In two recent blows to Apple, it’s just been fined £1.5bn for breaking EU competition laws over music streaming, while its latest iPhone update means allowing developers to offer their own ‘app stores’.

The Fine 

Following a complaint by Swedish music streaming service Spotify, Apple has been fined £1.5bn by the European Commission for abusing its market position by preventing developers from telling users about alternative, cheaper music services outside the Apple app store (which is illegal under EU antitrust rules). However, it’s been noted that the EC found no concrete evidence of consumer harm and Apple has said it will appeal.

The Update 

In other bad (but expected) news for Apple, in compliance with the Digital Markets Act (DMA), its latest iOS 17.4 update allows developers to offer their own ‘app stores’ (also referred to as ‘sideloading’). This means that users can download new software without going through the official App Store, and developers such as Google can now offer their own app store, which offers their own content and their own restrictions. However, developers will still have to pay a fee to Apple for installs.

Researchers from the University of Florida have reported how VoltSchemer, a set of attacks that exploit two commonly found features in commercial-off-the-shelf wireless chargers (COTS), can give attackers control over a phone then enable man-in-the middle attacks.

VoltSchemer attacks work by exploiting voltage noises from the power supply (electromagnetic interference) to manipulate wireless chargers without the need for any malicious modifications to the chargers themselves. The researchers were able to show how such attacks were successful on 9 top-selling wireless chargers and can also alter chargers to overheat and ‘fry’ phones.

Since these attacks rely on setting up a malicious power source in a specific location, the advice is to use your own personal charging port (e.g. the one at home) or your own portable charger/plug where possible.

ETH Zurich researchers have reported discovering an effective method for recovering gold from e-waste with the help of byproducts from the cheesemaking process.

Protein Fibre Sponge 

The group of researchers, led by ETH Professor Mezzenga, have reported using a sponge made from a protein matrix (a cheesemaking byproduct) to extract gold from e-waste.

The protein matrix/protein fibre sponge was made by denaturing whey proteins under acidic conditions and high temperatures, thereby aggregating them into protein nanofibrils in a gel. The gel was then dried to create the protein fibre sponge.

The Process 

To test the protein fibre sponge, the research team salvaged 20 old computer motherboards and extracted the metal parts. They then dissolved the parts in an acid bath to ionise the metals. The protein fibre sponge was then placed in the metal ion solution and the gold ions adhered to the protein fibres.

The final part of the process was to heat the sponge, thereby reducing the gold ions into flakes. These flakes were then melted down to form a gold nugget.

How Much Gold?

The researchers reported making a nugget of around 450 milligrams out of the 20 computer motherboards using this process. The nugget was reported to be 91 percent gold (the remainder being copper), which corresponds to 22 carats.

Not Just Gold 

Despite being particularly effective at extracting gold ions, the researchers reported that the process can also be used to extract other metal ions.

How Much Gold In E-Waste? 

It’s estimated that 7 per cent of the world’s gold may be currently locked-away in e-waste and that there is 100 times more gold in a tonne of e-waste than in a tonne of gold ore! Also, for every 1 million mobile phone handsets that are recycled, an estimated 35,274 lbs of copper, 772 lbs of silver, 75 lbs of gold, and 33 lbs of palladium can be recovered.

What Does This Mean For Your Business?

The growing pile of e-waste, the fact that in global terms only 20 per cent of e-waste is formally recycled, and that so much of the world’s gold (7 per cent), and other precious metals are locked up in e-waste are huge challenges. This ingenious method for gold recovery developed by the ETH Zurich researchers which uses a cheesemaking byproduct is, therefore, very promising in terms of sustainability.

The fact that it’s also reported to be a cost-effective method (and, therefore commercially viable) is a bonus that could see it being made ready for the market soon. Another benefit of this method is its flexibility, making it useful for extracting gold from industrial waste from microchip manufacturing or from gold-plating processes. It’s understood that the scientists are also eyeing the possibility of manufacturing the protein fibre sponges out of other protein-rich byproducts or waste products from the food industry, thereby potentially widening the scope and perhaps reducing the cost of the process even more.

Although apparently effective, it should be remembered that tackling the world’s e-waste problem needs a much wider approach. For example, creating a circular economy for electronic goods where waste is minimised, resources are maximised, the environment and health are protected, while businesses and developing economies can still meet their demand, would all help. However, there’s still quite a way to go before this can happen.

Some of the actions that could help bring these necessary changes about could include more legislation and having a more digital and connected world to help accelerate progress towards sustainable development goals. This could possibly be achieved through ‘device-as-a-service’ business models, better product tracking and take-back schemes, plus entrepreneurs, investors, academics, business leaders and lawmakers working together helping create a circular economy that really works.

The e-waste challenge is significant, but as the ETH Zurich researchers have shown, innovative yet relatively simple solutions exist and could have a major impact if scaled up.

Renaming multiple files one by one can be tedious and time-consuming. Windows File Explorer offers a simple way to batch rename files, which can be especially useful for organising documents, photos, or project files efficiently. Here’s how it works:

– Select the all the files you want to rename in File Explorer (mouse click and drag or Ctrl + A).

– Right-click just one of the selected files and choose Rename (or press F2).

– Type the new name for the files and press Enter.

– Windows will automatically append a number to each file to differentiate them

Here we look at some of the latest WhatsApp updates and the value and benefits they deliver to users.

Search Conversations By Date For Android 

The first of three new updates of significance for WhatsApp is the “search by date” function for individual and group chats on Android devices. Previously, this function had been available on other platforms (iOS, Mac desktop and WhatsApp Web).

As featured on Meta’s Mark Zuckerberg’s WhatsApp channel (Meta owns WhatsApp), WhatsApp users on Android can now search for a chat on a particular date (not just within a range). For example, one-on-one or group chat details can be date searched by tapping on the contact or the group name, tapping on the search button, and then tapping the calendar icon (right-hand side of the search box), and selecting the individual date. This feature is likely to deliver a better user experience by giving greater precision and control and potentially saving time in locating specific messages.

Privacy Boost From User Profile Change 

Another potentially beneficial boost to the privacy aspect of what is already an end-to-end encrypted messaging app is (in the beta version) closing the loophole on sharing profile pictures without consent, impersonation, and harassment by preventing users from taking screenshots within the app. If users try to screenshot a profile picture, for example, WhatsApp now displays a warning message. Although the ability to download profile pictures was stopped 5 years ago, it was still possible to take screenshots. Closing this loophole in the latest update should, therefore, contribute to greater user privacy and safety.

Minimum Age Lowered To 13 

One slightly more controversial change to WhatsApp’ T&C’s’s terms and conditions however is the lowering of the minimum age of users in Europe (and the UK) to 13 from 16. This brings the service in line with its minimum age rules in the US and Australia, and the move by WhatsApp was taken in response to new EU regulations, namely the Digital Services Act (DSA) and the Digital Markets Act (DMA), and to ensure a consistent minimum age requirement globally. The two new regulations have been introduced both to tackle illegal and harmful activities online and the spread of disinformation, and to help steer large online platforms toward behaving more fairly.

In addition to the minimum age change, WhatsApp is also updating its Terms of Service and Privacy Policies to add more details about what is or is not allowed on the messaging service and to inform users about the EU-US Data Privacy Framework. The framework is designed to provide reliable mechanisms for personal data transfers between the EU and the US in a way that’s compliant and consistent with both EU and US law, thereby ensuring data protection.

Criticism 

However, although the minimum age change (which may sound quite young to many parents) will be good for WhatsApp by expanding its user base and good for users by expanding digital inclusion and family connectivity, it has also attracted some criticism.

For example, the fact that there’s no checking/verification of how old users say they are (i.e. it relies on self-declaration of age and parental monitoring) has led to concerns that more reliable methods are needed. The concern, of course, also extends to children younger than 13 accessing online platforms (e.g. social media) despite the set age limits.

In Meta’s (WhatsApp’s) defence, however, it already protects privacy with end-to-end encryption and has resisted calls and pressure for government ‘back doors’. It has also taken other measures to protect young users. These include, for example, the ability to block contacts (and report problematic behaviour), control over group additions, the option to customise privacy settings, and more.

Competitors 

Regarding compliance with new EU regulations, the European Commission has been actively engaging with large online platforms and search engines, including Snapchat, under the Digital Services Act (DSA). Also, given the widespread impact of these regulations on digital platforms and their emphasis on data privacy and security, it is likely that Signal (a competitor), and other messaging and social media platforms, are taking steps to align with these new requirements.

Some people may also remember that Snapchat came under scrutiny last summer from the UK’s data regulator to determine if it is effectively preventing underage users from accessing its platform. The investigation was in response to concerns about Snapchat’s measures to remove children under 13, as UK law required parental consent for processing the data of children under this age.

What Does This Mean For Your Business? 

The latest WhatsApp updates, alongside the broader implications of new EU and UK regulations, herald potentially significant shifts for businesses, messaging app users, and the industry at large. These changes, encompassing enhanced search functionalities, privacy safeguards, and adjustments to user age limits, will reshape some user experiences and offer both challenges and opportunities.

The “search by date” function for Android users should enhance user convenience and accessibility, save time, facilitate precise and efficient message retrieval, plus improve user engagement and satisfaction. Businesses leveraging WhatsApp for customer service or internal communications, for example, could find this feature particularly beneficial, i.e. by enabling quicker access to pertinent information, and streamlined interactions.

The extra privacy enhancements essentially reflect a growing industry-wide focus on user security and digital safety and will strengthen individual privacy (always welcome). They also emphasise the importance of user-consent and control over personal information and should remind businesses of the need to prioritise and manage user data both in line with (evolving) regulatory standards and today’s consumer expectations.

The adjustment of WhatsApp’s minimum user age in Europe and the UK presents a bit more of a nuanced landscape. While aiming to broaden digital inclusion and connectivity, this change also highlights the complexities of age verification and online safety. Messaging and other platforms, however, must find ways to navigate these complexities, ensuring compliance while fostering a safe and inclusive digital environment for younger users.

The broader context of the DSA and DMA, along with similar regulatory efforts in the UK, signal the transformative period that digital platforms are now in and although we can all see the benefit of curtailing harmful online activities, there’s also an argument for resisting pressure to go as far as giving governments back doors (thereby destroying the privacy and exposing to other risks). Messaging apps and social media platforms, including WhatsApp and its competitors (e.g. Snapchat, Signal, and others) have known regulations were coming, probably expect more in future, and are now having to adapt to enable compliance and retain trust while introducing other features valued for users at the same time.

Businesses using apps like WhatsApp (which also has a specific business version) are likely to already value its privacy features, e.g. its end-to-end encryption, for data protection. As such, they are unlikely to oppose any more helpful privacy-focused, or improved user experience changes, as long as they don’t interfere with the ease of use of the app (or result in extra costs).

In this, the first of a series of three articles explaining DMARC and email authentication, we look at why SPF, DKIM, and DMARC are the key pillars of email authentication.

The Issue 

Businesses face numerous cyber threats, with email being one of the most common attack vectors. Phishing, spoofing, and malware are prevalent issues, making email security a top priority.

Effective email authentication mechanisms/protocols, therefore, like SPF, DKIM, and DMARC are ways to improve email security and are crucial in mitigating these threats, ensuring only authenticated emails reach their destination.

What Is SPF? 

The SPF (Sender Policy Framework) email authentication protocol helps prevent email spoofing by allowing domain owners to specify which mail servers can send emails on their behalf, i.e. to verify the sender of an email message.

This is achieved by publishing SPF records in the domain’s DNS (Domain Name System). DNS is the internet’s system for translating domain names into IP addresses, enabling users to access websites by typing human-readable names instead of numerical codes.

When an email is sent, the recipient’s mail server checks this record to verify the email’s origin. If the server isn’t listed, the email could be rejected or marked as spam.

What Is DKIM?  

DKIM (DomainKeys Identified Mail) adds an additional security layer by attaching a digital signature to outgoing emails. This signature, verified against a public key in the sender’s DNS, ensures the email’s content hasn’t been altered in transit. DKIM’s role in email authentication, therefore, strengthens the integrity and trustworthiness of email communication.

What Is DMARC? 

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. DMARC is essentially an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorised use, such as email spoofing. It does this by allowing them to specify and enforce policies on how their email should be handled if it fails SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) checks, and it provides a way for receiving email servers to report back to the sender about emails that pass or fail these authentication methods. Essentially, DMARC is a set of rules and reporting protocols added to a domain’s DNS records to improve and monitor the security of the email ecosystem associated with that domain.

DMARC, therefore, offers a way to unify SPF and DKIM’s capabilities, allowing domain owners to define how unauthenticated emails should be handled, and it provides detailed feedback on all emails sent from the domain, aiding in the detection and prevention of unauthorised use and email spoofing.

The Evolving Email Security Landscape – Recent Changes By Email Providers 

In response to a surge in email fraud and to comply with global data protection regulations like the GDPR, major email platforms are tightening their email authentication policies. For example, Google and Yahoo recently (February) expanded their guidelines for high-volume emailers. Yahoo said: “Sending properly authenticated messages helps us to better identify and block billions of malicious messages and declutter our users’ inboxes.”   

As an indication of how serious the problem is, it’s estimated that half of the 300 billion emails sent per day are spam … to reiterate, that’s 150 billion spam emails sent each day! Google, for example, says it blocks a staggering 15 billion unwanted emails every day (spam, phishing, and malware).

The regulatory landscape, demanding higher standards of data privacy and security, plus the sheer volume of spam/phishing/spoofing/malware emails have now catalysed action in the form of platforms trying to enforce stricter measures.

For UK businesses, therefore, adapting to these enhanced authentication standards is crucial to ensure emails reach their intended recipients and to maintain compliance with data protection laws, preventing emails from being lost to spam folders or blocked.

The Necessity for DMARC, SPF, and DKIM 

For the reasons just outlined, implementing DMARC, alongside SPF and DKIM, has now transitioned from a best practice to a necessity, hence a sudden push by many platforms to verify domains. These protocols are fundamental in validating email sources, ultimately enhancing deliverability, and protecting against cyber threats. Although it can feel like an extra hoop for businesses to jump through, their adoption ensures that businesses maintain their credibility and that their communications are effectively received.

What Does This Mean For Your Business?

For UK businesses, the implications of not implementing these email authentication protocols can be significant. Without proper setup, domains are at risk of being used for email spoofing, leading to potential data breaches and loss of customer trust. Additionally, non-compliance with the updated policies of email providers can result in emails being undelivered, affecting operations and communications.

To navigate this landscape therefore, businesses must adopt a proactive approach, regularly reviewing and updating their SPF, DKIM, and DMARC configurations to combat evolving threats. This involves not only technical adjustments but also staying informed about the latest in email security practices and threats.

It’s important to remember that adhering to these email authentication standards is not merely about compliance, it’s about securing your digital communication channels. By implementing SPF, DKIM, and DMARC, businesses can significantly reduce the risk of cyber-attacks initiated via email, safeguard their digital assets, and ensure the integrity of their email communications.

Next Time …. 

In this first of three in the series, we’ve looked at understanding the basics of email authentication and its significance in the digital age, i.e. looking at SPF, DKIM, and DMARC and their importance as business cybersecurity tools.

In the next week’s (second) in the three-part DMARC Diligence Tech Insight series, we’ll be taking a look at the critical but often neglected issue of securing multiple domains, including those not actively used for sending emails. It will emphasise the importance of applying DMARC policies to these “forgotten” domains to prevent them from being exploited in cyber-attacks, offering guidance on implementing comprehensive email authentication strategies across all owned domains.