PushBullet - I'd pay $150

I was wondering if anybody could compile a PushBullet client for RISC OS:

http://www.pushbullet.com

My guess is, it will not be simple crosscompiling, but I also think having a client like this will open up RISC OS to more network devices and in that making it more usable for many people. It basically opens up quick message exchange by mouse click.

The benefits would be:
- sending short messages between devices
- exchanging files
- access links & URLs on other devices

Not sure if all features can be realized, but simply being able to share text would be awesome.
It is a bit like R-Comp’s UniServer, but with support for many many other devices.

Pushbullet has an API, so in theory it schould be doable.

And: I am willing to pay AUD150.00 for a working client – maybe somebody else chimes in?

Wait… What?

You are happy to connect your devices “intelligently” by bouncing private information through a third party server based in Arizona (a country which has repeatedly confirmed zero expectation of data privacy for foreigners)?
That noise you can hear – those are the alarm bells ringing in my head.
Have you read the list of permissions the Android app requires? Including, I should add, the ability to make phone calls, intercept text messages, and in-app purchases.

Sorry, I value what’s left of my privacy too much. If I think it’s a hassle to use a screen for sending text messages, I’d use a Bluetooth keyboard. Not god-knows-what across the internet.

You are happy to connect your devices “intelligently” by bouncing private information through a third party server based in Arizona (a country which has repeatedly confirmed zero expectation of data privacy for foreigners)?

But Rick, it has “end to end” encryption so the data is safe all the way to the NSA so you can be sure that anyone a little bit dodgy can’t get at it. No, you have to be terminally dodgy…

Meet me somewhere and I’ll give you a memory stick with a 64GB one-time pad on it. Then we can communicate completely securely – even if someone can factorize products of arbitrarily large primes, they can’t crack one-time pad encryption…but the communicants do have to exchange the thing securely face-to-face before they can start to use it.

My guess is, it will not be simple crosscompiling.

You’re right: in fact it’s much simpler than that, since there is a public API to access it :)
https://docs.pushbullet.com/

But Rick, it has “end to end” encryption so the data is safe all the way to the NSA

Of this, they say:

We support end-to-end encryption for Notification Mirroring, Universal Copy & Paste, and SMS. We use client-side symmetric encryption for this. No keys are ever sent to the server, not even public keys, which is especially nice from a security standpoint.

So data can be sent between devices with encryption? Nice, I guess, but hang on – how does the encryption key get from “here” to “there”? Encryption relies upon the knowledge of a shared secret…
[edit: Okay, it looks like the system relies upon setting passwords on each device; so there’s a couple of obvious potential weaknesses staring us in the face right there]

However, I then found this: How secure is PushBullet content you push across your devices actually.

I noticed that the long list of permissions requested by the PushBullet app (Android) included in-app purchases. It seems as if there are restrictions on what can be done with the “free” service. While it might sound “fair enough” (somebody has to pay for the hosting), maybe if devices could communicate with each other instead of bouncing everything via the mothership, the host interaction might be able to be reduced to being little more than a springboard for getting started, and a DDNS service to devices off the LAN can still be located.

Here’s an amusing read: https://www.reddit.com/r/Android/comments/3tllx9/i_am_guzba_from_pushbullet_ama/

This isn’t to say the concept of what PushBullet is trying to do isn’t bad. What is bad is the baked in dependence upon a third party website. I read something on TheRegister a while back about some sort of smart device (heater? thermostat?) that simply shut itself down because it was unable to work at all because the mothership ceased responding (AWS fell over?).
Don’t forget, of course, that if the service is so dependent upon the site, then so are you. If they should go bust, get bought out, or their S3 instance crashes… what’s your backup plan?

Devices should be able to associate and then talk directly to each other. It’s probably not so hard to do (hell, my IPcam and its app do a simple version of this) but these days everything useful seems to include “…with a website” in the brief. And if you’re lucky “…with embedded advertising”.

I am sorry for the long post and the rant that follows. But I think I want/need to make my personal opinion clear. So here it goes:

Well, you all are right about the encryption / privacy part or issue. But in my opinion the ‘war of personal data security’ has been lost 5 years ago. I was fighting hard against data collection, big data, camera spying, free cloud accounts, the cloud itself, fingerprint sensors, facial recognition software and free online accounts.

It was very time consuming. In the end, I was running my own mail, web, news WiKi, calendar, cloud and file server at home – and maintaining them. It nearly became a job for a part time system administrator, as soon as family and friends wanted an account, too.

Then I thought about how to get around this. Since you cannot trust somebody you do not know with your personal data, my concept of data itself changed. Basically my data is now split into private, personal and public. And the big decision was actually which part of my personal data is private data.

- Fingerprints? The government already stores them on my passport on an unsecure RFID chip.
- Facial recognition? If my friends share photos of me on Instagram and Facebook and some idiot tags me, I am already screwed anyway. And the data is also stored at government servers (and I do not trust governments).
- personal address and mail boxes, business information? All available on public websites (Domain registration, Network registration, Business Number Registration) thanks to different governments and policies.
- phone numbers? At least in the country I live in, phone numbers interestingly end up in call centers very often. I am not sure where they get that information from, but my guess is more than one of the many websites / shopping sites is selling them for a premium. Together with my mail address.
- email addresses: yep, they are sold by shopping sites and – surprise – employment sites for contract work (and agencies). Basically you either use the platform and agree to it – or you don’t get a contract / work.

OK, what’s left of my personal data that I wanted to keep private? Not much. Only the bits and pieces I never would store on a foreign server. Passwords, security questions, and created documents/files.

Now, Pushbullet is a service that relies on a foreign server. It claims to use end to end encryption and needs a lot of Android permissions. Yes, this might be a further step towards total destruction. But the things I keep on my phone are either personal or public information. Nothing private. So I don’t care anymore. Not because me, myself and I don’t care – but friends, co-workers and family don’t care. Which means my personal contact data ends up in the cloud anyway, and there is nothing I can do about it.
What difference will it make if I share my personal data with all the evil out there? Nil.

I know there is more to it like browsing history, GPS data, line of communication, contacts, etc. But in the end they will only access information that is irrelevant to my private data.

I am not saying here that I do not take precautions and ignore the risks. All I want to make clear is that using Pushbullet can be a benefit if used correctly. I would never share private or sensitive data via these kind of services anyways.

To be honest: anybody who is using any kind of smartphone already sold his privacy. To Google or to Apple. Buth companies sitting in a country which does not reflect my view of privacy and security. Maybe a BlackBerry or a BlackPhone is better, but it is unfortunately not a solution if you work in an environment of ignorant (or oblivious) people.

The ‘war of personal data security’ is lost. Let’s hope we do not lose the ‘war to keep our privacy’ with the amount of insecure IoT devices lining up in the shops.

You know he best about RISC OS? It runs without a connection to the internet (out of the box! Without mandatory patches!) and does not come with unnecessary, network ready, services running in the background. As long as you do not plug in a cable you can be sure it is secure from remote access. No camera, no WiFi, no Bluetooth. I see that as a security feature. It is just a shame you cannot lock the screen and secure it from on-site access.

@Rick: As an alternative, maybe the UniServer/UniPrint Software can be compiled to run on Linux and OSX? And Android and IOS? Then I would be really happy as it uses direct host to host communication. Not sure about inbuild security, though. My guess: there is none. But if I cannot trust my own network, I’m in trouble anyway.

Well, you all are right about the encryption / privacy part or issue. But in my opinion the ‘war of personal data security’ has been lost 5 years ago.

Still battling away. At work the data is absolutely NOT put on the cloud since pretty much without exception that would mean it being replicated on the other side of the pond and that is just open access for the NSA.
It’s probably a small relief for people to know that data including pictures of their bits isn’t actually open access for those people.

One of the beauties of encryption using hand-to-hand transferred one-time pads is that the messages are completely indistinguishable from absolute gobbledegook. I rather like the notion of filling NSA’s servers with complete gobbledegook in a sort of massive denial of service attack by exchanging gobbledegook at high rates. Nobody knows whether it’s messages or not.

Come to think of it, most of my postings here and everywhere else aren’t much different from that anyway…

@Clive: yes, the one-time tokens are a good idea, but only if the encryption algorithm is strong as well. I am not sure if I want to use AES256 or AES512 to encrypt my data, knowing the NSA is using it for their purposes. On the other hand, the algorithm is open source and so far nobody has complained.

I prefer Twofish whenever I can. Together with 15 to 20 characters for a password. One time passwords unfortunately only work for server based encryption, which is useless for file encryption (AFAIK).

@Steve: yes, work data is not on the cloud, as I ‘declared’ it ‘personal’ data for my purposes:

Personal Data: information/files/bits you want to keep to yourself

Private Data: your name, address, phone numbers, email address, Photo, Fingerprint, etc.

Public Data: data containing non-sensitive information, e.g. nothing of the above

So here it goes:

Ooh, red flag waving time. ;-)

But in my opinion the ‘war of personal data security’ has been lost 5 years ago.

For the majority, yes.

I was fighting hard against data collection, big data, camera spying, free cloud accounts, the cloud itself, fingerprint sensors, facial recognition software and free online accounts.

While I cannot do much about Google/Samsung pilfering my contacts under the guise of “backing up valuable information” by apps baked into my phone, I can take steps to mitigate the problem:

• My contacts contain home, work, and people I email frequently. I don’t have much of a social life, so other contacts are written on paper with a pen, not held on the phone. If I don’t call, and don’t email, there’s no reason to.
• Any app that isn’t baked in that demands access to SMS, calls, or contacts is NOT installed. No exceptions.
• I can’t do much about “Internet access” alongside “Location”. That combination is usually due to AdMob so it can serve up location-specific adverts. That said, when Google is not actually navigating me someplace, GPS is OFF because, you know, battery life…
• Apps may want to know the phone state. This CAN be legitimate for an app like a music player to silence itself when a call starts. However an abysmally bad design decision in the older API means that the “Is call in progress” permission is shared with the call information which includes the CIDs of each end of the conversation and IMEI and so on. Thus, an app that demands this permission but does not seem to have a real need for it does NOT get installed.
• I think Amazon is the only third party app that can interrogate and manage user accounts known to the device. Ask for that one is asking to not get installed.
• If an app asks for a permission that I don’t understand or doesn’t make sense in context… no installation.
• Read the permissions at the bottom of the listing in the app store, the “This is what the app wants” that appears when you choose to install skips many of the interesting properties like “runs at startup”.
• Android 7 disables many of the more important permissions (like filesystem access, contacts, etc). An app that refuses to start when a permission I’m not willing to grant is denied = uninstall (and a one * review).
• Samsung has an aggressive application manager that will sleep and/or deny resources to applications to extend battery life. Email and AccuWeather are the only apps permitted to use network resources freely (to permit auto-fetch to work). Pretty much everything else is set to auto-sleep. This does mean that GMail won’t fetch until I start it, but no big, I don’t use GMail much.

For email:

• The world knows my yahoo address. It’s on my blog, it’s probably been mentioned here. Yes, I use Yahoo! which is about as secure as a spaghetti strainer is watertight. Why? Simple – it’s easy and it provides disposable addresses.
• Those disposable addresses – when I sign up with something I don’t know if I can trust I can provide a email address customised to the company. The address that gets the most spam is the -usenet one (because comp.sys.acorn.announce has a rule that real addresses must be used; a few years ago I used this address on csa. Now I use a completely fake address and just won’t post announcements). The other address that got spammed for a while was -ukpassport which was known only to me, Yahoo, and the UK passport agency. Thanks a lot you scumbags… for a while we had sales phone calls from weird places that corresponded to the same time frame, and neither myself nor my mother have the habit of gving out our phone numbers – she can’t hear the phone well and I just don’t like speaking to people.
• I have a private email address. One or two of you here may know it. You’re one of about twelve people. That’s the one that I pay attention to, so I only give it to specific people I communicate with a lot.
• I also have various other email addresses for when I’m not me. It won’t fool the NSA, but it does mean I have some accounts around the place that have no “heyrick” identity.

Big data:

• Sometimes I open a book and do searches for the first thing I find. Why? To let Amazon/Google/etc make sense of quantum theory, flower stamens, beer fermentation, missed periods, moped modding, and left handed knitting. ;-)

Cloud accounts:

• The only cloud I made use of was Google Docs because it was easy to write blog articles on the iPad, and open the document on my PC for copy-paste into Notepad++; but that’s less of a thing since Google decided to auto-break Docs on iOS7. There’s no privacy issue here, the documents will be put on my blog so…
• Personal documents are often written in OvationPro which is maybe the least cloudy editor I have, asides from Zap/Edit. ;-)
• If your private things are private, then it is your responsibilty to keep them private. SD cards and USB keys are a thing. So is encryption. When you feed such private things to any third party “cloud”, you’ve basically put your privacy in the hands of organisations who are legally obliged to disregard your privacy while lying to your face about how important such a thing is.
• Don’t put anything on to a cloud service that you do not expect to be made public. I have some photos (2D and 360 degree) in my Google Drive. They are the photos that I submitted to Google Maps. Public by intention.

Fingerprint sensors:

• I use my fingerprint sensor frequently. My SIM is pin locked, and the phone is password locked (it will demand the password after power up or reset). Otherwise the fingerprint sensor is used. Why? Because while such things can be fooled, fooling them is out of the skill set of my co-workers. However watching me unlock my phone and trying to work out what the password is is basic observation. The S7’s sensor is quick and can correctly read your finger any way up so people might not even realise the phone is being unlocked. Tests with other fingers, toes, and mother showed a zero failure rate. I’d not be convinced if I was a spook, but I’m nobody so it will suffice.

It was very time consuming. In the end, I was running my own mail, web, news WiKi, calendar, cloud and file server at home – and maintaining them.

My private mail is via a friend who runs his own server. It was a baptism of fire, and he used to lose sleep worrying before he got it under control with things like DMARC and performing reverse IP blocking (France and UK are allowed, everything else is silently dropped).
It’s working great now, but the poor bloke went through hell to get it there. It’s certainly not something I’d want to inflict upon myself. I guess many people here won’t realise exactly how much crap will get thrown at a server, but I have a feeling that you do. And I bet you have a special dislike of the leaky Great Firewall of China, Israelis, and Lithuanians (to name the three that tried compromising my system when I patched in an IP lookup routine).

My personal server is a Pi with WebJames. It gets hit a lot (in the logfile, attack attempts outnumber the crawlers by an order of magnitude) but it all bounces off thanks to WebJames/RISC OS not looking like anything else on earth. ;-)

I have a wiki on my site (/armwiki) but what started with good intentions kind of went sour when I spent most of my time not writing articles for it, but instead trying to exorcise those who would sign up just to spam advertising for toe rings. The signup process is still there somewhere. I hacked the script to change the URI so it will confuse automated spam apps. But I’d need to read the code again to remember what the URI is. Of course, a wiki with obfuscated signup and user-needs-approval-before-writing is not a friendly wiki, but a friendly anyone-can-edit wiki is one that will be forever fighting spam…

I have a file server. A NAS that’s a dinky server talking to an SD card. It only works on the LAN. The Pi server and my HD IP camera are the only things that pass NAT, some devices that think they should have internet access (like my printer) are set as a restricted profile on the Livebox – no access, period. LAN only.
Does that mean I can only print while I’m here? Well, a more convincing question would be to ask why on earth I’d want to print something at home when in a car doing 110 on a dual carriageway south of Bain-de-Bretagne?

Basically my data is now split into private, personal and public.

? It wasn’t already?

And the big decision was actually which part of my personal data is private data.

Easy. Anything I’m not prepared to share with others.

- Fingerprints? The government already stores them on my passport on an unsecure RFID chip.

What country? I have a crappy biometric passport, but no fingerprints. Do you think wrapping it in alu foil might Faraday cage it enough to defeat the RFID?

Be careful with thinking of fingerprints as “public”. You can discard email accounts and passwords. You’re stuck with your fingerprints. Plus, there’s the problem of feasibility. If I was going to build a device using proximity radio waves to retrieve data from nearby objects, I would not concern myself with your fingerprints. What’s in it for me? Far nicer to hit NFC payment devices (pay-by-bonk phones and credit cards). They might be blocked to a maximum of twenty euros per transaction (or some roughly equivalent local currency amount) but a successful hit on thirty devices for random amounts of 10-20 euros while walking around a supermarket, it could swipe 300-600 euros. See? Unless you are somebody of importance, your fingerprints are not of importance, not when there’s a bigger carrot being dangled in the name of convenience.

- Facial recognition? If my friends share photos of me on Instagram and Facebook and some idiot tags me, I am already screwed anyway.

I don’t socalise, so people don’t upload photos with me in them. That’s my job, and I do it rarely. My usual profile image is not me but Haruhi Suzumiya (as demonstrated here).

That said, a girl at work uploaded a bunch of photos of a thing some of them did (that involved drinking and karaoke). Facebook obligingly tagged everybody. She got so creeped out that she deleted everything on her profile and ditched Facebook. Couldn’t help but smile at that. ;-)

- personal address and mail boxes, business information? All available on public websites

Yes, but there’s a difference between somebody looking up your information, and you volunteering it.

Do you work from home? If not, the address ought to be different. And if so, you can register business stuff at that address. Personal websites – can’t you have your contact details/address withheld from public view?

If you work from home, you’re screwed – but maybe a post office box could add an extra layer of obfuscation to things? Depends upon the country. France doesn’t tend to provide information on boites postales unless you turn up at the post office in person, while the UK Post Office will tell you the address of a P.O. Box over the phone because they are not intended to hide behind. I have freaked out more than one person by sending them a letter to their home address when all they ever offered was a P.O. Box.

bq – phone numbers? At least in the country I live in, phone numbers interestingly end up in call centers very often. I am not sure where they get that information from, but my guess is more than one of the many websites / shopping sites is selling them for a premium. Together with my mail address.

I got cold calls on my phone when my contract was new and I hadn’t given the number to anybody.
It would be tempting to say Orange flogged off my number, but I suspect that numbers are recycled so heavily there’s no such thing as a mobile number that hasn’t been used before.
As for landines, now VoIP and free calling is a thing, wardialling is a possibility. 01252100001, then 01252100002, then 01252100003, etc. It’s pretty simple for a machine to detect pickups and if it’s a machine or human that answered. Good numbers that are fresh are valuable – they can be sold on as verified live numbers.

– surprise – employment sites for contract work (and agencies). Basically you either use the platform and agree to it – or you don’t get a contract / work.

…which is why I’d have spam arriving on an email address carrying their name for an email address given only to them. Let’s see, did you notice I ticked the “do not share” box? Say hello to the ICO for me…

When I was younger, I applied with a contract agency. After I filled in the form, they told me they were obliged to inform me that my details would be sold for research and commission purposes (that’s a mighty fine way to describe advertising). I said “seriously?”. I took back my paperwork and left. A company with ethics like that is not one I would want to be involved with, no matter how good their job offers might seem.
Think about it – if that’s how much they care about you as a client of theirs, how much concern do you think they would muster if something were to go wrong? A mistake in payment, or a placement that vanishes overnight…

OK, what’s left of my personal data that I wanted to keep private? Not much.

I guess my level of cynicism is way higher than yours. My standard is simple – if I don’t choose to share it, it is private. It is getting harder to keep private things private, and Effing Zuckerberg convincing everybody that “privacy is not a thing” while living in a fortress and freaking out if his own privacy should be so much as dented… what I struggle to understand are those who share every bit of their lives on these platforms, and worse, include loads of details about family members and their own children…

Not because me, myself and I don’t care – but friends, co-workers and family don’t care. Which means my personal contact data ends up in the cloud anyway, and there is nothing I can do about it.

Sure there is. You can share less and don’t facilitate. Your contact data may be all over the place thanks to everybody else, but PushBullet wants access to quite a lot more than your contact data. This is where the “facilitate” part kicks in. Maybe you’ve given up to the point where text messages to you are not considered private. And since there’s no encryption of an SMS, maybe they aren’t. But there is a world of difference between keeping a communication from somebody to you on your phone for your eyes, and willingly sharing it with a third party service.

All I want to make clear is that using Pushbullet can be a benefit if used correctly.

Sorry, my TrustOMeter isn’t going to budge on this one, it’s reading a flat “No” and that wasn’t helped by the revelation that the API key is apparently not changeable. Their forum post on the subject was to point out that everything is protected by a fairly simple sequence – a password, a PIN number, whatever; utterly failing to realise that they are the anomaly – passwords can be changed. If your bank card is lost or stolen, issuing a new PIN is part of the replacement process.

To be honest: anybody who is using any kind of smartphone already sold his privacy. To Google or to Apple.

Some of it, yes. But while Google, Apple, and PayPal keep asking for my banking information, they aren’t going to get it. Offline contacts won’t feature either. And so on. Smartphones are something of a privacy nightmare, but it is still possible to fight back. It’s just a toss up between convenience versus effort.

Buth companies sitting in a country which does not reflect my view of privacy and security.

Sadly the UK is running headlong into “how America does it” and after Brexit there will be little to no European influence to try to keep things sane. I pity those still living in the country…

Maybe a BlackBerry

Blackberry sold out, they make Android devices now.

but it is unfortunately not a solution if you work in an environment of ignorant (or oblivious) people.

That’s why being an introvert on the side of antisocial is useful. My rich and varied private life doesn’t tend to include others…unless they have four legs, fur, pointy ears, and a voracious appetite.

The ‘war of personal data security’ is lost.

That’s what the likes of Facebook and Google have spent millions trying to convince everybody. It’s about as truthful as the UK’s immigration figures. Don’t fall for it.

You know he best about RISC OS? It runs without a connection to the internet (out of the box! Without mandatory patches!) and does not come with unnecessary, network ready, services running in the background.

:-)

My Manga software features a (turn-offable) update check where it’ll ping my site to see if there’s an update. This is like really progressive stuff in RISC OS terms.

It is just a shame you cannot lock the screen and secure it from on-site access.

The best security I’ve ever found with RISC OS is to just leave it running. It’s so very different to Windows that the three people who have seen it (not having known of RISC OS before) gave up almost straight away. There’s no start button, the bit at the bottom of the screen is weird… One managed to open Apps, didn’t understand what happened, and so she decided the best response was to turn the monitor off and tell me she hadn’t done anything. :-)

Re: Cloud accounts, I know that you don’t need to tell you this, but make sure that it’s not your only copy of anything. I read a lament earlier today about someone who had lost 11 years’ worth of work because the cloud provider had had a failure. 11 years and no backups… it boggles the mind.

@Rick: nice! :) I agree to many things you wrote. In the end it still depends on which information will you share and how do you secure private data. In general:

a) you get what you pay for
b) if it’s for free you are not the customer
c) if you pay for it, do you trust them

IMHO my eMail and cloud provider are people I can trust (because, although I do not live in Switzerland, I know the people offering the service – and know where their children go to school).

Data recovery is a total different story. Most of the ISPs say they have a method for it – until you need them to activate that. So I still keep copies of all cloud, PIM and eMail files on a mobile SSD.

SMS and other text messages: yes, I no longer call them private. But that’s because of the content I use them for. If it is really important, then I usually encrypt the data before sending – or use a different medium altogether.

Big Data: the thing that really worries me is that future services will demand an ‘advertisement free fee’ depending on how much your overall ‘Internet Footprint’ is worth. Basically, the more data they have about you, the more you’ll have to pay. Sounds a bit far fetched, but I’ve seen these algorithms already being worked on at two advertisement companies. I was told they currently use this to sell the ‘data record’ for the ‘correct’ price to other advertisement companies – but they are planning on opening up an API for third parties to evaluate a user (and price them correctly). A big online video streaming service was one of their ‘interested parties’.

But back on topic: would it be possible to port UniPrint / UniServer to Linux or Android or iOS? Not the printing part, but the file transfer and URL opening ?

but only if the encryption algorithm is strong as well.

Simple substitution cypher. With a 64GB one-time pad (not token) you can send 64 GB of messages before you need another pad – that is, unless your messages are mad, never. You send the address in the pad to start (using a new part of the pad for each message), followed by your message, replacing each byte(x) in your message with
(message byte(x) + byte(address+x) from pad) mod 256
Easy to decode if you’ve got a copy of the pad, impossible if you haven’t. (The pad is simply 64GB of random numbers 0-255. Obviously they have to be genuinely random, for a sensible meaning of “random”.)

That’s what “one-time pad encryption” means. Of course it doesn’t have to be bytes of one of 256 values: originally it meant a smaller number, I don’t know what – possibly as few as 37 (A-Z,0-9,blank). Used to be used by military intelligence – unlike Enigma, absolutely unbreakable. (Of course if your field operative is captured and their pad taken, the captor can spoof him and read your replies. But that proviso applies to any method.)

But that proviso applies to any method

Yes but your field operative can use seCret security checks so you know hw has been captured. The book ‘Between Silk and Cyanide’ described a ‘Mental One Time Pad’ which it said was (a) complex and (b) still secret!

Is this a record?

FireWorkz counts 3193 words in Rick’s posting, tho’ I don’t know how it treats the bullet points or ‘smilies’ as we old-fashioned people call them. Over 17k of characters!

Yes but your field operative can use seCret security checks so you know hw has been captured.

Indeed. So you’ve lost contact, but you know you have. And you can spoof the enemy, if they’re daft enough to fall for it.

Their forum post on the subject was to point out that everything is protected by a fairly simple sequence – a password, a PIN number, whatever; utterly failing to realise that they are the anomaly – passwords can be changed. If your bank card is lost or stolen, issuing a new PIN is part of the replacement process.

Interesting reference. USA and bank card security. According to a distant relation of the wifes who visited the other year swipe technology is standard except where the old fashioned “brass rubbing” style is used and chip + PIN is almost unknown. Here in the UK the swipe is a legacy feature on EPOS systems, chip + PIN is fairly old hat.

Apparently they don’t use CSCs either. But, then, what do you expect for a country that believes so much in the mighty dollar but has continually resisted security features typical in other modern currencies including, you know, making them look obviously different?

The lesson kiddies – capitalism is fueled by fraud. I can’t think of any other explanation…

With Rick’s long replies from a ‘Super Phone??’ – how about a road test of BlueTooth keyboards? :-)

I’ve often wondered what on Earth I’d want a smartphone for. Rick’s wondrous rant is a wonderful example of the utter uselessness of a smartphone…give me a massive screen (with reasonably small pixels, nothing so tiny they’re irrelevant) and a decent keyboard. And preferably a trackpad.

Or a trackball if the trackpad driver’s too hard. I’ve not converted a trackball to USB yet though… 8~(

(Well, you don’t need to give me them. I have them already.)

You just need to be short sighted and have a phone with an insane resolution. My S7 is quad HD. Then, then it looks okay.
But if your phone isn’t even single HD, it’ll probably suck.

Bluetooth keyboard? Essential. ;-)