A guide to iOS 18's hidden features and smaller updates

by with No Comment Tech

Apple-WWDC24-iOS-18

Image Credits: Apple

Apple’s iOS 18 update became available to all users on September 16. Ahead of the release of Apple Intelligence, the most important new features have been the ability to customize icons on the Home Screen, swap out app shortcuts on the Lock Screen, the redesigned Control Center, support for RCS, and the new Passwords app.

But there are a ton of other small and fun changes that might be useful, as well.

We put together a list of some of our favorite under-the-radar features that you might have missed.

Settings

Instead of listing all apps on the main page of the Settings app, which can lead to a lot of scrolling for those with a lot of apps installed, Apple now has a separate Apps menu dedicated to your apps. This cleans up the busy Settings screen and makes it more obvious where to find controls for individual apps.

Image Credits: Screenshot by TechCrunch

Photos

The Photos app now allows you to view your photo library without screenshots. You can tap on the sorting icon in the bottom left corner and uncheck screenshots under “View Options” to hide your screenshots from view.The Utilities collection in the Photos app has new content types like documents, receipts, handwriting, illustrations, and QR codes to make it easier to find certain information in your photos. Plus, you can view recently added, edited, and shared media items.The Photos app automatically suggests photos that are suited for wallpapers.You can now copy edits from one photo to another, including aspect ratio for crop, exposure, and white balance.The Photos app also organizes your travels automatically in a Trips section and groups together people and pets, so you can find photos that contain both your partner and your cat, for instance. A new video speed control feature lets you create slowed-down video effects.

Camera

One of the prime complaints for users was that music playing through earphones paused when they were taking a photo or a video. iOS 18 solves that problem, as music will continue to play through Bluetooth connections when snapping a photo or video. The Camera app also gets a new 5-second timer along with existing 3- and 10-second timers.

Control Center

You can customize your Control Center with widgets and buttons on iOS 18. In addition, one of the key changes in the new view is that you now have a power button in the top-right corner. This means you don’t have to hold the power button and volume down to turn off the device — you can access it from the Control Center instead.

Image Credit: Screenshot by TechCrunch

Messages

The Messages app finally lets you schedule messages for later, but this option is hidden in the + menu, rather than as an option associated with the send button, which could make it hard to find.

Image Credits: Screenshot by TechCrunch

iMessage also now lets you send images in full resolution up to 100MB in size.Text Effects add animated effects to any letter, word, or phrase, like Explode or Ripple, making conversations more visually interesting. You can also add text formatting like bold, underline, italics and strikethrough. When off the grid, you can send messages via satellite when you otherwise don’t have a signal. You can now “Tapback” with any emoji or sticker and multiple Tapbacks are spread out so you can more easily see the most recent three that were added.

Safari

Safari now has a feature to remove distracting items from a webpage. This feature won’t let you remove ads, but it can clean up some areas of the website you don’t need or don’t want to see. For instance, if a website insists that you sign up for their email newsletter, you can hide the signup box. (The Browser Company’s Arc browser implemented a similar feature last year.)Summary highlights will let you read a summary of an article before reading the whole thing. Other highlights will point you to helpful information about people, music, movies or TV shows.

Weather

The Weather app now has a widget prominently displaying Fees Like temperature merged with the actual temperature in the detailed view. So you can easily compare both.The Weather app will also show wind speeds, gusts, and directions more prominently.You can now set Home and Work locations from contacts in the Weather app.

Siri

AirPods now let you respond to Siri message announcements by shaking or nodding your head. That means you can receive or reject calls by mere gestures.

Weather view iOS 18
Image Credit: Screenshot by TechCrunch
Image Credits: Screenshot by TechCrunch

Podcasts

The new Podcasts app allows you to jump to a specific chapter from the progress bar if a podcast has defined them.The Podcasts app also gets the ability to reorder and remove episodes in the listening queue.You can share a specific part of a podcast using the podcast transcript.

Maps

Maps has added new topographic maps, hikes, and route creation, rivaling popular third-party tools like AllTrails.The Maps app will let you save hikes available across all U.S. national parks offline. Plus, you can create and save your own walking and hiking routes.Apple is making the Maps app more useful for discovery by letting you compare places by browsing photos, ratings, and price levels.

Notes

Notes now support collapsible sections so you can build structured documents within the app. The app has also added audio recording support, meaning you can record an audio session right from your note so you can keep the audio together with your comments, checklists, and documents. You can even edit the note while recording. The Notes app also supports PDF inline search and different colored highlighting.Both Notes and Calculator support solving math equations. You can also add various graphs and variables related to equations.

Image Credits: Apple

Mail

The Mail app finally has a way to group emails by a sender. You can perform quick actions on them, including marking emails as read, and deleting and archiving them.A new Transactions category will help you more easily find order confirmations, receipts, shipping, and travel information. Meanwhile, an Updates category will collect your Newsletters, news items, and social updates in one place, similar to Gmail.From Transactions, Updates, and Promotions, those items that are time-sensitive will still appear in the Primary section. (They’ll also be labeled with their category icon for easy reference.)There are new cleanup tools available from the Mail app, plus on iCloud.com, and via iCloud Mail settings.

Utilities and Keyboard

The keyboard now supports multiple languages in one keyboard. It also detects the last language you use in apps like Messages and switches automatically.Apple has also introduced a unified picker for emojis and stickers in the keyboard and made them both searchable.The Calculator can now evaluate expressions, assign variables, and create graphs. You can ask permission to remotely control a friend’s device when providing tech support. The flashlight interface on select phones has a fun new makeover for iOS 18. You can control variable brightness and a way to adjust the width of the beam.

Journal

The Journal app lets you log your mood. The time you spend writing in the journal will be logged in mindful minutes.The app also has support for audio transcriptions and printing your entries.You can add reminders to write and prompts to your Home Screen via widgets to get you in the habit of journaling.

Calendar and Reminders

With iOS 18, Calendar will show timed reminders, and you can create new items or edit them directly in the app.The Calendar also has new views for days, weeks, and months, so you can easily skim through your schedule.Separately, the Reminders app now has multilingual grocery lists and recently deleted lists.Apple now allows you to quickly set up new items for family lists like shared calendars, grocery lists, and password lists.

Files

The Files app lets you keep specific iCloud files or folders on your phone, always downloaded and synced.iPhones with iOS 18 now support more file formats, including APFS, exFAT, or MS-DOS (Fat32), while formatting external drives. You can also erase these drivers from the Files app.

Apple TV app

The Apple TV app now has Amazon Prime Video’s X-Ray-like feature called InSight that displays information about the actors and music in a show or movie. A new ‘enhance dialog’ feature will help you better hear what’s being said, even during scenes with loud effects and music.

Home

With the Home app update for iOS 18, you can unlock connected doors hands-free. You can also add up to 29 guests to give them time-based access.You can unlock Ultra Wideband-compatible smart locks (available next year) without taking your phone out of your pocket.

Accessibility

iOS 18 has new accessibility features, including eye tracking to control the interface of your phone.

Plus, users can set custom utterances to invoke actions such as going to the Home screen, opening the camera, triggering a shortcut, or invoking a Siri request.

Image Credits: Apple

iOS 18 also has vehicle motion cues in the form of dots on the edges of the screen to help you with motion sickness. These dots will give you an indication of the vehicle’s movement. You can set it on, off, or in automatic detection mode.Music Haptics will match the iPhone Taptic Engine with the rhythm of songs allowing the deaf and hard of hearing to enjoy Apple Music.

Additional reporting: Sarah Perez

Welcome to the fediverse: Your guide to Mastodon, Threads, Bluesky and more

by with No Comment Tech

Fediverse, Mastodon, Threads, Bluesky

Image Credits: Bryce Durbin / TechCrunch

Once upon a time, in a galaxy not so far away (this one, in fact), a few internet rebels decided that they were tired of the corporate overlords controlling their online lives. Thus, the fediverse was born — an attempt to wrest control of microblogging services, such as Twitter and its ilk, away from centralized powers and into the hands of the people.

The term “fediverse” combines “federation” and “universe.” In a nutshell, it’s a collection of social networking services that can communicate with each other (formally known as federation).

The fediverse roots trace back to the 2000s, with the rise of projects like StatusNet, which later evolved into GNU social. The big bang happened in 2016 when Mastodon, an open-source microblogging platform, entered the scene. Since then, myriad decentralized platforms have sprouted, including Bluesky (although that one falls in a slightly different category – more about that in just a moment), Threads, and Pleroma, each with its unique flavor, all united by their disdain for Big Tech’s centralized control.

GNU Social and StatusNet were the pioneers. They aimed to create a more open and free web, where users controlled their data and interactions. StatusNet’s most notable instance, identi.ca, was an early example of a federated social network. However, these platforms struggled to gain mainstream traction due to technical complexity and limited user bases – kinda like the early days of crypto, come to think of it.

Then, in 2016, Mastodon entered the scene. It was created by Eugen Rochko, a Russia-born software developer who decamped to Germany. With a familiar interface and an emphasis on user experience, Mastodon quickly became the poster child of the fediverse. Its success lay in balancing decentralization with usability, attracting users tired of Twitter’s toxic environment and draconian policies. Mastodon’s growth was exponential, sparking interest and spawning numerous other fediverse projects.

Why the fediverse could be the next big thing in social media

The fediverse isn’t just another social media platform; it’s a rallying cry and a manifesto of sorts. Here are a few reasons why its fans believe it’s the next big thing:

Power to the people: With decentralization as its rallying cry, no single entity controls the fediverse. It’s like the Wild West but with fewer guns and (a lot) more memes. This decentralization means users have more control over their data and interactions. Each server operates independently yet can still communicate with others, creating a vast, interconnected network. This structure prevents the concentration of power and mitigates the risks associated with data breaches and surveillance.

Your data, your rules: Privacy often plays a big part in the conversation around the fediverse. Unlike certain social media giants, fediverse platforms claim they don’t sell your data to the highest bidder. Many instances prioritize user privacy, with policies prohibiting data mining and tracking. Users can choose servers with privacy-focused practices and even host their own instances for maximum control. This approach appeals to those concerned about their digital footprint and the pervasive surveillance of corporate social media.

Like the OG internet: The fediverse fosters small, tight-knit communities where you can actually have meaningful conversations instead of screaming into the void. Each server often caters to specific interests or values, enabling users to find like-minded individuals. This community-centric approach contrasts sharply with the global, often chaotic nature of platforms like Twitter and Facebook, where meaningful interactions are buried under a deluge of noise.

Have it your way: If your perfect blend of spices doesn’t exist, you can make your own: The software is open-source, so you can go ham with the hacking. Want a purple interface where all posts are automatically translated into Klingon? You do you, boo. The fediverse’s flexibility allows users to customize their experiences, from interface design to functionality. Developers can create and share modifications, enhancing the platform’s capabilities and fostering innovation. This adaptability — at least in theory — ensures that the fediverse evolves with its users, staying relevant and responsive to their needs.

Key players in the fediverse

The fediverse is kinda like “Being John Malkovich” in that there are a lot of actors, but they all kind of look alike. This is where a lot of the confusion comes from. Here are some of the key players worth being aware of:

Mastodon is an open-source, decentralized social network within the broader fediverse. It enables users to create and join independent, interconnected communities or instances governed by rules and moderation policies. This structure promotes user autonomy and content diversity while reducing reliance on centralized control. By offering a more user-centric alternative to traditional social media platforms, Mastodon has long been a key player and plays a crucial role in the fediverse, fostering a collaborative and resilient digital landscape emphasizing privacy, free expression, and community-driven interaction.

Threads is Meta’s runner in the fediverse race. It uses the ActivityPub protocol, which lets Threads fly the platform interoperability flag the fediverse is known for – although Meta has received some criticism for being slow to fully participate. Still, with the weight of Meta behind it, Threads positions itself as a key player in the evolution of a more connected and diverse online ecosystem.

Pleroma is another microblogging platform, similar to Mastodon but lighter and more customizable. Developed by Lain and based on the Elixir programming language, Pleroma offers greater flexibility and performance. It’s a favorite among tech-savvy users who want more control over their social media experience. Pleroma’s modularity allows it to integrate various features from other platforms, making it a versatile choice for those looking to escape the mainstream.

For those who love Instagram but hate its corporate antics, Pixelfed is the answer. This photo-sharing platform focuses on privacy and user control. It offers a familiar interface, complete with filters and photo albums, but without the ads and algorithms pushing sponsored content. Pixelfed is perfect for photographers, artists and anyone who wants to share visual content without the noise of traditional social media.

Friendica, meanwhile, is a versatile platform that can connect with almost any other social network. It supports many protocols, including ActivityPub (used by Mastodon and Pleroma), Diaspora, and even old-school protocols like RSS. Friendica is a great choice for users who want to bridge the gap between the fediverse and traditional social media platforms. Its flexibility and integration capabilities make it the ultimate social network aggregator.

YouTube’s video-sharing dominance is undeniable, but PeerTube offers a decentralized alternative. Developed by Framasoft, PeerTube enables users to host their own video servers, interconnecting with other instances to share content. This decentralization ensures that no single entity controls the platform, promoting free speech and diverse content. PeerTube is often held up as the ideal for creators who value independence and want to escape the ad-driven, algorithmic world of YouTube.

Bluesky (bsky among friends) is an interesting player in this space. As a brainchild of Twitter founder Jack Dorsey, Bluesky’s focus on open protocols aims to dismantle the monopolistic hold of major social media companies, although, interestingly, Bluesky chose to use the AT protocol, which is similar, but adds account portability (the ability to take your account from one platform to another). Is it technically part of the fediverse? Many say it isn’t – but given its popularity, we figured we’d include it here for completeness.

Wait, are there really no downsides to the fediverse?

Welllll… Of course, it’s not all rainbows and unicorns. The fediverse has its own set of issues and growing pains

Too many cooks. With great power comes great responsibility. In this case, a million tiny servers, each with its own rules. This fragmentation can make the fediverse feel disjointed, with varying levels of quality and user experience. Navigating this landscape can confuse newcomers who may struggle to find the right instance or understand the platform’s nuances. While diversity is a strength, it also presents challenges regarding coherence and user adoption.

Only the tech-savvy need apply? Setting up and maintaining your own server can be a headache unless you’re a tech wizard, and the “only nerds may apply” vibe runs strong. The technical barrier to entry can be daunting, deterring less tech-savvy users from fully engaging with the fediverse. While user-friendly instances exist, the overall complexity remains a hurdle for widespread adoption. Simplifying the user experience and lowering technical barriers will be crucial for the fediverse’s growth.

The popular kid on the block. Some platforms struggle under the weight of their own popularity. Growing pains, they call it, which makes sense, but it doubles down on the tech-savvy vibe from above: Instances can become overwhelmed by a sudden influx of users, leading to performance issues and downtime for folks who are least likely to tolerate (or know what to do with) sudden downtime. This scalability problem highlights the challenges of maintaining decentralized networks without the resources of corporate giants. Balancing growth and stability will be essential for the fediverse’s sustainability — and continue to be one of its biggest stumbling blocks.

Wait, what’s with all the racism? Without a central authority, content moderation can be hit or miss. And let’s be honest, especially in the early days, users are experiencing more misses than hits. Each instance sets its own moderation policies, leading to inconsistencies and potential conflicts. While this allows for diverse community standards, it also means that harmful content can proliferate on poorly moderated servers. Anyone who’s run a popular social network knows that effective and consistent moderation is critical to ensuring safe and welcoming environments, but achieving this across a decentralized network is… let’s call it “an unsolved challenge.”

What’s next for the fediverse?

Lemme bust out the crystal ball and see if I can come up with some predictions. Will it overthrow the social media titans and usher in a new era of digital utopia? Probably not — or at least not for a while. But there is hope for it to play to its strengths and continue to grow as a haven for those tired of being commodified by Big Tech.

I expect more platforms to join the fray, each more niche than the last. The fediverse’s open nature encourages innovation, and we can anticipate a proliferation of new projects catering to specific communities and interests. This diversity will enrich the ecosystem, offering users more choices and fostering a vibrant digital culture. However, it will also exacerbate the challenges of fragmentation and interoperability.

Indeed, the way that these platforms talk to each other is through various protocols, which, let’s be frank, only a handful of people will understand or care about. ActivityPub currently dominates the fediverse, but other protocols like Zot and Diaspora have their proponents. In the future, we will likely see ongoing efforts to improve and standardize these protocols, enhancing cross-platform communication and integration. This technical evolution will be crucial for the fediverse’s cohesion and growth.

Mainstream adoption remains a significant challenge. There is a handful of extremely popular microblogging platforms, all of which are significant competitors to the fediverse. Its complex nature and decentralized ethos may deter the average user accustomed to the simplicity and familiarity of corporate social media. To attract a broader audience, the fediverse will have to find a way to streamline its user experience, improve accessibility and offer compelling alternatives to mainstream platforms. Collaboration with privacy advocates, open-source communities and digital rights organizations could also help raise awareness and drive adoption.

In the long run, it’s going to be interesting to see how the tech giants respond. As the fediverse gains traction, it’s only a matter of time before the usual suspects start to pay notice (Meta, Google, X, Amazon – yes, I’m looking at y’all). While this could bring resources and attention, it also risks undermining the very principles that define the fediverse. The community will have to navigate these waters carefully, balancing growth with integrity.

All we are is another click in the wall

In the end, the fediverse will probably remain a quirky, fragmented and occasionally frustrating part of the internet. But it’s a digital home worth exploring for those who value privacy, community and control. Don’t forget to bring your sense of adventure — and maybe a manual on setting up servers.

The most exciting thing about the fediverse is that it ain’t about perfection; it’s about possibilities and counter-culture. It’s a grand experiment in what the internet could be — free from the monopolistic tendencies of Big Tech, driven by community values, and open to endless innovation. So, whether you’re a tech enthusiast, a privacy advocate or just someone tired of the same old social media grind, give the fediverse a shot. The potential win is the chance of finding your digital tribe among the chaos.

Welcome to the fediverse: Your guide to Mastodon, Threads, Bluesky and more

by with No Comment Tech

Fediverse, Mastodon, Threads, Bluesky

Image Credits: Bryce Durbin / TechCrunch

Once upon a time, in a galaxy not so far away (this one, in fact), a few internet rebels decided that they were tired of the corporate overlords controlling their online lives. Thus, the fediverse was born — an attempt to wrest control of microblogging services, such as Twitter and its ilk, away from centralized powers and into the hands of the people.

The term “fediverse” combines “federation” and “universe.” In a nutshell, it’s a collection of social networking services that can communicate with each other (formally known as federation).

The fediverse roots trace back to the 2000s, with the rise of projects like StatusNet, which later evolved into GNU social. The big bang happened in 2016 when Mastodon, an open-source microblogging platform, entered the scene. Since then, myriad decentralized platforms have sprouted, including Bluesky (although that one falls in a slightly different category – more about that in just a moment), Threads, and Pleroma, each with its unique flavor, all united by their disdain for Big Tech’s centralized control.

GNU Social and StatusNet were the pioneers. They aimed to create a more open and free web, where users controlled their data and interactions. StatusNet’s most notable instance, identi.ca, was an early example of a federated social network. However, these platforms struggled to gain mainstream traction due to technical complexity and limited user bases – kinda like the early days of crypto, come to think of it.

Then, in 2016, Mastodon entered the scene. It was created by Eugen Rochko, a Russia-born software developer who decamped to Germany. With a familiar interface and an emphasis on user experience, Mastodon quickly became the poster child of the fediverse. Its success lay in balancing decentralization with usability, attracting users tired of Twitter’s toxic environment and draconian policies. Mastodon’s growth was exponential, sparking interest and spawning numerous other fediverse projects.

Why the fediverse could be the next big thing in social media

The fediverse isn’t just another social media platform; it’s a rallying cry and a manifesto of sorts. Here are a few reasons why its fans believe it’s the next big thing:

Power to the people: With decentralization as its rallying cry, no single entity controls the fediverse. It’s like the Wild West but with fewer guns and (a lot) more memes. This decentralization means users have more control over their data and interactions. Each server operates independently yet can still communicate with others, creating a vast, interconnected network. This structure prevents the concentration of power and mitigates the risks associated with data breaches and surveillance.

Your data, your rules: Privacy often plays a big part in the conversation around the fediverse. Unlike certain social media giants, fediverse platforms claim they don’t sell your data to the highest bidder. Many instances prioritize user privacy, with policies prohibiting data mining and tracking. Users can choose servers with privacy-focused practices and even host their own instances for maximum control. This approach appeals to those concerned about their digital footprint and the pervasive surveillance of corporate social media.

Like the OG internet: The fediverse fosters small, tight-knit communities where you can actually have meaningful conversations instead of screaming into the void. Each server often caters to specific interests or values, enabling users to find like-minded individuals. This community-centric approach contrasts sharply with the global, often chaotic nature of platforms like Twitter and Facebook, where meaningful interactions are buried under a deluge of noise.

Have it your way: If your perfect blend of spices doesn’t exist, you can make your own: The software is open-source, so you can go ham with the hacking. Want a purple interface where all posts are automatically translated into Klingon? You do you, boo. The fediverse’s flexibility allows users to customize their experiences, from interface design to functionality. Developers can create and share modifications, enhancing the platform’s capabilities and fostering innovation. This adaptability — at least in theory — ensures that the fediverse evolves with its users, staying relevant and responsive to their needs.

Key players in the fediverse

The fediverse is kinda like “Being John Malkovich” in that there are a lot of actors, but they all kind of look alike. This is where a lot of the confusion comes from. Here are some of the key players worth being aware of:

Mastodon is an open-source, decentralized social network within the broader fediverse. It enables users to create and join independent, interconnected communities or instances governed by rules and moderation policies. This structure promotes user autonomy and content diversity while reducing reliance on centralized control. By offering a more user-centric alternative to traditional social media platforms, Mastodon has long been a key player and plays a crucial role in the fediverse, fostering a collaborative and resilient digital landscape emphasizing privacy, free expression, and community-driven interaction.

Threads is Meta’s runner in the fediverse race. It uses the ActivityPub protocol, which lets Threads fly the platform interoperability flag the fediverse is known for – although Meta has received some criticism for being slow to fully participate. Still, with the weight of Meta behind it, Threads positions itself as a key player in the evolution of a more connected and diverse online ecosystem.

Pleroma is another microblogging platform, similar to Mastodon but lighter and more customizable. Developed by Lain and based on the Elixir programming language, Pleroma offers greater flexibility and performance. It’s a favorite among tech-savvy users who want more control over their social media experience. Pleroma’s modularity allows it to integrate various features from other platforms, making it a versatile choice for those looking to escape the mainstream.

For those who love Instagram but hate its corporate antics, Pixelfed is the answer. This photo-sharing platform focuses on privacy and user control. It offers a familiar interface, complete with filters and photo albums, but without the ads and algorithms pushing sponsored content. Pixelfed is perfect for photographers, artists and anyone who wants to share visual content without the noise of traditional social media.

Friendica, meanwhile, is a versatile platform that can connect with almost any other social network. It supports many protocols, including ActivityPub (used by Mastodon and Pleroma), Diaspora, and even old-school protocols like RSS. Friendica is a great choice for users who want to bridge the gap between the fediverse and traditional social media platforms. Its flexibility and integration capabilities make it the ultimate social network aggregator.

YouTube’s video-sharing dominance is undeniable, but PeerTube offers a decentralized alternative. Developed by Framasoft, PeerTube enables users to host their own video servers, interconnecting with other instances to share content. This decentralization ensures that no single entity controls the platform, promoting free speech and diverse content. PeerTube is often held up as the ideal for creators who value independence and want to escape the ad-driven, algorithmic world of YouTube.

Bluesky (bsky among friends) is an interesting player in this space. As a brainchild of Twitter founder Jack Dorsey, Bluesky’s focus on open protocols aims to dismantle the monopolistic hold of major social media companies, although, interestingly, Bluesky chose to use the AT protocol, which is similar, but adds account portability (the ability to take your account from one platform to another). Is it technically part of the fediverse? Many say it isn’t – but given its popularity, we figured we’d include it here for completeness.

Wait, are there really no downsides to the fediverse?

Welllll… Of course, it’s not all rainbows and unicorns. The fediverse has its own set of issues and growing pains

Too many cooks. With great power comes great responsibility. In this case, a million tiny servers, each with its own rules. This fragmentation can make the fediverse feel disjointed, with varying levels of quality and user experience. Navigating this landscape can confuse newcomers who may struggle to find the right instance or understand the platform’s nuances. While diversity is a strength, it also presents challenges regarding coherence and user adoption.

Only the tech-savvy need apply? Setting up and maintaining your own server can be a headache unless you’re a tech wizard, and the “only nerds may apply” vibe runs strong. The technical barrier to entry can be daunting, deterring less tech-savvy users from fully engaging with the fediverse. While user-friendly instances exist, the overall complexity remains a hurdle for widespread adoption. Simplifying the user experience and lowering technical barriers will be crucial for the fediverse’s growth.

The popular kid on the block. Some platforms struggle under the weight of their own popularity. Growing pains, they call it, which makes sense, but it doubles down on the tech-savvy vibe from above: Instances can become overwhelmed by a sudden influx of users, leading to performance issues and downtime for folks who are least likely to tolerate (or know what to do with) sudden downtime. This scalability problem highlights the challenges of maintaining decentralized networks without the resources of corporate giants. Balancing growth and stability will be essential for the fediverse’s sustainability — and continue to be one of its biggest stumbling blocks.

Wait, what’s with all the racism? Without a central authority, content moderation can be hit or miss. And let’s be honest, especially in the early days, users are experiencing more misses than hits. Each instance sets its own moderation policies, leading to inconsistencies and potential conflicts. While this allows for diverse community standards, it also means that harmful content can proliferate on poorly moderated servers. Anyone who’s run a popular social network knows that effective and consistent moderation is critical to ensuring safe and welcoming environments, but achieving this across a decentralized network is… let’s call it “an unsolved challenge.”

What’s next for the fediverse?

Lemme bust out the crystal ball and see if I can come up with some predictions. Will it overthrow the social media titans and usher in a new era of digital utopia? Probably not — or at least not for a while. But there is hope for it to play to its strengths and continue to grow as a haven for those tired of being commodified by Big Tech.

I expect more platforms to join the fray, each more niche than the last. The fediverse’s open nature encourages innovation, and we can anticipate a proliferation of new projects catering to specific communities and interests. This diversity will enrich the ecosystem, offering users more choices and fostering a vibrant digital culture. However, it will also exacerbate the challenges of fragmentation and interoperability.

Indeed, the way that these platforms talk to each other is through various protocols, which, let’s be frank, only a handful of people will understand or care about. ActivityPub currently dominates the fediverse, but other protocols like Zot and Diaspora have their proponents. In the future, we will likely see ongoing efforts to improve and standardize these protocols, enhancing cross-platform communication and integration. This technical evolution will be crucial for the fediverse’s cohesion and growth.

Mainstream adoption remains a significant challenge. There is a handful of extremely popular microblogging platforms, all of which are significant competitors to the fediverse. Its complex nature and decentralized ethos may deter the average user accustomed to the simplicity and familiarity of corporate social media. To attract a broader audience, the fediverse will have to find a way to streamline its user experience, improve accessibility and offer compelling alternatives to mainstream platforms. Collaboration with privacy advocates, open-source communities and digital rights organizations could also help raise awareness and drive adoption.

In the long run, it’s going to be interesting to see how the tech giants respond. As the fediverse gains traction, it’s only a matter of time before the usual suspects start to pay notice (Meta, Google, X, Amazon – yes, I’m looking at y’all). While this could bring resources and attention, it also risks undermining the very principles that define the fediverse. The community will have to navigate these waters carefully, balancing growth with integrity.

All we are is another click in the wall

In the end, the fediverse will probably remain a quirky, fragmented and occasionally frustrating part of the internet. But it’s a digital home worth exploring for those who value privacy, community and control. Don’t forget to bring your sense of adventure — and maybe a manual on setting up servers.

The most exciting thing about the fediverse is that it ain’t about perfection; it’s about possibilities and counter-culture. It’s a grand experiment in what the internet could be — free from the monopolistic tendencies of Big Tech, driven by community values, and open to endless innovation. So, whether you’re a tech enthusiast, a privacy advocate or just someone tired of the same old social media grind, give the fediverse a shot. The potential win is the chance of finding your digital tribe among the chaos.

grenade/bomb, made from computer keyboard

A startup's guide to cyberthreats — threat modeling and proactive security

by with No Comment Tech

grenade/bomb, made from computer keyboard

Image Credits: Peter Dazeley / Getty Images

Cherlynn Cha

Contributor

Cherlynn Cha is the security operations center manager at ExpressVPN. With her expertise in threat hunting, incident response, cloud security, automation, and brand protection, Cherlynn plays a crucial role in protecting the security and privacy of ExpressVPN’s over 4 million subscribers worldwide.

In today’s interconnected world, cyberthreats are everywhere, and they’re always changing. Startups can’t afford to ignore the importance of securing their digital infrastructure. Waiting until a security breach happens can lead to severe consequences, such as financial losses and reputational damage.

Recently, ExpressVPN collaborated with Linking Help, the NGO behind UA.SUPPORT that provides pro bono legal support to Ukrainian refugees, to conduct a threat modeling analysis. The objective was to identify security concerns and provide effective mitigation measures. Inspired by this experience, I want to share our methodology with the wider community and empower you to enhance your security posture — even with limited resources and other business pressures.

Unmasking exploits with threat modeling

Threat modeling is a key practice for strengthening digital defenses. Simply put, it involves understanding and knowing your organization, so others can’t cause you harm. The goal is to raise awareness of security gaps and minimize the risk of potential exploits by systematically analyzing potential avenues for abuse.

Various threat modeling standards and frameworks exist, and the right choice for you depends on your specific context. Instead of telling you which of these to use, we will focus on the underlying methodology that we used to conduct threat modeling for UA.SUPPORT, thereby generating efficient and practical security recommendations.

Actionable security strategies for startup resilience

1. Know thy enemy

Identifying potential adversaries and their objectives is crucial for assessing why and how you may be targeted. For instance, cybercriminals often target systems that handle credit cards or personal identifiable information (PII), while nation-state adversaries may be interested in information for espionage or intelligence purposes.

In the case of UA.SUPPORT, potential adversaries included:

Advanced adversaries, who have the following objectives:

○ Gathering intelligence on individuals from Ukraine.

○ Compromising systems to gain unauthorized access, gather sensitive information, or conduct espionage activities.

○ Disrupting the organization’s platform to hinder its ability to assist vulnerable individuals.

Opportunistic cybercriminals, who aim to:

○ Exploit the PII of refugees for monetary gain.

○ Engage in unauthorized cryptocurrency mining or launch ransomware attacks

○ Utilize the organization’s infrastructure to distribute malware to unsuspecting users.

Once we identify who the potential adversaries are, we can look at what they perceive as “crown jewels.” We can then use this to start breaking down why they might target you, and how they would go about doing it.

2. Know thyself

To figure out how threats might manifest themselves within your environment, you must first gain a clear understanding of your environment.

The best way to achieve this is by engaging with the resident experts who developed or manage the systems, components, and processes you use. Their expertise can provide valuable insights into the inner workings of systems as well as the flow and exchange of data. This process helps create an inventory and blueprint that captures the intricate web of business and technological interactions at play.

In our engagement, key areas we reviewed included:

Refugee-legal support interactions.Information transfer mechanisms.Perimeter systems and their connections.Employees and volunteer access privileges.“Know your customer” programs.Employee interactions with IT systems.Overall system configuration, security, and hosting.

Examining these provides insights into potential vulnerabilities that adversaries could exploit.

3. Anticipate weak points

Adversaries have various methods to gain access to systems, and by formulating detailed, hypothesis-driven questions, we can pinpoint potential weak points that adversaries may exploit.

In the case of UA.SUPPORT, it is crucial to analyze the direct interaction between refugees and legal volunteers. This analysis involves focusing on the following areas:

CRM systems.Databases for transaction management.Workstations with sensitive files.Front-facing websites for information submission.Servers hosting the website.Other locations where data is processed or stored.

By expanding our examination and going into granular specifics, we gain a deeper understanding of how adversaries might navigate each system in their pursuit of compromise.

4. Step into the adversary’s shoes

To effectively address potential vulnerabilities, consider the paths of least resistance that adversaries may exploit. Startups like you have an advantage in this regard, as you are likely to possess intimate knowledge of your systems because of your size. This knowledge enables you to conduct an in-depth analysis of potential risks and weaknesses.

For example, if the concern is customer credit card theft, startups can ask specific questions during threat modeling. Some of these questions may include:

How are credit cards processed for customer transactions across our systems?Which system handles the submission of credit card information?Do these systems solely process payments, or do they interact with other systems for storage or operations?How are these systems built and structured?Who has access to them, and what measures are in place for backups?Are there any third-party payment service providers in use, and how are they integrated into our ecosystem?

Visualizing potential attack scenarios using tools like an attack tree diagram can also be helpful. This approach allows you to map out the progression an adversary might make from one compromised point to another in pursuit of their end goal. For instance, compromising a developer’s workstation could provide access to secrets and credentials, which could then be used to target the CI/CD pipeline, cloud infrastructure, production systems, or even backup systems. Subsequently, the attacker could pivot from a compromised backup server to the associated database, ultimately gaining access to coveted credit card information.

The attack tree diagram for such an attack may look something like this:

Image Credits: ExpressVPN

Of course, real-world systems are more complex than that, and you may end up with an attack tree that may have multiple branches and levels:

Image Credits: ExpressVPN

By understanding the system landscape and obtaining answers to these questions, you can visualize how attackers might chain actions to progress toward their objectives.

5. Put an evilness score on it

To prioritize efforts to address security risks, use a scoring system to assign threat scores. This allows for a quick evaluation of how critical each step is in a potential attack. Several parameters can be considered when assigning these scores:

Severity: The extent of compromise or harm that could be caused by an attack (ranging from 0 [Not Severe] to 5 [Highly Severe]).Impact: This effect or consequence of an attack on your day-to-day operations and overall business (ranging from 0 [No Impact] to 5 [High Impact]).Likelihood: The probability for an attack to occur (ranging from 0 [Unlikely] to 5 [Highly Likely]).Capabilities: The skills and tools required, and the level of difficulty faced if an adversary attempts to execute the action (ranging from 0 [High Capabilities] to 5 [No Capabilities]).

By summing up the scores for each step, you can better understand the potential risks you face, and prioritize mitigation efforts based on the highest-scoring threats. This approach ensures that resources are allocated to the most critical areas first.

After adding up these scores, this sample scale can be used to evaluate overall risk:

Image Credits: ExpressVPN

Implement proactive security measures

Once potential vulnerabilities and high-priority threats are identified, take proactive steps to address them. This includes implementing security controls and countermeasures to mitigate the identified risks.

Accept, mitigate, or transfer

Based on the threat scores, determine whether to accept the risks, mitigate them by implementing additional safeguards, or transfer them by leveraging third-party vendors or solutions.

Common proactive security measures include:

Implementing two-factor authentication for user accounts to prevent unauthorized access.Keeping software and systems up-to-date to address known vulnerabilities.Conducting regular training for employees and volunteers to educate them about security threats and best practices.Implementing secure coding practices to prevent common vulnerabilities like injection attacks and cross-site scripting (XSS).Using encryption to protect sensitive data.Implementing intrusion detection and prevention systems (IDPS) to monitor and block malicious activities.

Update scores

As you implement security protections, it is important to update your threat scores accordingly. This will help you reassess the effectiveness of your newly implemented security protections by reflecting the likelihood of threats occurring.

Continuously monitor and adapt

Threat modeling and proactive security measures are not one-time activities. You should regularly review and update your threat models as the business and threat landscape evolves. Additionally, it’s essential to foster a culture of security awareness and accountability throughout the organization by encouraging employees and volunteers to promptly report any security concerns or incidents.

The value of proactive cybersecurity strategies

Cybersecurity is a complex and multifaceted field, and even with thorough threat modeling, there’s always a risk of compromise. Nevertheless, each proactive step we take to secure our systems makes it more difficult for adversaries to compromise us.

The goal isn’t necessarily to be the fastest sprinter. Instead, our focus is on outrunning others being targeted and staying one step ahead. By investing time and effort into proactive cybersecurity strategies, we elevate our overall security posture, increasing our chances of staying ahead and protecting our digital assets effectively.

Megaphone

Your cut-out-and-keep guide to Big Tech talking points in a new age of antitrust

by with No Comment Tech

Megaphone

Image Credits: Tullio Saba (opens in a new window) / Flickr (opens in a new window) under a Public Domain (opens in a new window) license.

With tech giants facing new laws and enforcements aimed at cutting their empires down to size, a lobbying frenzy replete with wildly binary claims is underway.

As the likes of Amazon, Apple, Google, Meta, Microsoft and TikTok face unprecedented (yes, actually!) scrutiny from lawmakers and law enforcers around the world, lobbyists are working overtime to put a self-serving spin on entrenched, profit-extracting machinery.

Their job? Apply high-gloss, pro-competition narratives to cloak accusations of naked monopoly. The goal? Seek to bend new rules, such as the EU’s Digital Markets Act, to fit existing operations and business models to avoid as much commercial damage as possible.

It’s all about fending off wrecking-ball enforcement — and new, targeted laws — which could force the world’s most valuable companies to dismantle the chokepoints they’ve built to make money, ingest data and capture attention.

But there’s an even greater nightmare for Big Tech: The breakup of established empires may be on the cards.

Platform PR ops — which you can trace through official blog posts, user-facing messaging, regulatory filings and more — seek to reframe Big Tech’s actions as beneficent and stain-free. As such, their contortions can be highly gymnastic. It’s fair to say commercial juggernauts are long practiced in the dark art of doublespeak, with accusations of unfair behavior dating back decades in some cases.

This may explain why some of the defensive claims put out in response to dialed-up regulatory attention are so familiar. But it’s possible to spot newer concoctions, too — such as talk of muscular new EU market contestability laws demanding “difficult trade-offs.” (Rough translation: “Our compliance will degrade the service in a way that’s intended to annoy you because we want you to complain about the law.”)

Amid all the noise, one thing looks clear: The regulatory risk is finally real.

As the world’s most valuable companies pay flacks to come up with semantic tactics to paint their market power as nothing-to-see-here, good ol’ business-as-usual, we present some plain English translations of commonly seen Big Tech talking points…

jargon-cereal
Image Credits: Bryce Durbin/TechCrunch (opens in a new window)

Our platform is essential for small businesses to reach consumers.
Gatekeeping is our line of business.

Our interests are aligned with thousands of small and medium-sized businesses.
We’re also in rent collection.

We have built a safe and trusted place for users.
Rent’s due!

We create a magical experience for our users.
Don’t touch our rents.

We believe in the free market.
We’ll do whatever we want until we’re made to stop.

We compete with a wide variety of services.
We crush as much competition as we can, as fast as we can.

We face intense competition.
Sometimes it takes us longer than we’d like to crush the competition.

We believe competition is good for our economy.
Baby, we ARE the economy!

We’re taking a compliance-first approach.
We’re looking out for No.1.

We take your privacy seriously.
We’re using your information.

We take the security of your information seriously.
We want exclusive access to your information.

We are committed to keeping people’s information private and secure.
We want exclusive access to everyone’s information — and, btw, if you use the web, we’re tracking you.

Privacy fundamentalists.
Literally anyone who cares about privacy; typically denotes a European.

We offer unprecedented choice.
You get no choice.

We’re offering a clear choice.
You definitely get no choice.

You can easily switch your default.
Good luck finding the setting!

Manage your consent choices.
We make it really hard/impossible for you to stop us tracking you.

There’s a lack of clear regulatory guidance.
We’ll do whatever we want until we’re made to stop.

We need more clarity about how to comply.
We’ll do whatever we want until we’re made to stop.

We’re complying with the law.
We’re not — but make us stop, punk.

The regulatory landscape is evolving.
We’re breaking the law.

We remain committed to complying with the law.
We broke the law.

It addresses the latest regulatory developments, guidance and judgments.
We’re breaking the law — but make us stop, punk.

New ways to manage your data.
We got caught breaking the law.

Subscription for no ads.
We found a new way to ignore the law.

Opt-out process.
We track you by default.

Help center.
Unhelpful by default.

The new rules involve difficult trade-offs.
Our compliance will degrade the service in a way that’s intended to annoy you because we want you to complain about the law.

We believe in a free, ad-supported internet.
We intend to keep tracking you, profiling you and selling your attention to anyone who pays us.

Personalized advertising.
Surveillance advertising, aka tracking.

Relevant ads.
Tracking.

Personalized products.
Tracking.

Relevant content.
Tracking.

Personalization.
Tracking.

Personal data that is collected about your interaction can be shared across linked services.
Tracking.

An inclusive internet where everyone can access online content and services for free.
Our business model requires privacy to be an unaffordable luxury because you’re the product.

Free services.
In this context just another way of saying we’re tracking you.

A way for people to consent to data processing for personalized advertising.
A mechanism for tracking so fiendishly simplistic to activate that a child already has.

The validity of our approach has been validated by numerous authorities.
We’re breaking the law in a new way so regulators haven’t caught up yet.

Information sharing.
Yep, that’s us, normalizing how we’re taking your private information and doing what we want with it again!

We do not sell your information.
We sell your attention.

Manage how your data is used to inform ads.
There’s no way to stop us abusing your privacy.

Ad preferences.
There’s no way to stop us abusing your privacy.

Privacy center.
Srsly, there’s no way to stop us abusing your privacy and we’re just trolling you now!

Why am I seeing this ad?
Because we tracked you.

Why are we doing this?
To keep tracking you for 🤑 

Publicly available information.
Stuff we stole.