Monthly Archives: February 2020

Arduino: 8266 Wifi controller, Wacom 24HD repair project

ESP generic websocket

Leave a comment

A websocket is basically in this context a webpage where when you connect to the ESP 8266 or 32 through your browser, it maintains or streams a live connection, without having to refresh the page to see changes, or transmit data. You can see live feedback, or say, use a slider bar to control something, a simple GET/POST page cant do that, it would rely on refreshing the whole page or clicking a button to do things, during which time it has to connect again, a websocket however keeps the connection open for as long as the page is running.

Anyways, due to circumstances i wont just yet be making the hard-wired backlight dimmer, however, since the project now runs on an ESP board anyway, why not utilize the wifi capabilities. Another project im about to work on, technically altering an existing project, requires an interface, a LIVE interface, for an RBG controller, it also needs live feedback on the microphone so i can improve the responsiveness.

Im going to make my own or adapt, a generic websocket and make it ready to go, super easy to use for people as is, as well as adding this feature to the backlight driver. So, all you have to do is navigate to a fixed IP address (if you forget it theres also tools you can use to scan, or just look up the ESPs IP from your router), type that IP into your browser and a page will pop up with a slider bar or just 2 buttons and a numerical output, click and hold one to raise the brightness, the other to lower, its less risky and fiddly than using a voltage divider to pull -5v up to 0-3V positive. Though i will also add code to the driver to connect a resistor to it and the ‘ON’ line so that the monitor switches off when that signal goes off

Eventually i will still produce the complete circuit but for now this is safer and simpler, and since i have active prending work requiring the use of my cintiq, i cant really justify the slight risk of me causing  problems by opening it again for the Nth time, since this time around im treading in uncharted waters, i also cant test anything using my scope to check for noise because that particular ground line when hooked up to the PC wants to leak a large amount of current out, enough to cause significant heating.

Anyway, the project will be completed soon, and in the comming days everyone will at least have everything they need to acheive a fully functional driver, with backlight and responds to the power button, its just going to take a few more weeks before i can have a completed driver that is a full replacement for the original

 

Post Views: 181
Uncategorised, Wacom 24HD repair project

A simple explanation of the wacom data scandal

5 Comments

To call this a scandal would be an overstatement, its embarrassing for wacom but it simply sounds worse than it is.  The origin of this story begins here https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/ 

Its a pretty involved story that seems to be about 50% explaining literally every step involved in the process of proving the nature of the exfiltration. (exfiltration is the opposite of infiltration, means to sneak something out rather than in), so ill try to explain this in a reasonably simple and concise manner.

Here it is; wacom collects a list of the headers of programs, their “names” if you will, that you open during periods of activity on your tablet. They read just the names of programs you open or click on right after or during periods you use your tablet.

The text in the header is what they will see. Just its name though.

Wacoms goal in this is to quietly add support for any and all software that a lot of its customers appear to be using, it takes the names of the software, and uploads it to their private database, thats it. Ill elaborate a bit later on why this is so important for wacom though.

The problem this creates; the implications are minor however, depending on your stance on privacy you might have a problem with it, personally i couldnt give less of a shit, sure, occasionally they will see other software i exit paint tool sai, paint or photoshop from but all they see is the names and a timestamp. The risk is that a wacom employee with clearance, which no employee should really have (since the point is only to count programs used A LOT by everyone), can see an individuals program habits and exploit this in a really complex and obscure way. After a ridiculous amount of effort that would leave a huge digital papertrail (meaning doing illegal stuff with this would easily lead to termination of employment or otherwise being caught), at best a would-be hacker/criminal could send you some phishing emails or a virus (you probably will not download or your AV will block) that exploits one of the programs it sees you using, the risk/return of such an attack is too high for too little in an obscure way.

what to take from this; this was a huge dick move by wacom, the information they take is handled poorly and collected aggressively, because it poses an extremely low threat to end users they proportioned their level of care accordingly. It changes nothing though. Off the top of my head, wacom could instead not use google for this service, and just directly download the analytical data, what this means is decimating the potential for abuse of the data. All methods of abuse involve using the google data profile to match a tablet user with an online identity, remove this and the problems vanish.

why would they do this?
Its simple, ask yourself, why does anyone bother using wacom products? They are the best out there! But why are they so much better than the limited competition? Because they natively have the widest support for software. I think you see where im getting with this. Wacom collects the names of the software people often use its tablets with so they can properly direct their driver development efforts where its needed most, as well as catching onto new software. Its odd isnt it that niche or obscure new software seems to pop up and natively support advanced pen functions right? Wacom actively tracks what software is used, other tablet makers however simply focus on basic support while emphasizing use on the giants like photoshop and clip studio paint. Others dont bother at all and just rely on windows drivers for compatibility.

Wacom does this to control a monopoly on the pen tablet and display market so they can continue to charge their obscene high prices for their products. Its a niche market as it is, wacom doesnt really make a huge amount of profit even though their prices are so high, so its extremely hard for anyone to butt in on their turf, and this is how they maintain control.

 

So, in conclusion, your private data is safe, basic common sense level web security awareness will trump anyone who gets their hands on your data, and wacom should be embarrassed and fix this poor exploitable handling of your data, as a matter of respect not security, there are better ways to do it that anonymize its users. As Robert Heaton says, in spite of everything “this is essentially just a mouse”.

 

And on a parting note, you can pretty easily block wacom services from connecting to the internet via your firewall, i recommend the free program “tinywall” it will block everything you dont approve of explicitly including windows services that some programs use to sneak analytic data from, you can temporarily enable it to check for driver updates, or simply just make a point to check wacoms site for driver updates to download manually if you permablock it from your windows firewall instead.

 

Post Views: 410