Tuesday, January 29, 2019

Responsible Corporations - My Privacy Does Matter

DATELINE - 1/29/2018

It is the morning after the big GROUP FACETIME bug and controversy blew up on the Internet. Here is the short timeline of events. Around 4 PM PST on 1/28, my favorite Apple News site (MACRUMORS) started posting some news pieces around a serious Group Facetime flaw found in the latest iOS update.

In a nutshell - by using the group facetime feature, calling someone, and adding yourself back into the meeting, starts an audio bridge connection whether or not the remote party accepts the call or not.   Steps to reproduce (now blocked by Apple):

  • Start standard FACETIME call with friend
  • while that call is ringing, add another person
  • choose yourself from the contacts
  • audio bridge should start when that 3rd person is added
Mainstream media picked up on it and started reporting on it.  By 11 PM, my local news on TV was broadcasting it.  So also last night, Apple disabled Group Facetime on their servers - thereby blocking this bug from running chaotically around the world.  

I went to bed secure in the fact that Apple really does care about me, the end-user, and my privacy.  That my hard earned money is well spent in this company.  They shout this from the roof tops in everything they do.  I just upgraded a Mac and one of the first things in Mojave is a notice about our privacy and that Apple cares.  It is plastered all over their website and marketing material: https://www.apple.com/privacy/ 

Why shouldn't I believe that they care? Right?

I then wake up this morning and find that my same trustworthy news site for everything Apple has posted a bunch of items from a user (non verified, but the posts are pre-dating the issue by 7 days - can't fake those) found here:

Apple (at some level) has known of this issue since 1/21/2019.  It only came to light and things changed after main-stream media picked up on it.  That is a cause for concern - greatly. 

This changes my views on Apple (once again) from champion of my privacy to a company protecting its self interests.  At some point in the past 7 days, that bug had to have been seen or known by someone at Apple, and at a minimum, either didn't reach up the chain of command to the right people, or at worst - was seen and quietly was trying to be dealt with on the backend with a patch before the rest of the community found out about it. 

Apple (and other companies) need to be champions for our privacy and rights.  They have made some incredible strides and wonderful technology, but at the end of the day, if the they don't have my back, there is no reason to have theirs.  Put people above the dollar.  There seem to be way more missteps lately than valuable things from these mega companies.   Time to step into the light and let people know that we have flaws and their security is exposed and that you would rather publicly declare the issue (after disabling the service) and ensure to us, your constituents, that you care about our privacy and our security while using your devices.

Stepping off my soap box now.