The best Thunderbolt 3 docks
Why you should trust us
I was the accessories editor at iLounge for a little more than three years and have been covering accessories at Wirecutter for a little longer than that. During my tenure, I've reviewed more than 1,000 iOS and Mac products, including numerous docking stations over several iterations of this guide.
Who needs this
If you have a computer with a Thunderbolt 3 port and want to connect several peripherals—displays, drives, printers, and such—a Thunderbolt dock lets you attach them all with a single cable. If you use a laptop as your main computer and regularly move that laptop to and from a desk with multiple peripherals, you can leave all of those accessories plugged into the dock so that when you sit down at your desk, you can simply plug your Thunderbolt cable into the laptop to connect everything instantly.
A Thunderbolt dock is also useful if your Thunderbolt-equipped computer doesn't have enough ports and connections, or if those connections are inconveniently located. You can run a single Thunderbolt cable from the computer to the dock and put the dock somewhere more accessible.
Thunderbolt docks are ideal for creative professionals and other people who demand a lot from their computers, including the fastest possible transfer speeds and the widest port selection. Most people, however, are just as well served by a much less expensive USB-C dock. These docks use the same connector and can do almost all the same things, but they don't support Thunderbolt 3 transfer speeds and don't usually include the same quantity or variety of ports.
If you have an older computer with Thunderbolt or Thunderbolt 2 (which each use a Mini DisplayPort connector instead of USB-C) and plan to eventually upgrade your computer, you could buy a dedicated Thunderbolt 2 dock. Instead, however, you should be able to use any Thunderbolt 3 dock with Apple's Thunderbolt 3 (USB-C) to Thunderbolt 2 Adapter. The performance will be limited to Thunderbolt 2 speeds (and you won't be able to charge a laptop or use DisplayPort displays through the adapter), but you won't have to upgrade your dock when you upgrade the computer.
USB-C vs. Thunderbolt 3
Although USB-C and Thunderbolt 3 use the same USB-C connector, they aren't the same thing. As this Intel blog post explains, Thunderbolt 3 does everything that USB-C can do plus a few extra Thunderbolt-only features. Specifically, Thunderbolt 3 supports faster data-transfer rates (up to 40 Gbps, versus a maximum of 5 or 10 Gbps for USB-C depending on the device), allows data to transfer in both directions at the same time (useful when you're connecting a slew of devices through one cable), and can simultaneously transfer data, output video, charge your computer, and daisy-chain other Thunderbolt devices over a single cable.
Although having fewer different types of connectors is generally good, it can get confusing when the same connector does different things depending on the computer. You won't hurt anything by plugging a Thunderbolt 3 device into a USB-C port, but if you do that, the device won't work like it's supposed to, so check your manual and confirm which connectors your computer has. Thunderbolt is more expensive for computer vendors to include, so you'll find it mainly on recent Macs (except for the 12-inch MacBook) and higher-end Windows PCs such as our top ultrabook picks. If your computer has USB-C but not Thunderbolt 3, the docks in this guide aren't for you—check out our guide to USB-C accessories.
How we picked and tested
A great Thunderbolt dock extends the functionality of the computer that it's connected to by offering additional connections, each at the fastest speeds. These docks are particularly useful for computers that have a limited number and variety of ports, such as the current 13-inch MacBook Pro with two Thunderbolt ports, but they're also useful for more conveniently connecting peripherals to a desktop or laptop computer. We looked for the following features in evaluating our picks:
- Port selection: In general, more ports are better, but we especially prefer practical ports such as USB-A and video output. Less-common ports, including FireWire and eSATA, are appreciated but not necessary.
- Port performance: Devices connected via the Thunderbolt 3 dock should perform almost as well as devices connected directly to the computer. (We discuss, below, our test procedure for each type of port.)
- Design and size: Everything else being equal, a smaller dock is better for your desk than a larger one. We also prefer docks that you can stand on end to take up even less space.
Thunderbolt docks have always been somewhat niche, so you won't find many. We've tested almost every dock that has been released since June 2017. For all models, we've used a 2017 Touch Bar–equipped 13-inch MacBook Pro to test speeds, and for the models we tested in 2018 we also confirmed compatibility with a Dell XPS 13 laptop. Specifically, we've run the following tests:
- USB-A: We ran AJA System Test speed tests using Samsung's Portable SSD T3. To measure how fast each dock could charge other devices, we connected a 10.5-inch iPad Pro and read the power draw with PortaPow's USB Power Monitor.
- Thunderbolt 3: We ran AJA System Test speed tests using LaCie's Bolt 3. To measure charge speed, we read the results in the 13-inch MacBook Pro's system report and verified them against the readings on a Satechi USB-C Power Meter.
- USB-C: We ran AJA System Test using Samsung's Portable SSD T3. To measure charge speed, we connected a Drok USB Load Tester and then turned up the amperage of the load tester as far as it could go without overloading the dock, recording the volts and amps to calculate the maximum output (watts).
- HDMI: We connected each of the docks via HDMI to a BenQ BL2711U 27-Inch 4K Monitor with the resolution set to 4K; we repeated this test using a Mini DisplayPort–to–DisplayPort cable running from each dock's Thunderbolt port to the display.
- DisplayPort/Mini DisplayPort: We connected each of the docks via DisplayPort to a Dell 4K monitor or an LG 27MU88-W monitor with the resolution set to 4K, and we used Blur Busters Motion Tests to verify the refresh rate.
- Audio: We tested each dock's audio inputs and outputs by plugging microphone-equipped headphones into each of the dock's audio jacks, making sure the input or output source was properly set in macOS and monitoring the resulting audio levels.
- FireWire: We connected an SSD-equipped version of OWC's Mercury Elite Pro Mini and measured the transfer speed using AJA System Test.
- Ethernet: We verified the connection speed in Network Utility on a Mac, which displays the link speed.
- SD card: We ran AJA System Test on a 64 GB SanDisk Extreme Pro.
The best Thunderbolt 3 dock: CalDigit TS3 Plus
CalDigit's TS3 Plus is the best Thunderbolt 3 dock for most people because it offers more USB-A ports than almost all of the competition and provides USB-C ports and an SD card slot without sacrificing other important inputs. It's also one of the most compact models available, so it takes up less room on your desk—especially if you stand it on its end, an option you don't get with most docks. And the 85 watts of power it can send to a connected laptop means it's capable of charging even a 15-inch MacBook Pro at full speed, or a 16-inch MacBook Pro at close to that. The TS3 Plus is more expensive than some other docks we tested, but if you truly need a Thunderbolt 3 dock rather than a USB-C one, this model makes the fewest compromises.
The TS3 Plus provides two Thunderbolt 3 ports, five traditional USB (USB 3.2 Gen 1 Type-A) ports, an SD card slot, DisplayPort, Gigabit Ethernet, separate audio-in and -out jacks, S/PDIF digital audio, and two USB-C ports, one of which (the one on the back) supports the faster USB 3.2 Gen 2 transfer speeds.
In our USB-A testing with Samsung's Portable SSD T3, we measured average read speeds of 340 MB/s and write speeds of 264 MB/s on four of the five ports. Those speeds are about 20 to 30 percent slower than the results we got when we plugged the drive into the Mac directly. However, the other docks we tested provided similar results—our test drive exhibited similarly slower speeds with every dock. The fifth port (the lowest one on the back of the CalDigit dock) produced faster speeds of 422.7 MB/s read and 383 MB/s write. The USB-C 3.2 Gen 1 read and write speeds were almost identical to those of the slower four USB-A ports, while the Gen 2 port was in line with the faster USB-A port.
We also measured transfer speed with SanDisk's Extreme 900 Portable SSD, which CalDigit provided and which we returned after testing. SanDisk advertises this drive as supporting read and write speeds up to 850 MB/s (compared with a max of 450 MB/s for the Samsung T3 drive). USB 3.2 Gen 1 ports can't take advantage of this additional speed because they max out at 5 gigabits (or 625 megabytes) per second, but 10-gigabit USB 3.2 Gen 2 ports can. We found that USB-A speeds were slightly faster with the SanDisk drive, hitting an average read speed of 347 MB/s and a write speed of 309.7 MB/s, though that bottom USB-A port was once again noticeably faster, measuring 419.3 MB/s and 373.7 MB/s read and write, respectively. The more striking difference was between the two USB-C ports: The slower port, on the front of the dock, averaged 351 MB/s read and 313.3 MB/s write, whereas the rear (Gen 2) port was about twice as fast, with read speeds of 736.3 MB/s and write speeds of 605.7 MB/s. We saw even faster speeds when we plugged the SanDisk drive into the dock's open Thunderbolt 3 port using the drive's included USB-C cable: 829.7 MB/s read and 734.3 MB/s write. All this is to say that the TS3 Plus supports fast transfer speeds when paired with the right hardware.
In our tests using LaCie's Bolt 3, a Thunderbolt 3 drive, the TS3 Plus's Thunderbolt 3 read and write speeds were many times faster than its USB results, but—as with all the docks—still a bit slower than when the test drive was connected directly to the computer via Thunderbolt, and slower than the maximum speed LaCie advertises. With the drive hooked up directly to our Mac's Thunderbolt 3 port, read speeds averaged 2,229 MB/s (17.83 Gbps); with the drive connected through the TS3 Plus, they were close, at 2,173 MB/s (17.39 Gbps). Write speeds saw a much bigger drop-off, going from 953.3 MB/s (7.63 Gbps) via direct connection down to 704.7 MB/s (5.64 Gbps) through the dock. Again, these numbers are comparable with our test results across the rest of the docks, and these figures still indicate blazing-fast speeds next to those of most connection types. However, you shouldn't buy this dock (or any dock, for that matter) expecting to see the same performance as you'd get with a direct connection between your computer and the fastest Thunderbolt 3 drives.
The TS3 Plus's SD-card transfer speeds were on a par with those of every other SD-equipped dock we've tested: Read speeds averaged 88.7 MB/s, and write speeds averaged 77 MB/s. That's slower than what we measured with a standalone card reader for our guide to the best SD cards, but it's still respectable.
Four of the CalDigit dock's USB-A ports provide 7.5-watt charging each (1.5 amps at 5 volts), which is slower than what you can get from a good standalone USB charger but comparable to the results from other Thunderbolt docks. The fifth port—the one closest to the end of the dock—provides slower, 2.5-watt charging (0.5 amp at 5 volts), making it better suited for transferring data than for charging phones or tablets. (Unfortunately, the dock has no label to tell you that port provides less power than the others.) Both USB-C ports also support only 2.5-watt charging.
Most Thunderbolt 3 docks, including this one, use DisplayPort for video output. We measured a proper 60-hertz refresh rate when the dock was connected to a 4K DisplayPort monitor.
Almost every other Thunderbolt dock we tested is long and flat, designed to lie horizontally on your desk. The TS3 Plus, on the other hand, can stand vertically or sit horizontally. It measures 5.2 by 3.9 by 1.6 inches, so when it's standing on its shortest edge, it takes up only about 6.25 square inches of desk space, compared with the 26.6 square inches required for the 8.43-by-3.15-inch CalDigit USB-C Pro Dock, our budget pick.
Reviews of the TS3 Plus have been very positive, matching our findings. "Of all the Thunderbolt 3 docks I've tested so far, CalDigit's TS3 Plus is my new favorite," writes Eric Slivka of MacRumors. In another review, 9to5Mac's Jeff Benjamin writes, "[T]he TS3 Plus' diminutive design, and 15-ports in total, make CalDigit's latest dock a very compelling option for Mac users." And Mike Wuerthele of AppleInsider calls it "a superb choice."
Cale Hunt, who tested the TS3 Plus with a PC for Windows Central, also praises its performance and versatility: "With 15 ports, great performance, and a small footprint, the TS3 Plus is about the best Thunderbolt 3 dock you can buy today."
Flaws but not dealbreakers
A Wirecutter editor who uses the TS3 Plus with two LG 27UK850-W monitors and a 2017 MacBook Pro reported issues where one or both displays won't wake up when the computer wakes from sleep mode: "The solution is usually to unplug one or both of the displays and replug. Occasionally it requires a restart." He noted similar quirks with the headphone port. We didn't experience these problems in our testing, but we have seen issues with several Thunderbolt docks when connecting two displays directly to the dock.
Budget pick: CalDigit USB-C Pro Dock
If you want most of the power of the CalDigit TS3 Plus but aren't willing to pay for it, consider the more affordable CalDigit USB-C Pro Dock. It has a more limited yet still useful port selection, and it provides enough passthrough power for all 13-inch laptops and many larger ones too. Unlike most Thunderbolt docks, this model also connects to computers that have only USB-C ports and offers almost identical performance. This flexibility makes the USB-C Pro Dock a good choice if you regularly switch between multiple computers, but if you have only a USB-C computer, you'd be better off with a less expensive USB-C dock. Regardless of the computer you're using, however, you can't hook additional Thunderbolt 3 devices to the dock, as it has only a single port, which you use to connect it to your computer. This model also takes up a little more space on a desk than our top pick.
The USB-C Pro Dock's port array is smaller than that of the TS3 Plus but still pretty good. It has one USB 3.1 Gen 2 Type-C port (supporting speeds up to 10 Gbps) on the front, plus three 5 Gbps USB-A ports. You'll also find an SD card slot, two DisplayPort outputs, Ethernet, and audio, and this dock supports the same 85-watt power output as the more expensive CalDigit model.
In our tests, the USB-A and USB-C ports on the USB-C Pro Dock were faster than the respective ports on the TS3 Plus, with speeds of about 330 MB/s write and 405 MB/s read (we tested this model only with the Samsung drive, not with the faster SanDisk). In all of our other tests, the two units produced comparable results. Notably, the USB-C Pro Dock has two DisplayPort 1.2 connectors, and we were able to properly drive two 4K displays at full resolution with a 60 Hz refresh rate from a 13-inch MacBook Pro. In contrast, USB-C–based computers are restricted to either a single 4K display at 30 Hz or two 1080p displays at 60 Hz, the only limitation compared with Thunderbolt 3 machines.
The USB-C Pro Dock is larger than the TS3 Plus by about 3 inches in width and ¾ inch in depth, and you can't stand it on one end as you can the more expensive model. Like its CalDigit sibling, however, the USB-C Pro Dock comes with a Thunderbolt 3 cable, so you don't have to buy one separately.
Cheaper, with fewer USB-A ports: HP Thunderbolt Dock 120W G2
CalDigit's TS3 Plus is the best option for people who need as many USB-A ports as they can possibly get, but the HP Thunderbolt Dock 120W G2 is a great alternative if you're okay with fewer legacy ports and want to spend less on a dock. Two USB-C ports and two Mini DisplayPort outputs instead of one help make up for fewer USB-A ports and the lack of an SD card slot. And with 100-watt charging, this dock can power any USB-C laptop at full speed.
The Thunderbolt Dock 120W G2 has three USB-A ports, two USB-C ports, VGA, Ethernet, Thunderbolt 3, two DisplayPorts, combined audio, 100 W charging, and a Kensington lock slot. It's the second USB-C port that sets this dock apart from the rest, as this is the only model we've seen to include a second such port while remaining at a reasonable price.
In our tests, the HP's ports were actually a bit faster than those of the CalDigit TS3 Plus, with the USB-A ports averaging 339.3 MB/s write and 419 MB/s read speeds and the USB-C ports' speeds right in line with those results. The second DisplayPort connector is noteworthy as well because it's pretty rare and allows you to attach up to two displays at the same time without a USB-C–to–DisplayPort cable or adapter.
Much like the CalDigit TS3 Plus, this HP dock takes up relatively little desk space. The 3.9-by-3.9-inch square with rounded corners will fit pretty much anywhere. The only considerable downside is the Thunderbolt cable that leads to your computer, which is a hassle to replace: If something happens to the cable, you'll have to buy the replacement cable and kit from HP and take off the dock's bottom plate to access the port. But at about 2 feet, the cable should be long enough for most setups.
The Thunderbolt Dock 120W G2 is also available in a version with a speaker built in. We found that it gets louder than a MacBook Pro's speaker, but the audio quality is a bit muddier. It's better suited for conference calls—the manual references Skype for Business and Lync 2013, for example. You can also purchase that audio module separately and install it on the regular dock if you decide you want it later.
What to look forward to
Plugable announced its TBT3-UDZ Thunderbolt 3 and USB-C Dual Display Dock at the CES 2020 trade show. Much like the CalDigit USB-C Pro Dock, it can connect to both Thunderbolt 3- and USB-C-equipped computers. The dock offers dual-display connectivity through either DisplayPort or HDMI—there are two of each connector on the back—as well as seven USB-A ports and 100-watt charging. It will be available in the spring.
The competition
Cable Matters's Thunderbolt 3 Docking Station with 60W Power Delivery and Promise Technology's Thunderbolt 3 Dock TD-300 were runner-up picks in a previous version of this guide and are identical to one another aside from their paint jobs. Each model costs less than our top pick from CalDigit but offers the same number of USB-A ports (five) and an SD card slot. However, unlike our top pick, these docks lack USB-C ports and an S/PDIF output, won't charge larger laptops such as the 15- or 16-inch MacBook Pro as quickly, and use combined audio-in and -out jacks instead of separate jacks. They also have HDMI 2.0 video output instead of DisplayPort; it's difficult, but not impossible, to get a Mac to output 4K resolution at 60 Hz over HDMI.
Like CalDigit's USB-C Pro Dock, the Kensington SD5550T Thunderbolt 3 and USB-C Dual 4K Hybrid Docking Station works with both Thunderbolt 3 and USB-C computers. Kensington's dock is more expensive, and although it has one more USB-C port, it lacks an SD card slot and charges at only 60 watts, which may be too slow for heavy-duty use with a 15- or 16-inch computer.
Like our pick from HP, the Elgato Thunderbolt 3 Pro Dock has two USB-C ports; it adds SD and microSD card slots. But it offers only two USB-A ports and one DisplayPort connection, in a wider design, and carries a much higher price tag.
The OWC 14-Port Thunderbolt 3 Dock has the same ports as our top pick from CalDigit, plus a microSD card slot. OWC's model performed just as well as our pick across our tests but takes up much more desk space. The two docks cost about the same, so you should stick with the more compact CalDigit model unless you value a card reader above desk space.
Plugable's Thunderbolt 3 Docking Station was a previous top pick, but it costs around the same price as our current runner-up and doesn't have an SD card slot or USB-C ports. The only extra feature you get for your money is a DisplayPort-to-HDMI adapter, but that typically costs less than $10 if you were to buy it separately; we think most people will find the extra ports and card reader in our picks to be more important.
Elgato's Thunderbolt 3 Dock provides 85 W charging but has only three USB-A ports and no SD card slot. It's also more expensive than our runners-up, and you can't position it vertically, so it takes up more desk space.
The Belkin Thunderbolt 3 Express Dock has only three USB-A ports and is pricier than more full-featured docks.
StarTech's Thunderbolt 3 Docking Station and Iogear's Thunderbolt 3 Quantum Docking Station offer identical ports—USB-C, DisplayPort, Ethernet, and audio, but only two USB-A—in the same layout but have no high-speed laptop charging. They're not worth the cost considering that more full-featured docks are available in the same price range.
We didn't test StarTech's Dual 4K Monitor Thunderbolt 3 Dock with 3x USB 3.0 Ports since it is larger than our top pick, costs more, and doesn't include an SD card slot. This dock has the same design and ports as StarTech's less-expensive version, but it supports 85-watt charging and it comes with a USB-C–to–DisplayPort cable in addition to its Thunderbolt 3 cable. We don't think the included cable makes this model worth buying.
We also decided not to test the Akitio Thunder3 Dock Pro, because judging by its niche specs and high price, we don't think it's the right choice for most people. It's the only dock we've seen that has a CFast card slot, which some video professionals may appreciate. Similarly, it's the only model we know of with a 10 Gbps Ethernet connection, but most people's networks aren't fast enough to use that speed; it's better suited for pro video peripherals. Neither of those features is bad to have, but they come at the expense of lower power output (60 W) and fewer USB 3.2 Gen 1 ports (three), all for a higher price than you'd pay for most competing docks.
This guide may have been updated by Wirecutter. To see the current recommendation, please go here.
When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commissions.
Article source: https://www.engadget.com/2020/01/31/the-best-thunderbolt-3-docks/
Can we keep facial recognition from enabling a surveillance state?
Researchers have been pursuing facial recognition technologies since the 1960s but its only been in the last few years that these systems have become so alarmingly capable. Neural networks able to match faces across thousands of features with better than 98 percent accuracy as well as an explosion of available training data sets have fueled the field's recent spate of advancements. However even though these algorithms can spot a person using low quality security camera footage, they're still dreadful at differentiating between folks with darker skin tones.
Facial recognitions systems aren't all bad. They offer people convenience, as any Apple Face ID user can attest, as well as quick and seamless security access. Unless you're stuck in a Nick Cage-John Travolta action thriller, you'll never have to worry about someone gaining unauthorized access to your devices. The technology has also proven a boon to law enforcement, enabling officers to more quickly track down suspects, as the NYPD did with an armed rapist last August, or identifying lost children and addled senior citizens. Heck, even pop star Taylor Swift uses the technology at her shows to foil stalkers.
But the same power and versatility that makes facial recognition so useful is what makes it so dangerous. China's authoritarian government has long used mass surveillance and facial recognition to keep tabs on its citizens. London's Met just last week followed suit, announcing that it will formalize its use of the controversial ClearView system which can track people in real-time. A number of American law
enforcement organizations are equally eager to install or in some cases expand their surveillance capabilities at the expense of its citizens privacy and eroding civil liberties. And yet, despite the technology's shortcomings in accuracy and massive potential for misuse, only a trio of states have sought to stop its adoption. For better or worse, facial recognition is not going away; it's now a question of how much damage it will do before our elected leaders seek to restrain it.
Article source: https://www.engadget.com/2020/01/31/can-we-keep-facial-recognition-from-enabling-a-surveillance-stat/
You can still watch the Super Bowl for free on Roku
There is one caveat: the NFL app won't stream the game in 4K HDR. If you refuse to watch the big game in anything but 4K, you can check out our guide to watching the Super Bowl via cable and satellite TV, streaming or online livestreams.
The Fox and Roku dispute began yesterday when Fox sent an email to its customers telling them that the standalone Fox apps wouldn't be available as of January 31st, due to an agreement between the companies expiring. A Fox spokesperson called the notification a "poorly timed negotiating ploy" and "a naked effort to use its customers as pawns." Regardless of how this ends for Fox and Roku, you don't need to worry about missing out on the gameday action.
Article source: https://www.engadget.com/2020/01/31/super-bowl-liv-nfl-roku-app/
EU votes in favor of choosing a common charging cable standard
The European Parliament also instructed the Commission to think about wireless chargers and how they could be used to reduce electronic waste. It also wants the body to find ways for the EU to collect and recycle more cables and chargers. "There is 'an urgent need for EU regulatory action' to reduce electronic waste and empower consumers to make sustainable choices," the EU said. Lawmakers didn't specify what charging standard manufacturers should adopt in Thursday's resolution. However, given the growing ubiquity of USB-C, the Commission is likely to lean toward the relatively new standard.
Any legislation the EU enacts is likely to affect Apple more so than any other company. When the EU renewed its push for a universal charging standard earlier this year, Apple said any regulation would "stifle innovation" and ultimately hurt consumers more than it would help them. It also pointed out that much of the industry is already moving toward integrating USB-C in all their new devices. The EU has been attempting to push manufacturers toward a shared cable standard for more than a decade, arguing that it would reduce electronic waste and make life easier for consumers.
Article source: https://www.engadget.com/2020/01/31/european-union-wants-common-charging-cable-standard/
Aston Martin won’t release EVs until it’s financially stable
Since Aston Martin first teased the Rapide E back in 2015, the supercar has suffered multiple setbacks. After a false start courtesy of LeEco and the financial meltdown the Chinese company went through in 2017, Aston Martin said it would produce 155 Rapide Es in time for 2019. Earlier this month, however, Automaker published a report that said Aston Martin had decided to turn the car into a research project.
Had it gone into production, Aston Martin claimed the Rapide E's 800V twin electric motor would have outputted the equivalent of 604 horsepower and pushed the car to a top speed of 155 miles per hour. The car's 65 kWh battery, meanwhile, would have allowed the Rapide E to achieve a range of 200 plus miles.
Article source: https://www.engadget.com/2020/01/31/aston-martin-delays-evs-emergency-investment/
Draft bill could penalize companies for using end-to-end encryption
The draft does ask the commission to consider issues like privacy and security when establishing the practices. However, the 15-person commission would be led by the Attorney General, and current AG William Barr has been a vocal opponent of end-to-end encryption. As the draft law would let Barr modify the rules without a consensus, it wouldn't take much for him to require a backdoor and thus weaken encryption for everyone by creating a hacker-friendly vulnerability.
Riana Pfefferkorn, an Associate Director at the Stanford Center for Internet and Society, also warned that the commission wouldn't have much oversight. She also noted that the last modification of Section 230, for FOSTA-SESTA, is facing a constitutional challenge and appears to have done more to hurt sex workers than curb sex trafficking.
This is a draft bill and isn't guaranteed to reach the Senate Judiciary Committee as-is, let alone make it to the floor for a vote or pass both sides of Congress. Senator Richard Blumenthal was supposed to co-sponsor the bill, but there hasn't been any sign of this so far. It does illustrate some congressional attitudes toward liability for online content, though, and suggests that Section 230 might be vulnerable in the future.
Article source: https://www.engadget.com/2020/01/31/earn-it-act-bill-would-limit-encryption/
Phishing scams leveled up and we didn’t
In case you missed it, on January 22 Guardian reported: "Amazon billionaire Jeff Bezos had his mobile phone 'hacked' in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia."
According to the now-contested report by FTI Consulting cited by Guardian, that was in April. I was curious enough to notice that the "hey boi r u up" texts between Crown Prince Mohammed bin Salman and Jeff Bezos were exchanged before Jamal Khashoggi was murdered in October of that same year.
Questions, we have them. But Khashoggi's name is hard to find in the wider reporting about Bezos's iPhone — which has been a mess from the start. Instead, a former-Facebook security pundit and at least one actual researcher snatched the spotlight to say FTI's report was lacking in facts.
The self-appointed infosec "adults in the room" weren't wrong. But it was a pedantic and selfish distraction from anything that mattered about the whole affair.
Normal people read about the maybe-hacking of Jeff Bezos's phone and just shrugged. He can afford the best security on the planet. Saudi Arabia's Prince Klaus von Bonesaw is a monster. Everyone's getting hacked, especially us peasants. These are all things we know.
What we also know is that the supposed phone hack came via an attachment. And, if the hack happened, an attachment was clicked. It's the same way the City of Baltimore's computers and emergency systems at Hollywood Presbyterian Hospital were infected and locked with ransomware. And it's how consumers are losing identities and accounts from malware, learning how to send Bitcoin to grubby teenage boys in latitudes and longitudes unknown because of ransomware. Click a link. Look at an attachment. Download a file. That's it. An attacker went phishing and now you're on the hook.
All that is from phishing, though what we hear about most are the breaches. Attackers grabbing usernames and passwords from breach dumps, then using tools with cutesy names like SNIPR or STORM to automatically try it out on all your accounts to see what works. Which they do because Equifax used default passwords on sensitive information, Facebook was so busy lying to everyone it left the barn doors open, the City of New Orleans refused to believe cybersecurity is critical infrastructure.
So much for "the adults in the room."
I attended a recent hacking conference in San Francisco called Disclosure expecting a lot of the same fresh hells. The "I'm smarter than you" guys competing for attention while alarmed researchers in the background are trying to tell us something's on fire.
I was not disappointed.
Apropos to what was happening (or not) to Jeff Bezos at that very moment, I saw the talk "Initial Public Ownage: Trends in Phishing Techniques Across Sophisticated Threat Actors." Sounds boring, right? Nope.
According to jaw-dropping data presented by Proofpoint's Ryan Kalember, phishing is now the #1 attack of choice for cybercriminals. "Phishing is attractive for different reasons for the attackers that do have technical skills, because it scales really well," Kalember told Engadget via email. "The bigger groups, like the threat actor behind Emotet, have built the automation to do social engineering at the scale of millions of messages a day, and are very good are getting their relatively simple attacks (often documents with macros sent via already phished cloud email accounts) through security controls."
So what, you say? All the adults (who were in the room a minute ago) know not to click strange links to win a free iPad, or login at notgoogle.com, or download the attachment from Lisa@FreePills. Who does that? Florida grandmas falling for Nigerian princes, surely.
This thinking is fine and good only under the conceit that getting pwned is for people who aren't as smart as you, or that the cliques running security for your email clients have perfected their specious and occult magics of marking suspicious emails with big fat red DANGER warnings. The adults have it under control, you think. Gosh, there must be a lot of dumb people, you muse.
Turns out, you're pretty wrong on both counts.
If you got an email from a law firm saying "divorce papers" and it was a real law firm, and the email contained a link to a document on that website, you'd probably have a very emotional reaction, and click it. Mr. Kalember saw numerous examples, and brought receipts (image below courtesy of Proofpoint).
"In general," Kalember explained to Engadget, "the sneakiest phishes are highly socially engineered and customized for a specific intended recipient. The best example is a complaint about a specific person, sent to that person, which threatens to email (or even directly cc's) their manager. That said, we've seen threat actors use everything from fake food poisoning complaints, Greta Thunberg pledges, and Christmas party invites in just the last couple of months, so there's no shortage of innovation."
Right now, around 1.3 million phishing operations reside illicitly on around 300,000 URLs. Ultimately it means many of us will be hacked/attacked because someone else's website security sucks.
So are all those WordPress hacks and vulns adding up or what? Proofpoint's Kalember told us, "Compromising WordPress and other sites is unfortunately quite common, and it can be challenging for even the most experienced administrators to thoroughly clean as attackers often create layers of access." Explaining further he added, "A tremendous amount of malicious content is also hosted on cloud file storage that most networks (and users) have to trust: SharePoint and OneDrive are the biggest offenders at the moment."
Every website that can be compromised — hacked into — is being used to send legitimate-looking phishing emails, using mail addresses from websites ranging from alpaca farms to law firms and universities.
Yes, actual alpaca farms. "While it's possible that the North Korean threat actor in question has a sense of humor," Kalember said, "it was a WordPress site that was vulnerable to an old exploit, so it was probably just opportunistic. From a network perspective, no one is likely to block their users going to alpaca farm websites, so it suits their purposes for command and control of their malware."
Criminal organizations are compromising legit sites and using those to send legit (and despicably personal) phishing attacks — to install malware or ransomware. Often they want to compromise your employer, or steal your accounts because those are extremely valuable for doing more crimes. More to the point, thinking that you're not a target for any reason ("I'm not that interesting" or "I don't have followers/money" or "my job is boring") is going to make you the perfect target.
And looking at infosec trends (which tend toward sensationalism and know-it-alls) there's a serious lack of adults in the room to watch our backs. Proofpoint's Kalember told Engadget, "Simply stated, attackers focus on people, and most defenders don't. Boosting awareness and email security controls are two practical ways to significantly reduce risk."
A wise and prophetic TV show called The X-Files once said "Trust no one." This has never been truer than now. Rather than panic about every scary email or text message, treat all your inboxes like your front door: if you're not expecting a delivery, don't open the door
Article source: https://www.engadget.com/2020/01/31/phishing-scams-leveled-up-and-we-didnt/
Lyft expands free voter rides to all US primaries
The company is promising more details on plans to improve voter access and "other forms of civic engagement" later in the year.
This is partly a promotional vehicle, of course Along with other LyftUp projects like Disaster Response and Grocery Access, it's as much about polishing Lyft's image as it is caring for people in need. At the same time, there's little doubt that this and rival programs like Uber's could play important roles in turning out the vote. Lyft pointed to data suggesting that 15 million potential voters in 2016 didn't go "in large part" because they couldn't get to polling locations. If ridesharing companies and their partners can draw enough attention to these programs (and that's a big "if"), they might increase participation -- particularly for low-income and carless people who might have a harder time casting their votes.
Article source: https://www.engadget.com/2020/01/31/lyft-expands-free-voter-rides/
Vine successor Byte will share all its ad revenue to lure early creators
The money for the pool will come from ads, but Byte stressed that you won't see pre-rolls, mid-feed ads or retargeting. The pilot phase of the program will funnel all of the ad revenue to Partner Program members, although that's clearly going to change once the effort launches in earnest.
Don't expect to start making a living as a Byte influencer for a while. The pilot is due to start in the US in 60 to 90 days, and it'll be invitation-only at first. The company is promising "multiple ways" to help creators get paid, though, so you may have other ways to rake in cash if and when you hit the big time. The challenge, of course, is building up Byte in the first place. It's still soon to know if Byte will recreate Vine's heyday and lure people away from the likes of Instagram or TikTok, or meet the untimely fate of many other social media apps.
Article source: https://www.engadget.com/2020/01/31/byte-partner-program-details/
Wizards of the Coast teams with ex-BioWare devs on a sci-fi RPG
The good news is that leading the developer are two former BioWare employees: James Ohlen and Chad Robertson. Ohlen worked as the creative director and lead designer on some of Bioware's most beloved titles, including Baldur's Gate, Dragon Age, Neverwinter Nights and Star Wars: Knights of the Old Republic. Wizards of the Coast first announced Ohlen's hiring last April. He will serve as the head of the studio.
Robertson, meanwhile, comes from BioWare Austin, the studio EA established to create Star Wars: The Old Republic. According to Polygon, his most recent role involved heading up live services for Anthem, BioWare's poorly-received loot shooter. Robertson will manage the studio and act as its vice-president.
While we don't know Archetype's current headcount, based on the fact the studio is hiring for positions like art director, lead character artist and lead gameplay engineer, its first game is likely years away. In the meantime, Wizards of the Coast has Larian Studios, another developer with a strong pedigree, working on Baldur's Gate 3. The sequel will probably launch before Archetype's first game.
Article source: https://www.engadget.com/2020/01/31/wizards-of-the-coast-teams-archetype-entertainment-rpg/