Thursday, September 21, 2017

A Symbolic Look at Equifax

Here’s a video that symbolizes my interactions when enrolling in Equifax's credit monitoring service (audio is a must with this video). Nothing like a happy-go-lucky bear caught in a bear trap. 




Details


1. I checked to see if my data was compromised. (Some people reported yes, some reported “We believe that your personal information was not impacted by this incident.”) Fortunately, mine was the latter: https://www.equifaxsecurity2017.com/potential-impact/

2. I clicked “Enroll,” and I provided my information. Then, I waited several days for a confirmation e-mail for the next step. (http://trustedidpremier.com)

3. I clicked on the link in the confirmation e-mail. I provided a little more info and got redirected to a web page asking for me to login, but I never set up a password. (https://www.trustedid.com/premier/myaccount.php) 

4. I clicked “Forgot password” and received a reset-password e-mail to set up my first time password.

5. I set up a new password and clicked login after confirming my info.

6. I repeatedly received a “Server is down” error message.

7. I waited (hours/days) and kept trying while continuously receiving “The server unexpectedly dropped the connection” error messages.

To be fair to Equifax, it’s virtually impossible to standup a website in a matter of days/weeks that could handle a load of this magnitude. (Remember when Twitter used to go down – “Fail Whale” – in the early years? Facebook avoided this problem by managing their rollout over college campuses to control their growth and server load.)

In the Equifax case, server downtime works in their favor since less people will enroll. And it gets very confusing for consumers when dealing with so many different domain names (equifax.com, equifaxsecurity2017.com, trustedidpremier.com, trustedid.com, etc).

I’ll report back when I’m able to successfully enroll. I'm still getting a "server is busy" error message.

Anyone else have luck enrolling?



Wednesday, September 13, 2017

iPhone X Form Factor and Security [u]

Perhaps. One solution is to turn off
the phone at LEO encounters
Over the past two days, a surprising number of friends and colleagues have asked for my opinion on the iPhone X. This new smartphone seems to have received a lot of attention.

While I love the new features, I'm concerned about the form factor. Initially, it seemed to be as big as the iPhone 6/7 Plus models, which is too big for me. (I've been using the iPhone 6 & 7.) 

It turns out I was wrong about the size. Compared to the iPhone 7, the iPhone X is about about one tenth of an inch higher and about 0.15" wider. So, it's slightly bigger than the iPhone 7. And, compared to the iPhone 7 Plus, the iPhone X is about half an inch shorter and quarter of inch narrower, making the X significantly smaller than the 7+. The beauty of the iPhone X is that the screen is more than a quarter of an inch larger than the screen on the iPhone Plus models (6, 7, and 8). That's a bigger screen on a smaller phone due to the X's edge-to-edge design.

So, the bottom line is I'm considering getting the iPhone X. 


Face ID

Instead of using Touch ID's fingerprint recognition feature for authentication, the iPhone X uses Face ID, which recognizes a person the same way humans do, by their face. Apple claims that Face ID is 20x more accurate than Touch ID, which is great. But, some people have raised alarms that law enforcement officers (LEOs) could take you into custody and simply unlock your phone by pointing the screen at your face. Could that really happen? Perhaps. But, I've seen alarmist headlines before ("Apple Crosses The Line With New iPhone Feature"). One way to protect against this is to simply not enable this feature for people who are deeply concerned. Another option, if Face ID is turned on, would be to simply turn off your phone before a LEO encounter (i.e. crossing international borders, etc). 

Each time the iPhone is turned on, the secure enclave, which processes your Touch ID or Face ID credentials, remains inactive until a person manually enters their PIN to decrypt this information. It appears, during Craig Federighi's demonstration of Face ID, that his demo phone had been restarted but not unlocked with the PIN, prior to his demo. This prevented Face ID from working. While that's the correct technical behavior, it happened at the wrong time – but he seemed to recover well during the demo.

Update: Apple's Craig Federighi details Face ID and how to quickly disable it.