Archiv des Autors: innovation

Is it time to leave WhatsApp – and is Signal the answer!

 

The Facebook-owned messaging service has been hit by a global backlash over privacy. Many users are migrating to Signal or Telegram. Should you join them?

Whatsapp, Signal and Telegram app icons  on a smartphone screen
WhatsApp, Signal and Telegram: three leading choices for messaging services. Photograph: Rafael Henrique/Sopa Images/RexShutterstock
 

Earlier this month, WhatsApp issued a new privacy policy along with an ultimatum: accept these new terms, or delete WhatsApp from your smartphone. But the new privacy policy wasn’t particularly clear, and it was widely misinterpreted to mean WhatsApp would be sharing more sensitive personal data with its parent company Facebook. Unsurprisingly, it prompted a fierce backlash, with many users threatening to stop using the service.

WhatsApp soon issued a clarification, explaining that the new policy only affects the way users’ accounts interact with businesses (ie not with their friends) and does not mandate any new data collection. The messaging app also delayed the introduction of the policy by three months. Crucially, WhatsApp said, the new policy doesn’t affect the content of your chats, which remain protected by end-to-end encryption – the “gold standard” of security that means no one can view the content of messages, even WhatsApp, Facebook, or the authorities.

 

But the damage had already been done. The bungled communication attempts have raised awareness that WhatsApp does collect a lot of data, and some of this could be shared with Facebook. The BBC reported that Signal was downloaded 246,000 times worldwide in the week before WhatsApp announced the change on 4 January, and 8.8m times the week after.

WhatsApp does share some data with Facebook, including phone numbers and profile name, but this has been happening for years. WhatsApp has stated that in the UK and EU the update does not share further data with Facebook – because of strict privacy regulation, known as the general update to data protection regulation (GDPR). The messaging app doesn’t gather the content of your chats, but it does collect the metadata attached to them – such as the sender, the time a message was sent and who it was sent to. This can be shared with “Facebook companies”.

Facebook’s highly criticised data collection ethos has eroded trust in the social network. Its practices can put vulnerable people at risk, says Emily Overton, a data protection expert and managing director of RMGirl. She cites the example of Facebook’s “people you may know” algorithm exposing sex workers’ real names to their clients – despite both parties taking care to set up fake identities. “The more data they profile, the more they put people in vulnerable positions at risk.”

And the social network isn’t known for keeping promises. When Facebook bought WhatsApp in 2014, it pledged to keep the two services separate. Yet only a few years later, Facebook announced aims to integrate the messaging systems of Facebook, Instagram and WhatsApp. This appears to have stalled owing to technical and regulatory difficulties around encryption, but it’s still the long-term plan.


Why are people choosing Signal over Telegram?

Signal, a secure messaging app recommended by authorities such as the Electronic Frontier Foundation and Edward Snowden, has been the main beneficiary of the WhatsApp exodus. Another messaging app, Telegram, has also experienced an uptick in downloads, but Signal has been topping the charts on the Apple and Android app stores.

Signal benefits from being the most similar to WhatsApp in terms of features, while Telegram has had problems as a secure and private messaging app, with its live location feature recently coming under fire for privacy infringements. Crucially, Telegram is not end-to-end encrypted by default, instead storing your data in the cloud. Signal is end-to-end encrypted, collects less data than Telegram and stores messages on your device rather than in the cloud.


Does Signal have all the features I am used to and why is it more private?

Yes, Signal has most of the features you are used to on WhatsApp, such as stickers and emojis. You can set up and name groups, and it’s easy to send a message: just bring up the pen sign in the right-hand corner.

Signal has a desktop app, and you can voice and video chat with up to eight people. Like WhatsApp, Signal uses your phone number as your identity, something that has concerned some privacy and security advocates. However, the company has introduced pin codes in the hope of moving to a more secure and private way of identifying users in the future.

As well as being end-to-end encrypted, both WhatsApp and Signal have a “disappearing messages” feature for additional privacy. The major difference is how each app is funded. WhatsApp is owned by Facebook, whose business model is based on advertising. Signal is privacy focused and has no desire to analyse, share or profit from users’ private information, says Jake Moore, cybersecurity specialist at ESET.

Signal is supported by the non-profit Signal Foundation, set up in 2018 by WhatsApp founder Brian Acton and security researcher (and Signal Messenger CEO) Moxie Marlinspike, who created an encryption protocol that is used by several messaging services, including WhatsApp and Skype as well as Signal itself. Acton, who left Facebook in 2017 after expressing concerns over how the company operated, donated an initial $50m to Signal, and the open-source app is now funded by the community. Essentially that means developers across the world will continually work on it and fix security issues as part of a collaborative effort, making the app arguably more secure.

But there are concerns over whether Signal can maintain this free model as its user base increases to the tens, or potentially in the future, hundreds of millions. Signal is adamant it can continue to offer its service for free. “As a non-profit, we simply need to break even,” says Aruna Harder, the app’s COO.

Signal is exclusively supported by grants and donations, says Acton. “We believe that millions of people value privacy enough to sustain it, and we’re here to demonstrate that there is an alternative to the ad-based business models that exploit user privacy.”


I want to move to Signal. How do you persuade WhatsApp groups to switch?

The momentum away from WhatsApp does appear to be building, and you may find more of your friends have switched to Signal already. But persuading a larger contact group can be more challenging.

Overton has been using Signal for several years and says all her regular contacts use the app. “Even when dating online, I ask the person I want to go on a date with to download Signal, or they don’t get my number.”

Some Signal advocates have already begun to migrate their groups over from WhatsApp. Jim Creese, a security expert, is moving a neighbourhood text group of 100 people to Signal. He is starting with a smaller sub-group of 20, some of whom struggle with technology. Creese says most are ambivalent about switching “as long as the new method isn’t more difficult”.

He advises anyone who’s moving groups across apps to focus on the “why” first. “Explain the reasons for the change, how it is likely to affect them, and the benefits. Don’t rush the process. While WhatsApp might not be where you want to be today, there’s no emergency requiring an immediate move.”

Moore thinks the shift away from WhatsApp will continue to gain momentum, but he says it will take time to move everyone across. Until then, it’s likely you will need to keep both WhatsApp and Signal on your phone.

Moore is in the process of moving a family chat to Signal, for the second time. “When I originally tried, one family member didn’t understand my concerns and thought I was being overcautious.

“However, the recent news has helped him understand the potential issues and why moving isn’t such a bad idea. The next hurdle will be getting my mother to download a new app and use it for the first time without me physically assisting her.”

Source: https://www.theguardian.com/technology/2021/jan/24/is-it-time-to-leave-whatsapp-and-is-signal-the-answer

The Messenger Alternatives

Some use the internet, some function without servers, some are paid and others are free, but all these apps claim to have one thing in common—respect for user privacy

alternate apps_bgImage: Jaap Arriens/NurPhoto via Getty Images

Ever since WhatsApp announced an update in its privacy policy, thousands of people rushed to download messenger alternatives such as Signal and Telegram. While these two have been in the news for their security features that are tighter than the messaging giant’s, there are other applications that have been around, used for both facilitating consumer-to-consumer messaging and within enterprises for their internal communication.While some of these alternative apps need the internet, others don’t. Some function without servers with peer-to-peer technology, and are on a subscription model, while others are free to use. But they all claim to have one thing in common–respect for users’ privacy.

Although security and privacy-related technologies are constantly evolving making it difficult to lay down a clear benchmark for which app is completely secure, there are a few things users should be aware of to ensure their privacy is not compromised, say technology and privacy experts.First, says Divij Joshi, technology policy fellow at Mozilla Foundation, a global non-profit, “It’s definitely important to have a communications protocol based on end-to-end encryption.”End-to-end encryption refers to a system of communication wherein only the sender and receiver can read the messages and see the content shared.However, Joseph Aloysius, a Singapore-based student researcher in surveillance studies, says, “Even with encryption it is important that it is device-based end-to-end encryption, and not cloud-based. In addition, the encryption setting should be a default setting, not optional as seen in Telegram.”Another point to keep in mind is to ensure that technologies collect as little metadata–information not related to the message content but things like quantum or location of messages–as possible, adds Joshi.Second, they should be open source and left open for public auditing. “Ideally, it’s best if companies leave the server code open as Signal has done,” says Aloysius.Both Joshi and Aloysius are of the view that it is also necessary to ensure that the corporate practices of the application are clear and fair. “For instance, terms of use, the privacy policy, so they can’t alter the technology or data collection practices arbitrarily,” says Joshi.Although there has been an uproar about the latest changes to the privacy policy, WhatsApp continues to remain popular primarily due to its ease of use and convenience, say experts. “For some, it may also be a cost concern. There may also be a false sense of security since nothing apparent has gone wrong and there have been no consequences to date for them using the app for business purposes,” explains Heidi Shey, principal analyst, security and risk, Forrester.However, if you are a user who is concerned about privacy, here is a lowdown on alternatives to WhatsApp and the features they offer.Wickr

wickr

The San Francisco-based app, founded in 2012, is used by some of the biggest players in the federal space including the U.S. Department of Defense. It has also been validated by the National Security Agency as the, “most secure collaboration tool in the world,” says co-founder and CTO of Wickr, Chris Howell. He adds, “Our government and enterprise customers choose Wickr because we have the most secure, end-to-end encrypted platform on the market that enables sensitive mission and business communications without compromising compliance.”Wickr’s largest user base is in the US, followed by Europe, India and Australia, but it has seen an uptick in both their consumer and commercial platforms ever since WhatsApp announced plans to update its privacy policy, says Howell.While the app can be deployed by organisations in highly regulated industries such as banking, energy, healthcare and the federal government, one of its versions, Wickr Me, is more suitable for one-on-one conversations with family and friends. Wickr cannot identify owners because it doesn’t have access to any personal information. The data is encrypted and not accessible to the company. All the messages are stored on the user’s device and for a brief period on Wickr’s servers, but get deleted upon delivery. Since messages are end-to-end encrypted, even when messages are on the server, they are not available to the company.With Wickr Me, users can share files, photos, videos and voice messages, and also do video and audio conferencing. The messages are ephemeral, meaning they only exist for a limited amount of time and get permanently deleted from the sending as well as the receiving device after a while. Therefore, if the recipient doesn’t check Wickr frequently, the messages may never get delivered. “Wickr’s security architecture and proprietary encryption methodology is designed to ensure that only users can gain access to their message content. Users’ content is encrypted locally on their device and is accessible only to intended recipients,” explains Howell.Jami

jami

An open-source service, Jami doesn’t store users’ personal information on a central server, guaranteeing users full anonymity and privacy. Around since 2013, Christophe Villemer, advocacy vice-president of the Canada-based messenger app, says, “We really are a newcomer in the market, we estimate there are around 100,000 users around the globe but our community is growing every day.” He says Jami is peer-to-peer, which means it doesn’t require a server for relaying data between users. Therefore, users don’t have to worry about a third party conserving their video or data on its servers. With features such as HD video calling, instant and voice messaging, and file sharing, the service is free to use. All the connections are end-to-end encrypted. “At Jami, we think that privacy is a primary right on the internet. Everybody should be free not to give their data to corporations to benefit from an essential service on the internet,” says Villemer. “Also, we think that our solution, as it’s peer-to-peer, is globally better for the environment because it does not rely on huge server farms or data-centers,” he adds. Users of the service have no restrictions in terms of the size of the files they share, nor speed, bandwidth, features, number of accounts or storage. In addition, if users are on the same local network, they can communicate using Jami even if they are disconnected from the internet. “There will never be advertising on Jami,” says Villemer.Briar

briar

Briar Messenger is a not-for-profit organisation that started off as a project by Michael Rogers in an attempt to support freedom of expression, freedom of association, and the right to privacy. In India, Briar is extremely popular in Kashmir. Reason? It can work without the internet via Wi-Fi or Bluetooth. Launched in 2018, this application uses direct, encrypted connections to prevent surveillance and censorship. Briar allows users to form private groups (with one admin that can invite others), write blogs, and also create public discussion forums. The application doesn’t rely on central servers and sends across messages without leaking metadata.Torsten Grote, senior developer, Briar Messenger, says, “Briar is for users who have higher security requirements such as not wanting to reveal who their contacts are (think journalist and source) or for users who need to keep the communication going when the internet is not available, be it because of natural disasters or deliberate shutdowns.” So far, Briar has around 200,000 downloads on Google Play and around 100,000 downloads from their website. The application is also available on F-Droid and other independent stores, which don’t track downloads. However, “thanks to the WhatsApp policy change,” says Grote, “we are seeing 7x the usual number of downloads.”Threema

threema

In 2012, three young software developers from Switzerland decided to create a secure instant messenger that would prevent the misuse of user data by companies and surveillance by governments. After Facebook bought WhatsApp in early 2014, the number of users climbed to 2 million in just a few weeks. “In Threema, all communication is protected in the best possible way by end-to-end encryption. Since Threema is open source, users can independently verify that Threema doesn’t have access to any user data that could be handed over to third parties,” says Roman Flepp, head of marketing and sales, Threema.One of Threema’s guiding principles is “metadata restraint”, which means if there is no data, no data can be misused, either by corporations, hackers or surveillance authorities. Currently, the messenger has over 9 million users. In the light of the recent WhatsApp privacy issue, Flepp claims the daily download numbers have increased significantly, by a factor of 10. This growth has been consistently high since the policy change was announced. He adds, “This whole controversy could be a game changer. Now more and more people are looking around for a more private and secure messaging solution.”The application can be used not only by individual users, but also businesses. Threema has various business solutions such as Threema Work and Threema Education. “Especially in the business environment, it is crucial that a secure and privacy-compliant solution is used for work-related communication. We see a great demand, more than 5,000 companies are already using our business solution Threema Work,” says Flepp. Currently, the team is working on creating a multi-device solution that will allow users to use Threema on multiple devices.****While a bunch of these applications are great options for secure peer-to-peer messaging, it is not a very sustainable revenue model for most of these companies. Hence, a few of them have moved to offer enterprise solutions. “For business use, a consumer-focused messaging app [like WhatsApp] is insufficient because it isn’t designed with business requirements for security, privacy, and compliance in mind,” says Shey.Post the recent announcement about the policy changes, a lot of government organisations and companies banned the use of applications like WhatsApp on company-issued devices and for work. We take a look at some applications that offer paid messaging solutions to businesses.Wire

wire

Though the idea for Wire was conceived in 2012, the product was only launched in 2014 and initially for consumers. However, in 2017, the Germany-based company decided to focus mainly on enterprises. This was because, says Morten Brøgger, CEO of Wire, “We were against giants like Facebook, and consumers were not willing to understand the importance of privacy and pay for it.” This was also around the same time that the General Data Protection Regulation (EU GDPR) was coming up, and privacy was becoming a major concern for organisations. “Hence, we felt the solution we built would be extremely compelling to enterprise consumers,” he adds.Currently, Wire has close to 1,800 paid customers, which mainly include governments and large enterprises, whereas, for the general free solution, they have about half a million monthly active users. Most of their paid customers are in Germany, North America, Australia, the Middle East, and some European countries.Most of the traditional enterprise SaaS solutions have a few risk points, including “man in the middle vulnerability” since the cloud provider is in the middle, which means all the processing and storage happens on the cloud. The main weakness here is that the cloud provider can technically access the encryption key, which means the cloud provider can technically read and listen to all your content. However, Wire has a very different architecture, wherein there is no man in the middle. “All the data resides in the application on your device. There is some storage on the cloud, for bigger files, and these are secured with individual encryption keys. But the encryption keys only exist on the devices of our users, there’s no copy of the keys on the cloud,” Brøgger says.Another USP of this open-source application is that every time you send or receive a message—be it a text message, call, video conference or screen share—the encryption key updates, hence giving each individual message a unique encryption key. Says Brøgger, “We don’t know who the users are, what they are using it for and we barely collect any metadata, whatever little is collected to help synchronise different devices is also anonymised.”Currently, the company is going at 400 percent revenue growth year-on-year. “We saw a great spike in the paid clients at the beginning of the pandemic, and now [due to the WhatsApp privacy policy issue] since enterprises are becoming more aware of the importance of privacy.”Troop

troop_messenger

Troop Messenger was launched in mid-2018 as an internal messaging app for enterprises. “It is a home-grown, made in India, robust and a secured business messaging platform,” says CEO and founder Sudhir Naidu. A single platform, it enables internal teams to chat, make audio and video calls, convert them into conferencing, share screens, and create groups. It also features a self-destructible chat window to exchange secured information, and will shortly introduce an email client so users can both send e-mails and messages. “We have pledged that we would not sell any kind of user data to any third-party organisations. We assess and track all kinds of intrusions and attacks and follow the policy of honestly disclosing to clients if there is a breach which involves a threat to their data,” says Naidu. Additionally, Troop follows a stringent and comprehensive internal security framework and policy, in terms of development, testing and release.Besides Indian enterprises, Troop Messenger has been seeing good traction from the US, UK and the Middle East, informs Naidu. “We see three times the usual daily registrations for our platform, since the [WhatsApp] policy came out,” he says. “Businesses that were using WhatsApp before are actively looking out for much safer and business-oriented platforms such as ours,” he adds.Arattai

arattai

Zoho Corp, which has products like Zoho Mail and Zoho Business Suite, released a beta version of its messaging application Arattai, meaning chit-chat in Tamil, in the middle of the pandemic in 2020. “More than 70,000 users have already downloaded Arattai and we didn’t advertise at all,” says Praval Singh, VP, marketing at Zoho Corp. “The final application is close to being launched,” he adds. As a privately held company, Singh says, their focus is on user privacy. “We have retained that we’ve held that stance in many ways for our enterprise and business users. And we would like to take it forward with consumer applications as well. For example, we don’t use our own application or data of users to share with third parties, either as a monetisation strategy or for any other reason. So, data that sits on an application doesn’t go to a third party,” he says. In fact, they own their data centers. Therefore, they are not dependent on any third party or public clouds for storage. Spike

spike

Initially released in October 2018, Spike is a conversational and collaborative email application that turns legacy email into a synchronic chat-like experience, adding tasks, collaborative notes and multimedia to create a single feed for work.Instead of using another application, Spike turns an individual’s email address inbox into a hub for chatting with co-workers, friends, and family–as well as a place to work on documents, manage tasks, and share files. Unlike WhatsApp groups, says Dvir Ben-Aroya, co-founder and CEO of Spike, “Spike groups provide a real-time collaborative tool for businesses, without switching between separate team messenger apps.” The application promises to store minimum data to provide fast communication and ensure privacy. Currently, Spike has over 100,000 active teams using this application.“We’ve seen a drastic uptick in users after the WhatsApp announcement, but since we track minimal user data, we cannot access specific data or directly attribute these users’ behaviour with correlation to using WhatsApp,” he says. Its highest user base is in the US, Germany, the UK, and it is very popular in India, especially among students and educators.(With inputs from Namrata Sahoo)

Source: https://www.forbesindia.com/article/take-one-big-story-of-the-day/whatsalt-the-messenger-alternatives/65909/1

WhatsApp Has Shared Your Data With Facebook for Years, Actually

WhatsApp Has Shared Your Data With Facebook for Years, Actually

“I don’t trust any product made by Facebook,” says Evan Greer, deputy director of the digital rights group Fight for the Future. “Their business model is surveillance. Never forget that.”

A pop-up notification has alerted the messaging app’s users to a practice that’s been in place since 2016.

two guys on the phone
Your encrypted messages are still safe, but it’s a rude awakening for many WhatsApp users.Photograph: Noam Galai/Getty Images

Since Facebook acquired WhatsApp in 2014, users have wondered and worried about how much data would flow between the two platforms. Many of them experienced a rude awakening this week, as a new in-app notification raises awareness about a step WhatsApp actually took to share more with Facebook back in 2016.

On Monday, WhatsApp updated its terms of use and privacy policy, primarily to expand on its practices around how WhatsApp business users can store their communications. A pop-up has been notifying users that as of February 8, the app’s privacy policy will change and they must accept the terms to keep using the app. As part of that privacy policy refresh, WhatsApp also removed a passage about opting out of sharing certain data with Facebook: „If you are an existing user, you can choose not to have your WhatsApp account information shared with Facebook to improve your Facebook ads and products experiences.“ 

Some media outlets and confused WhatsApp users understandably assumed that this meant WhatsApp had finally crossed a line, requiring data-sharing with no alternative. But in fact the company says that the privacy policy deletion simply reflects how WhatsApp has shared data with Facebook since 2016 for the vast majority of its now 2 billion-plus users.

When WhatsApp launched a major update to its privacy policy in August 2016, it started sharing user information and metadata with Facebook. At that time, the messaging service offered its billion existing users 30 days to opt out of at least some of the sharing. If you chose to opt out at the time, WhatsApp will continue to honor that choice. The feature is long gone from the app settings, but you can check whether you’re opted out through the “Request account info” function in Settings. 

Meanwhile, the billion-plus users WhatsApp has added since 2016, along with anyone who missed that opt-out window, have had their data shared with Facebook all this time. WhatsApp emphasized to WIRED that this week’s privacy policy changes do not actually impact WhatsApp’s existing practices or behavior around sharing data with Facebook. 

“Our updated Terms and Privacy Policy provide more information on how we process your data, and our commitment to privacy,” WhatsApp wrote on Monday. “As part of the Facebook Companies, WhatsApp partners with Facebook to offer experiences and integrations across Facebook’s family of apps and products.”

„I don’t trust any product made by Facebook.“

Evan Greer, Fight for the Future

None of this has at any point impacted WhatsApp’s marquee feature: end-to-end encryption. Messages, photos, and other content you send and receive on WhatsApp can only be viewed on your smartphone and the devices of the people you choose to message with. WhatsApp and Facebook itself can’t access your communications. In fact, Facebook CEO Mark Zuckerberg has repeatedly affirmed his commitment to expanding end-to-end encryption offerings as part of tying the company’s different communication platforms together. But that doesn’t mean there isn’t still a trove of other data WhatsApp can collect and share about how you use the app. The company says it collects user information „to operate, provide, improve, understand, customize, support, and market our Services.”

In practice, this means that WhatsApp shares a lot of intel with Facebook, including  account information like your phone number, logs of how long and how often you use WhatsApp, information about how you interact with other users, device identifiers, and other device details like IP address, operating system, browser details, battery health information, app version, mobile network, language and time zone. Transaction and payment data, cookies, and location information are also all fair game to share with Facebook depending on the permissions you grant WhatsApp in the first place.

“WhatsApp is great for protecting the privacy of your message content,” says Johns Hopkins University cryptographer Matthew Green. “But it feels like the privacy of everything else you do is up for grabs.“Get WIRED for $5. SubscribeAdvertisement

Facebook purchased WhatsApp in 2014 and noted at the time that it and the company’s chat platform Messenger would operate as “standalone” products. The slow shift toward integration has been controversial internally, and may have contributed to the departure in late 2017 and 2018, respectively, of WhatsApp cofounders Brian Acton and Jan Koum. A few months after leaving, Acton cofounded the nonprofit Signal Foundation. The organization maintains and develops the open source Signal Protocol, which WhatsApp and the secure messaging app Signal, among others, use to implement end-to-end encryption.

“Today privacy is becoming a much more mainstream discussion,” Acton said at the WIRED25 conference in 2019. „People are asking questions about privacy, and they want security and privacy built into the terms of service.”

Though this week’s WhatsApp privacy policy revisions don’t actually alter the messaging service’s behavior, it’s significant that users may have thought the company was offering an opt-out option all these years that didn’t actually exist. A level of data-sharing that some users disagree with and even fear has already been going on. Given the reality that Facebook has owned WhatsApp for the better part of a decade, this clarification seems to some like simply reckoning with the inevitable.

“I don’t trust any product made by Facebook,” says Evan Greer, deputy director of the digital rights group Fight for the Future. “Their business model is surveillance. Never forget that.”

source: https://www.wired.com/story/whatsapp-facebook-data-share-notification/

Signal Is Finally Bringing Its Secure Messaging to the Masses

Signal Is Finally Bringing Its Secure Messaging to the Masses

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.
Moxie Marlinspike
Signal creator Moxie Marlinspike is ready for his encrypted messaging app to go mainstream.Photograph: Michelle Groskopf

Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a Midwestern-looking man in his sixties, asked for help. He couldn’t figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal.

Marlinspike launched Signal, widely considered the world’s most secure end-to-end encrypted messaging app, nearly five years ago, and today heads the nonprofit Signal Foundation that maintains it. But the man on the plane didn’t know any of that. He was not, in fact, trolling Marlinspike, who politely showed him how to enable airplane mode and handed the phone back.

„I try to remember moments like that in building Signal,“ Marlinspike told WIRED in an interview over a Signal-enabled phone call the day after that flight. „The choices we’re making, the app we’re trying to create, it needs to be for people who don’t know how to enable airplane mode on their phone,“ Marlinspike says.

 

Marlinspike has always talked about making encrypted communications easy enough for anyone to use. The difference, today, is that Signal is finally reaching that mass audience it was always been intended for—not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years—thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream.

That new phase in Signal’s evolution began two years ago this month. That’s when WhatsApp cofounder Brian Acton, a few months removed from leaving the app he built amid post-acquisition clashes with Facebook management, injected $50 million into Marlinspike’s end-to-end encrypted messaging project. Acton also joined the newly created Signal Foundation as executive chairman. The pairing up made sense; WhatsApp had used Signal’s open source protocol to encrypt all WhatsApp communications end-to-end by default, and Acton had grown disaffected with what he saw as Facebook’s attempts to erode WhatsApp’s privacy.

 

Since then, Marlinspike’s nonprofit has put Acton’s millions—and his experience building an app with billions of users—to work. After years of scraping by with just three overworked full-time staffers, the Signal Foundation now has 20 employees. For years a bare-bones texting and calling app, Signal has increasingly become a fully featured, mainstream communications platform. With its new coding muscle, it has rolled out features at a breakneck speed: In just the last three months, Signal has added support for iPad, ephemeral images and video designed to disappear after a single viewing, downloadable customizable „stickers,“ and emoji reactions. More significantly, it announced plans to roll out a new system for group messaging, and an experimental method for storing encrypted contacts in the cloud.

Moxie Marlinspike
Photograph: Michelle Groskopf

 

„The major transition Signal has undergone is from a three-person small effort to something that is now a serious project with the capacity to do what is required to build software in the world today,“ Marlinspike says.

Many of those features might sound trivial. They certainly aren’t the sort that appealed to Signal’s earliest core users. Instead, they’re what Acton calls „enrichment features.“ They’re designed to attract normal people who want a messaging app as multifunctional as WhatsApp, iMessage, or Facebook Messenger but still value Signal’s widely trusted security and the fact that it collects virtually no user data. „This is not just for hyperparanoid security researchers, but for the masses,“ says Acton. „This is something for everyone in the world.“

Even before those crowdpleaser features, Signal was growing at a rate most startups would envy. When WIRED profiled Marlinspike in 2016, he would confirm only that Signal had at least two million users. Today, he remains tightlipped about Signal’s total user base, but it’s had more than 10 million downloads on Android alone according to the Google Play Store’s count. Acton adds that another 40 percent of the app’s users are on iOS.

Its adoption has spread from Black Lives Matters and pro-choice activists in Latin America to politicians and political aides—even noted technically incompetent ones like Rudy Giuliani—to NBA and NFL players. In 2017, it appeared in the hacker show Mr. Robot and political thriller House of Cards. Last year, in a sign of its changing audience, it showed up in the teen drama Euphoria.

Identifying the features mass audiences want isn’t so hard. But building even simple-sounding enhancements within Signal’s privacy constraints—including a lack of metadata that even WhatsApp doesn’t promise–can require significant feats of security engineering, and in some cases actual new research in cryptography.

Take stickers, one of the simpler recent Signal upgrades. On a less secure platform, that sort of integration is fairly straightforward. For Signal, it required designing a system where every sticker „pack“ is encrypted with a „pack key.“ That key is itself encrypted and shared from one user to another when someone wants to install new stickers on their phone, so that Signal’s server can never see decrypted stickers or even identify the Signal user who created or sent them.

Signal’s new group messaging, which will allow administrators to add and remove people from groups without a Signal server ever being aware of that group’s members, required going further still. Signal partnered with Microsoft Research to invent a novel form of „anonymous credentials“ that let a server gatekeep who belongs in a group, but without ever learning the members‘ identities. „It required coming up with some innovations in the world of cryptography,“ Marlinspike says. „And in the end, it’s just invisible. It’s just groups, and it works like we expect groups to work.“

 

Signal is rethinking how it keeps track of its users‘ social graphs, too. Another new feature it’s testing, called „secure value recovery,“ would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone. That server-stored contact list would be preserved even when you switch to a new phone. To prevent Signal’s servers from seeing those contacts, it would encrypt them with a key stored in the SGX secure enclave that’s meant to hide certain data even from the rest of the server’s operating system.

That feature might someday even allow Signal to ditch its current system of identifying users based on their phone numbers—a feature that many privacy advocates have criticized, since it forces anyone who wants to be contacted via Signal to hand out a cell phone number, often to strangers. Instead, it could store persistent identities for users securely on its servers. „I’ll just say, this is something we’re thinking about,“ says Marlinspike. Secure value recovery, he says, „would be the first step in resolving that.“

 

With new features comes additional complexity, which may add more chances for security vulnerabilities to slip into Signal’s engineering, warns Matthew Green, a cryptographer at Johns Hopkins University. Depending on Intel’s SGX feature, for instance, could let hackers steal secrets the next time security researchers expose a vulnerability in Intel hardware. For that reason, he says that some of Signal’s new features should ideally come with an opt-out switch. „I hope this isn’t all or nothing, that Moxie gives me the option to not use this,“ Green says.

But overall, Green says he’s impressed with the engineering that Signal has put into its evolution. And making Signal friendlier to normal people only becomes more important as Silicon Valley companies come under increasing pressure from governments to create encryption backdoors for law enforcement, and as Facebook hints that its own ambitious end-to-end encryption plans are still years away from coming to fruition.

„Signal is thinking hard about how to give people the functionality they want without compromising privacy too much, and that’s really important,“ Green adds. „If you see Signal as important for secure communication in the future—and possibly you don’t see Facebook or WhatsApp as being reliable—then you definitely need Signal to be usable by a larger group of people. That means having these features.“

Brian Acton doesn’t hide his ambition that Signal could, in fact, grow into a WhatsApp-sized service. After all, Acton not only founded WhatsApp and helped it grow to billions of users, but before that joined Yahoo in its early, explosive growth days of the mid-1990s. He thinks he can do it again. „I’d like for Signal to reach billions of users. I know what it takes to do that. I did that,“ says Acton. „I’d love to have it happen in the next five years or less.“

That wild ambition, to get Signal installed onto a significant fraction of all the phones on the planet, represents a shift—if not for Acton, then for Marlinspike. Just three years ago, Signal’s creator mused in an interview with WIRED that he hoped Signal could someday „fade away,“ ideally after its encryption had been widely implemented in other billion-user networks like WhatsApp. Now, it seems, Signal hopes to not merely influence tech’s behemoths, but to become one.

But Marlinspike argues that Signal’s fundamental aims haven’t changed, only its strategy—and its resources. „This has always been the goal: to create something that people can use for everything,“ Marlinspike says. „I said we wanted to make private communication simple, and end-to-end encryption ubiquitous, and push the envelope of privacy-preserving technology. This is what I meant.“

Source: https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/

More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government

WASHINGTON — Federal officials issued an urgent warning on Thursday that hackers who American intelligence agencies believed were working for the Kremlin used a far wider variety of tools than previously known to penetrate government systems, and said that the cyberoffensive was “a grave risk to the federal government.”The discovery suggests that the scope of the hacking, which appears to extend beyond nuclear laboratories and Pentagon, Treasury and Commerce Department systems, complicates the challenge for federal investigators as they try to assess the damage and understand what had been stolen.Minutes after the statement from the cybersecurity arm of the Department of Homeland Security, President-elect Joseph R. Biden Jr. warned that his administration would impose “substantial costs” on those responsible.“A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyberassaults on our nation.”

President Trump has yet to say anything about the attack.Echoing the government’s warning, Microsoft said Thursday that it had identified 40 companies, government agencies and think tanks that the suspected Russian hackers, at a minimum, had infiltrated. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms, like FireEye, that are charged with securing vast sections of the public and private sector.

  • Thanks for reading The Times.
Subscribe to The Times
 

“It’s still early days, but we have already identified 40 victims — more than anyone else has stated so far — and believe that number should rise substantially,” Brad Smith, Microsoft’s president, said in an interview on Thursday. “There are more nongovernmental victims than there are governmental victims, with a big focus on I.T. companies, especially in the security industry.”The Energy Department and its National Nuclear Security Administration, which maintains the American nuclear stockpile, were compromised as part of the larger attack, but its investigation found the hack did not affect “mission-essential national security functions,” Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement.“At this point, the investigation has found that the malware has been isolated to business networks only,” Ms. Hynes said. The hack of the nuclear agency was reported earlier by Politico.Officials have yet to publicly name the attacker responsible, but intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency. A Microsoft “heat map” of infections shows that the vast majority — 80 percent — are in the United States, while Russia shows no infections at all.

The government warning, issued by the Cybersecurity and Infrastructure Security Agency, did not detail the new ways that the hackers got into the government systems. But it confirmed suspicions expressed this week by FireEye, a cybersecurity firm, that there were almost certainly other routes that the attackers had found to get into networks on which the day-to-day business of the United States depend.

Dealbook: An examination of the major business and policy headlines and the power brokers who shape them.

FireEye was the first to inform the government that the suspected Russian hackers had, since at least March, infected the periodic software updates issued by a company called SolarWinds, which makes critical network monitoring software used by the government, hundreds of Fortune 500 companies and firms that oversee critical infrastructure, including the power grid.Investigators and other officials say they believe the goal of the Russian attack was traditional espionage, the sort the National Security Agency and other agencies regularly conduct on foreign networks. But the extent and depth of the hacking raise concerns that hackers could ultimately use their access to shutter American systems, corrupt or destroy data, or take command of computer systems that run industrial processes. So far, though, there has been no evidence of that happening.The alert was a clear sign of a new realization of urgency by the government. After playing down the episode — in addition to Mr. Trump’s silence, Secretary of State Mike Pompeo has deflected the hacking as one of the many daily attacks on the federal government, suggesting China was the biggest offender — the government’s new alert left no doubt the assessment had changed.“This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” the alert said.“It is likely that the adversary has additional initial access vectors and tactics, techniques and procedures,” which, it said, “have not yet been discovered.”Investigators say it could take months to unravel the extent to which American networks and the technology supply chain are compromised.

In an interview on Thursday, Mr. Smith, of Microsoft, said the supply-chain element made the attack perhaps the gravest cyberattack against the United States in years.“Governments have long spied on each other but there is a growing and critical recognition that there needs to be a clear set of rules that put certain techniques off limits,” Mr. Smith said. “One of the things that needs to be off limits is a broad supply chain attack that creates a vulnerability for the world that other forms of traditional espionage do not.”Reuters reported Thursday that Microsoft was itself compromised in the attack, a claim that Mr. Smith emphatically denied Thursday. “We have no indication of that,” he said.Officials say that with only one month left in its tenure, the Trump administration is planning to simply hand off what appears to be the biggest cybersecurity breach of federal networks in more than two decades.Mr. Biden’s statement said he had instructed his transition team to learn as much as possible about “what appears to be a massive cybersecurity breach affecting potentially thousands of victims.”“I want to be clear: My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Mr. Biden said, adding that he plans to impose “substantial costs on those responsible.”The Cybersecurity and Infrastructure Security Agency’s warning came days after Microsoft took emergency action along with FireEye to halt the communication between the SolarWinds network management software and a command-and-control center that the Russians were using to send instructions to their malware using a so-called kill switch.

That shut off further penetration. But it is of no help to organizations that have already been penetrated by an attacker who has been planting back doors in their systems since March. And the key line in the warning said that the SolarWinds “supply chain compromise is not the only initial infection vector” that was used to get into federal systems. That suggests other software, also used by the government, has been infected and used for access by foreign spies.Across federal agencies, the private sector and the utility companies that oversee the power grid, forensic investigators were still trying to unravel the extent of the compromise. But security teams say the relief some felt that they did not use the compromised systems turned to panic on Thursday, as they learned other third-party applications may have been compromised.Inside federal agencies and the private sector, investigators say they have been stymied by classifications and siloed approach to information sharing.“We have forgotten the lessons of 9/11,” Mr. Smith said. “It has not been a great week for information sharing and it turns companies like Microsoft into a sheep dog trying to get these federal agencies to come together into a single place and share what they know.”

Source: https://www.nytimes.com/2020/12/17/us/politics/russia-cyber-hack-trump.html?auth=login-email&login=email

Edward Snowden Hails Launch of Signal’s Encrypted Group Calls

Encrypted messaging app Signal has added group video calls, and the famed NSA whistleblower says it’s a long time coming.

  • Signal has added encrypted group video calls to its iOS and Android messaging app.
  • NSA whistleblower Edward Snowden, an avowed Signal user, tweeted about the news.
  • Up to five people can now take part in an end-to-end encrypted video call.

Famed National Security Agency (NSA) whistleblower Edward Snowden knows a thing or two about the need for safe, secure communication, given his flight from the United States in 2013 following extensive leaks of classified information and his ongoing asylum in Russia.

Unsurprisingly, he’s a big fan of encrypted messaging app Signal, and the app’s website quotes him (“I use Signal everyday”) above all other testimonials. Today, Signal rolled out the ability to hold group encrypted video calls, and Snowden has already weighed in on the new addition: “I have been waiting for this for a very long time,” he tweeted.

Luckily, you don’t have to be a notorious fugitive to use Signal’s group encrypted video call feature, which lets up to five people join in for a shared chat. Group calls are encrypted end-to-end, “like everything else on Signal,” notes a blog post, and you can opt between viewing a grid of the up to four other participants or have the app focus on whoever is speaking at any given time.The feature is available now on both iOS and Android, and only in “new style Signal groups.”

Older groups on the app will automatically be updated to the new format in the coming weeks. According to the post, Signal is working to expand the number of participants beyond five, but there’s no ETA on when that might happen.

The addition of group video calls comes amidst the ongoing COVID-19 pandemic, during which video chat services such as Zoom have become immensely popular. With many people working from home these days, schools doing remote e-learning, and gatherings of all sorts canceled, the ability to now hold those group video calls via Signal may provide some with additional peace of mind given the end-to-end encryption.“2020 has seen its fair number of challenges and changes,” reads the post. “We’ve all adapted to new ways of staying in touch, getting work done, celebrating birthdays and weddings, and even exercising. As more and more of our critical and personal moments move online, we want to continue to provide you with new ways to share and connect privately.”

Demand for Signal has also surged this year due to protests, such as those following the murder of George Floyd by Minneapolis police. Downloads of the app soared in the United States in late May, and in early June, the app added the ability to censor faces in shared photos to avoid potential police surveillance.

Source: https://decrypt.co/51563/edward-snowden-signal-encrypted-group-calls

A Brief History of Grunge: The Seattle Sound

Kurt Cobain of Nirvana in 1993
Kurt Cobain of Nirvana in 1993 | Photo By Stephen Sweet/REX/Shutterstock

The word grunge, which means grime or dirt, came to describe a music genre, fashion style and lifestyle exclusively attached to the Pacific Northwest and, specifically, Seattle. With the effects of this movement still relevant some 30 years later, it’s worth exploring how it all began – and how grunge entered the mainstream.

It all started with the Melvins. Formed in 1983 in Washington State, the band were part of a generation of musicians influenced by the likes of KISS, Black Sabbath, Led Zeppelin and AC/DC. Taking inspiration from the bands they loved, the Melvins were one of the first rock groups to mix elements of metal and punk in their sound.The city of Seattle at that time was just shedding its hippie image but still holding on to the hippie values of counterculture and nonconformity. In 1984, Seattle-based bands Green River and Soundgarden formed, followed by the Screaming Trees in 1985. The following year brought the founding of Sub Pop Records and saw Seattle-based record label C/Z Records’ first release, Deep Six. This compilation, credited as the first distribution of grunge, included the Melvins, Green River, Soundgarden, Malfunkshun, Skin Yard and The U-Men. Metal band Alice in Chains joined this faction of Seattle bands when they formed in 1987.

Editorial use only. Consent for book publication must be agreed with Rex by Shutterstock before use. Mandatory Credit: Photo by Andre Csillag/REX/Shutterstock (499068go) THE SCREAMING TREES PERFORMING ON THE ‚LATER WITH JOOLS‘ SHOW, BBC TV, LONDON, BRITAIN – NOV 1996 VARIOUS | Photo by Andre Csillag/REX/Shutterstock
Mandatory Credit: Photo by Malluk/Mediapunch/REX/Shutterstock (8627708a) Alice in Chains with Layne Staley Special Fees May 1991 Chains_em8 | Photo by Malluk/Mediapunch/REX/Shutterstock

Between 1988 and 1990, the tight-knit group of Seattle bands went through many transformations. Green River split into two groups: the members who wanted to stay “underground” formed Mudhoney, while those who wanted to become famous rock stars formed Mother Love Bone (picking up the lead singer from Malfunkshun, Andrew Wood). Representing another shift in those values of nonconformity, Soundgarden signed in 1988 with a mainstream label, A&M Records, to the dismay of many of their fans.

Mandatory Credit: Photo by Mediapunch/REX/Shutterstock (8824657d) Soundgarden – Chris Cornell Soundgarden In Concert at Hollywood Live, Los Angeles, USA – 23 Sep 1989 | Photo by Mediapunch/REX/Shutterstock

At the start of the new decade, Mother Love Bone was set to become the rock stars they intended to be when Wood unexpectedly died of a heroin overdose. Wood’s roommate, Chris Cornell of Soundgarden, wrote a tribute to his late friend. A few songs played with the surviving Mother Love Bone members turned into an entire album, Temple of the Dog. When Cornell decided that one of the songs would be better as a duet, he invited a backup vocalist, Eddie Vedder, to join him for the singing of ‘Hunger Strike.’ The same year, Vedder joined the remaining Mother Love Bone members in creating a new band, first named Mookie Blaylock and eventually renamed Pearl Jam.

In 1990, Nirvana consisted only of singer-guitarist Kurt Cobain and bassist Krist Novoselic, and were yet to find a full-time drummer. They were eventually introduced to Dave Grohl through their friends the Melvins, becoming another staple grunge band of the ’90s made possible through collaboration.

Mandatory Credit: Photo by Stephen Sweet/REX/Shutterstock (261411g) Nirvana – Dave Grohl, Kurt Cobain and Chris Novoselic Nirvana – 1993 | Photo by Stephen Sweet/REX/Shutterstock

The bands became regulars at music venues across the city, performing at locations still open today such as The Crocodile and The Showbox. Before any of the bands really left Seattle, they described themselves in self-deprecating ways, referring to themselves and their music style as dirt, scum and – you guessed it – grunge. In 1991, when Nirvana reached number one on Billboard’s Alternative Songs chart, with Pearl Jam following closely behind, “grunge” turned from a joke into an actual descriptor of the rock music subgenre characterized by guitar distortion, feedback and heartfelt, anguished lyrics. That same year, Mudhoney and the Screaming Trees achieved indie success. Soundgarden didn’t catch up with the commercial success of Nirvana and Pearl Jam until 1994.

Mandatory Credit: Photo by Andre Csillag/REX/Shutterstock (497745ka) Pearl Jam – Eddie Vedder performing at Brixton Academy, London, Britain – Jul 1993 Various | Photo by Andre Csillag/REX/Shutterstock

As these bands developed a need for marketing, “grunge” changed from descriptor to ultimate promoter, especially in fashion. That industry, from Macy’s to Marc Jacobs, started creating items that mimicked the style of these bands and their Seattle audiences, namely flannel shirts, combat boots and wool ski hats, often worn with unwashed hair.

Mandatory Credit: Photo by Bei/REX/Shutterstock (5137575b) Eddie Vedder Singles Premiere 09/10/92 – Los Angeles, CA. Eddie Vedder (cast) of Pearl Jam wearing helmet Warner Bros.‘ premiere of ‚Singles‘ in Los Angeles, CA. Photo®Berliner Studio/BEImages.net September 10, 1992 | Photo by Bei/REX/Shutterstock

While the muses for these fashion statements may have started out too poor and cold to buy anything else, and didn’t care to look after or style their hair, the popularity of grunge inspired the style of the rich. The combat boots that were practical for traction in Seattle’s rain began hitting the catwalks. For the first time, instead of going from boutiques to last season’s department to Goodwill, clothes purchased from Goodwill were inspiring what got brought into the shops. Punks were anti-fashion: their outfits made a statement against it. Grunge rockers were fashion-indifferent: they made no statement at all. And yet grunge became a fashion statement in and of itself.

Mandatory Credit: Photo by Photofusion/REX/Shutterstock (2253864a) Teenage boys wearing grunge gear, UK Youth | Photofusion/REX/Shutterstock

As the concept of grunge was increasingly used in the mainstream, it became increasingly rejected in anti-conformist Seattle. Grunge became a blanket term for Northwest bands of the ’80s and ’90s, even if they had completely different styles and sounds.Today, though, the term has been reclaimed. Seattleites still hold the same values that began the grunge movement and have learned to embrace the subgenre that, in a lot of ways, put their city on the map.

Source: https://theculturetrip.com/north-america/usa/washington/articles/a-brief-history-of-grunge-the-seattle-sound/

The Batteries of the Future Are Weightless and Invisible

There’s a renaissance underway in structural battery research, which aims to build energy storage into the very devices and vehicles they power.

A car flies over the ocean with clouds instead of a frame.

ELON MUSK MADE a lot of promises during Tesla’s Battery Day last September. Soon, he said, the company would have a car that runs on batteries with pure silicon anodes to boost their performance and reduced cobalt in the cathodes to lower their price. Its battery pack will be integrated into the chassis so that it provides mechanical support in addition to energy, a design that Musk claimed will reduce the car’s weight by 10 percent and improve its mileage by even more. He hailed Tesla’s structural battery as a “revolution” in engineering—but for some battery researchers, Musk’s future looked a lot like the past.

“He’s essentially doing something that we did 10 years ago,” says Emile Greenhalgh, a materials scientist at Imperial College London and the engineering chair in emerging technologies at the Royal Academy. He’s one of the world’s leading experts on structural batteries, an approach to energy storage that erases the boundary between the battery and the object it powers. “What we’re doing is going beyond what Elon Musk has been talking about,” Greenhalgh says. “There are no embedded batteries. The material itself is the energy storage device.”

Today, batteries account for a substantial portion of the size and weight of most electronics. A smartphone is mostly a lithium-ion cell with some processors stuffed around it. Drones are limited in size by the batteries they can carry. And about a third of the weight of an electric vehicle is its battery pack. One way to address this issue is by building conventional batteries into the structure of the car itself, as Tesla plans to do. Rather than using the floor of the car to support the battery pack, the battery pack becomes the floor.

But for Greenhalgh and his collaborators, the more promising approach is to scrap the battery pack and use the vehicle’s body for energy storage instead. Unlike a conventional battery pack embedded in the chassis, these structural batteries are invisible. The electrical storage happens in the thin layers of composite materials that make up the car’s frame. In a sense, they’re weightless because the car is the battery. “It’s making the material do two things simultaneously,” says Greenhalgh. This new way of thinking about EV design can provide huge performance gains and improve safety because there won’t be thousands of energy-dense, flammable cells packed into the car.

A lithium-ion battery inside a phone or EV battery pack has four main components: the cathode, anode, electrolyte, and the separator. When a battery is discharged, lithium-ions flow through the electrolyte from the negative anode to the positive cathode, which are partitioned by a permeable separator to prevent a short circuit. In a conventional battery, these elements are either stacked like a wedding cake or wound around each other like a jelly roll to pack as much energy as possible into a small volume. But in a structural battery, they have to be reconfigured so the cell can be molded into irregular shapes and withstand physical stress. A structural battery doesn’t look like a cube or a cylinder; it looks like an airplane wing, car body, or phone case.

The first structural batteries developed by the US military in the mid-2000s used carbon fiber for the cell’s electrodes. Carbon fiber is a lightweight, ultrastrong material that is frequently used to form the bodies of aircraft and high-performance cars. It’s also great at storing lithium ions, which makes it a good substitute for other carbon-based materials like graphite that are used as anodes in typical Li-ion batteries. But in a structural battery, carbon fiber infused with reactive materials like iron phosphate is also used for the cathode because it needs to provide support. A thin sheet of woven glass separates the two electrodes, and these layers are suspended in an electrolyte like fruit in an electrochemical jello. The entire ensemble is only a few millionths of a meter thick and can be cut into any desired shape.

Leif Asp, a materials scientist at the Chalmers University of Technology in Sweden, has been at the forefront of structural battery research for the past decade. In 2010, Asp, Greenhalgh, and a team of European scientists collaborated on Storage, a project that aimed to build structural batteries and integrate them into a prototype hybrid Volvo. “At that time, I didn’t think it would have much impact on society, but as we moved along it struck me that this could be a very useful idea,” says Asp, who characterizes the conventional battery as a “structural parasite.” He says the main benefit of structural batteries is that they reduce the amount of energy an EV needs to drive the same distance—or it can increase its range. “We need to focus on energy efficiency,” says Asp. In a world where most electricity is still produced with fossil fuels, every electron counts in the fight against climate change.

During the three-year project, the Storage team successfully integrated commercial lithium-ion batteries into a plenum cover, a passive component that regulates air intake into the engine. It wasn’t the car’s main battery, but a smaller secondary pack that supplied electricity to the air-conditioning, stereo, and lights when the engine temporarily turned off at a stop light. This was the first proof of concept for a structural battery that was integrated into the body of a working car and was essentially a small-scale version of what Tesla is trying to achieve.

But sandwiching a bunch of conventional Li-ion cells into the body of a car isn’t as efficient as making the car’s body serve as its own battery. During the Storage collaboration, Asp and Greenhalgh also developed a structural supercapacitor that was used as a trunk lid. A supercapacitor is similar to a battery but stores energy as electrostatic charge, rather than a chemical reaction. The one made for the Volvo trunk consisted of two layers of carbon fiber infused with iron oxide and magnesium oxide, separated by an insulating layer. The whole stack was wrapped in laminate and molded into the shape of the trunk.

Supercapacitors don’t hold nearly as much energy as a battery, but they’re great at rapidly delivering small amounts of electric charge. Greenhalgh says that they’re also easier to work with and were a necessary stepping stone toward accomplishing the same thing with a battery. The Volvo was a proof of concept that structural energy storage was viable in an EV, and the success of the Storage project generated a lot of hype about structural batteries. But despite that enthusiasm, it took a few years to procure more funding from the European Commission to push the technology to the next level. “This is a very challenging technology and something that’s not going to be solved with a few million pounds thrown at it,” says Greenhalgh of the financing difficulties. “We got a lot more funding, and now it’s really starting to snowball.”

This summer, Asp, Greenhalgh, and a team of European researchers wrapped up a three-year research project called Sorcerer that had the goal of developing structural lithium-ion batteries for use in commercial aircraft. Aviation is arguably the killer app for structural energy storage. Commercial aircraft produce a lot of emissions, but electrifying passenger jets is a major challenge because they require so much energy. Jet fuel is terrible for the environment, but it’s about 30 times more energy-dense than state-of-the-art commercial lithium-ion cells. In a typical 150-passenger aircraft, that means you’d need about 1 ton of batteries per person. If you tried to electrify this jet with existing cells, the plane would never get off the ground.

Established aerospace companies like Airbus and startups like Zunum have been working on electrifying passenger aircraft for years. But even if they’re successful, packing a plane full of conventional cells has some major safety risks. A short circuit in a large battery pack could cause a disastrous fire or explosion. “The aerospace sector is very conservative, and they’re nervous about packing aircraft with these really high-powered batteries,” says Greenhalgh. Emerging battery chemistries, including solid electrolytes, could lower the risk, but meeting the massive energy requirements of a passenger jet is still a major challenge that could be solved with structural batteries.

As part of the Sorcerer project, Asp and his colleagues created structural batteries made from thin layers of carbon fiber that could conceivably be used to build parts of an airplane’s cabin or wings. The experimental batteries the Sorcerer team developed have significantly improved mechanical properties and energy densities compared to the batteries they produced during the Storage initiative a decade earlier. “Now we can make materials that have at least 20 to 30 percent of both energy storage capacity and the mechanical capacity of the systems we want to replace,” says Asp. “It’s a huge progression.”

But technical challenges are only half the battle when it comes to getting structural batteries out of the lab and into the real world. Both the automotive and aviation industries are heavily regulated, and manufacturers often run on thin margins. That means introducing new materials into cars and planes requires demonstrating their safety to regulators and their superior performance to manufacturers.

As a structural battery is charged and discharged, lithium ions are shuttling in and out of the carbon-fiber cathodes, which changes their shape and mechanical properties. It’s important for manufacturers and regulators to be able to predict precisely how these structural batteries will react when they’re being used and how that affects the performance of the vehicles they power. To that end, Greenhalgh and Asp are building mathematical models that will show exactly how the structure of vehicles built from these batteries changes during use. Asp says it will probably be more than a decade before structural batteries are deployed in vehicles because of their significant power demands and regulatory challenges. Before that happens, he predicts, they will become commonplace in consumer electronics.

Jie Xiao, the chief scientist and manager of the Batteries & Materials System group at Pacific Northwest National Laboratory, agrees. She thinks a particularly promising and often overlooked area of application is in microelectronics. These are devices that could comfortably fit on your fingertip and are particularly useful for medical implants. But first, there needs to be a way to power them.

“Structural batteries are extremely helpful for microelectronics, because the volume is very restricted,” says Xiao. While it is possible to scale down conventional batteries to the size of a grain of rice, these cells still take up valuable space in microelectronics. But structural batteries don’t take up more space than the device itself. At PNNL, Xiao and her colleagues have studied some of the fundamental issues with the design of microbatteries, like how to maintain alignment between electrodes when a structural battery is bent or twisted. “From a design point of view, it’s very important that your positive and negative electrodes face each other,” says Xiao. “So even if we can take advantage of void spaces, if those electrodes are unaligned they are not participating in the chemical reaction. So this limits the designs of irregular-shaped structural batteries.”

Xiao and her team have worked on several niche scientific applications for micro structural batteries, like injectable tracking tags for salmon and bats. But she says it’s still going to be a while before they find mainstream application with emerging technologies like electronic skin for prosthetics. In the meantime, however, structural batteries could be a boon for energy-hungry robots. In a laboratory on the Ann Arbor campus at the University of Michigan, chemist and chemical engineer Nicholas Kotov oversees a menagerie of small biomimetic robots he developed with his graduate students. “Organisms distribute energy storage throughout the body so that they serve double or triple functions,” says Kotov. “Fat is a great example. It has lots of energy storage. The question is: How do we replicate it?”

The team’s goal is to create machines that mimic animals, and so they require a power source that can integrate with their robotic skeletons, much like fat and muscle hem to ours. Some of their latest creations include robotic scorpions, spiders, ants and caterpillars that skitter around the floor. All of them are powered by a unique structural battery integrated with their moving parts. The battery sits on the back of the robot like a silver shell, and it both energizes and protects the robot’s mechanical guts. It’s taking a cue from nature to improve the unnatural.

Unlike the carbon-fiber and lithium-ion sheets being developed by Asp and Greenhalgh, Kotov and his students created a zinc-air structural battery for their automatons. This cell chemistry is able to store much more energy than conventional Li-ion cells. It consists of a zinc anode, a carbon cloth cathode, and a semi-rigid electrolyte made from polymer-based nanofibers that is nanoengineered to mimic cartilage. The energy carriers in this type of battery are hydroxide ions that are produced when oxygen from the air interacts with the zinc.

While structural batteries for vehicles are highly rigid, the cell developed by Kotov’s team is meant to be pliable to cope with the movements of the robots. They’re also incredibly energy-dense. As Kotov and his team detailed in a paper published earlier this year, their structural batteries have 72 times the energy capacity of a conventional lithium-ion cell of the same volume. For now, their batteries are being used to power robotic toys and small drones as a proof of concept. But Kotov says he expects they’ll be used in midsize robots as well as larger hobby drones in the not-so-distant future. “Drones and medium-size robots need to have new solutions for energy storage,” Kotov says. “I can guarantee you that structural batteries will be a part of that.”

The battery has always been an addendum, a limiting factor, and a parasite. Today it’s vanishing before our eyes, melting into the fabric of our electrified world. In the future, everything will be a battery, and stand-alone energy storage will seem as quaint as landline telephones and portable CD players. It’s a disappearing act worthy of a great magician: Now you see it—and soon you won’t.

https://www.wired.com/story/the-batteries-of-the-future-are-weightless-and-invisible/

Apple Delays Ad Anti-Tracking Features Planned for iOS 14

Source: https://www.macrumors.com/2020/09/03/apple-delay-ad-anti-tracking-ios-14/

Apple told some developers that it will delay the enforcement of an anti-tracking feature that’s being implemented in iOS 14, reports The Information.


In ‌iOS 14‌, Apple is requiring apps to seek customer consent before the IDFA (Identifier for Advertisers) can be used to track user behavior and preference across apps and websites for ad targeting purposes.

Major app developers and ad networks like Facebook have spoken out against the feature, with Facebook warning advertisers on its platform that the new feature could cause a more than 50 percent drop in Audience Network publisher revenue due to the loss of personalization from ads within apps.

Facebook and other advertisers expect that customers will not want to share their IDFA’s for ad targeting purposes and will therefore decline consent for the ad blocking popups that Apple has implemented in ‌iOS 14‌.

Mobile developers that spoke to The Information said that they’ve had little time to prepare for Apple’s change, which was announced in June alongside ‌iOS 14‌. Apple has also not provided a way for them to target ads without using the IDFA.

If Apple does end up delaying the anti-tracking features in ‌iOS 14‌, customers who upgrade to ‌iOS 14‌ will not see the prompts to decline sharing their device IDFA with third-party apps.

According to The Information, if Apple does decide to delay, the anti-tracking features could be held until next year.

Eric Seufert, an ads industry analyst, said it „simply wasn’t possible for developers to adapt their advertising infrastructure“ to Apple’s proposed IDFA change in time for the public release of ‌iOS 14‌, which Apple usually makes available in September. He called delaying enforcement of the new IDFA prompt „the right thing for Apple to do, even if those privacy restrictions are well intentioned and ultimately best for consumers.“

Apple’s App Store team has apparently been asking gaming firms for details on how the change might impact their businesses, as these kinds of targeted ads are important to free-to-play games, and their responses may determine Apple’s plan to implement or delay the feature.

Update 10:02 a.m.: In a statement to TechCrunch, Apple confirms that it is pushing back the change to „early next year.“

We believe technology should protect users’ fundamental right to privacy, and that means giving users tools to understand which apps and websites may be sharing their data with other companies for advertising or advertising measurement purposes, as well as the tools to revoke permission for this tracking. When enabled, a system prompt will give users the ability to allow or reject that tracking on an app-by-app basis. We want to give developers the time they need to make the necessary changes, and as a result, the requirement to use this tracking permission will go into effect early next year.

 

What iOS 14’s Hidden ‘Approximate Location’ Feature Is (and Why It’s Important)

Source: https://www.idropnews.com/news/what-ios-14s-hidden-approximate-location-feature-is-and-why-its-important/141938/

iOS 14 Approximate LocationCredit: JL IMAGES / Shutterstock

As iOS 14 betas continue to roll out and the software’s full release grows near, more people are noticing just how revolutionary some of its privacy and security features appear to be.

There’s some exciting stuff there, but one of the most interesting – and, until recently, overlooked – features is called “Approximate Location.”

It means enormous changes for location-based services on iOS, and could affect many third-party apps in ways that aren’t entirely clear yet. Here are the significant points all iPhone users should know.

Approximate Location Will Hide Your Exact Location

Based on the details that Apple has given, Approximate Location is a new tool that can be enabled in iOS. Instead of switching off location-based data, this feature will make it…fuzzy. Apple reports that it will limit the location data sent to apps to a general 10-mile region.

You could be anywhere in that 10 miles, doing anything, but apps will only be able to tell that your device is in that specific region. This is going to change several important things about apps that want to know your location, but is a big boon for privacy while still enabling various app services.

Limited Data About Movement Will Be Shared

Not all the details are certain yet, but we do know that apps will be able to track when a device moves from one region to another. Apps will probably be able to extrapolate on that data and know that you were somewhere along a particular border between one region and another.

However, companies still won’t be able to tell what exactly you were doing near the border, or how long you stayed near the border before crossing over. If you cross over the same borders a lot, then apps will probably be able to make some basic guesses, like you’re commuting to work, dropping kids off at school, or visiting a preferred shopping center, but that’s basically all they will be able to tell.

Some Apps Won’t Have a Problem with This

For many third-party app services, these new 10-mile Approximate Location Regions won’t pose much of a problem. Apps that are recommending nearby restaurants you might like, parks you can visit, available hotels, and similar suggestions don’t need to know your exact location to be accurate – the 10-mile zone should work fine. The same is true of weather apps, and a variety of other services.

But not all third-party apps are interested in location data just to offer services. They also want to use it for their own ends…and that’s where things get more complicated.

Location-Based Advertising Is up for a Challenge

A whole crowd of third-party apps want to track your exact location, not for services, but to collect important data about their users. Even common apps like Netflix tend to do this! They are tracking behavior and building user profiles that they can use for advertising purposes, or provide to advertisers interested in building these profiles themselves.

Apple has already changed other types of tracking to require permission from app users. But turning on Approximate Location is another hurdle that blocks apps from knowing exactly what users are doing. Not only does this make it more difficult to build behavioral profiles, but it also makes it hard or impossible to attribute a user visit to any specific online campaign.

There are solutions to this, but it will be a change of pace for advertisers. Apps can use Wi-Fi pings, check-in features, and purchase tracking to still get an idea of what people are doing, and where. That’ll require a lot more user involvement than before, which puts privacy in the hands of the customer.

It’s Not Clear How This Will Affect Apps That Depend on Location Tracking

Then there’s the class of apps that needs to know precise locations of users to work properly.

For example, what happens when an app wants to provide precise directions to an address after you have chosen it? Or – perhaps most likely – will alerts pop up when you try to use these services, requiring you to shut off Approximate Location to continue? We’ve already seen how this works with Apple Maps, which asks you to allow one “precise location” to help with navigation, or turn it on for the app entirely.

Then there’s the problem with ridesharing and food delivery apps. They can’t offer some their core services with Approximate Location turned on, so we can expect warnings or lockouts from these apps as well.

But even with this micromanaging, more privacy features are probably worth it.