Featured Article : WordPress At War!

Following a (very public) recent spat between WordPress founder and Automattic CEO Matt Mullenweg, and WP Engine, we look at what’s happened and why, and what the effects have been WordPress users.

WordPress and WP Engine 

To better understand the story, it may be a good idea to first look at the two sides in the dispute – who (and what) they are, and why they’re different.

WordPress

Most people are likely to be familiar with WordPress, the open-source content management system (CMS) that now powers over 40 per cent of websites globally. It was founded in 2003 by Matt Mullenweg and Mike Little as a fork of another blogging tool called b2/cafelog. Since its blogging platform beginnings, it has evolved into a versatile CMS and is used for everything from personal blogs to large corporate websites. WordPress.org is the official website where the open-source version of WordPress can be downloaded and is maintained by the broader WordPress community. WordPress’s co-founder Matt Mullenweg is also now the CEO of Automattic, the company behind WordPress.com, a commercial arm that provides hosting services for WordPress users. Mullenweg also founded (in 2010) the WordPress Foundation, which is a non-profit organisation to promote and protect the WordPress brand and support the open-source project’s development.

WP Engine 

WP Engine, on the other hand, is a managed hosting service specifically designed for WordPress websites. Founded in 2010 by Jason Cohen, and currently led by Heather Brunner (the company’s CEO and chairperson), WP Engine offers specialised hosting services, focusing on performance, security, and support for WordPress-based websites.

The key distinction between the two is that WordPress is an open-source software project managed by a community, while WP Engine is a commercial entity offering specialised hosting for WordPress sites, i.e. it is distinct from (and not officially associated with) WordPress – the brand is not part of WordPress. Automattic, led by Mullenweg, is closely tied to the development of WordPress, whereas WP Engine builds its business upon optimising the WordPress experience for its customers without contributing significantly to its core development.

Other Players 

One other player mentioned in the recent dispute is Silver Lake, a global private equity firm that specialises in technology investments. Silver Lake invested $250 million in WP Engine back in 2018, significantly boosting WP Engine’s financial capacity to grow its hosting business within the WordPress ecosystem. However, Silverlake doesn’t have a direct relationship with WordPress, but has been criticised (as detailed below) by WordPress’s Matt Mullenweg.

The Recent Conflict – A Quick Blow-By-Blow Breakdown

The current, ongoing feud between Matt Mullenweg, CEO of Automattic, and WP Engine has taken the WordPress community by storm. The dispute began on September 20 when Mullenweg publicly lambasted WP Engine, accusing the company of profiteering from WordPress while contributing little to its open-source ecosystem. What followed has been a series of escalating accusations, legal actions, and heated exchanges, leaving WordPress users and businesses concerned about the impact on their websites and the future of the platform.

September 2024 – Mullenweg Calls Out WP Engine 

The feud came to light when Mullenweg, during his keynote address at the WordCamp US event in September 2024, sharply criticised WP Engine. He labelled the company a “cancer” within the WordPress ecosystem, accusing them of using the open-source platform for commercial gain without giving back in a meaningful way. Specifically, Mullenweg pointed out that WP Engine only contributes around 40 hours per week towards WordPress development, compared to Automattic’s substantial 4,000 hours. His most significant grievance was that WP Engine had allegedly disabled core WordPress features, such as post revisions, to reduce their hosting costs, thus compromising user experience for profit.

WP Engine’s Response 

In response, WP Engine released a blog post defending its track record, highlighting over a decade of contributions to the WordPress community. They pointed to innovations such as their headless WordPress solution and their support for modern web frameworks like Faust.js and WPGraphQL, emphasising their role in expanding the platform’s capabilities.

Cease-and-Desist Letters 

The situation worsened when WP Engine sent a cease-and-desist letter to Automattic, accusing Mullenweg of making false claims and threatening the company with legal action. WP Engine argued that Mullenweg’s statements were defamatory and could damage their business. They also stated that Mullenweg’s criticism was rooted in their refusal to pay Automattic a significant sum of money, which Mullenweg had allegedly demanded for the use of WordPress trademarks. According to WP Engine, they were operating within the guidelines of the WordPress Foundation’s trademark policy and did not require such a licence.

Automattic responded by issuing its own cease-and-desist letter, accusing WP Engine of trademark misuse and unfair competition. Automattic claimed that WP Engine had been benefiting from the WordPress brand without proper authorisation and that their use of terms like “WordPress” and “WooCommerce” in their marketing was misleading to customers.

Statements 

Throughout the conflict, both Mullenweg and WP Engine have been vocal in defending their positions. Mullenweg, in a blog post titled “WP Engine is Not WordPress,” accused the company of butchering the platform for profit. “What WP Engine gives you is not WordPress,” Mullenweg wrote, emphasising that WP Engine’s practices were misrepresenting the platform and harming users by removing essential features like post revisions. He reiterated this during his WordCamp US speech, where he criticised private equity involvement in the WordPress ecosystem (referring to Silverlake – the company that invested in WP Engine in 2018), stating, “Silver Lake doesn’t care about your open-source ideals, it just wants a return on capital.” In short, Mullenweg’s criticism of WP Engine, particularly about its focus on profits over open-source contributions, also targets Silver Lake, implying that their primary interest is financial returns, rather than supporting the open-source community.

In contrast, WP Engine pushed back against these claims, arguing that their investments in the WordPress ecosystem go beyond contributing to the core software. WP Engine has highlighted its efforts to support the wider WordPress developer community and create innovative tools for businesses, noting that their business model is entirely compatible with the platform’s open-source ethos.

The Impact on WordPress Users 

For businesses that rely on WP Engine for hosting, the dispute has raised several concerns. One immediate consequence was WP Engine’s temporary ban (September 25) from accessing WordPress.org resources, including essential software updates. This move (by Automattic) led to some operational challenges for users, who were unable to receive timely updates for their websites – sites using WP Engine’s solutions couldn’t install plug-ins or update their themes. Also, WP Engine customers couldn’t access security updates, thereby potentially leaving them vulnerable. WP Engine has reassured customers that they are working to resolve the issue and continue providing a stable service. WordPress.org has since lifted the ban on hosting provider WP Engine (until October 1).

Trademark A Key Issue 

Shortly after banning WP Engine from WordPress.org, Mullenweg stated (in a blog post) that trademarks are the main issue. Automattic alleged that WP Engine has built its $400 million+ revenue business upon unauthorised use of its WordPress trademark (Automattic says it has the exclusive commercial rights for from the WordPress Foundation for this trademark). Automattic says, for example, it has been trying to sign a licensing deal with WP Engine and has offered WP Engine the option to pay a direct licensing fee or make in-kind contributions to the open-source project.

Divided Opinion 

Meanwhile, the broader WordPress community has been left divided. Some developers and users have voiced support for Mullenweg’s stance, arguing that WP Engine’s commercial approach undermines the open-source principles on which WordPress was founded. Others, however, believe that Mullenweg’s comments were unnecessarily inflammatory and that WP Engine’s contributions to the platform, particularly in the area of headless WordPress solutions, have been valuable for the community.

So, Where Are We Now? 

As of late September 2024, the situation remains unresolved, with both parties engaging in a public and legal back-and-forth. While no lawsuits have yet been filed, WP Engine’s legal team has hinted at potential claims of tortious interference and unfair business practices. The WordPress Foundation, which manages the platform’s trademarks, has also updated its policies, seemingly targeting WP Engine’s business practices. Mullenweg, for his part, continues to stand by his comments, reinforcing his belief that WP Engine is not operating in the best interests of the WordPress community.

What Does This Mean For Your Business? 

For UK businesses that rely on WordPress, this conflict brings several important considerations. Firstly, if you are using WP Engine as your hosting provider, it’s essential to stay updated on the potential legal outcomes and any changes to the service that may result from this dispute. The ban from WordPress.org resources, even though temporary, affected site performance and security for some users, so keeping an eye on WP Engine’s communication with customers going forward may be critical.

From a broader perspective, this feud highlights the tension between open-source ideals and commercialisation. While WordPress remains free and open-source, hosting providers like WP Engine have built profitable businesses on top of it. Mullenweg’s criticism raises questions about how much companies should contribute back to the ecosystem from which they benefit.

For competitors, this may create an opportunity. Hosting providers who are more aligned with WordPress’s open-source principles could attract users disillusioned with WP Engine’s business practices. For businesses looking to build or maintain WordPress sites, it may be worth exploring alternatives that contribute more significantly to the platform’s long-term sustainability.

This dispute, therefore, serves as a reminder that even in the open-source world, commercial interests can sometimes lead to conflict. Whether you are a developer, a business owner, or simply a WordPress user, keeping an eye on these developments is crucial for making informed decisions about your website’s future.

Tech Insight : Meta’s Smarter Specs

Following Mark Zuckerberg’s recent announcement of new AI features for the company’s (Ray-Ban) Meta glasses, we look at where we’re at and where things are heading with Meta’s VR/AR glasses.

What VR/AR Glasses? 

Meta’s VR/AR glasses are part of the company’s push into the immersive world of virtual and augmented reality, which it envisions as a key part of the “metaverse.” The metaverse concept, which many of us will remember, was first announced back in October 2021 (when Facebook rebranded as Meta and caused stock values to fall as investors didn’t understand it), was Meta’s vision of a shared, immersive virtual space where people can interact, work, play, and socialise using VR, AR, and other digital technologies.

The VR/AR glasses are part of a range of products representing Meta’s attempt to lead in the next generation of computing by combining the physical and digital worlds. Meta aims to integrate AR glasses into everyday life, much like smartphones today, thereby enabling users to interact with virtual worlds alongside the real world. Consequently, Meta is investing heavily in AR and VR development.

What Are The Key Products?

The two key products in Meta’s range of VR / AR glasses are:

1. The Meta Quest Series (VR and now MR) 

Meta Quest series devices are designed to allow users to fully immerse themselves in digital environments and are used for gaming, social interaction, education, and even workplace collaboration. Meta Quest 2 (formerly Oculus Quest 2) released in 2020, is Meta’s most successful virtual reality headset, offering an immersive VR experience without requiring a PC or external hardware. It features a standalone design with access to VR games, apps, plus social experiences, and is widely used for both entertainment and work-related VR applications. Also, the Meta Quest 3 model, released in 2023, introduced mixed reality (MR) capabilities, i.e., it blends both VR and AR features – is a step towards true augmented reality, where users can see both the physical world and digital overlays at the same time. It includes improved performance, better visual quality, and a slimmer design than its predecessor, supporting full-colour AR experiences through the usage of external cameras.

The latest news from Meta Connect 2024 included an announcement of the Meta Quest 3S, a more affordable version of the Quest 3, priced at $299. The Quest 3S is a mixed-reality headset, offering many features of the original Quest 3 but at a lower cost to make it more accessible to a wider audience. This device is part of Meta’s ongoing effort to dominate the VR/AR market by offering a range of headsets catering to different price points. At Meta Connect 2024, the company also introduced its Hyperscale VR App, known as Horizon Hyperscape for Meta Quest 3 users. This app allows users to explore photorealistic 3D environments created from real-life spaces using a technique called ‘Gaussian Splatting’, not traditional photogrammetry. For example, with the app, users can walk through virtual spaces as if they were physically present, making it an immersive experience. While users can’t yet upload their own scans, this feature is expected in the future, expanding creative possibilities in VR.

2. Meta Ray-Ban 

As part of a project believed to date back to 2017 (first introduced in 2021 and then re-introduced and updated in September 2023), ‘Ray-Ban | Meta Smart Glasses’ are Meta’s smart glasses (developed in partnership with EssilorLuxottica) and premium sunglasses brand Ray-Ban. While they don’t offer full AR or VR capabilities like the Quest devices, they include cameras and audio features that allow users to take photos, videos, and listen to music. Users can also choose between 150 different custom frame and lens combinations, and users can livestream from the glasses to Facebook or Instagram, and use “Hey Meta” to engage with Meta AI (Meta’s advanced conversational assistant), just by using their voice. These glasses are more of a step towards a future where (Meta hopes) AR could be seamlessly integrated into everyday eyewear. Incidentally, price-wise, at the time of writing this article, Ray-Ban Met Wayfairer smart glasses retail at prices between £299 and £379.

Most recently (September 25), Meta’s CEO Mark Zuckerberg announced a number of new improvements to the glasses, the key ones being:

– Enhanced AI capabilities. Meta says users can now interact with Meta AI more seamlessly through the glasses, asking follow-up questions without having to repeat the trigger phrase. The glasses can also remember tasks (such as parking locations) and allow users to set reminders hands-free. Also, ‘Meta AI’ can now help with real-time assistance, such as identifying landmarks while exploring a city or assisting with grocery shopping by suggesting recipes based on items that the user is looking at through the glasses.

Recently (also at Meta Connect 2024), Mark Zuckerberg announced that Meta AI (the company’s series of artificial intelligence models and technologies) is one of the most used AI assistants across the world with “almost” 500 million monthly active users. This may be mostly thanks to India being Meta AI’s biggest market (via WhatsApp’s 500 million users located there). By comparison, OpenAI’s ChatGPT, for example, has 200 million weekly users.

– Real-time language translation. Mark Zuckerberg says the glasses will soon offer live translation for Spanish, French, and Italian, allowing users to hear translated speech through the open-ear speakers, making them ideal for travel and overcoming language barriers.

– Expanded music and audio partnerships. Meta’s enhancing integrations with Spotify and Amazon Music, while introducing new partnerships with Audible and iHeartRadio. Users can now control these platforms via voice commands and access additional content information, adding to the overall entertainment value.

– QR Code Scanning. Users can use the glasses to scan QR codes or phone numbers, and the content will automatically open on the user’s phone without needing any additional steps. Users just need to ask the glasses to perform the scan, and it will instantly transfer the data to their mobile device.

– New design and lenses. Meta has also introduced a limited edition Shiny Transparent Wayfarer frame and UltraTransitions® GEN S™ lenses, offering stylish options that adapt to different lighting conditions, blending fashion and function.

Looking Ahead – Next Generation 

Looking ahead, ‘Project Aria’ is Meta’s experimental research platform for AR glasses. While Meta hasn’t fully released consumer-grade AR glasses (beyond the Meta Ray-Bans’ limited features), the company’s long-term vision is to develop AR glasses that can overlay digital information onto the physical world seamlessly, allowing for interactions with holographic objects, navigation aids, and enhanced communication tools. Project Aria’s output is not yet available to consumers, but the project is focused on developing advanced AR technology that could eventually be integrated into future consumer products. Currently, these glasses are used by Meta employees to collect data and study how AR can work in real-world scenarios.

Orion AR Glasses 

The research and insights gained from Aria (over a decade) have fed into the development of Orion AR glasses (currently available to developers only). Introduced during Meta’ recent Meta Connect event (September 27), these are Meta’s most advanced prototype in augmented reality (AR).

Meta has said that one key feature that the Orion AR glasses (similar to Snap’s ‘Spectacles 5’) will be a “neural interface”, i.e. a wrist-worn wearable / peripheral that allows users use gestures to navigate around apps on the paired Orion glasses. Meta’s boss Mark Zuckerberg says that Orion is “the first device that is powered by our wrist-based neural interface”, i.e. it essentially allows users to send a signal from their brain to Orion. Orion AR glasses will also be controlled by voice prompts to Meta AI.

Meta has also said that Orion AR glasses have “the largest field of view (FOV) in the smallest AR glasses form to date” which the company says, “unlocks truly immersive use cases for Orion, from multitasking windows and big-screen entertainment to life-size holograms of people”. It’s been reported that the costs for building Orion AR glasses are currently very high at $10,000 per unit (it’s still a prototype). However, Meta says: “Orion isn’t just a window into the future – it’s a look at the very real possibilities within reach today. From Ray-Ban Meta glasses to Orion, we’ve seen the good that can come from letting people stay more present and empowered in the physical world, while tapping into all that the digital world has to offer”. 

Competitors 

Meta certainly isn’t the only company investing in VR/AR Glasses. Some of it’s key competitors in this area include:

– Apple Vision Pro. Announced in 2023, Apple’s mixed-reality headset offers a blend of AR and VR, with ultra-high-resolution displays, advanced spatial audio, and seamless integration with Apple’s ecosystem. Expected to release in 2024.

– Microsoft HoloLens 2. Focused on enterprise solutions, HoloLens 2 is an AR headset offering immersive mixed-reality experiences, particularly useful in industrial and medical applications.

– Magic Leap 2. Again, aimed at enterprise markets, this AR headset delivers high-quality visual computing, used in fields like healthcare, training, and manufacturing.

– PlayStation VR 2. Sony’s VR headset, released in 2023, focuses on high-quality gaming experiences, integrated with PlayStation 5, featuring advanced tracking and haptics.

– Pico 4. From ByteDance, this is a standalone VR headset, offering similar features to Meta’s Quest line but with a focus on global gaming and entertainment markets.

– Google Glass Enterprise Edition 2. Originally designed for consumers, Google Glass transitioned to an enterprise tool. It features a small heads-up display, allowing professionals to access critical information hands-free in industries like healthcare, manufacturing, and logistics.

– Amazon Echo Frames. Focused on audio rather than AR, Echo Frames are smart glasses with built-in Alexa. They allow users to control smart devices, listen to music, and receive notifications via voice commands without obstructing vision.

– Razer Anzu. Razer’s smart glasses are designed for both audio and protection. They offer open-ear audio and blue-light filtering lenses for gamers and those using screens for long periods.

– Bose Frames. These smart glasses feature built-in speakers for music and phone calls, offering a discreet, stylish way to consume audio without the need for headphones.

What Does This Mean For Your Business? 

As Meta continues its journey toward building the future of virtual and augmented reality, its efforts reflect an evolving strategy that balances immediate consumer products with long-term innovation. The introduction of the Meta Quest 3S, Ray-Ban Meta glasses, and the development of the Orion AR glasses illustrate Meta’s commitment to the idea of making VR/AR more accessible, versatile, and integrated into everyday life. Each product, from the Quest’s immersive gaming experiences to Ray-Ban’s fashionable, AI-powered wearables, represents steps toward that future, with Meta hoping it can be the leader in the VR/AR glasses space.

However, the challenges are not insignificant. Meta, of course, faces strong competition from tech giants like Apple, Microsoft, and Sony, all offering advanced mixed reality headsets or AR solutions. These competitors are pushing Meta to continually innovate, ensuring that its devices not only appeal to early adopters but also find a place in mainstream markets.

Looking ahead, Meta’s focus on the ‘metaverse’, enhanced AI capabilities, and the refinement of AR technology through projects like Orion suggests that the company envisions a world where virtual and real spaces can blend seamlessly. While there’s much development left to be done, especially in terms of cost, accessibility, and user experience, Meta’s current trajectory appears to position it as a key player in the future of immersive technology. The company’s apparent determination to transform everyday interactions through VR/AR technologies may ensure that we’re likely to see even more exciting advancements in the near future.

For businesses, Meta’s (and other companies’) VR/AR glasses hold significant potential to transform various industries. These devices could, for example, revolutionise training by offering immersive, hands-on simulations in fields like healthcare, manufacturing, and engineering, reducing costs and improving learning outcomes. In retail, AR glasses could enhance customer experiences by providing virtual try-ons or interactive product demos. Remote work and collaboration could also benefit greatly, with AR allowing teams to visualise 3D models, host virtual meetings, or even interact with life-size holograms, making communication more engaging and effective. By integrating these technologies, businesses can streamline operations, improve employee engagement, and offer innovative customer solutions, giving them a competitive edge in a rapidly digitising world.

Tech News : Sending WhatsApp Messages To Other Messaging Apps

In response to changes in the European Union’s Digital Markets Act (which came into force in March), WhatsApp users will soon be able to send messages from WhatsApp to people using other messaging apps, e.g. Messenger, Telegram, and Signal.

What Change In The Digital Marketing Act? 

Meta-owned WhatsApp is making this major change because the EU’s Digital Markets Act – DMA (a regulation aimed at promoting competition and reducing monopolistic practices in the tech industry) requires major platforms like WhatsApp to become interoperable with other messaging services, i.e. there must be interoperability between WhatsApp and other third-party apps.

Because Meta Is A “Gatekeeper” 

Under the DMA, WhatsApp’s owner Meta is regarded as being a “gatekeeper”, i.e. a large tech company that controls access to key digital services, such as messaging platforms, operating systems, or social networks. These companies have a significant impact on the market and must comply with strict rules to ensure fair competition. Gatekeepers like Meta are therefore required, under the DMA, to open up their services (e.g. WhatsApp and Messenger) to allow interoperability with smaller platforms, as well as follow regulations on data handling, user privacy, and transparency.

No Need To Install The Other Apps 

With this change, although WhatsApp and Meta’s Messenger must open up their platforms to allow messages to flow between different apps, a WhatsApp user will be able to communicate with someone on Telegram or Signal without needing those apps installed.

Will Make It Simple For Users

Meta says it has designed a simple onboarding flow for users where they can learn more about third-party chats and turn the feature on which means that although it’s mandatory to open the apps up, the feature still has an opt-in element, to help users avoid risks like spam and scams. For example, users will have the option to choose which third-party apps they want to receive messages from, and how they would like to manage their inbox.

Can Keep Third-Party App Messages Separate 

Meta says users will have the option to be able to keep third-party chats separate from their current inbox, or to combine all chats in a single inbox. For example, users will be able to have third-party messages delivered into a separate folder if they wish.

Two Years In The Making 

Meta says it’s been working on getting the interoperability ready for two years. The change, however, is still being tested, with full implementation expected to start in late 2024, although features will gradually roll out over time. Meta says it has built new notifications into WhatsApp and Messenger that will inform users about third-party chats and will “remind users each time a new third-party messaging app becomes available.” 

Basic one-on-one messaging and file-sharing features, such as text, images, videos, and voice notes, are expected to be ready soon. Group chats and voice/video calls will be added later, with group chats pencilled-in for 2025 and calls by 2027.

Maintaining E2EE 

Meta has been somewhat reluctant about this change but is committed to complying with the DMA’s requirements. The company has stressed the need to maintain end-to-end encryption (E2EE) throughout this integration, although it has acknowledged challenges in ensuring security when third-party services are involved.

For example, Meta has said to send messages, the third-party providers must construct message ‘protobuf’ structures (protocol buffers that define how messages are formatted) which are then encrypted using the Signal Protocol and then packaged into message stanzas in eXtensible Markup Language (XML). Meta says the Signal Protocol is required because of its high level of security.

What Does This Mean For Your Business? 

For Meta, with its WhatsApp and Messenger platforms, this shift toward interoperability marks a really significant transformation. As a designated “gatekeeper” under the DMA, Meta is (reluctantly) being compelled to adapt to a more open and collaborative environment. While the company has expressed some hesitation, particularly around ensuring the privacy and security of cross-platform communications, it is clear that complying with the DMA is essential for maintaining its strong position in the European market. The challenge lies in balancing user security with the seamless integration of different messaging platforms, a feat Meta is tackling through encryption protocols and new user control features. Long-term, this could push Meta towards further innovation, as competition intensifies in a more diversified and open messaging landscape.

For competitors like Telegram, Signal, and other smaller messaging apps, the changes present both an opportunity and a challenge. These platforms now have the ability to interact with WhatsApp’s vast user base, opening doors for increased visibility and growth. However, to ensure secure communication and match the standards set by Meta, these platforms will need to meet stringent security and technical requirements. The market itself is likely to see a shift toward greater collaboration between apps, but with increased competition to offer superior services and features, such as privacy tools or unique messaging options.

Tech News : Microsoft Re-Launching Controversial ‘Recall’ Feature

Following Microsoft having to postpone the release of its ‘Recall’ screenshot feature in May over privacy concerns, it now plans to re-launch an updated version in November on its new CoPilot+ computers.

Recall – What Happened? 

At its Microsoft Build 2024 developer conference back in May, Microsoft announced that it planned to introduce the ‘Recall’ AI-powered feature which was designed to take periodic screenshots (snapshots) of everything a user interacts with on their PC. The screenshots (taken every 5 seconds) were to be stored (encrypted) and analysed using optical character recognition (OCR) – using AI, locally on the user’s PC.

Why Take Snapshots? 

The screenshots (referred to as snapshots) were intended to be used to provide a timeline of everything a user’s done and seen, and to enable the use of voice commands to search through this timeline. Yusuf Mehdi, Microsoft’s executive vice president and consumer chief marketing officer, said that with Recall, Microsoft “set out to solve one of the most frustrating problems we encounter daily — finding something we know we have seen before on our PC”.  Recall was, therefore, intended to be a productivity and user experience-enhancing feature.

Privacy Concerns 

However, Microsoft very quickly faced a backlash due to fears around privacy and data security relating to the Recall feature. Recall was described as a “privacy nightmare” and attracted the attention of the UK Information Commissioner’s Office (ICO), plus critics pointed out that the tool (which continuously records user activity) could easily become a “honeypot” for hackers, especially if malware gained access to these snapshots.

Other concerns centered around:

– The default setting enabling Recall on Copilot+ PCs without explicit user consent.

– A lack of moderation in what Recall recorded, i.e. very sensitive information including snapshots of passwords, financial account numbers, medical or legal information (and more) would be recorded and, therefore, could potentially be accessed and taken.

– Worries about who could access these recordings, particularly if devices fell into the wrong hands or were compromised by malicious software.

– Anyone who knew a user’s password could access that user’s history in more detail.

– With gaining initial access to a device being one of the easier elements of an attack, this is all that would be needed to potentially access the screenshots and steal sensitive information or business trade secrets.

Listened 

Microsoft now says that it has listened to feedback, and after planning to debut Recall with its new CoPilot+ computers in June, it has spent time removing some of Recall’s more controversial features, and now plans to re-launch Recall in November (on its new CoPilot+ computers).

What’s New About It? 

With the revamped Recall, users must actively choose to enable it, rather than having it automatically activated. This change should give users more control over whether their data is recorded. Also, Microsoft has introduced encryption measures, secured via the Trusted Platform Module (TPM), to protect the screenshots that Recall takes. The data is also stored within a Virtualisation-based Security (VBS) Enclave, ensuring it’s more difficult for hackers or malware to access.

Additional enhancements are also understood to include the ability to set preferences for what content Recall captures, how long the data is stored, and what types of sensitive information (such as credit card details) should be automatically excluded from being recorded. For example, an icon in the system tray will now notify users when screenshots are being taken, providing transparency and the option to pause the feature whenever desired.

What Does It Mean For Your Business? 

As Microsoft prepares to relaunch Recall with a more privacy-conscious design, it shows the company’s commitment to addressing the concerns raised earlier this year. By shifting to an opt-in model and enhancing encryption, Microsoft aims to give users more control over their data, which is crucial in today’s security-focused landscape. The added features, such as notification alerts and more granular content preferences, demonstrate a thoughtful balance between innovation and user safety.

These changes are not just superficial adjustment, but they reflect Microsoft’s awareness of the growing need for transparent data management, especially with AI-powered tools that handle sensitive information. By actively listening to (and involving) users in deciding how Recall operates on their devices, Microsoft will, no doubt, be hoping to regain trust and re-establish Recall as a valuable productivity tool rather than a security risk.

Ultimately, whether these revisions are enough to win over privacy advocates remains to be seen. However, the revamped version of Recall marks a step in the right direction, highlighting how user feedback can shape technology in ways that benefit both functionality and security. Microsoft’s ability to adapt will likely be key to the long-term success of Recall and its broader Copilot+ initiative.

An Apple Byte : Apple Launching UK Roadside Assistance (Via Satellite)

Apple is set to extend its satellite messaging service, introducing a Roadside Assistance feature in the UK through a partnership with Green Flag. This new service, launching with the iPhone 16, will enable drivers to get help in areas with poor or no cellular coverage, using satellite connectivity.

Previously available only in the US, the satellite Roadside Assistance messaging service will mean that iPhone users will still be able to communicate with breakdown services without a mobile or Wi-Fi signal. Scheduled for release with the iPhone 16 later this autumn, it promises greater safety and convenience for iPhone-using motorists in remote areas.

Green Flag, the UK roadside assistance provider, will support Apple in deploying this satellite-driven service. Aimed particularly at regions where mobile coverage is unreliable, the service will be accessible via a new interface on the latest iPhone model. However, while generally effective in open spaces, its performance may be reduced under cover or near large obstructions (satellites usually need a clear line of sight).

Apple’s Roadside Assistance will operate on a pay-per-use basis, thereby offering flexibility for UK drivers who prefer not to commit to a full-time subscription. This new service is expected to set a new industry standard in emergency communications via satellite and could also encourage the broader adoption of satellite assistance technologies, thereby helping Apple to diversify its product offerings and enhance its strategic positioning within the technology sector.

Security Stop Press : Beware ChromeLoader Exploit Malware Website Campaign

An HP Wolf Security report has highlighted how hackers are leveraging a ChromeLoader exploit and using code-signing certificates and malvertising techniques to distribute malware via fake companies and websites.

As part of what appears to be a large-scale cyberattack, cybercriminals are reportedly exploiting the ChromeLoader vulnerability (ChromeLoader is a malicious browser extension) by using valid code-signing certificates (the digital certificates to verify software authenticity and integrity), allowing them to bypass Windows security measures like AppLocker without triggering user warnings.

The report highlights how the attackers set up fake companies to obtain these valid certificates or steal them from legitimate sources. These fake companies then host websites that offer seemingly legitimate tools, such as PDF readers or converters, to lure in victims.

The campaign uses malvertising (malicious advertising) to direct potential victims to the well-designed but malware-ridden websites which often appear in search results for popular keywords like “PDF converters” and “manual readers.”

Once victims visit these infected sites, their browsers can be hijacked, allowing attackers to redirect search queries to malicious sites, increasing the scope of their attacks.

HP’s report suggests that the scripts used in this campaign were likely developed using generative AI tools, making it easier and faster for cybercriminals to launch such attacks.

The advice to avoid ChromeLoader attacks is to only download software from trusted sources, be cautious of online ads, keep security features enabled, use antivirus software, and regularly update your browser and system.

Each week we bring you the latest tech news and tips that may relate to your business, re-written in an techy free style. 

Archives