Free games

• Twitch

  • Silence: The Whispered World 2

    • 2016
    • Point and click adventure game that won awards for its visuals and sound design, following a young girl lost in the magical realm between life and death, and her brother trying to bring her home

• Epic Games

  • Civilization VI

    • 2016
    • Turn-based 4X (Explore, Expand, Exploit, Exterminate) strategy game in the Sid Meier’s Civilization series, where you develop a civilization from an early settlement through millennia to become a world power and achieve military domination, technological superiority, or cultural influence against human or computer-controlled opponents

Apple software updates

• watchOS 6.2.5 has brought ECG functionality to Saudi Arabia, as well some new Pride watch faces to go with Apple’s new Pride-themed watchbands
• iOS 13.5 has brought the ability to share your medical ID information during an emergency call, security fixes for Mail, mask-detection for FaceID so the password prompt appears more quickly, and most important the exposure notification API
  • Exposure notification settings are available under Settings, Privacy, Health once your region has been set up, including options to enable/disable it on demand, a list of active tracing apps on your phone, records of all requests to check your exposure log, and the ability to delete your exposure log altogether
  • Apple’s reported that several US States and 22 countries around the world have requested and received access to date, with more expected to join in the coming weeks
  • Now that this is available to the public I’m looking forward to contact tracing apps that handle privacy and device performance well, alongside giving people more tools to see if they may have been exposed to COVID-19
  • In the ABTraceTogether’s FAQ for the Alberta-based contact tracing app they mention updating once the API is released, so as soon as I see that I’ll definitely be installing it

The latest battle in iPhone encryption is already here, hidden behind NDA’s for the last year

• Among more news of the FBI claiming Apple is willfully not decrypting the phones of suspected criminals and accusing them of aiding terrorists, and Apple replying that they seriously can’t decrypt those devices because they’re secure by design but they provided literally everything they have access to, we’re hearing more talk of the secret hacking tools that government agencies and law enforcement are spending tens of thousands of dollars on. Each.
• Grayshift, the company behind the GrayKey iPhone brute-force cracking device we’ve talked about more than a few times over the years, apparently has an additional tool for passcodes that are too long to crack
  • Four to six digit pins can be cracked in less than a day, but adding the alphabet and increasing length can easily stretch that time to years
• It’s a piece of software called Hide UI, and it’s basically spyware that the GrayKey box can install on devices to record passcodes as they are entered into the device
  • The idea is that basically law enforcement can try to crack the phone, then instead install the Hide UI spyware and give the phone back under the pretence of allowing a phonecall or other access to the data on the phone.
  • Then, even if the phone is locked again, the passcode will have been stored in a file that can be extracted the next time it’s plugged back in to the GrayKey device
    • According to a screenshot posted online, the GrayKey even snapshots the phone’s file system to prevent the deletion of any data, disables Airplane mode, and blocks attempts to wipe the phone
    • So now not only do we need to have long, alphanumeric passcodes for any semblance of security, but if your phone has been in the hand of law enforcement you can’t trust it enough to use it
• One of the biggest problems with this is it’s another tool used by law enforcement, which needs to be accountable to the public in a democratic society
  • So far though GrayKey has been mentioned in court documents we haven’t seen any search warrants outlining the capabilities of Hide UI, and if it’s been in use that could be a problem when it comes to our rights and freedoms
  • Some civil liberties groups including the ACLU are concerned that, rather than disclose how the tech works and subjecting it to public scrutiny, prosecutors may be dropping cases when it comes up.
    • This previously happened with the use of stingray devices, which spoof a cell phone tower to intercept nearby phonecalls and text messages
• And even though law enforcement sources say a warrant is required, it’s not clear whether the prosecutor or judge are aware of subterfuge and malware involved. It feels like this is moving from the territory of a search warrant and into surveillance or wire tapping
• On top of all that, because Grayshift is using these NDA’s to prevent law enforcement from being transparent, defence attorneys may not get the same access to exculpatory data
  • One NDA from 2018 requires law enforcement to notify Grayshift if details of the tech are likely to be disclosed through something like a subpoena or court order, so that Grayshift has the opportunity to “obtain a protective order or otherwise oppose the disclosure”, so we officially have a company that could interfere with the courts and due process because they don’t want people to find out about the hacking tools they’re selling

id Software caught a lot of flak this week for the May 14th update of Doom Eternal, which added in anti-cheat software with dangerous implications

• Separate from the Denuvo Anti-Tamper software, which is built to make it harder for pirates to crack the software through reverse-engineering, the new piece is Denuvo Anti-Cheat
  • DAC is a PC-only piece added to Doom for its multiplayer game modes, to ensure everyone’s on an even playing field, but the way it was added after the fact even for players not going in to multiplayer has many up in arms
• The big problems with DAC?
  • It completely ruined Linux compatibility
  • It seems to have been causing blue-screen errors, performance degradation, as well as issues launching the game at all
  • It can be updated silently in the background, giving it even more access and control
  • And, because of the level of access it is set up with, it can collect information on everything your computer is doing and transmit/affect it however it pleases
    • Any security vulnerabilities found in DAC would immediately affect everyone with Doom Eternal installed, whether they wanted DAC or not
• Things got so bad so quickly that, after a campaign of review-bombing on Steam, id has already announced plans to remove DAC in the next patch
  • They’re saying that, at the very minimum, they will consider giving campaign-only players a way to avoid anti-cheat software altogether while also re-evaluating what they use to prevent cheating in multiplayer
  • They’ve also stated that the performance issues are unrelated, and that other fixes are coming in the patch to address them, but with the way they worded it (“It’s also worth noting that our decision to remove the anti-cheat software is not based on the quality of the Denuvo Anti-Cheat solution.”) it almost seems like they’re trying to avoid a liability/defamation problem with Denuvo
• Either way, anyone playing Doom Eternal on PC may want to uninstall the game while we wait for the next patch. Or at the very least, check your Uninstall Programs app on Windows and remove Denuvo Anti-Cheat and Denuvo Anti-Cheat Updater

Users of the popular email app Edison Mail had a major privacy breach this week, with many reporting that they suddenly had access to other peoples’ email accounts

• A new sync feature was recently rolled out to allow connected email accounts to show up across all your devices, but there are a lot of reports from users on sites like Twitter saying that they now had full access to complete strangers’ email accounts
  • They could also see in their settings that other peoples’ devices had access to their accounts as well
• Edison has been replying to users saying they’re “urgently working to resolve this technical problem” and that they’ve reverted the change that introduced the problem for a “small percent of our users”
  • A followup blog post says that it exclusively affected iOS users, totalling about 6,500 accounts, and was fixed 30 hours after first being reported
  • They’re also saying that your credentials weren’t exposed, but that you should change your password just in case
• Either way, this will likely lead many to reconsider using Edison Mail going forward

The BBC has launched a new online service to let users watch or listen to programs, podcasts, and radio together remotely

• BBC Together is available now on Taster, the BBC’s experimental platform, and can be accessed with any web browser.
• Once one user finds a link to something they want to watch with others, from iPlayer, Sounds, Bitesize, News, or Sports, and pastes it into BBC Together it creates a new group session with a link that can be sent to friends and family
• Each session can be watched by up to 50 people, with the host able to control the content or choose something new to watch
• Overall it seems pretty similar to Netflix Party, the Chrome extension that lets you watch Netflix shows simultaneously online, and it couldn’t have come at a better time

Dumb news item of the week- The US Department of Homeland Security has had to issue alerts to wireless telecom providers and law enforcement agencies about potential attacks on cell towers and telecom workers

• Apparently coronavirus conspiracy theorists have decided that COVID-19 can be spread by the new 5G cellular frequency (it can’t), and that has led to dozens of cell tower burnings in the UK and mainland Europe

Overwatch Anniversary

• May 19 to June 9th

  • Log in for a free Legendary Lootbox!

• Each day features a seasonal brawl

  • It runs through this list, one a day and repeats when it ends:
  • Lucioball
  • Junkenstein’s Revenge
  • Mai’s Snowball Offensive
  • Yeti Hunter
  • Capture the Flag
  • Uprising
  • Retribution
  • Storm Rising
  • Archive Challenges
    • The harder effects added to Uprising, Retribution and Storm Rising
• During the anniversary you are able to use your in game currency and purchase any cosmetic from events that you may have missed

• This event brings 5 new legendary skins

  • Dragoon Mercy

    • Mercy’s armour is styles like a green dragon

  • Huitzilopotchli Zenyatta

    • Pronounced Weetsee-low-potched-li (Josh’s pronunciation breakdown)
    • Huitzilopotchli is a the Mesoamerican deity of war, sun, human sacrifice and the patron of the city of Tenochtitlan. (Ten-o-cheetch-lon) Which is now in Mexico City.
    • His body looks like ancient Aztec stone, has a statuesque face, some omnic flare for joints and lighting, and he is wearing a ceremonial headdress and skirt

  • Little Red Ashe

    • Ashe is dressed like an armed Little Red Riding Hood
    • And Bob is the bag bad wolf, dressed like granny

  • Masquerade Reaper

    • It is very similar to the masquerade outfit in the comic, big exceptions are:
      • the lack of fluffy collar
      • his mask is not a full skull, but a gold masquerade mask with a top jaw of a skull
      • and unlike the comic, he has a full cape
      • and his shotguns are styled like handcannons with writing on the bottom
        • “Beneath your dancing feet are the tombs of tortured men!”
        • Which is a quote from The Phantom of the Opera

  • Submarine Wrecking Ball

    • The mech is nautical themed like an old diving suit
    • Hammond has a captains outfit and a big moustache

• And again, they are giving away Epic skins with a player icon and spray with 9 wins in Quick Play, Competitive Play, or the Arcade

  • Week 1

    • May 19th to 26th
    • Carbon Fiber Sigma
    • His armour is black carbon fiber
    • With extra details and visor that are yellow hexagonal glass or hardlight

  • Week 2

    • May 26th to June 2nd
    • Fleur de Lis Widowmaker
    • Her clothing is purple and gold
    • Parts look somewhat like armour, like shoulders and boots

  • Week 3

    • June 2nd to June 9th
    • Masked Man McCree
    • A recolour of McCree making him a teal with white trim and white hat
    • His poncho reads Ranger
    • His belt buckle is HYSA
      • Given the Lone Ranger flair its probably “Hi-Yo Silver Away!”

Tidbits

• Chrome is taking aim at bad ads with new features to block advertisements that affect your computer’s performance through either bad or malicious code
  • The idea is that they’ll block ads that use more resources or network data than the other 99.9% of overall ads, to prevent things like surreptitious bitcoin mining
  • They’ll be experimenting with it over the next few months with an expected release by the end of August
• Spotify is continuing their slow but hostile takeover of the podcast ecosystem, with Joe Rogan hitting the service in September and going Spotify-exclusive this January
  • I understand that the money is attractive, but at the end of the day podcasting is supposed to be an open standard. Once you start limiting things to specific apps and services you’re going to lose people, especially if you go to a service with as much user tracking as Spotify
• Twitter has started testing new conversation options, letting people limit replies to their tweets to either everyone, people you follow, or only people you mention
  • It’s not a bad idea, but it will definitely increase the echo-chamber effect that Twitter already has issues with
• HTC is working on their new U Ear earbuds that, according to photos in regulatory documents, took some design cues from the original AirPods
  • And by “took some design cues”, I mean “they took AirPods and spray-painted them black”
• Facebook has acquired the GIF sharing website Giphy for $400M, and has announced plans to further integrate it into Instagram and other Facebook apps
  • This is really going to highlight which companies with Giphy integration care about your data- some, like Signal or Slack, will outright tell you how they protect your data and disassociate your information from the Giphy images you use, while others are going to be conspicuously silent
• Apple Stores have begun reopening in Canada and the US this week, with safety precautions like required face coverings, temperature checks and screening questions at the door, and limited occupancy of the stores
  • I’ll have a first-hand account of their new safety precautions after I take my computer in on Saturday