Site icon The Mac Security Blog

Threads Launches, Amazon Primes Again, and Carmakers Surveil Drivers – Intego Mac Podcast Episode 299

Meta’s Twitter competitor Threads has launched, and with it comes the same privacy risks as with the company’s Facebook and Twitter. Amazon Prime Day is just around the corner, and we explain why that cheap iPhone might not be a good deal. And US carmakers are snarfing up data from Bluetooth connected phones.


If you like the Intego Mac Podcast podcast, be sure to rate and review it on Apple Podcasts.

Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.


Transcript of Intego Mac Podcast episode 299

Voice Over 0:00
This is the Intego Mac Podcast–the voice of Mac security–for Thursday, July 6 2023.

Voice Over 0:13
This week’s Intego Mac Podcast security headlines include: Meta’s new Threads social media platform will debut soon. What security and privacy concerns should you have if you’re thinking of signing up? Amazon Prime Days are tempting for tech deals, but there might be some computers and phones you should avoid. US carmakers are spying on drivers through smart car technology. What data can they see? And what do they do with it? Now, here are the hosts of the Intego Mac podcast. Veteran Mac journalist, Kirk McElhearn. And Intego’s chief security analyst, Josh Long.

Kirk McElhearn 0:49
Good morning, Josh, how are you today?

Josh Long 0:51
I’m doing well. How are you, Kirk?

Kirk McElhearn 0:52
I’m doing okay, we’re recording this just after your long weekend when you declared independence from the country in which I live. So congratulations on that. We’re also recording this one week before Amazon’s annual summer of Prime Day. And we’ll talk about that in the second half of the show. We have some tips to share about how not to buy obsolete devices or devices that could be dangerous. From a security point of view. I want to open with an article that you wrote late last night, your time. What did you say between the hotdogs and the fireworks? You wrote a quick article about how Firefox is going to stop updating versions of its web browser that work on older operating systems. And you say this is a good thing. Tell me why.

Will the Firefox browser still run on my older operating system?

Josh Long 1:36
I thought this was worth writing something up, especially because of all the consternation I was seeing among people on social media. Everyone was like, oh my goodness, Firefox is going to stop supporting macOS Mojave. Well, yeah. I mean, macOS Mojave is several years out of date at this point. I mean, Apple hasn’t released any security updates for Mojave since September 2021. I think part of the controversy is that this is now cutting off an even newer version of macOS, than Chrome. And although chromium based browsers are still supporting, those all require at least macOS High Sierra, which, by the way, also stopped getting security updates in November 2020. So I don’t think most people really realize that and they go “Oh, well, but Mojave!” though Mojave is a great operating system. And I’ve still got it on my old Mac, and why can’t I still use Firefox anymore.

Kirk McElhearn 2:31
So basically, your point is they shouldn’t be supporting operating systems that are insecure, and that it’s a good thing that Firefox is doing this. And maybe everyone should do this.

Josh Long 2:40
I think most of the people who are still behind on a very old version of macOS probably either decided to stay there because of some specific reason maybe there’s some software that won’t work if they upgrade further. Or they just feel like their computer’s stable. And so you know, they don’t want to risk upgrading to a newer version of macOS, because maybe it’ll slow down their computer, maybe it won’t run quite as well. They just figure it’s not worth the risk. I think a lot of people don’t really realize that there are security and privacy risks of staying behind an older operating system. The good thing that could come out of this is people who are aware of Firefox now no longer supporting these operating systems may realize that, you know, okay, I guess I am on a really out of date operating system, maybe I should upgrade it and then I’ll be able to use the latest version of Firefox again. By the way, it’s not just old versions of macOS that are no longer going to be supported. It’s also Windows 7 and Windows 8.

Kirk McElhearn 3:43
Wasn’t Windows 7 released in the early years of this century?

Josh Long 3:47
2009, actually, but it still was getting security updates all the way through January of 2020. Microsoft has these alternating years of good operating system, bad operating system. That’s kind of their typical pattern. And so people go okay, well, Windows XP was good. Vista was bad. 7 was good. 8 is bad. And it’s mostly been bad ever since then.

Kirk McElhearn 4:12
Oh, come on, Josh. Windows 11 is pretty good. I don’t use it a lot. I use in virtualization for some things. It’s not that bad.

Josh Long 4:20
It’s not terrible. But you know, this is just the pattern that people have come to expect from Microsoft. And so people were very resistant to the big changes in Windows 8 to the first version of Windows 8, kind of got rid of the Start menu, which was a big thing. And you know, they they wanted to make it like the same operating system that you could use on tablet and desktop. And so they wanted the same interface across everything. And well, desktop users weren’t really into that. They didn’t like that idea at all. By the way. I think the reason Microsoft did that was because they saw that Apple has this dichotomy, right? You’ve got macOS, which is very different from iPadOS, or at the time it was iOS. And they thought, you know, why don’t we just have Windows, it’s just Windows everywhere. It’s the same operating system everywhere. And well, the users rebelled said no, forget that I’m not upgrading to Windows 8.

Kirk McElhearn 5:10
At the risk of being a contrarian. I had a Windows Phone for a while, and I kind of liked that interface. I thought that was pretty good. But that wasn’t trying to be a Windows interface that was them, creating an interface for the phone.

Josh Long 5:23
So getting back to the whole Firefox thing, there is a solution, if you for some reason, really intentionally want to stay on an insecure version of macOS, you can still get a browser that will continue to get security updates. I don’t know if we’ve talked about this before. It’s called Pale Moon. This is actually a forked version of Firefox. And one of the big selling points of Pale Moon is that it’s specifically designed to run on very old operating systems. So if you have a particular need, you can still get security updates if you’re using Pale Moon. And Pale Moon works all the way back to OS 10, Lion 10.7, which originally came out in 2011. And it still supports Windows 7 as well.

Kirk McElhearn 6:11
Now, one thing I see on the Pale Moon website is that there’s a macOS ARM version. So that’s Apple’s own processors, but the Intel version says it has to be 64 bits. And I’m thinking that anyone who’s running an old macOS Mojave might have a Mac that is 32 bits and wants to use 32 bit software, and doesn’t want to update for that reason.

Josh Long 6:32
Well, that’s a fair point. If you happen to be running a First Gen Intel Mac, which would be the 2006 models, there might have even been early 2007, possibly that where Apple was still selling some 32 bit Intel processors, it was just the Core Duo, that was the one processor that is not capable of running 64 bit code. So as long as you have a Core Two Duo, or later, you can run OS 10. Lion, and you should be able to run Pale Moon.

Threads, an Instagram App, is a new social networking platform from Meta, the same company responsible for Facebook.

Kirk McElhearn 7:07
Okay, by the time you hear this podcast on July 6, it’s very possible that a new social networking app will have been released. It’s called Threads an Instagram app. And it looks oddly like Twitter.

Josh Long 7:22
Yeah, this is no big surprise. If you happen to follow social media. There’s been a lot of well, you know, we’ve talked about how Twitter (The Twitter meltdown.) Yeah. So Twitter got bought by Elon Musk. And there have been all kinds of crazy things that have been going on. And the most recent crazy thing that Elon decided to do with Twitter was to kill off support for being able to view tweets unless you’re currently logged in. So you’ve always been able to send a text message of a tweet to somebody, and they can see the preview of it automatically, it’ll just show up right there in their messages app. We can’t do that anymore. And to kind of imply that this is all just temporary, but we’ll see what actually happens.

Kirk McElhearn 8:06
And when they started doing that, I mentioned to you that we should no longer embed tweets in articles. But we should take screenshots because it’s very possible that that’s going to be shut off as well, which means that we might embed a tweet in an article as evidence of something or as a quote from someone, whereas in six months or a year, it might no longer be available. And a lot of websites do this, you’ll see that the Huffington Post has an entire department of articles that are only made up of embedded tweets.

Josh Long 8:33
People are starting to look for Twitter alternatives. There’s Bluesky, which is still kind of a private beta thing that you have to request access to and then you have to get an invite. Then there’s T2 which you know is only at like a couple of 1000 users at this point they have a very slow start to their their launch and rolling out invites. And then you’ve got…(Well there’s Mastodon.) Yeah, there’s Mastodon. Mastodon’s actually been around for a while, but it’s got a little bit of a barrier to entry. Because one of the things that you’ve got to figure out when you sign up is which server am I going to pick? Which instance they call it.

Kirk McElhearn 9:12
Mastodon is like the Linux of social networks.

Josh Long 9:15
Right, right. It’s a distributed social network, “federated” as they call it, where anybody who wants to can run a server that is part of the Mastodon network. And so that’s a bit problematic in terms of like figuring out whose instance you should join, you know, should you go to one of the official ones that Mastodon itself runs or should you go to somebody else’s and it’s, it’s a bit complicated the onboarding part of it, and also there’s not really a lot of celebrities there, which is a big problem for Mastodon because how are you going to get people to stay there or even come there in the first place if you don’t have all the celebrities.

Kirk McElhearn 9:55
And that’s what Meta is trying to do with Threads. Remember, this is Threads is an Instagram app. But Instagram is owned by Meta, which is Facebook, they’re trying to say, Well, you’ve got all these influencers you follow on Instagram, you can just use your Instagram account and talk to the same people with Threads. Now, by the time this podcast is out, I think it will be available for download. But from the screenshots on the app store, you can see it looks exactly like Instagram, just without that bit on the top with the where you put a photo. It has a re something button, it’s not a retweet or retruth, it’s going to be reThread, or whatever they want to call it, which Instagram doesn’t have. And I’ve never understood why you can’t share content on Instagram like that. And it looks like you can actually put links in posts. Unlike Instagram, “link in bio”, you can’t put links to anything. It also looks like three interns whipped this up over a weekend using the existing Instagram codebase. And just pulling out a few things that weren’t needed. It looks like Instagram. So anyone who uses Instagram is going to feel right at home.

Josh Long 11:00
It also looks like a Twitter clone, which is really what it is.

Kirk McElhearn 11:04
Well, but yeah, that’s fair.

Josh Long 11:07
We’re talking about this because there also is a privacy angle to this, of course, because Threads and Instagram app is owned by Meta, which is Facebook, right? We know that there have been a lot of problems over the years. There’s the whole Cambridge Analytica scandal and and many, many other examples of Meta not really respecting people’s privacy.

Kirk McElhearn 11:31
Apple’s App Store in the app Privacy section says for this app, the following data may be collected and linked to your identity. You can cut me off if this goes on too long. Health and Fitness, financial info ,contact info, user content, browsing history, usage data, diagnostics. I’ll stop there. That’s the first of two columns. So there are actually 14 different items listed. Now to be fair, of course, they’re gonna have your contact info, because you’ve signed up for the thing. They’re going to have your financial info, maybe if you want to buy ads, they’re going to collect usage data and browsing history. But it’s Meta, right? It’s Instagram, it’s Facebook. So they’re going to be snarfing up everything they can about you.

Josh Long 12:12
Yeah, basically, when Apple asked them to assert what types of information they would collect and associate with your identity, they checked all the boxes. They just said, Yep, we want your location, your contacts, your sensitive info is also one of the items listed there. So they want everything and they don’t want to you know, even hide the fact that they want everything. There are a couple of things that you can probably do right away. Again, as of when we’re recording this, the apps not out yet. But presumably like any social media app, there are probably some settings that you can tweak. So if you do decide to try out Threads, make sure that you look for settings within the app, see if they have privacy settings that you can adjust to make it better fit what you want them to be able to get. Also, it’s very likely going to ask for permission for things like your camera, your microphone, your location, your contacts, Apple requires that you ask the user for access to all these things, rather than they don’t allow you to just grab all that stuff without asking permission. You can try to avoid opting into those things. But of course, it’s entirely possible that the app will only work if you grant camera permission, for example.

Kirk McElhearn 13:30
As soon as this app is available, I’ll be writing an article for the Intego Mac Security blog talking about the privacy settings, and I’ll talk about Instagram privacy settings as well, they’re probably going to be exactly the same. Check it out if you want. Although it seems that if you’re in the European Union, you won’t be able to. Apparently they’re not going to watch this app in the European Union because of GDPR and data protection reasons. We’ll find out more about this very soon. We’re gonna take a break when we come back, we’re going to talk about Amazon Prime Day and some other security news.

Voice Over 14:01
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X 9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Ventura, and the latest Apple silicon Macs. Download the free trial of Mac Premium Bundle X 9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the Special Discount Link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.

What are some good tips for shopping during this year’s Amazon Prime Days?

Kirk McElhearn 15:16
So next week is Amazon’s annual Prime Day. How long have they been doing this? I know the last time we talked about Prime Day, we looked it up. And it hasn’t been as long as we thought. It’s worth doing just a refresher course on it. They’re going to try and sell you a lot of stuff on Prime Day. And we don’t really care if you buy more cat food or exercise equipment or anything like that. We’re actually warning you about buying old computing hardware, old iPhones, Macs, iPads, Apple Watches.

Josh Long 15:44
That’s right. Just a couple of weeks ago, I saw an ad on a Mac tech news site that was advertising a discounted iPad 7th generation. Well, okay, so the seventh generation is still going to be able to run iPadOS 17, which is coming out in a few months. But this model was first released in 2019. And so there’s a pretty good chance that starting a year from now, it may not be able to upgrade to iPadOS 18 when that comes out, just given how old the model is, and where Apple usually draws the line. It was at a decent discount, but really not quite so great if you consider how old this model was. And so I thought with Prime Day coming up, let’s bring this up. If you’re gonna buy new hardware, whether it’s an iPhone or an iPad or Mac, you want to make sure that it’s not a model that’s like right at the tail end of the older end of the what the upcoming operating systems are going to be supporting because there’s a good chance that it may not get updates next year. In fact, be very careful to make sure that you don’t buy some hardware that’s not even going to run this year as operating systems. We’ve got macOS Sonoma about to come out, and iOS and iPadOS 17. And if that hardware is not going to support those operating systems do not buy it.

Kirk McElhearn 17:14
The same is true for the Apple Watch. And Josh has been on this crusade for a while, angry that Apple was selling the Apple Watch Series 3, even after it was clear that it was no longer going to get any security updates. Don’t buy an Apple Watch Series 4, because it’s probably not going to last very long.

Josh Long 17:31
You can still find the fourth gen not from Apple. But there are a lot of other sellers that still have fourth gen Apple Watches available for sale. And yes, you can run watchOS 10 on them, but you may not be able to run watchOS 11 next year.

Kirk McElhearn 17:47
I’m going to link to a couple of articles on the Intego Mac Security blog that we published in recent years giving some more tips about what to buy and what not to buy when it’s on sale. Don’t buy an old router, for example, because it may not get firmware updates. Don’t spend all your money on Prime Day, you might find something you’ve been looking for, but don’t get sucked into the sales and aren’t really sales. You know, Amazon does this every year. Now, I will suggest that if you do want to buy an Amazon device like a Kindle or an Alexa device, this is the time to buy it because Amazon offers very deep discounts. And for that alone, if you’re using these devices, this is the time to act.

Josh Long 18:21
And a quick reminder about a couple of places that you can go if you want to look for deals on particular items. If you don’t really care about browsing through all the deals, and you just want to find out if something that’s on your wish list happens to be on sale, you can use camelcamelcamel.com, or the Price Pulse app, which you can find at pricepulse dot app. They’ve got a link to the app store download for that out there.

US carmakers collect data on drivers.

Kirk McElhearn 18:45
Okay, we have some other security news. And this is something that I guess it’s not surprising. You know, I, I have a Peugeot E 208 and it’s an electric car. And I had to contact my dealer recently because I got an email saying I needed service and I called them and the service people didn’t answer was actually the person who ran the dealership who did. And we got to talking about, you know, I was saying that the car is great, but the app really isn’t. And he’s well if the car’s great that’s all that matters and I was saying. You know, this is a computer on wheels, the apps matter. And now these computers on wheels are surveilling us. We have an article here on the Private Internet Access blog about how top US car makers spy on drivers. Basically, they’re just collecting a lot of data.

Josh Long 19:32
Well, the article mentions that some of the types of data that may be collected include the phone numbers you’ve dialed, your call logs, location history and your garage door codes, interestingly, but they’re really only able to collect all that information if you’re connecting your phone to the car through Bluetooth. So if you’re using CarPlay CarPlay is designed with privacy more in mind so it should prevent the vehicle manufacturer from being able to collect that kind of information. CarPlay gives you that visual interface in your car, but keeps your data private on your phone. And so it’s really just those Bluetooth connections that in particular that you need to worry about.

Kirk McElhearn 20:14
I think a good comparison is the fact that TV sets collect so much data about what you do. But if you connect an Apple TV to your TV set, then the TV can’t collect that kind of data, because you’re not making these requests to the TV. It’s all going through Apple servers. Now, I don’t know how Android Auto works. This is Google’s Android version of CarPlay. But since it’s Google, I kind of wouldn’t trust them to not be collecting data about me.

Josh Long 20:41
If using Android, I would definitely have less of an expectation of privacy than if you’re using an iPhone.

How does using Google Chrome Remote Desktop help get control of another computer?

Kirk McElhearn 20:48
Okay, speaking about Google, we found a story, this is a couple months old, it’s apparently easy to take control of another computer using Google Chrome Remote Desktop. Now, it doesn’t mean that someone’s just going to take control ad hoc, but you might get some sort of a contact for a scam that wants you to connect to a certain address on the web, which if you’re using Google Chrome could give someone access to your computer, right?

Josh Long 21:15
This is something that you can that anybody can go to remote desktop.google.com. There are many free services like this, there’s lots of different sites that you can go to, and you can configure them to allow people to access your computer or share your screen with somebody and things like that. But the interesting thing I think about this is that this is Google like this is an actual Google website, something.google.com. Right, that’s kind of a big deal, because I think it’s more likely that somebody is going to be trusting of that site. So if somebody comes along, and maybe they send you a Google phishing message, maybe even to your Gmail account, and if they tell you to go through this process, and they tell you to go to remote desktop.google.com, it might actually seem legitimate, that maybe somebody who’s an actual Google representative might be trying to get remote access to your computer to help you with something. So it is something to be aware of, and something to be very careful about. There are many, many different kinds of remote access tools available, many are perfectly legitimate, many will run in a browser, but this one in particular is when I think to specially watch out for.

Kirk McElhearn 22:27
If you’ve had support from Apple, in recent years, you’ve probably seen this. Apple has a very clever system. Initially, it was just in macOS, and then they added it to iOS and iPadOS a couple of years ago. So they will ask for your Apple ID and they’ll send you a request, you’ll get a notification saying that Apple wants to connect, and you have to approve it. And they’ll explain that you can stop the recording at any time and all this and then they can see your screen, you’ll see the special cursor that they use to move around. And they can do this on the iPhone and the iPad as well. Which, back in the day when you had to describe I mean, I’ve done tech support for friends and family tell me what you see, well, let me see what is it and you spend so much time trying to get the person to explain what they see. And it’s much more practical when they can actually see it. So Apple does this. But Apple only does this through Apple, they don’t have a way of other people accessing this. Now, Apple does have remote desktop that you can connect to a computer on your network. If you have an account, you can connect or if someone set up guest access, you can do that. So for example, I run a Mac mini server without a monitor. And I connect to that via remote desktop. So I can actually see the display on my iMac. But Apple doesn’t have this kind of system where you can connect over the web. Now someone can connect with FaceTime and share a screen. We’re talking over zoom right now. And you can share screens with that. So there are tons of ways to share a screen. But I think that the point that Josh is making here is that it’s Google and it sounds official.

Josh Long 24:02
Exactly. So just be aware of this. We don’t know as of right now that scammers are using this. But it would not be surprising to see a scammer use especially a Google tool for this purpose.

Gmail can monitor the “Dark Web” for stolen or breached personal information.

Kirk McElhearn 24:14
Okay, one more Google story from May Google’s Dark Web monitoring feature is now available for all us Gmail users. Whenever I hear the term Dark Web, on the TV news, there’s a guy in the hoodie there’s the matrix screensaver, there’s a dark room someone with a bright screen shadows, Dark Web is like where people buy and sell drugs is that it?

Josh Long 24:36
I think most of the time when people say Dark Web, they’re probably talking about sites that cannot be accessed from the the general public internet. So something you can’t find on a Google search, for example. Now that is also sometimes called the Deep Web websites that are publicly available but not indexed by Google. So there’s there’s a distinction there but Dark Web can also refer to that Things like websites that are only accessible via Tor. So usually these are dot onion websites, you can’t go to something dot onion in your browser. But if you are using the Tor browser, which connects through a private, interconnected network, that’s kind of separate from the rest of the web, then you will be able to access dot onion websites. That’s usually I think, what people are talking about when the speak of the Dark Web. So it’s this Yes, potentially seedy underbelly, the potential for a lot of illegal and you know, illicit activity there, which, not surprisingly, is why a lot of federal law enforcement actually run Tor nodes because they want to be able to see what’s going on on this Tor network. And so they’re hoping that they can be your exit node so they can find out exactly what you’re doing. But anyway…

Kirk McElhearn 25:54
So Google is going to alert us as if their personal information, their name, address, email, phone number, or social security number is found on the Dark Web, I think the best way to think of the Dark Web is it’s that alley behind the bar, where you don’t want to go. And so Google is kind of just telling you that your wallet was found back there, but they’re not going to get it back for you. So I’m not sure how useful this is.

Josh Long 26:19
Yeah, that’s a good point. Yeah. Right. It might be interesting to know that some data of yours leaked. Interestingly, they don’t say anything about monitoring for passwords of yours that may have leaked on the Dark Web, which seems like one of the most obvious things to check for. And also, I’m not exactly sure how Google has your social security number to be able to monitor for your social security number being available on the Dark Web. Yeah, I don’t think I’d want to give Google my social security number just so they could find out whether it’s on the Dark Web. Seems a little sketchy.

Kirk McElhearn 26:51
Okay, that’s enough for this week. If you’re interested in Threads and Instagram app, you can try it out starting today. And unless you’re in the EU, we’ll have to wait. And don’t forget Amazon Prime Day next week. Go to the show notes for this episode. I’ll have lots of links for articles to tell you how to stay safe when you’re shopping. Until next week, Josh, stay secure.

Josh Long 27:08
All right, stay secure.

Voice Over 27:11
Thanks for listening to the Intego Mac podcast, the voice of Mac security, with your hosts Kirk McElhearn, and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like, or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode podcast.intego.com The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.

Share this: