An anonymous reader quotes a report from Ars Technica: Generically, passkeys refer to various schemes for storing authenticating information in hardware, a concept that has existed for more than a decade. What's different now is that Microsoft, Apple, Google, and a consortium of other companies have unified around a single passkey standard shepherded by the FIDO Alliance. Not only are passkeys easier for most people to use than passwords; they are also completely resistant to credential phishing, credential stuffing, and similar account takeover attacks.

On Monday, PayPal said US-based users would soon have the option of logging in using FIDO-based passkeys, joining Kayak, eBay, Best Buy, CardPointers, and WordPress as online services that will offer the password alternative. In recent months, Microsoft, Apple, and Google have all updated their operating systems and apps to enable passkeys. Passkey support is still spotty. Passkeys stored on iOS or macOS will work on Windows, for instance, but the reverse isn't yet available. In the coming months, all of that should be ironed out, though.

Passkeys work almost identically to the FIDO authenticators that allow us to use our phones, laptops, computers, and Yubico or Feitian security keys for multi-factor authentication. Just like the FIDO authenticators stored on these MFA devices, passkeys are invisible and integrate with Face ID, Windows Hello, or other biometric readers offered by device makers. There's no way to retrieve the cryptographic secrets stored in the authenticators short of physically dismantling the device or subjecting it to a jailbreak or rooting attack. Even if an adversary was able to extract the cryptographic secret, they still would have to supply the fingerprint, facial scan, or -- in the absence of biometric capabilities -- the PIN that's associated with the token. What's more, hardware tokens use FIDO's Cross-Device Authentication flow, or CTAP, which relies on Bluetooth Low Energy to verify the authenticating device is in close physical proximity to the device trying to log in. "Users no longer need to enroll each device for each service, which has long been the case for FIDO (and for any public key cryptography)," said Andrew Shikiar, FIDO's executive director and chief marketing officer. "By enabling the private key to be securely synced across an OS cloud, the user needs to only enroll once for a service, and then is essentially pre-enrolled for that service on all of their other devices. This brings better usability for the end-user and -- very significantly -- allows the service provider to start retiring passwords as a means of account recovery and re-enrollment."

In other words: "Passkeys just trade WebAuthn cryptographic keys with the website directly," says Ars Review Editor Ron Amadeo. "There's no need for a human to tell a password manager to generate, store, and recall a secret -- that will all happen automatically, with way better secrets than what the old text box supported, and with uniqueness enforced."

If you're eager to give passkeys a try, you can use this demo site created by security company Hanko.

Apple snuck a nice little surprise in its round of Mac, iPhone, iPad, and Apple TV updates yesterday with the addition of support for Nintendo's updated classic game controllers. From a report: As spotted by developer Steve Troughton-Smith and confirmed by MacStories, Nintendo's modern SNES and N64 controllers now work with updated Apple devices with macOS 13, iOS 16, and tvOS 16 and up, whether using a wired or Bluetooth connection. While neither MacStories nor Troughton-Smith was able to test whether the Sega Genesis and NES controllers work with Apple's devices, we're assuming Apple added the same functionality.

It's a major Apple update day, as the company is rolling out new versions of its iPhone, iPad and Mac operating systems. While iPhone users at large have already had a taste of iOS 16, this will be the first time that most folks will get their hands on iPadOS 16 and macOS Ventura. From a report: Apple delayed the release of iPadOS 16 amid reports suggesting it needed more time to polish up the Stage Manager multitasking feature (which we felt was unrefined in an early iPadOS 16 beta). In fact, Apple said it was skipping a public release of iPadOS 16 and going straight to version 16.1 -- just in time for the company's latest iPad Pro and entry-level iPad shipping this week.

The latest version of the iPad operating system will include many of the same updates as iOS 16, including significant changes to Mail, Safari, Messages and other key apps. There are more collaboration-centric features, while the Weather and Clock apps are finally coming to iPad. External display support for Stage Manager will arrive within the next couple of months. Also later this year, Apple will release a collaborative productivity iPad app called Freeform. It seems like a souped-up whiteboard where users can sketch out ideas with Apple Pencil. The company says you'll be able to attach just about any kind of file to the canvas, including images, videos, audio, PDFs, documents and URLs, and preview the content inline.

Not content with doing $28.8 billion in revenue in 2021, YouTube has recently gone on the hunt for more revenue-generating strategies. Now, the Google division has announced a price hike for YouTube Premium family plans. From a report: As 9to5Google was the first to spot, the family plan is jumping over 27 percent in the US, from $17.99 to $22.99, with other regions also seeing price hikes. Instead of making an official announcement, Google is quietly emailing existing subscribers. So far, it does not seem like the single-person YouTube Premium price (still $11.99 per month) is going up. The family plan lets a user share ad-free YouTube Premium with up to five same-household family members for a discounted rate. On iOS, all the prices are higher if you sign up through the App Store, which charges a 30 percent fee on every transaction. In Apple land, YouTube Premium's family plan was always $22.99, and now it's jumping up to $29.99 a month. You can avoid the Apple tax by just paying Google directly through the YouTube website.

The next versions of macOS and iPadOS will be released to the general public on October 24, Apple announced today. From a report: The iPadOS 16 update runs on all iPad Pros, the 5th-generation iPad and later, the fifth-generation iPad mini and later, and the 3rd-generation iPad Air and later, dropping support for the venerable iPad Air 2 and a handful of other models (it will also ship on all the new iPads Apple announced today). The macOS Ventura update generally requires a Mac released in 2017 or later, dropping support for various models released between 2013 and 2016. Both updates will enable some iOS 16 features on iPads and Macs, including editing and deletion of iMessages, better search in Mail, passkey support in Safari, and a new large-screened Weather app and redesigned Home app, improved gamepad support, and more. Both also include a version of the Stage Manager window management feature, and Ventura includes a redesigned System Settings app.

AmiMoJo shares a report from MacRumors: iOS 16 continues to leak data outside an active VPN tunnel, even when Lockdown mode is enabled, security researchers have discovered. Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry explained that iOS 16's approach to VPN traffic is the same whether Lockdown mode is enabled or not. The news is significant since iOS has a persistent, unresolved issue with leaking data outside an active VPN tunnel.

According to a report from privacy company Proton, an iOS VPN bypass vulnerability had been identified in iOS 13.3.1, which persisted through three subsequent updates. Apple indicated it would add Kill Switch functionality in a future software update that would allow developers to block all existing connections if a VPN tunnel is lost, but this functionality does not appear to prevent data leaks as of iOS 15 and iOS 16. Mysk and Bakry have now discovered that iOS 16 communicates with select Apple services outside an active VPN tunnel and leaks DNS requests without the user's knowledge.

Mysk and Bakry also investigated whether iOS 16's Lockdown mode takes the necessary steps to fix this issue and funnel all traffic through a VPN when one is enabled, and it appears that the exact same issue persists whether Lockdown mode is enabled or not, particularly with push notifications. This means that the minority of users who are vulnerable to a cyberattack and need to enable Lockdown mode are equally at risk of data leaks outside their active VPN tunnel. [...] Due to the fact that iOS 16 leaks data outside the VPN tunnel even where Lockdown mode is enabled, internet service providers, governments, and other organizations may be able to identify users who have a large amount of traffic, potentially highlighting influential individuals. It is possible that Apple does not want a potentially malicious VPN app to collect some kinds of traffic, but seeing as ISPs and governments are then able to do this, even if that is what the user is specifically trying to avoid, it seems likely that this is part of the same VPN problem that affects iOS 16 as a whole.

Sony has announced the availability of its first OTC hearing aids, the $1,000 CRE-C10 and $1,300 CRE-E10, built in partnership with WS Audiology. Engadget reports: The devices are built for daily use for those with mild to moderate hearing loss. They're controlled via Sony's "Hearing Control" app that guides users through setup and allows them to personalize settings like volume control. It also allows a "self-fit" that adjusts to appropriate pre-defined hearing profiles "based on thousands of actual, real-life audiogram results," Sony said. The CRE-C10 model (above) offers a battery life of up to 70 hours of continuous use. Sony says they're one of the smallest OTC hearing aids on the market, offering a discreet design that's "virtually invisible when worn" and "exceptional sound quality." It goes on sale this month for $1,000 at Amazon, Best Buy, and select hearing-care professionals.

Meanwhile, the CRE-E10 has a more earbud-like design, powered by a rechargeable battery with up to 26 hours of life between charges. It's Bluetooth compatible as well, so users can connect to devices and listen to streaming audio or music, though only on iOS, Sony says. Those will go on sale for $1,300 sometime this winter at Sony's website. In August, the FDA decided to allow hearing aids to be sold over the counter and without a prescription to adults.

schwit1 shares a blog post from Signal, the popular instant messaging app: In the interest of privacy, security, and clarity we're beginning to phase out SMS support from the Android app. You'll have several months to export your messages and either find a new app for SMS or tell your friends to download Signal.

[...] To give some context, when we started supporting SMS, Signal didn't exist yet. Our Android app was called TextSecure and the Signal encryption protocol was called Axolotl. Almost a decade has passed since then, and a lot has changed. In this time we changed our name, built iOS and desktop apps, and grew from a small project to the most widely used private messaging service on the planet. And we continued supporting the sending and receiving of plaintext SMS messages via the Signal interface on Android. We did this because we knew that Signal would be easier for people to use if it could serve as a homebase for most of the messages they were sending or receiving, without having to convince the people they wanted to talk to to switch to Signal first. But this came with a tradeoff: it meant that some messages sent and received via the Signal interface on Android were not protected by Signal's strong privacy guarantees.

We have now reached the point where SMS support no longer makes sense. For those of you interested, we walk through our reasoning in more detail below. In order to enable a more streamlined Signal experience, we are starting to phase out SMS support from the Android app. You will have several months to transition away from SMS in Signal, to export your SMS messages to another app, and to let the people you talk to know that they might want to switch to Signal, or find another channel if not.

Android Developers Blog: Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don't leak in server breaches, and protect users from phishing attacks. Passkeys are built on industry standards and work across different operating systems and browser ecosystems, and can be used for both websites and apps. Passkeys follow already familiar UX patterns, and build on the existing experience of password autofill. For end-users, using one is similar to using a saved password today, where they simply confirm with their existing device screen lock such as their fingerprint. Passkeys on users' phones and computers are backed up and synced through the cloud to prevent lockouts in the case of device loss. Additionally, users can use passkeys stored on their phone to sign in to apps and websites on other nearby devices.

Today's announcement is a major milestone in our work with passkeys, and enables two key capabilities: Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager. Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms. To try this today, developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels later this year. Our next milestone in 2022 will be an API for native Android apps. Passkeys created through the web API will work seamlessly with apps affiliated with the same domain, and vice versa. The native API will give apps a unified way to let the user pick either a passkey or a saved password. Seamless, familiar UX for both passwords and passkeys helps users and developers gradually transition to passkeys.

For the end-user, creating a passkey requires just two steps: (1) confirm the passkey account information, and (2) present their fingerprint, face, or screen lock when prompted. Signing in is just as simple: (1) The user selects the account they want to sign in to, and (2) presents their fingerprint, face, or screen lock when prompted. A passkey on a phone can also be used to sign in on a nearby device. For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac. Similarly, passkey support in Chrome means that a Chrome user, for example on Windows, can do the same using a passkey stored on their iOS device. Since passkeys are built on industry standards, this works across different platforms and browsers - including Windows, macOS and iOS, and ChromeOS, with a uniform user experience.

Meta is warning Facebook users about hundreds of apps on Apple and Google's app stores that were specifically designed to steal login credentials to the social network app. From a report: The company says it's identified over 400 malicious apps disguised as games, photo editors, and other utilities and that it's notifying users who "may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials." According to Bloomberg, a million users were potentially affected. In its post, Meta says that the apps tricked people into downloading them with fake reviews and promises of useful functionality (both common tactics for other scam apps that are trying to take your money rather than your login info). But upon opening some of the apps, users were prompted to log in with Facebook before they could actually do anything -- if they did, the developers were able to steal their credentials.

The Connectivity Standards Alliance and its members that include Apple, Google, Amazon, Samsung, and other smart home manufacturers, today announced the official launch of the Matter 1.0 smart home accessory standard. MacRumors reports: Companies that have agreed to support Matter now have all of the resources that they need to begin implementing Matter into their platforms, so we could see Apple integrating Matter into HomeKit very soon. In fact, iOS 16.1 is already laying the groundwork for Matter, so Matter could be announced with the launch of the update. With the Matter 1.0 launch, authorized test labs are now available for product certification, tools are available, and the open-source reference design SDK is complete. Alliance members with devices that have already been deployed and with plans to update their products with Matter support can do so as soon as their products are certified. The Connectivity Standards Alliance says that the first release of Matter will support a variety of smart home products such as lighting, HVAC controls, window coverings, safety and security sensors, door locks, media devices, controllers, and bridges. "What started as a mission to unravel the complexities of connectivity has resulted in Matter, a single, global IP-based protocol that will fundamentally change the IoT," said Tobin Richardson, President and CEO of the Connectivity Standards Alliance. "This release is the first step on a journey our community and the industry are taking to make the IoT more simple, secure, and valuable no matter who you are or where you live. With global support from companies large and small, today's Matter 1.0 release is more than a milestone for our organization and our members; it is a celebration of what is possible."

Further reading:
Google Explains Why It's All In On Matter, the First True Smart Home Standard
Amazon Promises Most Echo Speakers Will Support the Matter Smart Home Platform

An anonymous reader quotes a report from The Verge: Automattic CEO Matt Mullenweg would like you to please stop asking Tumblr to bring back porn because it isn't going to happen. After widespread and inaccurate speculation that Tumblr would lift its ban on adult content, Mullenweg posted a long explanation yesterday of why Tumblr will never go back to the old days. Or, in his words: "the casually porn-friendly era of the early internet is currently impossible." That doesn't mean Tumblr's policies will stay the same. Mullenweg has said before that Automattic (which bought Tumblr in 2019) wants to loosen the rules its old owner Verizon implemented in 2018, and he reiterated that here, echoing comments he made earlier this week. Verizon's ban "took out not only porn but also a ton of art and artists," Mullenweg wrote in his post. "This policy is currently still in place, though the Tumblr and Automattic teams are working to make it more open and common-sense." Tumblr is supposed to implement those policies soon, putting the site more in line with Automattic's WordPress.com blogging platform.

"That said, no modern internet service in 2022 can have the rules that Tumblr did in 2007," Mullenweg wrote, quoting Tumblr's old liberal policy slogan. (If you're wondering, it was "go nuts, show nuts.") "I agree with 'go nuts, show nuts' in principle, but the casually porn-friendly era of the early internet is currently impossible." On Tumblr, that era helped produce a lot of unique, often queer, blogs with sexual content. The 2018 ban changed the tenor of the site for good -- and this week, many users were enthusiastically but prematurely celebrating its end. Why is returning to that era impossible? For now, it's largely because of intermediaries that play a massive role in how people access the web. Payment processors have long been leery of adult content, and they've stepped up enforcement in recent years, in part because of concerns about child abuse and nonconsensual pornography. Apple's iOS App Store has been staunchly opposed to it since launch. And without those two pieces of infrastructure, running a for-profit site is incredibly difficult. "If Apple permanently banned Tumblr from the App Store, we'd probably have to shut the service down," Mullenweg noted. Some nonprofit sites that do allow things like explicit artwork -- primarily the Archive of Our Own fanworks site -- have remained persistently web-only despite years of requests for apps. [...]

If you reached this article through Twitter or Reddit, you might have a fairly obvious question right now, and Mullenweg raises it: why can both those platforms, fairly unusually for modern social networks, allow a lot of porn? "Ask Apple, because I don't know," says Mullenweg. He speculates that Tumblr and Reddit are both too big to ban -- although Apple has forced moderation changes even for giant services like Facebook. The overall upshot, to Mullenweg, is this: "If you wanted to start an adult social network in 2022, you'd need to be web-only on iOS and side-load on Android, take payment in crypto, have a way to convert crypto to fiat for business operations without being blocked, do a ton of work in age and identity verification and compliance so you don't go to jail, protect all of that identity information so you don't dox your users, and make a ton of money. I do hope that a dedicated service or company is started that will replace what people used to get from porn on Tumblr. It may already exist and I don't know about it. They'll have an uphill battle under current regimes, and if you think that's a bad thing please try to change the regimes. Don't attack companies following legal and business realities as they exist."

An anonymous reader shares a report: Questions about what's going on with Microsoft's support of the predictive SwifKey keyboard app for iOS have been bubbling up over the past few weeks. A Reddit thread from a month ago highlighted the lack of updates to the app for more than a year. When a reader asked recently for an update on the situation, I asked Microsoft. The official word is in. On September 28, a spokesperson emailed the following statement, attributable to Chris Wolfe, Director Product Management at SwiftKey: "As of October 5, support for SwiftKey iOS will end and it will be delisted from the Apple App Store. Microsoft will continue support for SwiftKey Android as well as the underlying technology that powers the Windows touch keyboard. For those customers who have SwiftKey installed on iOS, it will continue to work until it is manually uninstalled or a user gets a new device. Please visit Support.SwiftKey.com for more information." I asked for the official reason why Microsoft had made this decision and was told officials had nothing more to say.

Apple has removed the iOS apps belonging to VK, the technology conglomerate behind Russia's version of Facebook called VKontakte, from its App Store globally. From a report: In a translated statement on its website, VK said that its apps "are blocked by Apple" but that it will "continue to develop and support iOS applications." In response to an inquiry by The Verge, Apple spokesperson Adam Dema confirmed that VK's apps have been removed and its developer accounts shut down.

"These apps are being distributed by developers majority-owned or majority-controlled by one or more parties sanctioned by the UK government," Dema said in a statement. "In order to comply with these sanctions, Apple terminated the developer accounts associated with these apps, and the apps cannot be downloaded from any App Store, regardless of location. Users who have already downloaded these apps may continue to use them."

During Intel's Innovation keynote today, Samsung Display showed off a prototype PC that slides from a 13-inch tablet into a 17-inch display. Intel also announced that it's been experimenting with slidable PC form factors. The Verge reports: The prototype device that Samsung Display and Intel have shown off today essentially turns a 13-inch tablet into a 17-inch monitor with a flexible display and a sliding mechanism. Intel was quick to demonstrate its new Unison software on this display, which aims to connect Intel-powered computers to smartphones -- including iPhones. The slidable PC itself is just a concept for now, and there's no word from Intel or Samsung Display on when it will become a reality.

Intel has announced an intriguing new app called Unison, which aims to "seamlessly" connect Intel-powered computers to smartphones -- not just Android phones but iOS devices as well. From a report: Following what Intel says is a "simple pairing process," the Unison app will allow PCs to replicate four key features of the connected phone. They can answer and make calls; they can share photos and files (pictures taken with the phone will show up in a specific Unison gallery on the PC); they can send and receive texts; and they can receive (and, in some cases, respond to) notifications that the phone receives -- though if Unison is closed, they'll go to the Windows notification center. "The advantage we can bring to a PC user that's got a well-designed Windows PC is not having to choose their device based on the PC they have. They have an iPhone, they have an Android phone, any device they want to use will be able to connect with this capability," Josh Newman, Intel's VP of mobile innovation, told The Verge. "When you're ... on your laptop, and you get notifications or texts on your phone, you can keep it in your bag and get right back into the flow of your work."

An anonymous reader shares a report: Are smartphones ever entirely secure? It depends on one's definition of "secure," particularly when dealing with corporate environments. Most companies with bring-your-own-device policies install apps or agents on workers' smartphones to help secure them, leveraging the management capabilities built into operating systems like Android and iOS. But those might not be sufficient. That's what Cloudflare argues, anyway, in the pitch for the new services it's launching this week. Today, the company announced Zero Trust SIM and Zero Trust for Mobile Operators, two product offerings targeting smartphone users, the companies securing corporate phones and the carriers selling data services. Let's start with Zero Trust SIM. Designed to secure all data packets leaving a smartphone, Zero Trust SIM -- once launched in the U.S. (to start) -- will be available as an eSIM deployable via existing mobile device management platforms to both iOS and Android devices. It'll be locked to a specific device, mitigating the risk of SIM-swapping attacks, and usable either in a standalone configuration or in tandem with Cloudflare's mobile agent, WARP.

In a recent email interview, Cloudflare CTO John Graham-Cumming made the case that Zero Trust SIM can accomplish what VPNs and other secure layers can't: cell-level protection. A SIM card can act as another security factor, and -- in combination with hardware keys -- make it nearly impossible to impersonate an employee, he argued. "Zero Trust SIM provides defense in depth. A VPN layer is one of those components, but doesn't remove the need to still deploy cellular connectivity across all of your mobile devices today, and traditional 'AnyConnect-style' VPNs do nothing to stop attackers moving laterally once they're inside the VPN," Graham-Cumming said. "We continue to see organizations breached due to challenges securing their applications and networks, and what was once a real-estate budget is quickly becoming a 'secure my remote and distributed workforce' budget from an IT security perspective." Specifically, Graham-Cumming said that Zero Trust SIM will enable Cloudflare to rewrite DNS requests leaving a device to instead use Cloudflare Gateway for DNS filtering.

An anonymous reader quotes a report from Bloomberg: Meta was sued for allegedly building a secret work-around to safeguards that Apple launched last year to protect iPhone users from having their internet activity tracked. In a proposed class-action complaint filed Wednesday in San Francisco federal court, two Facebook users accused the company of skirting Apple's 2021 privacy rules and violating state and federal laws limiting the unauthorized collection of personal data. A similar complaint was filed in the same court last week. The suits are based on a report by data privacy researcher Felix Krause, who said that Meta's Facebook and Instagram apps for Apple's iOS inject JavaScript code onto websites visited by users. Krause said the code allowed the apps to track "anything you do on any website," including typing passwords.

According to the suits, Meta's collection of user data from the Facebook app helps it circumvent rules instituted by Apple in 2021 requiring all third-party apps to obtain consent from users before tracking their activities, online or off. Meta has said it expected to miss out on $10 billion in ad revenue in 2022 because of Apple's changes. The Facebook app gets around Apple privacy rules by opening web links in an in-app browser, rather than the user's default browser, according to Wednesday's complaint. "This allows Meta to intercept, monitor and record its users' interactions and communications with third parties, providing data to Meta that it aggregates, analyzes, and uses to boost its advertising revenue," according to the suit. A Meta spokesperson said the allegations are "without merit" and the company will defend itself. "We have designed our in-app browser to respect users' privacy choices, including how data may be used for ads," the company said in an emailed statement.

As antitrust regulators around the world dial up scrutiny of platform power, Mozilla has published a piece of research digging into the at times subtle yet always insidious ways operating systems exert influence to keep consumers locked to using their own-brand browsers rather than seeking out and switching to independent options -- while simultaneously warning that competition in the browser market is vital to ensure innovation and choice for consumers and, more broadly, protect the vitality of the open web against the commercial giants trying to wall it up. TechCrunch: "Billions of people across the globe are dependent on operating systems from the largest technology companies. Amazon, Apple, Google, Microsoft and Meta each provide their own browser on their operating systems and each of them uses their gatekeeper position provider to preference their own browsers over independent rivals. Whether it is Microsoft pushing Firefox users to switch their default on Windows computers, Apple restricting the functionality of rival browsers on iOS smartphones or Google failing to apply default browser settings across Android, there are countless examples of independent browsers being inhibited by the operating systems on which they are dependent," Mozilla writes in a summary of its findings. "This matters because American consumers and society as a whole suffer. Not only do people lose the ability to determine their own online experiences but they also receive less innovative and lower quality products. In addition, they can be forced to accept poorer privacy outcomes and even unfair contracts. By contrast, competition from independent browsers can help to drive new features, as well as innovation in areas like privacy and security."

Weeks after Twitter's ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn't close all of a user's active logged-in sessions on Android and iOS after an account's password was reset. From a report: This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance. Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user's Twitter account. In a blog post, Twitter explains that it had learned of the bug that had allowed "some" accounts to stay logged in on multiple devices after a user reset their password voluntarily. Typically, when a password reset occurs, the session token that keeps a user logged into the app is also revoked -- but that didn't take place on mobile devices, Twitter says. Web sessions, however, were not impacted and were closed appropriately, it noted.