Uber Had the Opportunity to Monitor Everything on Your iPhone’s Screen

Daniel Jalkut:

Yesterday, Gizmodo reported that Uber had been granted an entitlement for their iOS app that allowed them to capture an image of an iPhone’s screen at any time, even when the Uber app was not the active app on the phone. This is a big deal, because users don’t typically expect than an iPhone app that is not active might have the ability to eavesdrop on anything they are doing.

I have long felt that the sandboxing infrastructure on both iOS and Mac should be used to more accurately convey to users specifically what the apps they install are capable of doing. Currently the sandboxing system is used primarily to identify to Apple what a specific app’s privileges are. The requested entitlements are used to inform Apple’s decision to approve or reject an app, but the specific list of entitlements is not easily available to users, whose security is actually on the line.

This is absolutely fucking ridiculous. Fuck Uber. Apple should be ashamed for working with them at any level. Allowing an app to covertly record your screen without any prompting is exactly the kind of thing that Apple’s iOS app review process should prevent.

Uber claims they didn’t do anything wrong with this ability, the security researchers told Gizmodo that they didn’t detect anything going on with this code.

There are companies that are less trustworthy than Uber, but few have the opportunity to be as evil on such a large scale. Enabling them to do anything more than operate at a basic level on your platform is a mistake. At this point Apple should block them entirely and attempt to help the Taxi industry to reform and compete with Uber. Not that Apple would ever would, but still that would be the best thing to come out of this. The next best thing would be the improvements to the entitlement system that Jalkut suggests.

I wouldn’t even bother to wonder what Uber are doing on Android, where security is a fucking joke and carriers are still selling devices running ancient versions of that operating system that are affected by dozens of security vulnerabilities. This is especially true for pay-as-you-go phones sold cheaply at places like Walmart, Target, and so on. Those carriers and stores are endangering their customers by continuing to sell these devices.

How the Elderly Lose Their Rights

This is an amazing article by Rachel Aviv for the New Yorker about elderly people in Nevada being tossed out of their homes and having their possessions taken by a genuinely evil system of guardianship that was supposed to take care of them.

There is too much to quote in the article, but the main through-line is about Rennie and Rudy North who were abducted by their state-appointed guardian and everything they own was either sold or trashed. The most ridiculous part is that there’s a company named “Caring Transitions” that was supposed to help them move at one point and, well:

Belshe rescued the art work, in 2013, after Caring Transitions placed the Norths’ belongings in trash bags at the edge of their driveway.

What a caring company.

Planet of the Apes 12: Naruto vs Slater

Sarah Jeong (now of The Verge) contributed this article to Vice’s Motherboard. It’s about the continuing legal struggle for PETA to represent the monkey that took a selfie in PETA’s suit against a photographer who has my surname and gain copyright protection for works created by animals. It may also help animals, and people, in other fields:

Well, it’s not really about monkey copyrights, actually. It’s about Cetacean and about making precedent that will let PETA sue on behalf of animals in more serious matters. And in PETA’s defense, the relevant case law is kind of not great. One of the cases that the judges mentioned during oral argument is a case about a “coalition of clergy, lawyers, and professors” trying to bring a lawsuit on behalf of Guantanamo detainees. It’s not all monkeys and selfies here, there really are larger ramifications to the principles that are being hammered out

The Shinchonji Cult

PRI’s The World continues to have some pretty fascinating stories I wouldn’t otherwise come across. Recently The World told us about colorful taxi cab ceilings in India. Now, their Matthew Bell is covering this crossover between two of my favorite subjects, South Korea and doomsday cults, in Shinchonji:

Lee, the director of the Bible study center I visited, says she has been a member of Shinchonji since 1999.

“We offer a very deep course of study into the Bible,” she says. “This is different than other churches.”

“The students would like to come to class seven days a week, but we limit it to five,” Lee says.

“Shinchonji members are very successful in life,” Lee adds. And then, without being asked about it specifically, she says that some members of Shinchonji have had problems maintaining relationships with their families and keeping up with their careers. But she says such cases are the exception.

Throughout my visit to the study center, a young Korean man in a jacket and glasses points a digital camera at me as I do interviews and observe the scene. When I say his filming is making me uncomfortable, he puts the camera down for a few minutes. Then, he goes back to filming me.

Inside a Ukrainian Nuclear Missile Base

Drew Scanlon of Cloth Map, and my favorite podcast about speedy race cars, Shift+F1, has this great video from his recent tour of a decommissioned nuclear missile base in the Ukraine. In the video Scanlon actually gets to use the launch controls.

Here’s the location on Google’s mapping service:

And here is the museum’s English Wikipedia article.

The Medium Car Crash

The Medium.com logo, in 1997, before Evan Williams. Via archive.org

Evan Williams and his work are profiled in the New York Times by David Streitfeld. He’s behind Twitter and Blogger. There is one good point that succinctly explains a big problem with the web today:

The trouble with the internet, Mr. Williams says, is that it rewards extremes. Say you’re driving down the road and see a car crash. Of course you look. Everyone looks. The internet interprets behavior like this to mean everyone is asking for car crashes, so it tries to supply them.

His goal is to break this pattern. “If I learn that every time I drive down this road I’m going to see more and more car crashes,” he says, “I’m going to take a different road.”

[…]

For five years, Mr. Williams has been refining a communications platform called Medium. Its ambition: define a new model for media in a world struggling under the weight of fake or worthless content. Medium is supposed to be social and collaborative without rewarding the smash-ups. It is supposed to be a force for good.

Medium feels to me like it isn’t as popular as Twitter, but it is a thing that I suspect most people reading this would have read a few articles on.

The article talks about the business model of Medium, how it exists as a platform for writing. I think it misses the real problem with the site, the reason why Medium exists is to profit off of the work of writers. Not that Evan Williams is a bad person — he tried to create a space for good writing in Medium — the real problem with Medium is that it is yet another business that exists as a parasite on a writer’s work without providing them with a living wage or an identity.

The Times article goes on to talk with one writer who made some money on the site. She received $50 per article, when they were paid, and went on to write about 100 in the same year. Not all of those were paid, and $50 isn’t bad at all for a new writer, but even if she had been paid for every article $5000 a year isn’t going to pay the rent.

Whether the business model is correct or not, I read many articles on Medium, I link to very few, and I can’t remember who the authors are of most of the articles I read on the site. Their identity is subsumed into Medium and they no-longer own their writing when it is read on Medium.

A site like Medium can’t help but raise their brand above the authors. Take a look at this article on Medium that I recently linked to.

The only opportunities for an author to express themselves on the page are their byline, and any auto-biographical text that they write in their bio underneath the byline.

In that article by Jose Moran, it is an article exclusively about that author’s work experience at Tesla. We might remember Jose a bit more than anyone else because he works for Tesla, which is an important company in the electric car field even if I don’t like the way they treat their employees.

Here’s how his byline block appears:

Here’s the banner at the bottom of the page when you’re not logged into Medium:

Now let’s pick a recommended article from just above the bottom of the page. The first one is another article about Tesla and it takes us to ThinkProgress, a site that uses Medium as a host for their writing.

Here’s how the author’s byline block is on a page hosted by Medium:

The bio gets cut-off at the top of the page, but there’s a larger version at the bottom with the full text.

Here’s the banner on that hosted site:

What are you signing up for? Medium. Not ThinkProgress, not Jose Moran. You might incidentally get updates from ThinkProgress or Jose after signing up, but Medium-the-business doesn’t give a crap if you do, so long as you keep using Medium.

In both cases the author loses control over their byline as well. Did Joe Romm want to display just part of his byline at the top of the page? We’ll never know, because Medium decided for him.

Does Jose Moran want you to sign up for more updates from him in case he posts an update where Elon grows some balls and lets his employee’s Unionize? Medium decided that no, what you want to do is sign up for Medium.

The only person that has an author’s best interests in mind is that author.

When an author has their own site, they are totally free to express themselves with more than just a byline. Nuclear Monster is to my taste as a modification of the free software WordPress. At the top of the page, that’s a logo I made with the feedback of friends. I picked out the colors of the site, and what code I wanted to use. I decided what the site’s focus should be. Medium pages are identical, generic and bland, because they express the identity of that site instead of the identity of that author.

Those bylines above are actually an improvement over the original Medium. Back in 2013 the author’s byline looked like this:

It is possible that the 2013 byline looked a little better, I have cribbed it from the archive.org version which sometimes isn’t able to preserve the entire detail of an archived page. However, it matches my memory of the site. No author photo or bio.

When you follow an author who has their own site by subscribing to their RSS feed, or on Facebook, or Twitter, you’re going to get to their site as the destination to read their work.

That author gets to decide if they’re going to link off-site at the bottom of their article page. I don’t personally like those kinds of advertisements, so I just have a rotating group of related articles from Nuclear Monster, but at least I have a choice and could decide if I wanted them. Jose Moran has no option after choosing to use Medium to host his writing. There are links to whatever articles the Medium algorithm picked.

As a writer, I hope that Medium fails, because it can’t exist as a functioning business without exploiting authors who need to establish their own identity in order to survive. I want to see more writers own their own websites or choose to work collectively with others instead of seeing their work stripped of identity and authorial ownership to another business intent on exploiting them.

The problem with San Francisco area startups is that they are all car crashes intent on smashing into as many people as possible before the money dries up and they leave without insurance to clean up the mess they left behind.

When Medium fails and is sold to Verizon, it will leave writers bloodied and bruised in its wake who haven’t established their own identity and they may be so frustrated with the experience that they give up on writing entirely.

Alex Tizon’s Story of Slavery in America and the Philippines

Heartbreaking story from Alex Tizon:

To our American neighbors, we were model immigrants, a poster family. They told us so. My father had a law degree, my mother was on her way to becoming a doctor, and my siblings and I got good grades and always said “please” and “thank you.” We never talked about Lola. Our secret went to the core of who we were and, at least for us kids, who we wanted to be.

Everybody has family secrets when they’re growing up, but I don’t think I know anyone with anything like this in their past. Then there’s the awful editor’s note:

And we were heartbroken to learn on Friday, March 24, that Alex Tizon had died. His story editor here at the magazine, Denise Kersten Wills, found out late that evening that Alex had been found dead in his home in Eugene, Oregon. He had died in his sleep, of natural causes. He was 57 years old.

A Legally Operated Taxi Service Wouldn’t Do This

Mike Isaac for the New York Times:

Uber has for years engaged in a worldwide program to deceive the authorities in markets where its low-cost ride-hailing service was being resisted by law enforcement or, in some instances, had been outright banned.

The program, involving a tool called Greyball, uses data collected from the Uber app and other techniques to identify and circumvent officials. Uber used these methods to evade the authorities in cities such as Boston, Paris and Las Vegas, and in countries like Australia, China, Italy and South Korea.

[…]

If users were identified as being connected to law enforcement, Uber Greyballed them by tagging them with a small piece of code that read “Greyball” followed by a string of numbers.

When someone tagged this way called a car, Uber could scramble a set of ghost cars inside a fake version of the app for that person to see, or show that no cars were available.

Intentionally obstructing local authorities from using their service probably isn’t illegal, but it isn’t something you would have to do if you were proud of your product and thought it was defensible in a court of law.

Could you imagine if Apple checked if users were government agents and shut off their laptop or desktop computers? Not that our government would worry, the president only uses devices that are designed in Korea.

Delete Uber Parts 1-3999

Nick Heer has this round-up of Uber in the news for the past 3 years. It includes this gem, from Buzzfeed:

Early this November, one of the reporters of this story, Johana Bhuiyan, arrived to Uber’s New York headquarters in Long Island City for an interview with Josh Mohrer, the general manager of Uber New York. Stepping out of her vehicle — an Uber car — she found Mohrer waiting for her. “There you are,” he said, holding his iPhone and gesturing at it. “I was tracking you.”

Mohrer never asked for permission to track her.