Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the "Block connections without VPN," or "Always-on VPN," features is enabled. BleepingComputer reports: The data being leaked outside VPN tunnels includes source IP addresses, DNS lookups, HTTPS traffic, and likely also NTP traffic. This behavior is built into the Android operating system and is a design choice. However, Android users likely didn't know this until now due to the inaccurate description of the "VPN Lockdown" features in Android's documentation. Mullvad discovered the issue during a security audit that hasn't been published yet, issuing a warning yesterday to raise awareness on the matter and apply additional pressure on Google.

Android offers a setting under "Network & Internet" to block network connections unless you're using a VPN. This feature is designed to prevent accidental leaks of the user's actual IP address if the VPN connection is interrupted or drops suddenly. Unfortunately, this feature is undercut by the need to accommodate special cases like identifying captive portals (like hotel WiFi) that must be checked before the user can log in or when using split-tunnel features. This is why Android is configured to leak some data upon connecting to a new WiFi network, regardless of whether you enabled the "Block connections without VPN" setting.

Mullvad reported the issue to Google, requesting the addition of an option to disable connectivity checks. "This is a feature request for adding the option to disable connectivity checks while "Block connections without VPN" (from now on lockdown) is enabled for a VPN app," explains Mullvad in a feature request on Google's Issue Tracker. "This option should be added as the current VPN lockdown behavior is to leaks connectivity check traffic (see this issue for incorrect documentation) which is not expected and might impact user privacy." In response to Mullvad's request, a Google engineer said this is the intended functionality and that it would not be fixed for the following reasons:

- Many VPNs actually rely on the results of these connectivity checks to function,
- The checks are neither the only nor the riskiest exemptions from VPN connections,
- The privacy impact is minimal, if not insignificant, because the leaked information is already available from the L2 connection.

Mullvad countered these points and the case remains open.

Android Developers Blog: Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don't leak in server breaches, and protect users from phishing attacks. Passkeys are built on industry standards and work across different operating systems and browser ecosystems, and can be used for both websites and apps. Passkeys follow already familiar UX patterns, and build on the existing experience of password autofill. For end-users, using one is similar to using a saved password today, where they simply confirm with their existing device screen lock such as their fingerprint. Passkeys on users' phones and computers are backed up and synced through the cloud to prevent lockouts in the case of device loss. Additionally, users can use passkeys stored on their phone to sign in to apps and websites on other nearby devices.

Today's announcement is a major milestone in our work with passkeys, and enables two key capabilities: Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager. Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms. To try this today, developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels later this year. Our next milestone in 2022 will be an API for native Android apps. Passkeys created through the web API will work seamlessly with apps affiliated with the same domain, and vice versa. The native API will give apps a unified way to let the user pick either a passkey or a saved password. Seamless, familiar UX for both passwords and passkeys helps users and developers gradually transition to passkeys.

For the end-user, creating a passkey requires just two steps: (1) confirm the passkey account information, and (2) present their fingerprint, face, or screen lock when prompted. Signing in is just as simple: (1) The user selects the account they want to sign in to, and (2) presents their fingerprint, face, or screen lock when prompted. A passkey on a phone can also be used to sign in on a nearby device. For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac. Similarly, passkey support in Chrome means that a Chrome user, for example on Windows, can do the same using a passkey stored on their iOS device. Since passkeys are built on industry standards, this works across different platforms and browsers - including Windows, macOS and iOS, and ChromeOS, with a uniform user experience.

Epic Games and Match Group are looking to fortify their antitrust lawsuits against Google by adding new counts to their initial complaint, filed last year, which illustrate the lengths Google supposedly went to in order to dominate the Android app market. From a report: The companies on Friday filed a motion to amend their complaints in their cases against Google, which now allege that Google paid off business rivals not to start other app stores that would put them in competition with Google Play. This would be a direct violation of U.S. antitrust law known as the Sherman Act, the amended complaint states. [...] Now, Epic Games and Match Group are looking to add to their complaint with two new allegations specifying how Google had either paid or otherwise induced its potential competitors to agree to not distribute apps on Android in competition with the Play Store, including through their own competing app stores. Google, it says, had identified developers who were "most at risk...of attrition from Play" and then approached them with an offer of an agreement. The complaint now deems this a "per se" violation of Section 1 of the Sherman Act, which prohibits "every contract, combination in the form of trust or otherwise, or conspiracy, in restraint of trade or commerce among the several States, or with foreign nations," it says.

Samsung has confirmed the first third-party smart TV makers to ship with its Tizen operating system (OS), with several manufacturers preparing to launch Tizen-powered TVs this year across Europe and Australasia. From a report: Tizen, for the uninitiated, is a Linux-based OS hosted by the Linux Foundation for more than a decade, though Samsung has been the primary developer and driving force behind the project, using it across myriad devices, including smartwatches, kitchen appliances, cameras, smartphones and TVs.

Although Samsung has essentially abandoned Tizen in smartphones and smart watches, TVs have remained fertile ground for Tizen to flourish, chiefly due to the fact that Samsung is the biggest selling TV maker globally. But while recent figures from Dataxis show that Tizen's market share in 2020 was roughly one-third in terms of installation base, the number has been slowly creeping downward with the likes of Android TV and Roku edging upward.

Meta is warning Facebook users about hundreds of apps on Apple and Google's app stores that were specifically designed to steal login credentials to the social network app. From a report: The company says it's identified over 400 malicious apps disguised as games, photo editors, and other utilities and that it's notifying users who "may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials." According to Bloomberg, a million users were potentially affected. In its post, Meta says that the apps tricked people into downloading them with fake reviews and promises of useful functionality (both common tactics for other scam apps that are trying to take your money rather than your login info). But upon opening some of the apps, users were prompted to log in with Facebook before they could actually do anything -- if they did, the developers were able to steal their credentials.

An anonymous reader quotes a report from Ars Technica: Google is clawing its way back into wearable relevance. Today the company took the wraps off what is officially its first self-branded smartwatch: the Pixel Watch. Google started revamping its wearable platform, Wear OS, in partnership with Samsung. While Wear OS 3, the new version of Google's wearable platform, technically launched with the Galaxy Watch 4 last year, this is the first time we'll be seeing an unskinned version on a real device. First up: prices. Google is asking a lot here, with the Wi-Fi model going for $349 and the LTE version clocking in at $399. The Galaxy Watch 4, which has a better SoC, and the Apple Watch SE, which has a way, way better SoC, both start at $250. Google is creating an uphill battle for itself with this pricing.

Google and Samsung's partnership means the Pixel Watch is running a Samsung Exynos 9110 SoC, with a cheap Cortex M33 co-processor tacked on for low-power watch face updates and 24/7 stat tracking. This SoC is a 10 nm chip with two Cortex A53 cores and an Arm Mali T720 MP1 GPU. If you can't tell from those specs, this is a chip from 2018 that was first used in the original Samsung Galaxy Watch. For whatever reason, Google couldn't get Samsung's new chip from the Galaxy Watch 4, an Exynos W920 (a big upgrade at 5 nm, dual Cortex A55s, and a Mali-G68 MP2 GPU). It's hard to understand why this is so expensive.

The display is a fully circular 1.6-inch OLED with a density of 320 ppi (that should mean around 360 pixels across). The only size available is 41 mm, the cover is Gorilla Glass 5, and the body is stainless steel in silver, black, or gold. It has 2GB of RAM, 32GB of eMMC storage, NFC, GPS, only 2.4 GHz Wi-Fi 802.11n support (Wi-Fi 4), and a 294 mAh battery. For sensors, you get SPO2 blood oxygen, heart rate, and an ECG sensor. It's water-resistant to 5 ATM, which means you're good for submersion, hand washing, and most normal water exposure. Usually 10 ATM is preferred for serious sports swimming, but the Apple Watch is 5 ATM, and Apple does all sorts of swimming promos. Google's black UI background does a good job of hiding exactly how large the display is in relation to the body, but a few screenshots reveal just how big the bezels are around this thing. They are big. Real big. Like, hard-to-imagine-we're-still-doing-this-in-2022 big. Other things to note: the watch bands are proprietary, it'll be able to charge to 50 percent in 30 minutes, will work with any Android phone running version 8.0 and newer, and features Fitbit integration.

"Unlike the Pixel 7, which is expanding to 17 markets, the Pixel Watch is only for sale in eight countries: the US, Canada, UK, Germany, France, Australia, Japan, and Taiwan," adds Ars. "The watch is up for preorder today and ships October 13."

Further reading: Google Unveils Pixel 7 and Pixel 7 Pro Smartphones

Alphabet's Google on Thursday said its new Pixel phones will deliver improved voice and camera features while bringing back facial recognition for unlocking the device as it seeks to better compete with Apple and Samsung Electronics. From a report: The company's Pixel 7 and 7 Pro devices offer more affordable prices than the dominant duo of the mobile market, coming in at $599 and $899, respectively, and introduce the second generation of Google's in-house Tensor chip. The 6.7-inch Pro version has an additional zoom camera, better display and more memory than the 6.3-inch Pixel 7.

Google's Pixel phones every year serve as the showcase for the company's latest Android software and artificial intelligence-based services, such as the Google Assistant. They demonstrate how Google hopes device-making partners will best use its operating system. Google continues developing its own hardware, which has only ever sold in small numbers, in part as insurance against missteps by Samsung, the only credible Apple rival in the US. Google AI shows up in the upgraded language-processing capabilities of its latest software. The Recorder app for voice memos can now automatically label different speakers in transcriptions, and transcriptions are also being added to audio messages in the new Pixels' messaging app.

Apple's App Store net revenue fell about 5% in September, according to Morgan Stanley, the steepest drop for the business since the bank started modeling the data in 2015. From a report: The App Store saw declines in markets including the U.S., Canada and Japan, Morgan Stanley analyst Erik Woodring wrote in a report Monday. His analysis was based on data from Sensor Tower, a firm that tracks app downloads and sales. Morgan Stanley said the main culprit for the drop was gaming revenue, which was down 14% in September, according to the data.

Apple customers may be spending less due to economic concerns, Woodring wrote. Across much of the globe, consumers are facing soaring inflation and recessionary risks. "We believe the recent App Store results make clear that the global consumer has somewhat de-emphasized App Store spending in the near-term as discretionary income is reallocated to areas of pent-up demand," Woodring wrote in the note. Morgan Stanley analysts also expect to see a drop in sales on Google Play, the primary Android app store. They estimate revenue there fell 9% in September.

The Pixel 4 is officially hitting its end of life this month after three short years of service. We sometimes see these dead Google phones get one more wrap-up update before Google cuts the cord, but the Android October 2022 update is the end of the line here. From a report: The Pixel 4 was a big batch of Google experiments passed off as a consumer product, and we did not take kindly to it. It was the first (and only) Google phone to attempt to copy Apple's FaceID by using a grid of IR dots and extra hardware to scan the user's face. The system was much slower than the fingerprint reader on the Pixel 3, and it oddly worked on sleeping people for several months after launch.

The Pixel 4 was the first and only Google phone to integrate "Project Soli," a tiny Google radar chip that can detect motion. The laboratory versions of Soli promised that the technology could capture "sub millimeter motions of your fingers," but the commercial implementation in the Pixel 4 could only (sometimes) capture giant arm movements. Soli lives on in Google smart displays for sleep tracking, but the phone version is dead. Combine that with very high prices for the two device sizes ($800 and $900) and very small batteries (2800 mAh and 3700 mAh), and you have the makings of a very bad device.

Google Translate, one of Google's last remaining products in China, has been shut down "due to low usage." According to CNBC, "The dedicated mainland China website for Google Translate now redirects users to the Hong Kong version of the service. However, this is not accessible from mainland China." From the report: Google has had a fraught relationship with the Chinese market. The U.S. technology giant pulled its search engine from China in 2010 because of strict government censorship online. Its other services -- such as Google Maps and Gmail -- are also effectively blocked by the Chinese government. As a result, local competitors such as search engine Baidu and social media and gaming giant Tencent have come to dominate the Chinese internet landscape in areas from search to translation.

Google has a very limited presence in China these days. Some of its hardware including smartphones are made in China. But The New York Times reported last month that Google has shifted some production of its Pixel smartphones to Vietnam. The company is also looking to try to get Chinese developers to make apps for its Android operating system globally that will then be available via the Google Play Store, even though that's blocked in China. In 2018, Google was exploring reentering China with its search engine, but ultimately scrapped that project after backlash from employees and politicians.

An anonymous reader quotes a report from The Verge: Automattic CEO Matt Mullenweg would like you to please stop asking Tumblr to bring back porn because it isn't going to happen. After widespread and inaccurate speculation that Tumblr would lift its ban on adult content, Mullenweg posted a long explanation yesterday of why Tumblr will never go back to the old days. Or, in his words: "the casually porn-friendly era of the early internet is currently impossible." That doesn't mean Tumblr's policies will stay the same. Mullenweg has said before that Automattic (which bought Tumblr in 2019) wants to loosen the rules its old owner Verizon implemented in 2018, and he reiterated that here, echoing comments he made earlier this week. Verizon's ban "took out not only porn but also a ton of art and artists," Mullenweg wrote in his post. "This policy is currently still in place, though the Tumblr and Automattic teams are working to make it more open and common-sense." Tumblr is supposed to implement those policies soon, putting the site more in line with Automattic's WordPress.com blogging platform.

"That said, no modern internet service in 2022 can have the rules that Tumblr did in 2007," Mullenweg wrote, quoting Tumblr's old liberal policy slogan. (If you're wondering, it was "go nuts, show nuts.") "I agree with 'go nuts, show nuts' in principle, but the casually porn-friendly era of the early internet is currently impossible." On Tumblr, that era helped produce a lot of unique, often queer, blogs with sexual content. The 2018 ban changed the tenor of the site for good -- and this week, many users were enthusiastically but prematurely celebrating its end. Why is returning to that era impossible? For now, it's largely because of intermediaries that play a massive role in how people access the web. Payment processors have long been leery of adult content, and they've stepped up enforcement in recent years, in part because of concerns about child abuse and nonconsensual pornography. Apple's iOS App Store has been staunchly opposed to it since launch. And without those two pieces of infrastructure, running a for-profit site is incredibly difficult. "If Apple permanently banned Tumblr from the App Store, we'd probably have to shut the service down," Mullenweg noted. Some nonprofit sites that do allow things like explicit artwork -- primarily the Archive of Our Own fanworks site -- have remained persistently web-only despite years of requests for apps. [...]

If you reached this article through Twitter or Reddit, you might have a fairly obvious question right now, and Mullenweg raises it: why can both those platforms, fairly unusually for modern social networks, allow a lot of porn? "Ask Apple, because I don't know," says Mullenweg. He speculates that Tumblr and Reddit are both too big to ban -- although Apple has forced moderation changes even for giant services like Facebook. The overall upshot, to Mullenweg, is this: "If you wanted to start an adult social network in 2022, you'd need to be web-only on iOS and side-load on Android, take payment in crypto, have a way to convert crypto to fiat for business operations without being blocked, do a ton of work in age and identity verification and compliance so you don't go to jail, protect all of that identity information so you don't dox your users, and make a ton of money. I do hope that a dedicated service or company is started that will replace what people used to get from porn on Tumblr. It may already exist and I don't know about it. They'll have an uphill battle under current regimes, and if you think that's a bad thing please try to change the regimes. Don't attack companies following legal and business realities as they exist."

An anonymous reader shares a report: Questions about what's going on with Microsoft's support of the predictive SwifKey keyboard app for iOS have been bubbling up over the past few weeks. A Reddit thread from a month ago highlighted the lack of updates to the app for more than a year. When a reader asked recently for an update on the situation, I asked Microsoft. The official word is in. On September 28, a spokesperson emailed the following statement, attributable to Chris Wolfe, Director Product Management at SwiftKey: "As of October 5, support for SwiftKey iOS will end and it will be delisted from the Apple App Store. Microsoft will continue support for SwiftKey Android as well as the underlying technology that powers the Windows touch keyboard. For those customers who have SwiftKey installed on iOS, it will continue to work until it is manually uninstalled or a user gets a new device. Please visit Support.SwiftKey.com for more information." I asked for the official reason why Microsoft had made this decision and was told officials had nothing more to say.

During Intel's Innovation keynote today, Samsung Display showed off a prototype PC that slides from a 13-inch tablet into a 17-inch display. Intel also announced that it's been experimenting with slidable PC form factors. The Verge reports: The prototype device that Samsung Display and Intel have shown off today essentially turns a 13-inch tablet into a 17-inch monitor with a flexible display and a sliding mechanism. Intel was quick to demonstrate its new Unison software on this display, which aims to connect Intel-powered computers to smartphones -- including iPhones. The slidable PC itself is just a concept for now, and there's no word from Intel or Samsung Display on when it will become a reality.

Intel has announced an intriguing new app called Unison, which aims to "seamlessly" connect Intel-powered computers to smartphones -- not just Android phones but iOS devices as well. From a report: Following what Intel says is a "simple pairing process," the Unison app will allow PCs to replicate four key features of the connected phone. They can answer and make calls; they can share photos and files (pictures taken with the phone will show up in a specific Unison gallery on the PC); they can send and receive texts; and they can receive (and, in some cases, respond to) notifications that the phone receives -- though if Unison is closed, they'll go to the Windows notification center. "The advantage we can bring to a PC user that's got a well-designed Windows PC is not having to choose their device based on the PC they have. They have an iPhone, they have an Android phone, any device they want to use will be able to connect with this capability," Josh Newman, Intel's VP of mobile innovation, told The Verge. "When you're ... on your laptop, and you get notifications or texts on your phone, you can keep it in your bag and get right back into the flow of your work."

An anonymous reader shares a report: Are smartphones ever entirely secure? It depends on one's definition of "secure," particularly when dealing with corporate environments. Most companies with bring-your-own-device policies install apps or agents on workers' smartphones to help secure them, leveraging the management capabilities built into operating systems like Android and iOS. But those might not be sufficient. That's what Cloudflare argues, anyway, in the pitch for the new services it's launching this week. Today, the company announced Zero Trust SIM and Zero Trust for Mobile Operators, two product offerings targeting smartphone users, the companies securing corporate phones and the carriers selling data services. Let's start with Zero Trust SIM. Designed to secure all data packets leaving a smartphone, Zero Trust SIM -- once launched in the U.S. (to start) -- will be available as an eSIM deployable via existing mobile device management platforms to both iOS and Android devices. It'll be locked to a specific device, mitigating the risk of SIM-swapping attacks, and usable either in a standalone configuration or in tandem with Cloudflare's mobile agent, WARP.

In a recent email interview, Cloudflare CTO John Graham-Cumming made the case that Zero Trust SIM can accomplish what VPNs and other secure layers can't: cell-level protection. A SIM card can act as another security factor, and -- in combination with hardware keys -- make it nearly impossible to impersonate an employee, he argued. "Zero Trust SIM provides defense in depth. A VPN layer is one of those components, but doesn't remove the need to still deploy cellular connectivity across all of your mobile devices today, and traditional 'AnyConnect-style' VPNs do nothing to stop attackers moving laterally once they're inside the VPN," Graham-Cumming said. "We continue to see organizations breached due to challenges securing their applications and networks, and what was once a real-estate budget is quickly becoming a 'secure my remote and distributed workforce' budget from an IT security perspective." Specifically, Graham-Cumming said that Zero Trust SIM will enable Cloudflare to rewrite DNS requests leaving a device to instead use Cloudflare Gateway for DNS filtering.

New submitter cj9er writes: Considering all the privacy issues in today's online climate (all the issues with Meta right now), what is the best high-end smartphone to select?

Apple: No way they don't sell your data... Sure, they have privacy for third-party apps, but what about the data they collect from the phone itself? Consider what the revenue is on a single smartphone (say $150), how do you think they have all that cash on hand?

Google: Yeah right, Pixel is probably collecting [data] 24/7 considering their main business is selling ads on Search. They have developed the Pixel line because they probably realized they were missing out on the direct collection of data from their own hardware (cut out the middle players using Android).

Samsung: Their TVs even collect and sell data on you. I don't really understand the price premium on Galaxy phones anyways.

I have kept my data and Wi-Fi turned off on my phones for years. Initially it was for battery reasons but now add in data collection. Ultimately, if we could turn off the GPS feature at will on our phones, maybe we could prevent all tracking (except for cellular triangulation). If we then think about safety, GPS is great and now with satellite-tracking on Apple phones, even better. But then what is going on behind the scenes 99.99% of the rest of the time when you don't require those options for safety reasons?

What phone manufacturer can be trusted?

As antitrust regulators around the world dial up scrutiny of platform power, Mozilla has published a piece of research digging into the at times subtle yet always insidious ways operating systems exert influence to keep consumers locked to using their own-brand browsers rather than seeking out and switching to independent options -- while simultaneously warning that competition in the browser market is vital to ensure innovation and choice for consumers and, more broadly, protect the vitality of the open web against the commercial giants trying to wall it up. TechCrunch: "Billions of people across the globe are dependent on operating systems from the largest technology companies. Amazon, Apple, Google, Microsoft and Meta each provide their own browser on their operating systems and each of them uses their gatekeeper position provider to preference their own browsers over independent rivals. Whether it is Microsoft pushing Firefox users to switch their default on Windows computers, Apple restricting the functionality of rival browsers on iOS smartphones or Google failing to apply default browser settings across Android, there are countless examples of independent browsers being inhibited by the operating systems on which they are dependent," Mozilla writes in a summary of its findings. "This matters because American consumers and society as a whole suffer. Not only do people lose the ability to determine their own online experiences but they also receive less innovative and lower quality products. In addition, they can be forced to accept poorer privacy outcomes and even unfair contracts. By contrast, competition from independent browsers can help to drive new features, as well as innovation in areas like privacy and security."

Weeks after Twitter's ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn't close all of a user's active logged-in sessions on Android and iOS after an account's password was reset. From a report: This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance. Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user's Twitter account. In a blog post, Twitter explains that it had learned of the bug that had allowed "some" accounts to stay logged in on multiple devices after a user reset their password voluntarily. Typically, when a password reset occurs, the session token that keeps a user logged into the app is also revoked -- but that didn't take place on mobile devices, Twitter says. Web sessions, however, were not impacted and were closed appropriately, it noted.

Microsoft on Tuesday said it's starting to release the first major update to Windows 11, the current version of its PC operating system. The company said the update is aimed at making PCs easier and safer to use and improve productivity. Some excerpts detailing new features from Windows blog: Windows 11 brought a sense of ease to the PC, with an intuitive design people love. We're building on that foundation with new features to ensure the content and information you need is always at your fingertips, including updates to the Start menu, faster and more accurate search, Quick Settings, improved local and current events coverage in your Widgets board, and the No. 1 ask from you, tabs in File Explorer. All of this helps Windows anticipate your needs and save you time. [...] The PC has always been where people come to get things done -- especially when it comes to tackling complex tasks. With enhancements to Snap layouts, the new Focus feature, and performance and battery optimizations, the new Windows 11 2022 update will help you be your most productive yet. Snap layouts on Windows 11 have been a game changer for multitasking, helping people optimize their view when they need to have multiple apps or documents in front of them at the same time. With the new update, we're making Snap layouts more versatile with better touch navigation and the ability to snap multiple browser tabs in Microsoft Edge. We're introducing Focus sessions and Do Not Disturb to help you minimize distractions that pull you away from the task at hand.

[...] We also want to continue to make Windows the best place to play games. This update will deliver performance optimizations to improve latency and unlock features like Auto HDR and Variable Refresh Rate on windowed games. And with Game Pass built right into Windows 11 through the Xbox app, players can access hundreds of high-quality PC games. Having the right content fuels a great PC experience. A year ago, we redesigned the Microsoft Store on Windows to be more open and easier-to-use -- a one-stop shop for the apps, games and TV shows you love. Today, through our partnership with Amazon, we are expanding the Amazon Appstore Preview to international markets, bringing more than 20,000 Android apps and games to Windows 11 devices that meet the feature-specific hardware requirements. In addition to a growing catalog of apps and games, we are also excited to share that we are moving to the next stage of the Microsoft Store Ads pilot -- helping developers get content in front of the right customers. [...] Windows 11 provides layers of hardware and software integrated for powerful, out-of-the box protection from the moment you start your device -- and we're continuing to innovate. The new Microsoft Defender SmartScreen identifies when people are entering their Microsoft credentials into a malicious application or hacked website and alerts them.

Long-time Slashdot reader n3hat writes: The BBC reports that a thief has been emptying gym patrons' accounts by stealing their bank card and mobile phone, registering the account to the thief's own mobile, and emptying the victims' bank accounts. The thief works around 2-factor authentication by taking advantage of the victim's phone having been configured to show notifications on the lock screen, so the thief can view the 2FA credential even though they don't have the unlock code.

The article gives instructions on how to disable notifications on the lock screen, for both iPhone and Android.