30 January 2019

The 6 Best Free Tax Software to File Your Tax Return This Year


tax-returns

Do you hate anything more than taxes? Maybe, it’s the money you have to pay to just file your taxes. There are plenty of options to file your federal return. However, finding services that will file state taxes without paying extra can be tough.

If you’re tired of paying to file your taxes, stop here. You’ll love these five free options for submitting your state and federal forms.

Something About Free Tax Software

Free tax software

First, and most important of all, remember that you get what you pay for. Tax software that’s free isn’t going to offer as many options as paid versions. You’ll also get less support, and in most cases, you won’t be able to file anything other than the simplest of returns. That’s just how it is.

Second, this list is current as of January 2019. Some companies change their offerings on a yearly basis, and if this list becomes outdated, we’ll try to make changes so that it’s current. But if you see a site that’s no longer offering free state returns, or has different requirements, that’s why.

Finally, remember that big-name companies like TurboTax and H&R Block have been doing this for decades and that their years of experience means they’re great at finding potential deductions and filing quickly. While using a lesser-known website doesn’t mean that you’ll miss out on things, if you want to make sure that everything about your return is perfect, you may want to go with a big name (which often means you’ll need to pay).

With that out of the way, let’s get onto the free tax software!

1. DIY Tax

DIY Tax

DIY Tax offers completely free federal and state tax returns with no catch. Many forms can be used (including the critical part of 1099-MISC for contractors and freelancers), making this a more versatile option than many others out there.

A Premium option is available, though there’s no indication anywhere on the website of what’s include; this makes it difficult to say whether or not that might be useful. Even so, this is one of the simplest, most straightforward, and totally free tax-filing options.

2. TurboTax Federal Free Edition

TurboTax

With one of the biggest names in tax preparation, you can be confident that TurboTax will give you the information and tools you need to get your returns filed quickly. And with the Federal Free Edition, you can file both your federal and state taxes electronically without paying a dime.

You’ll need to be doing a relatively simple return, using forms 1040EZ or 1040A. If you’re doing anything more complicated than that, like taxes for the self-employed, a paid service will be required. Regardless, filing your taxes with TurboTax is a relatively painless process as these things go!

3. H&R Free Online

H&R Block Free Tax Filing

With the free version of H&R Block’s online tax filing system, you can file your federal and state taxes for absolutely nothing. This plan is ideally suited for renters, those with young families, or individuals living on retirement income.

The free package offers 45 forms required for filing, including those needed for the Earned Income Tax Credit, child care expenses and child tax credit, student loan interest, social security income, and more. Keep in mind, however, if you find yourself tracking your payments and receipts each year, this isn’t the plan for you.

4. TaxAct Free Edition

Tax Act Free

The free edition of TaxAct provides for “simple federal filing” for those “with no dependents.” Available forms include the 1040A, 1040EZ, and a few other basics, though it is missing the 1099-MISC that many freelancers will need.

Despite this stipulation, TaxAct does offer free filing of both federal and state returns, though it does say “Pay when you file,” inviting speculation that there could be some hidden fees in some instances.

Also included with the free edition is tax support via email, so you can get answers to any questions you have from the TaxAct support team. And TaxAct’s price lock guarantee means that once you register, the price won’t change.

5. OnLine Taxes

OnLine Taxes

You might pass over OnLine Taxes because of its uninspiring design. But don’t discount it immediately. If your adjusted gross income is between $14,000 and $66,000, you’re eligible to file both your federal and state returns for free.

If you don’t qualify, filing your federal taxes is still free, but you’ll pay $9.95 for each state, which is a pretty great deal. OLT also provides free email support every day of the week during tax season, and they let you file amended returns for free if you submitted the first return with them. You can use a wide range of tax forms, including 1099-MISC and just about anything else you might need.

6. MyFreeTaxes

MyFreeTaxes

A program run by the United Way in conjunction with H&R Block, MyFreeTaxes will let you file both federal and state taxes for free if you make less than $66,000.

The site also helps you get organized by providing a tax preparation checklist as well as information on tax extensions, ITIN for immigrants, and credits/deductions. Because it’s a newcomer to the business, it doesn’t have as many reviews as other sites, but the fact that it’s powered by H&R Block should inspire confidence in the convenience and security of the service.

If You Don’t Quality for the Free Options

While many people will be able to use one of the free websites above, there will be some who can’t. For those people, there are a few other sites that you can check out.

FreeTaxUSA offers free federal filing and $12.95 per state return. You’ll find this is one of the lowest prices you’ll find anywhere. Meanwhile, eSmartTax lets you file federal returns for free, and charges $29.99 per state, which is still pretty reasonable.

See our article on why we prefer FreeTaxUSA over other tax software.

Don’t Pay for What You Can Get for Free

If you have a simple tax return, you should be able to get both federal and state filing for free. These five websites will help you do it. As long as you’ve followed the best strategies for claiming a tax return, it should not be a problem. So don’t pay for what you can get free!

Read the full article: The 6 Best Free Tax Software to File Your Tax Return This Year


Read Full Article

The 5 Best Apps to Help You Fight Your Smartphone Addiction

The 7 Best Windows File Explorer Alternatives and Replacements


windows-explorer-replacements

If you spend a lot of time using File Explorer in Windows, it’s easy to become weary of its idiosyncrasies. Why can’t you integrate non-Microsoft cloud storage providers? Why can’t you edit and delete the folder shortcuts in This PC? And why hasn’t Microsoft introduced tabbed browsing?

Perhaps it’s time to dump File Explorer and use a third-party alternative? If you’ve never looked into what’s available, you might be surprised. Here are the seven best Windows File Explorer replacements.

1. XYplorer

xyplorer main screen

XYplorer is one of the best Windows Explorer alternatives. But what makes it so good?

Firstly, it’s portable. That means you don’t need to worry about it not being available on other computers you have to use during the day. Just keep it loaded on your USB stick along with all your other useful portable apps.

Secondly, it’s got an impressive feature set that will appeal to both casual users and hardcore geeks.

For example, the explorer has tabbed browsing. The tabs function like a web browser’s tabs; you can reorder them, drag files between them, and pre-configure them. The app also boasts support for custom scripts, customizable fonts and colors, and secondary sorting.

XYplorer has both a free and paid version. The paid costs $39.95 for a lifetime license.

Download: XYplorer

2. Directory Opus

If XYplorer doesn’t meet your requirements, check out Directory Opus instead.

It arguably has a steeper learning curve than XYplorer. While the previous app takes many of its design queues from Windows File Explorer, Directory Opus introduces more of its own style decisions.

directory opus

If you’re prepared to spend the time learning where to find everything, you will be handsomely rewarded. Features include support for synchronizing files and finding duplicates, scripting capabilities, graphics that allow you to flag and check mark files, and a customizable status bar.

The lite version costs about $40 while the full version is $70. A 60-day free trial is available.

Download: Directory Opus

3. fman

fman app home screen

fman is the least Windows-like app on the list so far. It’s self-described as “GoTo on steroids.”

Perhaps the best thing about fman is its cross-platform support; it works on Mac and Linux as well as Windows. If you spend a lot of time jumping between the three operating systems, it’ll provide a sense of continuity in your work.

Nonetheless, if you’re a beginner, this probably isn’t the app for you. fman is mainly aimed at software developers and other tech-savvy pros.

Feature-wise, it always displays the contents of two directories to make moving and copying files a breeze. It also has an extensive list of plugins for additional functionality and it has full keyboard shortcut support.

It’s free to download and use, but an update license costs $12.

Download: fman

4. Free Commander

free commander main app screen

Free Commander is the first entirely-free software on this list. If you’re not a power user and you don’t want to pay for a Windows File Explorer replacement, this is probably the app for you.

The app doesn’t try to confuse users with lots of features most people will probably never use. Rather, it aims to offer an alternative solution that remedies some of the glaring omissions within the native Windows app.

So, if you’re a first-time user, what can you expect? Free Commander offers a tabbed interface, dual panels for easy drag-and-drop, built-in support for archive handling (ZIP files), folder synchronization, definable shortcuts, and even a DOS command line.

Download: Free Commander

5. Explorer++

explorer++ main screen

The second entirely-free app on the list, Explorer++ makes the cut because it’s open source. That means the community can keep working on it for as long as they wish—there’s no danger you’ll be tied to an unsupported app at some point in the future.

Interestingly, it’s also one of the most basic apps on the list. It looks the most similar to Windows File Explorer and offers the fewest enhancements.

Despite that, the enhancements will lift most users to a new level of productivity. You will enjoy tabbed browsing, the ability to merge and split files, and a display window for file previews.

Download: Explorer++

6. Altap Salamander

altap file explorer

Most of the apps I have shown you so far have focused on one computer. Altap Salamander is the first Windows File Explorer replacement that makes a big push to offer extensive networking tools.

Network protocols such as FTP, FTPS, SCP, and SFTP are all supported. It makes transferring files over the internet exceptionally straightforward.

The app also offers support for more archive file types than its rivals. It can work with ZIP, RAR, 7-Zip, ISO images, and UDF images.

Altap Salamander offers one other unique tool: a built-in password manager. It means you can protect any sensitive or personal files using secure encryption techniques, thus stopping them from falling into the wrong hands.

Costing around $27 (depending on the current euro exchange rate), it’s also one of the most reasonably-priced paid apps.

Download: Altap Salamander

7. TagSpaces

tagspaces file explorer app screen

TagSpaces is an open source file organizer. It’s seemingly targeted at light users and people who want to keep everything organized on their machine without using a full-featured file manager.

It works by adding user-defined tags to all your files. For example, you could tag things as “Photos,” “Recipes,” “College,” and so on. You can color-coordinate your tags, then organize them thematically into groups for easy recall.

Best of all, because it works on Windows, Mac, Linux, and Android, you can stay coordinated regardless of which device you’re working on. The app even boasts Chromecast support.

Download: TagSpaces

The Best File Manager for Windows 10

Each app will appeal to a different type of user. People looking for a small amount of added functionality should consider Explorer++ or Free Commander. If you’re a power user, check out XYplorer or Directory Opus. Developers need fman, networkers need Altap Salamander, and if you want something completely different, download TagSpaces.

If you’d like to learn, check out our list of tips and tricks for Windows Explorer.

Read the full article: The 7 Best Windows File Explorer Alternatives and Replacements


Read Full Article

The Best Linux Software and Apps

The 7 Best History Apps That Make Learning History Exciting

How to Change the Ads You See on Facebook


change-fb-ads

Facebook now has over 2 billion monthly active users. Unsurprisingly, it’s collecting as much data about them as possible. This is to help advertisers target ads at the right people.

If you’re on Facebook, did you know that you can see what Facebook thinks it knows about you?

In this article, we’ll explain how Facebook collects this data about you, how to view your Ad Preferences, and (crucially) how to change them if they’re inaccurate.

Do You Know What Facebook Knows About You?

According to research conducted by the Pew Research Center, 74 percent of American Facebook users don’t know that Facebook maintains a list of their interests and traits for advertising purposes.

Facebook collects this information in the background, but you can see it on a page called Your Ad Preferences. Since Facebook is trying to figure out these preferences from your activity, it isn’t always accurate. According to the survey, 59 percent of people say the data reflected their real-life interests, while 27 percent say its not very or not at all accurate.

Facebook reflected in phone

When shown how Facebook classifies their interests, 51 percent of respondents said that they were not comfortable that such a list existed.

Facebook also assigns some users a political and multicultural affinity. The latter is not your actual race or ethnic background, but instead your understanding or empathy towards a group.

Around half of the people in the survey had been assigned a political affinity. And while 73 percent say it’s accurate, 27 percent say otherwise. Only about a fifth of people had a multicultural affinity. A sizable 60 percent say their affinity is strong to the group they had been assigned to, while 37 percent say otherwise.

How accurate this data is not only relies on Facebook’s formula for calculation, but also on your activity across the web and offline.

How Facebook Creates Your Ad Preferences

Facebook collects data and makes assumptions about you in order to benefit its advertisers. By knowing who you are, Facebook can target ads that it thinks will be relevant to your interests.

How Advertisers Target You

When an advertiser comes to Facebook, they detail the audience they want to reach, defined by things like age range, gender, location, and interests. Facebook then links this to all of their users to find a match.

How Facebook adverts are created

Let’s say a cupcake company in New York wants to run an ad to get people into their shop to buy their new Batman-themed cupcake: dark chocolate, yellow icing, and the bat emblem on top. Delicious!

The cupcake company could target their ad at people who are between 18-35 years old, within 20 miles of their store, and have an interest in comic books.

If you are 23 years old, living near Central Park, and visit a Batman fansite regularly, Facebook will prioritize showing the cupcake ad to you.

How Facebook shows ads based on who you are

How Facebook Knows Who You Are

Facebook builds its profile on you using a variety of different methods.

The first, and probably most obvious, method is through your activity on Facebook and Instagram (which Facebook owns). Information collected includes pages you and your friends like, all personal details in your profile like age and gender, plus the places you check in to.

Your location can also be determined through where you use your phone and where you connect to the internet.

Facebook logo with magnifying glass

Even if Facebook doesn’t own a website or app, you are still liable to be tracked if the developer is utilizing Facebook’s web beacons. These can track if you download their app, what pages you view, and what you add to your shopping cart or purchase.

Finally, an advertiser can upload a customer list to Facebook, which can include your phone number, email address, and other information. The advertiser can collect this data when you sign up on their website, subscribe to an email newsletter, or make a purchase.

How to Change Your Facebook Ad Preferences

Thankfully for anyone concerned that this data is being collected, Facebook have made it easy to see your ad preferences. Log in to your Facebook account and click the dropdown arrow from the top menu. Select Settings > Ads. This is Your Ad Preferences page.

Facebook interest advert preferences

Expand Your interests to see what Facebook thinks you like across categories like entertainment, shopping, and technology. Click an interest to see an example ad. Click the cross to remove something from your ad preferences; this doesn’t remove Facebook storing that data about you, but lets them know you don’t think it applies to you.

The Advertisers section shows which companies added information about you, websites you’ve visited, ads you’ve clicked, and more. Click the cross to stop seeing ads from that company. This doesn’t remove the data that the company uploaded about you.

Facebook your information advert preferences

Expand Your information and use the sliders to set whether Facebook can show you ads based on your profile fields like relationship status and job title. Separate from ad settings, you need to remove this data from your profile if you don’t want Facebook to know it.

Take a close look at the Ad settings section. You can choose whether you allow Facebook to show you ads based on data for partners and based on your activity elsewhere. You can also exclude your name appearing in ads for other people. Click each section in turn, read the full details, and use the dropdown to set your preference.

Facebook hide ad topics

Finally, Hide ad topics lets you note your desire to see less ads related to alcohol, parenting, and pets. This can be for 6 months, 1 year, or even permanently.

How to Stop Facebook Tracking You

Now, you are fully educated on how Facebook is tracking you and where you need to go to maintain your ad preferences. And it’s understandable if this all seems a bit creepy, leading you to want to crack down on it.

For more information about controlling how your activity is recorded, see our guides on how to stop Facebook tracking you and how to stop Facebook selling your browsing data.

Image Credit: lightwavemedia/Depositphotos

Read the full article: How to Change the Ads You See on Facebook


Read Full Article

The 7 Best Coupon Apps for Groceries

Facebook’s VPN app puts spotlight on kids’ consent


Facebook could face fresh scrutiny in Europe following a TechCrunch report on its use of a VPN app to monitor people’s smartphone activity — including teenagers as young as 13.

The Irish Data Protection Commission (DPC) told us it’s asked Facebook to provide more information on what data is collected via the market research program, codenamed ‘Project Atlas’, so that it can determine whether there are grounds for further investigation.

“The Irish DPC only became aware of this story through this morning’s media reporting. Before we can make any assessment as to whether or not there are any data protection concerns, we will need to understand better to what extent, how and on what basis the personal data in question is being processed and used. We have asked Facebook to provide us with this information,” said the DPC’s head of communications, Graham Doyle.

Under European union law there are special requirements for processing minors’ personal data. And, as we reported earlier, Facebook’s research program is open to people around the world — although the company has yet to confirm whether it has any teenage participants in Europe. (We’ve asked and will update this report with any response.)

If it turns out that European teens have been participating in the research effort Facebook could face another barrage of complaints under the bloc’s General Data Protection Regulation (GDPR) — and the prospect of substantial fines if any local agencies determine it failed to live up to consent and ‘privacy by design’ requirements baked into the bloc’s privacy regime. (Facebook’s international HQ is located in Ireland, which makes the Irish DPC the lead agency for any investigation of the project.)

Less aware of the risks

Setting out conditions applicable to consent for processing the personal data of children aged 13 or older, one section of text from the GDPR reads: “Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data.”

“Given that children merit specific protection, any information and communication, where processing is addressed to a child, should be in such a clear and plain language that the child can easily understand,” runs another.

The VPN app that Facebook has been using as a data-harvesting vehicle (since we reported on the story it’s closed down the iOS version of the app) requires participants give root access to their device — potentially affording the company a very high resolution view of their digital activity indeed.

According to an investigation we commissioned data continuously collected via the VPN app could include private messages in social media apps; chats from in instant messaging apps – including photos/videos sent to others; emails; web searches; web browsing activity; and ongoing location information.

Although Facebook has also not confirmed exactly what data types it pulls via the program.

Participants are offered payments of up to $20 (in e-gift tokens) to incentivize them to sign up to have their data harvested on an ongoing basis, with the program open to people aged 13-35.

Facebook says parental consent is required for minors aged 13-17. But it’s not clear how robust the company’s age verification process is — after BBC journalist Dave Lee reported being able to sign himself up to participate in Project Atlas, earlier today, as a “14-year-old boy… with two kids”.

“It required no proof of parental consent at all. I’ve just been sent a link to download the iOS app, ” he added via Twitter.

So while Facebook previously told us less than 5% of the (unknown number of) participants in the research program are teens it’s not clear whether it can make that sort of assertion — or indeed put any verifiable figure on children’s participation in the program — if its age verification process fails at the first hurdle.

We’ve reached out to Facebook with questions and to the app testing companies it’s been working with to administer the program — namely Applause/uTest and BetaBound — to ask how they verify the age of participants and how parental consents are collected. At the time of writing none had replied.

In an earlier statement, provided in response to our first report on Project Atlas, Facebook defended the initiative, saying:

Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.

Questions over verification

Returning to the GDPR, Article 8 — which concerns conditions application to children’s consent for processing personal data — states data controllers must make “reasonable efforts” to verify consent when processing children’s personal data:

The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.

And in further guidance on conditions for processing children’s data, the UK’s data protection agency says “data protection by design and by default” must be the baseline.

“Transparency is also key,” it continues. “You can raise children’s (and their parents’) awareness of data protection risks, consequences, safeguards and rights by: Telling them what you are doing with their personal data; Being open about the risks and safeguards involved; and letting them know what to do if they are unhappy. This will also help them make informed decisions about what personal data they wish to share.”

Facebook has said parental consent forms were “signed” and also claims it provided “extensive information” about the data being collected. But plenty of questions remain over exactly how robustly it verified participants’ ages; how parental consents were obtained; as well as the quality and accessibility of the information provided to parents and teens.

One UK-based EU data protection expert we asked for a view, Pat Walshe, suggested the approach to consent described in the article would not pass muster under GDPR.

As well as offering up to $20 a month in incentivize teens to sign away their privacy, Facebook’s program also included a referral scheme — which meant users could increase their ‘earnings’ by recommending a friend — aping the ‘growth hacking’ tactics deployed by app developers everywhere hoping to spark a viral run for their latest release.

But a viral run on kids’ privacy wouldn’t be at all cool.  

In instances where minors signed up to be watched by Facebook the program appears to have rewarded them for pestering their peers to do the same.

Yet an age verification system that can’t distinguish an adult male from a 14-year-old boy seems unlikely to be able to correctly identify a child younger than 13 who’s — say — pretending to be an adult in order to get some sweet e-gift rewards…

Last fall the children’s commissioner for England published a report raising concerns about how extensively minors’ data is being collected and shared across the board, in both the private and public sectors, writing that: “Children and parents need to be much more aware of what they share and consider the consequences.”

The UK’s ICO is currently working on an Age Appropriate Design Code of Practice — which a spokeswoman told us is due out later this year, following responses to a call for evidence last summer.


Read Full Article

Apple bans Facebook’s Research app that paid users for data


In the wake of TechCrunch’s investigation yesterday, Apple blocked Facebook’s Research VPN app before the social network could voluntarily shut it down. The Research app asked users for root network access to all data passing through their phone in exchange for $20 per month. Apple tells TechCrunch that yesterday evening it pulled the certificate that allows Facebook to distribute the Research app through Apple’s Enterprise Certificate system.

TechCrunch had reported that Facebook was breaking Apple’s policy that the Enterprise system is only for distributing internal corporate apps to employees, not paid external testers. That was actually before Facebook released a statement last night saying that it had shut down the iOS version of the Research program without mentioning that it was forced by Apple to do so.

TechCrunch’s investigation discovered that Facebook has been quietly operated the Research program on iOS and Android since 2016, recently under the name Project Atlas. It recruited 13 to 35 year olds, 5 percent of which were teenagers, with ads on Instagram and Snapchat and paid them a monthly fee plus referral bonuses to install Facebook’s Research app, the included VPN app that routes traffic to Facebook, and to ‘Trust’ the company with root network access to their phone. That lets Facebook pull in a user’s web browsing activity, what apps are on their phone and how they use them, and even decrypt their encrypted traffic. Facebook went so far as to ask users to screenshot and submit their Amazon order history. Facebook uses all this data to track competitors, assess trends, and plan its product roadmap.

Facebook was forced to remove its similar Onavo Protect app in August last year after Apple changed its policies to prohibit the VPN app’s data collection practices. But Facebook never shut down the Research app with the same functionality it was running in parallel. In fact, TechCrunch commissioned security expert Will Strafach to dig into the Facebook Research app, and we found that it featured tons of similar code and references to Onavo Protect. That means Facebook was purposefully disobeying the spirit of Apple’s 2018 privacy policy change while also abusing the Enterprise Certificate program.

Facebook’s legitimate internal-use only apps like pre-launch versions of Facebook and Instagram as well as its employee logistics apps are still functioning, a source says. That would indicate that Apple didn’t go so far as to completely shut down Facebook’s access to the Enterprise developer program.

This morning, Apple informed us it had banned Facebook’s Research app yesterday before the social network seemingly pulled it voluntarily. Apple provided us with this strongly worded statement condemning the social network’s behavior:

“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

That comes in direct contradiction to Facebook’s initial response to our investigation. Facebook claimed it was in alignment with Apple’s Enterprise Certificate policy and that the program was no different than a focus group.

Seven hours later, a Facebook spokesperson said it was pulling its Research program from iOS without mentioning that Apple forced it to do so, and issued this statement disputing the characterization of our story:

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

We refute those accusations by Facebook. As we wrote yesterday night, Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.

The situation will surely worsen the relationship between Facebook and Apple after years of mounting animosity between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices, and Facebook’s Mark Zuckerberg has countered that it offers products for free for everyone rather than making products few can afford like Apple. Flared tensions could see Facebook receive less promotion in the App Store, fewer integrations into iOS, and more jabs from Cook. Meanwhile, the world sees Facebook as having been caught red-handed threatening user privacy and breaking Apple policy.


Read Full Article

Apple bans Facebook’s Research app that paid users for data


In the wake of TechCrunch’s investigation yesterday, Apple blocked Facebook’s Research VPN app before the social network could voluntarily shut it down. The Research app asked users for root network access to all data passing through their phone in exchange for $20 per month. Apple tells TechCrunch that yesterday evening it pulled the certificate that allows Facebook to distribute the Research app through Apple’s Enterprise Certificate system.

TechCrunch had reported that Facebook was breaking Apple’s policy that the Enterprise system is only for distributing internal corporate apps to employees, not paid external testers. That was actually before Facebook released a statement last night saying that it had shut down the iOS version of the Research program without mentioning that it was forced by Apple to do so.

TechCrunch’s investigation discovered that Facebook has been quietly operated the Research program on iOS and Android since 2016, recently under the name Project Atlas. It recruited 13 to 35 year olds, 5 percent of which were teenagers, with ads on Instagram and Snapchat and paid them a monthly fee plus referral bonuses to install Facebook’s Research app, the included VPN app that routes traffic to Facebook, and to ‘Trust’ the company with root network access to their phone. That lets Facebook pull in a user’s web browsing activity, what apps are on their phone and how they use them, and even decrypt their encrypted traffic. Facebook went so far as to ask users to screenshot and submit their Amazon order history. Facebook uses all this data to track competitors, assess trends, and plan its product roadmap.

Facebook was forced to remove its similar Onavo Protect app in August last year after Apple changed its policies to prohibit the VPN app’s data collection practices. But Facebook never shut down the Research app with the same functionality it was running in parallel. In fact, TechCrunch commissioned security expert Will Strafach to dig into the Facebook Research app, and we found that it featured tons of similar code and references to Onavo Protect. That means Facebook was purposefully disobeying the spirit of Apple’s 2018 privacy policy change while also abusing the Enterprise Certificate program.

Facebook’s legitimate internal-use only apps like pre-launch versions of Facebook and Instagram as well as its employee logistics apps are still functioning, a source says. That would indicate that Apple didn’t go so far as to completely shut down Facebook’s access to the Enterprise developer program.

This morning, Apple informed us it had banned Facebook’s Research app yesterday before the social network seemingly pulled it voluntarily. Apple provided us with this strongly worded statement condemning the social network’s behavior:

“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

That comes in direct contradiction to Facebook’s initial response to our investigation. Facebook claimed it was in alignment with Apple’s Enterprise Certificate policy and that the program was no different than a focus group.

Seven hours later, a Facebook spokesperson said it was pulling its Research program from iOS without mentioning that Apple forced it to do so, and issued this statement disputing the characterization of our story:

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

We refute those accusations by Facebook. As we wrote yesterday night, Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.

The situation will surely worsen the relationship between Facebook and Apple after years of mounting animosity between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices, and Facebook’s Mark Zuckerberg has countered that it offers products for free for everyone rather than making products few can afford like Apple. Flared tensions could see Facebook receive less promotion in the App Store, fewer integrations into iOS, and more jabs from Cook. Meanwhile, the world sees Facebook as having been caught red-handed threatening user privacy and breaking Apple policy.


Read Full Article

You can pre-order Meizu’s crazy phone with no port for $1,299


If you’re interested in Meizu’s insane smartphone that doesn’t have any port or button, you can now pre-order it on Indiegogo for $1,299. Supply is limited as the company is only selling 100 units for now.

The Meizu Zero looks like any modern phone at first sight. But if you look beyond the display, you’ll notice that there’s absolutely zero port or button.

The volume button has been replaced with a touch-sensitive surface. The fingerprint sensor is integrated in the display. Wireless charging is the only way to charge the device. And if you’re thinking about putting your SIM card in the phone, there’s no SIM slot either — I hope your carrier supports eSIM cards.

There’s no speaker grille either. Meizu is using the screen as a display by sending vibrations through the display. It also works as a microphone, apparently.

It’s unclear if this is just a giant joke or an actual product. But it’s an interesting experiment. For $1,299, you get a phone with a 5.99-inch AMOLED display and a Snapdragon 845 system-on-a-chip. The company expects to ship the device in April 2019.


Read Full Article

India’s largest bank SBI leaked account data on millions of customers


India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions.

The server, hosted in a regional Mumbai-based datacenter, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500.

But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information.

It’s not known for how long the server was open, but long enough for it to be discovered by a security researcher, who told TechCrunch of the leak, but did not want to be named for the story.

SBI Quick allows SBI’s banking customers to text the bank, or make a missed call, to retrieve information back by text message about their finances and accounts. It’s ideal for millions of the banking giant’s customers who don’t use smartphones or have limited data service. By using predefined keywords, like “BAL” for a customer’s current balance, the service recognizes the customer’s registered phone number and will send back current amount in that customer’s bank account. The system can also be used to send back the last five transactions, block an ATM card, and make inquiries about home or car loans.

It was the back-end text message system that was exposed, TechCrunch can confirm, storing millions of text messages each day.

A redacted example of some of the banking and credit information found in the database. (Image: TechCrunch)

The passwordless database allowed us to see all of the text messages going to customers in real-time, including their phone numbers, bank balances, and recent transactions. The database also contained the customer’s partial bank account number. Some would say when a check had been cashed, and many of the bank’s sent messages included a link to download SBI’s YONO app for internet banking.

The bank sent out close to three million text messages on Monday alone.

The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers’ finances.

We verified the data by asking India-based security researcher Karan Saini to send a text message to the system. Within seconds, we found his phone number in the database, including the text message that he received back.

“The data available could potentially be used to profile and target individuals that are known to have high account balances,” said Saini in a message to TechCrunch. Saini previously found a data leak in India’s Aadhaar, the country’s national identity database, and a two-factor bypass bug in Uber’s ride-sharing app.

Saini said that knowing a phone number “could be used to aid social engineering attacks — which is one the most common attack vector here with regard to financial fraud,” he said.

SBI claims more than 500 million customers across the globe with 740 million accounts.

Just days earlier, SBI accused Aadhaar’s authority, UIDAI, of mishandling citizen data that allowed fake Aadhaar identity cards to be created, despite numerous security lapses and misuse of the system. UIDAI denied the report, saying there was “no security breach” of its system. (UIDAI often uses the term “fake news” to describe coverage it doesn’t like.)

TechCrunch reached out to SBI and India’s National Critical Information Infrastructure Protection Centre, which receives vulnerability reports for the banking sector. The database was secured overnight.

Despite several emails, SBI did not comment prior to publication.


Read Full Article

How business-to-business startups reduce inequality

Google is using 3D printers to re-create ancient artifacts


One of 3D printing’s biggest selling points has always been the ability to create objects that would otherwise be difficult or impossible to build with more traditional methods. A new collaboration between Google and industrial 3D printer manufacturer Stratasys, however, finds the companies working to re-create the familiar.

The latest addition to the Open Heritage Project finds Google Arts and Culture leveraging Stratsys’ multi-color prototyping machine, the J750 3D, to create models of ancient objects and landmarks. The project is designed to give museum-goers and researchers access to rare or on-off creations and to help preserve structures from the ravages of time.

“The project was to explore physically making these artifacts in an effort to get people hooked and excited about seeing pieces in a museum or research context,” Google Design Technologist Bryan Allen said in a statement tied to the announcement. “That’s when we turned to 3D Printing. “With the new wave of 3D Printed materials now available, we’re able to deliver better colors, higher finish, and more robust mechanical properties – getting much closer to realistic prototypes and final products right off the machines.”

The teams use 3D scanners to create a CAD design of objects and architecture from heritage sites. Those can then be accessed as a file or printed on one of the of these machines.


Read Full Article

Your smartphone may soon pack 1TB in storage thanks to Samsung’s new memory chip


Sick of filling the limited space on your phone with apps, photos and videos? Sometime in the near future, your smartphone could ship with more than one-terabyte (1TB) of internal storage and run 10 times faster than a standard memory card.

Samsung is best known for making smartphones but the company’s memory division — one of its most profitable units — just announced that it has begun mass-producing a 1TB flash storage chip for phones. There’s no word on when they’ll be inside smartphones but Samsung said it plans to increase production during the first half of this year.

“Smartphone enthusiasts will soon be able to enjoy storage capacity comparable to a premium notebook PC, without having to pair their phones with additional memory cards,” Samsung said.

That 1TB capacity is double the previous highest that the Korean firm has produced. Its newest chip gave the Galaxy Note 9 a 512GB model which passes the terabyte milestone when a 512GB SD card is added. This new breakthrough promises to offer that without the help of a card, but the company also boasted of improved performance.

Samsung said its new tech reaches speeds of up to 1,000 megabytes per second (MB/s) — that would transfer a 5GB-sized full HD video in just five seconds to transfer, as opposed to nearly one minute with conventional microSD cards. Increased memory will also enable better quality high-resolution video shooting thanks to faster random read speed, it said.

Sounds good, but might this ship before the end of the year? The Samsung rumor mill is already speculating that the upcoming Galaxy Note 10 could include a 1TB model, but at this stage there is no concrete evidence. Keep an eye out for future leaks for more hints.


Read Full Article

You Can Now Play Fortnite on Mobile With a Controller


If you play Fortnite on your smartphone you can now use a Bluetooth controller. This should help level the playing field when playing against Fortnite players on PC or console. Because as good as touchscreen controls can be, they’re no match for a controller.

Epic promised controller support was incoming in an update from November 2018. At the time the company said it was “beginning testing on various controller setups as we work to enable support.” Now, controller support has arrived with the release of Fortnite v7.30.

Fortnite Levels the Playing Field for Mobile Gamers

Epic Games regularly updates Fortnite, fixing bugs and other technical issues, and adding new features and fun elements. Fortnite v7.30 is no exception, but the headline feature of this particular update is mobile controller support on Android and iOS.

On Android, Fortnite now supports “most Bluetooth controller adapters, such as Steelseries Stratus XL, Gamevice, XBox1, Razer Raiju, and Moto Gamepad.” On iOS, Fortnite now supports “MFi controllers, such as Steelseries Nimbus and Gamevice”.

Why is this important? Because Fortnite is one of the few games to offer crossplay across multiple platforms. And if you’re playing Fortnite on Android or iOS, using a controller is going to help you compete against people on PC, Mac, PS4, Xbox One, and Switch.

Fortnite v7.30 isn’t all about mobile controller support though. It’s also adding a 60Hz mode on select Android devices (Samsung Galaxy Note 9, Huawei Honor View 20, Huawei Mate 20 X). You can see all of the other improvements in the Fortnite v7.30 patch notes.

Further Reading for Fortnite Fans and Virgins

if you’re a parent of kids who play this game, here’s everything you need to know about Fortnite. Meanwhile, if you haven’t yet dived in but are tempted by the new support for mobile controllers, be sure to read our guide to playing Fortnite on mobile.

Read the full article: You Can Now Play Fortnite on Mobile With a Controller


Read Full Article

Modern OSI Model


Modern OSI Model

Facebook pays teens to install VPN that spies on them


Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms. Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits, and it has no plans to stop.

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.

Facebook’s Research app requires users to ‘Trust’ it with extensive access to their data

We asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.

The strategy shows how far Facebook is willing to go and how much it’s willing to pay to protect its dominance — even at the risk of breaking the rules of Apple’s iOS platform on which it depends. Apple could seek to block Facebook from continuing to distribute its Research app, or even revoke it permission to offer employee-only apps, and the situation could further chill relations between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices. Facebook disobeying iOS policies to slurp up more information could become a new talking point. TechCrunch has spoken to Apple and it’s aware of the issue, but the company did not provide a statement before press time.

Facebook’s Research program is referred to as Project Atlas on sign-up sites that don’t mention Facebook’s involvement

“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach tells us. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”

Facebook’s surveillance app

Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using. Internal documents acquired by Charlie Warzel and Ryan Mac of BuzzFeed News reveal that Facebook was able to leverage Onavo to learn that WhatsApp was sending more than twice as many messages per day as Facebook Messenger. Onavo allowed Facebook to spot WhatsApp’s meteoric rise and justify paying $19 billion to buy the chat startup in 2014. WhatsApp has since tripled its user base, demonstrating the power of Onavo’s foresight.

Over the years since, Onavo clued Facebook in to what apps to copy, features to build and flops to avoid. By 2018, Facebook was promoting the Onavo app in a Protect bookmark of the main Facebook app in hopes of scoring more users to snoop on. Facebook also launched the Onavo Bolt app that let you lock apps behind a passcode or fingerprint while it surveils you, but Facebook shut down the app the day it was discovered following privacy criticism. Onavo’s main app remains available on Google Play and has been installed more than 10 million times.

The backlash heated up after security expert Strafach detailed in March how Onavo Protect was reporting to Facebook when a user’s screen was on or off, and its Wi-Fi and cellular data usage in bytes even when the VPN was turned off. In June, Apple updated its developer policies to ban collecting data about usage of other apps or data that’s not necessary for an app to function. Apple proceeded to inform Facebook in August that Onavo Protect violated those data collection policies and that the social network needed to remove it from the App Store, which it did, Deepa Seetharaman of the WSJ reported.

But that didn’t stop Facebook’s data collection.

Project Atlas

TechCrunch recently received a tip that despite Onavo Protect being banished by Apple, Facebook was paying users to sideload a similar VPN app under the Facebook Research moniker from outside of the App Store. We investigated, and learned Facebook was working with three app beta testing services to distribute the Facebook Research app: BetaBound, uTest and Applause. Facebook began distributing the Research VPN app in 2016. It has been referred to as Project Atlas since at least mid-2018, around when backlash to Onavo Protect magnified and Apple instituted its new rules that prohibited Onavo. Facebook didn’t want to stop collecting data on people’s phone usage and so the Research program continued, in disregard for Apple banning Onavo Protect.

Facebook’s Research App on iOS

Ads (shown below) for the program run by uTest on Instagram and Snapchat sought teens 13-17 years old for a “paid social media research study.” The sign-up page for the Facebook Research program administered by Applause doesn’t mention Facebook, but seeks users “Age: 13-35 (parental consent required for ages 13-17).” If minors try to sign-up, they’re asked to get their parents’ permission with a form that reveal’s Facebook’s involvement and says “There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of apps. You will be compensated by Applause for your child’s participation.” For kids short on cash, the payments could coerce them to sell their privacy to Facebook.

The Applause site explains what data could be collected by the Facebook Research app (emphasis mine):

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”

Meanwhile, the BetaBound sign-up page with a URL ending in “Atlas” explains that “For $20 per month (via e-gift cards), you will install an app on your phone and let it run in the background.” It also offers $20 per friend you refer. That site also doesn’t initially mention Facebook, but the instruction manual for installing Facebook Research reveals the company’s involvement.

Facebook’s intermediary uTest ran ads on Snapchat and Instagram, luring teens to the Research program with the promise of money

 

Facebook seems to have purposefully avoided TestFlight, Apple’s official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants. Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and “Trust” Facebook with root access to their phone plus much of the data it transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule.

Security expert Will Strafach found Facebook’s Research app contains lots of code from Onavo Protect, the Facebook-owned app Apple banned last year

Once installed, users just had to keep the VPN running and sending data to Facebook to get paid. The Applause-administered program requested that users screenshot their Amazon orders page. This data could potentially help Facebook tie browsing habits and usage of other apps with purchase preferences and behavior. That information could be harnessed to pinpoint ad targeting and understand which types of users buy what.

TechCrunch commissioned Strafach to analyze the Facebook Research app and find out where it was sending data. He confirmed that data is routed to “vpn-sjc1.v.facebook-program.com” that is associated with Onavo’s IP address, and that the facebook-program.com domain is registered to Facebook, according to MarkMonitor. The app can update itself without interacting with the App Store, and is linked to the email address PeopleJourney@fb.com. He also discovered that the Enterprise Certificate indicates Facebook renewed it on June 27th, 2018 — weeks after Apple announced its new rules that prohibited the similar Onavo Protect app.

“It is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture,” Strafach explains. “They might respond and claim to only actually retain/save very specific limited data, and that could be true, it really boils down to how much you trust Facebook’s word on it. The most charitable narrative of this situation would be that Facebook did not think too hard about the level of access they were granting to themselves . . . which is a startling level of carelessness in itself if that is the case.”

“Flagrant defiance of Apple’s rules”

In response to TechCrunch’s inquiry, a Facebook spokesperson confirmed it’s running the program to learn how people use their phones and other services. The spokesperson told us “Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.”

Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by your phone

Facebook’s spokesperson claimed that the Facebook Research app was in line with Apple’s Enterprise Certificate program, but didn’t explain how in the face of evidence to the contrary. They said Facebook first launched its Research app program in 2016. They tried to liken the program to a focus group and said Nielsen and comScore run similar programs, yet neither of those ask people to install a VPN or provide root access. The spokesperson confirmed the Facebook Research program does recruit teens but also other age groups from around the world. They claimed that Onavo and Facebook Research are separate programs, but admitted the same team supports both as an explanation for why their code was so similar.

Facebook’s Research program requested users screenshot their Amazon order history to provide it with purchase data

However, Facebook claim that it doesn’t violate Apple’s Enterprise Certificate policy is directly contradicted by the terms of that policy. Those include that developers “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing”. The policy also states that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers” unless under direct supervision of employees or on company premises. Given Facebook’s customers are using the Enterprise Certificate-powered app without supervision, it appears Facebook is in violation.

Facebook disobeying Apple so directly could hurt their relationship. “The code in this iOS app strongly indicates that it is simply a poorly re-branded build of the banned Onavo app, now using an Enterprise Certificate owned by Facebook in direct violation of Apple’s rules, allowing Facebook to distribute this app without Apple review to as many users as they want,” Strafach tells us. ONV prefixes and mentions of graph.onavo.com, “onavoApp://” and “onavoProtect://” custom URL schemes litter the app. “This is an egregious violation on many fronts, and I hope that Apple will act expeditiously in revoking the signing certificate to render the app inoperable.”

Facebook is particularly interested in what teens do on their phones as the demographic has increasingly abandoned the social network in favor of Snapchat, YouTube and Facebook’s acquisition Instagram. Insights into how popular with teens is Chinese video music app TikTok and meme sharing led Facebook to launch a clone called Lasso and begin developing a meme-browsing feature called LOL, TechCrunch first reported. But Facebook’s desire for data about teens riles critics at a time when the company has been battered in the press. Analysts on tomorrow’s Facebook earnings call should inquire about what other ways the company has to collect competitive intelligence.

Last year when Tim Cook was asked what he’d do in Mark Zuckerberg’s position in the wake of the Cambridge Analytica scandal, he said “I wouldn’t be in this situation . . . The truth is we could make a ton of money if we monetized our customer, if our customer was our product. We’ve elected not to do that.” Zuckerberg told Ezra Klein that he felt Cook’s comment was “extremely glib.”

Now it’s clear that even after Apple’s warnings and the removal of Onavo Protect, Facebook is still aggressively collecting data on its competitors via Apple’s iOS platform. “I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Strafach concluded. If Apple shuts the Research program down, Facebook will either have to invent new ways to surveil our behavior amidst a climate of privacy scrutiny, or be left in the dark.

Additional reporting by Zack Whittaker.


Read Full Article