Improvements to encryption have finally arrived in the Mac version of the ChatGPT app. Apple has delayed some new operating system features by a few more months. And Samsung can put a Smart Ring on your finger right now. Does Apple have plans for its own Smart Ring?
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.
Voice Over 0:00
This is the Intego Mac Podcast—the voice of Mac security—for Thursday, July 11 2024.
This week’s Intego Mac Podcast security headlines include: Improvements to encryption have finally arrived in the Mac version of the ChatGPT app. Apple has delayed some new operating system features by a few more months. And Samsung can put a Smart Ring device on your finger right now. Does Apple have plans for its own Smart Ring? Now here are the hosts of the Intego Mac podcast. Veteran Mac journalist, Kirk McElhearn. And Intego’s Chief Security Analyst, Josh Long.
Kirk McElhearn 0:44
Good morning, Josh, how are you today?
Josh Long 0:46
I’m doing well. How are you, Kirk?
Kirk McElhearn 0:48
We want to open this episode of the podcast with a small correction. It’s not that we were wrong. It’s it’s something we talked about last week changed. It was about Apple having a an observer on the OpenAI board. They had press-ganged Phil Schiller, into sitting around board meetings and reporting back what was going on. But that seems to have changed.
Josh Long 1:07
That’s right. Not only Apple, but also Microsoft, I guess had a similar situation where they had somebody who was sitting on the board and an observatory capacity. And apparently both Microsoft and Apple are now ditching their seats on the board because presumably of some regulatory scrutiny. So that whole thing is already changed. I just thought this was really funny, because we just were talking last week about, you know, maybe the whole reason that they are having somebody like Phil Schiller be on the board is like parental supervision, you know, to make sure that they’re not making rash decisions, where something changes, you know, in a matter of days, and well, in a matter of days, this changed.
Kirk McElhearn 1:51
So, well, we want to talk a little bit more about OpenAI. So by the way, Josh was mentioning before the show that we didn’t say last week that OpenAI is company makes ChatGPT. If we talk about OpenAI, everyone knows ChatGPT. But fewer people know OpenAI. So OpenAI is like the Apple, two ChatGPT, which is the iOS, right? Apparently ChatGPT for Mac. So they have a Mac app, they got caught for breaching Apple security rules. And this sounds really serious. They were they were saving queries in plain text files on your Mac. What?
Josh Long 2:25
Yeah, which is not best practice, this is potentially problematic. For example, if somebody else has either physical access or can get remote access to your Mac, they might be able to exfiltrate that chat history that you have with the ChatGPT app, it wasn’t being encrypted. So kind of potentially problematic. You know, this is also something where stealer malware frequently does things like checking certain known directories, for log files, passwords, wallets, anything else that it might be able to grab and then send off to the attacker, the person who delivered that malware or pushed it out to the to the public. So this is yet another one of those things that could be gathered up by that type of stealer malware, which is very common these days. So if you do have the ChatGPT app, there is a new version of the app out that fixes this problem. And now, OpenAI says that the Mac version of the ChatGPT app does encrypt this data now. So make sure if you’re using the app that you’ve got an update.
Kirk McElhearn 3:38
I just want to throw in a definition because you use the word directories and most people don’t think of directories they think of folders on their Mac.
Josh Long 3:44
That’s true. Yes. Directory is kind of a generic term, I guess. (Well, it’s a Unix term, isn’t it?) Yeah, it kind of does go back to like the old Unix days, we think of folders typically on Macs, because that’s what we see in the Finder, right? You know, on your desktop, you have folders. So but yeah, directory is just another another way to talk about the same structure where you’ve got containers that hold files
Kirk McElhearn 4:12
Well, they’re not even containers that hold files, it just catalog entries someplace in a database that point to the files. And we have this metaphor, that it is a folder that actually holds paper files or photographs, or actual CDs or something instead of you know, digital music files. I love the fact that this has become so ingrained in our consciousness because of Apple, having created the first graphical user interface like that.
Josh Long 4:37
Well, at least Apple’s certainly gotten credit for being the first to bring this to the mainstream right there. If you go back far enough, you could you could say, well, there were some prototype operating systems and Apple may have kind of borrowed from those prototypes when they developed their operating system, but
Kirk McElhearn 4:54
True. So one more story about AI. Apparently they had a data breach in 2023, and they didn’t bother to report And now, whether or not this is an actual data breach in what we think of a data breach, which is a mass database of user data, it wasn’t that, but it was still a breach of some data from the company.
Josh Long 5:14
Right. So what actually happened here is that according to The New York Times, there were a couple of anonymous insiders at OpenAI, who reported that there was a private forum used by OpenAI employees to discuss projects early last year that was breached by some hackers. And so it’s weird that we’re just hearing about this now, because if it was early last year, that means it’s probably been more than a year ago that this happened. And it’s only just now that we’re hearing about this. Now, I guess the argument that the OpenAI executives may have made at the time for not publishing information, is because they claim that there’s no private individual data, you know, nobody’s in nobody’s personal data was exposed as kind of the claim that they’re making here. Well, I’m not so sure that they can really make that case or make that claim with any definitiveness. Because really, you mean to tell me that in your private employee forum, you never once gave any information about any user of your product, or anything else that might be personally identifiable information for some partner, or customer or really like that never once happened, I find that pretty hard to believe.
Kirk McElhearn 6:37
It sounds to me like someone got into their Slack channel. And it’s true that in a Slack channel, you might have people saying, we had this query, and it returned some ridiculous SaLuSa nations slop, and let’s examine it, but there might not have been that much personal data. Again, it’s not a data breach, like usernames and passwords and credit card numbers and all of that.
Josh Long 6:58
Right. So what can we do about this? Well, not really anything, data breaches happen. And thankfully, this time, it probably wasn’t nearly as bad as most of the data breaches that we do hear about.
Kirk McElhearn 7:09
Right. And this isn’t rushed to change your password because it it wasn’t that kind of data breach. We have a story from Broadcom, Broadcom is this company that makes big, professional data type stuff. And all of a sudden, they want to be a security company. I mean, they own some security software. And they came out with an article about a week ago, Apple IDs targeted in US smishing campaign. Oh, here we go against smishing. So smishing is SMS phishing, right. And it seems a bit I don’t want to say self serving, but that they’re trying to make themselves sound really important because they found one domain that was used in this now, you’ve probably gotten an SMS is or spam, saying that you have to sign into iCloud or your account will be cancelled or your storage is going to be cancelled or something like that. This is a very, very common problem, and Broadcom mentions is one specific domain is if it’s the only one in the world that’s used for this.
Josh Long 8:12
Yeah, that’s the thing that’s kind of funny about this story. So so they put out this press release on July 2. And interestingly, it’s probably coincidental, but Apple published a document two days later on July 4, interestingly, on a national holiday here in the US where most Apple employees are, but this document is called recognize and avoid social engineering schemes, including phishing messages, phony support calls and other scams. That’s a mouthful, but they kind of cover some of the things that we’ve frequently talked about on this podcast, including that somebody can send you a text message pretending to be somebody else. So Apple gives a number of tips related to this. I’ve seen some Apple news sites that are kind of making a correlation between the two and they’re saying, Oh, well, Apple published this document because of that other report. And I’m not so sure that that’s really true.
Kirk McElhearn 9:07
I’ll tell you, I’m a writer. This is a document about 1500 words. For a company like Apple, you don’t write a 1500 word document with lots of links to other pages, and get it published in two days, it has to go through multiple levels of the company eventually has to be localized into other languages. I don’t know if it is yet available in other languages, but you don’t come out with a 1500 word document about security for Apple in two days, or literally in one day, because well, they hear about it the second, you don’t necessarily get an all hands to get people to start writing this. So this is a coincidence. It may have even existed before and just been updated. And no one noticed it you know, I’m just guessing here, but I don’t see any relation between the two. However, the Apple document, as Josh said, is things that we talk about very often, and it’s a very good document to look at to check to make sure you know all of these things. that you can do to protect your Apple account, report suspicious emails and messages, worried about social engineering, etc. Notice that it says how to protect your Apple account. And this is some new terminology we’re going to see from the fall instead of Apple ID they’re calling an Apple account in the future.
Josh Long 10:15
That’s a good point. By the way, there is a way to actually check whether there was a previous version of an article. So the Wayback Machine, of course, the Wayback Machine. Yes. So web.archive.org is the website. And if you paste in just about any web address, you’ll be able to find older versions of that particular webpage that the Internet Archive Wayback Machine has archived. And so the first archived version of this that I could find is actually from December 1. So this was not just published for the first time on July 4, this was maybe updated on July 4, good sleuthing there, Josh, as an interesting side note, Apple actually does use both the terms Apple account and Apple ID on this page, both in the current version of the page and all the way back in December when it was apparently first published.
Kirk McElhearn 11:08
Okay, we’ve been talking since the beginning of June about the new Apple intelligent features and how Siri is going to be not as dumb as a rock. We’re not going to get it this fall. In fact, according to Mark Gurmann, we’re not going to get it until iOS 18.4 In the spring, and I’m counting that makes about nine months after it’s announced or six months after iOS 18 comes out roughly right. This makes it seem like I don’t want to say that Apple’s announcement in June was vaporware, but it was somewhat deceptive making people think that iOS 18 is going to come out with all these new features, but you’re gonna have to wait another six months, and then it might get delayed. You’ll have to wait till next June. But then next June is the worldwide developer conference for iOS 19. And then, so…
Josh Long 11:51
Exactly, yeah, this, this does feel a little bit kind of deceptive to announce this as an iOS 18 feature that’s maybe not actually coming until Mark Gurmann suggests maybe around iOS 18.4, sometime in the spring, which again, like as you say, That’s right before the next WWDC, where they’re going to be announcing iOS 19. And so it seems kind of crazy to have to wait that long for a feature that’s supposed to be here in the new operating system, whether we’re about to get.
Kirk McElhearn 12:23
Okay, one more thing about Apple before the break. And this is something that doesn’t surprise me. We have an article on Apple insider, which is talking about a survey by the consumer Intelligence Research Partners, LLC, I don’t know who they are. But these are analysts. And it’s saying that Apple Silicon Macs are staying in use longer than Intel Macs into 2020. When they did the survey, 40% of people kept their Macs for three years or more and in 2024 56%, are keeping them for three years or more. That is a huge difference. And this speaks to something that I wrote about three years ago in May 2021, where I asked, Are we heading towards the Forever Mac, looking at the M1 Max at the time, looking how fast they were and how battery efficient they were, it really seemed like we were getting to a stage where Max would last longer. And now, this is proof that people are either keeping them longer or planning to keep them longer than in the past.
Josh Long 13:21
That’s a really good point. And one of the things that you pointed out at the time is that, you know, with these M series Mac’s which are so much faster than the Intel Macs that we had before, if all you’re really doing is checking email and browsing the web, like what do you really even need a faster machine for than that, right? It does all the things that an everyday user does on a regular basis. And so it kind of starts to feel like maybe I don’t really need to upgrade every couple of years. So I’m very curious to see how long Apple is going to continue to support first of all Intel Macs, because I’m a little bit surprised that they didn’t drop more models of Intel Macs this year, we’ve still got a 2017 model, and a couple of of later models all the way up through 2019. That Apple is still supporting this year with Mac OS Sequoia. So I’m very curious to see do we get one more year of Intel support? Or are we getting two more years? And then beyond that? How many years is Apple still going to be supporting that original M1 line that they came out with in 2021.
Kirk McElhearn 14:28
The other point that I mentioned in the article and this was a change in 2021, you were limited to three years of Apple Care. But from 2021 they allowed you to renew your Apple Care at the end of those three years. And I don’t know about you my Mac for work. If it breaks down it’s kind of a problem. So I keep Apple Care. And that three year mark used to be for me the time when I kind of needed a new Mac just to be safe, even though I rarely had hardware problems. So now that I can keep renewing Apple Care on my Mac. I told you I’m going to keep this iMac for five years.
Josh Long 14:58
And you know when I was a little skeptical at the time, but I think you might be right about that.
Kirk McElhearn 15:02
Okay, let’s take a break when we come back, we’re going to talk about a Smart Ring or two.
Voice Over 15:09
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 16:24
So we’re recording this on the 10th of July. And Samsung has just officially released the Samsung Galaxy Ring a Smart Ring, which does all the things that Smart Rings do. It’s selling for $399 or 399 pounds. The main competitor in this is the Oura ring, O-U-R-A. And the Oura rings have it cheaper. But the Oura ring has a monthly subscription fee to get all of the features. If you don’t pay the subscription, you get some really minimal data like your score your sleep score, your activity score, but you don’t get any real data. So the Galaxy ring is a bit more expensive. But over time, you’ll save money compared to the Oura ring. Now this is quite interesting, because you need to use a Samsung Galaxy phone to use this ring, I would have expected that Samsung would come out with a Smart Ring that would work with any Android phone. And that’s not the case. Galaxy phones actually can get pretty expensive. I mean, I was looking on Amazon here in the UK, you can get one for 100 pounds, that meets the system requirements which are Android 11 or later and at least one and a half gigabytes of RAM. So at 100 pounds, you’ve got something that runs Android 12 or 13 has four gigabytes of RAM, so you don’t need the top of the one Samsung phone. However, there’s one cool feature that only works with some very recent phones. And that’s a double tap gesture, which we’ve seen with the latest Apple Watch models. And you can use a double tap gesture to shoot your camera or turn off alarms is what they’re saying for now. Maybe they’ll extend this to other features on Galaxy phones.
Josh Long 17:58
It’s interesting that you mentioned the double tap feature because that is a feature that we already have with Apple Watch. And you can actually do a lot more with that same gesture with your Apple Watch. As a matter of fact, this has actually been technically a part of watch OS for some years as an accessibility feature. And only just recently did they kind of make this more accessible to people who are not using accessibility features by building it in as a regular part of the operating system. But so as I’m thinking about this, you know, we’ve talked before about it might be kind of interesting if Apple made its own ring wearable. And I kind of wonder, Is that necessary, right? Because if the watch does all the things that a ring can do and more, pretty much why does Apple necessarily need to have a Smart Ring. On the other hand, you know, there might also be some interesting use cases for a Smart Ring. Maybe you want to have an extra data point, for example, on certain things that correlates with the data that you’re also getting from your Apple Watch. You know, additional data points are never a bad thing, especially when it comes to health and sleep tracking and things like that.
Kirk McElhearn 19:11
Interestingly, I bought an Oura ring a few months ago and I wrote an article which we’re just focusing today on the Intego Max security blog why Apple should make a Smart Ring. Some of the things I found about Smart Rings versus the watch is some people don’t like the way the Apple Watch looks. And we tried to figure out what it’s called. I thought it was called a score Tango or something. But I think it’s just a rectangle with rounded corners. Some people like wearing mechanical watches. It’s a pretty trendy thing among young people. Some people can’t wear watches at work. I remember my dentist asking me once about the Apple Watch. He said well, I can’t wear it because we have to be you know, disinfecting ourselves all the time. And I showed him at the time I had a soul loop band and he said oh I could wear that since it’s easy to clean doesn’t have, you know, a pin and holes and things like that. Another thing that I discovered when I was exploring the Oura ring is that a lot of people may want to wear a watch during the day but don’t want to wear a watch at night to track their sleep. And a ring is a little bit more comfortable to wear at night, it’s not going to get in the way, it’s if you roll over on, put your head on your wrist, it’s not going to bother you. The thing about Apple with a Smart Ring is well, I suggested in my article that they can have a double tap gesture not knowing that Samsung was going to do this. But another thing that I thought is that you might be able to use an Apple Smart Ring to unlock your Mac, or to use Apple Pay or to authenticate for certain features. Now think about what I call Apples chain of trust. Once you’ve logged into one device, another device connects to it, and it’s confirmed that it’s you. So when you put on your Apple Watch, you tap your passcode it connects to your phone, it knows it’s you, when you take the Apple Watch off, it walks itself until you put it back on again. So if you could somehow authenticate with the ring and be able to use that, for example, my when I’m working on my laptop, and I press the spacebar, my Apple Watch unlocks the laptop, you could do that with the Apple ring. You could even maybe use Apple Pay. Now, one of the things about Apple Pay is you can have multiple cards in your wallet. And you can choose which one you when you’re using Apple Pay. When I go to the supermarket, I use a specific card to buy groceries because I get cash back, it’s a supermarket card, I don’t want the default card, you would have to set a default card with the ring because there’s no display. And if you have to go to your phone to choose the card you’re playing with your ring, there is no point you don’t really need the ring, do you. But I think the other more important thing is that the Smart Ring is here to stay. And whether it’s Oura or Samsung, I think there’s a group of people who want to use a Smart Ring for variety of reasons. And Apple can’t really sit this one out. I’m sure Apple has been working on it. I’m sure they have working prototypes, and they’re all set to watch something like this, it would be an interesting addition to the Apple ecosystem. And it would be great for people who don’t want to wear a watch, and still want to access some of these health tracking and sleep tracking features.
Josh Long 22:07
Right. Now, depending on the price point, if something like this too, I might actually even consider it as an Apple Watch owner if it can do something like sleep tracking really well, because I usually take off my watch at night and charge it otherwise I’ve got to charge at some time during the day. So it would be nice if I could have two devices so that when one is charging, I can be wearing the other.
Kirk McElhearn 22:29
Well, one thing about Smart Rings, both the Oura and the Samsung is that they have about a week’s battery life. Now in my use of the Oura, I’d say it could get five or six days It depends if you’re tracking workouts because you can using the Oura app on your iPhone, you can track workouts so it does more heart rate syncing, etc. So you don’t really have to worry about charging the ring when I was wearing it, which I’m not anymore because they didn’t find it that comfortable. I would take it off when I went into the shower, put it on the little charging dock. And when I got back and put it on it was fully charged. So it would use 15 to 20% of the battery in a day. And it will charge in 15 minutes. And that was really easy. One thing to consider is it the Samsung bring is more expensive than the least expensive Apple Watch. It’s it’s $399. Unfortunately, there aren’t different versions or has multiple price points from about 250 to 450, depending on the finish. And again, there’s a monthly subscription, but you might as well just buy an Apple Watch se to sleep with and use a normal Apple watch during the day just get the cheapest Apple Watch the one designed for kids.
Josh Long 23:35
That’s actually a really interesting point. And since you mentioned that the Apple Watch SE is great for kids. Coincidentally, Apple actually just came out with a new page on site today. And yes, we checked the wayback machine to make sure this was a brand new page. But it’s being reported that Apple just launched this. They call it Apple Watch for your kids page on their sight. And extolling the virtues of getting an Apple Watch SE for your child which you can actually and this is something that’s been the case for a while you can set up an Apple Watch for somebody else who may not have a smartphone of their own. So the idea is if you feel like oh I don’t think I really want my kid to have a smartphone just yet. You can get them a smartwatch instead and still be able to use Find my to see where they are, they can still get eye messages from you and things like that. So it is a really really useful device for kids.
Kirk McElhearn 24:30
You can even get to sell your iPhone SE and so they can make phone calls and you can call them as long as we’re mentioning this about Apple watches and kids. Eaton which is an extremely expensive private school in the UK. I believe tuition is something like 60,000 pounds a year. And so Eaton has decided that children will not be able to have smartphones they will have to turn in their smartphones and they will get a standard Nokia dumb phone. These are wealthy people I mean Prime Ministers have good Want to eat and chiefs of industry diplomats? You know, all the famous be I mean, Prince Harry probably went to Eton. They all go there. And they’re told now that they can’t use their iPhones and this starts from age 13 Eaten if you’ve seen the Harry Potter movies, that’s kind of like what a boarding school is in the UK without the magic. It’s kind of interesting that they’ll get what the CBS News article says a brick phone for use outside the school day, as well as a school issued iPad to support academic study. So they’re still getting an iPad, they’re still getting, you know, good technology. There’s a pretty big movement in the UK to try and prevent young children from having smartphones. We’re not going to argue whether the what the pros and cons of that are. Okay, last thing is a very well known Apple blog called and I’m pronouncing it twice it was that it was TAWU, which meant originally the unofficial Apple weblog. This is a blog that was I mean, this was one of the early Apple blogs, and a lot of well known people worked on it back in the day, it has returned as an AI content, foreign publishing slop using some of the names of its original authors, which were changed after the original authors, notably Christina Warren, who started them when she was 21 found that their name was on this website with an AI photo of a different person. The moral here is, well, anyone can make an AI Generated Content farm. But it’s also a domain can be reused for something now they actually bought the domain from Yahoo, who had bought out the site years ago, it wasn’t a domain that expired. And we’ve warned about expired domains in the past. But this is I hate to say that this, we’re gonna get a lot more of this, you know, these AI content farms, I think we’re gonna get them in tech, I wonder if they’re gonna get a lot of sports websites to do that as well.
Josh Long 26:46
This kind of thing is always a concern, right. And the reason obviously, why this random company came along and decided they wanted to buy up the domain was because they know that there are still old pages out there that are linking to TU Aw. So even though they have relaunched this site under new management, and do not have the rights to any of the old content, this is only new content that they’re publishing, they are still calling it the same thing and giving it kind of a similar logo, you know, using old, you know, Apple colors that like the Apple rainbow with the green leaf on top and all that. So they’re trying to make themselves look like they’re the legit unofficial Apple weblog that it always was way back when and it’s not, it’s clearly not.
Kirk McElhearn 27:37
What I find surprising is I’ve loaded up the site and I’ve disabled my ad blocker and I don’t see any ads on the site. And maybe they’re waiting to put ads to watch the site for a while before they start filling it up with Google ads. One of the real problems I have with websites like this is that AI tools train themselves on stuff that they scraped from websites. And if they’re training themselves on stuff that AI tools have written, that just reinforces the AI slop that goes into the AI tools and comes out the other end.
Josh Long 28:07
It’s like the ouroboros like the snake eating its own tail kind of thing.
Kirk McElhearn 28:12
You can rest assured that all the articles on the Intego Max security blog are handcrafted artisanal articles with no AI swap. Until next week, Josh stay secure.
Josh Long 28:22
All right, stay secure.
Voice Over 28:25
Thanks for listening to the Intego Mac podcast, the voice of Mac security with your host, Kirk McElhearn and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like or review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.
