Forgot your password?

Comment: Re:I don't get it... (Score 2) 98

by Rosyna (#48382901) Attached to: US Gov't Issues Alert About iOS "Masque Attack" Threat

All of those hoops are removed if the app is signed by an Apple 'enterprise deployment' certificate. Someone anyone can get just by asking.

No, those are all the hoops you have to go through to accept the "enterprise deployment" certificate profile the first time, then accept the app launching the first time. Also, the phone needs to be unlocked to accept any of these dialogs.

But then Apple can just revoke the cert (which it did for WireLurker) and blacklist the malware on the Mac side (which it also did for WireLurker).

Comment: Re:It's all about the Phone Number ID (Score 2, Informative) 136

by Rosyna (#48354055) Attached to: Apple Releases iMessage Deregistration Utility

The real issue is that you can't opt out of automatically having your phone number become and account/id in iMessage.

I want to use iMessage on my iPhone, but only with regular iCloud accounts, not with the phone number being used to create an account.

Unfortunately, the iOS team doesn't give the user that option.

The option is given when you set up a device for iMessage. It explicitly asks how you want to be contacted. By number, by email(s)/AppleIDs, or all of the above

Comment: Popular US browsers will warm, Chinese ones won't (Score 5, Insightful) 109

by Rosyna (#48190911) Attached to: China Staging a Nationwide Attack On iCloud and Microsoft Accounts

If you use Firefox, Safari, Chrome, or IE in China, they will all warn you that MiTM attack has occurred (if you trying going to But the most popular browser used in China (according to Qihoo, the claim is dubious), Qihoo’s Chinese 360 "Secure Browser". will allow Man in the middle attacks to occur, by design.

Comment: Re:That's absurd, aim your hate cannon elsewhere. (Score 1) 313

by Rosyna (#48183583) Attached to: If You're Connected, Apple Collects Your Data

TFA is about Yosemite's collection.

And the people that sued Apple tend to just sue companies over the Zip issue hoping for a payout. But previous courts have found that asking for the ZIP code before purchase does not constitute personally identifiable information not associated with the credit card transaction. (It's wrong if they ask for the ZIP after the transaction has been completed, but not before)

Comment: Re:Yay :D (Score 5, Informative) 313

by Rosyna (#48183551) Attached to: If You're Connected, Apple Collects Your Data

TFA specifically notes that the behavior described was observed with all visible 'privacy' settings adjusted. Presumably the story is even cheerier if those aren't switched off.

He only disabled Spotlight Suggestions in the Spotlight preferences, he did not disable it for Safari, which is in the Safari preferences, right next to the search engine preference.

  (Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).

Comment: Re:If you want results from the web (Score 2) 313

by Rosyna (#48183357) Attached to: If You're Connected, Apple Collects Your Data

Still, do you think that they changed the search engine, left all those options for smart search on, then went to the OS setting for spotlight and turned that off, then sounded the alarm? Would seem a bit like manufactured outrage to me, but I suppose it's not impossible.

Yes, yes, that is what I think Landon did.

Comment: Re:That's absurd, aim your hate cannon elsewhere. (Score 5, Informative) 313

by Rosyna (#48183315) Attached to: If You're Connected, Apple Collects Your Data

They don't make money by selling user information to third parties or by selling ads,

Funny, Apple has this thing called iAd where you pay Apple to place targeted ads, and it's currently being sued for selling user info to 3rd parties. Are these activities Apple's primary revenue model? No, but they are part of the revenue stream nevertheless.

iAd is only for iOS Devices (not Yosemite) and your second link is extremely misleading. They're being sued for asking customers that purchase high priced items for their zip code as an additional form of data to verify with the credit card processor to prevent fraudulent transactions. Maybe merchants that have a high amount of fraud do this type of verification.

Comment: Re:If you want results from the web (Score 3, Insightful) 313

by Rosyna (#48183289) Attached to: If You're Connected, Apple Collects Your Data

Because then you are sending a lot of requests to random domains that may not be designed to handle the traffic? And a lot, a hell of a lot of mail servers out there for common email services use legacy mail servers not related to the domain of the email address (because the mail servers were set up before that particular email domain became popular).

Super quick example, if you have a email address, the IMAP server is The Exchange ActiveSync server is Neither one would be found but your suggestion of randomly hitting subdomains.

There is actually an included list of common Mail Servers and common mail configurations. only sends the domain when the domain is not on the list or the configuration fails. It also means that if enough users look for a domain, Apple can immediately include the information without waiting for an update.

Have you ever done tech support for email problems before? It's a nightmare. Anything to help the user is best.

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal