Roughly 4 days of app tracking with Duck duck go’s app tracking

4 days of app tracking with Duck duck go's app tracking system

Following the post a couple of days ago about Duck Duck Go’s app tracking system.

I had planned to make an update to the original post but after reading a few other pieces about it, thought it deserves another post.

So here is 4 days of data, and there are some really questionable tracking in there. For example I didn’t open my ereader prestigio app over the last 4 days but there was a tracking call to Google. Oura and Beeper are sending a lot of tracking calls. Wasn’t pleased with the calls to Facebook from Orfi and surprised OKCupid and POF apps were not tracking more.

I am thinking about maybe installing another app which does similar but unsure if I trust them as much duck duck go right now. Oh and I got my invite for Duck Duck Go’s mail tracking today too.

Fixing the pebble smartwatch with the new 3D buttons (Kinda)

Fixed pebble2 smartwatch

Over the last few weeks I have switched from the Pebble Time watch which a friend gave me. To the slightly fixed button Pebble 2 watch. I finally tried decided to just go with superglue in strategic positions.

The buttons are 3D printed to fit without glue but they didn’t quite pop like described in the video which came with the buttons. I obviously didn’t watch enough as I assumed I would need to open the pebble watch to fit the buttons (no idea why I did this). The upside of this being not breaking the watch and understanding how to maybe replace the battery too.

So far its good although the pressure of pressing the buttons did crack the plastic and I had to re-glue it again in even tighter positions. But its generally staying put now. I’ll likely do similar for the other pebble which  has broken buttons.

Its a good fix as the watch battery is much longer lasting than the Pebble time, even with the HR sensor and other features turned on. Maybe a charge every 4-5 days currently.

I would certainly recommend the 3D printed buttons for those looking to extend the life of the pebble.

 

Trying out duck duck go’s app tracking protection

Duck duck go's app tracking protection on Android

I was in the queue to get access to the Duck Duck Go’s app tracking protection and yesterday caught a invite on my old Pixel 4 phone.

Its only been one day but you can see above there has been 1650 tracking attempts. Many from Beeper app, which is my instant messaging app of choice. I can forgive them as beeper is under heavy development and segment & functional seems to be a customer/feedback data platforms.
This is similar to Oura and I can see why Google would be tracking as I do connect it to Google Fit anyway.

On the annoying side, Orfi is a app which my volleyball teams have switched to from using facebook events. The Facebook and Google trackers is worry some but its only when the app is open, which isn’t most of the time. Likewise the Philips Hue app tracking is annoying, as I do have that open a lot for controlling my lights. Plume is a tricky one but I will look through the settings to see if there is something which could be turned off.

Frankly its all really interesting to see and funny enough, the battery life of my Pixel 6 has completely changed. Usually its at about 75% after a day but today its at 85%. Not much different but the apps using the most battery power has completely changed.

Of course this is all after one day, so I expect I’ll see what happens over time and likely write a follow up.

Duck Duck Go are on fire and we need to see more of this…

 

Pixel6 magic eraser, pushed to the limit

I posted a quick picture on Mastdon of my Google Pixel 4 using my new Google Pixel 6 magic eraser feature.

Pixel 6 image

Here is the original shot, no edit no filters in my living room as I setup my Pixel 6.

This is the same picture just quickly wiping my finger over the Chromebook at the top right of the picture.

I guess I could have tried the other objects but I thought the reflection in my Pixel 4 would have looked very strange. The nice thing is I can go back and make that change at any time. So here is the that picture

Pixel 6 magic

If you hadn’t seen the other pictures, you might think the reflection is from objects much further away but knowing the fact it looks a bit strange.

magic erase looking strange

Finally magic erase can only go so far and you won’t get away with this picture at all.

Regardless of everything, its super fast and took longer for me to resize the photos (I reduced them down by 5x) on my laptop than use the tool. Computational photography has certainly stepped up a gear since my Pixel 2 days. I look forward to removing all those people who photo bomb my photos.

Fixing the pebble buttons by leaning on the community

My Pebble with Sugru

I am still holding on to my pebble 2 smartwatches, although I have said in my new years resolutions. I was going to find an alternative to the pebble watch.

I still haven’t found anything. I had hoped the new Android Wear 3.0 and the Fitbit buy might have done something positive in this space. However its not happening.

There was a study I took part in recently from Dr. Susan Lechelt of Edinburgh University about IOT & connected devices after they become non-supported, unusable, broken, etc. Of course I won’t go into details but through-out the study it made me revisit my ongoing task to fix the pebble smartwatch.

Broken pebble 2 smart watches

The pebble community is incredible, you only have to look at rebble to see how amazing. iFix it came up with guides to fix most of the most common problems including my pebble 2 button failures. So with this, I finally decided to skip the 3D print your own buttons which I had planned once I get back into work and bought them at Shapeways.

Pebble 2 and new buttons

After ordering 2 buttons and identifying two of my pebble 2 watches really just need new buttons, I’m ready to go this weekend – or maybe one of these weekends in summer.

Looking forward to extending the life of the pebble smartwatch like how I have extended the life of my Pacemaker device way beyond its limitations.

Why is Slack storing passwords in plain text on Android devices?

https://mas.to/@cubicgarden/105712244073779967

I posted about Slack’s bug on mastodon. I knew this was going to be a pain the ass changing all those passwords, even with them all sitting in my password manager and most using 2fa.

However some of the users of Mastodon asked the question, why does the Slack app store the passwords on the device at all?

I thought about this and they are right. The app connects to a remote server and should request the user login. Once logged in, it should provide some kind of secure key/cookie/hash on the device not the actual password. On top of this, it certainly shouldn’t be in the form of plaintext.

Mistake, bug or not, this should not happen.

Schedule messages on Android

This slideshow requires JavaScript.

Happy to see Google messages getting schedule messages at long last. Its been a long time in coming after Gmail’s schedule send last year.I have been using the beta and enjoying sending messages at 1am for a quite some time now.

Be great if Signal also added scheduling, although I did buy tasker to solve the scheduling of text and signal but haven’t sat down and played with it yet.

I knew the day was coming for my Pixel2

https://mas.to/@cubicgarden/105356319833794257

Google Pixel’s come with 3 years of supported updates, I knew this but it was a shock when I saw the note saying

Regular updates have ended for this device

Although its still night and day from some of the devices I have owned in the past. For example my work Nokia 8 is still stuck with Android 9 (Pie).

Signal or Threema or how about both?

I have been a fan and person encouraging the use of signal over the likes of whatsapp. Its been good to me but like every piece of software there are things I would change about them. For example the whole pin code thing is not only concerning but also a real challenge for casual users.

The pin code thing and phone number thing is not that much of a concern for most but I’ve been keeping an eye on others coming into the space. Threema is one such messaging app which seems to have all the privacy and security needed backed with its strong European base in Switzerland.

I wrote it off in my mind because it didn’t have a open code base for security  experts to view openly. However that recently changed with them opensourcing the code base.

Because of this change I’m relooking at the Threema, although I don’t think I’ll be dumping Signal as a result but rather using both?

I finally bought the Oura smart ring

Oura  vs Motiv smart rings

I decided its about time I upgraded my smart ring. I originally bought the Motiv ring because it supported Android, had a better price tag and was interested in the 2 factor authentication.

It was good but then I hit a problem about 6 months down the line and although Motiv did the right thing of refunding me completely and letting me keep the ring. It certainly felt like it was on its way to unsupported space with the new owners.

Oura vs Motiv smart rings

So with the new Oura being a bit cheaper and finally some proper Android support, I decided its time.

First impressions are very good, the app is better than Motiv’s and the ring feels a lot more robust. It has 3 different contact points while the Motiv has one. I took the risk of skipping the ring sizing as I knew my size from the Motiv ring. Luckily they were very close but the Oura is a bit bigger giving me more options of fingers to use.

The app now finally syncs with Google fit (one of the biggest complaints for Android owners). I also noticed there is the ability to download the raw data in Json format. I do find the app a little messy but its got all what is needed and if not you can login on the web and see/manage your data.

Oura's charger

If I was going to say one bad thing about it, it would be simply the charger is quite big compared to the Motiv one, which I was able to carry around on my keychain. But its not like I’m going away for a long while, and I noticed the airplane mode which is great.

Currently everyone is using Oura and its the right decision if you need the best tracker on the market. Just glad I didn’t get it when it was mainly iOS as it would have been extremely annoying.

Looking forward to seeing its sleep tracking as the Motiv was pretty awful. Thankfully I use Sleep as Android.

Checking for Spy Cameras everywhere…

I recently been tracking a lot of Spycams in hotels and airbnb’s. Yes its currently mainly happening in the east a lot more it seems, but like most technological trends its on the way westward.

It very much reminds me of my experience in the Airbnb in Barcelona. Yes its was a listening device and they did declare it once we were in the flat but its not good enough. Airbnb is the wild west for this.

The spycameras are getting super small and higher quality all the time. For the last year I have been checking my hotel rooms (pre-covid19 when I could travel) with my camera phone and light. I’m not using an app but rather the camera light as my camera sees IR no problem. Theres some quite good tips in this travel site.

By the way, don’t search for “spycameras” on the web, as you will get some questionable results!

Epic games serves up some 1984 on the app stores

 

Epic battle unfolds

Its been a Epic (Pun intended) battle going back and forth for Epic games and the app stores (Apple & Google).

For mobile developers the 30% cut has been a talking point for a long while but the fact you can’t use other payment systems really put the foxes in the hen house. I won’t get into details as there are others which do a much better job. I love this timeline

But I found the Fortnite 1984 trailer absolutely spot on. Pointing directly at Apple and their classic 1984 advert.  Although to be fair like most big companies, Epic isn’t clean in this area but the monopoly & closed doors of the app stores is a big deal. Its very clear Epic games planned the lawsuit, the 1984 and the trigger event in a perfectly planned check move (chess).

Shall we get the popcorn ready for this clash of the titans?

Regardless of what happens, I’m sure mobile developers will massively benefit from Epic pulling the trigger. Of course many other big names have also jumped in behind Epic.

Google silently puts a knife into the Pixel 4

The view of the red moon through my window
Shot on a Google Pixel4 through my living room glass with nothing special

The Google pixel 4A looks like a really good phone and reminds me of the Nexus 5x in price and style. I won’t lie, the battery size and onboard storage certainly impressive compared to the Pixel4.

I’m still impressed with the Pixel4’s camera and its still good for me so far. But I noticed its currently leaving me with 50% battery at the end of the day. Its ok but remember I’m not really going out much at the moment. No idea what it would be like when I’m out and about again?

Its clear to me, that although I like the Pixel range, I would go for something like the One plus phone next time around. I mean look at the Pixel4a vs the Oneplus Nord?

One decision I have made is I will most likely this time around fit a new battery in the next 9 months. No idea why I didn’t do it for the Pixel2.

 

Why NHS’s world-beating app was always a going to be awful but 10+ million!

Contact tracing api
Photo by Mika Baumeister on Unsplash

Even if you forget the thoughts are coming from a ex-googler who has interests elsewhere this blog is pretty damming and I  can imagine how the NHS really bought their own nonsense about it being world beating. Of course in the end they had to back pedal and use the Google & Apple decentralised contact tracing api.

But there are parts even I was shocked at…

It worked 4% of the time.

Thats not even funny, its not just unreliable but a total waste of time. Even if thats exaggerated, double would still be a bad joke at 8%

The British effort did find workarounds that most other developers could not: They used “keepalives” (messages sent by one device to another) to circumvent restrictions on having apps in the background on iOS. Notifications were sent between two Apple devices running the app to keep the connection between the devices alive and therefore having the ability to detect each other’s keys. The NHS tried to develop with a hacker’s mentality and shared its progress through its GitHub page.

There is a reason why keepalives are a bad idea, battery is one of the number one reasons why people find their smartphones deeply frustrating. Having a app keeping the system awake is just a terrible news. Although I assume as most people are staying at home, they will be closer to a charger at least

in May it was reported by the Financial Times that the British government was simultaneously exploring a solution with Apple and Google’s decentralized system as a backup, indicating that, even within the government, there were doubts that the centralized effort could work.

And this is when I heard they were testing both systems, leading to the fact they were going to drop the centralised app soon. This would be fine but…

The development of the app has taken months and cost millions of pounds from taxpayers…

…around $15 million spent…

I have no words to sum how I feel about the UK government throwing this money down the drain in the middle of a pandemic where people are losing their jobs and dying. Its not just wasteful, its incredibly disgraceful and pretty much sums up the UK government right now.

Signal what are you up to?

I love Signal and never used Whatsapp because of many reasons included in this great opinion piece. Its gotten better and better but the recent pin number is a worry. I’m not the only one.

“Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with,” Signal wrote in 2016.

That, according to critics, has now changed.

“They should have a dumb network that knows nothing because it can’t be compromised then,” The Grugq told Motherboard. “[Having contacts] is a lot. It isn’t messages, sure. But I don’t like it. I don’t want them to have anything. Make the networks dumb and the clients smart.”

I do understand why they have done it, but I don’t know where its going next. Marlnspike (head dev of Signal) replies.

Marlinspike defended the decision to enable PINs and give users a way to migrate to a new device and keep certain data, and will increase the security of users’ metadata, “new features Signal users have been asking for.”

“The purpose of PINs is to enable upcoming features like communicating without sharing your phone number. When that is released, your Signal contacts won’t be able to live in the address book on your phone anymore, since they may not have phone numbers associated with them,” Marlinspike told Motherboard. “For most users, this also increases the security of their metadata. Most people’s address book is syncing with Google or Apple, so this change will prevent Google and Apple from having access to your Signal contacts.”

Smartphone use
Photo by Gilles Lambert on Unsplash

The changes Signal has made show how there can be a tension between messenger usability and feature set and security. It’s too early to say whether you should stop using the messenger. For most users’ threat models, it’s still one of the best options. But one of the key things that set Signal apart—that it collects almost no information about its users, appears to be changing.

Convenience is the enemy of security and I would say privacy. I wouldn’t be surprised if signal gets forked.

It was always clear to me Twitter direct messages was never secure in anyway, hence why I tried to move private conversations over to another medium. If thats not email or signal what else? Recently I have been looking at a couple others…

Session which is decentralised messaging and Criptext, which is actually secure email. Both need work but have decent security.