Twitter's latest beta update introduces support for providing content creators with Bitcoin tips using the "Tip Jar" feature that Twitter introduced earlier this year. MacRumors reports: Bitcoin isn't yet available to select as a tip option for beta users, but code in the beta suggests that Twitter is in the process of rolling it out. When the Tip Jar was first introduced, Twitter allowed users to add Bandcamp, Cash App, Patreon, PayPal and Venmo links to their Twitter profile, but soon, there will be a Bitcoin option.

Details in the latest Twitter beta indicate that users will be directed through a Bitcoin tutorial that includes details on the Bitcoin Lightning Network and custodial and non-custodial Bitcoin wallets. Twitter gives Strike, Blue Wallet and Wallet of Satoshi as examples of custodial wallets and Muun, Breez, Phoenix and Zap as examples of non-custodial wallets. Twitter also informs users that a Strike account is required. "We use Strike to generate Bitcoin Lightning invoices so you'll need to connect your account to accept Bitcoin tips" reads the text.

Apple's plan to digitize your wallet is slowly taking shape. What started with boarding passes and venue tickets later became credit cards, subway tickets, and student IDs. Next on Apple's list to digitize are driver's licenses and state IDs, which it plans to support in its iOS 15 update expected out later this year. From a report: But to get there it needs help from state governments, since it's the states that issue driver's licenses and other forms of state identification, and every state issues IDs differently. Apple said today it has so far secured two states, Arizona and Georgia, to bring digital driver's license and state IDs. Connecticut, Iowa, Kentucky, Maryland, Oklahoma, and Utah are expected to follow, but a timeline for rolling out wasn't given.

Apple said in June that it would begin supporting digital licenses and IDs, and that the TSA would be the first agency to begin accepting a digital license from an iPhone at several airports, since only a state ID is required for traveling by air domestically within the United States. The TSA will allow you to present your digital wallet by tapping it on an identity reader. Apple says the feature is secure and doesn't require handing over or unlocking your phone. The digital license and ID data is stored on your iPhone but a driver's license must be verified by the participating state. That has to happen at scale and speed to support millions of drivers and travelers while preventing fake IDs from making it through. The goal of digitizing licenses and IDs is convenience, rather than fixing a problem. But the move hasn't exactly drawn confidence from privacy experts, who bemoan Apple's lack of transparency about how it built this technology and what it ultimately gets out of it.

An anonymous reader quotes a report from 9to5Mac, written by Filipe Esposito: Google this week announced the beta release of Chrome 94, the next update to Google's desktop web browser. In addition to general improvements, the update also adds support for the new WebGPU API, which comes to replace WebGL and can even access Apple's Metal API. As described by Google in a blog post, WebGPU is a new, more advanced graphics API for the web that is able to access GPU hardware, resulting in better performance for rendering interfaces in websites and web apps.

For those unfamiliar, Metal is an API introduced by Apple in 2014 that provides low-level access to GPU hardware for iOS, macOS, and tvOS apps. In other words, apps can access the GPU without overloading the CPU, which is one of the limitations of old APIs like OpenGL. Google says WebGPU is not expected to come enabled by default for all Chrome users until early 2022. The final release of Chrome 94 should enable WebCodecs for everyone, which is another API designed to improve the encoding and decoding of streaming videos.

Apple announced today it has reached a proposed settlement in a lawsuit filed against it by developers in the United States. The agreement, which is still pending court approval, includes a few changes, the biggest one being that developers will be able to share information on how to pay for purchases outside of their iOS app or the App Store -- which means they can tell customers about payment options that aren't subject to Apple commissions. The settlement also includes more pricing tiers and a new transparency report about the app review process. From a report: The class-action lawsuit was filed against Apple in 2019 by app developers Donald Cameron and Illinois Pure Sweat Basketball, who said the company engaged in anticompetitive practices by only allowing the downloading of iPhone apps through its App Store. In today's announcement, Apple said it is "clarifying that developers can use communications, such as emails, to share information about payment methods outside of their iOS app. As always, developers will not pay Apple a commission on any purchases taking place outside of their app or the App Stores."

The US Patent and Trademark Office has granted a patent to Apple for a dual-display MacBook with a virtual keyboard replacing the traditional keyboard and with the ability to wirelessly charge an iPhone. 9to5Mac reports: As reported by Patently Apple, this patent was submitted three years ago, and only now has Apple won it. With this patent, the company could take a radical path and get rid of a physical keyboard. The interesting thing about this application is that while rumors suggest that Apple will remove the only touchable interface on the MacBook Pro, the Touch Bar, this patent imagines a MacBook with no physical keyboard at all. Patently Apple says this virtual keyboard could be rearranged, swapping the position of the virtual keyboard and trackpad. With a virtual keyboard, Apple could bring gestures from iOS and iPadOS as well, such as pinch, zoom, slide to select, and more. In the patent, Apple says this MacBook includes biometric sensors, which we could interpret as Face ID, fingerprint sensors (aka Touch ID), and a wireless charger, which would be in the left down corner of the notebook.

"What seemed like a small update has, for some, turned into a huge headache," reports ZDNet: Over on Apple's support forum, there are several threads from users complaining that iOS 14.7.1 broke their iPhones, causing a "no service" problem where users are unable to connect to cell service. Ther">e are similar threads on Apple's developer forums as well.

While there doesn't seem to be a pattern to which phones are affected, I've seen reports of everything from the iPhone 6 to iPhone 12 affected, and the cause is clear — upgrading to iOS 14.7.1.
"Users are saying that restarting the phone, removing the SIM, and even resetting network settings didn't help," according to 9to5Mac (in an article shared by long-time Slashdot reader antdude).

Forbes reports the bug appears to happen when you lose your cellular connection and switch to WiFi calling, "so those living in areas with good reception may never see it. Of course, this scenario also helps to mask the scale of iPhones which might be affected." If you haven't upgraded to iOS 14.7.1 yet, this potentially crippling flaw could (understandably) put you off upgrading. The problem is that the release also contains a critical fix for a new zero-day security flaw...

For more than a year, an active member of a community that traded in illicitly obtained internal Apple documents and devices was also acting as an informant for the company. An anonymous reader shares a report: On Twitter and in Discord channels for the loosely defined Apple "internal" community that trades leaked information and stolen prototypes, he advertised leaked apps, manuals, and stolen devices for sale. But unbeknownst to other members in the community, he shared with Apple personal information of people who sold stolen iPhone prototypes from China, Apple employees who leaked information online, journalists who had relationships with leakers and sellers, and anything that he thought the company would find interesting and worth investigating. Andrey Shumeyko, also known as YRH04E and JVHResearch online, decided to share his story because he felt that Apple took advantage of him and should have compensated him for providing the company this information.

"Me coming forward is mostly me finally realizing that that relationship never took into consideration my side and me as a person," Shumeyko told Motherboard. Shumeyko shared several pieces of evidence to back up his claims, including texts and an email thread between him and an Apple email address for the company's Global Security team. Motherboard checked that the emails are legitimate by analyzing their headers, which show Shumeyko received a reply from servers owned by Apple, according to online records. Shumeyko said he established a relationship with Apple's anti-leak team -- officially called Global Security -- after he alerted them of a potential phishing campaign against some Apple Store employees in 2017. Then, in mid-2020, he tried to help Apple investigate one of its worst leaks in recent memory, and became a "mole," as he put it. Last year, months before the official release of Apple's mobile operating system iOS 14, iPhone hackers got their hands on a leaked early version.

An anonymous reader writes: Apple's NeuralHash algorithm (PDF) -- the one it's using for client-side scanning on the iPhone -- has been reverse-engineered.

Turns out it was already in iOS 14.3, and someone noticed:

Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision: two images that hash to the same value. The next step is to generate innocuous images that NeuralHash classifies as prohibited content.

This was a bad idea from the start, and Apple never seemed to consider the adversarial context of the system as a whole, and not just the cryptography.

Reddit is the latest social media platform to roll out a TikTok-like video feed. According to TechCrunch, the discussion-based forum is "making short-form video more pronounced on its iOS app." From the report: According to Reddit, most iOS users should have a button on their app directly to the right of the search bar -- when tapped, it will show a stream of videos in a TikTok-like configuration. When presented with a video, (which shows the poster who uploaded it and the subreddit it's from), users can upvote or downvote, comment, gift an award or share it. Like TikTok, users can swipe up to see another video, feeding content from subreddits the user is subscribed to, as well as related ones. For instance, if you're subscribed to r/printmaking, you might see content from r/pottery or r/bookbinding.

The user interface of the videos isn't new -- Reddit has been experimenting with this format over the last year. But before, this manner of watching Reddit videos was only accessible by tapping on a video while scrolling through your feed -- rather than promoting discovery of other communities, the first several videos recommended would be from the same subreddit. [...] Reddit doesn't yet have a timeline for when the feature will roll out to everyone, but confirmed that this icon first appeared for some users in late July and has continued to roll out to almost all iOS users. But by placing a broader, yet still personalized video feed on the home screen, Reddit is signaling a growing curiosity in short form video.

WhatsApp users will finally be able to move their entire chat history between mobile operating systems -- something that's been one of users' biggest requests to date. From a report: The company today introduced a feature that will soon become available to users of both iOS and Android devices, allowing them to move their WhatsApp voice notes, photos, and conversations securely between devices when they switch between mobile operating systems.

The feature WhatsApp introduced today works with Samsung devices and Samsung's own transfer tool, known as Smart Switch. Today, Smart Switch helps users transfer contacts, photos, music, messages, notes, calendars, and more to Samsung Galaxy devices. Now, it will transfer WhatsApp chat history, too. WhatsApp showed off the new tool at Samsung's Galaxy Unpacked event, and announced Samsung's newest Galaxy foldable devices would get the feature first in the weeks to come. The feature will later roll out to Android more broadly. WhatsApp didn't say when iOS users would gain access.

Apple defended its new system to scan iCloud for illegal child sexual abuse materials (CSAM) on Monday during an ongoing controversy over whether the system reduces Apple user privacy and could be used by governments to surveil citizens. From a report: Last week, Apple announced it has started testing a system that uses sophisticated cryptography to identify when users upload collections of known child pornography to its cloud storage service. It says it can do this without learning about the contents of a user's photos stored on its servers. Apple reiterated on Monday that its system is more private than those used by companies like Google and Microsoft because its system uses both its servers and software running on iPhones.

Privacy advocates and technology commentators are worried Apple's new system, which includes software that will be installed on people's iPhones through an iOS update, could be expanded in some countries through new laws to check for other types of images, like photos with political content, instead of just child pornography. Apple said in a document posted to its website on Sunday governments cannot force it to add non-CSAM images to a hash list, or the file of numbers that correspond to known child abuse images Apple will distribute to iPhones to enable the system.

"Developers are once again publicly highlighting instances in which Apple has failed to keep scam apps off of the app store," reports Ars Technica: The apps in question charge users unusual fees and siphon revenue from legitimate or higher-quality apps. While Apple has previously come under fire for failing to block apps like these from being published, developers complained this week that Apple was actually actively promoting some of these apps...

Apple continues to play whack-a-mole with these apps, but various developers have both publicly and privately complained that the company takes too long. One developer we exchanged emails with claimed that, when they discovered a scam app that stole assets from their own legitimate app and which was clearly designed to siphon users from the real app, Apple took 10 days to remove the app, while Google only took "1-2 days" on the Android side. The app was allowed back on Apple's App Store once the stolen assets were removed. During the long waiting period, the developer of the legitimate app lost a significant amount of users and revenue, while the developer of the illegitimate app profited.

As Apple fights legal battles to prevent third-party app stores from making their way to iOS on the basis that those alternative app stores may be less secure than Apple's own, claims from developers that scam apps are slipping through may undermine Apple's defense.

Mayor Bill de Blasio announced today that New York City will become the first major U.S. city to require proof of vaccination to enter all restaurants, fitness centers and indoor entertainment venues. "If you're unvaccinated, unfortunately, you will not be able to participate in many things," de Blasio said. "If you want to participate in our society fully, you've got to get vaccinated." As The Verge reports, "New Yorkers can meet those requirements by carrying their vaccination card or scanning and storing it in one of two authorized mobile apps." From the report: The spread of the highly contagious Delta variant is being cited as a reason to increase restrictions without returning to a full lockdown or other measures. The program is scheduled to launch on August 13th, with enforcement slated to start on September 13th. It doesn't introduce any new documentation; the name is a reference to it serving as a "key" to the city's recovery.

Workers and patrons can confirm their vaccination status (at least one dose administered) in one of three ways: Vaccination card; NYC COVID Safe exposure notification app (iOS, Android); or NYS Excelsior Pass app.

French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country's international television station France 24. Pegasus is the hacking software -- or spyware -- that is developed, marketed and licensed to governments around the world by NSO Group. The malware has the capability to infect billions of phones running either iOS or Android operating systems. It enables operators of the spyware to extract messages, photos and emails, record calls and secretly activate microphones. The Guardian reports: It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project -- a consortium of 17 media outlets, including the Guardian. Forbidden Stories, a Paris-based nonprofit media organization, and Amnesty International initially had access to a leaked list of 50,000 numbers that, it is believed, have been identified as those of people of interest by clients of Israeli firm NSO Group since 2016, and shared access with their media partners.

France's national agency for information systems security (Anssi) identified digital traces of NSO Group's hacking spyware on the television journalist's phone and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking. Anssi also found Pegasus on telephones belonging to Lenaig Bredoux, an investigative journalist at the French investigative website Mediapart, and the site's director, Edwy Plenel. Forbidden Stories believes at least 180 journalists worldwide may have been selected as people of interest in advance of possible surveillance by government clients of NSO.

Le Monde reported that the France 24 journalist, based in Paris, had been selected for "eventually putting under surveillance." Police experts discovered the spyware had been used to target the journalist's phone three times: in May 2019, September 2020 and January 2021, the paper said. Bredoux told the Guardian that investigators had found traces of Pegasus spyware on both her and Plenel's mobile phones. She said the confirmation of long-held suspicions that they had been targeted contradicted the repeated denials of those who were believed to be behind the attempt to spy on them.

An anonymous reader quotes a report from Ars Technica: In iOS 14, Apple added a "privacy" section to the app store, requiring app developers to list the data they collect and how they use it. Google -- which was one of the biggest targets of Apple's privacy nutrition labels and delayed app updates for months to avoid complying with the policy -- is now aping the feature for Google Play. Google posted a demo of what the Google Play "Data privacy & security" section will look like, and it contains everything you'd expect if you've looked at the App Store lately. There's information on what data apps collect, whether or not the apps share the data with third parties, and how the data is stored. Developers can also explain what the data is used for and if data collection is required to use the app. The section also lists whether or not the collected data is encrypted, if the user can delete the data, and if the app follows Google's "Families" policy (meaning all the usual COPPA stuff).

Google Play's privacy section will be mandatory for all developers in April 2022, and starting in October, Google says developers can start populating information in the Google Play Console "for review." Google also says that in April, all apps will need to supply a privacy policy, even if they don't collect any data. Apps that don't have an "approved" privacy section by April may have their app updates rejected or their app removed. Google says, "Developers are responsible for providing accurate and complete information in their safety section." All of this information is basically just running on the honor system, and on iOS, developers have already been caught faking their privacy labels.

Epic, which sued Apple last year and has expressed concerns about the exorbitant fees the iPhone-maker charges on App Store (30% on each transaction on year 1 for apps that are not games and 15% on year 2 and beyond), has found a new backer in the court of public opinion: Elon Musk. In a tweet Friday, Musk likened Apple's App Store charges to "a de facto global tax on the Internet." He added, "Epic is right."

Epic CEO Tim Sweeney added today: The Apple Tax is far more pernicious than many realize. "It only applies to digital goods accessible on iOS," they say -- but in the future all physical goods will have a digital presence, and Apple will tax and gatekeep world commerce. Apple must be stopped.
Friday's remarks follows Musk sniping at Apple during an earnings call earlier this week. From that story: Apple's walled garden is facing scrutiny from lawmakers and other companies, including in an antitrust trial that took place earlier this year after it was sued by Epic Games over App Store fees and policies. "I think we do want to emphasize that our goal is to support the advent of sustainable energy," Musk said in response to a question about letting competitors use its charger network. "It is not to create a walled garden and use that to bludgeon our competitors which is used by some companies." Musk then faked a cough and said, "Apple."

Facebook said on Wednseday it expects revenue growth to "decelerate significantly." It also announced that it would require anyone working at its U.S. offices to be vaccinated against COVID-19. Google announced a similar policy earlier this morning. Reuters reports: The warning overshadowed the company's beat on Wall Street estimates for quarterly revenue, bolstered by increased advertising spending as businesses build their digital presence to cater to consumers spending more time and money online. Facebook said it expects Apple's recent update to its iOS operating system to impact its ability to target ads and therefore ad revenue in the third quarter. The iPhone maker's privacy changes make it harder for apps to track users and restrict advertisers from accessing valuable data for targeting ads.

Monthly active users came in at 2.90 billion, up 7% from the same period last year but missing analyst expectations of 2.92 billion and marking the slowest growth rate in at least three years, according to IBES data from Refinitiv. "The user growth slowdown is notable and highlights the engagement challenges as the world opens up. But importantly, Facebook is the most exposed to Apple's privacy changes, and it looks like it is starting to have an impact to the outlook beginning in 3Q," said Ygal Arounian, an analyst at Wedbush Securities. Brian Wieser, GroupM's global president of business intelligence, said all social media companies would see slower growth in the second half of the year and that it would take more concrete warnings about activity in June and July for anyone to anticipate a "meaningful deceleration."

Fossbytes has an article detailing how you can check to see if your mobile device is infected with the "Pegasus" spyware. What's Pegasus you ask? It's phone-penetrating spy software developed by NSO Group and sold to governments to target journalists and activists around the world. The CEO of NSO Group says law-abiding citizens have "nothing to be afraid of," but that doesn't help us sleep any better. Here's how to check if your device has been compromised (heads up: it's a bit of a technical and lengthy process): First off, you'll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you'll have to install libimobiledevice beforehand for that. Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system -- if you don't have it already. Here's how you can install the same for Windows, macOS, and Linux. After that, go through Amnesty's manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line. Now, let's go through the steps for detecting Pegasus on an iPhone backup using MVT.

First of all, you have to decrypt your data backup. To do that, you'll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path: "mvt-ios decrypt-backup -p password -d /decrypted /backup". Note: Replace "/decrypted" with the directory where you want to store the decrypted backup and "/backup" with the directory where your encrypted backup is located.

Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder. To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path: "mvt-ios check-backup -o /output -i /pegasus.stix2 /backup". Note: Replace "/output" with the directory where you want to store the scan result, "/backup" with the path where your decrypted backup is stored, and "/pegasus.stix2" with the path where you downloaded the latest IOCs.

After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix "_detected," then that means your iPhone data is most likely Pegasus-infected. However, the IOCs are regularly updated by Amnesty's team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.

Chris Lee, a former staff interaction designer at Google, writes in a blog post: Chrome Home was an ambitious redesign of mobile Chrome's main UI. It brought Chrome's toolbar to the bottom of the screen and turned in into a peeking panel that could be swiped to expose additional controls. I created the original concept and pitch for Chrome Home in 2016. It was based off two insights:

1. Phones were growing in size, and we had opportunity to innovate in creating a gestural, spatial interface that would still be usable with one hand.
2. Mobile Chrome was also growing in features - but because its minimalist interface kept everything behind a "three dot" menu, these features were underutilized and hard to access.

The idea caught traction internally, eventually becoming a Chrome org priority. I then led a team to execute and iterate on the concept. Executing on Chrome Home required rethinking not just the toolbar, but almost all of Chrome's UI: search, bookmarks, tabs, prompts, etc. To inform our decisions, we used a variety of prototyping and testing approaches of increasing fidelity. Ultimately, such a fundamental change to a web browser required nothing short of building it into the product and testing it in longitudinal studies and live beta experiments. We heard a mixture of reactions. The feature gained a cult following among the tech community. But for some mainstream users, the change felt disorienting. Chrome serves billions of users around the globe with varying tech literacy. I became increasingly convinced that launching Chrome Home would not serve all our users well. So just as I strongly as I had pitched the original concept, I advocated for us to stop the launch -- which took not a small amount of debate. Lee adds, "oh, and Safari in iOS 15 picked up some similar ideas and criticisms."

Clubhouse announced Wednesday that it would end its waitlist and invite system, opening up to everyone. TechCrunch reports: Clubhouse is also introducing a real logo that will look familiar -- it's basically a slightly altered version of the waving emoji the company already used. Clubhouse will still hold onto its app portraits, introducing a new featured icon from the Atlanta music scene to ring in the changes. "The invite system has been an important part of our early history," Clubhouse founders Paul Davison and Rohan Seth wrote in a blog announcement. They note that adding users in waves and integrating new users into the app's community through Town Halls and orientation sessions helped Clubhouse grow at a healthy rate without breaking, "but we've always wanted Clubhouse to be open."

According to new data SensorTower provided to TechCrunch, Clubhouse hit its high point in February at 9.6 million global downloads, up from 2.4 million the month prior. After that, things settled down a bit before perking back up in May when TikTok went live on Android through the Google Play Store. Since May, new Android users have accounted for the lion's share of the app's downloads. In June, Clubhouse was installed 7.7 million times across both iOS and Android -- an impressive number that's definitely in conflict with the perception that the app might not have staying power.

Clubhouse's success is a double-edged sword. The app's meteoric rise came as a surprise to the team, as meteoric rises often do. The social app is still a wild success by normal metrics in a landscape completely dominated by a handful of large, entrenched platforms, but it can be tricky to maintain healthy momentum after such high highs. Opening up the app to everybody should certainly help.