Month: October 2024

Atlassian’s genAI assistant Rovo is now available

October 9, 2024 /

Atlassian’s Rovo generative AI (genAI) assistant, which launched as a preview release in May, is now available for users.

The company bills Rovo as an “AI-powered” knowledge discovery tool that lets teams access information across their organization more efficiently. Thousands of Atlassian customers and partners have been testing Rovo in a closed beta for the past five months or so, the company said in a blog post Wednesday; early user feedback indicated it has helped save one to two hours each week.

Pricing for Rovo access starts at $24 per user each month when billed monthly. 

There are three main elements to the genAI tool: Search, Chat, and Agents. 

The search tool, based on an organization’s “teamwork graph,” helps users surface information from sources such as documents in Atlassian apps like Jira and Confluence. Rovo Search also can be connected to third-party apps such as Slack, Google Drive and Microsoft SharePoint.  

Rovo Chat lets users ask questions about information held in these files via a natural language interface. This is available via a side panel in Atlassian apps, as well as via a browser extension. 

Finally, there are genAI agents that function as virtual “teammates.” 

The agents can be designed to generate and review marketing content, for instance, collate feedback from various sources, or streamline processes such as clearing up Jira backlogs and organizing Confluence pages. Users can also create their own Rovo Agents using a no-code text interface or Atlassian’s Forge app development platform. More than 20 pre-built agents are already available. 

Atlassian also unveiled new developer-focused AI Agents that help perform a variety of tasks beyond writing code. These can generate code plans and recommendations, and pull requests in Jira based on task descriptions, requirements, and context across the organization.  

Other features include the ability to “fast track” pull request reviews, with automatic code analysis and recommendations for improvements.  

The AI Agents for developers are currently in preview via an early access program.

DOJ suggests splitting off Chrome and Android to break Google’s monopoly

October 9, 2024 /

In a significant escalation of its antitrust battle with Google, the US Department of Justice (DOJ) has proposed splitting off Google’s Chrome browser and Android operating system as part of sweeping remedies aimed at curbing the tech giant’s “illegal monopoly” in online search and advertising.

“The DOJ is considering behavioral and structural remedies that would prevent Google from using products such as Chrome, Play, and Android to advantage Google search and Google search-related products and features — including emerging search access points and features, such as artificial intelligence — over rivals or new entrants,” the DOJ said in a court filing.

The department said that Google’s longstanding control of the Chrome browser, with its preinstalled Google search default, “significantly narrows the available channels of distribution and thus disincentivizes the emergence of new competition.”

It also said that it is “considering remedies that would limit or end Google’s use of contracts, monopoly profits, and other tools to control or influence longstanding and emerging distribution channels and search-related products.”

“For example,” the DOJ said, it is “evaluating remedies that would, among other things, limit or prohibit default agreements, preinstallation agreements, and other revenue-sharing arrangements related to search and search-related products, potentially with or without the use of a choice screen.”

The proposal comes after an August 2024 ruling by Judge Amit Mehta that found Google guilty of maintaining monopolies in the US general search services and general search advertising markets, violating the Sherman Act.

“Splitting Chrome and Android from Google could reduce Google’s dominance in search, a space where Google faces challenges from conversational search capabilities in Perplexity, Bing, and ChatGPT, as well as from TikTok, which recently enhanced its search to allow brands to target specific keywords in search results,” said Xiaofeng Wang, principal analyst at Forrester.

Its presence and market share on mobile would decrease if its search engine were not pre-installed or set as the default on new mobile devices. This could potentially lead to a reallocation of search ad budgets from Google to other platforms, Wang pointed out.

“Android is the foundation of Google’s scale for its advertising and services with more than 3 billion users on the planet generating trillions of search queries in a year,” said Neil Shah VP for research and partner at Counterpoint Research. “This is what drives Google’s core business model of advertising through search and display creating significant access and stickiness for marketers to pay top dollars for their campaigns.”

Shah pointed out that “decoupling search, android and properties such as Chrome and foundational tech such as AI and cloud from the tightly coupled & well-integrated offering would remove the stickiness and effectiveness of Google’s model and earnings significantly.”

This move, if implemented, would mark one of the most aggressive actions against a tech company in decades and could fundamentally reshape the digital landscape. The DOJ’s proposal highlights the extent to which Google’s control over Android and Chrome has bolstered its search dominance, enabling it to suppress competition and entrench its monopoly.

Reining in Google’s power

Google’s Chrome browser, the most widely used web browser globally, and Android, which powers over 70% of the world’s smartphones, have been critical to Google’s dominance in search. By controlling these platforms, Google has ensured that its search engine is the default option for millions of users, effectively locking out competition.

The DOJ’s proposed remedy would split these products from Google’s core search and advertising businesses, significantly weakening the company’s ability to funnel users into its search ecosystem.

“The DoJ’s proposal to potentially separate Chrome and Android from Google marks a significant turning point in the digital landscape,” said Prabhu Ram, VP for Industry Research Group at CyberMedia Research. “While the timeline for such a separation remains uncertain, the move could reshape competition in search, mobile, and advertising markets.”

The DOJ’s proposed remedies go beyond splitting Chrome and Android. The department is also targeting Google’s revenue-sharing agreements with device makers and telecom companies, which have kept Google as the default search engine on the vast majority of devices globally. This practice has effectively blocked competitors from gaining market share.

In addition, the DOJ aims to tackle Google’s control over user data. The tech giant’s ability to collect and leverage vast amounts of data has been a key competitive advantage, enabling it to optimize search results and advertising better than any of its rivals. The DOJ is seeking to implement data-sharing requirements that would give competing search engines access to similar data, leveling the playing field, the DOJ statement said.

The proposal to break up Google’s operations is the most aggressive remedy suggested by the DOJ since it began its antitrust investigation into the company. It reflects a growing trend in regulatory efforts worldwide, with lawmakers increasingly looking to rein in the power of Big Tech.

Splitting Chrome and Android from Google would have far-reaching implications, not just for Google but for the entire technology industry. The move would likely spur innovation by allowing smaller search engine and advertising companies to compete on a more level playing field.

“I think it’s happening at a time when the entire technology landscape is changing in such a way that this decoupling becomes irrelevant,” said Faisal Kawoosa, founder and chief analyst at Techarc. “With AI increasingly becoming the default interface between humans and devices/gadgets, the lines between OS and browser is blurring organically.”

“So, I don’t think this move is going to make a great impact in the present scenario,” Kawoosa stated.

Google hits back at the proposal

In response to the DOJ’s proposed remedies, Google has expressed strong concerns over the implications of splitting its Chrome browser and Android operating system from its core business.

“We’ve invested billions of dollars in Chrome and Android. Breaking them would change their business models, raise the cost of devices, and undermine competition with Apple,” Google said in a blog post. “Chrome is a secure, fast, and free browser and its open-source code provides the backbone for numerous competing browsers. Android is a secure, innovative, and free open-source operating system that has enabled vast choice in the smartphone market, helping to keep the cost of phones low for billions of people.”

Google argued that features like Chrome’s Safe Browsing and Android’s security protections benefit from integration with its broader ecosystem and separating them could jeopardize user security.

Google also emphasized that the proposed remedies could result in significant unintended consequences for consumers and the overall competitiveness of American technology. “Forcing Google to share your search queries, clicks, and results with competitors risks your privacy and security,” the statement cautioned, highlighting that sensitive data could fall into the hands of companies lacking robust security practices.

“As Google rightly contested it makes money by giving away its offerings effectively free but makes money on the access and ability for publishers and marketers to target that individual leveraging users’ data with their campaigns,” Shah said. “If it’s broken up and not integrated, Google will have to switch business models which will reduce its scale, the opportunity to effectively target its users, and potentially will have to develop ways to license all stakeholders a fee for access and the tech usage, which will increase the prices of devices, software and services as it will be no longer viable or well-oiled to be given free.”

Google alleged the DOJ’s outline of potential changes as a sweeping agenda extended far beyond the legal issues at hand. “This is the start of a long process, and we will respond in detail to the DOJ’s ultimate proposals as we make our case in court next year,” the statement read.

The tech giant also expressed concerns that hampering its AI capabilities could stifle innovation in a crucial sector for America’s technological leadership. “There are enormous risks to the government putting its thumb on the scale of this vital industry — skewing investment, distorting incentives, and hobbling emerging business models,” the company stated.

On the advertisement business model, Google stated that government-mandated changes could make ads less valuable for publishers and merchants, ultimately harming consumers.

“We believe that today’s blueprint goes well beyond the legal scope of the Court’s decision about Search distribution contracts,” the blog post added, asserting its commitment to defending its practices in court.

A new era of antitrust?

The DOJ has laid out a timeline for its proposed remedies, with a further refined version of the Proposed Final Judgment expected by November 2024, and a revised proposal due in March 2025. Google is expected to challenge the remedies in court, setting the stage for a legal battle that could shape the future of antitrust enforcement in the digital age.

Analysts and industry watchers believe this case may set a precedent for antitrust litigation against tech giants across markets.

“This is not just about Google; it’s about how we regulate the tech industry moving forward,” said an antitrust expert in a rival company who did not want to be identified. “If the DOJ succeeds, it will send a strong message to other tech giants that their dominance won’t go unchecked.”

This move could set a precedent for more aggressive antitrust actions against other tech giants, Wang said. “The US has also sued Meta Platforms, Amazon, and Apple, claiming they illegally maintain monopolies. Therefore, if the Google case goes through, it would affect more tech giants.”

“Of course, there is this issue with big tech where most of them are seen caught in one or the other anti-trust situation,” Kawoosa added. “So, we might see more litigations.”

Microsoft wants Copilot to be your new AI best friend

October 9, 2024 /

“It’s great to see you!”

Microsoft’s Copilot AI chatbot underwent a transformation last week, morphing into a simplified pastel-toned experience that encourages you…to just chat.

“Hey Chris, how’s the human world today?”

That’s what I heard after I fired up the Copilot app on Windows 11 and clicked the microphone button, complete with a calming wavey background. Yes, this is the type of banter you get with the new Copilot.

We’ve gone from AI search assistant straight to the movie Her. The comparison has been made before, but it’s clearly what OpenAI’s Sam Altman and others in the industry are striving for.

Want more information about the future of Windows? My free Windows Intelligence newsletter delivers all the best PC advice straight to your email inbox. Plus, you’ll get free in-depth Windows Field Guides as a special welcome bonus!

From Bing Chat to ‘I can’t search the web’

Copilot’s October transformation is a dizzying turn for a chatbot that started out as “Bing Chat” — an AI-assisted way to search the web. In fact, Microsoft at one point cracked down on people using Bing Chat to just, well, chat — limiting the number of messages and dispatching with the “Sydney” personality that generated the crazy headlines.

Then, just over a year ago, I sat a few feet away while Microsoft CEO Satya Nadella unveiled the Copilot branding on stage. While it was billed as “your everyday AI companion,” it was more about accomplishing tasks and finding information than having an extended conversation about how your day went.

Now, the Copilot app across Windows PCs, the web, Android, and iPhone is something totally new. It encourages you to just tap the microphone and talk. The text box now encourages you to “Message Copilot,” as if you were about to chat with the SmarterChild chatbot on AOL Instant Messenger 20 years ago.

Oh — and it can’t even search the web for information anymore, at least not by using voice commands. Yes, the latest version of Copilot is truly a mixed bag.

Copilot window
Copilot — the friendly new AI companion brought to you by Microsoft.

Chris Hoffman, IDG

Meet the new Copilot: A conversation partner

If you haven’t tried the latest Copilot experience, you’ll be surprised to see how different it is. The new iteration has been gradually rolling out across the Copilot app for Windows, the Copilot website, and the Copilot mobile apps.

When you fire it up, you’ll be asked your name and to choose from one of four voices. Then, you talk — just click or tap the microphone icon.

Microsoft is a big investor in OpenAI, and Bing Chat and Copilot have always essentially been a rebranded ChatGPT experience. The new Copilot is a spitting image of the GPT-4o conversational experience OpenAI showed off earlier in 2024. You just start talking, the AI will respond and you can even interrupt it whenever you like, having somewhat of a fluid conversation.

On one level, it’s impressive technology. On another level — this is still an AI chatbot. While I understand the argument for using AI in many situations, I’m not sure I feel like just sitting around and having a long conversation with a chatbot. Additionally, over the past few days of using Copilot, I’ve had a lot of moments where the conversation seems to freeze. I’ll be talking with Copilot and it will go silent, possibly while also displaying an error message.

It’s not as stable as it should be, but hopefully it’ll get better.

Forget productivity — let’s chat!

The most surprising missing feature is web search. Yes, if you ask Copilot to find information online, it will talk about all the great ways you can go find it yourself. If you ask why it can’t do the search for you, Copilot will inform you that web search functionality has been removed in an update. However, it appears it can still search the web if you type text messages to it rather than speaking.

The good news is that you still appear to be able to access the old “Bing Chat-style” Copilot experience: Just head to Bing.com/chat.

AI image generation has also taken a hit. We at The Intelligence occasionally use Copilot to generate some decorative images for our own website. Copilot’s AI image generation experience — which uses OpenAI’s Dall-E 3 AI image generator under the hood — is less compelling now. It will only generate one image at a time, for example, instead of four to choose from. (You get a lot more options by using the Microsoft Designer website for AI image generation.)

Plus, some things just don’t work well using the voice interface. I asked Copilot, for instance, if it could generate some code. “I’m not going to rattle off code snippets or anything. I wouldn’t want to mess with your flow,” it said confidently. Copilot can’t seem to stop the voice conversation to show you something. But you can still get Copilot to generate that sort of thing by typing a text prompt.

Microsoft does offer some early attempts at Copilot providing useful information before you ask here. There’s a “Copilot Daily,” a little AI-generated spoken update that describes a few of the latest news stories to you. If you’d like to start your day having AI choose and summarize a few news stories for you, it can certainly do that!

Copilot on Windows 11
The new Copilot would rather talk about your day than search Bing for you.

Chris Hoffman, IDG

Another fresh start for Copilot

Microsoft seems to be in a constant state of trying to figure out what it wants Copilot to be. The concept started as an AI tool built into Bing, complete with Bing branding. Then, it became a productivity tool named Copilot — still for getting things done! Now, Microsoft thinks people might just want to chat.

Microsoft already showed off voice and vision for the Copilot experience. Copilot sits right there on your desktop as you browse, seeing what you see and answering questions about it. It’s like the Minecraft demo Microsoft showed off, which had Copilot watching the gameplay and providing input.

Vision isn’t here yet — there’s only voice support. And it does seem likely that Microsoft will continue adding features like web search.

Another big change involves a shift toward a “single conversation” model. You aren’t continually creating new conversations and starting over. Instead, you’re focusing on a single ongoing conversation — which is convenient, in a way, as Copilot can remember what you were talking about a few days ago.

Still, there’s something odd going on here. ChatGPT and Bing Chat initially felt like productivity tools. You really had to prompt them properly to get useful output, but if you did things right, it would (sometimes, and with varying levels of accuracy) deliver them. Bing Chat was positioned for searching the web!

Now, Microsoft is going in the other direction. Many of these changes have made Copilot less useful as a productivity tool. But it’s a lot better if you want to just sit down and have an extended conversation with your computer. In some ways, it’s like a more useful Siri or Google Assistant interface — though at least smartphone voice assistants can search the web for you with your voice!

A year ago, I wrote that you were probably going to use Copilot wrong because AI chatbots are more story-based than fact-based. They’re more story-generation engines than they are fact-finding tools. That’s what was odd about the first chatbots being positioned as productivity tools. Now, Copilot is becoming more of a conversation partner — a role it probably fills better.

But do you want an AI-based conversation partner in your life? Microsoft — along with seemingly every other company — is betting the answer is yes. It’s a bold strategy; we’ll see if it pays off.

Don’t take my word for it, though — fire up Copilot and talk with it yourself. The new experience is live in English in the United States, Canada, the United Kingdom, Australia, and New Zealand and will be arriving in more languages and countries soon.

Get even more Windows tips, tricks, and app recommendations with my Windows Intelligence newsletter — three things to try every Friday. Plus, get free copies of Paul Thurrott’s Windows 11 and Windows 10 Field Guides (a $10 value) for signing up.

Federal jury finds that Cognizant discriminated against American IT workers

October 8, 2024 /

A federal jury has found IT consulting firm Cognizant guilty of discriminating against American IT workers.

The court case, Palmer v. Cognizant Tech. Solutions Corp., was argued in Los Angeles at the US District Court for the Central District of California.

The jury also determined that Cognizant should pay punitive damages to compensate the former employees found by the jury to have been victims of discrimination.

The amount of those damages will be determined by the court at a later date. “Counsel are ordered to meet and confer and within two weeks file a Joint Status Report regarding how to proceed on the Court Trial phase of the case,” where the judge will determine the amount, said the court’s docket filing. “Counsel shall set forth their proposal regarding the dates and/or process for resolution of the disparate impact claim.”

Many of the allegations suggested that Cognizant was exploiting loopholes in the H-1B visa lottery system, specifically by getting rid of American employees and then replacing them with Indian workers via H-1B.

Cognizant declined an interview to discuss the verdict, but emailed a statement saying that it would appeal.

“Cognizant is disappointed with the verdict and plans to vigorously defend itself and appeal at the appropriate time. We provide equal employment opportunities for all employees and have built a diverse and inclusive workplace that promotes a culture of belonging in which all employees feel valued, are engaged and have the opportunity to develop and succeed,” the statement said. “Cognizant does not tolerate discrimination and takes such claims seriously. Christy Palmer v. Cognizant was initially filed in 2017 and addresses plaintiffs’ claims dating back to 2013.”

That last line is interesting, insofar as it suggests that Cognizant is arguing that this all happened 11 years ago, which is a lifetime in IT circles. 

The overall issue is not unusual, in that many IT outsourcing and consulting firms have found that Indian workers tend to accept much lower compensation and are more tolerant of a lack of work-life balance than some other nationalities. Another global outsourcing firm, who wanted to remain unidentified, said that it has been able to hire talent from India at roughly one-tenth the compensation required for their US counterparts.

In the original court complaint, plaintiffs argued that although “only about 12% of the United States’ IT industry is South Asian, at least 75% — if not more — of Cognizant’s United States workforce is South Asian, primarily from India. This grossly disproportionate workforce is the result of a pervasive and egregious discriminatory scheme to favor South Asians and disfavor non-South Asians in hiring, promotion, and termination decisions. Cognizant’s employment practices violate the Civil Rights Act of 1866.”

The lawsuit also alleged a specific fraudulent scheme related to H-1B.

“Cognizant’s invitation letters are routinely false and the jobs that Cognizant represents in visa applications as available and requiring staffing routinely do not exist. The federal government then awards visas against these fictitious positions,” the lawsuit said. 

In its initial reply to the lawsuit, Cognizant denied that there was discrimination and suggested that the plaintiffs were not cooperative with HR during probes into the allegations.

“To the extent any Plaintiff intended to allege hostile work environment claims, such claims are barred because Cognizant acted reasonably in accordance with Cognizant’s policies by exercising reasonable care to prevent and promptly correct any alleged discriminatory behavior, and Plaintiffs unreasonably or untimely failed to avail themselves of preventive or corrective opportunities provided, or otherwise failed to avoid harm,” Cognizant’s response filing said. 

Is the .io top level domain headed for extinction?

October 8, 2024 /

Message to all organizations that use .io domain names, of which there are currently an estimated 1.6 million: A move announced last week by the new Labour government in the UK could mean you may have to eventually replace that ccTLD (Country Code Top Level Domain).

As reported by the BBC, the UK is “giving up sovereignty of a remote but strategically important cluster of  islands in the Indian Ocean.” Under the terms of the deal, it will “hand over the Chagos Islands to Mauritius in a historic move.”

While the move certainly has political implications in that a US-UK military base located on Diego Garcia, the largest island in the region, will remain in operation, it may also result in the elimination of the .io domain for one simple reason — the region it represents will no longer exist.

The domain name regulatory environment works as follows:  the ISO 3166 standard is used to define a nation or region’s ccTLD and the Internet Corporation for Assigned Names and Numbers (ICANN) maintains that standard. Also involved is the Internet Assigned Numbers Authority or IANA, a standards organization that oversees global IP addresses and is an operating unit of ICANN.

In the case of the .io domain, digital strategist Gareth Edwards wrote in a social media post,  “IANA bases TLDs off ISO 3166 country codes. If a code stops existing, in theory, they follow suit and kill the TLD. Officially this was British Indian Ocean Territory. That is the .io domain everyone loves so much.”

According to Edwards, “once this treaty is signed, the British Indian Ocean Territory will cease to exist. Various international bodies will update their records. In particular, the International Standard for Organization (ISO) will remove country code ‘IO’ from its specification.”

While an email from Computerworld to the ISO 3166 Maintenance Agency asking for comment is so far unanswered, Kim Davies, vice president of IANA Services and president of Public Technical Identifiers (PTI) at ICANN, said ICANN relies on “the ISO 3166-1 standard to make determinations on what is an eligible country-code top-level domain.”

Currently, he said, “the standard lists the British Indian Ocean Territory as IO. Assuming the standard changes to reflect this recent development, there are multiple potential outcomes depending on the nature of the change.”

According to Davies, one such change “may involve ensuring there is an operational nexus with Mauritius to meet certain policy requirements. Should .io no longer be retained as a coding for this territory, it would trigger a five-year retirement process, during which time registrants may need to migrate to a successor code or an alternate location.”

He added, “We cannot comment on what the ISO 3166 Maintenance Agency may or may not do in response to this development. It is worth noting that the ISO 3166-1 standard is not just used for domain names, but many other applications. The need to modify or retain the IO encoding may be informed by needs associated with those other purposes, such as for Customs, passports, and banking applications.”

Edwards’ advice to any organization that might be impacted is this: “There’s no need for anyone with an .io domain to panic. The IANA may decide to fudge their own rules and keep the domain going, perhaps assigned to Mauritius instead, or by turning it into a generic, non-country domain. Even if they decide to deprecate it, this will be managed over multiple years.”

However, he added, “If an organization has made .io part of their identity, though, then it may be time to at least think about a brand review.”

A file extension bug in Microsoft 365 can delete Word documents

October 8, 2024 /

A bug in version 2409 of Microsoft 365 can cause Word documents to be deleted instead of saved, Microsoft has warned. The bug affects files that contain the # character or have file extensions in uppercase, such as .DOCX or .RTF.

Until the company releases a permanent fix, users are being urged to check whether missing files they thought had been saved instead wound up in the Recycle Bin.

An alternative solution is to roll back Microsoft 365 to an older version, according to Bleeping Computer.

How IT admins should think about a more open Apple

October 8, 2024 /

Europe’s Digital Markets Act is just one of a series of regulatory actions that are forcing Apple to open up its platforms. I caught up with Hexnode CEO Apu Pavithran to get his fix on what IT admins – especially those who manage Apple devices — need to think about as the company’s platforms are forced open by regulation.

The first thing to consider? It’s not just Apple that’s affected. “The Digital Markets Act (DMA) is reshaping the landscape for all the major tech players,” Pavithran said. “Companies like Meta, Alphabet, and ByteDance have also been deemed ‘gatekeepers’ under the DMA.”

The impact of an open Apple on IT

That means enterprises that rely on any of those platforms for business need to be aware and watchful for fast change. Managing changes as they go into effect becomes an additional task of time.

What benefits exist? The idea that users might gain more browser actions and more opportunity for choice and customization is one thing, but it is a big thing. While consumer users might opt for whatever option they want, those users in the enterprise could inadvertently create problems. 

As a result, Apple admins “must account for potential compatibility issues, security vulnerabilities, and user experience consistency,” Pavithran said. Beyond simple research, admins will have to identify new ways to manage and monitor these expanded choices. “My advice? Tread carefully,” he said.

Admins need to be proactive and adopt multiple layers to minimize any potential impacts. “This includes implementing endpoint management solutions, conducting regular audits, restricting non-vetted applications, and deploying automated threat detection systems,” Pavithran said. “Keeping firmware and apps updated, along with comprehensive employee education, will be crucial in this more open environment.

“Vigilance and adaptability are key.”

How opening Apple could threaten the enterprise

Pavithran knows that some enterprises have wanted more flexibility when it comes to app and service use and management on Apple platforms, and the move toward more openness might actually help there. But there’s a risk that such flexibility could compromise security and privacy, both of which are big reasons Apple’s platform sees so much use in the enterprise.

“If Apple manages this correctly, we could see its presence in the enterprise grow even further, as companies now have more control over which apps and services they can use on managed devices,” Pavithran said. “But, it should be said, these changes demand greater attention and focus from admins, and they may benefit from a unified console to enjoy such enhanced flexibility without sacrificing security or privacy.”

The introduction of support for third-party browsers could be another issue for enterprise admins. “Admins will need to evaluate each browser’s security protocols, compatibility with enterprise software, and adherence to corporate policies,” he said.

Will the opening of Apple weaken its platforms?

“This is the million dollar question,” said Pavithran. “We know that Apple will try its best to not let these changes get in the way of security and user experience. And we also know that Apple is prepared to introduce new protections on the back of enforced changes.”

Pavithran pointed to app notarization and other tools Apple has introduced in an attempt to ensure its customers are protected against rogue developers and payment systems. Well-intended as those attempts might be, “Europe isn’t making things easy for Apple,” he said, pointing to recent proceedings the bloc has taken against Apple.

The problem is that each new regulation and each new demand for further compromise serve to limit what Apple can do to protect its platforms. “Whatever happens next, the challenge will lie in how well Apple can balance this openness with the core values that make its ecosystem trusted and secure,” he explained.

Is Apple growing in the enterprise?

The Hexnode CEO joins the ever-growing chorus of voices who see Apple’s reach in enterprise computing on the rise. We’ve seen Apple’s enterprise growth really take off, driven by their commitment to security, privacy, and seamless device integration. Despite the shifting regulatory landscape, I don’t see this slowing down,” he said. 

“As Apple continues to innovate and address enterprise concerns, expect adoption to accelerate further.” 

How should IT embrace Apple openness?

When it comes to balancing Apple’s reluctant openness with enterprise needs, what awareness should guide IT admin decisions? 

“IT should be vigilant but not overly restrictive,” said Pavithran. “Openness doesn’t automatically mean insecurity, but it does require more nuance. Stay informed about potential risks, align decisions with specific security protocols, and be aware of user behavior and the evolving threat landscape.”

Please follow me on LinkedInMastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

How to activate Google’s newest Android security enhancements

October 8, 2024 /

My fellow Android phone-owners, start your feature-seeking engines: Some significant new security strengtheners on are their way to your device(s) — and quite possibly already there and just waiting to be discovered.

Surprise, surprise — eh? But oh, it be true: While we’ve been off gazing at grass and thinking about gibbons (or whatever it is you do with your downtime), Google’s been quietly sending out an under-the-hood, almost unnoticeable update that unlocks some serious new theft protection muscle.

The rollout revolves around a system-level service called Google Play Services — which means the update gets served by the regular ol’ Google Play Store and consequently reaches every compatible device, no matter who made it or which carriers might be involved, as soon as Google sends it. So, none of the delays we see with full-fledged Android version updates, in other words (huzzah!).

This specific slice o’ software sorcery is being sent to all Android devices running 2019’s Android 10 or higher. If you’re using a phone that’s running an Android version any older than that — well, my friend, you’ve got far bigger security issues to worry about than this.

But with Android 10 or higher, quite literally all you need to do is a teensy bit of gentle jabbing to surface this trio of noteworthy new Android security settings, flip all the right switches, and make your phone and all the data within it a healthy bit safer out in the wild.

[Get advanced Android tips in your inbox with my free Android Intelligence newsletter. Three new things to know and try every Friday — straight from me to you.]

Lemme show ya how.

Meet Google’s new Android security trio

First things first, let’s take a closer look at exactly what these features are and why they matter — shall we?

Back in May, y’see, Google announced a whole slew of new Android security features designed to help deter device theft and better protect data if a phone is, in fact, stolen.

Three pieces of the puzzle in particular were promised for that always-popular “later this year” window:

  1. Theft Detection Lock: An AI-powered system that uses your phone’s sensors to look for motions commonly associated with a phone being forcefully snatched and then hurried away with. When any such actions are observed, Android will instantly and automatically lock the device, if it wasn’t already in such a state — thereby making it meaningfully more difficult for any ne’er-do-well (including any children or marmots you might reside with) to get at your important info.
  2. Offline Device Lock: A similar but slightly different system, this one watches for on-screen behaviors that suggest a phone’s in the wrong hands and/or paws — an unusually prolonged period of Wi-Fi and mobile data disconnection, a bunch of failed attempts at getting past your lock screen, or an atypical amount of acorn dust on the appendages touching the technology. (All right, I may that last one up. But…maybe one day?) Again, if any such activity is detected, Android automatically locks the device to keep the scoundrel out.
  3. Remote Lock: The final puzzle piece is essentially an extra way to manually and quickly lock down your device from afar without having to use the full-fledged Android Find My Device system.

Easy peasy, right? And really, there’s no reason you wouldn’t want to fire these features up — especially when you’re using an Android device for Very Important Business™ and/or with any manner of sensitive personal doings.

So far, the first two of these features — Theft Detection Lock and Offline Device Lock — appear to be actively rolling out to Android devices all around the world. And that includes not only Google’s own Pixel phones but also phones and tablets sold by Samsung and other device-makers.

Notably, though, they’re all off by default — so even once they reach you, it’s up to you to find and enable ’em. And you’ve really gotta dig a little to do it.

20 seconds to stronger Android security

The good news is that none of this takes terribly long to do — once you know where to look. So clear out roughly 20 seconds in your schedule, and let’s find these things for ya, shall we?

First, if you’re using a Pixel or another device that mostly follows Google’s standard Android interface:

  • Head into your system settings (by swiping down twice from the top of the screen and then tapping the gear-shaped icon in the panel that appears).
  • Scroll down until you see “Security & privacy,” and tap it.
  • Tap “Device unlock.”
  • And look for the new “Theft protection” section within that area.
Google Android security enhancements: Theft protection option
Android’s newly added “Theft protection” option, as seen on a Google Pixel phone.

JR Raphael, IDG

If you’re using a Samsung-made phone, meanwhile:

  • Make your way into your system settings.
  • Tap “Security and privacy.”
  • Select “More security settings.”
  • And there, look for that freshly added “Theft protection” option.
Google Android security enhancements: Theft protection option (Samsung)
The incoming Android “Theft protection” section, in the style of Samsung.

JR Raphael, IDG

If you’re using an Android phone by any other manufacturer and neither of those paths works for you, try poking around in the equivalent security section of your settings for something related to theft protection — or try searching your system settings for that phrase.

And if you just aren’t seeing anything yet, don’t panic. This update is actively rolling out as we speak, and while it’s absolutely showing up in some places already — including on a variety of Pixels in my possession as well as an older Galaxy phone I’ve got in front of me — as with any Google rollout, it’s likely happening in waves, to minimize the risk of something going wrong and affecting a ton of people at once. And that means it may take a few days or even weeks to reach everyone.

Long story short: Give it a day or two, then check back again. It’ll show up for you soon!

Once you do see the section in question, all that’s left is to tap it — then activate the options within.

Google Android security enhancements: Theft protection menu
Android’s new “Theft protection” menu, with two out of three incoming options present.

JR Raphael, IDG

As you can see in the screenshot above, I’ve only got two out of three of the features available as of this moment. That’s the case on every phone I’ve checked, so it seems like the third feature — Remote Lock — may be rolling out separately and slightly later.

But at the very least, you should be able to activate Theft Detection Lock and Offline Device Lock soon, if not this instant. And you can set yourself a reminder to look for any missing elements once a week or so until they show up for you.

With any luck, you’ll never actually need any of these features in any real-world scenario. But if such a situation ever does arise, you’ll be glad you took the time to activate ’em — and either way, you’ll be able to rest a teensy bit easier knowing your data has that extra layer of protection on top of all the other Android security steps you’ve taken.

Want even more Googley knowledge? Treat yourself to my free weekly newsletter to get three things to know and three things to try in your inbox every Friday.

EU ruling clamps down on Meta’s use of personal data for ads

October 7, 2024 /

The European Court of Justice has decided that Facebook owner Meta must minimize the amount of personal data it uses for personalized ads, the BBC reports . The decision from the EU’s top court means that only a small part of Meta’s data collection can be used for advertisements.

The ruling stems from a complaint by privacy activist Max Schrems, who said Facebook used data about his sexual orientation for targeted ads — even though Schrems himself had not shared information about his sexual orientation on the platform.

Meta said it does not use so-called specially categorized data linked to sexual orientation, race, ethnicity, state of healt,h or religion for personalized ads. Such data is classified as sensitive and EU data protection legislation has strict requirements for processing it. The company says it takes privacy very seriously and would have further comment after it reviews the ruling.

Think data leaks are bad now? Wait until genAI supersizes them

October 7, 2024 /

The concept of data leakage — and all of its privacy, legal, compliance and cybersecurity implications — today has to be fundamentally re-envisioned, thanks to the biggest IT disruptor in decades: generativeAI (genAI).

Data leakage used to be straight-forward. Either an employee/contractor was sloppy (leaving a laptop in an unlocked car, forgetting highly-sensitive printouts on an airplane seat, accidentally sending internal financial projections to the wrong email recipient) or because an attacker stole data either while it was at rest or in transit. 

Those worries now seem delightfully quaint. Enterprise environments are entirely amorphous, with data leakage just as easily coming from a corporate cloud site, a SaaS partner, or from everyone’s new-favorite bugaboo: a partner’s large language model (LLM) environment. 

Your enterprise is responsible for every bit of data your team collects from customers and prospects. What happens when new applications use your old data in new ways? And what then happens when that customer objects? What about when a regulator or a lawyer in a deposition objects?

When the walls are this amorphous, how precisely is IT supposed to be in control? 

Consider this scary tidbit. A group of Harvard University students started playing with digital glasses to leverage real-time data access. The most obvious takeaway from their experiment is it that it can be a highly effective tool for thieves (conmen, really). It allows someone to walk up to a stranger and instantly know quite a bit about them. What a perfect way to kidnap someone or steal their money. 

Imagine a thief using this tool to talk his/her way into a highly-sensitive part of your office? Think about how persuasive it could make a phishing attack.

As bad as that all is, it’s not the worst IT nightmare — that nightmare is when the victim later figures out the misused data came from your enterprise database, courtesy of a detour through a partner’s LLM. 

Let’s step away from the glasses nightmare. What happens when an insurance company uses your data to deny a loan or your HR department uses the data to deny someone a job? Let’s further assume that it was the AI partner’s software that made a mistake. Hallucinations anyone? And that mistake led to a destructive decision. What happens then?

The underlying data came from your confidential database. Your team shared it with genAI partner 1234. Your team hired 1234 and willingly gave them the data. Their software screwed it up. How much of this is your IT department’s fault?

There is a terrible tendency of litigation to split fault into percentages and to give a healthier percentage to the entity with the deepest pocket. (Hello, enterprise IT — your company quite likely has the deepest pocket.) 

There are several ways to deal with these scenarios, but not all of them will be particularly popular.

1. Contractual — put it in writing. Have strict legal terms that put your AI partner on the hook for anything it does with your data or any fallout. This won’t prevent people from seeing the inside of a courtroom, but at least they’ll have company.

2. Don’t share data. This is probably the least popular option. Set strict limits on which business units can play with your LLM partners, and review and approve the level of data they are permitted to share.

When the line-of-business chief complains — virtually guaranteed to happen — tell that boss that this all about protecting that groups’ intellectual property and, in turn, that LOB chief’s bonus. Mention that this preserves their bonus and watch the objections melt away.

3. Impose stiff punishments for Shadow AI violations. In theory, you can control contacts and data access with your key genAI partners. But if your people start feeding data into ChatGPT, Perplexity or their own account on CoPilot, they need to know that they will be discovered and that two violations mean termination.

First, you need to take this request up as high as you can to get in writing that it will happen. Because, trust me, if you say that a second violation will result in termination, and then some top-tier salesperson violates and does not get fired, wave bye-bye to your credibility. And with that, any chance people will take your rules seriously. Don’t threaten to fire someone until you are certain you can.

Maybe something equally effective would be canceling their next two bonus/commission payments. Either way, find something that will get the attention of the workforce.

4. The anti-contract. Lawyers love to generate 200-page terms of service that no one reads. I just need to remind you that such terms will be ignored by courtroom juries. Don’t think you can really right-click your legal exposure away.

This is triply the case when your customers are outside the United States. Canada, Europe, Australia and Japan, among others, focus on meaningful and knowing consent. Sometimes, you are banned from forcing acceptance of the terms if you choose to use the product/service.

5. Compliance. Do you even have legal permission to share all of that data with an LLM partner? Outside the US, most regulators are told that customers own their data, not the enterprise. Data being mis-used — as in the Harvard glasses example — is one thing. But if your genAI partner makes a mistake or hallucinates and sends flawed data out into the world, you can be exposed to pain well beyond simply sharing too much info. 

You can never have too many human-in-the-loop processes in place to watch for data glitches. Yes, it will absolutely dilute genAI efficiency gains. Trust me: for the next couple of years, it will deliver a better ROI than genAI will on its own.