True, but pushing passkeys as the primary auth method reduces the risk to a great extent. It's a huge difference. As long as the user keeps using a relatively stable set of devices, they will 'approximately never' be exposed to MITM.
Also, when logging in from a new device, many accounts which use password-based auth today send a confirmation email and ask users to either enter the emailed code or click on the link. This is part of their existing security protocol. So we are not introducing a new unique thing here.
> As long as the user keeps using a relatively stable set of devices, they will 'approximately never' be exposed to MITM.
As long as the user keeps a relatively stable set of devices and knows to be suspicious if they get asked for an OTP on a device that they know has a passkey. If they don't know to be suspicious (which let's be real, most people won't), they'll happily follow the instructions and fork over the OTP to a phisher who can use it to complete the authentication somewhere on their end.
Magic links without an OTP fallback are more secure as the initial setup process because they can't be phished unless someone's actually MITM'ing their HTTPS traffic (at which point nothing can save you anyway). A phisher can get someone to send themselves a magic link, but it's much harder to get them to provide the link to them.
> Magic links without an OTP fallback are more secure as the initial setup process because they can't be phished...but it's much harder to get them to provide the link to them.
It's not that much harder. 'Due to security reasons, please copy and paste the entire link that we just sent you into the following input box. If you don't, your account will be compromised!'
That's way harder than just asking someone to do the exact thing that they've already done over and over on your legit site. Sure, some will still fall for it, but the bite rate will go way down.
Phishing attempts by definition create artificially urgent abnormal situations whose job it is to convince the intended victim that they're legitimate. A difference in degrees like this strikes me as not really something to haggle about. Users who fell prey to the attack aren't going to be reassured on hearing how much more unlikely it was.
Only in response to some classes of requests. They didn’t go into detail about when but they said that the local Siri LLM would evaluate the request and decide if it could be services locally, in their private cloud AI, or would need to use OpenAI. Then it would pop up a requesting asking if you want to send the request to OpenAI. It doesn’t look like that would a particularly common occurrence. Seems like it would be needed for “answerbot” type of requests where live web data is being requested.
American actually has the largest freight rail network in the world. In theory electric trucks would pair great with our freight rail network though. Still need to get from rail to stores and homes
Isn't a lot of long-haul transport still done via truck? Like you noted, last-mile won't go away, but maybe there is still room for improvement with rail.
I don't care how much I'm taxed if it means the US will use it for decent transportation that isn't car-based.
Yes we do, but it's not nearly enough to cover every major town and county. Stupid flaws in the system like the Selkirk hurdle should be systemically removed.
You could compare a 5 node ceph cluster for instance. That’s 5 servers and 3 nvme drives minimum just to store your first byte. Then you have to deal with support, etc. pricing probably comes out about the same in the end.
Although it’s the least used app for many of us, with iOS 17, the Phone app will be upgraded with a feature Apple is calling “Personalized Contact Posters” so instead of just your name and number showing up on the iPhone of someone you’re calling, they’ll see a customized image (or memoji) and **text of your choosing which could help persuade them into answering your call***. Apple also promises the Contact Posters will “also be available for third-party calling apps.”
Wait, so this is for strangers too? That seems rather ill-advised. I suppose it's a way to make people buy iPhones so they don't get ignored by other iPhone users because of the missing picture?
Now the scam callers will not only be able to spoof the FBI's phone number, but show a badge and a threatening full screen message too!
Somehow iMessage scams have been getting popular lately. Every once in a while I get a few phishing messages a day through iMessages. Then after a week it stops (they got caught, exploit closed, I don’t know).
More worrying that they could grab a photo off FB and spoof a family member. Lots of people would ignore the number if the face and name were familiar. How many people actually memorize phone numbers any more?
I suppose they can, but it wouldn't be a very convincing scam without a good voice replicator. Grabbing pictures is easy but isolating and replicating voices is still quite difficult, especially with the heavy accent many scammers seem to have.
The time of video call scams will come, but I don't think we're there just yet outside very targeted attacks on people in power or with huge amounts of wealth at their disposal.
The keynote says you will set your own design which other people will see you when you call them. So it’s not based on the contact photo you have saved in your phone for someone, it’s based on the information they set to be shared with you. It was not explicitly mentioned whether or not this will apply to everyone or only people you have already had contact with. I can imagine it being like airdrop where it only shows you all of that if you’re in each other’s contact list rather than just for every single inbound phone call from some random person. The video demonstration also showed there were some settings that could be tweaked, so possibly you might be able to set an override for someone in your own contact list and display what you want rather than what they provide. But none of that was clarified in the video. So unless this gizmodo article has access to more details, they’re probably just describing their interpretation of it, and I will take those details with a grain of salt, until we have a developer beta for more detailed documentation to clarify.
While I don't purport to know how it works, there's no indication this is any more automatic than the ALREADY EXISTING shared contact photos in Messages.
Yeah I was thinking this, too. Apple doesn’t do social networking in the modern sense, but they do have a connected and committed network. They could build some kind of publishing/feed app that leverages your contacts, group threads etc.
Actually, “group threads have a feed view / content publishing tools” is simple enough to work. Hm.
I would love to see this. There seems to be a really interesting opportunity for Apple to provide a privacy-respecting replacement for social media as we know it today. Somewhere between group texts/shared albums and private Instagram, with everything being end-to-end encrypted and meant to be shared in small groups.
