Yeah having the browser was a sneaky way to subvert Apple’s policy of getting a 30% cut of revenue for apps that had in app purchase options. The browsers’ “home page” was the kindle store
1 Like
and just an FYI, but iTunes on Windows, when you browse the store is using an embedded webkit based browser, just stripped of a bunch of the UI stuff needed to use it as a standard browser. One reason of several why iTunes is such a massive app on Windows
2 Likes
@JoeS Microsoft Defender works primarily on an EDR model. This is why I think the attack you experienced was ultimately unsuccessful with Defender crashing the system as a result.
OTOH, this article is not likely to make you feel better as it talks about the multiple ways it can be bypassed.
Good read regardless for those interested in the various threats out there
Organizations are spending billions on malware defense that’s easy to bypass | Ars Technica
1 Like
So there is this today. This is one area that MS especially needs to do everything they can to avoid IMHO. It’s both disturbing enough to alarm those that pay attention, as it looks very similar to messages that represent a genuine threat.
I saw some notifications from our call center yesterday as it some of our EU customers.
It is a false positive as the article indicates, but our support desk has a bunch of calls to return this morning.
PS: If you are the ultra-cynical type, the fact that you will only see this if you have a chromium-based browser installed… In other words, if Edge is your only browser, you won’t get this message.
1 Like
Wait, Edge is Chromium based. So I don’t think the conspiracy angle works! 
2 Likes
Actually, it’s a specific library, part of which MS uses to define the default browser, that Edge modifies, but chrome and other chromium browsers etc. leave as standard.
1 Like
This is a trend I’ve noticed lately that is particularly galling and IMHO misleading.
If you click on the link, you are presented with a large screen filling box that starts with “we value your privacy…” and then has either agree or more options buttons, before you can actually read the content.
What they are trying, IMHO in an underhanded way, to install various cookies and trackers. If they truly “value your privacy” the default should be to not track to begin with and/or possibly allow you to opt in.
FWIW this message serves as a hard stop for me as I don’t want to support what is misleading at best.
And it tries to install a couple of cookies just for landing there, unless you set your browser like I do, to block cookies from external/other sites.
Click with caution.
Review: Samsung M7 Smart Monitor (LS32AM700)
2 Likes
Samsung seems to be especially bad with this. I tried to read the terms for my smart TV. To change the settings iirc I had to navigate to a page with bright white boxes and tiny text, and any opt out was terribly laborious. A clear example of “dark patterns” (in bright white screens). I ended up disconnecting the TV from any and all networks, and now let my Roku slurp up all my watching habits. 
Agreed on Samsung, we recently tested a couple of their “Smart Monitors” and the defaults are pretty invasive and navigating through the various menus to opt out is laborious (you have to do it in four different preference panes).
OTOH, our digital rights and privacy consultant says that Roku is even worse, tracking things like how long the tv is idle, what apps you use most and so on… nearly Facebook levels.
And they absolutely track if they can what you do with every single email they send you…
Though I guess I’m right there as well as we have two Roku enabled TVs and one Roku box in the house 
To that point, my son and daughter were on a horror kick during the pandemic, and all of the sudden ads for Shudder and Blumhouse got much more prevalent.
1 Like
Interesting, I wonder how he finds that out. For me what helped me decide to disconnect the TV from the internet is that a manufacturer like Vizio was found fingerprinting whatever is on the screen every one second. So playing something from a USB stick would be analyzed, playing a DVD would be analyzed, etc. At least with Roku they can only analyze what’s coming through the apps, not whatever you watch from other sources. Not sure if Samsung is as bad as Vizio though.
I’m not sure though I think to some degree it’s subjective and/or depends on your perspective. His background is Ex FBI specifically in drug and human trafficking.
FWIW, I’ve gotten past this for the most part, I don’t actively disregard it, nor do I obsess about it either. I try to pay attention to the TOS stuff and don’t use some of them more egregious/or careless offenders such as Tik Tok or Pandora.
For that matter the enormous amount of telemetry that MS seems to collect seems to be a cause for concern especially considering how opaque MS is about it.
The balancing thing for me is that I’m not overly concerned that someone would know that I like South Park, Mel Brooks and Rick and Morty…I don’t see a value to someone to know that.
1 Like
Oh no… not sure if I want to open this box, but what has Pandora been up to?
About this aspect, turns out there is value in almost anything. If the product customer is watching a lot of TV every night, maybe market the local gym, play on fitness insecurities. If the customer behavior is changing, watching TV later and later, maybe start marketing antidepressants, sleep aids. If there’s anything to make a dime off, they’ll find a way. Next is integration. “Hey, this guy is watching TV while he’s working from home!” Not sure if that’s already happening, but why wouldn’t it eventually unless it is explicitly forbidden? And even then, the company receives a few-million dollar fine, says “we are very sorry”, and goes right back to business as usual. You basically can’t be cynical enough where it comes to this stuff.
3 Likes
So this is a growing problem across the world. Human engineering at its best/worst.
It’s a great reminder that for many, you are the product…
@JoeS this is already happening with most of the corporate VPN products where an admin can get a list of every open app on their users’ systems.
Teams sort of does the same thing, but as a “diagnostic” to detect connection issues.
1 Like
But not a new one, as they admit in the article. I wonder, has any exposé or education effort ever put a dent in this kind of thing? And the perps only get better at it.
It’s a bit whack-a-mole to be sure, but any time they publish something like this, it hopefully gets a few more people’s attention.
In our customers it’s like the battle to keep users from opening email attachments from sources they don’t know.
The US Department of the Interior inserts this message in every email that an employee gets:
This email has been received from outside of DOI - Use caution before clicking on links, opening attachments, or responding.
It’s added to my emails to National Park rangers and replies from them have [EXTERNAL] added after the RE: in the email title. I wonder if all that just gets ignored after seeing it every day for years?
1 Like
Yes a definite issue. In fact additional guidance is that you should frequently rewrite messages such as that because people ignore them after awhile
2 Likes
I mentioned it in another thread, but there is a fictional TV show that gets a lot of this spot on, including the social and behavioral engineering aspects of this.
Almost every event is triggered as much by what a user did or didn’t do, but knew better.
It also gets technology mostly right, unlike most tv shows and movies.
2 Likes