01 October 2018

Facebook can’t keep you safe


Another day, another announcement from Facebook that it has failed to protect your personal information. Were you one of the 50 million (and likely far more, given the company’s graduated disclosure style) users whose accounts were completely exposed by a coding error in play for more than a year? If not, don’t worry — you’ll get your turn being failed by Facebook. It’s incapable of keeping its users safe.

Facebook has proven over and over again that it prioritizes its own product agenda over the safety and privacy of its users. And even if it didn’t, the nature and scale of its operations make it nearly impossible to avoid major data breaches that expose highly personal data.

For one thing, the network has grown so large that its surface area is impossible to secure completely. That was certainly demonstrated Friday when it turned out that a feature rollout had let hackers essentially log in as millions of users and do who knows what. For more than a year.

This breach wasn’t a worst case scenario exactly, but it was close. To Facebook it would not have appeared that an account was behaving oddly — the hacker’s activity would have looked exactly like normal user activity. You wouldn’t have been notified via two-factor authentication, since it would be piggybacking on an existing login. Install some apps? Change some security settings? Export your personal data? All things a hacker could have done, and may very well have.

This happened because Facebook is so big and complicated that even the best software engineers in the world, many of whom do in fact work there, could not reasonably design and code well enough to avoid unforeseen consequences like the bugs in question.

I realize that sounds a bit hand-wavy, and I don’t mean simply that “tech is hard.” I mean that realistically speaking, Facebook has too many moving parts for the mere humans that run it to do so infallibly. It’s testament to their expertise that so few breaches have occurred; the big ones like Cambridge Analytica were failures of judgment, not code.

A failure is not just inevitable but highly incentivized in the hacking community. Facebook is by far the largest and most valuable collection of personal data in history. That makes it a natural target, and while it is far from an easy mark, these aren’t script kiddies trying to find sloppy scripts in their free time.

Facebook itself said that the bugs discovered Friday weren’t simple; it was a coordinated, sophisticated process to piece them together and produce the vulnerability. The people who did this were experts, and it seems likely that they have reaped enormous rewards for their work.

The consequences of failure are also huge. All your eggs are in the same basket. A single problem like this one could expose all the data you put on the platform, and potentially everything your friends make visible to you as well. Not only that, but even a tiny error, a highly specific combination of minor flaws in the code, will affect astronomical numbers of people.

Of course, a bit of social engineering or a badly configured website elsewhere could get someone your login and password as well. This wouldn’t be Facebook’s error, exactly, but it is a simple fact that because of the way Facebook has been designed — a centralized repository of all the personal data it can coax out of its users — a minor error could result in a total loss of privacy.

I’m not saying other social platforms could do much better. I’m saying this is just another situation in which Facebook has no way to keep you safe.

And if your data doesn’t get taken, Facebook will find a way to give it away. Because it’s the only thing of value that they have; the only thing anyone will pay for.

The Cambridge Analytica scandal, while it was the most visible, was only one of probably hundreds of operations that leveraged lax access controls into enormous datasets scraped with Facebook’s implicit permission. It was their job to keep that data safe, and they gave it to anyone who asked.

It’s worth noting here that not only does it only take one failure along the line to expose all your data, but failures beyond the first are in a way redundant. All that personal information you’ve put online can’t be magically sucked back in. In a situation where, for example, your credit card has been skimmed and duplicated, the risk of abuse is real, but it ends as soon as you get a new card. For personal data, once it’s out there, that’s it. Your privacy is irreversibly damaged. Facebook can’t change that.

Well, that’s not exactly right. It could, for example, sandbox all data older than three months and require verification to access it. That would limit breach damage considerably. It could also limit its advertising profiles to data from that period, so it isn’t building a sort of shadow profile of you based on analysis of years of data. It could even opt not to read everything you write and instead let you self-report categories for advertising. That would solve a lot of privacy issues right there. It won’t, though. No money in that.

One more thing Facebook can’t protect you from is the content on Facebook itself. The spam, bots, hate, echo chambers — all that is baked on in. The 20,000-strong moderation team they’ve put on the task is almost certainly totally inadequate, and of course the complexity of the global stage and all its cultures and laws ensures that there will always be conflict and unhappiness on this subject. At the very best it can remove the worst of it after it’s already been posted or streamed.

Again, it’s not really Facebook’s fault exactly that there are people abusing its platform. People are the worst, after all. But Facebook can’t save you from them. It can’t prevent the new category of harm that it has created.

What can you do about it? Nothing. It’s out of your hands. Even if you were to quit Facebook right now, your personal data may already have been leaked and no amount of quitting will stop it from propagating online forever. If it hasn’t already, it’s probably just a matter of time. There’s nothing you, or Facebook, can do about it. The sooner we, and Facebook, accept this as the new normal, the sooner we can get to work taking real measures towards our security and privacy.


Read Full Article

Meet Adam Mosseri, the new head of Instagram

Meet Adam Mosseri, the new head of Instagram

How P2P (Peer to Peer) File Sharing Works

Google gets into game streaming with Project Stream and Assassin’s Creed Odyssey in Chrome


Earlier this year, we heard rumors that Google was working on a game streaming service. Now, it looks like those rumors were true. The company today unveiledProject Stream” and while Google calls this a “technical test” to see how well game streaming to Chrome works, it’s clear that this is the foundational technology for a game streaming service.

To sweeten the pot, Google is launching this test in partnership with Ubisoft and giving a limited number of players free access to Assassin’s Creed Odyssey for the duration of the test. You can sign up for the test now and starting on October 5, Google will invite a limited number of participants to play the game for free in Chrome.

As Google notes, the team wanted to work with a AAA title because that’s obviously far more of a challenge than working with a less graphics-intense game. And for any game streaming service to be playable, the latency has to be minimal and the graphics can’t be worse than on a local machine. “When streaming TV or movies, consumers are comfortable with a few seconds of buffering at the start, but streaming high-quality games requires latency measured in milliseconds, with no graphics degradation,” the company notes in today’s announcement.

If you want to participate, though, you’ll have to be fast. Google is only taking a limited number of testers. Your internet connection has to be able to handle 25 megabits per second and you must live in the U.S. and be over 17 to participate. You’ll also need both a Ubisoft and Google account. The service will support wired Playstation and Xbox One and 360 controllers, though you can obviously also play with your mouse and keyboard.

While it remains to be seen if Google plans to expand this test and turn it into a full-blown paid service, it’s clear that it’s working on the technology to make this happen. And chances are Google wouldn’t pour resources into this if it didn’t have plans to commercialize its technology.


Read Full Article

Google wants to make Chrome extensions safer


Google today announced a number of upcoming changes to how Chrome will handle extensions that request a lot of permissions, as well as new requirements for developers who want to publish their extensions in the Chrome Web Store.

It’s no secret that, no matter which browser you use, extensions are one of the main vectors that malicious developers use to gain access to your data. Over the years, Google has improved its ability to automatically detect malicious extensions before they ever make it into the store. The company has also made quite a few changes to the browser itself to ensure that extensions can wreak havoc once they have been installed. Now, it’s taking this a bit further.

Starting with Chrome 70, users can restrict host access to their own custom list of sites. That’s important because, by default, most extensions can see and manipulate any website you go to. Whitelists are hard to maintain, though, so users can also opt to only provide an extension with access to the current page after a click.

“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional – because they allow extensions to automatically read and change data on websites,” Google explains in today’s announcement.

Any extensions that request what Google calls “powerful permissions” will now also be subject to a more extensive review process. In addition, Google will also take a closer look at extensions that use remotely hosted code (since that code could be changed at any time, after all).

As far as permissions go, Google also notes that in 2019, it’ll introduce new mechanisms and more narrowly scoped APIs that will reduce the need for broader permissions and that will give users more control over the access that they grant to their extensions. Starting in 2019, Google will also require two-factor authentication for access to Chrome Web Store developer accounts to make sure that a malicious actor can’t take over a developer’s account and publish a hacked extensions.

While that change is still a few months out, starting today, developers are no longer allowed to publish extensions with obfuscated code. By default, obfuscated code isn’t a bad thing. Developers often use this method of scrambling their JavaScript source code to hide their code, which would otherwise be in clear text and easy to steal. That also makes it very hard to figure out what exactly the code does and 70 percent of malicious extensions and those that try to circumvent Google’s policies use obfuscated code. Google will remove all existing extensions with obfuscated code in 90 days.

it’s worth noting that developers will still be allowed to minify their code to remove whitespace, comments and newlines, for example.


Read Full Article

What Are Kodi Boxes and Is It Legal to Own One?


kodi-box-illegal

While we have discussed the Kodi app in detail previously, we haven’t spent much time discussing Kodi boxes. With Kodi boxes becoming increasingly popular, this article aims to remedy that.

With those unfamiliar with Kodi, you can run it on your desktop, install the Android version from the Google Play Store, or even follow a workaround to get Kodi running on your iOS device.

As for Kodi boxes, they are becoming increasingly common as people look to slash their cable bill or cut the cord completely.

If you regularly follow the cord-cutting news, you might have seen some worrying stories about the legality of such boxes. In this article, we explain what Kodi boxes are and offer you a definitive answer on their lawfulness.

What Is Kodi?

Before explaining what a Kodi box is, it would be pertinent to first clarify what Kodi itself is.

Formerly known as XMBC, Kodi is a free-to-use open source media player. It acts as a single centralized hub for all your locally saved entertainment. It also lets you watch live TV thanks to its support for most well-known back-ends, including MediaPortal, MythTV, NextPVR, Tvheadend, and VDR.

The Kodi software is cross-platform (available on Windows, Mac, Linux, Android, and iOS), it can play almost any media format you throw at it, and it can stream your content to other Kodi installations on your network or any device that supports UPnP.

However, for many users, the software’s biggest appeal lies in its add-ons. Given that the app is open source, there are thousands of add-ons to choose from. Some of the best Kodi add-ons are entirely legal (such as YouTube, Hulu, and Spotify), while others are most definitely illegal.

Unfortunately, it’s the illegal ones that garner the most attention. They’ll often let you watch live sport from around the world, stream the latest episodes of your favorite TV shows, or watch the newest Hollywood blockbusters on the day they hit movie theaters.

What Is a Kodi Box?

A Kodi box is a standalone device that runs the Kodi software and plugs directly into your TV or monitor. The boxes have a full version of the app pre-installed and ready to use. All you need is the box itself, a power cord, and an HDMI cable.

Some boxes are specifically designed to only run the Kodi software, while others are modified versions of common set-top media players. Kodi can run on Chromecast, Amazon Fire TV, Google Nexus Player, Nvidia Shield, any device that supports Android TV, Raspberry Pi, and a host of products from smaller independent manufacturers.

Is Kodi Illegal?

The answer is a resounding No. Kodi is not illegal now and will almost certainly never become illegal in the future.

In simple terms, Kodi is nothing more than a media app. When you install it on your device, it’s empty. It’s nothing more than a shell waiting for you, the user, to populate it with content. No add-ons come pre-packaged, and even if they did, there is no way the developers would release the app with the illegal ones baked in.

Kodi even has an official repository for add-ons. Every single one of the add-ons you will find in it is entirely legal to download and use in every jurisdiction.

Are Kodi Boxes Illegal?

Again, the answer is No. But this time, there’s a caveat.

Firstly, let’s be clear: if you buy a Kodi box and it comes with nothing more than a copy of the app installed, you’re safe. Your purchase is entirely legal, and you have nothing to worry about. What you do with it beyond that point is your choice, and you will bear the responsibility for your decisions.

If you’re shopping for a Kodi box, the key phrase that should set alarm bells ringing is “Fully Loaded.” Such offers are rife on sites like eBay and Craigslist. Typically, they’ll also profess the availability of free movies or live sports.

kodi box fully loaded

These boxes are illegal. The law in the majority of countries, including the United States, is very clear: accessing pirated content is prohibited. Therefore, buying them, selling them, and using them can land you in trouble. If you value your freedom you should avoid buying a fully loaded Kodi box.

Interestingly, there’s nothing particularly special about the fully loaded boxes. The seller has merely loaded them up with some of the most popular illegal add-ons. Which means that there’s nothing to stop you turning a barebones Kodi box into a fully loaded Kodi box by yourself.

Could Authorities Kill Kodi Because of Kodi Boxes?

It’s very unlikely. Fully loaded Kodi boxes are attractive because they can act like a typical satellite or cable box: you use a Kodi remote control, you can channel surf, and you’ll often get an on-screen TV guide.

But content-wise, they are no different to using Windows, Chrome, or any other app to access pirated content. You don’t need any specialized technical knowledge, and if you know where to look, there is masses of illegal content you can watch for free.

If Windows is safe from the long arm of the law, Kodi is also safe.

Could Authorities Prosecute You for Using Kodi?

The answer to this question depends on where you live.

Kodi Cases in the UK

In the UK, there is now a serious push to clamp down on the sellers of these devices. A man from Middlesbrough became the first person to be prosecuted for selling fully loaded Kodi boxes when he stood trial in May 2017. He faced a charge of “selling adapted devices for the purpose of enabling or facilitating the circumvention of effective technological measures” and was fined £250,000.

Another man, Terry O’Reilly, is already serving a four-year term for the less serious “conspiracy to defraud,” after he allegedly sold more than 1,000 Kodi boxes to pubs around the country. Prosecutors claim that the buyers used the boxes to show live Premier League soccer to their patrons for free.

“The courts have provided a clear message: this is against the law and selling systems which allow people to watch unauthorized Premier League broadcasts is a form of mass piracy and is sufficiently serious to warrant a custodial sentence. There can now be no doubt for consumers that these systems are illegal.”

— Kevin Plumb, Premier League Director of Legal Services, speaking after the conviction of Mr. O’Reilly (Quote via City of London Police).

Whether the courts could eventually prosecute end-users is unclear. There doesn’t seem to be much chance of it happening at the moment, but things can change quickly. It would be wise to heed the advice of Lord Toby Harris. He is the Chair of National Trading Standards in the UK:

“I would warn any person or business selling or operating such a device that they are in breach of copyright law. National Trading Standards will continue to protect legitimate business and pursue those who breach copyright in this way.” (Reported by The Express.)

The Kodi Situation in the US

In the US, it’s a similar story. Some users are already claiming they’ve received copyright infringement notices from their ISPs. Remember, your ISP knows exactly what you are watching online.

It’s fair to assume Kodi boxes will quickly go the same way as torrent clients in the United States. Subscribers to the country’s major ISPs face having their connections cut off if they repeatedly ignore the warnings.

Meanwhile, Kodi Usage in Europe

In mainland Europe, the situation is slightly different. According to the Court of Justice of the European Union (CJEU), you’re not breaking the law if you use Kodi boxes (or the Kodi desktop app) to stream copyrighted material.

The law stems from a landmark case in 2014. Several media conglomerates sued media service company Meltwater. The CJEU backed Meltwater. It said viewing copyrighted content is not copyright infringement because users only have the data on their computers temporarily.

However, you shouldn’t be complacent. The controversial European Union Directive on Copyright in the Digital Single Market—which contains the infamous “Article 13”—is still making its way through the legislative chambers. Depending on the eventual outcome, the law could change radically.

Thinking of Getting a Kodi Box?

To summarize, the Kodi app is legal and Kodi boxes are legal. Kodi boxes loaded with add-ons that let you access copyrighted material are illegal. Of course, using Kodi to access pirated content on your desktop is also illegal. However, it’s not something on which the authorities are currently focusing.

To learn more about Kodi, check out our articles on Kodi keyboard shortcuts you need to know and how your Kodi app could be at risk from malware.

Read the full article: What Are Kodi Boxes and Is It Legal to Own One?


Read Full Article

Incoming Calls


Incoming Calls

Which Kindle Device Should You Buy? A Comparison Guide

Zuckerberg must face public scrutiny over latest data breach, say UK MPs


UK members of parliament have once again called for Facebook’s founder, Mark Zuckerberg, to travel to the country to face questions about how his business operates.

They’re renewing calls for facetime with the Facebook CEO in light of the massive data breach it disclosed on Friday — which the company said could affect as many as 90 million users, with 50M confirmed to have been compromised. It’s not clear exactly how many UK (or European) accounts are involved at this stage.

Facebook said on Friday that it had fixed the flaws, which were introduced after an update in July, and had been exploited by hackers to swipe access tokens. Attackers had been able to use its APIs to scrape some user data, it also said. It reset all potentially affected tokens once it discovered the hack late last month.

Damian Collins, who chairs a UK parliamentary select committee which, earlier this year, spent several months this year interrogating data protection issues, and recently called for a levy on social media platforms to help defend democratic institutions from online disinformation, told the Telegraph: “Facebook’s latest data breach demonstrates more clearly than ever why Mark Zuckerberg should face public scrutiny about the practices and policies his company employs to keep British users’ data safe.”

Julian Knight, another member of the committee, also said: “It would be helpful to hear from Mr Zuckerberg, but I won’t be holding my breath.”

Earlier this year MPs on the Department for Digital, Culture, Media and Sport (DCMS) select committee appealed for Zuckerberg to personally give evidence as they scrutinized the impact of online disinformation on democractic processes. However Facebook repeatedly declined to send its founder — instead sending some alternative staffers, including — finally — its CTO.

The committee was not satisfied, complaining that the reps it sent were unable to answer their questions. Collins also slammed the company for what he described as an evasive “pattern of behaviour” — and “a desire to hold onto information and not disclose it”.

It also kept up its pressure for Zuckerberg to testify — offering the chance for him to answer questions remotely, via video link. Still Facebook declined.

In May, in a pretty extraordinary development, the DCMS committee then told Facebook that if its founder stepped foot on UK soil they would issue him with a formal summons.

Safe to say, Zuckerberg made no trips to the UK, although he did attend a meeting of the EU parliament’s conference of presidents towards the end of May (where he was heckled for also avoiding MEPs’ questions).

Given his record of rejecting invitations from the UK parliament, it seems unlikely the company will suddenly offer its CEO up now — to discuss an awkward security breach to boot.

Though Facebook’s lack of engagement with UK politicians might make the government keener to seize on the committee’s recommendation of a social media levy to offset damage caused by tech platforms’ accelerating online disinformation.

We’ve reached out to Facebook with questions and will up date this story with any response.

The data breach is the first that falls clearly under new EU-wide privacy rules which carry beefed up penalties for violations.

On Friday, in a statement commenting on the Facebook hack, the UK’s data protection agency said: “It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. We will be making enquiries with Facebook and our overseas counterparts to establish the scale of the breach and if any UK citizens have been affected.”

The company does appear to have abided by the requirements of GDPR to report major breaches within 72 hours of discovery.


Read Full Article

The Das Keyboard 5Q adds IoT to your I/O keys


Just when you thought you were safe from IoT on your keyboard Das Keyboard has come out with the 5Q, a smart keyboard that can send you notifications and change colors based on the app you’re using.

These kinds of keyboards aren’t particularly new – you can find gaming keyboards that light up all the colors of the rainbow. But the 5Q is almost completely programmable and you can connect to the automation services IFTTT or Zapier. This means you can do things like blink the Space Bar red when someone passes your Nest camera or blink the Tab key white when the outdoor temperature falls below 40 degrees.

You can also make a key blink when someone Tweets which could be helpful or frustrating:

The $249 keyboard is delightfully rugged and the switches – called Gamma Zulu and made by Das Keyboard – are nicely clicky but not too loud. The keys have a bit of softness to them at the half-way point so if you’re used to Cherry-style keyboards you might notice a difference here. That said the keys are rated for 100 million actuations, far more than any competing switch. The RGB LEDs in each key, as you can see below, are very bright and visible but when the keys lights are all off the keyboard is completely unreadable. This, depending on your desire to be Case from Neuromancer, is a feature or a bug. There is also a media control knob in the top right corner that brings up the Q app when pressed.

The entire package is nicely designed but the 5Q begs the question: do you really need a keyboard that can notify you when you get a new email? The Mac version of the software is also a bit buggy right now but they are updating it constantly and I was able to install it and run it without issue. Weird things sometimes happen, however. For example currently my Escape and F1 keys are now blinking red and I don’t know how to turn them off.

That said, Das Keyboard makes great keyboards. They’re my absolute favorite in terms of form factor and key quality and if you need a keyboard that can notify you when a cryptocurrency goes above a certain point or your Tesla stock is about to tank, look no further than the 5Q. It’s a keyboard for hackers by hackers and, as you can see below, the color transitions are truly mesmerizing.


Read Full Article

Jamf Now: The Golden Standard of Apple Device Management


Device management can be extremely time-consuming for any team. Buying a new device, manually entering all the settings, and downloading all required apps can become tedious. Devices that are unmanaged can also pose a security threat to entire organizations.

Let’s take a closer look at how Jamf Now can streamline your organization’s Apple device management.

What Is Jamf Now?

Jamf Now is a management solution created exclusively for Apple devices. Jamf Now is ideal for small businesses and allows you to set up, protect and manage devices all from a single dashboard. Devices can be configured quickly and consistently, and apps can be centrally deployed.

Once a device is paired with your Jamf Now account you’re able to view details like its serial number, available storage, and model. You can send the latest OS updates to a single unit or manage a group of devices using Blueprints. Jamf Now also allows you to place restrictions on devices to prevent users from changing certain settings. This is a very powerful feature to ensure devices in your organization meet security and compliance needs.

Jamf Now can also be used to help employees retain their individual Apple IDs and request assistance. For example, if an employee loses their iOS device you’re able to lock the device and place a custom message on the screen. The lost device can also be remotely and securely erased all from within your Jamf Now account.

How Does Jamf Now Work?

Jamf Now works by first creating a trust between your Jamf Now account and Apple which we’ll cover in the upcoming steps. If you’re planning on using Jamf Now to manage your company devices, ensure you use a dedicated company Apple ID. If you change the Apple ID that is paired with Jamf Now, you will need to enroll all of your devices again.

jamf now apple management how jamf now works

After a trust is established you need to add devices into your Jamf Now account in order for them to be managed. Jamf Now supports two levels of management: Supervised and Enrolled. Supervised devices can be controlled on a much deeper level than devices that are only enrolled. Company devices typically fall under the Supervision level of management.

Some of the most powerful Jamf Now features require Supervision such as:

  • Restrictions (iOS)
  • Lost Mode
  • Activation Lock Bypass
  • Wallpaper

Enrolled devices are typically used for organizations that have a Bring Your Own Device policy.

You may also be interested in some of the more business-oriented features such as Apple Business Manager, which allows you to buy hardware and apps in bulk and distribute them to your workforce. These are optional, but you will also require an Apple ID that is associated with Apple Business Manager. It’s free to sign up but you will need a registered company and an organization email account. Yahoo or Gmail accounts won’t work! If you require the Supervised level of management you must have connected DEP to your Jamf Now account.

This guide will cover setting up your Jamf Now account to easily manage your devices. To successfully deploy devices you will need:

  1. An email address for creating a Jamf Now account.
  2. The same email address for connecting to APNs.

Step 1: Setting Up Jamf Now

Setting up a Jamf Now account is really straightforward.

  1. Go to the Jamf Now website and create a free account.
  2. Check your inbox for and activation email and click on the Activate your account link to begin the setup procedure.

Step 2: Connecting to APNs Using Jamf Now

Apple Push Notification service (APNs) is the way Jamf Now securely stays in touch with all your Apple devices. Once you activate and log in to your Jamf Now account the first screen prompts you to connect to APNs.

jamf now add apple devices

There are four steps which are required to pair your Jamf account to your Apple ID.

  1. Create a Certificate Signing Request (CSR) from Jamf Now
  2. Create an Apple Push Certificate in the Apple Push Certificate Portal
  3. Upload your Apple Push Certificate to Jamf Now
  4. Save your Apple ID along with your Apple Push Certificate

jamf now apple download csr

Jamf Now provides you with links, prompts, and videos at each step to make this process as simple as possible.

jamf now create apple push certificate

Once you download the CSR click Next and follow the link which reads Open the Apple Push Certificates Portal.

jamf now apple push certificates portal

After you sign in to the Apple Push Certificates Portal, click on Create a Certificate.

jamf now create new push certificate

At the Create screen, click on Choose File under Vendor-Signed CSR followed by the Upload button.

jamf now apple confirmation

The Apple Portal will confirm that your new certificate is created and is available for download. Download the certificate and head back over to your Jamf Now account for the final steps. Browse for the certificate you downloaded from the Apple Portal which should have a .PEM extension. Jamf Now will now confirm that the upload was successful and the connection between Jamf Now and Apple is complete!

jamf now apple upload push certificate

The final step of saving your Apple ID is optional but recommended. Apple Push Certificates are valid for one year. Saving your Apple ID allows Jamf Now to remind you which Apple ID you used when you need to renew your certificate. That’s it! You can now begin enrolling devices in your Jamf Now account!

Step 3: Selecting Apps to Deploy

One great feature of Jamf Now is the ability to provision devices with certain apps. This saves users and the IT team from having to manually download these applications for each user upon enrollment.

jamf now select apps deploy

For example, say you wanted to add MakeUseOf’s Invoice Mini app from the App Store to all your devices. To do this click on the Apps tab followed by Add an App and search for either an app name or a developer name. Once you’ve found the app you’re looking for click on Add to My Apps. You will now be able to assign the app to any Blueprints which we’re going to create in the upcoming steps.

jamf now apple volume purchase program

Jamf Now also supports Apple’s Volume Purchase Program (VPP) (part of Apple Business Manager). This means that apps that require a license can be purchased and assigned to your organization. If an employee leaves, you will be able to reclaim the license that was assigned to them and associate it with another user. Brilliant!

Step 4: Configuring Devices With Blueprints

Blueprints are one of the most powerful features of Jamf Now. They are the proverbial cookie cutter used to effortlessly set up and configure devices as soon as they are enrolled. You can either create a blueprint from scratch or begin using one of the templates provided by Jamf Now.

jamf now apple management

From the predefined apps we configured in the previous section right down to preventing users from changing their wallpaper, Blueprints allow for the fine-grained control and security at the device level.

Deploying Wi-Fi Networks

Let’s say you’ve added a new office and Wi-Fi network specifically for all the users in your sales division. Instead of going to each device and manually adding in a new Wi-Fi network, all you need to do is edit the Blueprint that those devices are assigned to.

jamf now apple blueprints

  1. Select the Blueprints Tab
  2. Select the Sales Blueprint
  3. Click on the Wi-Fi tab
  4. Click on Add a Wi-Fi Network

jamf now deploy wifi networks

This will bring up the Add Wi-Fi Network menu. After entering the Name (SSID), security and password for the new Wi-Fi network click on Save Changes.

jamf now deploy wifi networks management

All devices that were under that Blueprint will now have this new Wi-Fi network pushed to them. The devices will also auto-join the new Wi-Fi network. No need to hand the password to any user or manually configure each device!

Restrictions

Restrictions are arguably what makes Jamf Now so special. Jamf Now supports a number of restrictions for iOS devices that helps you keep data secure and prevent users from changing certain settings. Some settings do require Supervision which is covered in the next section. 

To add or remove a restriction:

  1. Login to your Jamf Now accont and select the Blueprints tab.
  2. Click on Restrictions.
  3. Choose the area you’d like to restrict like Security and Privacy.
  4. Enable or disable any settings you want to push to the devices.
  5. Click on Save Changes.

jamf now manage restrictions

All devices that were under that Blueprint will now have these new restrictions pushed to them. For example, say you Disabled Touch ID for unlock for the management Blueprint; Touch ID will be disabled for all devices that belong to said Blueprint.

amf now manage restrictions

Blueprints can also be used to enable Single App Mode. For example, if you were deploying some iOS devices and you wanted to lock them into a certain app, Single App Mode is a great way to achieve this. Blueprints will ensure all the devices in your organization adhere to any restrictions and turn what was once a very manual process into a much more fluid one.

Step 5: Device Enrollment and Supervision

In order for devices to be managed by Jamf Now they need to be enrolled into your account. There are two methods of enrolling devices: Open Enrollment and Supervision. As mentioned, Open Enrollment is a lower form of management compared to Supervision.

For both instances a device would have already been through the Apple setup process, have created an Apple ID and be connected to a network. The main difference being that Supervised devices get enrolled automatically as part of Apple’s Setup Assistant.

Open Enrollment

The first method of enrollment is referred to as Open Enrollment. This works by providing users with a URL and access code to complete the enrollment process. This is perfect for organizations with a Bring Your Own Device (BYOD) policy.

To set up Open Enrollment:

  1. Log in to Jamf Now
  2. Under the Account Section, click on Open Enrollment
  3. Click on the Enable Open Enrollment checkbox
  4. Choose an Access Code
  5. Take note of your Open Enrollment Link
  6. Click on Save Settings

jamf now apple devices open enrollment

To enroll any device using open enrollment:

  1. Open Safari on your macOS or iOS device.
  2. Navigate to the Open Enrollment Link from above.
  3. Enter the Access Code from above.
  4. Select a Blueprint.
  5. Type in a Name for this Device.
  6. Click on Start Enrollment.

jamf now apple devices open enrollment

Once again, Safari knows exactly how to handle the downloaded configuration file.

jamf now apple devices open enrollment

Your device will now ask you for confirmation if you’d like to install a new profile. Simply click Install in the box that pops up.

jamf now apple devices open enrollment

This device is now enrolled and will appear in your Jamf Now console ready for management!

Supervision

The second method of management is Apple’s Device Enrollment. Device Enrollment allows an organization to purchase Apple devices and automatically enroll them into Jamf Now the first time the device turns on. As mentioned, you will need an Apple Business Manager or Apple School Manager account to take advantage of Device Enrollment.

jamf now apple management supervision

Once you have Device Enrollment (formerly DEP) set up, any devices you purchase through Apple or its authorized resellers will appear in your Jamf Now account. This is done via the device’s unique serial number. All you need to do is assign a Blueprint to the device and that’s it.

Device Enrollment allows you to ship a device directly to a new employee and have it automatically enroll into Jamf Now based on the device’s unique serial number. The user simply unboxes the device and follows Apple’s built-in Setup Assistant. Awesome!

Device Enrollment allows a much deeper level of management referred to as Supervision. Supervision is the recommended level of management for devices that your organization purchases.

Step 6: Managing Devices

From your dashboard, your entire organization’s Apple devices are at your fingertips. At a glance, you can see devices that require your attention and you can to fix and attend to issues quickly and efficiently. Some details include the OS version, available storage and device assignment.

jamf now apple management

From this screen, you can also lock a device, assign an asset tag for inventory tracking and even remotely wipe the device. Keep in mind that Jamf Now does not handle backups of devices. This must still be done either through iTunes or iCloud.

jamf now apple device management

If someone has misplaced their device:

  1. Select the device from the Devices tab.
  2. Click on Lock.
  3. Enter an optional message and phone number.
  4. Click on Lock.

jamf now apple device management

Jamf Now immediately locks the iPhone over the air and displays your message and phone number. The process is the same if you’d like to remotely erase or wipe the device.

Remote App Installation

One particularly useful feature is the ability to remotely install an application directly from the dashboard!

jamf now apple remote app management

After you’ve added an app to your Jamf Now account using the steps mentioned in the section above:

  1. Select the device from the Devices tab.
  2. Select iOS Apps.
  3. Open the context menu next to the app you’d like to deploy.
  4. Click Install on device.

A confirmation message will be sent to the user. After they have accepted, the app will be downloaded and installed. Managing groups of devices is done under the Blueprints section which we’ve covered above. Compared to manually making changes on every individual device, this is unbelievably beneficial.

jamf now apple remote app management

On the subject of IT teams, the Teammates tab allows many members to manage an organization. The only thing to bear in mind is that all teammates have the same permissions within an organization.

Jamf Now Is the Standard of Apple Management

The time saving, security, and ease of deployment make device management from Jamf Now essential if you’re deploying Apple devices to your organization. The user interface is beautifully designed and very easy to use even if you’re not an IT professional.

Jamf Now offers a full-featured demo for you get your hands dirty and decide if Jamf Now is for you. Otherwise, create your free Jamf Now account!

Image Credit: tomeversley/Depositphotos

Read the full article: Jamf Now: The Golden Standard of Apple Device Management


Read Full Article

What’s the Best Drone for Photography?

The Best Scavenger Hunt Apps and Ideas

Google Maps adds ‘Commute’ tab and music controls


Google just announced new features for Google Maps on Android and iOS. The update is rolling out this week and features a bunch of new features focused on commuting, music and getting more personal data from you.

While Google Maps is particularly useful for road trips and vacation, the app can also be useful for stressful commutes. Google is resurfacing some of those features with a new ‘Commute’ tab.

After setting up your home and work address, the app will help you know what to expect in the morning and the evening. If you drive to work, Google Maps now tells you how long it’s going to take and if there are any alternative routes. It works pretty much like Waze’s ETA screen and tells you if it’s going to be faster or slower in 30 minutes or an hour.

If you take the bus or train to work, Google Maps can help you find out when you should leave. The app takes into account the walk or drive to the station. Those public transit features compete directly with Citymapper and most likely relies on a lot of open data.

Talking about public transit, you’ll be able to see your bus or train on the map, slowly moving closer to you. The app also tells you how long you have to wait. This feature will be available in 80 regions around the world. In Sydney, the app tells you how full the next bus is going to be.

Unfortunately, this update comes with a privacy drawback. Until very recently, you could associate your home and work address with your Google account in Google Maps.

Now, you need to activate ‘web & app activity’, the infamous all-encompassing privacy destroyer — I used to store my home and work address and I can no longer change those addresses without enabling that. If you activate that setting, Google will collect your search history, your Chrome browsing history, your location, your credit card purchases and more.

And Google nudges you to activate that “feature” all the time. You need to turn on ‘web & app activity’ to use Google Assistant on an Android device for instance. It’s becoming quite clear that Google is monetizing its newest features with your data.

In other news, Google is also adding music controls in Google Maps. You’ll be able to control Spotify, Apple Music and Google Play Music. It looks like the company is taking advantage of taller screens to add a banner near the bottom of the screen with the current song and the ability to skip a song or pause the music.

There will be a new button on the right to open your music app as well. Spotify users on Android will also be able to browse the Spotify library from Google Maps directly.


Read Full Article

Google Maps adds ‘Commute’ tab and music controls


Google just announced new features for Google Maps on Android and iOS. The update is rolling out this week and features a bunch of new features focused on commuting, music and getting more personal data from you.

While Google Maps is particularly useful for road trips and vacation, the app can also be useful for stressful commutes. Google is resurfacing some of those features with a new ‘Commute’ tab.

After setting up your home and work address, the app will help you know what to expect in the morning and the evening. If you drive to work, Google Maps now tells you how long it’s going to take and if there are any alternative routes. It works pretty much like Waze’s ETA screen and tells you if it’s going to be faster or slower in 30 minutes or an hour.

If you take the bus or train to work, Google Maps can help you find out when you should leave. The app takes into account the walk or drive to the station. Those public transit features compete directly with Citymapper and most likely relies on a lot of open data.

Talking about public transit, you’ll be able to see your bus or train on the map, slowly moving closer to you. The app also tells you how long you have to wait. This feature will be available in 80 regions around the world. In Sydney, the app tells you how full the next bus is going to be.

Unfortunately, this update comes with a privacy drawback. Until very recently, you could associate your home and work address with your Google account in Google Maps.

Now, you need to activate ‘web & app activity’, the infamous all-encompassing privacy destroyer — I used to store my home and work address and I can no longer change those addresses without enabling that. If you activate that setting, Google will collect your search history, your Chrome browsing history, your location, your credit card purchases and more.

And Google nudges you to activate that “feature” all the time. You need to turn on ‘web & app activity’ to use Google Assistant on an Android device for instance. It’s becoming quite clear that Google is monetizing its newest features with your data.

In other news, Google is also adding music controls in Google Maps. You’ll be able to control Spotify, Apple Music and Google Play Music. It looks like the company is taking advantage of taller screens to add a banner near the bottom of the screen with the current song and the ability to skip a song or pause the music.

There will be a new button on the right to open your music app as well. Spotify users on Android will also be able to browse the Spotify library from Google Maps directly.


Read Full Article