The University of Massachusetts Amherst
Categories
Operating System

Mobile App Privacy: How much are we really sharing?

privacy-lock

When you install apps on your phone they gain access to a lot of your personal information stored on your phone. If you examine each step of app installation nowadays even very simple apps will be requesting access to nearly everything on your phone from contact lists to phone logs to GPS location data. A recent study conducted by researchers at Carnegie Mellon showed just how much of this data is being requested and how most people will limit access when confronted with the sheer volume of these requests.

The research was done on Android phones (but the same issues apply to iOS devices) using an app called App Ops (this app requires your phone to be rooted, which is a complicated process for those not familiar with phone modding) that allows you to control the individual permissions that are granted to individual apps. When first given the ability to control permissions on average the participants in the study restricted 262 permissions across 72 apps. Later in the study however, the participants were given notifications of “privacy nudges” that let them know whenever an app was requesting private data from them. Even after the first round of limiting access, the results were astounding. One participant had their location requested by apps 5,398 times in the course of just two weeks.

Since the study was finished, Google has actually removed the ability to control app permissions individually without modding your phone. While Android has generally been more open to user control and modification, iOS now has the better privacy manager by far, with actual user control available from the start. The best option for either system however is to just avoid installing apps that are serious privacy offenders. The website privacygrade.org ranks apps based on how much unnecessary data they reque31st from your phone and by which ad networks they sell that data too. Oftentimes developers have to sell this data in order to keep their apps cheap or free, but it should be up to you how much you’re willing to sacrifice for that free app.

Categories
Operating System

Windows 10 newest build

It’s been a few months since my last post about the Windows 10 announcement, and Microsoft released build 10041 (FBL_impressive) last week, so it’s about time to take another look.

In some general news, Microsoft announced that windows 10 will be a free upgrade for current Windows 7 and Windows 8 users for the first year.  This is pretty good news, except that there is no word about what happens after that first year.  Since Microsoft is giving so many things for free now, some people are speculating that Microsoft will charge yearly for updates, which is a major departure from their current “buy it once” scheme.  As someone who absolutely loathes subscription charges, this would be a massive deal breaker, so I hope that it’s nothing more than speculation.

Here are a couple pictures of my experience with the latest build.

Basics & Start Menu

win10 start
The Windows 10 Desktop

The start menu has a very nice sliding animation and I think it does a good job of mixing elements of the traditional Windows 7-style menu and Windows 8 live tiles.  If you’ve grown partial to the full screen start screen, pressing the arrow in the top right corner causes the start menu to use the whole screen.

Cortana

win10 search

The first thing I noticed was the giant search bar next to the start button.  Meet Cortana, the Microsoft equivalent of Siri.  Click the little mic button, and ask her a question. She can open programs, perform searches (only with Bing, though), and banter around.  I asked “What’s up?”, to which she responded “4 out of 5 five-year-olds agree, the sky!”  When asked “should I wear a raincoat tomorrow”, Cortana responded “It’s hard to say for sure Joe, Here’s the forecast” and displayed the following:

win10 cortana weather
“Should I wear a raincoat tomorrow?”

It’s still pretty early and there’s a lot of work to do.  Asking to “open paint” opens up a bing search of literally “open paint” and asking “What’s the weather going to be like tomorrow” just crashes the program.  But it’s a pretty promising feature, and I’m looking forward to what it will become.

Multiple Desktops

Microsoft has refined their virtual desktops, adding a the key command “ctrl + win + arrow” to switch between desktops.  “win+tab” brings up the screen below showing all the windows open on the current desktop.  Dragging the window to a different desktop on the bottom moves the window to the other desktop.  The biggest problem is there is no key command to move a window to a new desktop without the win+tab screen.  This feature has developed quite nicely since the first build, so I’m pretty optimistic about what it will become.

Win + Tab key command brings this up.  I quite like it
Win + Tab key command brings this up. I quite like it

Other Comments

Beyond the obvious, Microsoft has made some other visual changes.  There are a number of pretty classy new animations for opening windows and switching between maximized and minimized modes.  Open windows no longer have borders which is a strange departure from previous versions, but it does not affect being able to resize the windows.  Finally, the window titles are justified to the left like the old days instead of being centered like Windows 8.

Microsoft has announced a new browser called “Spartan” to replace Internet Explorer.  Beyond the announcement, not much is known about the new browser, and it doesn’t show up in the current build.

There’s also a notification panel now, so the little message bubbles show up here now instead.  Also, while the Control Panel still exists, Microsoft defaults to the “Settings” app, which, unlike the Windows 8 version, is actually pretty useful.

win10 snap
Dragging windows to the side now not only splits the screen, but gives you the options for what goes next to it

Pressing “win + (left/right) arrow” still snaps windows to the side, and now gives a list of options to put in the empty space.  Once a window is snapped to the side, pressing “win+ (down/up) arrow” snaps the window to the corner.  Window snapping is a little smarter than before, so if a window isn’t exactly half the screen area, snapping another window to the other side fills any remaining space

Windows 8 style Modern apps launch in a window, but pressing an arrow in the title bar makes it fill the screen.  My biggest gripe here though is that the program does not stay full screen when switching between desktops.  This severely detracts from the usefulness, in my opinion.

Final Thoughts

Windows 10 is shaping up quite nicely as the open beta continues on.  Periodically the OS asks for feedback about certain elements ranging from “is the transition between desktops smooth?” or “how helpful is the settings app”.  So far, Microsoft has been really good at listening to the feedback and making changes accordingly.  I am looking forward to see how the OS changes as we approach the late summer / early fall release date.

Categories
Hardware

Smartwatches!

Smartwatches are a type of wearables that is starting to rise in popularity. They have been around for a while with devices like the Samsung Gears and Sony Smartwatches but no one really bothered to buy one. In 2012, however, a kickstarter campaign called Pebble appeared which got people to start thinking more seriously about buying a smartwatch. More recently came the Android Wear devices starting off with the Samsung Gear Live, LG G Watch, and Moto 360, and now to be released is the Apple Watch. Throughout the release of these smartwatches, everyone has been looking forward to figuring out how a smartwatch should function. Here we’ll be looking at how each smartwatch works currently.

So far the features of a smartwatch include apps, changeable watch faces, and the ability to display notifications that are from your smartphone.

Pebble:

Pebble at $100 is currently the cheapest smartwatch on the market. Although it isn’t packed with fancy features such as a color touch screen or speakers, it does its job as a smartwatch. The focus of Pebble is the ability to see notifications on your phone from your wrist. Pebble even stores recent notifications so you can look back to them if you accidentally dismiss them. On top of that are a great variety of apps that can be used on the Pebble. Apps such as weather, calendar, controllers for apps or smartphones, games, and much more. Pebble works on both iPhones and Android devices. The Pebble can last up to 7 days on one charge making it the longest lasting smartwatch to date. Overall, it’s a simple smartwatch that isn’t packed with the fancy features of other smartwatches, but it definitely does its job and lives up to the “smart” part of being a smartwatch.

Pebble SmartwatchPebble Time is an upcoming watch featuring a new OS called Timeline. The new OS streamlines information by allowing users to scroll through information such as weather, news, etc. The Pebble Time also features a 64 color display without compromising the battery life and a microphone for dictating replies to messages

Android Wear:

Android Wear has recently emerged into the scene offering color touchscreen displays, integrated Google Now, and for some devices circular displays. Android Wear watches can go from $199 to $300 and works with most Android version 4.3 and up devices. Android Wear is the same Android that runs on Android devices but with a different UI to work like a watch. This enable apps that run on Android devices to potentially run on Android Wear devices. Even so there is a growing number of apps for Android Wear, one including a music player app that allows you to play music straight from the watch as long as its paired to a Bluetooth speaker or headset. Android Wear shows your notifications from your phone and can be easily dismissed on both devices with a swipe. It also can display various information through Google Now’s card system. Android Wear is fairly new and flexible so even if there currently isn’t much it can do, in the future it can adapt to be better.

Android Wear on Moto 360

Apple Watch:

Apple Watch is a new smartwatch from Apple. It is projected to cost $350 and comes in many different models that feature different material builds and design for both the case and band of the watch. Along with a touch screen, the Apple Watch has a button and digital crown (or dial) on the right side of the smartwatch. The Apple Watch connects to only iOS 8 and up devices or in other words, iPhone 5 and newer. The Apple Watch features notification with the ability to do quick replies or gestures to dismiss them, the ability to answer calls and talk using the watch, and, of course, Apps to work independently or collaboratively with your iPhone.

Apple Watch

Categories
Web

Getting Started With Your Webpage

Did you know that the University provides all students, faculty, and staff with their own webpage? This article explains the basics of how to access your personal webpage. If you have not yet read our previous article about Data Storage via FTP, I recommend doing so before you read this one over, as the same basic principles apply.

Please note that this will not cover HTML or use of Dreamweaver, just the steps to get access to your personal webpage.

First, you will need two resources to be able to access and update your website:

1) A File-Transfer-Protocol (FTP) application. In plain English this is a bridge that connects you with your webpage, allowing you to directly access it and change any files inside of the webpage as needed. Instructions on how to log in will be briefly explained here, but more detailed instructions can be found here under the section captioned ‘Using FTP with WinSCP and Filezilla’.

ITUS supports two types of FTP applications: WinSCP and Filezilla. You can obtain WinSCP here (Windows machines only!) and Filezilla here (select “Filezilla client”). If you are using a Mac, you can also connect using the built-in terminal, no downloads needed, but it is not very user-friendly and not recommended for users unfamiliar with a command line prompt. I personally prefer WinSCP and will continue instructions as if we were using WinSCP.

2) Web Authoring Software. This is technically optional, but I do not recommend anyone without experience in webpage design to create a website without one of these. ITUS supports a program called Dreamweaver. It costs money, but it is available on our Computer Classrooms if you don’t want to purchase the product.

Alright! You have your FTP application and your Web Authoring Software. For the next step, you’ll want to go to this URL: webadmin.oit.umass.edu . Once you log in, you will see your Web Space Management Tool:

Web Space Management Tool

This will show you how much space you have left in your webpage. If you receive an error when you try to upload more files in the future, please go to webadmin.oit.umass.edu and make sure your webpage is not full. You may now log out and no longer need to log into this page unless you want to check the space.

Now we are going to connect to your website using WinSCP. Please copy the screenshot below, replacing “netID” and “your password” with your IT Account netID and password.

WinSCPThen select “Login”.

Once you have successfully logged in, a new window will appear with two panels. On the left-hand side are files on your own personal computer. On the right-hand side you will see all the files in your website. If you wish to bring any files from your computer to the website, simply drag the desired file from the left panel to the right panel. If you would like to pull any files from the website, drag from right to left.

If you explore through the files in the right-hand panel, you will come across a file called index.html. This is the main page that will appear when someone goes to your website by typing in people.umass.edu/your-netID. If you double click it, it will open a text document with the appropriate HTML inside it and will look nothing like the real website. Or if you have never made any edits to your website, then there won’t be much content at all. This is normal.

In theory, one could build and make edits to their website by making direct edits to this index.html file. However, this is impractical and tedious. We can use a web authoring software (step 2 above) to make editing the website much easier and intuitive. Instructions on how to connect Dreamweaver to your website can be found here.

At this point you are set up and ready to start making edits to your UMass website. Congratulations!

 

Sources (by order of appearance):

Data Storage via FTP

http://winscp.net/eng/index.php

https://filezilla-project.org/

https://www.it.umass.edu/support/web-hosting/connect-oit-web-hosting-servers-ssh-terminal-macintosh

http://www.it.umass.edu/support/web-hosting/web-site-building-guide

http://www.it.umass.edu/support/web-hosting/site-definition-sftp-adobe-dreamweaver

Categories
Operating System Security Virus/Malware Windows

How to get rid of Superfish

Superfish
Superfish

As you may be aware, it was recently revealed that many Lenovo computers shipped between October 2014 and December 2014 were pre-loaded with a piece of AdWare called “Superfish.” In addition to being annoying, Superfish introduces a serious security hole in the way your computer uses HTTPS on the internet. It’s gotten bad enough that the Department of Homeland Security had to advise people to remove the software. Lenovo has since gone on full damage-control, and is no longer shipping computers with Superfish pre-installed. The following is everything you need to know about this piece of AdWare.

What is Superfish?

Superfish is your typical piece of AdWare. It runs in the background on your computer and when you go to a webpage Superfish injects pop-up ads in to the page you’re looking at. It does this on all pages, regardless of whether they use HTTPS.

Why is it bad?

First of all, no one likes ads. If you happen to be someone who does enjoy pop-up ads you may want to remove Superfish anyway, and here’s why: in order to make sure that it can show you ads even on encrypted secure webpages, Superfish has to break your computer’s encryption. It does this by installing its own “root certificate.” The way that HTTPS works is that each website needs a certificate to verify its identity. If you’re interested, Wikipedia explains the details behind HTTPS and certificates fairly well. These certificates must be signed by a trusted authority such as VeriSign or InCommon. Because Superfish installs its own certificate on your computer it can pretend to be one of these trusted authorities and thus it can pretend to be any website it wants. This is what is called a “man-in-the-middle attack.”
In addition to being annoying and malicious, this was also poorly done. Superfish installed all of its root certificates using the same password, which this man figured out in 3 hours. That means that if your computer has Superfish installed, you could be vulnerable to a phishing attack or anything similar since anyone can take Superfish’s certificate and pretend to be a website they aren’t.

How do I fix this?

First of all, let’s find out whether you have Superfish or not. A nice, white-hat citizen of the internet built this website to help you figure it out. If you do have Superfish installed, Lenovo was nice enough to put out a handy uninstall guide, along with a nice automatic tool. The steps are written for Windows 8, but they should be similar if you are on Windows 7. Here’s the synopsis:

1. First, open up Control Panel and go to “Uninstall a program.” Then find Superfish in the list, select it and hit “Uninstall”
2. Go to Window’s search function and look for “Manage Computer Certificates.” Go into Trusted Root Certification Authorities, and delete the Superfish cert.
3. Finally, Firefox and Thunderbird also need to have the certificate removed manually. See the Lenovo article for instructions on how to do this.

You’re done! Remember to keep all your software up to date, and always feel free to come to UMass IT for help with security or anything else you might need.