Browser makers Apple, Google, Microsoft, and Mozilla, have banned a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan (formerly Astana). From a report: The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices. While users were able to access most foreign-hosted sites, access was blocked to sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix, unless they had the certificate installed. Kazakh officials justified their actions claiming they were carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies. Officials cited that cyberattacks targeting "Kazakhstan's segment of the internet" grew 2.7 times during the current COVID-19 pandemic as the primary reason for launching the exercise. The government's explanation did, however, make zero technical sense, as certificates can't prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers. After today's ban, even if users have the certificate installed, browsers like Chrome, Edge, Mozilla, and Safari, will refuse to use them, preventing Kazakh officials from intercepting user data.

Citizen Lab researchers say they have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation states. From a report: For more than the past year, London-based reporter Rania Dridi and at least 36 journalists, producers and executives working for the Al Jazeera news agency were targeted with a so-called "zero-click" attack that exploited a now-fixed vulnerability in Apple's iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link. Citizen Lab, the internet watchdog at the University of Toronto, was asked to investigate earlier this year after one of the victims, Al Jazeera investigative journalist Tamer Almisshal, suspected that his phone may have been hacked. In a technical report out Sunday and shared with TechCrunch, the researchers say they believe the journalists' iPhones were infected with the Pegasus spyware, developed by Israel-based NSO Group. The researchers analyzed Almisshal's iPhone and found it had between July and August connected to servers known to be used by NSO for delivering the Pegasus spyware. The device revealed a burst of network activity that suggests that the spyware may have been delivered silently over iMessage. Logs from the phone show that the spyware was likely able to secretly record the microphone and phone calls, take photos using the phone's camera, access the victim's passwords, and track the phone's location.

The MacRumors site writes: Facebook's recent criticism directed at Apple over an upcoming tracking-related privacy measure is "laughable," according to the Electronic Frontier Foundation (EFF), a non-profit organization that defends civil liberties in the digital world.

Facebook has claimed that Apple's new opt-in tracking policy will hurt small businesses who benefit from personalized advertising, but the EFF believes that Facebook's campaign against Apple is really about "what Facebook stands to lose if its users learn more about exactly what it and other data brokers are up to behind the scenes," noting that Facebook has "built a massive empire around the concept of tracking everything you do...." According to the EFF, a number of studies have shown that most of the money made from targeted advertising does not reach app developers, and instead goes to third-party data brokers like Facebook, Google, and lesser-known firms.

"Facebook touts itself in this case as protecting small businesses, and that couldn't be further from the truth," the EFF said. "Facebook has locked them into a situation in which they are forced to be sneaky and adverse to their own customers. The answer cannot be to defend that broken system at the cost of their own users' privacy and control."
"This is really about who benefits from the normalization of surveillance-powered advertising..." argues the EFF. And they ultimately come down in support of Apple's new privacy changes.

"Here, Apple is right and Facebook is wrong."

"New COVID-19 restrictions and worsening outbreaks have compelled Apple to temporarily close nearly one fifth of its retail stores during one of the busiest shopping weeks of the holiday season," reports 9to5Mac. 401 of Apple's 509 locations worldwide remain open as of publication. Most open locations in the US are limited to Express storefront pickup of online orders and Genius Support. Walk-in shopping and customers without an appointment are not accepted at Express locations.
The site also notes that Apple recently re-closed all 18 of its stores across Germany and the Netherlands. And the Verge confirms more store closings in the U.S. and around the world: Every California store, all four in Tennessee, all three in Utah, all four in Minnesota, two in Oklahoma, and the stores in Portland, Oregon; Anchorage, Alaska; Omaha, Nebraska; and Albuquerque, New Mexico are all closed this upcoming week — as well as the 16 additional stores in the U.K., Mexico and Brazil starting tomorrow, December 20th. It's not hard to guess why the stores are reclosing, particularly in California where COVID-19 saw its four deadliest days yet in a row last week as part of an ongoing surge, and in London where Prime Minister Boris Johnson has just put the city in emergency lockdown starting midnight.

The Verge reports: Firefox's latest update brings native support for Macs that run on Apple's Arm-based silicon, Mozilla announced on Tuesday. Mozilla claims that native Apple silicon support brings significant performance improvements: the browser apparently launches 2.5 times faster and web apps are twice as responsive than they were on the previous version of Firefox, which wasn't native to Apple's chips...

Firefox's support of Apple's Arm-based processors follows Chrome, which added support for Apple's new chips shortly after the M1-equipped MacBook Pro, MacBook Air, and Mac mini were released in November.
Firefox 84 will also be the very last release to support Adobe Flash, notes ZDNet, calling both developments "a reminder of the influence Apple co-founder Steve Jobs has had and continues to exert on software and hardware nine years after his death." Jobs wrote off Flash in 2010 as successful Adobe software but one that was a 'closed' product "created during the PC era — for PCs and mice" and not suitable for the then-brand-new iPad, nor any of its prior iPhones. Instead, Jobs said the future of the web was HTML5, JavaScript and CSS.

At the end of this year Google Chrome, Microsoft Edge and Apple Safari also drop support for Flash.

Senior Apple execs recently reflected in an interview with Om Malik what the M1 would have meant to Jobs had been alive today. "Steve used to say that we make the whole widget," Greg Joswiak, Apple's senior vice president of Worldwide Marketing told Malik.

"We've been making the whole widget for all our products, from the iPhone, to the iPads, to the watch. This was the final element to making the whole widget on the Mac."
ZDNet also notes that Firefox 84 offers WebRender, "Mozilla's faster GPU-based 2D rendering engine" for MacOS Big Sur, Windows devices with Intel Gen 6 GPUs, and Intel laptops running Windows 7 and 8. "Mozilla promises it will ship an accelerated rendering pipeline for Linux/GNOME/X11 users for the first time."

Firefox now also uses "more modern techniques for allocating shared memory on Linux," writes Mozilla, "improving performance and increasing compatibility with Docker."

And Firefox 85 will include a new network partitioning feature to make it harder for companies to track your web surfing.

Facebook added banner ads criticizing Apple into some of its iOS apps, 9to5Mac reports, in its ongoing war against Apple's new privacy changes: By tapping the Learn More button, the app opens an article written by Facebook in which the company says Apple's policies announced at WWDC 2020 with iOS 14 will "harm the growth of business and the free internet." Facebook refers both to the new App Store privacy labels and also an option in iOS 14 that prevents apps from tracking users.

The fact that Facebook is now showing these messages in its iOS apps criticizing Apple demonstrates that the company is trying to get popular appeal to change Apple's mind about its new App Store privacy rules. That's because Facebook is one of the companies that will be most impacted by Apple's new privacy policies as its social networks rely heavily on ads and personal data from users.

In a statement to 9to5Mac, Apple said it doesn't want to force Facebook to change its business model, but the company expects Facebook to be more transparent about how it collects data from users and let them choose whether or not to offer such data.

A judge has ordered Apple to produce Tim Cook and Craig Federighi to testify for the Apple versus Epic lawsuit, and they must produce required documents before the next hearing. From a report: The Apple versus Epic lawsuit continues as publicly filed court documents tell us a bit more about the upcoming trial. Epic wants Apple to produce extensive documentation surrounding the App Store and its operations, but there has been some deliberation as to how extensive this data needs to be, and who will present it. The document filed states that Apple will have a large burden placed on them to gather much of what Epic is asking for. The court sides with Apple here stating that Epic need not ask for more amplifying data unless absolutely necessary. The most important part of the court filing is who's going to be made available to represent Apple. Epic has requested that Tim Cook and Craig Federighi be made available for the hearing. Apple says that Tim Cook will be available, but requests his deposition be limited to four hours. Apple also requested that Eric Neuenshwander, who runs the App Store and reports to Craig Federighi, be present instead.

Facebook is stepping up its campaign against Apple's privacy changes with a second full-page newspaper ad today. This new ad claims Apple's iOS 14 privacy changes "will change the internet as we know it," and force websites and blogs "to start charging you subscription fees" or add in-app purchases due to a lack of personalized ads. From a report: It follows a similar full-page newspaper ad in the The Wall Street Journal, New York Times, and the Washington Post yesterday. Apple is planning to make changes to iOS 14 early next year that will require developers to ask for permission to gather data and track users across mobile apps and websites on an iPhone or iPad. Apple revealed how iOS 14 users will be prompted to opt into tracking in apps this week, noting that developers like Facebook can explain to users why they should allow tracking within the prompt. These changes will impact Facebook's lucrative ad business, but the social networking giant is framing them as something far larger that could impact small businesses. Unsurprisingly, Apple doesn't agree. "We believe that this is a simple matter of standing up for our users," said an Apple spokesperson in response to Facebook's first full-page newspaper ad yesterday. "Users should know when their data is being collected and shared across other apps and websites -- and they should have the choice to allow that or not."

A group of major U.S. news publishers have joined the Coalition for App Fairness (CAF), the advocacy group pushing for increased regulation over app stores and fair treatment for all developers. The publisher trade association now joining CAF is Digital Content Next, a representative for the AP, The New York Times, NPR, ESPN, Vox, The Washington Post, Meredith, Bloomberg, NBCU, The Financial Times, and many others. The organization is now the 50th member for CAF and the first to represent the news and media business in the U.S. From a report: It joins other media organizations who are already CAF members, including the European Publishers Council, News Media Europe, GESTE, and Schibsted, as well as CAF founding members like Basecamp, Blix, Blockchain.com, Deezer, Epic Games, Match Group, Prepear, Protonmail, Skydemon, Spotify, and Tile, plus a growing number of smaller developers. DCN's members, combined, reach an audience over over 223 million unique visitors and 100% of the U.S. online population, it says. Its publishers provide access to content on a subscription-based model that, according to its statements, Apple "severely impacts" by serving as an intermediary.

Microsoft is rolling out an update today that brings native support for Apple's M1 chip to the Windows productivity suite. "The apps getting the updates are Word, Excel, Outlook, PowerPoint, and OneNote," reports The Verge. "Notably absent, however, is Teams." From the report: The updates are making the apps universal ones -- meaning these versions will run on both Intel and Apple Silicon Macs, so any upcoming updates or features will be coming at the same time for both platforms. [...] Office users who have automatic updates turned on should have the new versions sometime today, and anyone else can update it through the Mac App Store or Microsoft's AutoUpdate software (depending on if you downloaded Office through the App Store or directly from Microsoft). Outlook users will get not only native Apple Silicon support, but support for iCloud accounts as well, allowing them to sync their email, contacts, and calendars to the app if they use Apple's service to store them. Teams isn't included in today's rollout of updates, but Microsoft says they're working on it. No timeline is available, though.

Todd Haselton from CNBC reviews Apple Fitness+, with some thoughts on how it compares with Peloton's similar app. Here's an excerpt from his report: Apple's subscription fitness app, Fitness+, launches Monday. I've been using it for the past several days and I think it offers a nice variety of workouts that people will like. You need an Apple Watch to take the prerecorded exercise classes, which are available on iPhones, iPads and the Apple TV. It's a smart way for Apple to make the Apple Watch even stickier. If people get really into the fitness classes, like I have, it will be yet another way Apple keeps people locked in to its ecosystem of products. Why buy another phone, tablet or watch if you really like Fitness+? It also comes at a great time, when people aren't in gyms and are at home looking for ways to exercise.

Like other fitness apps, including Peloton's, which starts at $12.99 a month for classes that don't need the company's connected spin bike, you don't need anything to use it. But, you'll get more out of it if you have any indoor cycle, treadmill, rowing machine or free weights, since some of the classes require equipment. But you don't need anything special. I've been riding a hand-me-down exercise bike, for example. Fitness+ costs $9.99 a month or $79.99 a year. It's also part of the Premier Apple One plan, which costs $29.95 per month, and includes other Apple products like Apple Music, Apple TV+ and extra iCloud storage bundled together at a discount.

Apple is officially launching its so-called "nutrition label" privacy disclosures for all iOS device owners running the latest version of iOS 14. The Verge reports: Apple says the new labels will be required for apps on all of its platforms -- that includes iOS, iPadOS, macOS, watchOS, and tvOS -- and they will have to be up to date and accurate every time a developer submits a new update. Apple is also holding itself to the same standard, something the company clarified last week when Facebook-owned WhatsApp criticized the company for an apparent inconsistency in its requirements, before Apple said it, too, will provide labels for all its own software. The company's own first-party apps will all have the same disclosures on their App Store product pages. In the event an app doesn't have an App Store product page because it cannot be removed, like the Messages app, Apple says it will be providing privacy label information on the web. Every piece of software on the App Store will also have its privacy label viewable on the web, too.

As for how the labels are structured, Apple has broken down data collection into three categories: "data used to track you," "data linked to you," and "data not linked to you." Tracking in this context means the app developer is linking data from the app -- like personal information, or data collected from your device, such as location data -- with other data from other companies' apps or websites for the purpose of targeted advertising or some other ad-related metric. Apple says it's also using the term tracking here to mean sharing user or device information with companies that sell it, like data brokers.

The "data linked to you" portion of the label is any data that can be used to identify you. That means data gleaned from using the app or having an account with the service or platform, and any data pulled from the device itself that could be used to create a profile for advertising purposes. "Data not linked to you" is the portion of the privacy label that clarifies when certain data types, like location data or browsing history, are not being linked to you in any identifiable fashion. Apple has specific, developer-focused information on the new labels at its developer portal page, with more general information available on the consumer-facing page.

The international news agency AFP reports on "a violent rampage at a Taiwanese-run iPhone factory in southern India" leading to over 100 arrests. About 2,000 workers were involved in the protest, reports the Verge, citing the Indian Express newspaper.

The workers are protesting over allegations of unpaid wages and exploitation, according to AFP. "Local media reported workers saying they had not been paid for up to four months and were being forced to do extra shifts..." Workers at the Taiwanese-run Wistron Infocomm Manufacturing near Bangalore smashed glass panels with rods and flipped cars on their side... CCTV cameras, fans and lights were torn down, while a car was set on fire, footage shared on social media showed...

A local trade union leader alleged that there was "brutal exploitation" of factory workers in sweatshop conditions at the iPhone manufacturing plant. "The state government has allowed the company to flout the basic rights," Satyanand, who uses one name, told The Hindu newspaper... Labour unrest is not uncommon in India, with workers paid poorly and given few or no social security benefits.

"Cloudflare, Apple, and Fastly have co-designed and proposed a new DNS standard to tackle ongoing privacy issues associated with DNS," reports ZDNet.

Cloudflare calls it "a practical approach for improving privacy" that "aims to improve the overall adoption of encrypted DNS protocols without compromising performance and user experience..." Third-parties, such as ISPs, find it more difficult to trace website visits when DNS over HTTPS (DoH) is enabled. DoH deployment is on the cards for many major browser providers, although rollout plans are ongoing. Now, Oblivious DNS over HTTPS (ODoH) has been proposed by Cloudflare — together with partners PCCW Global, Surf, and Equinix — to improve on these models by adding an additional layer of public key encryption and a network proxy...

The overall aim of ODoH is to decouple client proxies from resolvers. A network proxy is inserted between clients and DoH servers — such as Cloudflare's 1.1.1.1's public DNS resolver — and the combination of both this and public key encryption "guarantees that only the user has access to both the DNS messages and their own IP address at the same time," according to Cloudflare... "The client behaves as it does in DNS and DoH, but differs by encrypting queries for the target, and decrypting the target's responses..."

Test clients for the code have been provided to the open source community to encourage experimentation with the proposed standard. It can take years before support is enabled by vendors for new DNS standards, but Eric Rescorla, Firefox's CTO, has already indicated that Firefox will "experiment" with ODoH.

Apple has started building its own cellular modem for future devices, a move that would replace components from Qualcomm, Apple's top chip executive told staff on Thursday. From a report: Johny Srouji, Apple's senior vice president of hardware technologies, made the disclosure in a town hall meeting with Apple employees, according to people familiar with the comments. "This year, we kicked off the development of our first internal cellular modem which will enable another key strategic transition," he said. "Long-term strategic investments like these are a critical part of enabling our products and making sure we have a rich pipeline of innovative technologies for our future." A cellular modem is one of the most important parts of a smartphone, enabling phone calls and connection to the internet via cellular networks. Srouji said the $1 billion acquisition of Intel's modem business in 2019 helped Apple build a team of hardware and software engineers to develop its own cellular modem.

Apple has moved its self-driving car unit under the leadership of top artificial intelligence executive John Giannandrea, who will oversee the company's continued work on an autonomous system that could eventually be used in its own car, Bloomberg reports. From the report: The project, known as Titan, is run day-to-day by Doug Field. His team of hundreds of engineers have moved to Giannandrea's artificial intelligence and machine-learning group, according to people familiar with the change. Previously, Field reported to Bob Mansfield, Apple's former senior vice president of hardware engineering. Mansfield has now fully retired from Apple, leading to Giannandrea taking over.

Giannandrea joined Apple in 2018 as its vice president of AI Strategy and Machine Learning before being promoted to Apple's executive team as a senior vice president later that year. He ran Google's machine-learning and search teams before that. At Apple, in addition to the car project, he is in charge of Siri and machine-learning technologies across Apple's products. Mansfield initially retired from Apple in 2012, only to return for less than a year as its senior vice president in charge of chip technology. Mansfield stepped down from that role in 2013 and then remained as a part-time consultant.

The iPhone's original -- and unofficial -- app store has sued Apple, accusing the company of having a monopoly on the distribution of apps. Cydia, an app store created and launched in 2007 by Jay "Saurik" Freeman, one of the original jailbreakers filed the lawsuit against Apple on Thursday. From a report: "Were it not for Apple's anti competitive acquisition and maintenance of an illegal monopoly over iOS app distribution, users today would actually be able to choose how and where to locate and obtain iOS apps, and developers would be able to use the iOS app distributor of their choice," the lawsuit reads. Before Apple created the App Store, Freeman and a group of iPhone hackers created an unofficial app store where users that were willing to jailbreak -- a technique to exploit one or more bug to disable the iPhone security mechanism called code-signing enforcement that allows for only Apple-approved code to run on the phone -- could download and install apps. In 2010, according to Freeman, Cydia had around 4.5 million users.

Wayne Ma, reporting for The Information [Editor's note: the link may be paywalled; alternative source]: In 2014, Apple executives became alarmed when China enacted a new labor law meant to protect workers' rights. The law required that no more than 10% of a factory's workforce be temporary workers. Typically these employees have fewer benefits and legal protections than permanent ones, but Apple's suppliers increasingly relied on them in China's tightening labor market. Apple surveyed 362 of its supplier factories in China that year and discovered that nearly half were over the quota for temporary workers. Eighty factories used temporary workers for more than half their labor force, according to an internal Apple presentation reviewed by The Information. Apple asked its suppliers to come up with plans to reduce their use of temporary workers by a March 2016 deadline, when a two-year grace period for the law expired. However, by the time the law went into effect, little progress had been made.

According to four former Apple employees familiar with its labor issues, Apple for years took no major action against its suppliers for violating the temp-worker labor law out of concerns it would create costs, drain resources and delay product launches. Three of the ex-Apple employees were members of its supplier responsibility team, which is in charge of monitoring violations and enforcing penalties, while the fourth was a senior manager familiar with its operations in China. The former employees, as well as a review of internal Apple presentations and the company's own data on factory hiring between 2013 and 2018, suggests that Apple's strategy for managing its supply chain made it difficult for its three biggest contract manufacturers -- Foxconn Technology, Quanta Computer and Pegatron -- to remain compliant with the labor restrictions. The issue surfaced again publicly last year when Apple admitted that Foxconn had broken the law at its massive iPhone factory in Zhengzhou, which can employ as many as 300,000 workers. Apple says it requires suppliers to abide by local laws and pledges to remove those that won't comply.

Right after the Apple event in October, Samsung mocked the company for not including the power adapter in the iPhone 12 box and also removing it from the older models. Now, as some rumors have predicted, the Galaxy S21's documentation suggests that it will also not come with a charger included in the box. 9to5Mac reports: As reported by Brazilian website Tecnoblog, the new Galaxy S21, Galaxy S21+, and Galaxy S21 Ultra have just been approved by ANATEL in Brazil, which is the equivalent agency to the FCC in the United States. The new devices have the codenames SM-G991B/DS, SM-G996B/DS, and SM-G998B/DS, respectively. While the documentation filed at ANATEL doesn't reveal much detail about upcoming Galaxy smartphones, it does reveal a noteworthy change in the lineup of Samsung's phones for the next year. ANATEL says that all three new Galaxy S21 models will not have a charger included in the box. Headphones will not be included either.

More than a week after Black Friday, Apple's announced its AirPods Max over-ear headphones for $549. It's available for preorder now, and will ship Dec. 15. From a report: Apple said its AirPods Max are designed with similar features to its $249 in-ear AirPods Pro, but in an over-ear design. As a result, it offers many of the same features as its AirPods cousins, including simple setup and connections, active noise cancellation, transparency mode to pipe sound from the outside world into your ears along with whatever you're listening to, and "spatial" simulated surround-sound audio. It also comes in five colors, including silver, green and pink. "With AirPods Max, we are bringing that magical AirPods experience to a stunning over-ear design with high-fidelity audio," said Greg Joswiak, Apple's senior vice president of Worldwide Marketing, in a statement Tuesday.