Bitcoin is all the rage, and everyone is talking about it.  Any discussion or write up about Bitcoin usually starts with the fact that is it a decentralized digital currency. Decentralized means that no government or company controls it and it also means each participant is on his/her own when it comes to protecting their Bitcoin investment.

With US fiat currency saved in a bank, you have a high level of confidence that the money will be there in a day, week, month or a year. If the unthinkable happens and the bank is hacked,  most bank deposits are federally insured, and the government will make you whole.

Bitcoin does not have any insurance or governmental oversight. Any Bitcoin left on an exchange is only as secure as that exchange's platform.

In Bitcoin, your ownership is confirmed using a super secret private key. When you store coins on an exchange, they hold the private keys for these coins. Any hacker that manages to obtain these private keys can, therefore, control your (now their) coins and move them into a new account they control. Once your coins are gone, there is no way to recover them.

How to secure your Bitcoin

The first rule is: do not leave your Bitcoins on an exchange. Most theft happens from exchanges because hackers know that compromising one exchange can yield millions in gains.

Some Exchanges (e.g., Coinbase) offer offline cold storage options. These are more secure than their traditional active accounts (since they double check transaction requests and have long waiting periods), but if someone steals the private keys due to infrastructure insecurity,  they would be able to access your coins.

The second rule: control your private keys. When managing your private keys, computer security becomes critically important. I have written dozens of articles about it, so I won't take a deep dive here, but you'll have to spend some time thinking about it.  

In TL;DR form: I recommend that you chose the safest and most robust computing environment when processing your private keys or performing Bitcoin transactions (purchase, sale or transfer). For most individuals, I recommend using a name brand Chromebook. A Chromebook a purpose-built device running Google Chrome on a very secure Linux operating system. Google continuously updates Chromebooks. Chromebooks offer a small attack surface and are less susceptible to compromise than a Windows or MacOS device.

Now that you have a secure platform to complete your transactions, the next question is: Where do I store my private keys?  

You should keep a small amount of Bitcoin in a reputable smartphone app, where you can access it quickly if you feel like spending it.  I like the Jaxx wallet (it is simple, well written and cross-platform).

You should store most of your bitcoin in a purpose-built offline (not on your computer or connected to the internet) hardware device. My device of choice is the Trezor wallet, but there are other excellent options (e.g., Ledger). These devices generate and protect your private keys. By keeping your private keys offline, they are immune to infections on your computer or constant hacking attempts. A Chrome extension powers the Trezor wallet, therefore it works beautifully on a Chromebook.

When setting up these hardware wallets, you generate a special recovery sentence (typically consists of 20 unrelated words). You should write this down on paper and store it somewhere safe. Never save this online, since anyone with access to this code could recover your private keys and steal your money. In the unlikely event that your hardware wallet dies, you can order a replacement and restore your private keys (during initialization) by entering your unique secret recovery sentence.

As cryptocurrency matures and becomes more widespread, I believe people will have to take a more active role in protecting their own money.  It's probably a good idea to dip your toe now and start learning the ins and outs of crypto currency.

I've been involved in technology for a long time and bought my first real personal digital assistant (PDA) in 1997. It was an Apple Computers MessagePad (Newton) 130, and it was a thing of beauty. It had handwriting recognition, an external keyboard attachment and fueled my geek dreams about what wondrous technologies the future would bring.

Along the way, I owned hundreds of devices including Palm pilots, Treos, Handspring devices, Nokias and almost every other portable gadget in between.

As you can imagine, I also bought the first iPhone and almost every one since (in the last ten years). Every time I watched an Apple keynote, I was like a kid in a candy store. I starred at the presentation anxiously waiting to see what amazing new technologies Apple would bring into my life. Apple didn't invent most of that tech, but it usually made it usable and practical.

Then Steve passed away, and many were worried whether Apple had lost its mojo. Fans defended the Cupertino giant, but we started to see some cracks forming in its otherwise perfect and shining armor. Tech reviewers what would never have dared to challenge the superiority of the big Apple began to ask difficult questions.

For the past five years, I have been carrying both Android and IOS smartphones, but the iPhone has always been my primary daily driver. September 2017, was time for me to upgrade my "primary driver" from an iPhone  6s Plus + an iPhone 7 (yes I have both). I watched the keynote and was dumbfounded by the iPhone X. It was a beautiful piece of kit but had a screen smaller than the plus models and a price tag of $1500CAD. The camera wasn't materially better than the one in the iPhone 8 Plus. The only new "thing" it brought to the table was the FaceID sensor, an OLED screen, and smaller bezels.  

Apple technology innovation

Surely I had missed something. A ~$400 price increase had to bring something new and revolutionary? But it didn't. Having been a gadget geek for the last 25+ years, I knew perfectly well that previous devices  contained technology Apple commercialized many years later:

• wireless charging (HTC Droid DNA in 2012 - Apple in 2017)
• dual rear cameras (HTC One M8 in April 2014 - Apple 2016)
• OLED screen (Nokia N85 in October 2008 - Apple in 2017)
• Fingerprint scanner ( Motorola ATRIX 4G in March 2011 - Apple 2013)

Apple made many of these technologies better but by the time it included it, Android devices at half the price of an iPhone had them built in.

Apple has been a significant force pushing smartphone manufacturers to make safer, more secure devices and operating systems. This has been a clear win for consumers. Good healthy competition is good for the marketplace.

Is the iPhone more secure than an Android device?

Technologically yes. Apple's IOS is designed with strict application controls to protect user information. Its hardware (e,g, the secure enclave) is a thing of beauty and incredibly well designed to protect your biometric and financial information.

In the real world, for the average consumer that is not being targeted by skilled blackhat hackers or nation-state threat actors, both can be made equally safe with minimal handling precautions.

Not in my walled garden

A couple of months ago, Apple made headlines when it blocked all VPN apps from its China app store. This decision was made to comply with local laws, and Apple had no choice. The problem arises when you realize that Apple doesn't have a mechanism for users to sideload apps onto its devices.

Sideloading apps is a risk because it could be an attack vector, but shouldn't the user be able to accept the risk and perform their desired action on an $800-1000 device?

This had a chilling effect on some activists in China, but the same model of application category control could be applied to anything else in any other country (e.g., a country can outlaw social media or dating apps, etc.).

Time to switch?

Apple's latest financial results show that the company is doing smashingly well. They are selling record numbers of mobile devices, and their cash horde is only getting larger. Any talk about its demise is greatly exaggerated.

There is, however, a growing number of users, who were once ardent fans gobbling up all Apple branded tech, as fast as the company could release them, that are now looking at alternatives. I am amongst this group. My decision to switch isn't based on the cost of the device,  but on the more advanced Artifical intelligence features like the built-in assistant.

Android Auto versus Apple CarPlay

My latest car can support both platforms, but anyone that has used Apple Maps will tell you, it sucks. I can't tell you how many times it has navigated me into a major traffic jam or has taken me 20 minutes in the wrong direction. Apple doesn't like competition and would rather offer a sub-par experience to its users and maintain control.

On Android Auto, I can use other mapping apps, but on the iPhone, you can only use Apple Maps.

On Android Auto, you can choose which music app is your default and voice control it. On Apple, you can only voice control Apple Music.

And this is an example of the user-hostile behavior exhibited by Apple. Not only does it block competition, forcing you into inferior apps, but it isn't even improving the core interaction mechanisms of Car Play: the visual interface and SIRI.

SIRI the terrible

Most iPhone users from teenagers to CEOs use Siri a couple of times at first, then give up. I had hoped that Apple would update Siri's capabilities with IOS 11 (particularly with the expected December release of the Siri powered home speaker system, the HomePod). Surely Apple would impress us with massive gains in understanding and capabilities. Nope. Nothing.

While the Amazon Echo and Google Assistant improve every month, Apple hasn't developed Siri in years. It feels like Amazon and Google are working in internet time while Apple is working ... To be honest, I don't even think they are working on Siri. I say that facetious. I know they are working on Siri, but until users benefit from that work, it is useless.

The big data problem

I work in security and understand that absolute security is the enemy of usability. An absolutely secure system is not usable.
In the enterprise space, we are continually struggling to find the right balance between security and usability.

It feels Apple has taken a more security-focused approach and is willing to sacrifice modern functionality.

Any modern deep learning expert (aka neural networking that powers smart assistants) will tell you that the key to success is having vast amounts of ingestible data. Apple doesn't have this type of data because of it is privileging user privacy, whereas Google and Amazon do. Where Apple's image search can show you a dog, Google's can find the chihuahua on a beach eating a hotdog.

Siri is a parlour trick you get tired of after a day or two. Google Assistant will become a real time saver and thus will become something you will likely come back to over and over.

The latest and greatest thinking in machine learning from Geoffrey Hinton may eventually be beneficial for Apple. It is called Capsule Theory and is a new way of developing machine learning models that require much less data, but this is still early day research.

Conclusion

As I search for my next daily driver, I am testing a handful of new Android smartphones that I will review shortly on my blog. First-up will be a review of the Samsung Note 8. I won't be discussing the specifications but looking at it from the viewpoint of an iPhone user considering the switch.

I am hoping to also get my hands on a Mate 10 Pro, Pixel 2 XL and the ONePlus 5T.

Android 8 Oreo is the next thing for Android devices and everybody is working hard to bring it to their phones. Now Essential has implemented a special Oreo beta program for owners of its beautiful Essential Phone. Where Samsung allows you to install the Oreo beta (on the S8 and S8 Plus) via OTA update, Essential will force you to use ADB.

Essential does provide clear instructions but this can be seen as a natural filter that disqualifies anyone that doesn't really understand how Android works or understand what a beta is.

You will find, using the above link, a build for NM181C (for Sprint and Telus) and NMJ32F (for the other carriers)

Warning !

Remember this is a beta and you will experience issues and bugs. Known bugs already include: high battery drain, Android Auto issues and app instability.

What is malware

Malware is shorthand for Malicious Software and has been around almost from the start of computing. Its main purpose is to harm the computer or the user. Malware has been known to steal login credentials, monitor the user, tamper with information (breaking integrity), steal information or just making the system unusable. 

Malware can be designed by a nefarious teenager in his mother's basement looking to make a name for himself or by a state-sponsored threat actor against activists or journalists.

How can I tell if my computer is infected

The first rule of thumb is to use the Antivirus product that came with your operating system. As an example, all modern Windows systems are shipped with a self-updating antivirus supported by Microsoft. Third party products have been known to cause issues (here, here, etc).

To be transparent, antivirus will detect standard run of the mill type of malware but anything more sophisticated will easily get through. Larger companies with well-funded security teams typically eschew antivirus for more advanced malware detection tools based on a series of technologies like application behaviour monitoring, machine learning, artificial intelligence and system baselining. Unfortunately, these are not yet available for small operations but expect them to eventually make their way there.

So the question of detecting malware on your computer is a difficult one and often requires a highly skilled technician with precise tools that knows what he/she is looking for.  At the very least, use the tools available to you now:

• Sign up for services that offer 2-factor authentication (so malware can't log into your account by simply stealing a password) and that will notify you of unusual behaviour (Google, LastPass, etc). 
• Notice subtle indicators. Pay attention to your computer and look for subtle inconsistencies. Does your webcam light turn on when you are not using it? Does it look like you sent an email you don't remember sending? Does an online service show a login time you know you weren't working?  Pay attention to subtle cues.

How did I get infected?

The most common technique used by threat actors is to trick the user into installing malware pretending to be something else. It can pretend to be a system update. It can pretend to be a holiday card from a family member. It can pretend to be a work file from your boss. It can be a drive-by download where your system is exploited simply by being vulnerable and you visiting a carefully crafted webpage. 

• Link to a malware site can be disguised as a link to a popular internet site (Apple, Amazon, Microsoft), shared content (a document, holiday card, music file, etc) or a fake system update (flash update, etc).
• You may be targetted via email. It is common for highly skilled threat actors to compromise the systems of people you trust and use that trust to trick you into running malware, visiting a malware site or performing an action you otherwise would not. Remeber that these are often highly skilled practitioners that understand human psychology and will exploit it as needed. This includes chat apps, email, messages on forums, web pages, etc.
• You can get infected by connecting purpose-built attack hardware to your computer. We have devices that look normal (like the USB Rubber Ducky from Hak5) but that can run attack code without your knowledge as soon as they are connected to your computer. 
• Someone can gain physical access to your computer and plant malware without your knowledge. In security we consider it game over if anyone has access to your equipment, This is why companies spend large sums of money physically protecting their servers in isolated access controlled cages inside heavily guarded and secured datacenters. 

The more valuable you are as a target the less likely you are to notice the attack. 

How can I protect myself from malware?

• Make sure you are running legally registered versions of all the products you use daily. Using legal versions entitles you to the latest updates and every security person will recommend keeping all of your software and operating systems updates regularly. Threat actors will often exploit vulnerabilities that have been patched (aka if you update you are protected). 
• Only install the software you absolutely need. Remember that every software is a potential attack vector. Install only what you need and only download it from the manufacturer never from a download site like CNET, Download.com, etc (to prevent supply chain attacks like CCleaner.) Many of these download sites make money by bundling garbage apps that get silently installed and these can also be used to attack you.
• Remember that anything you open or click on can compromise your security. Call a sender before opening a file. Download and scan it first with something like VirusTotal before opening it. Never click on links in email or instant messaging. Always go to the URL yourself (obfuscating a malicious link to look 'good' is easy). If you use Gmail, open questionable attachments in Google docs or sheets as this will often strip the malicious content.
• Remember that one second of forgetfulness is all it takes. Be extra vigilant when browsing the web. Never run anything on the web. Always know that the web can be faked. Even known sites can be compromised and used to inject malware.
• When travelling to high-risk areas, I usually travel with a Google Chromebook. It auto updates itself. There are very few known attacks against it. Chromebooks have a feature called Powerwash that factory resets the device image to "like new" within 2 minutes. Often times I will powerwash my device before performing sensitive tasks. Also, data is stored in the Google cloud. Regardless of how you feel about their privacy policies, they have proven to be excellent at protecting their users from targeted attacks. Make sure you turn on 2-factor authentication.
• Turn off your computer and unplug it from a physical network when not in use.

What can I do if I am infected?

• The first rule is that if you are infected or even suspect that you are infected, forget about cleaning your device and have it completely reinstalled from scratch using known clean installation media. 
• If you are infected, immediately unplug your computer from the internet (ethernet or WIFI) and shut down your computer.
• Use a known clean computer to log into your web services and change all your passwords immediately.  
• If one of your devices is compromised, and you are a high target, assume all your other devices could be compromised and reinstall everything from scratch including your smartphone.
• If you have support from a government agency, reach out to them and ask them for support. If you are a journalist or activist, reach out to one of the public security support organizations like the Toronto Citizen Lab. 
• If you know when you were infected, make sure you restore files from a date prior to the infection. It is critically important to use a backup service that provides version control (e.g. blackblaze version control). 

TL;DR : Go here and download this app (while it's available).

Earlier this week, we saw FileGo leak on the Google Play Store but it was quickly taken down. FileGo is specifically built to help users (even novices) manage and clean files from their devices (duplicate photos, application cache files, etc).

FileGo also contains a function (similar to Apple's AirDrop) that allows Android users within close proximity to transfer files to each other. 

FilesGo is still beta software (aka it could still have bugs) but in my testing has been reasonably reliable and hasn't crashed yet (tested on a Nexus 6P and Note 8). 

Keep in mind that Google can change user eligibility once the app is officially released (may be limited to Android One users or restricted to certain regions) but right now it seems to be available to all users globally.

I wrote a short article about the merits and issues with the Essential phone here. I wrote that review because dozens of readers wanted to know if the phone was worth it at its newly reduce $499 price. 

Another day and another discount for the struggling Essential phone. Now BestBuy is kicking in another $50 off (bringing the price to $449.99).

For $449, you can buy a beautiful unlocked Android smartphone with the latest specs including:

• Snapdragon 835
• 4GB of RAM
• 128GB of storage
• Dual cameras

If you read my review, there are some shortcomings but at $449, it is hard to complain. You are getting alot of phone for very little money. 

No other Android smartphone in 2017 has been as polarizing as the Essential phone. Created by the father of Android, many of us (tech reviewers) wanted a no compromise phone we could love. A device that would be a trailblazer showing other manufacturers what is possible and ushering in an new era of innovation through competition.

Instead the Essential phone is a device I want to love but can't. 

Essential recently dropped its Canadian and US price and many readers wanted to know if I could recommend this phone at the new price. Keep reading to find out.

It feels rushed

So Andy Rubin teed the essential phone in March an created a tone of excitement.

Reviewers went wild because it was the first phone with an edge to edge display. Since then, we have been bombarded with a bunch of beautiful, wet designed smartphones with edge to edge displays (like the Samsung Note 8, Samsung Galaxy S8+, iPhone X, etc). 

When I use the phone and compare it to its cousins, I have the feeling the phone was rushed. Since September, Essential has had to release 4 updates to make the device usable and it still has a lot of room for improvement.

One major complaint that seems to affect all users is the camera quality. Even with the hardware Essential used, most of us expected the device to take much better pictures. Then a port of the Google Pixel Camera app was released by an unknown developer and tests (see article here) show that through software, image quality can be greatly improved. This is the perfect example of issues created because Essential didn't take the time to release adequate software to make it's device shine.

The good

The Essential phone looks and feel amazing. It has a beautiful edge to edge screen that is brights.  The device is slightly heavier than competing products and really feels well built. It is (to me at least) the best looking android phone you can buy today.

It comes with USB C.

It has a camera that doesn't have a hump so the entire back of the device is flat and won't wobble when placed on a table.

It has a fantastic fingerprint reader that is well placed and works very quickly every time. 

It is running a stock version of Android (comparable to the Google Pixel line). This clean version of Android means the phone is extremely fast and responsive. Apps start quickly (often faster than on a Samsung Galaxy S8+ or Note 8). 

Essential has committed to 3 years of security patches and 2 years of major OS updates which is a huge win. Even companies like Lenovo Motorola, Samsung and OnePlus don't commit to software updates like this. I think this is a huge plus for Essential and I wish other companies would follow it's lead.

The bad

The camera is one of the main reasons people buy smartphones and the Essential camera is just "ok". I won't bore you with samples because every reviewer has posted dozens but trust me, the camera will leave you wanting.

As mentioned above, the illicit port of the Google Pixel Camera app does make a significant improvement to the picture quality but it still isn't in the same league as the Samsung Galaxy S8 (which you can now buy around the same price) or the OnePlus 5 (which is out of stock as we wait for its replacement the OnePlus 5T).

It doesn't have any type of water or dust protection.

It doesn't support wireless charging.

You can't buy a second Essential branded was charger yet and the only add-on they released is their $150 360 camera which itself produces "ok" quality pictures and videos.

The speakers on the Essential phone get fairly loud but the audio quality is sub-par. 

Conclusion

The Essential phone was the phone I was hoping to love and was hoping it would become my daily driver (replacing my iPhone). 

So to answer the original question, even at this price, I can't recommend the phone for most users. If Essential released an Android 8 upgrade (we know they are testing it internally) and that version included a massively reworked camera app and they released the charging pad, then may recommendation would likely change.

So the Google Pixelbook is the most elegant expression of what a Chromebook could be. There are dozens of review on the internet extolling the wondrous virtues of the device. I think it is a fantastic device for the right user because it is fast, hassle-free and as secure as a mobile computing device can be.  

Instead of just writing another copycat article about the positives, I wanted to share some of the less than perfect elements of the device. To ensure you can make an educated decision.

Google Assistant 

I love the Google Assistant and was excited when Google added it to the Pixelbook. The problem is that the activation hot words only work when the device is on and the screen is on. If the device is idle and "sleeps", you will have to manually wake it up before you can trigger the Google Assistant. Consumers have come to expect always-on assistants (think Google home and Google Pixel 2 smartphone are always listening). 

I am a Google GSuite user and expected the Google Assitant (at least on their premium laptop replacement device) to integrate better for their business users. As an example, it won't be able to read you your agenda. 

PixelBook Pen

The Pixelbook pen is a great concept but your experience will depend greatly on the apps you are using. Google claims that the Pixelbook Pen API uses a low latency model that should deliver 10ms response times and this is true in certain apps like Google Keep. In Google Keep, using the pen feels akin to writing on paper. In apps like Adobe Draw or Microsoft OneNote, you definitely feel the latency. The latency is so bad that it makes the experience almost unusable. 

Android apps on ChromeOS

With the launch of the Pixelbook, Google finally graduated Android apps on ChromeOS out of beta. This is a push we have seen from Google for many months and they want to encourage ChromeOS (Chromebook) users to leverage the millions of Android apps to make the Chromebook the prefered mobile platform.

Some companies (like Adobe) have worked with Google to make their Android app Chromebook aware and thus using Lightroom on it is actually a great experience. It is fast, fluid and very functionally complete. 

Other apps are the polar opposite. With these less than optimal apps, you will experience:

• incorrect app orientation
• the app does not use the full-screen real estate 
• app performance is sometimes erratic and will crash for no discernible reason

Conclusion

The Pixelbook is a beautifully crafted device that works relatively well. If the device had been a couple of hundred dollars less, I could easily overlook everything written here, but at $US999, my expectations are slightly higher. 

I think the Pen is still a beta experience and they should really provide one for free with each Pixelbook. More customers using the Pen means more telemetry and better design cues for v2 next year. I cannot recommend the $US99 pen right now. The Pixelbook pen is nothing more than a gimmick right now. 

We regularly see mobile carriers release commercials mocking competitors but we rarely see this with smartphone manufacturers. Samsung has been watching all of the flack reviewers are throwing at Google regarding the screen on its new flagship Pixel 2 XL. And good ol Sammy decided it's time to use Google's misstep to its advantage with a short commercial talking about the incredible screen on its own devices.

I'm in the market for a new smartphone and actually ordered a Panda Pixel 2XL from Google (scheduled to arrive Dec 18). With all of the issues, I am now considering alternatives and leaving towards a Samsung Note 8 or the upcoming OnePlus 5T. 

The short well-crafted ad shows clips from various Youtube tech reviewers talking about how great the Samsung screens are (e.g. MKBHD, Unbox Therapy, Mr. Mobile and many more).

Regardless of how you feel about the Pixel 2 XL screen (some do like it), there is no debate that Samsung is the king of OLED screens. When talking about $1000 phones, companies are expected to deliver high-quality devices and I am fine with Samsung using this opportunity to win some points.

It's time to upgrade my phone and I am waiting to see what OnePlus releases as their OnePlus 5T model. In the above photo (from GizChina.it) , we see that the launch will likely take place on November 16 (for India at least which is where we believe this slide was created for).

And everyone's favorite leaker, EVLeaks also confirmed a November release date.\

OnePlus 5T Specs

Everything we have so far is based on rumor. Remember that everything we have seen so far could be an elaborate misinformation campaign by OnePlus. With that caveat, let's dive in.

We believe the processor will be the same Qualcomm Snapdragon 835 found in the OnePlus 5 and all other 2017 smartphones.

We also expect the OnePlus 5T to be delivered in 2 common packages:

• 6GB of RAM + 64 GB of internal storage
• 8GB of RAM + 128 GB of internal storage

These options should be identical to what we have with the OnePlus 5.  Some of the leaks also suggest a larger 3300 mAh battery (according to AnTuTu benchmarks). It is also safe to assume the OnePlus 5T will come with their proprietary Dash speed charging technology, 

The OnePlus 5 had an excellent camera and OnePlus understands the importance of the camera. The latest leaks suggest that the OnePlus 5T will now include 2 20MP cameras. 

OnePlus co-founder (Carl Pei) recently tweeted this:

If the above picture is an indication of low light picture quality the OnePlus 5T will bring, I am very excited. 

OnePlus 5T design

OnePlus has always been a design-driven company and it is safe to assume they will deliver this time as well. It is safe to assume the new OnePlus 5T will adorn a 6" 18:9 screen with a resolution of at least 2160x1080. 

This new larger display will require a more "bezeless" front and we expect the fingerprint sensor to be moved to the back. 

The above "leaked" image from a Chinse site supports everything we have heard so far. You can see the post containing this picture on Sina Weibo yourself. Keep in mind that all the leaks have come from unverified sources so they may simply be photoshop creations. 

OnePlus 5T Price

OnePlus has slowly increased the price of it's phone with every new release. We typically see a $50US increase each time and it is safe to assume OnePlus will stick to that model. The OnePlus 5 was $US479 at launch. I expect the OnePlus 5T to be around $US529.

Even at $529, it is almost half the price of equivalent flagships from Samsung, Google or LG.

Conclusion

And now we wait for November 16 to come. I am anxiously waiting for the OnePlus 5T to see if it is my next daily carry phone or if I will go with the Samsung Note 8 or Google Pixel 2XL. Did I mention I hate waiting? 

Google power users knew that changing the Google country top-level domain (ccTLD) would allow you to find results optimized for another country or language (e.g. searching Google.ch instead of Google.com to get more swiss biased results). 

There are a tone of reasons why I used this little trick:

• Accessing Google.com results when terminating a VPN in another country
• Travelling to a European country that skews results (right to be forgotten) and wanting "real" information returned
• and much more

In a blog post, Google announced that results will now be customized based on the user's location (without regard for the country ccTLD input in the URL). So if I am in France and try to access American results by using the Google.com site, I will still get french results.

Google explains that 1/5 searches are location dependent (therefore detecting and using the user's actual location makes sense).  If I am traveling to Paris and search for pâtisserie, the logic motivation is that I am searching for a pâtisserie in Paris, not Toronto (my home city). 

You can still search for results in another location but the process is much more complicated now (you can still go into settings and select the correct country service you want to receive.) 

Source: Google Blog

Google started rolling out Chrome 62 to Windows and Mac clients about a week ago and now most Chromebook users should have received the update. For those that haven't realized it, Chromebook updates typically lag behind their Windows/Mac counterpart by about a week.

What does ChromeOS 62 bring?

ChromeOS 62 brings an improved file manager, improved OS notifications, and most importantly vulnerability fixes (including the famous KRACK vulnerability).

Pressing and holding a file in the file manager now allows you to select a file (or more) instead of bringing up the right-click menu.

Google updated the system notification to look more like Android notifications (they use to look more like Chrome for Windows notifications in the past). This more Androidesque style brings material design with large icons. 

If you take a screenshot, you are now presented with a thumbnail of the notification (similar to Android). 

You now have better captive portal detection  ( that interstitial webpage in a coffee shop that asks you for your email address before giving you web access).

The most important update for me (a security guy) is the remediation of the WPA2 KRACK vulnerability.

July 2014, Google launched it's project zero initiative to identify Zero-Day vulnerabilities in commercial software thus making computing generally more secure. 

Google's modus operandi is to inform affected vendors and give them 60 days to release patches. After the 60 day window, they go public even if a patch is not yet available. 

There have been situations where Microsoft has not been able to release a public patch within that 60-day Window and obviously this has created a tense relationship between Google and Microsoft. 

You can read this Microsoft blog entry about their disappointment with google. not wanting to take the hit and move on, it looks like Microsoft security research has been looking for flaws in Google's products and found 2 bad ones. Realizing security is now a major differentiator, they decided to play Google's game and disclose the vulnerabilities after an elapsed wait time. 

Here is a sentence that takes a jab at Google's Chrome while praising their own Microsoft Edge security architecture :

Microsoft justified the release of the detailed vulnerability information with this sentence:

I think large well-funded companies should be doing general security research and helping improve the overall security of the entire ecosystem. I wish they could agree on a more friendly approach to vulnerability disclosure, not leaving their customers open and unprotected. This should not become a marketing tool but more of a commitment to societal improvement.

A guy can dream, can't he?

Google Chrome, Microsoft Edge, and Mozilla Firefox are all mainstream browsers that work extra hard to keep you safe in cyberspace. Each company has taken a different approach, but users are more protected than ever before.

Nothing is foolproof though. What happens when badware gets through those defences and takes over your browser making your leisurely stroll through cyberspace painfully slow or dangerous by stealing your passwords?

In the latest version of Chrome for Windows, Google adds more tools to the arsenal. 

Hijacked settings 

Recently we have seen a surge in companies selling reputable browser extensions to other companies and these new owners leveraging the installed base to do bad things like stealthily changing your browser settings.

Chrome now looks out for this type of attack and offers to restore your settings. 

Chrome cleanup

Many companies bundle crapware in their product installers as a source of additional revenue. In some cases, the user may not even be aware that the crapware was installed. 

Chrome cleanup looks for this type of attack and offers to clean up Chrome (thus returning Chrome to a known good state). 

Google redesigned Chrome cleanup to be more powerful and more straightforward to use.

Rolling out now

The new version will slowly roll out to users over the next few days and you will benefit from these improvements automagically. 

Google blog post

Terms of service are professionally written notices you agree to every time you use a new smartphone, install a new software or sign up for a new web service. Consumers are rightfully annoyed by 50+ page terms used by large companies.

Sometimes, you stumble on a company that has "good" terms of service in that they actually protect you (the consumer). This write up is about DuckDuckGo because I receive several dozen emails from readers every month asking if they really are a good alternative (from a security perspective to use). 

In this article, I am only tackling their terms of service. As specified on their privacy site "DuckDuckGo does not collect or share personal information."

DuckDuckGo says they don't save your searches. They don't send your searches or information to any other site. They don't store any personal information about you. 

They only save cookies to your browser if you enable a function that needs it (like persistent settings). 

They save search information but only as aggregated data without any personally identifying information. 

So DuckDuckGo lives up to its promise of personal secure web searching, which is great. I give it an A grade for protection in their TOS.

Over the span of a couple of weeks, we saw three phones released, and with every release, the manufacturer touted the device's incredible "best ever" DXO Mark Mobile performance rating:

1. Samsung released the Galaxy Note 8 with a DXO Camera score of 94
2. Apple released the iPhone 8 Plus with a DXO Camera score of 94
3. Google released the Pixel 2 / Pixel 2 XL with a DXO Camera score of 98

Manufacturers love touting these scores to "prove" that they have designed the finest camera a distinguished tech user could ask for. For all intents and purposes, technology should get better and this means every new phone released (at the high end) should have better overall performance than its predecessor. Why would you buy an inferior phone?

While most blogs blindly write headlines repeating this single "representative" number, very few actually take the time to read the full DXO reviews and explain the details to their readers. 

It's complicated

The first thing to keep in mind that blending complex factors into a single easy to digest number is complicated and sometimes may mislead some readers. While most blogs only show the single number, DXO actually provides a generous amount of valuable information for the curious reader.

The DXO tests include a slew of carefully controlled tests and other real world tests that are more subjective. 

If we pick on today's "highest ranking" phone, the Google Pixel 2, here is how the rating of 98 is made up:

DXO provides detailed test results and write-ups for each of these categories. While most blogs will tout that the Pixel 2 has a rating of 98 (the best ever rating for a smartphone), they rarely provide the makeup of that number.

And the make-up of that number is critical to your buying decision. If you will use the camera primarily for video, you may notice it scored 96. You can also check out how DXO made up that score by evaluating what is important to you about video (which attributes are more important to you).

• Exposure and contrast
• color
• Autofocus
• Texture
• Noise
• Artifacts
• Stabilization

Remeber that the video rating fo 96 is not a straight average but rather a "black box" formulae closely guarded by DXO. 

Is DXO Mark Trustworthy?

The next question is "can you trust the DXO testing methodology"?

Having reviewed the public information made available by DXO, I say yes. They have a well-documented methodology that is as good as it is going to get. I trust their rating but use the detailed review information to make up my mind, not the single number most blogs publicise. 

It is also important to keep in mind that DXO is a for-profit consulting company that manufacturers hire. DXO works with manufacturers to tune their imaging systems and get the best possible performance out of the equipment and software. DXO also sells image quality testing solutions.

I do not believe this consulting arm influences the device ratings in any way but it is still an important fact to keep in mind.

DXO Optics Pro

DXO Optics makes very good photo improvement software because of all this camera/lens knowledge they have accumulated. They know the shortcomings of each of the camera/lens combos and can this build specific correction profiles. 

I own their software and paid for it myself. 

90% of all the questions I receive these days is about comparing the iPhone to the Google Pixel2.  In addition to all the information I have already written and the info provided above, there is one more piece of knowledge you should consider. 

The Google Camera app on the Pixel 2 does not natively support RAW (the iPhone 5s or newer) does. This means DXO Optics Pro has corrective filters for all these iPhone RAW images, but does not for the Google Pixel2. This could be a major deciding factor for more astute or demanding mobile photographer.

Conclusion

I know most users simply don't care about the details. They want one easy to read headline that justifies their belief (Google is better / iPhone is better). My ask is that you, my more knowledgeable readers, take the time to look at the data that makes up the numbers.

It's a worthwhile investment of your time.

Silicon Valley has been promising life-changing personal digital assistants for years, but we all know most are semi-useful at best. 

A new research project to measure the IQs of these "smart assistants" concluded that Google is the smartest but has an IQ equivalent to a six-year-old (Google received a score of 47.28 while a typical 6-year-old would receive a 55.5). An average adult would rate between 85-115 points.

Where does the "digital golden child" (aka Siri) score? It received a very disappointing 23.9.  Siri was outsmarted by Microsoft's Cortana and Baidu. 

The results showed that these assistants had made significant improvements over the last two years but that they still have a long way to go before they deliver on their real promise.

Privacy and the digital assistants

Apple triumphantly became the first major tech company to include a digital assistant with every iPhone 4s. As we bought into the dream, we were enthralled by all the wonderful possibilities that this technology would enable. 

Apple went all-in with the privacy chip, and soon Siri was surpassed by Alexa and the Google Assistant. Most notable was the launch of Amazon's Alexa in 2014 which had a much better ability to understand natural language commands and had the first real consumer implementation of far-field microphone technology. Amazon's microphone technology coupled with artificial intelligence in the cloud meant it could pick up commands from a distance even in relatively noisy environments. Something Apple certainly couldn't do. 

While Amazon opened up its skills technology to the world, Apple carefully guarded its assistant enforcing strict privacy controls. In the Snowden era, privacy is important, but consumers are typically more interested in convenience. 

Pushing the boundaries of artificial intelligence, Google decided to use its incredibly vast trove of user data to train its artificial intelligence and machine learning engines. This unmatched access to valuable data (think Google Voice, Google Maps driving patterns, likes/dislikes in Gmail, etc.) has allowed the sultan of search to become the king of digital assistants. 

Many believe that Apple's lack of development of Siri caused many prominent employees to leave the Siri program. Most noticeable were the departures of the Siri co-founders Adam Cheyer and Dag Kittlaus. Not wanting to retire and watch from the sidelines, they created a new digital assistant leveraging the most modern technologies, under a new banner "Viv Labs. Viv Labs was supposed to be an independent digital assistant that would work across many products and companies. Helas they sold to Samsung for ~$200M, and now we wait to see how they will use the technology. 

Google is all in with the Google Assitant

On October 4, 2017, most tech analysts watched as Google unveiled its 2017 crop of technologies. They launched two phones, two speaker-assistants, a refreshed VR headset, Bluetooth headphones and a new laptop. We could see how the new MadebyGoogle style was infused in everything they launched. 

Even though everything seemed well designed and manufactured, the most striking message was that Google was embedded it's Google Assistant in everything. 

The Google Assistant now lives in every new Google product and in most cases is the unique differentiator for that product. 

The Google assistant and its unique Artificial Intelligence engines:

• Allow its Google Home Max speaker to auto-tune its sound profile taking into account the characteristics of the location it is in
• Allow it's smartphone to use a single camera to generate bokeh and blurred photo backgrounds (which Samsung, HTC, and Apple deliver using two cameras)
• Allow its Google Buds Bluetooth earphones to break down the communication barrier by making Google translate voice easier to use in the real world
• Allow its Pixel Chromebook laptop competitor to use Google Lens to identify elements in a picture (aka a famous person on a web page or a landmark in a picture)

Google is gambling that its Assistant will be a key product differentiator and they may be right. I have owned iPhones since the very first version. I owned every Apple Newton Apple every released and spent way too much money on Newton accessories. I am not a fan-boy but loved the tech. 

This is the year I upgrade my personal phone; I opted to jump to the Google Pixel 2XL instead of the iPhone X. 

• I need a device that is more customizable thank what Apple allows. Think of the Chinese citizens that can no longer install VPN clients on their Apple products because Apple banned these apps from its Chinese app store to comply with Chinese law. To make things worse, Apple does not allow them to sideload any apps, so these customers are stuck. On Android, you can toggle a switch to sideload apps. Sideloading does increase your cyber risk, but sometimes that is an acceptable outcome. 
• I was also tired and frustrated with Siri and Google can help me be more efficient in more situations. 

I believe that Google CEO Sundar Pichai is right when he says we are entering an AI first world. 

Conclusion

Assistants will be the front end to this new artificial intelligence first world we are entering into. Apple has more money than most countries and could surprise everyone with a significant upgrade to Siri, but without the enormous troves of data Amazon and Google have about users, it will be an arduous journey. Apple is not in trouble. Apple is not dead. Apple is a vibrant company that continues to find new ways to create billion dollar business' (Apple music, Apple watch, etc.). 

In the short term, I doubt the lackluster performance of Siri will hinder its growth, but I am convinced it will have an impact on its longer-term viability (unless it decides to jump all in and spend some of its cash on buying maturity for Siri). 

Real security requires vigilance, even for consumers. One issue we have been hearing a lot over the last couple of years is credit/debit card skimmers.

A skimmer is a cheap hardware device that blends into the credit/debit card processing machine of a retailer. When processing your transaction, the skimmer copies your card information and somehow makes it available to the "bad" guys.

An open-source Android app, called Skimmer Scanner, is promising to help consumers win this battle. The company behind this project, SparkFun, explains why thieves love gas stations. The skimmer equipment costs $10 or less and the master key to open a gas pump is typically easy to get (since there are only a small number of variations). After a couple of days or weeks, the thieves drive by the modified pump and wireless dump all of the credit/debit card information via Bluetooth.

It is this feature that the app leverages to find these skimmers. It looks for a particular kind of Bluetooth signal, attempts to connect to it and thus verifies if there is a skimmer in the area. 

Believe it or not, thieves are lazy so most often they leave the default skimmer configuration on devices.

SparkFun has a great blog post talking about gas station skimmers you'll enjoy reading.

I will be trying this our at local retailers. Download Skimmer Scanner yourself from the Google Play store here. 

The biggest change to Apple's smart watch lineup is the addition of LTE connectivity (a $70 option over the non-LTE Series 3). This new Dick Tracy style watch will allow you to make phone calls (with your same number), send and receive messages, use internet connected apps and stream music from Apple Music. 

The new OS, which will work on all devices, brings improved exercise and heart tracking, Siri finally can speak back to you. 

The heart rate functionality is dramatically improved tracking your heart-rate pre-working (resting), during and post-workout. It will show how your heart health is improving over time ( faster recovery, better resting heart rate, etc.).

They have also created a new standard that will allow your watch to talk to new types of gym equipment. This means your watch will be able to log gym equipment data (speed, incline, etc.).

The Series 3 Apple watch has the same dimensions as the existing Series 2, and they promise similar battery life. You will be able to pre-order the new watch this Friday (September 15). 

We'll have to wait and see what carriers charge to add this new device to your smartphone plan. Hopefully, it won't be $10 a month.

Over the coming weeks and months, the media will overwhelm you with review and editorials about the new iPhoneX. Of all the products Apple announced this week, the iPhoneX was the most radical in design. 

They have eschewed the home button and most of the bezels. This newfound space has allowed them to cram a beautiful 5.8" Super Retina OLED screen (458 pixels per inch) in a device that is smaller and easier to hold than an iPhone 7Plus or iPhone 8Plus.

All of the functions requiring a home button are replaced with swipe motions. Swipe up from the bottom, and you get the home screen or app-switcher (full swipe or half swipe respectively). 
A side button (right-hand side) can be used to invoke Siri. 

The removal of the home button also means Apple had to remove the TouchID authentication sensor. The beloved TouchID has been replaced with FaceID. It promises more secure authentication.

TouchID had a false positive rate of 1 in 50,000. Apple claims FaceID has a false positive rate of 1 in 1,000,000 (regardless of you wearing glasses, changing your hair, growing a beard, etc). All the processing is done on the device (not sent to the cloud).

During the demo, FaceID failed. We don't know why but I am sure Apple will workout most of the kinks before it is released early November. 

We can't make any recommendations until we have a chance to test the device in the real world, but many have already started asking if the extra $300 (going from the iPhone 8 to the iPhoneX) is worth it. 

Had the iPhoneX been endowed with a dramatically superior camera system (compared to the iPhone 8 Plus), I would have jumped on it, but now I'm not sure. Yes the built in cameras do have optical image stabilization and the telephoto lens is slightly brighter but that doesn't justify the difference in my view. 

Using the FaceID sensors, Apple will map your face and allow you to apply the new lighting filters (even with the front facing selfie camera). Additionally it will create a detailed face-map allowing filter apps to create more realistic and properly aligned designs (think Instagram filters). They will also use this feature to create animated emojis called animoji. 

Conclusion

Pre orders start on October 27 and deliveries will start a week later.

The truth is, the iPhoneX is a glimpse of the future. My guess is that we will see one more generation of traditional looking phones with a home button, then everything will switch to the all screen design. 

The iPhoneX is an opportunity for Apple to figure out how to mass produce all the sensors affordably, in preparation for an eventual launch in all of its products (including iPad).