Skeptic Society Magazine

Tag: privacy

Safari in iOS 26: Everything New From Design to Privacy

[ad_1]

Apple updated many of its built-in apps in iOS 26, and Safari is one of the apps that has several notable changes. There’s a new look, an updated layout, and a new feature set.

This guide features all of the changes you can expect to see in Safari when ‌iOS 26‌ launches to the public this fall.

Liquid Glass Design

Safari adopts the same Liquid Glass design as the rest of Apple’s apps, and you’ll primarily see it in the address bar, tab view, and buttons.

The buttons and tab bar have the Liquid Glass translucent look, and more of the background of each website is visible beneath them. The tab bar is more compact and it takes up less space, and everything is rounder.

When you scroll down, the tab bar collapses down and you just see a small bar with the website URL, so the entire focus is on the website content. Scrolling back up returns the tab bar to its full size.

Updated Layout

There is a new compact design option in ‌iOS 26‌, but Apple left the option to use the previous Top and Bottom tab view layouts if you prefer those. Layout options are available in the Safari section of the Settings app.

Compact tucks away the share, bookmark, and tab options behind the three-dot button on the left of the tab bar. It’s a cleaner look, but it may be frustrating if you often need to access features like the tab menu. There is a back arrow, which splits into forward and back arrow options when you’re navigating through content. Settings like Translate and Reader mode are still available by tapping on the small icon next to the URL.

The Top and Bottom views offer the same setup that’s available in iOS 18, but with a new Liquid Glass look. Both bars are slimmed down, and no longer take up the full width of the display.

Tab management has been overhauled with the same design changes. The “+” button to open a new tab is still located on the left, and there’s now a blue checkmark when you’re done interacting with tabs. In the center of the tab view, there’s a slider bar that shows your current number of open tabs in the tab group that you’re in.

Swiping from left to right allows you to quickly swap between your tab groups. Changing profiles can be done with a dropdown menu at the top of the display, and other tab management tools are available by tapping on the “···” icon.

Web Apps

When you add a website to your Home Screen in ‌iOS 26‌, it will always open as a web app. Web apps have been supported on the ‌Home Screen‌ in earlier versions of iOS, but web developers needed to configure them to operate as web apps.

If websites weren’t configured properly, they would open in Safari when added to the ‌Home Screen‌. Now a website will open as a dedicated web app, even if it hasn’t been explicitly set up to work that way.

There is an Open as Web App option that can be toggled off when adding a website to a ‌Home Screen‌ if you prefer that websites open up in Safari.

Tracking Prevention

Advanced fingerprinting protection now extends to all browsing by default, rather than only being turned on by default for private web browsing. Apple’s fingerprinting protection features are meant to keep websites from tracking your device usage across websites.

HDR Images

‌iOS 26‌ adds HDR image support to Safari. HDR images have a wider dynamic range for brighter whites and deeper blacks, along with improved color gamut. P3 HDR images will now appear as intended in Safari on iPhones with XDR displays.

SVG Icons

Safari supports the SVG file format for icons wherever icons appear in the interface, including the start page, web apps, Safari tabs, menus, and more.

SVGs are superior to PNGs because they can be scaled up without a loss of quality, and in Safari, icons often need to appear at multiple different sizes.

WebGPU

Safari in ‌iOS 26‌ includes WebGPU, a feature that Apple has been testing in Safari Technology Preview. WebGPU is similar to WebGL, but it maps more directly to Metal and the underlying iPhone hardware. WebGPU isn’t a user facing feature that you’ll be able to use directly, but there will be benefits from it.

Web-based games will be able to achieve higher frame rates and better effects with lower CPU load, plus photo editors, 3D modeling sites, CAD viewers, and websites that do on-device ML should run faster while using less battery. WebGPU requires an iPhone 15 Pro or later.

Digital Credentials API

Apple added support for the W3C Digital Credentials API to Safari, which means a website is able to request identity documents like a driver’s license from Apple Wallet for private and secure identity and age verification.

The Verify with Wallet on the Web feature in ‌iOS 26‌ uses the Digital Credentials API and takes advantage of biometric authentication. Websites can ask customers for information like date of birth without receiving unnecessary extra data, and customers can approve the data sharing with Face ID or Touch ID.

The first websites that will support the Verify with Wallet on the Web feature include Chime, Turo, Uber Eats, and U.S. Bank.

Privacy Improvements

The ‌iOS 26‌ version of Safari prevents known fingerprinting scripts from accessing web APIs that can reveal device characteristics like screen dimensions, cutting down on the ways that advertisers can track you across websites. These scripts are also blocked from setting long-lived storage like cookies, and from reading query parameters that could be used for navigational tracking.

Reporting Website Compatibility Issues

A new feature lets you report an issue if you’re having trouble with a webpage. In the Page menu, Apple is adding a “Report a Website Issue” option that lets you share information with Apple to improve Safari.

Release Timing

‌iOS 26‌ is available to developers right now, and Apple plans to release a public beta in July. After a few months of testing, ‌iOS 26‌ will launch alongside new iPhones in September.

Read More

We have a dedicated iOS 26 roundup that goes into detail on all of the new features that are available in the update.

[ad_2]

Source link

June 28, 2025
Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses

[ad_1]

The man who allegedly assassinated a Democratic Minnesota state representative, murdered her husband, and shot a state senator and his wife at their homes in a violent spree early Saturday morning may have gotten their addresses or other personal details from online data broker services, according to court documents.

Suspect Vance Boelter, 57, is accused of shooting Minnesota representative Melissa Hortman and her husband, Mark Hortman, in their home on Saturday. The couple died from their injuries. Authorities claim the suspect also shot state senator John Hoffman and his wife Yvette Hoffman in their home earlier that night. The pair are currently recovering and are “incredibly lucky to be alive,” according to a statement from their family.

According to an FBI affidavit, police searched the SUV believed to be the suspect’s and found notebooks that included handwritten lists of “more than 45 Minnesota state and federal public officials, including Representative Hortman’s, whose home address was written next to her name.” According to the same affidavit, one notebook also listed 11 mainstream search platforms for finding people’s home addresses and other personal information, like phone numbers and relatives.

The addresses for both lawmakers targeted on Saturday were readily available. Representative Hortman’s campaign website listed her home address, while Senator Hoffman’s appeared on his legislative webpage, The New York Times reports.

“Boelter stalked his victims like prey,” acting US attorney Joseph Thompson alleged at a press conference on Monday. “He researched his victims and their families. He used the internet and other tools to find their addresses and names, the names of their family members.” Thompson also alleged that the suspect surveilled victims’ homes.

The suspect faces several charges of second-degree murder.

Privacy and public safety advocates have long argued that the US should regulate data brokers to guarantee that people have better control over the sensitive information available about them. The US has no comprehensive data privacy legislation, and efforts to regulate data brokers from within federal agencies have largely been quashed.

“The accused Minneapolis assassin allegedly used data brokers as a key part of his plot to track down and murder Democratic lawmakers,” Ron Wyden, the US senator from Oregon, tells WIRED. “Congress doesn’t need any more proof that people are being killed based on data for sale to anyone with a credit card. Every single American’s safety is at risk until Congress cracks down on this sleazy industry.”

In many cases, basic information like home addresses can be found through public records, including voter registration data (which is public in some states) and political donations data, says Gary Warner, a longtime digital scams researcher and director of intelligence at the cybersecurity firm DarkTower. Anything that isn’t readily available through public records is almost always easy to find using popular “people search” services.

“Finding a home address, especially if someone has lived in the same place for many years is trivial,” Warner says. He adds that for “younger people, non-homeowners, and less political people, there are other favorite sites” for finding personal information.

For many in the general public as well as in politics, Saturday’s violent crime spree brings new urgency to the long-standing question of how to protect sensitive personal data online.

“These are not the first murders that have been abetted by the data broker industry. But most of the previous targets were relatively unknown victims of stalking and abuse,” alleges Evan Greer, deputy director of the digital rights group Fight for the Future. “Lawmakers need to act before they have more blood on their hands.”

[ad_2]

Source link

June 17, 2025
Are your smart devices spying on you? Watchdog issues new privacy guidance | Science, Climate & Tech News

[ad_1]

The makers of air fryers and other smart home appliances have new guidelines around what information they can collect from people’s homes.

The Information Commissioner’s Office (ICO) released the guidance today after an investigation by Which? revealed in December that some air fryers, smart TVs and smartwatches are collecting data on their owners.

“In our increasingly connected world, we shouldn’t have to choose between enjoying the benefits of smart products and our own privacy,” said Stephen Almond, executive director for regulatory risk at the ICO.

“We all rightly have a greater expectation of privacy in our own homes, so we must be able to trust smart products are respecting our privacy, using our personal information responsibly and only in ways we would expect.”

Three air fryers, made by China’s Xiaomi, Tencent and Aigostar, recorded audio on their owners’ phones for no specified reason, according to the Which? study.

The Aigostar and Xiaomi fryers also sent personal data to Chinese servers, although this was flagged in the privacy notice supplied with the product.

“Whether it’s an air fryer that wants to know your exact location, or a smartwatch app that listens while you sleep, it’s clear that some companies have been pushing the boundaries of what’s acceptable on privacy,” said Andy Laughlin, a tech expert at Which?, in response to the new rules.

“ICO’s much-needed guidance marks an important first step towards ensuring consumers can have confidence when buying smart products for their home – but this must be backed by effective enforcement, including against companies that operate abroad.”

Read more from Sky News:
First woman to head MI6
Dig for remains of 800 infants begins

Four out of five people in the UK are thought to own at least one smart appliance, according to research by TechUK, and the new guidance is designed to protect them from disproportionate surveillance.

The ICO says manufacturers and developers must “adopt a data protection by design and default approach”.

This means considering data protection while the appliance is being designed and then all the way throughout the lifecycle of the product.

The ICO recommends a series of questions developers should ask themselves including: “Do you need to use personal information?”

Smartwatches and fitness trackers are also included in the new guidance, with the ICO warning information like a user’s BMI or fertility counts as special category data and should be treated with extra caution.

Which?’s investigation found the Huawei Ultimate smartwatch requested nine “risky” phone permissions – the most of all the devices in the study.

“Risky” permissions generally include knowing the user’s precise location, the ability to record audio, access to stored files or an ability to see all other apps installed.

Huawei said all of the permissions it asks for have a justified need.

There is no suggestion of illegal behaviour by any of the companies mentioned in the study.

“We want to help organisations get this right from the start – but we are ready to take action if necessary to protect people from harm,” said Mr Almond.

“When you bring a new smart product into your home, you can feel confident that we have your back.”

[ad_2]

Source link

June 16, 2025
RFK Jr. Orders HHS to Give Undocumented Migrants’ Medicaid Data to DHS

[ad_1]

With demonstrations ramping up against the Trump administration, this week was all about protests. With President Donald Trump taking the historic step to deploy US Marines and the National Guard to Los Angeles, we dove into the “long-term dangers” of sending troops to LA, as well as what those troops are permitted to do while they’re there.

Of course, it’s not just the military getting involved in the LA protests against the heavy crackdowns by Immigration and Customs Enforcement (ICE). There’s also Customs and Border Protection (CBP), which further escalated federal involvement by flying Predator drones over LA. And there are local and state authorities, who’ve used “nonlethal” weapons and chemical agents like tear gas against protesters. Even Waymo’s self-driving taxis—some of which were set on fire during last weekend’s LA protests—could be used to investigate people who commit crimes during demonstrations thanks to their surveillance capabilities.

In addition to protests, the undocumented community is pushing back against ICE’s enforcement activities by turning social media platforms into DIY alert systems for ICE raids and other activities. And with thousands of protests scheduled to take place this weekend, we updated our guide to protecting your privacy—in addition to your physical safety—while demonstrating.

Even if you’re not an immigrant nor attending any protests, it’s possible your data is still getting shared with immigration authorities. In partnership with WIRED, 404 Media this week revealed that a data broker owned by major airlines sold domestic US flight data to CBP and instructed the agency to not reveal that it did so. 404 also detailed a bug that allowed a researcher to discover the phone numbers connected to any Google accounts. (The bug has since been fixed.) Finally, we dissected Apple’s AI strategy, which appears to bank more on privacy than on splashy features.

And that’s not all. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The Trump administration quietly ordered the transfer of Medicaid data belonging to undocumented individuals to deportation officials this week, according to the Associated Press, in a move legal experts warn is likely to erode public trust in the government’s handling of personal data and result in a chilling effect among undocumented people desperate for medical care.

The transfer, which was reportedly ordered by Health and Human Services secretary Robert F. Kennedy Jr.’s office and included names, addresses, immigration status, and health claims, pertains to millions of enrollees, many in states that pay for the coverage using their own funds, the AP reports. The transfer may also be illegal, violating the Social Security Act and other data-handling statutes. According to the AP, Medicaid officials warned the administration that they did not have legal authority to disclose the records and that doing so would carry legal and reputation risks that could lead states to begin refusing to share information with the federal government, impacting the agency’s operational functions.

California governor Gavin Newsom, whose state is occupied by undesired federal military forces and ICE agents conducting continuous sweeps across neighborhoods heavily populated by immigrants, condemned the act, calling it “potentially illegal.” An HHS official rejected the claim, saying the agency acted in full compliance with the law, while declining to clarify to reporters how the data would actually be used.

Move over, NSO Group. Two Italian journalists were hacked with spyware made by Israeli phone-focused surveillance firm Paragon, Citizen Lab revealed this week in a report based on forensic analyses of their phones. Two other Italians, both staffers at the immigrant rescue nonprofit Mediterranea Saving Humans, also had their phones compromised with the same malware. Paragon’s Graphite malware, like NSO’s Pegasus, infects phones with a zero-click technique that requires no interaction from the victim—in this case using a vulnerability in iPhones that was patched in iOS version 18.3 earlier this year. While Citizen Lab couldn’t determine the Paragon customer behind the intrusions, there’s reason to suspect the Italian government, given that an Italian parliamentary committee determined in a report earlier this month that two Italian intelligence agencies are Paragon customers.

In its latest salvo against the Russian air force, Ukraine’s HUR military intelligence agency said that it had hacked into the network of Tupolev, an aerospace company that manufactures and services Russia’s strategic bombers. According to the cybersecurity news outlet The Record, the Ukrainian state hackers claim to have stolen 4.4 gigabytes of data, including internal communications, meeting notes, personnel files, and purchase records. Specifically, HUR says it was targeting data about individuals involved in the servicing and maintenance of Russia’s bomber fleet, which has targeted Ukrainian cities. The hackers also defaced the homepage of Tupolev’s website to show an owl clutching a Russian aircraft. “There is nothing secret left in Tupolev’s activities for Ukrainian intelligence,” HUR said in a statement. “The result of the operation will be noticeable both on the ground and in the sky.” The move follows Ukraine’s unprecedented drone operation earlier this month that damaged or destroyed 41 Russian aircraft, including bombers and spy planes.

On Wednesday, a consortium of cops from Interpol and 26 countries announced a takedown, dubbed “Operation Secure,” of domains and other digital infrastructure linked to 69 infostealer malware variants. In recent years, malicious hackers have leaned more and more on information-stealing malware, or infostealers, that grab sensitive information like passwords, cookies, and search histories to make it easier for attackers to target specific organizations and individuals. Operation Secure ran from January to April this year, Interpol said, and involved takedowns of more than 20,000 malicious IP addresses or domains and seizure of 41 servers as well as more than 100 GB of data. A total of 32 people were also arrested in connection with the investigation in Vietnam, Sri Lanka, Nauru, and elsewhere. Interpol described the operation as a “regional initiative” organized by the Asia and South Pacific Joint Operations Against Cybercrime Project.

Meta sued Hong Kong–based Joy Timeline HK Limited for repeatedly advertising an app on Instagram called CrushAI that offers “nudify” deepfakes, using artificial intelligence to remove the clothes from anyone in a photo. Meta said in its announcement of the lawsuit that the company had repeatedly violated its terms of service for advertisers and that the move is part of a larger crackdown on similar deepfake apps pushed by “adversarial advertisers,” as it dubs the companies who violate its terms. “We’ll continue to take the necessary steps—which could include legal action—against those who abuse our platforms like this,” Meta wrote in a statement.

[ad_2]

Source link

June 14, 2025
‘No Kings’ Protests, Citizen-Run ICE Trackers Trigger Intelligence Warnings

[ad_1]

As protests continue to swell across the United States in response to aggressive Immigration and Customs Enforcement actions, civilians are turning to homebrew digital tools to track ICE arrests and raids in real time. But restricted government documents, obtained by the nonprofit watchdog Property of the People, show that US intelligence agencies are now eyeing the same tools as potential threats. A law enforcement investigation involving the maps is also apparently underway.

Details about Saturday’s “No Kings” protest—specifically those in California—are also under watch by domestic intelligence centers, where analysts regularly distribute speculative threat assessments among federal, state, and local agencies, according to an internal alert obtained exclusively by WIRED.

A late-February bulletin distributed by a Vermont-based regional fusion center highlights several websites hosting interactive maps that allow users to drop “pins” indicating encounters with ICE agents.

The bulletin is based on information initially shared by a US Army threat monitoring center known as ARTIC. While it acknowledges that most of the users appear to be civilians working to avoid contact with federal agents, it nevertheless raises the specter of “malicious actors” potentially relying on such open-source transparency tools to physically target law enforcement.

ARTIC, which operates under the umbrella of the Army’s Intelligence and Security Command, could not be immediately reached for comment.

Property of the People, a nonprofit focused on transparency and national security, attempted to obtain additional details about the maps using public records laws. The group was informed by the Northern California Regional Intelligence Center (NCRIC) that all relevant information is “associated with active law enforcement investigations.”

The NCRIC did not immediately respond to WIRED’s request for comment.

“Law enforcement is sounding the alarm over implausible, hypothetical risks allegedly posed by these ICE raid tracking platforms,” Ryan Shapiro, executive director of Property of the People, tells WIRED. “But transparency is not terrorism, and the real security threat is militarized secret police invading our communities and abducting our neighbors.”

The documents identify maps and information shared across Reddit and the website Padlet, which allows users to collaborate and build interactive maps. An “OPSEC” warning concerning the maps was also separately issued in February by the Wisconsin Statewide Intelligence Center (WSIC). That report indicates the sites are being treated as a “strategic threat” and are under monitoring by a special operations division.

WSIC, which could not be immediately reached for comment, warned in its report about persistent online threats aimed at ICE officers, highlighting posts on the social media apps like X and TikTok that include messages calling for Americans to stockpile weapons and “shoot back.” While some posts were judged to contain “explicit threats,” most appear to reflect cathartic outrage over the Trump administration’s punitive immigration enforcement tactics, with intelligence analysts noting that many of the users were “discussing hypothetical scenarios.” Nevertheless, the analysts flagged the sheer volume and tone of the content as a genuine officer safety concern.

Each document is marked for law enforcement eyes only—a warning not to discuss details with the public or press.

A separate report obtained by WIRED and dated mid-May shows the Central California Intelligence Center (CCIC) monitoring plans for the upcoming “No Kings” protests. It identifies Sacramento, Fresno, and Stockton, among dozens of other protest sites. The information is widely available online, including on the No Kings website.

The bulletin notes the protests are promoted as a “nonviolent action,” but says the agency plans to produce additional intelligence reports for “threat liaison officers.” It concludes with boilerplate language that states the CCIC recognizes the right of citizens to assemble, speak, and petition the government, but frames the need to gather intelligence on “First Amendment-protected activities” as essential to “assuring the safety of first responders and the public.”

Roughly 2,000 protests are scheduled to take place nationwide concurrent with a military parade in Washington, DC, expected to feature 6,600 US Army soldiers, 150 military vehicles, including 28 M1 Abrams tanks, rocket launchers, and precision-guided missiles.

Protests have erupted in Los Angeles and cities nationwide over the past week in response to a Trump-ordered immigration crackdown and the deployment of federal troops, including Marines and National Guard units, to support law enforcement.

Demonstrators are pushing back against what they view as an authoritarian show of force—as surveillance drones fly overhead and armored vehicles roll through immigrant-heavy neighborhoods. Tensions have flared between protesters and police, fueling concerns about surveillance, civil liberties, and the legality of using military force to suppress civil unrest.

The use of military-grade equipment and limits on troop authority have emerged as key flashpoints in a broader debate over executive power and immigration enforcement.

The No Kings organizers frame the demonstrations as a nationwide day of defiance: “From city blocks to small towns, from courthouse steps to community parks, we’re taking action to reject authoritarianism—and show the world what democracy really looks like.”

[ad_2]

Source link

June 13, 2025
How to Protest Safely in the Age of Surveillance

[ad_1]

If you insist on using biometric unlocking methods to have faster access to your devices, keep in mind that some phones have an emergency function to disable these types of locks. Hold the wake button and one of the volume buttons simultaneously on an iPhone, for instance, and it will lock itself and require a passcode to unlock rather than FaceID or TouchID, even if they’re enabled. Most devices also let you take photos or record video without unlocking them first, a good way to keep your phone locked as much as possible.

Your Face

Face recognition has become one of the most powerful tools to identify your presence at a protest. Consider wearing a face mask and sunglasses to make it far more difficult for you to be identified by face recognition in surveillance footage or social media photos or videos of the protest. Fight for the Future’s Greer cautions, however, that the accuracy of the most effective face recognition tools available to law enforcement remains something of an unknown, and a simple surgical mask or KN95 may no longer be enough to defeat well-honed face-tracking tech.

If you ’re serious about not being identified, she says, a full-face mask may be far safer—or even a Halloween-style one. “I’ve seen people wear funny cosplay-style cartoon masks or mascot suits or silly costumes,” says Greer, offering as an example Donald Trump and Elon Musk masks that she’s seen protesters wear at Tesla Takedown protests against Musk and the so-called Department of Government Efficiency (DOGE). “That’s a great way to defy facial recognition and also make the protest more fun.”

You should also consider the clothes you’re wearing before you head out. Colorful clothing or prominent logos makes you more recognizable to law enforcement and easier to track. If you have tattoos that make you identifiable, consider covering them.

Greer cautions, though, that preventing determined surveillance-empowered agencies from learning the mere fact that you attended a protest at all is increasingly difficult. For those of you in the most sensitive positions—such as undocumented immigrants at risk of deportation—she suggests that you consider staying home rather than depend on any obfuscation technique to mask their presence at an event.

If you’re driving a car to a protest—your own or someone else’s—consider that automatic license plate readers can easily identify the vehicle’s movements. And, in addition to license plates, be aware that these same sensors can also detect other words and phrases, including those on bumper stickers, signs, and even T-shirts.

More broadly, everyone who attends a protest needs to consider—perhaps more than ever before—what their tolerance for risk might be, from mere identification to the possibility of arrest or detention. “I think it’s important to say that protesting in the US now comes with higher risks than it used to—it comes with a real possibility of physical violence and mass arrest,” says Danacea Vo, the founder of Cyberlixir, a cybersecurity provider for nonprofits and vulnerable communities. “Even just compared to protests that happened last month, people were able to just show up barefaced and march. Now things have changed.”

Your Online Footprint

Though most privacy and security considerations for attending an in-person protest naturally relate to your body, any devices you bring with you, and your physical surroundings, there are a set of other factors to think about online. It’s important to understand how posts on social media and other platforms before, during, or after a protest could be collected and used by authorities to identify and track you or others. Simply saying on an online platform that you are attending or attended a protest puts the information out there. And if you take photos or videos during a protest, that content could be used to expand law enforcement’s view of who attended a protest and what they did while there, including any strangers who appear in your images or footage.

Authorities can come to your online presence by looking for information about you in particular, but can also arrive there using bulk data analysis tools like Dataminr that offer law enforcement and other customers real-time monitoring connecting people to their online activity. Such tools can also surface past posts, and if you’ve ever made violent comments online or alluded to committing crimes—even as a joke—law enforcement could discover the activity and use it against you if you are questioned or arrested during a protest. This is a particular concern for people living in the US on visas or those whose immigration status is tenuous. The US State Department has said explicitly that it is monitoring immigrants’ and travelers’ social media activity.

[ad_2]

Source link

June 12, 2025
MacOS Privacy Reimagined With Emerging VPN Features in 2025
[ad_1]
The current digital landscape is in perpetual flux, with user privacy and data security emerging as paramount concerns for individuals and organizations. As we approach 2025, Apple’s macOS is poised to introduce a suite of advanced features meticulously crafted to significantly bolster user privacy, directly addressing the escalating global demand for more robust data protection.

These forthcoming enhancements are expected to synergize with cutting-edge Virtual Private Network (VPN) technologies, culminating in a more secure and private online experience for Mac users. A notable increase in data requests from law enforcement agencies and third parties underscores the critical necessity for enhanced privacy safeguards.

This pronounced shift towards enhanced privacy is not merely a transient trend but a fundamental recalibration of how users interact with their devices and the broader internet. Anticipated macOS updates, recently unveiled at events like WWDC25, are projected to introduce more granular controls and transparent privacy mechanisms.

The integration and evolution of VPNs will undeniably play a pivotal role in this novel privacy paradigm, furnishing Mac users with supplementary layers of security and anonymity.

The Escalating Imperative for Digital Privacy

In recent years, the demand for digital privacy has surged dramatically as users become acutely aware of how their data is meticulously collected, utilized, and, occasionally, regrettably misused. Numerous high-profile data breaches and disconcerting revelations about pervasive data tracking practices by tech corporations and advertisers have significantly exacerbated these concerns.

Many free VPN services, for example, often generate revenue by collecting and selling user data, sometimes even surreptitiously installing trackers or malware. This heightened risk environment has propelled consumers to seek more effective tools and platform features to protect their online activities meticulously.

The ongoing development of increasingly sophisticated cyber threats, such as the high-severity double-free vulnerability recently identified in Linux’s nftables firewall subsystem (CVE-2024-26809), further underscores the critical necessity for continuous vigilance and pervasive improvements in security measures across all operating systems.

MacOS in 2025: A New Epoch for User Privacy

Apple has consistently championed privacy as a foundational tenet of its product philosophy, and the newly announced macOS Tahoe 26 for 2025 is expected to deepen this unwavering commitment profoundly. These updates aim to provide users with unprecedented control over their personal information. Features like enhanced clipboard privacy, which will proactively alert users or necessitate explicit permission when applications attempt to access copied data, are a key part of this evolution.

While macOS Sequoia 15.5, released in May 2025, primarily focused on typical bug fixes and security patches, it did lay the foundational groundwork by addressing various security flaws and improving features like Screen Time. The WWDC25 keynote in June 2025 provided the first comprehensive details on these significant privacy-centric enhancements.

Spotlight on Evolving Security Protocols

The bedrock of enhanced digital privacy invariably lies in the inherent strength and sophistication of underlying security protocols. As macOS continues to evolve, so will its robust support for and seamless integration of cutting-edge security standards meticulously designed to protect data in transit and at rest.

While Apple typically develops its proprietary security frameworks, the broader tech industry’s rapid advancements, such as the increasing global adoption of advanced VPN protocols, dominate the strategic direction of secure communications.

The recent patching of multiple critical vulnerabilities in macOS Sequoia 15.5, which could have allowed malicious applications to illicitly access sensitive user data across diverse components, unequivocally highlights the vital importance of robust and meticulously updated security protocols. These ongoing, rigorous efforts ensure that Mac users consistently benefit from formidable protections against emerging threats and increasingly sophisticated attack vectors, contributing significantly to a safer and more secure computing environment.

Native VPN Integrations: A Transformative Development?

While macOS has long supported VPN configurations, future iterations could potentially witness deeper, more seamless native VPN integrations. Such advancements could simplify the user experience and encourage broader adoption of crucial VPN technology.

These integrations might manifest as comprehensive system-level VPN management features, making it considerably easier for users to proactively protect all their internet traffic without necessitating extensive technical expertise.

This could seamlessly integrate into Apple’s broader strategic vision for greater cross-platform cohesion, as discussed for upcoming versions like iOS 26, iPadOS 26, and macOS Tahoe 26, potentially forging a more unified and inherently secure experience across the entire spectrum of Apple devices.

The Pivotal Role of VPNs in Enhanced macOS Privacy

Even with Apple’s increasingly robust built-in privacy features, VPNs will remain indispensable in providing comprehensive online protection for Mac users. VPNs offer a distinct suite of capabilities that fundamentally transcend what an operating system can typically provide. These include but are not limited to, meticulously masking a user’s IP address to effectively prevent pervasive tracking by websites, ubiquitous advertisers, and vigilant Internet Service Providers (ISPs).

Furthermore, VPNs encrypt all internet traffic, meticulously securing data from potential interception, a particularly crucial feature when operating on inherently unsecured public Wi-Fi networks.

Cybersecurity experts consistently recommend deploying the best VPN for MAC users to protect sensitive data and safeguard online privacy, often citing features such as optimized fast browsing speeds and seamless streaming capabilities.

This additional, critical layer of security is essential for users who demand that their online activities, encompassing everything from casual Browse to sensitive financial transactions, remain unequivocally confidential and inherently secure.

How VPNs Fortify macOS Security Measures

VPNs serve as a potent and invaluable supplement to macOS’s inherent security architecture by strategically adding crucial, impenetrable layers of protection. A primary and essential function is the creation of an encrypted tunnel meticulously established between the Mac device and the designated VPN server. This secure tunnel rigorously protects all internet traffic from potential interception, including that from ISPs who might otherwise monitor or illicitly throttle user activity.

Many top-tier VPNs also ingeniously incorporate advanced features such as a “kill switch,” which automatically and instantaneously blocks all internet traffic if the VPN connection unexpectedly drops, preventing accidental data exposure. Furthermore, rigorously enforced “no-logs” policies, frequently and transparently verified by independent, third-party audits, provide an unassailable assurance that the VPN provider neither collects nor stores any user activity data.

Selecting the Optimal VPN for Your Mac

Selecting an appropriate VPN for your Mac necessitates meticulous consideration of several critical factors to ensure optimal performance, robust security, and uncompromised privacy. It is essential to seek out a provider with an impeccable reputation, an unequivocally clear no-logs policy (preferably verified by independent audits), and demonstrably robust encryption standards. The sheer number and broad geographical distribution of servers can also be a significant consideration, particularly for users who frequently need to access geo-restricted content from specific regions or who desire faster connection speeds by connecting to geographically proximate servers.

Leading VPN providers are consistently noted for their fast speeds, strong encryption, and an extensive array of globally distributed servers, criteria equally applicable to Mac users. Meticulous attention should be paid to the supported protocols, with modern options like WireGuard frequently offering an exemplary balance of speed and security.

When diligently evaluating a VPN for macOS, features such as a reliable kill switch, comprehensive DNS leak protection, and specialized servers optimized for specific activities like high-definition streaming or secure torrenting can significantly enhance the overall user experience. Some premium VPNs offer additional security benefits, including integrated ad-blocking or sophisticated malware protection. The availability and demonstrable quality of customer support are also critically important factors worthy of careful consideration.

Given the increasing sophistication and pervasive nature of online threats, investing in a reputable paid VPN service is generally and strongly advisable over inherently free alternatives, which frequently come with significant and unacceptable privacy and security compromises.

To aid in your selection process, consider this summary of paramount features:
- Strong encryption (e.g., industry-standard AES-256)
- Independently audited no-logs policy: Ensures verifiable commitment to user privacy.
- Kill switch functionality: Prevents accidental data exposure if the VPN connection drops.
- Wide range of server locations: Offers flexibility for geo-unblocking and optimal speeds.
- Fast connection speeds and modern protocols: for efficient data transfer.
- DNS leak protection: Safeguards against exposure of your actual IP address.
- User-friendly Mac application: Ensures ease of setup and daily operation.
- Responsive customer support: Assists when needed.
- Additional features: Integrated ad/tracker blocking for enhanced online safety.
Embracing a More Secure Digital Future with macOS and VPNs

The discernible trajectory towards a future of enhanced digital privacy is clear, and macOS is unequivocally positioned to be a pivotal driving force within this transformative movement with its 2025 advancements. These upcoming features, specifically engineered to prioritize greater user control and comprehensive data protection, will collectively establish a stronger native security foundation for Mac users.

Nevertheless, VPNs’ indispensable role will remain crucial. They consistently offer an additional layer of robust security and unassailable anonymity that flawlessly complements macOS’s inherent, built-in protections.

The powerful combination of a meticulously privacy-focused operating system and a demonstrably reliable VPN service collectively empowers users to confidently navigate the increasingly complex digital world with significantly enhanced peace of mind. \

Image Credit vee terzy

Filed Under: Apple, Guides

Latest Geeky Gadgets Deals

Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
[ad_2]

Source link
June 12, 2025
Apple Intelligence Is Gambling on Privacy as a Killer Feature

[ad_1]

As Apple’s Worldwide Developers Conference keynote concluded on Monday, market watchers couldn’t help but notice that the company’s stock price was down, perhaps a reaction to Apple’s relatively low-key approach to incorporating AI compared to most of its competitors. Still, Apple Intelligence–based features and upgrades were plentiful, and while some are powered using the company’s privacy- and security-focused cloud platform known as Private Cloud Compute, many run locally on Apple Intelligence–enabled devices.

Apple’s new Messages screening feature automatically moves texts from phone numbers and accounts you’ve never interacted with before to an “Unknown Sender” folder. The feature automatically detects time-sensitive messages like login codes or food delivery updates and will still deliver them to your main inbox, but it also scans for messages that seem to be scams and puts them in a separate spam folder. All of this sorting is done locally using Apple Intelligence. Similarly, the expanded Call Screening feature will automatically and locally pick up untrusted phone calls, ask for details about the caller, and transcribe the answers so you can decide whether you want to pick up the call. Even Live Translation adds real-time language translation to calls and messaging using local processing.

From a privacy perspective, local processing is the gold standard for AI features. Data never leaves your device, meaning there’s no risk that it could end up somewhere unintended as a result of a journey through the cloud. And new features like spam and “Unknown Sender” sorting for Messages, call screening for untrusted phone numbers, and Live Translation tools all seemed to be designed with a strategy of using privacy as a differentiator in an already crowded AI field.

In addition to being privacy-friendly, local processing has other benefits like allowing AI-based services to be available offline and speeding up certain tasks, since data doesn’t have to be sent to the cloud, processed, and then sent back to a device. If AI features are going to be widely available and accessible, though, most companies are constrained by attempting to factor in the old, low-end devices that many of their customers are likely using that may not be able to handle local AI. Apple has less need to be inclusive, though, because it produces both hardware and software and has already imposed limitations that Apple Intelligence can only run on recent device models.

There are other limitations to Apple Intelligence, too, and the company offers opt-in integrations with some third-party generative AI services to expand functionality. For OpenAI’s ChatGPT, for example, users must turn the integration on, and Apple services will then prompt the user to confirm each time they go to submit a ChatGPT query. Additionally, users can elect to log in to a ChatGPT account, in which case their queries will be subject to OpenAI’s normal policies, or they can use ChatGPT without logging in. In this scenario, Apple says, it does not connect an Apple ID or other identifier to queries and obfuscates users‘ IP addresses.

Apple invested extensively to develop Private Cloud Compute to maintain strong security and privacy guarantees for AI processing in the cloud. Other companies have even begun to create similar secure AI cloud schemes for products and services that specifically center privacy as a crucial feature. But the fact that Apple still deploys local processing for new features when possible may indicate that privacy isn’t just an intellectual priority in the company’s approach to AI. It may be a business strategy.

[ad_2]

Source link

June 11, 2025
Airlines Don’t Want You to Know They Sold Your Flight Data to DHS

[ad_1]

A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected US travelers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details.

CBP, a part of the Department of Homeland Security (DHS), says it needs this data to support state and local police to track people of interest’s air travel across the country, in a purchase that has alarmed civil liberties experts.

The documents reveal for the first time in detail why at least one part of DHS purchased such information, and comes after Immigration and Customs Enforcement (ICE) detailed its own purchase of the data. The documents also show for the first time that the data broker, called the Airlines Reporting Corporation (ARC), tells government agencies not to mention where it sourced the flight data from.

“The big airlines—through a shady data broker that they own called ARC—are selling the government bulk access to Americans’ sensitive information, revealing where they fly and the credit card they used,” senator Ron Wyden said in a statement.

ARC is owned and operated by at least eight major US airlines, other publicly released documents show. The company’s board of directors include representatives from Delta, Southwest, United, American Airlines, Alaska Airlines, JetBlue, and European airlines Lufthansa and Air France, and Canada’s Air Canada. More than 240 airlines depend on ARC for ticket settlement services.

ARC’s other lines of business include being the conduit between airlines and travel agencies, finding travel trends in data with other firms like Expedia, and fraud prevention, according to material on ARC’s YouTube channel and website. The sale of US fliers’ travel information to the government is part of ARC’s Travel Intelligence Program (TIP).

A Statement of Work included in the newly obtained documents, which describes why an agency is buying a particular tool or capability, says CBP needs access to ARC’s TIP product “to support federal, state, and local law enforcement agencies to identify persons of interest’s US domestic air travel ticketing information.” 404 Media obtained the documents through a Freedom of Information Act (FOIA) request.

The new documents obtained by 404 Media also show ARC asking CBP to “not publicly identify vendor, or its employees, individually or collectively, as the source of the Reports unless the Customer is compelled to do so by a valid court order or subpoena and gives ARC immediate notice of same.”

The Statement of Work says that TIP can show a person’s paid intent to travel and tickets purchased through travel agencies in the US and its territories. The data from the Travel Intelligence Program (TIP) will provide “visibility on a subject’s or person of interest’s domestic air travel ticketing information as well as tickets acquired through travel agencies in the U.S. and its territories,” the documents say. They add that this data will be “crucial” in both administrative and criminal cases.

A DHS Privacy Impact Assessment (PIA) available online says that TIP data is updated daily with the previous day’s ticket sales, and contains more than one billion records spanning 39 months of past and future travel. The document says TIP can be searched by name, credit card, or airline, but ARC contains data from ARC-accredited travel agencies, such as Expedia, and not flights booked directly with an airline. “If the passenger buys a ticket directly from the airline, then the search done by ICE will not show up in an ARC report,” that PIA says. The PIA notes that the data impacts both US and non-US persons, meaning it does include information on US citizens.

“While obtaining domestic airline data—like many other transaction and purchase records—generally doesn’t require a warrant, there’s still supposed to go through a legal process that ensures independent oversight and limits data collection to records that will support an investigation,” Jake Laperruque, deputy director of the Center for Democracy & Technology’s Security and Surveillance Project, told 404 Media in an email. “As with many other types of sensitive and revealing data, the government seems intent on using data brokers to buy their way around important guardrails and limits.”

CBP’s contract with ARC started in June 2024 and may extend to 2029, according to the documents. The CBP contract 404 Media obtained documents for was an $11,025 transaction. Last Tuesday, a public procurement database added a $6,847.50 update to that contract, which said it was exercising “Option Year 1,” meaning it was extending the contract. The documents are redacted but briefly mention CBP’s OPR, or Office of Professional Responsibility, which in part investigates corruption by CBP employees.

[ad_2]

Source link

June 10, 2025
A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

[ad_1]

A cybersecurity researcher was able to figure out the phone number linked to any Google account, information that is usually not public and is often sensitive, according to the researcher, Google, and 404 Media’s own tests.

The issue has since been fixed but at the time presented a privacy issue in which even hackers with relatively few resources could have brute forced their way to peoples’ personal information.

“I think this exploit is pretty bad since it’s basically a gold mine for SIM swappers,” the independent security researcher who found the issue, who goes by the handle brutecat, wrote in an email. SIM swappers are hackers who take over a target’s phone number in order to receive their calls and texts, which in turn can let them break into all manner of accounts.

In mid-April, we provided brutecat with one of our personal Gmail addresses in order to test the vulnerability. About six hours later, brutecat replied with the correct and full phone number linked to that account.

“Essentially, it’s bruting the number,” brutecat said of their process. Brute forcing is when a hacker rapidly tries different combinations of digits or characters until finding the ones they’re after. Typically that’s in the context of finding someone’s password, but here brutecat is doing something similar to determine a Google user’s phone number.

Brutecat said in an email the brute forcing takes around one hour for a U.S. number, or 8 minutes for a UK one. For other countries, it can take less than a minute, they said.

In an accompanying video demonstrating the exploit, brutecat explains an attacker needs the target’s Google display name. They find this by first transferring ownership of a document from Google’s Looker Studio product to the target, the video says. They say they modified the document’s name to be millions of characters, which ends up with the target not being notified of the ownership switch. Using some custom code, which they detailed in their write up, brutecat then barrages Google with guesses of the phone number until getting a hit.

“The victim isn’t notified at all :)” a caption in the video reads.

A Google spokesperson told 404 Media in a statement “This issue has been fixed. We’ve always stressed the importance of working with the security research community through our vulnerability rewards program and we want to thank the researcher for flagging this issue. Researcher submissions like this are one of the many ways we’re able to quickly find and fix issues for the safety of our users.”

Phone numbers are a key piece of information for SIM swappers. These sorts of hackers have been linked to countless hacks of individual people in order to steal online usernames or cryptocurrency. But sophisticated SIM swappers have also escalated to targeting massive companies. Some have worked directly with ransomware gangs from Eastern Europe.

Armed with the phone number, a SIM swapper may then impersonate the victim and convince their telecom to reroute text messages to a SIM card the hacker controls. From there, the hacker can request password reset text messages, or multi-factor authentication codes, and log into the victim’s valuable accounts. This could include accounts that store cryptocurrency, or even more damaging, their email, which in turn could grant access to many other accounts.

On its website, the FBI recommends people do not publicly advertise their phone number for this reason. “Protect your personal and financial information. Don’t advertise your phone number, address, or financial assets, including ownership or investment of cryptocurrency, on social media sites,” the site reads.

In their write-up, brutecat said Google awarded them $5,000 and some swag for their findings. Initially, Google marked the vulnerability as having a low chance of exploitation. The company later upgraded that likelihood to medium, according to brutecat’s write-up.

[ad_2]

Source link

June 9, 2025