Insights For Success

Strategy, Innovation, Leadership and Security

Skimmer Scanner app for android

GeneralEdward KiledjianComment
Untitled.png

Real security requires vigilance, even for consumers. One issue we have been hearing a lot over the last couple of years is credit/debit card skimmers.

A skimmer is a cheap hardware device that blends into the credit/debit card processing machine of a retailer. When processing your transaction, the skimmer copies your card information and somehow makes it available to the "bad" guys.

An open-source Android app, called Skimmer Scanner, is promising to help consumers win this battle. The company behind this project, SparkFun, explains why thieves love gas stations. The skimmer equipment costs $10 or less and the master key to open a gas pump is typically easy to get (since there are only a small number of variations). After a couple of days or weeks, the thieves drive by the modified pump and wireless dump all of the credit/debit card information via Bluetooth.

It is this feature that the app leverages to find these skimmers. It looks for a particular kind of Bluetooth signal, attempts to connect to it and thus verifies if there is a skimmer in the area. 

Believe it or not, thieves are lazy so most often they leave the default skimmer configuration on devices.

SparkFun has a great blog post talking about gas station skimmers you'll enjoy reading.

I will be trying this our at local retailers. Download Skimmer Scanner yourself from the Google Play store here

What you need to know about the new Apple Watch Series 3

GeneralEdward KiledjianComment
Awatch1.png

The biggest change to Apple's smart watch lineup is the addition of LTE connectivity (a $70 option over the non-LTE Series 3). This new Dick Tracy style watch will allow you to make phone calls (with your same number), send and receive messages, use internet connected apps and stream music from Apple Music. 

The new OS, which will work on all devices, brings improved exercise and heart tracking, Siri finally can speak back to you. 

The heart rate functionality is dramatically improved tracking your heart-rate pre-working (resting), during and post-workout. It will show how your heart health is improving over time ( faster recovery, better resting heart rate, etc.).

They have also created a new standard that will allow your watch to talk to new types of gym equipment. This means your watch will be able to log gym equipment data (speed, incline, etc.).

The Series 3 Apple watch has the same dimensions as the existing Series 2, and they promise similar battery life. You will be able to pre-order the new watch this Friday (September 15). 

We'll have to wait and see what carriers charge to add this new device to your smartphone plan. Hopefully, it won't be $10 a month.

What you need to know about the iPhoneX

GeneralEdward KiledjianComment
iphoneX1.png

Over the coming weeks and months, the media will overwhelm you with review and editorials about the new iPhoneX. Of all the products Apple announced this week, the iPhoneX was the most radical in design. 

They have eschewed the home button and most of the bezels. This newfound space has allowed them to cram a beautiful 5.8" Super Retina OLED screen (458 pixels per inch) in a device that is smaller and easier to hold than an iPhone 7Plus or iPhone 8Plus.

All of the functions requiring a home button are replaced with swipe motions. Swipe up from the bottom, and you get the home screen or app-switcher (full swipe or half swipe respectively). 
A side button (right-hand side) can be used to invoke Siri. 

The removal of the home button also means Apple had to remove the TouchID authentication sensor. The beloved TouchID has been replaced with FaceID. It promises more secure authentication.

iphoneX2.png

TouchID had a false positive rate of 1 in 50,000. Apple claims FaceID has a false positive rate of 1 in 1,000,000 (regardless of you wearing glasses, changing your hair, growing a beard, etc). All the processing is done on the device (not sent to the cloud).

During the demo, FaceID failed. We don't know why but I am sure Apple will workout most of the kinks before it is released early November. 

We can't make any recommendations until we have a chance to test the device in the real world, but many have already started asking if the extra $300 (going from the iPhone 8 to the iPhoneX) is worth it. 

Had the iPhoneX been endowed with a dramatically superior camera system (compared to the iPhone 8 Plus), I would have jumped on it, but now I'm not sure. Yes the built in cameras do have optical image stabilization and the telephoto lens is slightly brighter but that doesn't justify the difference in my view. 

Using the FaceID sensors, Apple will map your face and allow you to apply the new lighting filters (even with the front facing selfie camera). Additionally it will create a detailed face-map allowing filter apps to create more realistic and properly aligned designs (think Instagram filters). They will also use this feature to create animated emojis called animoji. 

iphoneX3.png

Conclusion

Pre orders start on October 27 and deliveries will start a week later.

The truth is, the iPhoneX is a glimpse of the future. My guess is that we will see one more generation of traditional looking phones with a home button, then everything will switch to the all screen design. 

The iPhoneX is an opportunity for Apple to figure out how to mass produce all the sensors affordably, in preparation for an eventual launch in all of its products (including iPad). 

Comparing Google Chrome and Mozilla Firefox

GeneralEdward KiledjianComment
Image by Iván Rivera used under Creative Commons License

Image by Iván Rivera used under Creative Commons License

Chrome has been the browser king for many years and many users can't remember a time where Firefox was "the browser".  Chrome overtook Firefox and Internet Explorer(according to StatCounter) in November 2011.

Statcounter browser marketshare

Statcounter browser marketshare

But recently a group of highly technical security experts seem to have moved back to Firefox. Why have technically knowledgeable users left Chrome for Firefox?

Battery life

Users are increasingly choosing mobile devices (laptops and convertibles) instead of traditional always-plugged-in personal computers. This means battery life is important. In a 2016 battery shootout, Microsoft aggregated billions of data points from real world Windows 10 users and found that Microsoft Edge and Firefox were much gentler with battery consumption.

Image owned by Microsoft Corporation

Image owned by Microsoft Corporation

These numbers are from actual Windows 10 (version 1511) use “in the wild,” not artificial tests or hypotheses.
— Microsoft blog

Privacy

Everyone using Google products should know that the sultan of search is monitoring everything you do on the web, on its search page and in its browser. If you have never visited the Google Dashboard, you really should. It will show you all of the information El Goog has collected about you. Remember that it then uses this data to build a profile about you and we all know how powerful these predictive models can be :

Unlike many unscrupulous sites that track you without your knowledge, Google is a model citizen and clearly, let's users know what it is collecting and why. Most users are willing to trade their behavioural information in exchange for free google services (e.g. Photos, search, Gmail, etc).  I think this trade is perfectly acceptable as long as the user understand what he/she is giving up in exchange for these free services.

Some people believe Google knows too much and where possible, try to use no-Google alternatives (DuckDuck Go for search, ProtonMail for email, SpiderOak One for online storage, etc).

Open Source means anyone (with the right skills) can audit the code and make sure nothing nefarious has been secretly inserted.

The fact Mozilla is not trying to become this massive financial behemoth is a comforting reality.

Browser security

To be clear, Chrome is an excellent browser and has slightly better security than Firefox but on the privacy front, Firefox wins.

There is an annual security competition called Pwn2Own and the 2017 browser compromise competition presented some interesting findings.

The Microsoft Edge browser proved to the least secure browser, having been compromized5 times. Then came Safari on Mac which was compromised 3.5 times (a half point was awarded because they had fixed one of the attacks in a beta build).  Then came Firefox with 1 compromise and Google Chrome had none.

Firefox is certainly a relatively secure browser with a healthy bug bounty program but Chrome is just 1 step ahead.  If you want the most secure browser and are willing to give up privacy, choose Chrome. If you want good enough security with much better privacy, pick Firefox.

Tab handling

There is no perfect browser.

Google's Chrome browser is the king of standards compliance. It is very secure since it has strict sandboxing. Each browser tab creates a new browser thread in the OS, which means a crashed tab doesn't crash the entire browser. These "features" consume a substantial amount of RAM. If you are one of those users that live in your browser and regularly has 20-50 tabs open, you probably live the sluggishness daily.

Firefox is "as fast" as Chrome but much more configurable. It consumes less RAM per open tab thus is often a better solution for users that live the multi-tab life. The flip side is that a bad tab can crash the entire browser but this is very rare.

Extensions

Chrome is the king of extensions. Just browse the Google Chrome store and be amazed at everything your browser can do.

In many cases, your most used extensions will be natively available either platform. As an example, Lastpass and UBlock Origin are natively available for Chrome and Firefox. You can also install the Chrome Store Foxified add-on which will allow you to install Chrome extensions from the Chrome store into Firefox.

In this example, I picked the Google Keep extension. When you visit the Chrome Store with the Google Chrome browser, you see this window to install the extension:

When you visit the same page with Firefox and the Chrome Store Foxified add-on, you see this window and the ADD TO CHROME is replaced with ADD TO FIREFOX

I have tested this functionality with a dozen extensions (HTTPS Everywhere, Ublock Origin Extra, Grammarly, etc) and all of them work perfectly as if they were running in Chrome. Before people start sending me hate mail, I know these have Firefox native versions but I wanted to test the Chrome extension functionality in Firefox.

Interface design

Both Chrome and Firefox have adopted a clean, minimalist approach. From the interface perspective, neither one really pulls out ahead as a leader.

Verdict

When there is competition, the consumer wins. This is true in the browser market. The extreme competition between Chrome and Firefox means both products have improved over the last 12 months. 

Both browsers are relatively secure. The main difference boils down to privacy and tab handling. If you are someone that always keeps several dozen tabs open, then you may find Firefox more responsive and less likely to bog down your computer. Additionally, Firefox is a much better choice for consumers looking for more privacy.

Ultimately I think most users will end up with both browsers on their devices and use different browsers for different purposes. Recently I have started to move more of my day to day browsing back to Firefox and am satisfied. I want to encourage diversity and even chose to donate to Mozilla. Encourage not-for-profit groups powering open source software is an important step in maintaining a healthy diverse and competitive computing environment. I also donate to Tor, Ubuntu, Wikipedia and Whonix.

Bypass Google's AMP with DeAMPify for Android

GeneralEdward KiledjianComment
deamp1.png

A handful of readers asked me to review the DeAmpify Android app and talk about it on my blog. So for those readers, here is my opinion.


Google introduced AMP in 2015 (Accelerated Mobile Pages) with the hope of speeding up the mobile web by degunking all of the junk publishers were adding to their web pages (tracking, advertising, etc.)

The CBC web page I am using for this article connects to 16 separate domains (to load content) and has eight different trackers. Obviously, this clogs up the page and makes it slower to load and less responsive.

Journalists and privacy advocates have been criticizing AMP because they claim it is another Google attempt to control content by encouraging publishers to use the search giant's AMP caching servers. Additionally, Google chooses what tags will be allowed for AMP markup on web pages. 

For those with modern high-end smartphones connected to super fast LTE networks, the difference is minor. But if you are on a mid-level phone or a slower connection, an AMP page could load in half the time. 

A crafty developer (Joao Dias) created an Android app called Deampify whose sole purpose in life is to convert AMP links back to "normal" web ones. The app is free with a small in app purchase option to unlock pro features:

  • Disable Ads
  • Ability to add exceptions so that some websites still show the AMP versions
  • Tasker integration so that you can load original pages when you’re on Wifi but load the faster AMP pages when you’re on 4G/3G for example. 

DeAMPify demonstration video

Important considerations

DeAMPify doesn’t work if you click on an AMP link inside of Chrome

Since a link clicked in Chrome does not kick off the Android intent process, you cannot redirect it to DeAMPify and this the app cannot perform its magic. The app works in any non-Chrome app (messenger, hangouts, the Google Search app, etc).

How does DeAMPify work?

When you click on an AMP enabled page, the app searches the HTML code for the original web page URL and then passes this to the browser. So in effect, it is pre-downloading the entire web page anyway.

Conclusion

So is this useful and do I recommend it? No! I tried to find a reason to like this app but I couldn't. I don't have a technical or moral issue with AMP so there is no reason for me to go out of my way to bypass it. 

Additionally, it is pre-downloading the web page to find the non-AMP URL so I am not saving bandwidth and may actually be slowing down my browsing experience. 

I'm glad the app exists in case someone does want it but it's going to be useless for most Android owners. The only reason someone would probably consider this is if they have a moral issue with Google playing manager of the AMP technology and wants to "stick it" to the man.  To me it feels like stabbing yourself to teach someone else a lesson.