Intego Mac Podcast, Episode 69: Why Doesn’t Apple Have a Bug Bounty Program?

We discuss the Face Time bug that we mention in the last episode, and why Apple hadn’t updated it. But Apple released the update a few hours after we recorded this. But this raises the question of why Apple doesn’t have a bug bounty program. We also discuss a Keychain vulnerability on the Mac, the removal of the Do Not Track feature from Safari, and more.

Check out the latest episode of The Intego Mac Podcast, which I co-host with Josh Long. We talk about Macs and iOS devices, and how to keep them secure.

Apple to Remove “Do Not Track” Feature from Safari

Apple is planning to remove the Do Not Track feature from the Safari web browser with the next major updates of macOS Mojave and iOS. With versions 10.14.4 and 12.2 of these operating systems, respectively, the Do Not Track feature will no longer be available.

Introduced in 2014, Do Not Track was added to Apple’s browsers and told websites that you didn’t want to be tracked, or have your web browsing followed across multiple sites. According to Apple, “it’s up to the website to honor this request.”

Do Not Track has proved to be essentially useless, as most websites simply ignore it. And, the existence of this feature can help trackers create a fingerprint of your web browser. This fingerprinting uses a number of variables in your browser and operating system to create what can be a unique profile capable of identifying you.

Read the rest of the article on The Mac Security Blog.

Pop 2.0: how globalised music created a new kind of star – The Guardian

Non-anglophone artists can thrive in this ecosystem. I’ve seen it for myself: in 2018, I reviewed London shows by Balvin, pop-reggaeton golden boy Maluma, Monsta X and BTS. The venues heaved with excited young Londoners, who sang along, lofted flags and generally did their nut over being in the same room as their heroes – all of which is par for the course at pop shows. What was different was that almost none of the songs were in English, and most of the fans couldn’t understand the lyrics.

When I moved to France in the 1980s, and got to know some French music, I often discussed music with people I met. I asked many people whose command of English was limited why they listened to songs in English. They all said the lyrics didn’t matter.

However, when they told me about certain French artists I should check out, they often said, “And the lyrics are great.”

Music in other languages has always been an edge case in English-speaking countries, because of the cost of releasing and promoting records in those countries. So many artists would sing their songs in English, with a hope of getting international airplay, having a single noticed, and then release an album in the US or UK. Now, with streaming, there are no borders, and there’s no reason for these artists to deny their cultural heritage.

Source: Pop 2.0: how globalised music created a new kind of star | Music | The Guardian

Why I Won’t Sell an iPhone on eBay Any More

For many years, I have bought new iPhones and sold the previous models. As a tech journalist, it’s useful for me to have the latest technology – even though I don’t do this every year – and I don’t want to accumulate old devices, like many of my friends who have “boxes of phones.”

I used to do this on eBay, but, when I tried to sell my iPhone 8+ recently, the experience was so bad that I will never do it again.

The first problem is that scammers hone in on iPhone sales pretty quickly. Each time I listed it – I’ll explain in a bit why I had to do this several times – I got emails like this:

hi i was wondering if you iphone 8 has been sold or not as I might be interested
my contact number is XXXX XXX XXX
regards
john

Often, the messages would give an email address, in the form username @ outlook dot com, so eBay’s filters wouldn’t catch them. And many of them used the same story, saying they needed to get one for their daughter’s birthday that week.

eBay seems to be very slow catching up to this. Generally it took a day or so before I got an email from eBay saying:

Our records show that you recently contacted or received messages from XXXXXXXX through eBay’s messaging system. We’re writing to let you know that an unauthorized third party may have compromised this member’s account security. It’s important to note that we’re unaware of any problems with your account. We recommend the following precautions to help keep you safe:

  • Don’t respond to offers to buy or sell an item from this user. The offer may be fraudulent, and the transaction won’t be covered by eBay.
  • Don’t respond to any messages you received from this user that appear to be a Second Chance Offer for an item you recently bid on.
  • Never pay for eBay items using instant cash wire-transfer services such as Western Union or MoneyGram. It’s against eBay’s Safe Payments Policy for a seller to request payment with these methods.

Most of these are new accounts – they weren’t “compromised” – which you can see by the low or zero feedback, and the join date on their pages. (Some may have feedback; scammers just buy a few cheap items to get some feedback on their accounts.)

I can understand how some people may fall for this scam, where the buyer pays you via PayPal, then claims that they never received the item, or, if you have sent it with a signature required, that it was broken. (And they’ll have photos of a broken iPhone to show.)

Another issue I had was people paying, then sending a strange looking address. In these cases, I just cancelled the order and refunded the person.

I’ve sold other items of value on eBay; I recently sold a Mac mini, and last year I sold an iMac, and never get this kind of email. I think it’s too much of a hassle for the scammers to try this for things bigger than a smartphone.

So when I bought the new iPhone XS Max last year, I moved over to Apple’s upgrade program. I won’t have to worry about selling old iPhones any more. As for the iPhone 8+, I traded it in to Apple; I got less than I would have from eBay (even after their fees), but there’s no hassle involved.

But that’s it. eBay has made itself far too dangerous to sell items like this. Knowing that in disputes they tend to side with the buyer automatically means I simply cannot trust the company to protect me.

Intego Mac Podcast, Episode 67: FaceTime, Facebook, Google, Shortcuts, Steganography, and More

Apple had a mean FaceTime bug; then they slapped down Facebook, and Google, for some underhanded app distribution. There are security risks using iOS Shortcuts, and there’s new malware using steganography.

Check out the latest episode of The Intego Mac Podcast, which I co-host with Josh Long. We talk about Macs and iOS devices, and how to keep them secure.