Protests have broken out at Foxconn's vast iPhone factory in Zhengzhou, central China, as footage circulating on social media shows workers clashing with baton-wielding riot police and hazmat-suited officials. The Verge reports: The protests started after workers, who have been under strict covid lockdown for weeks, learned bonus payments would be delayed, reports The Wall Street Journal. Zhengzhou, known locally as "iPhone city," is home to an estimated 200,000 workers who are responsible for the vast majority of all iPhone production.

The Wall Street Journal reports that protests started on Tuesday evening near Foxconn employee accommodations at the Zhengzhou facility. Foxconn's strict covid controls have reportedly isolated its employees, forcing them to live and work on-site (with limited food and supplies) in order to prevent further outbreaks in Zhengzhou. Since October, many workers have escaped from the locked-down facility, leading Foxconn to promise incentives like higher salaries and bonuses to retain staff.

Video footage captured on Wednesday shows hundreds of workers protesting at the campus, chanting "give us our pay" while surrounded by riot police and people in hazmat suits. Livestream footage later that night saw protests escalating, with workers chanting "Defend our rights! Defend our rights!" as they confronted police officers, according to the Agence France-Presse news agency. "Foxconn never treats humans as humans," said another person in a social media video at the scene. Other workers captured on live streams said they were protesting over food shortages in addition to the delayed payments. "They changed the contract so that we could not get the subsidy as they had promised. They quarantine us but don't provide food," said one Foxconn worker during a live stream as reported by the BBC. "If they do not address our needs, we will keep fighting."

Having trouble falling asleep, a writer for Vulture pondered a study from February in the Journal of Sleep Research that "runs refreshingly counter to common sleep-and-screens wisdom." For years, science and conventional wisdom have stated unequivocally that looking at a device — like a smartphone, tablet, laptop, or television — before bed is akin to lighting years of your natural life on fire, then letting the flames consume your children, your community, and the very concept of human progress....

Specifically interested in the use of "entertainment media" (streaming services, video games, podcasts) before bed, [the new February study's] researchers asked a group of 58 adults to keep a sleep diary and found that, if participants consumed entertainment media in the hour before bed, the habit was associated with an earlier bedtime as well as more sleep overall (though the benefits diminished if participants binged for longer than an hour or multitasked on their phones). Essentially, these researchers explored screen use before bed as a form of relaxation rather than a form of self-harm, which is exactly how I and probably 5 billion other people use it — as a way of distracting our minds from the onslaught of material reality just before we drift off to temporary oblivion.
Vulture's writer interviews Dr. Morgan Ellithorpe, one of the authors of the Journal of Sleep Research study and an assistant professor in the Department of Communication at the University of Delaware who specializes in media psychology. Dr. Ellithorpe is a proponent of intentional media use as a way to relieve stress, but she tells me that, in her research, she's found that the worst types of media to absorb before bed are those that have no "stopping point" — Instagram, TikTok, shows designed to be binge-watched. If you intend to binge a show, that might be fine: "Making a plan and sticking to it seems to matter," she says. We agree that humans are famously bad at that, and that's where the problems begin. The solution, Dr. Ellithorpe says, is figuring out why we're on our screens and if that reason is "meaningful." Are we turning to a screen in order to recover from an eventful day? Because we want something to talk about with our friends? Because we're seeking, as she puts it, a moment of "hedonic enjoyment"? The key is that you must be able to recognize when that need is fulfilled. Then "you're likely to have a good experience, and you won't need to force yourself to stop. But it takes practice."

Dr. Ellithorpe cites several studies for me to review — on gratification, mood-management theory, selective exposure, and self-determination theory — all of which, to various extents, grapple with the notion that human beings can make decisions to use media for purposeful things. "There's this push now to realize that people aren't a monolith, and media uses that seem bad for some people can actually be really good for other people." Although many researchers like Dr. Ellithorpe and her cohort are onboard with this push, she admits that "the movement has not filtered out to the public yet. So the public is still on this kick of 'Oh, media's bad.'"

And that's a huge part of the issue. "We sabotage ourselves when it comes to benefiting from media because we've been taught in our society to feel guilty for spending leisure time with media," Dr. Ellithorpe says. "The research in this area suggests that people who want to use media to recover from stress, if they then feel bad about doing so, they don't actually get the benefit from the media use."

But even Dr. Ellithorpe is prone to unintentional sleep moralizing, saying she is often "bad" and "on her phone two seconds before I turn off the light." She recommends watching a "low-challenge show" before bed and, like Dr. Kennedy, cites Stranger Things specifically as a dangerous pre-bed content choice because "you have to keep track of all the characters, remember what happened three seasons ago, and it's emotionally charged. It might be difficult afterward to come down from that and go to bed." In the end, she suggests watching whatever you want as long as it doesn't delay your bedtime.

The iPhone 15 Pro models are in line for a massive upgrade to their wired transfer speeds with the switch to USB-C, according to noted analyst Ming-Chi Kuo. Unfortunately, he doesn't believe that benefit is coming to the regular 2023 iPhones. The Verge reports: He predicts that the 15 and 15 Plus will also swap in USB-C ports but, just like the 2022 10th-gen iPad, they'll be stuck with the same USB 2.0 speeds they had with Lighting. Kuo made the prediction in a series of tweets on Wednesday and says the information is from his "latest survey." (The analyst is known for getting information from supply chain sources.) He specified by predicting that the "15 Pro & 15 Pro Max will support at least USB 3.2 or Thunderbolt 3." If that's true, that'd mean they could transfer data at speeds up to 40 Gbps -- a boon for people who actually use the Pro phones to shoot a lot of ProRes video and raw photos, where even fast WiFi and cloud uploads aren't really a good substitute.

An anonymous reader quotes a report from ZDNet: For years, 5G wasn't able to deliver on its high-speed, low-latency promises. Things have changed. Today, 5G is finally delivering on its performance promises. A big reason for that, proclaimed Arpit Joshipura, the Linux Foundation's general manager of Networking, Edge, and IoT at ONE Summit North America, a networking trade show, is 5G's open-source networking foundation. Joshipura said, "The industry has surpassed the tipping point when it comes to leveraging open source for enabling digital transformation. Leading organizations are using our projects' code -- which continues to evolve and mature -- in real-world deployments to scale."

How big a tipping point? According to Joshipura, 5G deployment is now over 50%. And according to some analysts, by 2030, 5G will reach $7 trillion -- that's trillion, not billion -- in economic value. Behind all this, Joshipura said, "is a radical shift toward open networks and frameworks. This continues irrespective of economic and political headwinds. Indeed, open source is probably the only area that hasn't been impacted because of its ability to cross borders and boundaries to do what needs doing." The Linux Foundation is working on an End-to-End, 5G Super Blueprint to bring together a wide variety of open-source networking programs and projects.

"While still a work in progress, it maps out a way to bring together multiple open-source and cloud-native projects into a relatively simple 5G deployment map," adds ZDNet. "It's designed so that any telecom can put together a high-bandwidth, low-latency, scalable, and cost-effective digital networking infrastructure all the way from end-user devices to the edge to cloud applications."

In a statement in February, America's Federal Bureau of Investigation "confirmed that it obtained NSO Group's powerful Pegasus spyware" back in 2019, reported the Guardian. At the time the FBI added that "There was no operational use in support of any investigation, the FBI procured a limited licence for product testing and evaluation only."

"But dozens of internal F.B.I. documents and court records tell a different story," the New York Times reported today: The documents, produced in response to a Freedom of Information Act lawsuit brought by The New York Times against the bureau, show that F.B.I. officials made a push in late 2020 and the first half of 2021 to deploy the hacking tools — made by the Israeli spyware firm NSO — in its own criminal investigations. The officials developed advanced plans to brief the bureau's leadership, and drew up guidelines for federal prosecutors about how the F.B.I.'s use of hacking tools would need to be disclosed during criminal proceedings. It is unclear how the bureau was contemplating using Pegasus, and whether it was considering hacking the phones of American citizens, foreigners or both. In January, The Times revealed that F.B.I. officials had also tested the NSO tool Phantom, a version of Pegasus capable of hacking phones with U.S. numbers.

The F.B.I. eventually decided not to deploy Pegasus in criminal investigations in July 2021, amid a flurry of stories about how the hacking tool had been abused by governments across the globe. But the documents offer a glimpse at how the U.S. government — over two presidential administrations — wrestled with the promise and peril of a powerful cyberweapon. And, despite the F.B.I. decision not to use Pegasus, court documents indicate the bureau remains interested in potentially using spyware in future investigations. "Just because the F.B.I. ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals," stated a legal brief submitted on behalf of the F.B.I. late last month....

The specifics of why the bureau chose not to use Pegasus remain a mystery, but American officials have said that it was in large part because of mounting negative publicity about how the tool had been used by governments around the world.
The Times also notes two responses to their latest report. U.S. Senator Ron Wyden complained the FBI's earlier testimony about Pegasus was incomplete and misleading, and that the agency "owes Americans a clear explanation as to whether the future operational use of NSO tools is still on the table."

But an F.B.I. spokeswoman said "the director's testimony was accurate when given and remains true today — there has been no operational use of the NSO product to support any FBI investigation."

Thanks to long-time Slashdot reader crazyvas for suggesting the story.

"Apple is facing a class action lawsuit for allegedly harvesting iPhone user data even when the company's own privacy settings promise not to," reports Gizmodo: The suit, filed Thursday in California federal court, comes days after Gizmodo exclusively reported on research into how multiple iPhone apps send Apple analytics data, regardless of whether the iPhone Analytics privacy setting is turned on or off. The problem was spotted by two independent researchers at the software company Mysk, who found that the Apple App Store sends the company exhaustive information about nearly everything a user does in the app, despite a privacy setting, iPhone Analytics, which claims to "disable the sharing of Device Analytics altogether" when switched off.

Gizmodo asked the researchers to run additional tests on other iPhone apps, including Apple Music, Apple TV, Books, and Stocks. The researchers found that the problem persists across most of Apple's suite of built-in iPhone apps....

[I]n the tests, turning the iPhone Analytics setting off had no evident effect on the data collection, nor did any of the iPhone's other built-in settings meant to protect your privacy from Apple's data collection. Mysk's tests on the App Store found that Apple receives that data along with details that can identify you and your device, including ID numbers, what kind of phone you're using, your screen resolution, your keyboard languages and how you're connected to the internet — the kind of information commonly used for device fingerprinting.

David Pierce writes via The Verge: In the summer of 2019, Kevin Moody and Dennis Xu started meeting with investors to pitch their new app. They had this big idea about reshaping the way users' personal information moves around the internet, coalescing all their data into a single tool in a way that could actually work for them. But they quickly ran into a problem: all of their mock-ups and descriptions made it seem like they were building a note-taking app. And even in those hazy early days of product development -- before they had a prototype, a design, even a name -- they were crystal clear that this would not be a note-taking app. Instead, the founders wanted to create something much bigger. It would encompass all of your notes but also your interests, your viewing history, your works-in-progress. "Imagine if you had a Google search bar but for all nonpublic information," Xu says. "For every piece of information that was uniquely relevant to you."

That's what Moody and Xu were actually trying to build. So they kept tweaking the approach until it made sense. At one point, their app was going to be called NSFW, a half-joke that stood for "Notes and Search for Work," and for a while, it was called Supernote. But after a few meetings and months, they eventually landed on the name "Mem." Like Memex, a long-imagined device that humans could use to store their entire memory. Or like, well, memory. Either way, it's not a note-taking app. It's more like a protocol for private information, a way to pipe in everything that matters to you -- your email, your calendar events, your airline confirmations, your meeting notes, that idea you had on the train this morning -- and then automatically organize and make sense of it all. More importantly, it's meant to use cutting-edge AI to give all that information back to you at exactly the right time and in exactly the right place. [...]

So far, Mem is mostly a note-taking app. It's blisteringly fast and deliberately sparse -- mostly just a timeline of every mem (the company's parlance for an individual note) you've ever created or viewed, with a few simple ways to categorize and organize them. It does tasks and tags, but a full-featured project manager or Second Brain system this is not. But if you look carefully, the app already contains a few signs of where Mem is headed: a tool called Writer that can actually generate information for you, based on both its knowledge of the public internet and your personal information; AI features that summarize tweet threads for you; a sidebar that automatically displays mems related to what you're working on. All this still barely scratches the surface of what Mem wants to do and will need to do to be more than a note-taking app...

An anonymous reader quotes a report from Bloomberg: Apple has limited the AirDrop wireless file-sharing feature on iPhones in China after the mechanism was used by protesters to spread images to other iPhone owners. AirDrop allows the quick exchange of files like images, documents or videos between Apple devices. The latest version -- iOS 16.1.1, released Wednesday -- caps the window in which users can receive files from non-contacts at 10 minutes. The previous options didn't limit the time involved. Users could choose to get files from everyone, no one or just their contacts. After the 10-minute period expires, the system reverts to the mode where files can only be received from contacts. That means that individuals won't be able to get an AirDrop transfer from a stranger without actively turning on the feature in the preceding few minutes. It makes it harder for anyone seeking to distribute content and reach people in a discreet manner.

Apple made the change to AirDrop on iPhones sold in China. The shift came after protesters in the country used the service to spread posters opposing Xi Jinping and the Chinese government. The use of AirDrop to sidestep China's strict online censorship has been well-documented over the past three years and was highlighted again recently. Apple didn't comment on why the change was introduced in China, but said that it plans to roll out the new AirDrop setting globally in the coming year. The idea is to mitigate unwanted file sharing, the company said.

"Apple is working on a big change to how its Siri voice assistant works," reports the blog 9 to 5 Mac: While you currently have to say "Hey Siri" to activate the assistant hands-free, that may not be the case for much longer. Bloomberg reports today that Apple engineers are working to drop the "Hey" part of the phrase, so you'd only have to say "Siri" followed by a command to activate the assistant...

In the latest edition of his Power On newsletter, Bloomberg's Mark Gurman says that this is "a technical challenge that requires a significant amount of AI training and underlying engineering work." Apple has reportedly been working on this change for the last several months and hopes to roll it out either next year or in 2024 depending on the progress of development and testing....

Doing so would match what's offered by Amazon, where you simply have to say "Alexa" to trigger the assistant, not "Hey Alexa."
Although long-time Slashdot reader cstacy complains that already, "I can no longer discuss Amazon Alexa, because she hears just 'Alexa' and wakes up... That's not a feature, that's a bug! Not sure why Apple and Google would want to replicate that."

The Intercept reports that protesters in Iran "have often been left wondering how the government was able to track down their locations or gain access to their private communications — tactics that are frighteningly pervasive but whose mechanisms are virtually unknown."

But The Intercept now has evidence of a new possibility: While disconnecting broad swaths of the population from the web remains a favored blunt instrument of Iranian state censorship, the government has far more precise, sophisticated tools available as well. Part of Iran's data clampdown may be explained through the use of a system called "SIAM," a web program for remotely manipulating cellular connections made available to the Iranian Communications Regulatory Authority. The existence of SIAM and details of how the system works, reported here for the first time, are laid out in a series of internal documents from an Iranian cellular carrier that were obtained by The Intercept.

According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests — or those of tomorrow — an expert who reviewed the SIAM documents told The Intercept.

"SIAM can control if, where, when, and how users can communicate," explained Gary Miller, a mobile security researcher and fellow at the University of Toronto's Citizen Lab. "In this respect, this is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest."
Thanks to long-time Slashdot reader mspohr for submitting the article.

An anonymous reader quotes a report from Android Authority: It's been five years since the advent of the eSIM card on smartphones, and yet the computer in our pockets is still tied down to a plastic tab that hasn't changed all that much since its debut in 1991. What gives? [...] An eSIM-enabled phone can store multiple SIM cards on the device. It makes switching networks as simple as switching your Wi-Fi network, and that's anything but convenient for mobile operators. For users in areas with spotty connectivity or rural networks, easier switching to alternative operators means loss of business for major players like Verizon or AT&T. In markets like India, dual-wielding SIM cards for better data, voice, or preferential rates are exceptionally common. Taking away the friction involved in changing physical SIM cards carries the risk of losing a customer, and it's no secret that operators have been dragging their feet to avoid that.

Theoretically, setting up an eSIM on any network should be as straightforward as pointing your camera at a QR code and activating a line. In practice, that's rarely true. Verizon's support page suggests that Android users need to call up a support desk to activate an eSIM. iPhone users have it slightly easier and can directly add the line to the phone through Verizon's website. Meanwhile, Vodafone requires you to install an app. Finally, the likes of Airtel India ask you to play a game of the fastest finger first by requiring an SMS response within 60 seconds to proceed with adding an eSIM to your line. None of these are as simple as just popping out a tray and plopping in your SIM card.

Meanwhile, as internet-based calling, texting, and video messaging become the norm, carriers are left with increasingly few add-ons to increase revenues. Tack on sky-high spectrum prices for resources like 5G and eSIMs become even less enticing to carriers. Tangential features like premium-priced international roaming plans are yet another profit driver that eSIMs circumvent. When done right, getting started with an international eSIM can be a simple two to three-click process to get you onboarded and ongoing. My colleague Rita and I have had a fantastic experience with travel eSIM services like Airalo. When I tried out Airalo earlier this year, the process took just a few taps indicating that there was no real reason for eSIMs to be complicated. However, for most operators, that just isn't the case. While hard to quantify, this needless friction has certainly hampered consumer perception of eSIMs.

Long-time Slashdot reader UnderAttack writes: IoT devices are often stitched together from various odd libraries and features. The SANS Internet Storm Center has a story about a cat feeder that not only appears to reach out to Baidu.com every five minutes but also uses a vulnerable DNS library that uses repeating query ids allowing for simple spoofing not seen since the early dark years of DNS
The article, by a SANS.edu dean of research, concludes that "Some networking libraries use 'baidu.com' for internet connectivity checks. Even if the DNS lookup succeeds, there is no actual outbound connection in this case. The device is happy as long as an IP address is returned."

Samsung is starting to roll out a "Maintenance Mode" feature for its phones that's designed to keep your messages, photos, info, and accounts safe when you're getting your phone repaired. The Verge reports: According to Samsung's press release, Maintenance Mode basically creates a separate user account that will let someone access "core functions" of the phone without being able to see any of your data. That means a repair tech will still be able to test your phone, but you won't have to worry about them seeing anything they shouldn't. Once you get your phone back, you can unlock it to turn off Maintenance Mode, which will also undo anything that was done while the phone was being repaired (e.g., test photos will be erased, new apps will be uninstalled, and settings changes will be reversed).

Samsung says the feature will be "gradually rolling out over the next few months" to select phones running the Android 13-based One UI 5 -- if you want an idea of when your phone might be getting that update, check out this article. It'll also roll out to "more Galaxy devices" throughout next year. The company does warn, however, that the "timing of availability may vary by market, model and network provider," as updates can take a while to filter through carriers.

The availability of Comcast's promised internet speed boosts has a catch: users need to purchase a $25-per-month xFi Complete add-on. Ars Technica reports: "As markets launch, Xfinity Internet customers who subscribe to xFi Complete will have their upload speeds increased between 5 and 10 times faster," an announcement last week said. "xFi Complete includes an xFi gateway, advanced cybersecurity protection at home and on the go, tech auto-upgrades for a new gateway after three years, and wall-to-wall Wi-Fi coverage with an xFi Pod [Wi-Fi extender] included if recommended. Now, another benefit of xFi Complete is faster upload speeds."

Comcast is deploying the speed upgrade in the Northeast US over the next couple of months. Plans with 10Mbps upload speeds will get up to 100Mbps upload speeds once the new tiers roll out in your region -- if you pay for xFi Complete. Comcast told Ars that faster upload speeds will come to customer-owned modems "later next year" but did not provide a more specific timeline. There is a cheaper way to get the same xFi Gateway with Wi-Fi 6E, as Comcast offers the option to rent that piece of hardware for $14 a month. But Comcast is only making the upload boost available to those who subscribe to the pricier xFi Complete service. While the standard monthly rate for xFi Complete is $25, new customers who sign up by December 31 can get it for $20 monthly during the first year of service.

We asked Comcast today if there's any technical reason it can't deliver the higher upload speeds on customer-owned equipment. A company spokesperson responded that Comcast is working on bringing faster uploads to non-Comcast modems. "We intend to extend the experience to customer-owned modems later next year and are working through the technical requirements as we learn," Comcast said. "We started offering it with our own equipment first and now are working through how to extend to customer-owned equipment." Comcast also said that giving the upload boost to xFi Complete customers first follows its "typical validate, test, and certification process for a new network innovation." But if the reasons for limiting the upload boost to Comcast hardware initially are purely technical instead of revenue-based, it's not clear why people who rent the gateway for $14 a month shouldn't get the same benefit.

"Google is giving Apple a taste of its own medicine," reports Business Insider, arguing that the latest update to Android's messaging app "is going to make texting between iPhone and Androids even more annoying than it already is." [Alternate URL] The updates are great if you're an Android user. Google Messages' new features include the ability to reply to individual messages, star them, and set reminders on texts. But these features and some other updates to Messages are RCS-enabled, meaning they're not going to be very compatible with SMS, which is the texting standard that iMessage switches to when messaging someone without an iPhone. iPhones exchange messages using iMessage, Apple's proprietary messaging system, but revert to SMS when texting an Android.

One feature that's part of Google's payback to Apple is that now, when Messages users react to an SMS text with an emoji, iPhone users will get a text saying the other person reacted to their text with a description of whatever emoji the person used. It's similar to when iMessage users react to an SMS text, with the recipient getting a "so and so loved" message instead of seeing the heart emoji reaction.... In August, Android launched a page on its website calling Apple out for refusing "to adopt modern texting standards when people with iPhones and Android phones text each other." The page has buttons that take users to Twitter to tweet at Apple to "stop breaking my texting experience. #GetTheMessage" with a link to Android's page urging Apple to "fix texting."

"We would much prefer that everybody adopts RCS which has the capability to support proper reactions," Jan Jedrzejowicz, Google Messages product manager, said in a briefing before the Messages updates were announced. "But in the event that's not possible or hasn't happened yet, this feels like the next best thing." Recently, Apple CEO Tim Cook said he doesn't get a lot of feedback from iPhone users that Apple needs to fix messaging between iPhones and Androids. Apple doesn't have much incentive to do so, either. In legal documents from a 2021 lawsuit between Epic Games and Apple, an Apple executive said "Moving iMessage to Android will hurt us more than help us."

Vice reports: Sure, you may be trying to cut down on screen time by tracking your minutes in an app on the very same smartphone you're trying to unplug from, but how about a smartphone that doesn't even have a screen to stare at in the first place? Enter MyManu's Titan screenless smartphone...

Titan is a set of eSim-enabled, voice controlled earbuds with embedded live voice translation.... So, what can you do with a "screenless smartphone, anyway? According to MyManu, you can make calls, send messages, listen to music or other streamed content, and even translate speech into over 30 languages using its built-in MyJune app — so basically, all of the "phone" parts of having a smartphone minus the hours of fucking around on apps, games, and social media.
Its web site promises the phone allows you to:

• Interact without constant screen glare
• Get better sleep, reduce eyestrain and headaches
• Reduce anxiety
• Avoid nasty bacteria or viruses [from constantly touching your screen]

The downside?

There's no screen....

"Everyone visiting Qatar for the World Cup needs to install spyware on their phone," writes security researcher Bruce Schneier. His comments are in response to an article from the Norwegian Broadcasting Corporation (NRK), reporting: Everyone traveling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar. In particular, the covid-19 app Ehteraz asks for access to several rights on your mobile., like access to read, delete or change all content on the phone, as well as access to connect to WiFi and Bluetooth, override other apps and prevent the phone from switching off to sleep mode.

The Ehteraz app, which everyone over 18 coming to Qatar must download, also gets a number of other accesses such as an overview of your exact location, the ability to make direct calls via your phone and the ability to disable your screen lock. The Hayya app does not ask for as much, but also has a number of critical aspects. Among other things, the app asks for access to share your personal information with almost no restrictions. In addition, the Hayya app provides access to determine the phone's exact location, prevent the device from going into sleep mode, and view the phone's network connections. It remains to be seen whether Qatar will strictly enforce the installation of these apps. "I know people who visited Saudi Arabia when that country had a similarly sketchy app requirement," says Schneier. "Some of them just didn't bother downloading the apps, and were never asked about it at the border."

Following increased U.S. export controls against working with Chinese companies, Apple has halted plans to use YMTC chips in the iPhone. AppleInsider reports: According to Nikkei Asia, YMTC flash memory is at least 20% cheaper than that of rivals, and the company's 128-layer 3D NAND chips are the most advanced by a Chinese company. They remain reportedly one or two generations behind the chips made by Micron and Samsung, both of which are known to be working with Apple. Nikkei Asia claims that Apple had completed is months-long testing and verification. Political pressure and criticism from US policymakers made it abandon the plan.

"The products have been verified, but they did not go into the production lines when mass production of the new iPhone began," an unspecified source told Nikkei Asia. Reportedly, the intention had been to initially use YMTC chips only for iPhones being sold in China. Another unnamed source, though, claimed that Apple was considering ultimately buying 40% of all its worldwide iPhone NAND flash memory from the company. "YMTC is government-subsidized so they can really outprice competitors," said another source.

AmiMoJo shares a report from MacRumors: iOS 16 continues to leak data outside an active VPN tunnel, even when Lockdown mode is enabled, security researchers have discovered. Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry explained that iOS 16's approach to VPN traffic is the same whether Lockdown mode is enabled or not. The news is significant since iOS has a persistent, unresolved issue with leaking data outside an active VPN tunnel.

According to a report from privacy company Proton, an iOS VPN bypass vulnerability had been identified in iOS 13.3.1, which persisted through three subsequent updates. Apple indicated it would add Kill Switch functionality in a future software update that would allow developers to block all existing connections if a VPN tunnel is lost, but this functionality does not appear to prevent data leaks as of iOS 15 and iOS 16. Mysk and Bakry have now discovered that iOS 16 communicates with select Apple services outside an active VPN tunnel and leaks DNS requests without the user's knowledge.

Mysk and Bakry also investigated whether iOS 16's Lockdown mode takes the necessary steps to fix this issue and funnel all traffic through a VPN when one is enabled, and it appears that the exact same issue persists whether Lockdown mode is enabled or not, particularly with push notifications. This means that the minority of users who are vulnerable to a cyberattack and need to enable Lockdown mode are equally at risk of data leaks outside their active VPN tunnel. [...] Due to the fact that iOS 16 leaks data outside the VPN tunnel even where Lockdown mode is enabled, internet service providers, governments, and other organizations may be able to identify users who have a large amount of traffic, potentially highlighting influential individuals. It is possible that Apple does not want a potentially malicious VPN app to collect some kinds of traffic, but seeing as ISPs and governments are then able to do this, even if that is what the user is specifically trying to avoid, it seems likely that this is part of the same VPN problem that affects iOS 16 as a whole.

Apple AirTags "are allowed on Lufthansa flights," Lufthansa announced this week — the opposite of their position last Sunday, remembers SFGate: The airline insisted the tech was "dangerous" and referred to International Civil Aviation Organization guidelines (set by the United Nations's specialized agency that recommends air transport policy) stipulating that baggage trackers are subject to the dangerous goods regulations. ["Furthermore, due to their transmission function, the trackers must be deactivated during the flight if they are in checked baggage," Lufthansa added on Twitter, "and cannot be used as a result"]
Ars Technica reports on the public relations debacle that then ensued: Outcry, close reading of the relevant sections (part 2, section C) of ICAO guidelines, and accusations of ulterior motives immediately followed. AppleInsider noted that the regulations are meant for lithium-ion batteries that could be accidentally activated; AirTag batteries are not lithium-ion, are encased, and are commonly used in watches, which have not been banned by any airline. The site also spoke with "multiple international aviation experts" who saw no such ban in ICAO regulations. One expert told the site the ban was "a way to stop Lufthansa from being embarrassed by lost luggage...."

Numerous people pointed out that Lufthansa, in its online World Shop, sells Apple AirTags. One Ars staffer noted that Lufthansa had previously dabbled in selling a smart luggage tag, one that specifically used RFID and BLE to program an e-ink display with flight information. On Tuesday, Apple told numerous publications that it, too, disagreed with Lufthansa's interpretation. It went unsaid but was strongly implied that a company that is often the world's largest by revenue would take something like air travel regulations into consideration when designing portable find-your-object devices....

Representatives from the Federal Aviation Administration and Transportation Security Administration said early this week that Bluetooth-based trackers were allowed in checked luggage. The European Union Aviation Safety Agency said its regulations could "not in itself ban or allow" trackers, but airlines could determine their own guidelines.

On Wednesday, Lufthansa walked back the policy under the cover of "The German Aviation Authorities (Luftfahrtbundesamt)," which the airline said in a tweet "shared our risk assessment, that tracking devices with very low battery and transmission power in checked luggage do not pose a safety risk." This would seem to imply either that Lufthansa was acting on that authority's ruling without having previously mentioned it, or that Lufthansa had acted on its own and has now found an outside actor to approve their undoing.