and an important app to have when in any public space. Enabling encryption like this will soon be second nature for all mobile users.

Consuming Content in a Global Environment

One of the big hooks for consumer VPN in recent years has been server switching. In other words, you may be accessing the internet from Canada, but with a VPN you can choose a United States server so it looks like you are connecting from there instead. This is frequently used to bypass content restrictions: Many, many streaming services offer different types of content based on different regions. If your favorite show is on Netflix in the United States but not Canada, then using a VPN to switch to a U.S. server starts to look very attractive.

This is not only becoming a popular strategy in 2020, it’s also changing the way that streaming services work, period. Streaming companies are reconsidering the value of regional restrictions and licenses – it used to be an easy source of profit, but it is looking more and more like a shell game that tries to permanently put the consumer at a disadvantage.

We are already starting to see how distributing content is change due to this new awareness, and a lot of it comes from the rise of VPN use. It’s still uncertain what ultimate compromise the industries will reach, but it’s likely to be much more consumer friendly when the dust settles.

Businesses and the Important of Reducing Risk

We already talked about using a VPN in a remote work situation. But companies can get a lot more use from VPNs than just this basic data encryption. Take a look at business-facing VPN vendors and you’ll see a host of security services, including better encryption for customer/partner data, more robust firewalls, whitelist management for important employee tools, and a lot more.

Yes, this can provide a big boost in security for businesses that deal with digital data – but most companies in these industries were already aware of this. What we’re seeing now is a broader realization among many different companies that VPN services can lower their security risks as a whole. That’s great for insurance, lead management, and other strategies, even in businesses that don’t really need their own servers.

The Combination of VPNs and Cloud Data

Cloud-hosted VPNs are also a growing part of the new internet. It’s a low-cost method of adopting VPN protections that’s more suitable for smaller businesses or companies that are in growth phases but not ready to manage their own servers yet. These solutions naturally tie directly into other cloud servicers or providers, including AWS, Azure, and Google Cloud. A lot of businesses have been looking for alternative VPN setups just like this, which is why they’ve become such a popular solution – a trend we expect to continue.

The Rise of Political Awareness – and Censorship

VPNs also have a historical relationship with political censorship, often being the only ways that political dissidents or simply curious citizens to access the full online world or communicate outside of their country…without being easily identified.

This hasn’t changed, but it has become more necessary than ever before. More restrictive governments continue to crack down with growing censorship that is in turn creating more backlash than before. Acts like banning online gaming with foreigners, far from completing their intended goals, are driving more citizens to VPNs than ever before. Journalists, political dissidents in danger of imprisonment, and others are also more practiced at using VPNs for their own safety, and have teams of people around the world helping them stay encrypted with the latest solutions.

We’re also seeing this create tech races in various countries. Governments are trying to ban VPNs as fast as they’re being used to dodge censorship and tracking, while VPNs are offering new or robust services to take advantage of growing demand in these areas. It’s an interesting – and potentially dangerous – proving ground for online security, and privacy in general.

VPN Bypasses Are Making the Experience More Flexible

A past complaint, especially from private users, about VPNs was the restrictions involved when using their favorite sites and services. VPNs can slow down internet speeds, especially for more demanding activities like gaming or streaming movies. It may also create access problems with specific tools that aren’t designed to be used with VPNs.

Whitelisting is the latest solution for that, and it’s making casual VPN use easier than ever before. The most common method is called split tunneling, where part of the internet traffic (where encryption is important) passes through the VPN, and part is directed along the traditional internet channel instead (say, a site for streaming movies). This type of whitelisting solves a lot of problems that older VPNs had, and is now widely available to consumers, even through many free VPN downloads. With one of the biggest obstacles to casual VPN use removed, we’re one step closer to VPNs being an expected part of any online connection, as common as using a firewall.

Speed Issues are Being Resolved in Other Ways, Too

When VPNs have to be used – for example, when logging onto a company portal to get work done – they can still be slow to connect in some situations. Users may also run into a particular app that just doesn’t play well with a VPN and freezes or moves too slowly. Understandably, this creates some doubt in how easily a VPN solution can be applied. Fortunately, answers are already on their way: New technologies like Wireguard and similar technologies are being used to circumvent these problems by changing how servers communicate for the better.

via Discover Main Feed https://ift.tt/2rbDICG

May 7, 2020 at 02:21PM

Posted on

FDA approves a rapid COVID-19 test that uses CRISPR

https://www.engadget.com/fda-sherlock-biosciences-covid-19-crispr-test-162943598.html

Sherlock Biosciences has received an Emergency Use Authorization (EUA) from the FDA for a rapid COVID-19 test that uses CRISPR technology. This is the first FDA-authorized use of the gene-editing tool, which poses both massive potential and ethical issues.

Sherlock’s CRISPR SARS-CoV-2 test uses a CRISPR molecule to detect the genetic signature of the virus. If it finds the virus, the CRISPR enzyme is activated, and that releases a detectable signal. The kit, which uses a nasal swab or bronchoalveolar lavage (BAL) specimen, is designed for use in laboratories authorized to perform high complexity tests. While it’s considered a “rapid” test, Sherlock did not say how long it takes to process the results. 

“Sherlock enables rapid identification of a single alteration in a DNA or RNA sequence in a single molecule,” said Sherlock Biosciences co-founder David Walt. “That precision, coupled with its capability to be deployed to multiplex over 100 targets or as a simple point-of-care system, will make it a critical addition to the arsenal of rapid diagnostics already being used to detect COVID-19.”

Sherlock says it is working to rapidly scale production and will share plans for kit distribution and availability in the coming weeks. The company is also working on another handheld test, similar to that of a home pregnancy test, to detect COVID-19.

Sherlock’s CRISPR test is one of a growing number of FDA EUAs issued recently to address the coronavirus pandemic. The FDA has given the fast-tracked approval to NASA’s ventilator design and Formlabs’ 3D-printable attachment that turns sleep apnea BiPAP machines into ventilators. We will likely see more EUAs in the coming weeks.

via Engadget http://www.engadget.com

May 7, 2020 at 11:36AM

Posted on

New Standard Adds Low-Power Wireless Charging to NFC

https://gizmodo.com/new-standard-adds-low-power-wireless-charging-to-nfc-1843293240

Qi wireless charging has become the de facto wireless charging standard for gadgets like phones, earbuds, and more. However, just this week, the NFC Forum approved a new low-power wireless charging specification to help make it easier to charge smaller gadgets or IoT devices.

The new standard is simply called the Wireless Charging Specification or WLC, and by using a 13.56 MHz base frequency, devices equipped with near-field communication (NFC) can send both data and power simultaneously to nearby NFC devices. Aside from being governed by two different organizational bodies, the main difference between NFC WLC and traditional Qi wireless charging is that while Qi wireless charging can support power transfer of up to 15 watts or more, WLC charging speeds top out at just 1-watt.

That means NFC WLC isn’t designed to help recharge a phone and won’t really compete with Qi wireless charging on larger devices, but could be used instead to charge things like NFC tags, security fobs, or even some Bluetooth headsets that are often too small or too cheap to feature support for Qi charging. On the flip side, because NFC is already used to facilitate a wide variety of payment systems including Apple Pay, Samsung Pay, Google Pay, and others, it may not require a huge investment from gadget makers to incorporate support for WLC into new devices.

Where things get a bit trickier is that while they rarely show up on spec sheets or a feature list, there are actually five different types of NFC tags used throughout the world, with certain tweaks and varying support depending on the location. For example, while public transportation in Japan uses NFC as a payment method, only NFC Type-3 tags are compatible with the Japanese Industrial Standard, which means devices made in other countries and then brought to Japan don’t always work properly when trying to pay for a subway or train ticket.

Currently, it’s unclear if WLC will be backward compatible with existing NFC-equipped devices, or WLC will require a new type of tag or simply something like a firmware update to enable WLC charging. Gizmodo has reached out to the NFC Forum for clarification, and we will update this story if we hear back.

WLC was originally proposed as a technical candidate back in early 2019, but had not been officially approved for use on retail devices until earlier this week. However, with the NFC Forum claiming that there are over two billion NFC-equipped devices in use today, getting a little extra functionality through the addition of wireless charging—even if it’s relatively slow wireless charging—remains a welcome addition.

via Gizmodo https://gizmodo.com

May 6, 2020 at 03:00PM

Posted on

AMD Announces Ryzen Pro 4000 for Mobile: 8 Cores, 15 W, 4.1 GHz

https://www.anandtech.com/show/15773/amd-announces-ryzen-pro-4000-for-mobile

On the back of AMD’s successful Ryzen Mobile 4000 series launch for consumer laptops, the company today launching its range of commercial processors from the same family. These processors are designed for the standard commercial verticals typically associated with company contracts, education deployments, medical use cases and any environment that requires a level of manageability across its workforce. The new AMD processors have up to eight of the latest Zen 2 cores, up to Vega 7 compute graphics, and are built on the latest TSMC 7nm process node technology.

via AnandTech https://ift.tt/phao0v

May 7, 2020 at 08:12AM