Actalis sends you your private key. This means they have access to your private key, and theoretically could use it to sign and decrypt your emails. A more secure but somewhat more complex system would use a certificate signing request (CSR) instead. In that case, you are the only person who ever has your private key, so only you can sign or decrypt your email.
Releasing the app on the same day to the Apple App Store and Apple Arcade is a nice win for Apple Arcade.
An old favorite of mine is Harvest: Massive Encounter. Expand, harvest, defend, optimize, and eventually get wiped out.
Yes, device management systems can push apps directly to devices, but the devices have to be managed first. So I think it probably is about the lack of Google Play.
One of the hardest parts of managing devices is getting them enrolled in device management in the first place. Microsoft uses the Microsoft Authenticator app to authenticate users as part of the enrollment process, so they know which employee is using the device and how to configure it. They need a reliable app store to distribute that app, and they need to do it before the device is managed. So usually they rely on Google Play.
It tells when the user is online. This is useful for sending spam, because being on top of the inbox makes it more likely your message will be read.
To be fair, I doubt anyone’s implemented this specifically for ICMP. Instead I’d expect tracking that watches for any IP traffic whatsoever, and that happens to include ICMP.
ICMP reveals your IP address, which is easily correlated with other traffic…
And IntelliSync, so you could have the same contacts in your PC and your Palm Pilot.
I still wouldn’t trust it because of homograph attacks.
Yeah. The huge legal distinctions between different ways of unlocking a device seem absurd. Comprehensive privacy legislation would help.
Authorities with a warrant can drill into a safe to get to its contents. That’s legally distinct from forcing someone to unlock the safe by entering the combination. It takes some mental effort to enter a combination, so it counts as “testimony”, and in the USA people can’t be forced to testify against themselves.
The parallel in US law is that people can be forced to unlock a phone using biometrics, but they can’t be forced to unlock a phone by entering a passcode. The absurd part here is that the actions have the same effect, but one of them can be compelled and the other cannot.
This is likely a bad mistake. Keep the old cert around.
There’s two possibilities:
The first possibility is that Actalis uses the same key pair for the new cert. This is not a great approach because it doesn’t defend against a leaked key or key overuse. After all, if the key can be trusted longer than a year, the first cert they issued should be valid for longer.
The second, and much worse possibility, is that renewing the cert gets a different private key. This can case data loss. Deleting the old identity means you lose the ability to decrypt any messages that were encrypted using that key! Even if your mail client stores the previously encrypted emails in decrypted form, you may receive a new email from a sender who does not yet have your new cert.