Hacker News: willstrafach

New comment by willstrafach in "How did Facebook intercept their competitor's encrypted mobile app traffic?"

willstrafach — Sun, 28 Jul 2024 16:17:23 +0000

“Facebook Research” was the Onavo codebase, under a different name, signed by Facebook’s Enterprise certificate.

New comment by willstrafach in "Apple responds to the Beeper iMessage saga: 'We took steps to protect our users'"

willstrafach — Sun, 17 Dec 2023 18:17:32 +0000

iOS devices must be activated to use them. This is indeed stored in a database. AppleCare and third-party repair centers can query activation information using GSX.

You are correct about pre-T1 Intel Macs though. Apple will have a blind spot by design, until support is dropped for old machines.

New comment by willstrafach in "Apple Passkey"

willstrafach — Tue, 07 Jun 2022 03:41:25 +0000

This may help: https://chrome.google.com/webstore/detail/icloud-passwords/p...

New comment by willstrafach in "Tim Hortons app violated laws in collection of ‘vast amounts’ of location data"

willstrafach — Fri, 03 Jun 2022 16:11:37 +0000

> That said, doesn’t iOS notify you when an app wants to use location services? Did all of these users just opt into that? That seems crazy, if so.

Not so crazy.

Local news, weather, and similar apps with a reasonable rationale for Location Services access are often the culprits.

They will put phrases like “See privacy policy.” in the justification text (When asking permission) so they can claim that the user consented.

New comment by willstrafach in "Tim Hortons app violated laws in collection of ‘vast amounts’ of location data"

willstrafach — Fri, 03 Jun 2022 15:59:37 +0000

They have some pretty bad past practices: https://www.zdnet.com/article/accuweather-caught-sending-geo...

And they have continued, off-and-on, to use other location-collecting SDKs.

New comment by willstrafach in "How our free plan stays free"

willstrafach — Wed, 16 Mar 2022 22:01:49 +0000

I think the pitch here is “Semi-managed WireGuard peer provisioning and NAT punching as a service” usable by anyone who may not otherwise have a clue how WireGuard works (eg. friends sharing access to a file/media server), within 5 minutes or less from download/login to “done”

New comment by willstrafach in "Who's Attacking My Server?"

willstrafach — Wed, 16 Mar 2022 04:31:05 +0000

How would that work? Connections are mainly peer-to-peer with Tailscale. An attack (I suppose pushing new key pairs to specific peers and pointing them through a malicious endpoint?) would likely require a very noisy and detectable process.

New comment by willstrafach in "“O, so sorry. I need more time. my country defending Russian invasion”"

willstrafach — Tue, 01 Mar 2022 05:33:38 +0000

This may make sense if they were replying via e-mail to the issue.

New comment by willstrafach in "Our User-Mode WireGuard Year"

willstrafach — Fri, 11 Feb 2022 19:31:58 +0000

Different poster here but just curious: Are you a Deutsche Telekom user, by chance?

New comment by willstrafach in "Facebook-owned sites were down"

willstrafach — Tue, 05 Oct 2021 16:17:46 +0000

The face:b00c part is in the Interface ID, so this did not even need a large block (Though I am sure they have one).

New comment by willstrafach in "Apple’s crackdown on multicast"

willstrafach — Wed, 25 Aug 2021 05:03:59 +0000

In current versions? What permission is this?

New comment by willstrafach in "The short tale of an online scam"

willstrafach — Thu, 01 Jul 2021 17:35:14 +0000

.icu, .club, and a few other gTLDs can often be found for sale at $1-2/year, so they are used by entities in need of low cost disposable domains.

New comment by willstrafach in "Signal's Cellebrite Hack Is Already Causing Grief for the Law"

willstrafach — Wed, 28 Apr 2021 15:26:50 +0000

That is incorrect, Corellium does not ship Apple code.

New comment by willstrafach in "Don’t format a drive of M1 Macs from recovery mode"

willstrafach — Fri, 19 Feb 2021 01:39:31 +0000

If it had a T2, that will store the Apple ID.

New comment by willstrafach in "Apple’s Anti-Tracking Plans for iPhone"

willstrafach — Tue, 15 Dec 2020 17:18:05 +0000

1. You’re allowed to use IDFA. But users will now have to allow access, as a permission dialog will pop up first.

2. The IDFA is just a simple static UUID. It cannot do a very good job at preventing fraud. There is no way to validate anything about it or affirm that it ties to a genuine device.

New comment by willstrafach in "Why radio receivers won’t tune 800-900 MHz"

willstrafach — Sun, 13 Dec 2020 06:20:54 +0000

Pager messages collected on September 11, 2001. They are also a type of communication which is transmitted without encryption.

New comment by willstrafach in "Many of the root certificates on Windows are not needed"

willstrafach — Mon, 19 Oct 2020 16:51:47 +0000

The list can be found here: https://support.apple.com/en-us/HT210770

New comment by willstrafach in "Samsung Ads – Demand-Side Platform"

willstrafach — Sun, 04 Oct 2020 18:34:30 +0000

This one is well worth a try: https://www.amazon.com/Remote-Control-Alternative-Replacemen...

New comment by willstrafach in "Facebook isn’t happy about Apple’s upcoming ad tracking restrictions"

willstrafach — Mon, 31 Aug 2020 00:32:00 +0000

Do you have a source on Apple “killing IDFA”?

My understanding is that they are going to simply show a consent dialog before allowing an app to access the IDFA, similar to what they have done for years to access other sensitive data like Contacts, Location, etc.

New comment by willstrafach in "Why it’s hard to kill the Bloomberg terminal (2019)"

willstrafach — Tue, 21 Jul 2020 21:04:26 +0000

This exists, though not exactly as you describe: https://en.wikipedia.org/wiki/ASmallWorld