Linked List: June 28, 2022

Tuesday, 28 June 2022

Commemorating the 50th anniversary of Atari, Benj Edwards interviewed founder Nolan Bushnell for How-To Geek:

Benj Edwards, How-To Geek: Do you think the video game industry has lost sight of any innovations from the early days of Atari?

Nolan Bushnell: A little bit. Remember that Atari was founded as a coin-op company. And coin-op has this requirement that a newbie has to get into the game almost instantly without reading instructions. So the simplicity of onboarding is lost by a lot of people right now. [...]

HTG: What did you do “right” in the early years of Atari that people could learn from today?

Bushnell: We did really good branding. And I think that, in terms of our graphic badges and our logo and everything, we wanted to have a distinct look. I think it’s held together. Right now, the Atari logo is the only thing that’s still really vibrant.

HTG: Apple used iconic branding successfully too, and Steve Jobs was one of your early employees. Do you think that rubbed off on Apple?

Bushnell: I think so, because Jobs used to ride up to my house on Sunday mornings on his motorcycle. And we’d drink tea and talk about things. And I talked about the importance of branding and color palettes and things like that — how a brand and look is multi-faceted. You’ve never really thought about a color palette as being unique to a company, and yet it’s axiomatic.

Atari was the first computer company I ever loved. Still love those old machines and games, and still love that logo.

Bonus link: This terrific TV commercial for the Atari 2600 from the early 1980s, also via Edwards.

Period Tracking App Stardust Seems a Little Sketchy ★

Sarah Perez and Zack Whittaker, reporting for TechCrunch yesterday:

Others are abandoning their current period trackers and turning to apps like Stardust instead as a result of the company’s strong statement issued in light of the decision to overturn Roe. Stardust said it would implement end-to-end encryption so it would “not be able to hand over any of your period tracking data” to the government, helping to draw in hundreds of thousands of downloads over this weekend ahead of the release of the new, encryption-featured app version slated for release on Wednesday.

First strike: Stardust bills itself as an astrology-based period tracker: “Harness your inner cosmic energy with Stardust, an app that integrates science, astronomy and artificial intelligence to connect your hormonal cycle with the cycles of larger celestial bodies: the stars, planets, sun, and moon.” I wouldn’t take advice at the craps table from someone who believes in astrology, let alone trust them with my medical data.

(Sidenote: “minnow-clarinet-j6yf.squarespace.com” is an odd domain name for an ostensibly serious personal health company.)

Second strike: end-to-end encryption isn’t something you just add in a matter of days.

TechCrunch ran a network traffic analysis of Stardust’s iPhone app on Monday to understand what data was flowing in and out of the app. The network traffic showed that if a user logs into the app using their phone number (rather than through a login service provided by Apple or Google), Stardust will periodically share the user’s phone number with a third-party analytics service called Mixpanel. [...] During the network traffic analysis, TechCrunch saw no health data shared with Mixpanel. But sharing a phone number that’s tied to a specific user of a period-tracking app with a third party like Mixpanel could allow prosecutors to compel Mixpanel to turn over that data — even if Stardust claims that it can’t.

That does not sound like an app that takes user privacy seriously.

TechCrunch asked the founders for more information about how the app is implementing end-to-end encryption. Stardust founder Moranis told TechCrunch that “all traffic to our servers is through standard SSL (hosted on AWS) and subsequent data storage on AWS RDS utilizing their built-in AES-256 encryption implementation.” Although this describes the use of encryption to protect data while in transit and while it’s stored on Amazon’s servers, it’s not clear if this implementation would be considered true end-to-end encryption.

Given its complexity and the stakes involved, implementing end-to-end encryption is often a time- and resource-intensive effort, where a single coding flaw could undermine the protections of the users’ data. [...] When asked if the company had conducted a third-party security audit of the app’s code, Moranis said that the company intends to “fully publish our implementation along with a third-party audit once it is complete,” but a timeline was not given. [...]

After we heard from Stardust, the company quietly changed its privacy policy again to remove mentions of end-to-end encryption.

This doesn’t really make any sense. My best guess is that Stardust’s leadership saw an opportunity to appeal to privacy-concerned women after Friday’s Supreme Court decision overturning Roe v. Wade, struck gold by claiming to be secure and privacy-focused, but they didn’t actually know what “end-to-end encryption” really means.

Trump Lawyer John Eastman Probably Wishes He Knew How to Hard-Lock His iPhone ★

CNN:

FBI seized the phone of former President Donald Trump’s election attorney John Eastman last week, according to a new court filing from the conservative lawyer. Last Wednesday, about six federal investigators approached Eastman in New Mexico when he was exiting a restaurant after dinner with his wife and a friend, according to the court filings. He was patted down, and “forced to provide [facial] biometric data to open” the phone, Eastman’s court filing said.

Agents were able to get access to Eastman’s email accounts on his iPhone 12 Pro, the filings said.

CNN posted a copy of Eastman’s court filing, which contains the original warrant as an attachment. From the warrant:

During the execution of the search of the authorized places, law enforcement personnel are also specifically authorized to obtain from the Subjects (but not any other individuals present at the time of execution of the warrant) the compelled display of any physical biometric characteristics (such as fingerprint/thumbprint, facial characteristics, or iris display) necessary to unlock any device(s) requiring such biometric access subject to seizure pursuant to this warrant for which law enforcement has reasonable suspicion that the aforementioned person(s)’ physical biometric characteristics will unlock the device(s), to include pressing fingers or thumbs against and/or putting a face before the sensor, or any other security feature requiring biometric recognition of any of the devices, for the purpose of attempting to unlock the device(s)’s security features in order to search the contents as authorized by this warrant.

While attempting to unlock the device by use of the compelled display of biometric characteristics pursuant to this warrant, law enforcement is not authorized to demand that the aforementioned person(s) state or otherwise provide the password or identify the specific biometric characteristics (including the unique finger(s) or other physical features), that may be used to unlock or access the device(s). Nor does the warrant authorize law enforcement to use the fact that the warrant allows law enforcement to obtain the display of any biometric characteristics to compel the aforementioned person(s) to state or otherwise provide that information. However, the voluntary disclosure of such information by the aforementioned person(s) is permitted. To avoid confusion on that point, if agents in executing the warrant ask any of the aforementioned person(s) for the password to any device(s), or to identify which biometric characteristic (including the unique finger(s) or other physical features) unlocks any device(s), the agents will not state or otherwise imply that the warrant requires the person to provide such information, and will make clear that providing any such information is voluntary and that the person is free to refuse the request.

That this story broke the same day I published a piece explaining how to hard-lock an iPhone to disable Face ID and Touch ID authentication until the device passcode has been entered, is rather amazing. I was inspired to post that yesterday in light of privacy concerns stemming from the Supreme Court’s repeal of abortion rights in America, but the situation I described — that law enforcement can force you to use your fingerprints or face to unlock a device, but cannot force you to reveal your passcode — is perfectly exemplified by the warrant against Eastman.

Watching the video of Eastman’s iPhone being confiscated, it’s possible he had no opportunity to hard-lock the device even if he’d known how to. The video Eastman gave to Fox News starts with him with his hands already on his head, and an FBI agent frisking him, finding the phone in a belt holster, and taking it.