Posts

What Are All These New Privacy Request Dialogs in Mojave?

/in /by

With macOS 10.14 Mojave, Apple has beefed up the Mac’s privacy so it more closely resembles privacy in iOS. You’ve noticed that when you launch a new app on your iPhone or iPad, it often prompts for access to your photos or contacts, the camera or microphone, and more. The idea behind those prompts is that you should always be aware of how a particular app can access your personal data or features of your device. You might not want to let some new game thumb through your photos or record your voice.

macOS has been heading in this direction, but Mojave makes apps play this “Mother, May I?” game in more ways. As a result, particularly after you first upgrade, you may be bombarded with dialogs asking for various permissions. For instance, when you first make a video call with Skype, it’s going to ask for access to the camera and the microphone. Grant permission and Skype won’t have to ask again.

Skype’s requests are entirely reasonable—it wouldn’t be able to do its job without such access. That applies more generally, too. In most cases, apps will ask for access for a good reason, and if you want the app to function properly, you should give it access.

However, be wary if a permission dialog appears when:

  • You haven’t just launched a new app
  • You aren’t doing anything related to the request
  • You don’t recognize the app making the request

There’s no harm in denying access; the worst that can happen is that the app won’t work. (And if it’s malicious, you don’t want it to work!) You can always grant permission later.

To see which permissions you’ve granted or denied, open System Preferences > Security & Privacy > Privacy. A list of categories appears on the left; click one to see which apps have requested access. If you’ve granted access, the checkbox next to the app will be selected; otherwise it will be empty.

You’ll notice that the lock in the lower-left corner is closed. To make changes, click it and sign in as an administrator when prompted.

Most of these categories are self-explanatory, but it might not always be obvious why an app wants permission. In the screenshot above, for instance, Google Chrome has been granted access to the Mac’s camera. Why? So Google Hangouts and other Web-based video-conferencing services can work.

There are five categories (including three not showing above) that could use additional explanation:

  • Accessibility: Apps that request accessibility access want to control your Mac. In essence, they want to be able to pretend to click the mouse, type on the keyboard, and generally act like a user. Utility and automation software often needs such access.
  • Full Disk Access: This category is a catch-all for access to areas on your drive that aren’t normally available to apps, such as data in Mail, Messages, Safari, Home, and more, including Time Machine backups and some admin settings. Backup and synchronization utilities may need full disk access, in particular. An app can’t request full disk access in the normal way; you must add it manually by clicking the + button under the list and navigating to the app in the Applications folder.
  • Automation: The Mac has long had a way for apps to communicate with and control one another: Apple events. An app could theoretically steal information from another via Apple events, so Mojave added the Automation category to give you control over which apps can control which other apps. You’ll see normal permission requests, but they’ll explain both sides of the communication.
  • Analytics: The Analytics privacy settings are completely different—they let you specify whether or not you want to share information about how you use apps with Apple and the developers of the apps you use. For most people, it’s fine to allow this sharing.
  • Advertising: Finally, the Advertising options give you some control over the ads that you may see in Apple apps. In general, we recommend selecting Limit Ad Tracking, and if you click Reset Advertising Identifier, any future connection between you and the ads you’ve seen will be severed from past data. There’s no harm in doing it. It’s worth clicking the View Ad Information and About Advertising and Privacy buttons to learn more about what Apple does with ads.

So if you’ve been seeing repeated requests for permission after you upgraded to Mojave, now you know why these dialogs keep popping up. They’re a bit annoying at first, but the added privacy is worthwhile, and once you’ve granted permission to an app, you shouldn’t hear from it again.

Social Media: macOS 10.14 Mojave changes how privacy works on the Mac by making apps ask for permission to use the camera, microphone, and quite a bit more. Here’s how this works and what you should do when prompted.

Understanding Dark Mode in macOS 10.14 Mojave

/in /by

The feature Apple is promoting most heavily with macOS 10.14 Mojave is Dark mode, which the company advertises as “a dramatic new look that helps you focus on your work… as toolbars and menus recede into the background.” Let’s look at what Apple has done with Dark mode, after which you’ll have a better idea of what to think about while trying it.

Enable Dark Mode

First, to turn Dark mode on, go to System Preferences > General and click the Dark thumbnail to the right of Appearance. Mojave immediately switches to Dark mode, turning light backgrounds dark and swapping the text color from dark to light.

While you’re in System Preferences, click over to the Desktop & Screen Saver preference pane. If you scroll down in the Desktop Pictures list, you’ll discover a bunch of new wallpapers that blend well with Dark mode.

Dark Mode Support and Controls

You’ll notice that the color change takes place instantly not just in the Finder, but also in any apps that support Dark mode. Most of Apple’s apps support Dark mode and third-party developers are rapidly adding support to their apps as well. However, Dark mode requires explicit support from apps, so older apps that aren’t being updated will maintain their standard dark-on-light color schemes.

Some apps, such as Maps and Mail, give you additional options that change just how dark they get. In Maps, choose View > Use Dark Map to toggle between a dark map style and the familiar map style that mimics a paper map. Similarly, in Mail, go to Mail > Preferences > Viewing and deselect “Use dark backgrounds for messages” to return to a white background.

If you generally like Dark mode but have trouble reading light text on a dark background due to the reduced contrast, you may be able to choose a different font or style in the app’s preferences that makes the text more readable. Apps like Mail give you a fair amount of that sort of control.

For even more control over contrast, open System Preferences > Accessibility > Display. There you’ll find a Display Contrast slider that lets you make text lighter and backgrounds darker. You can also select Reduce Transparency to make it so items like the Dock and menu bar are solid colors, rather than allowing the background to bleed through. To separate dark and light further, select Increase Contrast, which increases the brightness of divider lines as well.

The Dark Side of Dark Mode

Contrast is necessary for pulling out fine details, but too much contrast can be uncomfortable or even painful—think about how you feel when someone turns on a bright light in a previously dark room. For visual comfort, it’s usually best to match your screen with the lighting of your surroundings. That’s why people who often work at night or with the window blinds down like dark modes—a bright screen seems brighter in a dimly lit room. That’s the theory behind the traditional dark text on a light background too, since the room will be quite light during the day.

So Dark mode can run into two problems. First is that using it during the day or in a brightly lit room may create an uncomfortable contrast between the screen and its surroundings. Controlling your room lighting can eliminate this as an issue. Second and more troubling, even apps that support Dark mode may have large content areas that are bright white, creating a strong contrast between the content area and the rest of the app. Many Web sites in Safari have this effect, as do documents in apps like Pages and Numbers. There’s no way around this scenario.

Even if Dark mode isn’t perfect, it’s worth a try if you have trouble looking at bright screens. Regardless, if it goes too far for you, one of the new dark wallpapers may be easier on your eyes. While most people aren’t overly light sensitive, a non-trivial percentage of the population is, particularly those who suffer from migraines or who have endured concussions, and those with a variety of ocular conditions. And if you’re on the other end of the spectrum—if Dark mode looks dirty and is hard to read—just stick with the traditional Light mode.

Social Media: Apple is promoting macOS 10.14 Mojave’s new Dark mode heavily. Read on to learn if it might be for you, how you can tweak its contrast settings, and what problems you might encounter.

Being an Apple User Means You’re Not the Product

/in /by

There’s an Internet saying: “If you’re not the customer, you’re the product.” The point is that, if you’re getting a service for free, the company providing it sees you not as a customer, but as a product to sell, generally to advertisers.

This is how Google, Facebook, and Twitter operate. They provide services for free, collect data about you, and make money by showing you ads. In theory, the more that advertisers know about you, the better they can target ads to you, and the more likely you’ll be to buy. Personalized advertising can seem creepy (or clueless, when it fails), but it isn’t inherently evil, and we’re not suggesting that you stop using ad-supported services.

This ad-driven approach stands in stark contrast to how Apple does business. Apple makes most of its money by selling hardware—iPhones, Macs, and iPads, primarily. Another big chunk of Apple’s revenue comes from App Store and iTunes Store sales, iCloud subscriptions, and Apple Pay fees. Knowing more about you, what Web pages you visit, what you buy, and who you’re friends with doesn’t help Apple’s business, and on its Privacy page, Apple says bluntly, “We believe privacy is a fundamental human right.”

Of course, once your data is out there, it can be lost or stolen—in June 2018, a security researcher discovered that the online data broker Exactis was exposing a database containing 340 million records of data on hundreds of millions of American adults. Ouch!

Let’s look at a few of the ways that Apple protects your privacy.

Siri and Dictation

The longer you use Siri and Dictation, the better they work, thanks to your devices transmitting data back to Apple for analysis. However, Apple creates a random identifier for your data rather than associating the information with your Apple ID, and if you reset Siri by turning it off and back on, you’ll get a new random identifier. Whenever possible, Apple keeps Siri functionality on your device, so if you search for a photo by location or get suggestions after a search, those results come from local data only.

Touch ID and Face ID

When you register your fingerprints with Touch ID or train Face ID to recognize your face, it’s reasonable to worry about that information being stored where attackers—or some government agency—could access it and use it for nefarious purposes. Apple was concerned about that too, so these systems don’t store images of your fingerprints or face, but instead mathematical signatures based on them. Those signatures are kept only locally, in the Secure Enclave security coprocessor that’s part of the CPU of the iPhone and iPad—and on Touch ID-equipped laptops—in such a way that the images can’t be reverse engineered from the signatures.

And, of course, a major goal of Touch ID and Face ID is to prevent someone from violating your privacy by accessing your device directly.

Health and Fitness

People with medical conditions can be concerned about health information impacting health insurance bills or a potential employer’s hiring decision. To assuage that worry, Apple lets you choose what information ends up in Health app, and once it’s there, encrypts it whenever your iPhone is locked. Plus, any Health data that’s backed up to iCloud is encrypted both in transit and when it’s stored on Apple’s servers.

App Store Guidelines

A linchpin in Apple’s approach to privacy is its control over the App Store. Since developers must submit apps to Apple for approval, Apple can enforce stringent guidelines that specify how apps can ask for access to your data (location, photos, contacts, etc.). This isn’t a blanket protection—for instance, if you allow a social media app Facebook to access your contacts and location, the company behind that app will get lots of data on your whereabouts and can even cross-reference that with the locations of everyone in your contact list who also uses the service.

In the end, only you can decide how much information you want to share with the likes of Google, Facebook, and Twitter, and only you can determine if or when their use of your details feels like an invasion of privacy. But by using Apple products and services, you can be certain that the company that could know more about you than any other is actively trying to protect your privacy.

Social Media: Many of the big Internet companies make their money by assembling a dossier of information about you and then selling advertisers targeted access to you. Luckily, that’s not true of Apple—here are a few of the ways Apple protects your privacy.

The post Being an Apple User Means You’re Not the Product appeared first on TidBITS Content Network.

Have Your Online Passwords Been Stolen? Here’s How to Find Out.

/in /by

Data breaches have become commonplace, with online thieves constantly breaking into corporate and government servers and making off with millions—or even hundreds of millions!—of email addresses, often along with other personal information like names, physical address, and passwords.

It would be nice to think that all companies properly encrypt their password databases, but the sad reality is that many have poor data security practices. As a result, passwords gathered in a breach are often easily cracked, enabling the bad guys to log in to your accounts. That may not seem like a big deal—who cares if someone reads the local newspaper under your name? But since many people reuse passwords across multiple sites, once one password associated with an email address is known, attackers use automated software to test that combination against many other sites.

This is why we keep beating the drum for password managers like 1Password and LastPass. They make it easy to create and enter a different random password for every Web site, which protects you in two ways.

  • Because password managers can create passwords of any length, you don’t have to rely on short passwords that you can remember and type easily. The longer the password, the harder it is to crack. A password of 16–20 characters is generally considered safe; never use anything shorter than 13 characters.
  • Even if one of your passwords was compromised, having a different password for every site ensures that the attackers can’t break into any of your other accounts.

But password security hasn’t always been a big deal on the Internet, and many people reused passwords regularly in the past. Wouldn’t it be nice to know if any of your information was included in a data breach, so you’d know which passwords to change?

A free service called Have I Been Pwned does just this (“pwned” is hacker-speak for “owned” or “dominated by”—it rhymes with “owned”). Run by Troy Hunt, Have I Been Pwned gathers the email addresses associated with data breaches and lets you search to see if your address was stolen in any of the archived data breaches. Even better, you can subscribe to have the service notify you if your address shows up in any future breaches.

Needless to say, you’ll want to change your password on any site that has suffered a data breach, and if you reused that password on any other sites, give them new, unique passwords as well. That may seem like a daunting task, and we won’t pretend that it isn’t a fair amount of work, but both 1Password and LastPass offer features to help.

In 1Password, look in the sidebar for Watchtower, which provides several lists, including accounts where the password may have been compromised in a known breach, passwords that are known to have been compromised, passwords that you reused across sites, and weak passwords.

LastPass provide essentially the same information through its Security Challenge and rates your overall security in comparison with other LastPass users. It suggests a series of steps for improving your passwords; the only problem is that you need to restart the Security Challenge if you don’t have time to fix all the passwords at once.

Regardless of which password manager you use, take some time to check for and update compromised, vulnerable, and weak passwords. Start with more important sites, and, as time permits, move on to accounts that don’t contain confidential information.

Social Media: Have any of your online passwords been stolen in a breach? The answer is probably “yes,” and today’s article helps you discover and correct your most problematic passwords.

Install Minor Operating System Updates to Maintain Herd Immunity

/in , , /by

It seems like Apple releases updates to iOS, macOS, watchOS, and tvOS nearly every week these days. It has been only a few months since iOS 11 and macOS 10.13 High Sierra launched, and we’ve already seen ten updates to iOS and seven updates to macOS. Some of these have been to fix bugs, which is great, but quite a few have been prompted by the need for Apple to address security vulnerabilities.

Have you installed all these updates, or have you been procrastinating, tapping that Later link on the iPhone and rejecting your Mac’s notifications? We’re not criticizing—all too often those prompts come at inconvenient times, although iOS has gotten better about installing during the night, as long as you plug in your iPhone or iPad.

We know, security is dull. Or rather, security is dull as long as it’s present. Things get exciting—and not in a good way—when serious vulnerabilities come to light. That’s what happened in November 2017, when it was reported that anyone could gain admin access to any Mac running High Sierra by typing root for the username and leaving the password field blank. That one was so bad that Apple pushed Security Update 2017-001 to every affected Mac and rolled the fix into macOS 10.13.2.

Part of the problem with security vulnerabilities is that they can be astonishingly complex. You may have heard about the Meltdown and Spectre hardware vulnerabilities discovered in January 2018. They affect nearly all modern computers, regardless of operating system, because they take advantage of a design flaw in the microprocessors. Unfortunately, the bad guys—organized crime, government intelligence agencies, and the like—have the resources to understand and exploit these flaws.

But here’s the thing. Security is an arms race, with attackers trying to take advantage of vulnerabilities and operating system companies like Apple, Microsoft, and Google proactively working to block them with updates. If enough people install those updates quickly enough, the attackers will move on to the next vulnerability.

The moral of the story? Always install those minor updates. It’s not so much because you will definitely be targeted if you fail to stay up to date, but because if the Apple community as a whole ceases to be vigilant about upgrading, the dark forces on the Internet will start to see macOS and iOS as low-hanging fruit. As long as most people update relatively quickly, it’s not worthwhile for attackers to put a lot of resources into messing with Macs, iPhones, and iPads.

That said, before you install those updates, make sure to update your backups. It’s unusual for anything significant to go wrong during this sort of system upgrade, but having a fresh backup ensures that if anything does go amiss, you can easily get back to where you were before.