When is a VPN not a VPN? When it’s Apple’s Private Relay. Plus Tesla hacks, algae driven robots, edible straws and aircraft mounted lasers. 

Hosts: Matt Armitage & Richard Bradbury 

Produced: Richard Bradbury for BFM89.9

Episode Sources:

https://www.wired.com/story/how-apple-icloud-private-relay-works/

https://www.wired.com/story/icloud-private-relay-blocking/?utm_campaign=RSS&utm_medium=Sendible&utm_source=rss

https://www.newscientist.com/article/2304691-edible-straws-made-by-bacteria-are-better-than-paper-or-plastic-ones/

https://www.newscientist.com/article/2303984-overloaded-memory-chips-generate-truly-random-numbers-for-encryption/

https://www.theverge.com/2022/1/18/22890463/fedex-laser-missile-defense-infrared-airplane-faa

https://www.forbes.com/sites/michaelgoldstein/2022/01/18/fedex-plans-to-protect-its-pilots-and-planes-with-anti-missile-lasers/?sh=5742f7ab1107

https://www.newscientist.com/article/2303981-corkscrew-shaped-robot-swims-through-blood-vessels-to-clear-blockages/

https://www.newscientist.com/article/2304571-robot-piloted-by-a-ball-of-algae-is-powered-by-photosynthesis/

https://www.vice.com/en/article/akv7z5/how-a-hacker-controlled-dozens-of-teslas-using-a-flaw-in-third-party-app

Listen:

The music that made this episode: https://open.spotify.com/playlist/5o85xTNsPrQ2PWH8n2RanP?si=211f46a9cef846e9

Image Credit: Photo by Angeles Pérez on Unsplash

Follow us:

www.kulturpop.com

https://www.instagram.com/kulturpop/ 

https://twitter.com/kulturmatt

Richard Bradbury: What does science do when nobody is watching? It carries on regardless. Back with another round up of recent breakthrough and weird developments in science and technology is resident existentialist Matt Armitage.

Richard Bradbury: If you fall over in your garden does anyone care?

Matt Armitage:

• I’m not sure that that’s the correct application of the tree in a forest thought experiment.

• Yes, I do make noise and you are correct, mostly no one cares.

• No time for these silly diversions of yours today:

• This may be a bit of a whistle stop as we haven't done one of these weird science episodes for six weeks or maybe longer.

• So a lot of science has built up and I need to clear some of it.

• So apologies if I rattle through topics a bit more quickly than I would usually.

Richard Bradbury: Shall we kick off with one of the privacy stories?

Matt Armitage:

• Why not – as you’ve already pointed out that there’s a thin line between privacy and loneliness in my life.

• I think privacy is going to be very much a recurring theme this year.

• Not that it hasn't been in other years.

• This year I think there will be a renewed focus as we see a lot more action by regulators against technology companies.

• And I would expect a raft of initiatives and new technologies on the back of those actions to increase and then ringfence that privacy.

• So we start this week with something that's become a bit of a hot topic since the start of the year.

• Quite unexpectedly. Because when it was announced in September, it seemed potentially useful but not something to get upset over.

• That was Apple’s iCloud private relay, which was launched in ios15, and is still in beta mode.

• If you have an iPhone or an iPad and you are an icloud+ subscriber,

• You can join the beta by switching the toggle switch on under your iCloud settings on your device.

• Once it's on what it does is essentially mask your Internet activity.

• It will hide your IP and DNS search addresses from any websites that you go to, and it encrypts your data when it leaves your device.

Richard Bradbury: Don't a lot of apps and services already do this?

Matt Armitage:

• Yes, they do. This really helps in those instances where there aren't any protections or encryption baked into the app.

• Or when you go to websites that very aggressively track and identify IP addresses and other identifiers that might give them an idea who you are.

• Once you activate the private relay, you can choose your privacy protection level:

• to give a generalized location, or limit it to the time zone and country you're located in.

• I don’t know whether the company plans to expand or fine tune these choices in the future.

• This is part of Apple’s ongoing efforts to focus on privacy and attract users who want more control over the way their information is logged and utilized.

• Other services that Apple has launched recently include email masking when you subscribe to websites or create a login for a service.

• Which stops that company from then selling your email address to a third party but still allows you to access those services.

Richard Bradbury: How does it differ from a VPN?

Matt Armitage:

• In some ways it's similar come on it masks the address or location that your Internet traffic originates from.

• Essentially the private relay works by creating additional stops between you and the sites you're trying to access.

• You type in the address, you’re sent via a relay run by apple,

• Where your IP address is still visible but the website that you're going to is encrypted.

• Your traffic is then sent on to a third party engaged by apple, your decrypted IP address is now visible.

• And from there you're directed to the site you originally wanted to go to.

• Unlike a VPN, it doesn’t actually change or modify your IP address, which most VPNs do.

• With VPNs you can make it appear that your traffic is coming from another location, usually another country.

• Which allows you to access services that may be blocked in the country that your IP address is blocked in.

• This private relay won't affect that.

• Effectively you use the private relay or a VPN.

• choose one or the other at any one time.

• Which is not really a big deal, because, as I said, it's just activating toggle switches in your settings.

Richard Bradbury: What's the reason it's suddenly become contentious?

Matt Armitage:

• A lot of telcos don't seem to like it.

• In Europe bunch of mobile operators are complaining that it restricts their access to metadata and network information.

• They're reportedly considering approaches to regulators to have this kind of service banned.

• A group of telco bosses wrote a letter to European lawmakers last year, stating amongst other things that…

• the private relay will impair their ability to innovate and compete and may impact their ability to efficiently manage telecommunication networks.

• Which seems to be contested by many of the comms and network experts who don’t work for telcos.

• A second reason it's hit the news is because some iCloud subscribers haven’t been able to activate the service.

• It seems that some telco operators have blocked access to the feature, not necessarily deliberately.

• I seem to be using it fine on celcom, for example.

• Telcos like T-Mobile have announced that if a user’s plan includes things like content filtering, parental controls.

• Then that will prevent the private relay from functioning.

• And additionally, it seems that apple has agreed not to implement it in certain countries come on for example, Saudi Arabia, China, Belarus and some others.

• You can draw your own conclusions about that.

Richard Bradbury: Obviously, if it’s baked into the OS then it will likely have an outsized impact. But it does seem like a lot of fuss when you consider that commercially available VPNs do much the same thing.

Matt Armitage:

• That baked in part is the crux of it, I guess.

• Apple has always been about making things painless. Which VPNs are anything but.

• With a VPN you have to go through all that fuss of choosing one that actually works for the purposes you want to use it for.

• Download and set up the app.

• Not to mention that you have to change VPN providers from time to time – certainly I do - as different services block their proxy servers.

• Private Relay is very Apple – it’s simple and easy and it may be configured by default on future devices, who knows?

• And I'm hoping that apple makes this available to all iOS users once it goes into public release.

• It seems a little bit weaselly to me to make a privacy feature like this subscription only from a company that prides itself in guarding the privacy of its users.

• So I hope that it will be universally available.

• I should mention that private relay only works for browsing if you're using the safari browser.

• Doesn’t work with google’s chrome, obviously.

• If you’re using an Android device, I guess until Google changes its data policies, you’ll have to stick with VPNs to protect your world.

Richard Bradbury: Are we done with privacy? I’m not seeing much evidence of you rattling through topics…

Matt Armitage:

• I’ll speed up. Another quick encryption story while we’re here.

• A lot of use those suggested random passwords from our operating system when we’re logging in to something for the first time.

• Or a random password generator in a third party password protection app like LastKey or 1Password.

• But how random are those passwords? It turns out not as random as we think.

• Computers are designed to be logical and to repeat processes.

• That’s sometimes at odds with our need for encryption.

• So code breaking tools look for the patterns in pseudo randomness.

• Achieving true randomness is extremely hard.

• I love this example – how do you think the web security company cloudflare ensures that passwords are truly random?

Richard Bradbury: [replies]

Matt Armitage:

• According to New Scientist, it trains cameras on 100 lava lamps. Yes, that’s right, lava lamps.

• I still love them. I’ve never outgrown lava lamps.

• Cloudflare uses them because the wax is constantly evolving and breaking off in random ways.

• And it uses the images of the wax trigger the password sequences the computers generate.

• Not everyone can have a warehouse full of lava lamps – but hey, what a place to work.

• So scientists in Turkey have found an easier way.

• It seems that when DRAM memory chips are pushed beyond their design limitations, they can create truly random numbers.

• And to avoid slowing the computer systems down – the computers can overclock and generate the random numbers and stockpile them during downtime.

• This may be another vital tool in our privacy armoury – we saw the recent cyber attacks in Ukraine for example.

• As conflicts and crime increasingly becomes digital - encryption and the tools that bypass it are new battlegrounds.

Richard Bradbury: Quick one before the break?

Matt Armitage:

• We’re all well aware of the pacific garbage patch and the high concentration of plastic straws that end up in landfills and waterways.

• We’ve had other alternatives – my own favourite are bamboo straws.

• I tend to hit my teeth with the metal ones and the paper ones are, well, often kind of soggy,

• Unless they’re waxed, in which case they’re hard to recycle anyway.

• There are plenty of biodegradable straw alternatives – but often they’re expensive, because the processes to manufacture them are complex.

• And some of them need specific recycling conditions or heat treatments in order to break down and biodegrade.

Richard Bradbury: Until now!

Matt Armitage:

• How did you guess? Anyone would think that you know how these stories work.

• Scientists at the University of Science and Technology of China.

• Have created an edible straw. It’s made out of bacterial cellulose and has a similar structure to paper.

• According to NS – it’s commonly synthesized by a lot of bacteria when you feed them sugars.

• The team harvested the cellulose sheets and then rolled it in a substance called sodium alginate which fills the holes in its structure, making it watertight.

• And hey presto, a straw, at a similar cost to a plastic straw, and that’s far more robust than the much more expensive paper and other examples.

• And most importantly, which will simply degrade like plant matter.

Richard Bradbury: You mentioned that they’re edible?

Matt Armitage:

• Yes, the team say they are, technically.

• Because both the cellulose and the sodium alginate are essentially foodstuffs.

• They don’t recommend eating them. They likened the taste to coconut with all the moisture removed.

• Which sounds really delicious. Might make a nice sandwich filling.

• We’ve talked about cellulose as a replacement for plastic before.

• So, the team is currently looking for other ways to use this technology that will replace more of the planet poisoning plastics we are over-reliant on.

• Pretty much a result, I reckon.

Richard Bradbury: When we come back. Robots. What else would Matt be talking about?

BREAK

Richard Bradbury: Did anyone comment on the Mattbot from last week?

Matt Armitage:

• Surprisingly, yes. A couple of people reached out and told me that they knew something wasn’t quite right about the voice.

• But they didn’t realize it was machine generated until we got to the announcement.

• So, that’s cool. I’ll keep training it and we’ll drop bits in and see if people notice.

Richard Bradbury: That was one, wasn’t it?

Matt Armitage:

• No. That’s just me sounding emotionless. Too obvious.

• Plus, I want it to be a big jump kind of improvement, so I wouldn’t drop it so soon.

• I know I promised you robots but before get there, I want to reassure everyone that,

• according to the US FAA, Fed Ex isn’t going to be equipping its planes with laser weapons…

Richard Bradbury: [replies]

Matt Armitage:

• Yes, so this is one of those stories where the story isn’t the story. It’s really about the story underneath the story.

• A number of civil aircraft have been targeted by missile systems in recent years.

• A number of global terror groups have also demonstrated their ability to target military and civilian flights with shoulder launched missile systems.

• Some airlines have already installed missile countermeasures, the kind that send out flares to confuse the heat seeking sensors on the missiles.

• These systems aren’t destructive – it wasn’t planned to turn the FedEx fleet into some kind of airborne tank busting unit or anything,

• The systems are described as being like high powered laser pointers.

• They lock onto the missile and disrupt the heat signatures they’re logged on to.

Richard Bradbury: Why has the FAA said no?

Matt Armitage:

• It’s a bit confusing to be honest. The FAA seems to have put out contradictory statements this month.

• FedEx can trial it, and then they can’t.

• I have a feeling that whatever the current decision, we will see systems like this being added to more and more commercial flights over coming years.

• Don’t forget that there is still an ongoing debate in the US over the compatibility of 5G networks and airline navigation systems.

• And the air industry regulators successfully lobbied to have the go switch for 5G delayed in the US until accommodations can be reached.

• We haven’t seen issues or disruptions in places like China and Europe where the 5G rollout began a couple of years ago.

• But the US has a history of using different parts of the radio spectrum for its mobile comms, so maybe it’s that.

• But no weapons of FedEx planes. I hope we’ve cleared that up.

• Are you in the mood for robots now?

Richard Bradbury: [replies]

Matt Armitage:

• How about a corkscrew shaped robot that can deliver drugs that dissolve blood clots?

• On one of our previous weird science shows we talked about a 4d robot that coils itself like a corkscrew so that it can roll.

• This is similar, in theory, rather than construction, to a microrobot created at the Chinese University of Hong Kong.

• Its corkscrew shape enables it to swim through a vein like a propeller.

• Its operators use magnets to navigate or pull it through the vein to the source of the clot, where it releases its payload.

• But it’s also hoped that it can be used to deliver more than drugs – for example, localized heating systems that could target and kill cancer cells.

Richard Bradbury: Dragging a robot through the body with magnets doesn’t sound very high tech…

Matt Armitage:

• I know, it sounds quite painful.

• It’s not really dragging it; the magnet creates the rotation and the robot propels itself in that direction.

• But yes, the team in Hong Kong has stated – via NS – that smaller and shorter veins may be more suited to this kind of treatment.

• Because in longer veins navigation becomes trickier.

• They are currently using doppler radar to track the machine in the vein.

• So it’s not like there’s a camera there and someone steering it.

• And at the moment, the experiments are only on synthetic veins in a lab.

• They need to be very sure that it will be safe before they can move onto human trials.

Richard Bradbury: How are we addressing these issues of piloting micro-robots?

Matt Armitage:

• That’s the cool thing about robots – we all think of robots in the movie sense.

• Humanoid or hulking great things.

• Whereas a lot of the innovation is happening at these much smaller scales.

• We’ll come back to the humanoid robots in a future episode, as Elon Musk is promising to have one developed by the end of this year.

• We’ll have a look at the reality and viability of those claims.

• A team of researchers at the University of West England in the UK has come up with a robot that is piloted by algae.

• Again, that might freak some people out. Ai is scary enough, now we’re putting bio-organisms in charge of machines.

• In this case, the team wanted to create a machine that had no motors or other electronics.

• So there wouldn’t be any electromagnetic interference to the instruments and analysis tools the robot might carry.

• So they went back to the natural world for inspiration.

Richard Bradbury: What are they using? Photosynthesis?

Matt Armitage:

• Yes. They inserted the algae – a type of naturally occurring freshwater algae called a marimo according to NS.

• They inserted the algae into a 3D printed sphere and put it in water.

• When the algae is exposed to light, you get photosynthesis and the marimo starts to create oxygen.

• This then propels the sphere through vents in its structure, pushing it away from the light.

• They haven’t found away to remote pilot the algae – but it can float around objects that get in its way and carry out its measurement tasks.

• So it can do things like take temperature of the water, and check water quality.

• That kind of stuff. Plus, it’s cheap. The researchers estimate that each robot costs around UKP25.

• What’s that USD35 or RM150. Try getting Boston Dynamics to make you a robot for that kind of money.

• Or even a Lego robot for that price.

Richard Bradbury: Could the algae be dangerous?

Matt Armitage:

• Not in a Skynet sense. Although there’s a great 80s B-movie called The Stuff about an algae that looks like Froyo that takes over the world.

• But yes there is a concern that the algae could leak into systems or locations where it isn’t normally found.

• So steps would have to be taken to make sure it didn’t pollute the same systems it’s designed to take quality control measurements of.

• And for sure, you probably wouldn’t want it in that Chinese University of Hong Kong corkscrew robot wobbling through your veins.

• But it is a great example of using examples from evolution and the natural world to create next gen machine tech.

Richard Bradbury: What are we going to end this week’s museum of horrors with?

Matt Armitage:

• A security flaw that allowed a 19-year-old white hat security hacker to remote take control of various functions on Teslas around the world.

• The hacker, David Colombo, pointed out that it wasn’t a flaw in Tesla’s code.

• It was in a third party app used by a lot of Tesla owners to control different aspects of their cars,

• The app isn’t or wasn’t adequately protecting the information it pulled through the Tesla API.

• He didn’t name the app at the time, because some of the faults had not been patched, hence me saying isn’t or wasn’t before, depending on what happens by the time this is broadcast.

• The vulnerabilities wouldn’t allow him to take over critical controls like steering, accelerating or braking.

• But he could unlock the doors, start the car and mess with the operating system – turning up the volume on the stereo randomly.

• That type of thing.

Richard Bradbury: What about the location data?

Matt Armitage:

• That was probably the most troubling aspect.

• He could access the route info. See where the car was and where it had been.

• Which would make it possible for potential thieves to locate and unlock a car to gain access to it.

• I guess if you were a horrible prankster, you could use it to deplete the battery a bit.

• But it does bring us full circle to what we were talking about in the first half of the show, all those privacy aspects.

• Maybe this kind of flaw is something that a service like Apple’s Private Relay could help to protect against.

• Not that that’s an excuse for companies not to do it themselves.

• But this shows that even when Big Tech companies like Tesla do their best to keep thier systems secure and protect your safety and your personal data.

• The third parties we select to access our information from them may not have the resources or the ability to keep that data as safe.

• Maybe this is one relay race that other companies should let Apple win.