Ring slightly overhauls security and privacy, but it’s still not enough

Security camera maker Ring is updating its service to improve account security and give more control when it comes to privacy. Once again, this is yet another update that makes the overall experience slightly better but the Amazon-owned company is still not doing enough to protect its users.

First, Ring is reversing its stance when it comes to two-factor authentication. Two-factor authentication is now mandatory — you can’t even opt out. So the next time you login on your Ring account, you’ll receive a six-digit code via email or text message to confirm your login request.

This is very different from what Ring founder Jamie Siminoff told me at CES in early January:

“So now, we’re going one step further, which is for two-factor authentication. We really want to make it an opt-out, not an opt-in. You still want to let people opt out of it because there are people that just don’t want it. You don’t want to force it, but you want to make it as forceful as you can be without hurting the customer experience.”

Security experts all say that sending you a code by text message isn’t perfect. It’s better than no form of two-factor authentication, but text messages are not secure. They’re also tied to your phone number. That’s why SIM-swapping attacks are on the rise.

As for sending you a code via email, it really depends on your email account. If you haven’t enabled two-factor authentication on your email account, then Ring’s implementation of two-factor authentication is basically worthless. Ring should let you use app-based two-factor with the ability to turn off other methods in your account.

And that doesn’t solve Ring’s password issues. As Motherboard originally found out, Ring doesn’t prevent you from using a weak password and reusing passwords that have been compromised in security breaches from third-party services.

A couple of weeks ago, TechCrunch’s Zack Whittaker could create a Ring account with “12345678” and “password” as the password. He created another account with “password” a few minutes ago.

When it comes to privacy, the EFF called out Ring’s app as it shares a ton of information with third-party services, such as branch.io, mixpanel.com, appsflyer.com and facebook.com. Worse, Ring doesn’t require meaningful consent from the user.

You can now opt out of third-party services that help Ring serve personalized advertising. As for analytics, Ring is temporarily removing most third-party analytics services from its apps (but not all). The company plans on adding a menu to opt out of third-party analytics services in a future update.

Enabling third-party trackers and letting you opt out later isn’t GDPR compliant. So I hope the onboarding experience is going to change as well as the company shouldn’t enable these features without proper consent at all.

Ring could have used this opportunity to adopt a far stronger stance when it comes to privacy. The company sells devices that you set up in your garden, your living room and sometimes even your bedroom. Users certainly don’t want third-party companies to learn more about your interactions with Ring’s services. But it seems like Ring’s motto is still: “If we can do it, why shouldn’t we do it.”

Gadgets – TechCrunch

The 9.7-inch iPad Pro is slightly slower than the 12.9-inch iPad Pro

iPad Pro 9.7 - Smart Keyboard - 3 Apple doesn’t like to talk about specs. But it turns out my boss Matthew Panzarino already has review units of the new iPad Pro and iPhone SE. So nobody is going to stop us if we want to run Geekbench on these new devices. The result is both interesting and unsurprising. While the 9.7-inch iPad Pro features an A9X chip like its big brother, it’s a bit underclocked. Read More

Gadgets – TechCrunch

HTC Finally Outs The Slightly Smaller One Mini, We Go Hands-On

onemini01

At long last, HTC finally confirmed what we all already knew to be true — the HTC One mini is a real mid-range smartphone, and it’s going to start hitting store shelves across the globe shortly.

Given HTC’s track record with this sort of thing so far, it’s no shock to see that images of the device leaked one last time before HTC made its official announcement. The company was still cagey on when exactly the device would launch and where — as usual, it’s leaving those proclamations up to the carriers, but HTC plans to launch the One mini in a handful of markets in August with a more widespread launch to follow in September. Fortunately for U.S. One fans, that last batch of photos very clearly indicates that AT&T will carry the device when it makes its to our neck of the woods.

But all this commotion raises an important question — what is it like using the One mini? I spent some time with the device earlier this week, and came away impressed considering its mid-range aspirations.

First things first: for a device that bears the “mini” moniker, the One mini isn’t all that much smaller than the flagship phone that preceded it. It’s just a few millimeters shorter and narrower than the full-sized One, and almost exactly as thick. The end result is a phone somehow manages to feel nicer in the hand than its slightly larger counterpart — the first One wasn’t unwieldy by any stretch, but its little brother fit more comfortably in my hefty mitts.












In case you were concerned that HTC had to cut corners when it came to design, well, don’t be. The aluminum unibody design that wowed fans of the original One has only been slightly tweaked for the One mini — perhaps the most notable physical differences are the lack of trim around the camera lens and the inclusion of a sort of polycarbonate bezel that runs around the mini’s face. Different, sure, but I doubt anyone but the most persnickety phone addict would take issue with these changes.

But aesthetics only account for part of the package. As you’d expect from a smaller (and almost definitely cheaper) device meant to appeal to the masses, HTC has had to dial back on some of the niceties that garnered the original One so many fans. Most of the goodies are still there — the BoomSound speakers remain, as does the Ultrapixel camera (albeit without optical image stabilization) around the back, but HTC needed to compromise on horsepower. Rather than running with a power hungry quad-core chip, the company instead chose to load up the One mini with a 1.4GHz dual-core Snapdragon 400 and 1GB of RAM.

It’s a modest spec sheet by today’s standards, but I didn’t notice any lag or slowdown as I put the (admittedly non-final) phone through its paces. If anything, the most worrisome change is that there’s only 16GB of internal storage available to users, an issue that’s compounded by the now-expected lack of a microSD card slot. Naturally, the screen has had to be downsized as well — the One mini sports a 4.3-inch display running at 720p, which is an adequate (if mildly underwhelming) replacement for the 1080p panel that graced the original One.

And of course, HTC’s Sense 5 UI is present once more, only this time it runs atop Android 4.2.2 Jelly Bean. Minor bugfixes and improvements have been added to the overlay for its next big (or small, I guess) outing, so don’t expect anything shockingly new on the software front if you take the plunge.

I’m waiting to get my hands on some final hardware before passing judgment, but so far the One mini seems like a worthy little brother to one of the great Android devices of our time. HTC clearly hopes that this thing will be able to penetrate markets in a way that its flagship One can’t, but only time will tell if the company finally has a mass market hit on its hands.

TechCrunch » Gadgets

Fitbit One Review: Slightly Flawed, But Still A Great Way To Quantify Yourself

fitbit-one-edit

The original Fitbit first saw the light of day over four years ago, and boy how things have changed since then. Now it seems like everyone from old incumbents to ambitious upstarts have offered their own takes on the activity-tracking formula, so how does Fitbit’s newest offering stack up to the competition?

The Fitbit One is…

A small, two-tone doodad that will set you back $ 99 and track your movement throughout the day. Most of the time, the black or burgundy Fitbit will live inside a similarly-colored silicone skin, and a sturdy metal clip mounted on the back keeps the Fitbit firmly attached to your clothing (the company recommends keeping it somewhere on your torso). When it’s not clipped to your person, chances are it’s bedtime and you’ve tucked it inside the black elastic armband to use as a silent alarm (more on that in a bit).

Before I ramble on for too much longer, know this: the Fitbit works like a treat. It ably tracks the number of steps I take, and its distance tracking seems to be more than adequate to boot — taking the One on one of my occasional runs saw distance counts that never strayed too far from the numbers the Nike+ GPS app offered up. The One is also smart enough to discern whether I’m just walking around or if I’m bounding up and down stairs, which then influences its appraisal of how many calories I’ve burned for the day.

The only thing that didn’t impress as much as I expected it to was the One’s oft-touted sleep tracking feature — I could never get the Fitbit to proffer an amount of time slept that matched up with how much sleep I thought I got. It’s not a dealbreaker for me, but appears I’m not the only one with this problem, and the company should really take a closer look here.

What else does it do?

The Fitbit experience is only as solid as its other half — the part that takes all of that activity information and turns it into a comprehensive suite of personal analytics. The process of getting all that data linked up with your Fitbit account is dead simple, too. All it takes to get started is plug the included wireless USB dongle in, pair it with the Fitbit by way of the included software, and start moving around.

Ideally that dongle will stay in one of your USB ports indefinitely, where it will connect with the Fitbit whenever they’re in close proximity. I wasn’t having any of that though, and took to syncing it exclusively with the companion iOS app thanks to the One’s low-power Bluetooth radio — a neat feature that Android users unfortunately can’t take advantage of just yet.

Fitbit veterans can feel free to gloss over this section, but once that data is uploaded, users can view their levels of activity splayed out in graph upon graph, as well as log their food intake to see if they’re running a calorie deficit for the day. The Fitbit itself only collects a fraction of the data the service is able to keep tabs on, though. Truly motivated folks can throw information about their weight changes, blood pressure, mood, and even glucose levels into their Fitbit accounts.

One of the most pleasant surprises about this thing was the silent alarm, which worked like a charm. Once the appointed time rolls around, the Fitbit’s tiny vibration motor begins pulsing in short spurts (protip: the vibration is strong if you insert the Fitbit with its screen facing your skin). My only beef? That it stops pulsing after about 10 spurts, only to start up again a few minutes later. Sure, it always managed to rouse me from my deep and fitful spurts of slumber, but I can’t shake the feeling that a continuous vibration would do the job even better.

And then there are the touches that you’ll hardly ever notice. If its screen is off and you pick it up, the Fitbit’s display will come to life with an encouraging (if terse) message to help keep users motivated. They’re not all that compelling — think “CLIMB IT CHRIS” and “SMOOCHES CHRIS” — but it’s a testament to the sort of attention to detail that went into making the One.

Now for the really annoying part

Really, if there’s one thing that irks me about using the Fitbit One, it’s having to keep up with all the little bits that come with it. I’ve been an avid user of Nike’s FuelBand for the past few months now, not so much because it’s my ideal activity-tracking solution — I’m no fan of the whole Fuel score conceit in the first place, and it’s awfully limited when it comes to functionality — but because I never really need to take it off until I want to sync it with my PC. It’s a largely self-contained system, and one I never had to spend much time fretting over.

Not so with the Fitbit One. I’ve misplaced the sleep wristband more than once these past few days which meant no silent alarm for me, and the stubby USB charging cable displayed a similar tendency to go AWOL. Oh, and it can’t actually be used to sync with the Fitbit, which strikes me as a bit of a missed opportunity. Instead, the dongle is a necessity for non-mobile syncing, as well as pushing updates to the Fitbit, so that’s another thing you’ll have to keep your eye on (I honestly have no idea where mine is right now).

To buy, or not to buy?

At $ 99, it’s not the cheapest little tracking gizmo, but it’s definitely worth the premium over its little brother the Zip. I haven’t spent any considerable amount of time with the Jawbone Up (see John’s review for more on that thing), but my week with the Fitbit has been enough for me to stick my once-trusty Fuelband into a drawer. If you’re looking for a neat (and unabashedly geeky) way to keep tabs on how active you are, the Fitbit One is a wonderful choice — as long as you don’t mind keeping track of all those accessories.


TechCrunch » Gadgets