Zero innovation, miss the Steve Job's days when people were shocked by Apple products. I believe their M chips their most innovative thing in a long time.
I'd have to concur... like at a time where I thought the diminishing marginal returns for CPUs on computers had really kicked in (like, there's only so much speed I need for web browsing), the M1s came along and made me go "holy shit", even while still, in fact, web browsing.
> We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.We used @ProtonVPN and #Wireshark
Wallet at least has a semi-plausible non-evil answer: Users who kick their VPN on to another country and try to use apple pay at checkout will unexpectedly get declined (because the purchase would appear to be coming from another country perhaps?).
> I don't see any reason why Apple Pay would use IP geolocation like that when it's running on a device that has GPS.
I don't think contactless Apple Pay actually uses device geo[1] for authorization, but it's still worth noting that iOS devices without cell connectivity (ie WiFi-only iPads) don't have GPS anyway.
You can use Apple Pay on websites in Safari, though, which IIRC doesn't require location permissions to work.
1. You have to be able to use it in the same places you'd use a normal card, which means you can't rely on network connectivity of any kind.
Apple's statement was "to prevent the sharing of fraud prevention assessments with your payment card network, you may select another card". I removed my Visa cards from Apple Pay.
I’d never come across that before, but quickly looking at the statement from Apple it seems like this only applies to browser and in-app purchases, not contactless transactions where you’re using your phone in lieu of a physical card:
"For cards with certain enhanced fraud prevention, when you attempt an online or in-app transaction, your device will evaluate information about your Apple ID, device, and location (if you have enabled Location Services), to develop fraud prevention assessments, which are used by Apple to identify and prevent fraud."
Back in the university days, we (me + a few friends) used to get some radios and antennas to create a signal stronger than the one coming from satellites. It was always fun when the semester started and all freshmen were using Google Maps to navigate through the campus, but the map always showed their location in North Korea. Good ol' times.
I'm calling shenanigans. I used to work in a lab where we had GPS repeaters to test consumer equipment. That alone costs big bucks. And, we had the FAA come down on us big time, because our GPS repeater broadcast outside the building too far and we got into some hot water.
If you were spoofing GPS campus wide over 1.544 GHz and had all your GPS sentences correct, with simple radios and antennas... and you hadn't got in trouble with Uncle Charlie or the FAA....
Just for clarification, it was not campus wide, only a small part between some institutes. Also, the hardware was not consumer grade thanks to the electrical engineering, geodesy and geoinformatics labs.
Still, it was illegal and could get everyone expelled, so I wouldn't do it again.
From your previous comment, it sounds like your experience may have been from a while ago? In 2022, it is fairly trivial and cheap: https://github.com/osqzss/gps-sdr-sim
I can not ;^) personally confirm that this works with a HackRF, which is like $300, but probably also with any other reasonable tx-capable sdr.
Trying to set up an alternate 3d volume of GPS space sounds very difficult.
But broadcasting a loud signal that tells everyone in range that they are at the same exact point doesn't seem too hard to me. Couldn't that even be as simple as replaying a single-antenna recording taken somewhere else?
Doesn't work well with some receivers that cache data from the real network and stay locked onto the much weaker real signal. But works with most receivers.
* first, a purchase shouldn't require an internet connection. Humans have been doing commerce for millennia without it, and we have sophisticated pub/priv key schemes to figure this all out.
* second, it's a security hole. It's either a VPN or it's not.
