 Coming up on DTNS Zoom will make you pay for encryption, the meaning of Google Incognito, and CES 2021 will happen in person. Should we go? This is the Daily Tech News for Wednesday, June 3rd, 2020 in Los Angeles on Tom Merritt. And from Studio Redwood, I'm Sarah Lane. From Salt Lake City, I'm Scott Johnson. And I'm the show's producer, Roger Chang. We were just mourning the loss of my favorite pie shop restaurant to the pandemic and talking about pizza pie. All on Good Day Internet. Become a member and get all of that at patreon.com slash DTNS. Let's start with a few tech things you should know. Nine to five Mac obtained an early build of iOS 14, which includes a translator built into Safari that lets users translate any web page or automatically translate when other languages are detected. Translation is also being tested with other apps like the App Store app itself for descriptions. The translations happen locally, so no internet connection would be needed to be in use. Nine to five Mac also found full support for Apple Pencil input on websites. And iOS 14 will be introduced at WWDC on June 22nd. Ars Technica reports that photos are appearing on social media of Apple iPhones and iPads taken from Apple stores during looting this last week. The devices show a message that says this device has been disabled and is being tracked. Local authorities will be alerted. Apple is known to equip demo units with proximity detection and it's rarely been seen working in the wild though. So, yeah, those demo units ain't gonna work once you get them out of the store. Snapchat made the decision to stop promoting the president of the United States Snapchat account in the Discover tab. That's where Snapchat chooses to highlight posts from celebrities and influencers, et cetera. In a statement, Snap told the Verge the decision was made because the president's tweets promoted violence in Snap's opinion. The president's Snapchat posts will remain available in search and to those who follow the account directly. The Brave browser announced it had reached 15.4 million monthly active users in May. Daily active users reached 5.3 million. Brave offers private ads and reported more than 1,500 total ad campaigns with a 9% click-through rate. The industry average click-through is 2%, so doing okay. And the Chromium-based version of Microsoft's Edge browser, some people call it the new Edge, is now available through Windows Update. It will automatically be installed on Windows 10 version 18.03 and higher. You can still update it manually if you just wanna go in and get it or just wait for it to happen automatically over the next couple of weeks. All right, let's talk about that Zoom thing. I wanna apologize. My tease at the beginning of the show is a little click-baity. Zoom isn't making you pay for all encryption, just some. Explain, Scott. Well, I will. On Zoom's earnings call, CEO Eric Yan said, true end-to-end encryption will only roll out for paid users of Zoom, and everyone lost their minds. But let's talk more. Zoom previously described its services having an end-to-end encryption, though it actually provided transport encryption, which protects the calls, but leaves the possibility that Zoom could see the data if it wanted to. That kind of lesser encryption will remain on a free account. So if you have a free one, that's what you're gonna get, at least for now. On Zoom's earnings call, Yan said the stronger end-to-end encryption would not be provided for free or to free users. This is a quote. He says, free users, for sure, we don't want to give that because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose, unquote. Zoom advisor, Alex Stamos clarified that organizations on a free business plan, like schools, will also get end-to-end encryption. You know what I hate most about this is the idea that bad actors would only use a free version of Zoom. And so the company's like, hey, let's just make sure that, if somebody's doing something nefarious, then we'll catch them in the act. But everybody who wants to pay, you're good, real end-to-end encryption. Yeah, I mean, a lot of people take exception to like, hey, I'm a free user, it doesn't mean I'm a criminal, but the vice versa is true. Just because you're doing something bad doesn't mean you wouldn't pay to use it, but when you pay to use it, they can figure out who you are. If you want to be an anonymous user, you would have to stay on that free version because you wouldn't be tied to any payment accounts. So, you know, I mean, there's room to move in there. This is an example of people coming in at the end of a conversation and not realizing how the company got there. And I'm not saying that you should excuse that or not, but Zoom looked at this and said, it is perfectly legitimate for us to provide encryption that isn't entirely end-to-end. That's what Facebook Messenger does. That's what Apple sometimes does. That is what a lot of services do. WhatsApp doesn't signal, does it? Those are end-to-end encrypted. So you can choose to provide encryption that leaves the end points available to the service and still have good protection for your users. Zoom wanted to do better, especially because they had been telling people they had end-to-end encryption when they didn't really. We covered that a couple of months ago. So they decided, let's put an end-to-end. And I think if you're following Zoom's process, they're like, okay, let's put an end-to-end. But when it's end-to-end, we won't be able to get to some of the users and some of the bad uses do happen on the free account. Well, the free account users are used to it as it is now and they're not paying. So we'll just make it a service tier, which is if you're paying, then you get the extra protection. You're still protected as a free user, but you would be available to local law enforcement. So I guess, like I can see where that thought process goes and then it ends up with at the end, people just seeing them saying, hey, free users, you're about your criminals. And so we're not gonna give you the full end-to-end encryption. Well, you made a really good point in pre-show about, because that's kind of where my head was at. I'm like, well, this doesn't make any sense. Why are free people being, why would they be treated this way? This seems bad, but you had said, some of the stuff they've talked about is like, look, we wanna stop covert exchange of child pornography and other issues that might come up with their service. And if you're gonna say that, then you have to go into the details about what you mean by that. What are you going to do to help stop that? Part of that is you're gonna make stuff available to law enforcement. You're gonna work with the FBI or whatever. That was eye-opening to hear that end of it. I mean, the other side of that though, is generally when you catch people, you catch them based on metadata, not on actually tapping the content. Bart Bouchotte's did a great talk with Alison Sheridan about that on security bits on this week's NACILICAST. Just a quick talk about that concept of really end-to-end encryption doesn't cut out law enforcement. And that's the other thing I think that got a lot of security researchers upset here is that implication that somehow like, oh, but if we otherwise, we'd just be allowing criminals to run rampant. And there is a legitimate problem with child pornography particularly, but a few other misuses of Zoom out there that are legitimate concerns. Well, speaking of catching people or the implication of privacy, Google's incognito mode protects users from cookie settings and other data like history being saved locally. But it can't protect users from websites seeing information needed to display web pages, such as IP addresses. You're not really incognito after all. This information may be stored in the website you're visiting as part of Google's own analytics service. The company warns you when you open an incognito page that your data may still be visible to websites that you visit or your employer or your school or your ISP or all of the above. Some feel this is not clear enough and a class action lawsuit has been filed against Google in California, seeking $5 billion in damages for intentionally deceiving consumers. Yeah, so when you go to an incognito page, it's going to tell you those three things that Sarah just told you. Hey, we're keeping the tracking from happening on your end. Your browser is not gonna keep a cookie. That's what incognito is about. It's to say like, we won't store your search history, we won't store your URLs locally. They can't do anything about the other end except they can because they offer a service called Google Analytics, which does collect the data on the other end. But that's not what the Chrome team does. They're like, I don't know, that's a whole different department. We don't know what they do. We're just making incognito for Chrome users. And so I think that's what this hinges on is when they explain like, hey, we don't collect data here on the browser, but those people out there might, are they being clear that those people out there sometimes include websites that use a Google service to do the collecting on that end? Does that make sense? Yeah, and I think if you're going to, I think that totally makes sense, but I think it is on Google. If they're gonna have a way of using their browser, call it incognito and then define it as this is your private browsing experience where the tracking is not happening, where data is not being kept. This is the private window. Yeah. And did it tell us any and all possibilities where that isn't true or potentially is just a loophole difference of, hey, the servers might have something on it? You mean like on the Google Chrome help page that you can get by clicking through on the splash page that says, what incognito mode does, what incognito mode doesn't do? Yeah, I mean, the whole thing about, glass action lawsuit being like, I thought I was truly private, turns out I'm only partly private. I don't think Google is obfuscating this information. Yeah, I mean, it's a little bit more, I don't know, nuanced than maybe some people think, but I don't know that there is a lawsuit here. Yeah, the lawsuit is gonna hinge on this, when they, on the page that I was just saying, it says incognito mode doesn't prevent you from telling the website who you are. If you sign into any website in incognito mode, that site will know that you're the one browsing, it won't prevent your activity or location from being visible to the websites you visited, et cetera, et cetera. What it doesn't say is that when those websites are getting all this information that incognito mode doesn't protect, Google might be the analytics software that that website is using to collect it. And I think that's what the class is gonna say is, Google was saying they don't, but those people do, but Google also is those people sometimes because they're used by those people. Good grief. Speaking of Google, Google has pulled down the Remove China app from its Play Store in India. This is an app that detected other apps developed by Chinese firms. And if it detected an app that it knew was developed by a Chinese firm, it would delete them for you. There's a border skirmish going on between India and China right now in Kashmir. And so there's some anti-Chinese sentiment and this was playing upon that, saying, hey, get this app and get all those Chinese apps off of your phone. Google says this violates the Play Store's deceptive behavior policy, which prohibits encouraging users to remove or disable other third-party apps. The Remove China app had been downloaded more than five million times. It was one of the most popular apps in India. Well, being an iOS user, I cannot imagine having an app that would delete other apps, depending on who had submitted those apps and where they might have come from. I also get why a lot of people might have thought that this was super helpful, but yeah, it sounds messy. Let's say, oh, go ahead, Scott. No, I was just gonna say I prefer the method of, I love the idea, actually, of an app that says, hey, these five other apps on your phone right now are known for this and this and this. We recommend removal of these two and these other three. Yeah, or closer inspection. Yeah, I don't mind manually going and deleting something once I've been told about that. It's like using a website you use and then finding out it's not secure. You stop using that website. The browser didn't decide to never let you type it in the URL again. So I don't like that. Or at the very least, give me the option for warnings rather than an automatic removal. This to me just seems like a weird idea that I don't exactly want. And Google is dying on the hill of, it's fine to identify apps on your phone. You can't delete them. You can't encourage people because they don't want apps getting into a war of like, hey, everybody delete all our competitors apps and only use us. But I can see people wanting this for political reasons, like find all the sites that contribute to the candidate I hate and delete them from my phone, right? Like that's the kind of thing that I think other people might stop and go, well, I kind of would like that. I don't want to support those apps that support the people I don't like. That would violate the Google Play Store policy as well. Yeah. I just think more information is better. People being able to act on their own based on information is good. I think Google trying to police that is dangerous. Well, and eventually we're only gonna have one app. The Super App. The Super App, yeah. And let me tell you a little bit about what that might look like. Facebook and PayPal have decided to invest in the Indonesian Super App Maker Gojek and Google Intense have increased their investments as well. Gojek intends to use the new funding to expand its digital payments features and other financial services. PayPal payment capabilities will be integrated into Gojek. Expanding the number of merchants who will be able to use it and accept payments through GoPay. Facebook also says we'll work with partner WhatsApp with Gojek, but there's not a lot of details about that. Yeah, Super App needs payment, Tom. You gotta be able to pay with it. Yeah, so the best example of a Super App is actually WeChat. WeChat in China you use to bank, to pay, to ride transit, to shop. Everything is in there. And other apps have apps in WeChat because they wanna capture that market. Gojek is trying to make that happen in Indonesia and other parts of Southeast Asia. And so partnering up with PayPal is huge because that means GoPay users can now add a bunch of other merchants who didn't set themselves up on GoPay but did have PayPal already as something they could accept and now GoPay will be able to use those merchants because they're integrated through the PayPal system. And I think that's probably what Facebook wants to do with WhatsApp. They probably want to integrate GoPay into WhatsApp so that if you're in WhatsApp and you're communicating with a business and they say, hey, we'd like to send you this product or sell you the service, you would be able to pay through WhatsApp with GoPay, which eventually these Super Apps are gonna get to a point where they're like, well, we don't want the other apps to become the Super App. We don't want WhatsApp to become a Super App. I think they're gonna be less concerned with PayPal because that's more of a service. So it's interesting to see how these partnerships might shape up in the future. I'm actually really surprised that WhatsApp is not already a WeChat, a Super App competitor at this point. You know, you got the user numbers. You've got, yeah, the folks that use that app globally are, it's a very large number of folks and why Facebook has, I don't know, not figured that out yet is... The founders of WhatsApp resisted using it for anything that would reduce your privacy. But they're gone now. Well, but Facebook also knows that a lot of the users signed up with that privacy as part of the promise. So they wanna trade very carefully. They've already gotten hot water in Europe for the notion of sharing information across Instagram and Facebook so they could provide better advertising. And not even on WhatsApp yet. So there's a lot of hostility to the idea of monetizing WhatsApp. And so maybe this is why. Maybe they're like, instead of us doing it, let's integrate with things that people are comfortable with. I got a new app. Do you think something like Twitter, whatever have this option? I mean, I just, I can't actually see it myself. I got so many other problems, yeah. I don't know. Yeah, I can't see it. It's hard for me to envision that but I'll bet they wish they did. Oh, there for sure have been some internal meetings at Twitter being like, how do we monetize this better? Yeah, I'm sure. But yeah, haven't figured that one out yet. Also, what people don't figure out is how to get a good password. In fact, researchers at Carnegie Mellon University Security and Privacy Institute or SILab presented a study at the IEEE 2020 workshop on technology and consumer protection earlier this month showing that around one third of users changed their passwords after a data breach. Just one third. The study analyzed actual web traffic data from an opt-in research group called the Security Behavior Observatory. The users share their full browser history for the purposes of research and then data was collected rather between January of 2017 and December of 2019 from the home computers of 249 participants. 63 of them had accounts on publicly announced breach domains. 21 changed their passwords. Nine changed to a stronger password. And then there were the others. Yeah, some of them changed to weaker passwords. I wanna say, and I'm not trying to undermine SILab, I think they did a great job at this, but there is a selection bias that I don't think they can get around, which is if I am the most security-minded person, the one most likely to rush and change my password immediately, the one most likely to use strong passwords, I'm probably not going to trust SILab with my browsing history for no matter how high-minded the purpose, I'm not going to sign up for this panel. So there's a selection bias on the panel of the most security-minded people not participating. That said, these numbers are pretty abysmal. And I think it does highlight the fact that humans are the weakest link in security. And if you're designing security for humans to act better, it's more likely to fail than if you design it to make it easy for humans to be secure. Yeah, I guess I was a little surprised by these numbers. I was surprised by the one third of users that changed their passwords and leaving two thirds who don't. But then, I was talking to you guys about this earlier, but then I remembered, once in a while I'll get an email that'll say, it's come to our attention that our services have been breached something, something, your password may or may not have been, if I wanna change it, look at what it is. And it's like, oh, I haven't been on that service since 2003, I'm not that motivated to get on there and go, in fact, I feel a little weird about doing it because maybe it's terrible and it's so old that me giving them a new one is actually gonna make things worse. So I think I kinda understand the mentality. A lot of people are- I think a lot of folks to think, oh, I mean, there was a data breach. Was money taken out of my bank account? Was I otherwise, was money taken away from me somehow? Because that's what this is, the whole implication of this is, is like your money now is unsafe. So if you don't see that happening, a lot of people are sort of like, we're good. So it's important then to say, here are some of the accounts that had breached domains that were part of this study. Deloitte, Ancestry.com, Cashcrate.com, Yahoo.com, MyFitnessPal.com and yeah, maybe nobody feels like they have particularly Deloitte is one which I'm like, I don't know, but the rest of them maybe they don't have particularly sensitive information there, but all people wanna do is find out information on you in these accounts and then use it to impersonate you and fish. So they might use the information they find in your Yahoo account to fool you into thinking it's a legitimate organization contacting you later like, oh, well, how did they know this about me? Oh, they knew it about you cause they got into your Yahoo account and they read your Yahoo mail or they read your Yahoo profile or they looked at your Yahoo history. Like you may not think it's sensitive but there are things people can get out of these accounts even if they don't have sensitivity and if the Yahoo included mail, that's really bad. You definitely don't want people having access to one of your email accounts. Yeah, go in there, two factor it and get out. All right, folks, don't forget if you wanna get all the tech headlines each day in about five minutes, you can subscribe to dailytechheadlines.com. Consumer Technology Association, which puts on CES, announced it's got plans to go forward with an in-person CES in Las Vegas this January. Now, the CTA did not announce an attendance cap on this. Some events have been saying they'll still happen with a cap with limited attendance but CES did not announce that, doesn't mean they won't, but they didn't. They did say they would, alongside the in-person CES, offer online events. Those will be expanded to accommodate those who do not wish to attend in person. So you're gonna have a lot more virtual stuff, a lot more streaming stuff. And of course, if you're like, well, wait a minute, what's gonna happen when you get those crowds of people? I've seen that CES video. The CTA is working with the Las Vegas Convention and Visitors Authority and Hotel Venues on the plans. They announced plans to do a lot of the things you would expect, cleaning and sanitizing on a regular basis, lots of sanitizing stations for people to keep their hands clean, widening aisles to make it easier to have social distance. So there's more room to move around, more space between seats at conference programs. So when you're sitting and listening to someone talk, you're not right up next to somebody else. Attendees will also be asked to follow best practices, wearing face coverings. They're investigating the idea of doing thermal scans for fevers at entry points. The CTA and the LVCVA websites both say that CES will take place January 6th to the 9th, though Variety reported, and I quote, the CTA hasn't set dates for CES 2021 yet, saying it will announce those later this summer. So I don't know if that implies that they might change the dates. I don't know. If you're a little unclear, feel like, I know CES big, how big? Last year, 2020, or this year, I guess, this last CES, 170,000 plus attendees, 4,400 exhibiting companies across 2.9 million square feet. I did the math, that's 17 square feet per person, except people don't space themselves out. Right, yeah, it doesn't work that way. The 2.9 million square feet. So you end up having a lot of places where you're squished up together. Now, before we talk about this, also this is serving partly as a staff meeting for DT&S about whether we should attend or not. Here's some things to consider. It's too early to say what it will be like in January, and the CTA has to make its plans now. This is a complex show. They need to make calls right now for what's gonna happen in January, one way or the other, whether they're gonna have it or not. They're gonna have to make those calls. They're gonna put in those orders, make those reservations. So they have to make this decision. And it's too far in advance to know for sure. So not holding the event is costly to the CTA and could be seen by January as a wrong decision. If things are looking close into normal, people may say, well, why didn't we have CES? And that could cause problems for the CTA. However, holding the event is also risky. And if things are not looking safe in January, it could be seen as irresponsible. Why are you having this? You're putting people at risk. We had a resurgence, et cetera, et cetera. CTA seems to be splitting the difference by planning for a smaller in-person event. I think they're gambling that the number of people will be down because a lot of people just won't wanna risk it. And that makes it easier to plan a safer in-person convention if you have fewer people. It also gives them room to maneuver and adapt. They could still put a cap on people in there that could reduce programming, reduce exhibitions, et cetera. But at least what they've done so far is to say, we're gonna do something. And it's gonna involve in-person because we have to start ordering the things for that now. How does that make you feel, Sarah? Well, it's funny because selfishly, I'm like a CES that has wider aisles. And there are fewer people like crossing themselves up against me or flying drones over my head. Security people enforcing folks to stay away from you? I know, it kinda sounds like a dream. It really does. But if I was an exhibitor and there are so many exhibitors that, yeah, you walk through CES every year and, you know, cause we've been going there for so long and you kinda go like, who's even coming up to your booth right now? And I hope somebody takes your business card and I kind of root for some of the exhibitors that I feel like are, I don't even know why they're there, what they're doing. Obviously foot traffic is really, really important. So in that sense, I'm sort of like, huh, a CES that makes more sense as far as just sort of kind of order and distance is not going to work for a lot of the smaller companies. But I mean, maybe the way I feel about it is maybe CES was a little bloated, well, a little bloated, a lot bloated to begin with and maybe there's some re-imagining that can come out of this, that's a good thing for the conference overall. I know that as someone who's never been to CES, well, I've been in Vegas during CES, but never to the event. This actually would drive me to wanna go more than less. Obviously it depends on where are things, what are the numbers, how are things looking in January or even December before it. However, if things are looking good and they've got these restrictions in place, this sounds like a more pleasant place to go and cover stuff and be there and be a part of it. I would actually more, as somebody who sort of sits on the sidelines of this thing every year, I would be more inclined to go. A couple of other things to keep in mind is the LVCC, the Convention Center itself is in the middle of a huge renovation that is going to be done in time for CES. We talked about it when we talked to the folks from the CTA at CES this past year is that things are gonna be a whole lot different next year with the new expanded Convention Center. And because of that, I think there's some pressure for CES to keep happening so that they can show off and be able to use that brand new million dollar expansion that was in no small way done for the CTA among the other big conventions that come there. I asked Medzula, a listener to the show who lives in Las Vegas about this. And he said, I think Vegas is ready to pretend this whole pandemic didn't or isn't happening. The city will welcome anyone that wants to come here in a place where three quarters of the people rely on the hospitality industry, shutting things down hurt a lot. And that's the other side is the city of Las Vegas from April has been very like, let us reopen, we'll be the test case. Like saying things that some people feel are responsible but wanting to push the envelope as far as leading the case for reopening society, which may or may not be good when you consider the virality of COVID-19. I have to assume that this event is like, if not number one on the list of revenue generation for the city in the year, it's close. I mean, maybe with the NFL team moving in there, this all changes, I don't know, but I have to think that that is just one of the biggest without much hesitation. Because of that, it's just devastating to that economy unless they can figure out a way to do it. I feel like these are the right steps, at least for now, the steps will probably change, get tweaked, who knows? Maybe we'll all be there in January. I mean, one of the, as much as I kind of hate crowds and CES is one of those places where you got to deal with crowds. One of my favorite things over the last several years, especially with kind of gig economy stuff, is talking to Uber or Lyft drivers. Maybe you're in the backseat and being like, what do you think? How's this going for you? And everyone kind of sighs and says, oh, it's a lot, but you make so much money in these very, very short spurts of conventions. So yeah, there are a lot of people in that city who are looking for this to come back to life. Yeah. Well, we have our hotel room already booked. So I think we'll wait till we're closer to understanding what's actually happening with COVID-19 before we make our call, but we may go, or we may not. We'll see. Well, if you wanna talk about what's actually happening, you should join the conversation in our Discord and you can join by linking to our Patreon account at patreon.com slash DTNS. All right, let's check out the mailbag. Oh, let's do it. That's Shirley Dude wrote in about actually a GDI conversation we had yesterday. We were talking about food, because that's what we do. And talking about different kinds of pots and pans. Charlie Dude says, get a flat cast iron pan instead of a large griddle top. He was talking to you, Tom, I think. Unless you need the room. With a pan, you can carry it back and forth from the grill and your stove. Much easier to clean and much more portable and they work just like a griddle. That sounds like what I have. It doesn't have a handle like a pan though. So maybe he just means like a good old fashioned pan, but I already have portable little griddle tops. Anyway, this was all a good day internet yesterday. So if you didn't hear a good day internet, you're like, why are you talking about grittles? But that's one of the things we talked about. We were talking to Chris Ashley about grilling and stuff on good day internet. So check it out. Please do also shout out to patrons at our master and grand master levels, including John Atwood, Chris Benito, and Ragnald Varmadal. Also thanks to Scott Johnson for being with us today. Scott, how are Fred and Can doing? Oh, I'm so, oops, so glad you asked. Sorry to meet. There's some construction upstairs and it was really loud a second ago. Anyway, doing real well. In fact, we're in the middle of my first story arc, like continued strips. So not stand alone and boy, stuff's heating up. If you want to find out the status of Fred and his sentient can of cream corn that he lives with and a new, let's call it a visitor to the pair. Go check it out, fredandcan.com. If you like webcomics, I think you'll like it. There's lots of ways to get it. For everything else, you can find me over at frogpants.com. That's one hot tomato. Also yesterday, I mentioned that we were down a little on patrons on the month, which is normal right at the beginning of the month. We're now up three patrons on the month after yesterday. So thank you. That's a huge swing. I think that's a nine point swing. What politician wouldn't love that? So thank you for supporting us at dailytechnewshow.com, Patreon man. That means the world to us. Really appreciate it. If you have feedback for us, we also would love to hear it helps us shape our future shows and that email addresses feedback at dailytechnewshow.com. We're live Monday through Friday, 4 30 p.m. Eastern at 2030 UTC and you can find out more at dailytechnewshow.com slash live. Back tomorrow with Justin Robert Young. Talk to you then. This show is part of the Frog Pants Network. Get more at frogpants.com. Hope you have enjoyed this program.