A project I posted a few years back on HN for an invisible full-lid sticker for MacBooks, so that you could both protect them _and_ keep your stickers once you get a new laptop. I finally found a cost effective manufacturing solution, so setup a shop for them!
Well, I'm back, and this time I've managed to turn this into an actual physical product! It all started with a simple blog post back in 2019, which gained enough traction on various websites that it seemed worthwhile pursuing. So, a Kickstarter[0] was, well, started – but it never gathered enough momentum to get it across the line (and looking back, rightly so), and so everything got put on hold.
Then the pandemic happened, and I’m kind of glad the idea hadn’t taken off. I did however continue to get a trickle of messages and DMs asking what happened to LidLayer, and if there were any plans for the future…
Fast-forward a year or two, and I get the opportunity to go to a conference for work – the beautiful Objective by the Sea (ObtS)[1], where I am surrounded by stickered MacBooks! The idea of LidLayer immediately pops back into my head, and I can’t help but take another look at it, to see if I can make it work (it must be good if I keep coming back to it, right?).
So, I managed to find a supplier who can accurately cut the LidLayers way more cost-effectively than I ever could, meaning I could finally bring this whole thing back to life. And, what that also means is that because the cost of producing these has gone down, I can pass that saving on to you! Win win win!
We started something similar with BreachInsider (https://breachinsider.com) to allow businesses (or I guess individuals?) to do this themselves with minimal overhead or resources. The idea being that they sprinkle these ‘users’ throughout their databases and see where they show up, and be alerted if they ever get contacted or show up somewhere unusual (Pastebin etc.)
We ran something similar, firing ‘insiders’ across many of the top 100 sites and services, to spot breaches (either in the traditional sense of security incidents, or lapses in privacy for end users).
3M 1080 is great stuff - I avoided clear vinyls however as i found they lost the metallic look due to them being a little too glossy, even with the matte ones.
So it remains sticky when removed, but I certainly wouldn't expect it to fit quite as snuggly the second time around. Interesting idea though, but my initial reaction would be no, not re-applicable.
I think that might work for certain popular brands - Dell XPSs certainly crossed my mind, as well as the Lenovo Thinkpads. Both are likely to have a vinyl equivalent available that could be used, although I'd want to thoroughly QC how the Thinkpad lid holds-up with the residue on removal.
Looks like a great write up, very thorough. I wrote up a quick guide how to make the mobile setup a little easier with QR codes within the WireGuard mobile apps - when I get the time I’ll submit a pull request to get something included. https://grh.am/2018/wireguard-setup-guide-for-ios/
I have heard people use pihole linked with a VPN to act as a way of minimising tracking whilst on 3G/4G. It acts as a DNS server, so you could tweak your VPN config to run all queries through your pihole instance.
Depends on the country I am in as to whether or not I want to VPN whilst on a mobile connection (whether that is for just having an IP in my home country or don’t fancy my traffic going over their wires).
It is primarily for public and/or untrusted WiFi connections, or so that I can take packet captures of iOS applications easily without a jailbreak or connecting the phone via USB to a Mac.
I’ve been using the TestFlight beta for a while now - since it was first announced - and it’s been a great experience so far. The recently added option to activate on-demand is great, as it means I can now force VPN for any WiFi and/or mobile data connections.
The primary niggle I came across was transferring the keys between my host and the client, however after a bit of tweaking I found it far easier to just utilise the QR codes option. For those interested, I wrote about my experiences on my blog[0]
Well timed – I’ve been trying to get back into blogging, as a way of sharing and giving back, as well as improving my personal ‘brand’.
I was never really happy with the visual format of my site, which I think put me off writing at times - “if it were me, I’m not sure I’d read this in this format, it’s too visually taxing”. However with a quick style change to something much more basic, I’m feeling much more confident.
I think my final hurdle, which this article may help with, is my writing style. I get the impression that my ‘style’ changes fairly regularly, or depending on the topic or post I write for a different audience. This likely doesn’t matter too much for those visitors who come for a single post and move on, but anyone who would like to peruse around may get a slightly jarring experience.
It is unclear from any reporting as to how this technically happened, which is a shame but hopefully that will be made public in the coming days. Some other outlets[0] have an interesting statement:
> The breach also included details about where each passenger had traveled and any comments made by customer service representatives. The amount of data accessed varied among passengers.*
Based on those details, and the mention of 'no passwords were compromised', chances are this breach has come from an internal helpdesk type system, or possibly CRM. If however the statement around the passwords changes, that opens up a few other possibilities.
What this doesn't sound like, are the attacks we saw on British Airways[1] and Ticketmaster[2], where javascript was injected into the payment pages to vacuum up payment details from customers.
The statement around "The company has no evidence that any personal information has been misused" is always an interesting one, and is one of the many reasons I created my startup Breach Insider[3], so that data breaches like this could be detected much sooner (not 7 months later, as we have seen here), with minimal false positive alerts, and definitive evidence if any data has been misused. By using real email addresses that are unique to each company/business, you can be sure to find out if that data ever leaks & is abused for things like spam or phishing.
It is unclear from any reporting as to how this technically happened, which is a shame but hopefully that will be made public in the coming days. Some other outlets[0] have an interesting statement:
> The breach also included details about where each passenger had traveled and any comments made by customer service representatives. The amount of data accessed varied among passengers.
Based on those details, and the mention of 'no passwords were compromised', chances are this breach has come from an internal helpdesk type system, or possibly CRM. If however the statement around the passwords changes, that opens up a few other possibilities.
What this doesn't sound like, are the attacks we saw on British Airways[1] and Ticketmaster[2], where javascript was injected into the payment pages to vacuum up payment details from customers.
The statement around "The company has no evidence that any personal information has been misused" is always an interesting one, and is one of the many reasons I created my startup Breach Insider[3], so that data breaches like this could be detected much sooner (not 7 months later, as we have seen here), with minimal false positive alerts, and definitive evidence if any data has been misused. By using real email addresses that are unique to each company/business, you can be sure to find out if that data ever leaks & is abused for things like spam or phishing.
I personally really liked how the PoC went – I plan on doing a full write up in the next couple of days, which will outline what I did, start to finish.
Here is an example of the sticker/skin and the finish. Excuse the slightly 'off' cut on the corner – I'm looking to produce a highly accurate template for each of the various models. https://imgur.com/FfQ3XQs
A combination of cyber security, project ideas, and general ramblings.