Linked List: April 4, 2020

Saturday, 4 April 2020

They’re back.

My thanks to Rogue Amoeba for sponsoring this week at DF to promote SoundSource, their powerful Mac menu bar app that provides quick access to audio devices, per-app volume control, and much more.

One year ago — to the day! — I wrote about SoundSource 4:

[I]f you’re not familiar with SoundSource, their description is spot-on: “Sound control so good, it ought to be built in”.

Basically, SoundSource is a menu bar app that gives you quick access to input and output devices, and level settings, and lets you apply equalizer effects — both system-wide and on a per-app basis. All with a thoughtful, intuitive interface […] a great example of a distinctive, branded UI that still looks and feels in every way like a standard Mac app.

If you’re doing more with audio on your Mac now — remote meetings, Skype calls, recording podcasts, whatever — and wish you had more control over your audio input and output devices, you’re going to love SoundSource. It encapsulates a lot of features in a very easy to understand interface. (If you’re into decluttering your menu bar icons, SoundSource can fully replace the system’s built-in Volume menu item — take a look in SoundSource’s preferences for the alternate menu bar icon that shows your current volume. Update: And Sound Source’s “Super Volume Keys” feature lets you use your keyboard volume keys to control the volume of any speakers connected to your Mac.)

Try it out: download the free trial, and use coupon code DF2020 to save 20% when you purchase by April 10.

Facebook Wanted NSO Spyware to Monitor iOS Users ★

Joseph Cox, who has been absolutely killing it in his reporting for Motherboard:

According to a declaration from NSO CEO Shalev Hulio, two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use certain capabilities of Pegasus.

At the time, Facebook was in the early stages of deploying a VPN product called Onavo Protect, which, unbeknownst to some users, analyzed the web traffic of users who downloaded it to see what other apps they were using. According to the court documents, it seems the Facebook representatives were not interested in buying parts of Pegasus as a hacking tool to remotely break into phones, but more as a way to more effectively monitor phones of users who had already installed Onavo.

“The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices,” the court filing reads. “The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users.”

This was just a little over two years ago. The NSO software that Facebook was attempting to license is — according to NSO — intended for legitimate counterintelligence and law enforcement agencies to use in the pursuit of criminals and enemies of the state. There’s certainly a debate to be had regarding the NSO Group and its services, but Facebook’s stated intention for this software was to use it for mass surveillance of its own honest users. That is profoundly fucked up — sociopathic.

Let me repeat what I’ve stated before: Facebook is a criminal enterprise.

‘Thank God for the Internet’ ★

Josh Topolsky, writing at Input:

But thank god for the internet. What the hell would we do right now without the internet? How would so many of us work, stay connected, stay informed, stay entertained? For all of its failings and flops, all of its breaches and blunders, the internet has become the digital town square that we always believed it could and should be. At a time when politicians and many corporations have exhibited the worst instincts, we’re seeing some of the best of what humanity has to offer — and we’re seeing it because the internet exists.

Now, I’m not letting Mark Zuckerberg or Jeff Bezos off the hook, but we also can’t deny that there is still good, still utility, still humanity present here — and it’s saving us in huge ways and little ones, too. In the shadow of the coronavirus, the sum of the “good” internet has dwarfed its bad parts. The din of a connected humanity that needs the internet has all but drowned out its worst parts. Oh, they’re still there, but it’s clear they aren’t what the internet is; they’re merely the runoff, the waste product.

So true. Feeling isolated? Cooped up? Me too. But imagine what this would’ve been like 30 years ago. This sort of crisis is what the internet was designed for, and it’s working.

Bruce Schneier on Zoom ★

Bruce Schneier:

I’m okay with AES-128, but using ECB (electronic codebook) mode indicates that there is no one at the company who knows anything about cryptography. […]

In the meantime, you should either lock Zoom down as best you can, or — better yet — abandon the platform altogether.

If Bruce Schneier recommends you don’t use Zoom, you probably shouldn’t use Zoom — at least for anything you wouldn’t be willing to conduct over an unencrypted channel.

TechCrunch: ‘Zoom Admits Some Calls Were Routed Through China by Mistake’ ★

Sometimes a headline says it all. This is really one hell of a “mistake”. It’s China. Considering everything we know about China — human rights violations, untrustworthy track record, unaccountable totalitarian leadership, vast resources, and their technical expertise to act, at scale, on access to potentially sensitive poorly-encrypted video calls — China is quite literally and obviously the last country on the face of the earth where you’d want video calls routed.

But I suppose Zoom is probably right, it must have been a mistake — despite the fact that Zoom has over 700 employees in China, including a large portion of its engineering staff; despite the fact that Zoom’s purported end-to-end encryption is no such thing, which means Chinese snoops already have access to the keys used to weakly-encrypt Zoom chats — because Zoom CEO Eric Yuan assured us that Zoom was designed with the security and privacy needs of the enterprise in mind. What a relief.