TikTok is facing serious scrutiny for abetting misinformation campaigns, not just in the US but elsewhere in the world. Are people disinterested in AI? The early verdict on Apple’s new AI features might be summed up as “meh”. Apple Notification Summaries, which utilize Apple Intelligence, has recently been accused of serious message mangling. And TP-Link routers may be banned in the US due to potential national security risks.
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.
Voice Over 0:02
This is the Intego Mac podcast—the voice of Mac security—for Thursday, December 19, 2024. This week’s Intego Mac Podcast security headlines include: TikTok is facing serious scrutiny for abetting misinformation campaigns, not just in the US but elsewhere in the world. Are people disinterested in AI? The early verdict on Apple’s new AI features might be summed up as “meh”. Apple Notification Summaries, which utilize Apple Intelligence, has recently been accused of serious message mangling. And TP-Link routers may be banned in the US due to potential national security risks. Now here are the hosts of the Intego Mac podcast, veteran Mac journalist Kirk McElhearn and Intego’s chief security analyst, Josh Long.
Kirk McElhearn 1:00
Good evening, Josh. How are you today?
Josh Long 1:03
I’m doing well. How are you, Kirk,?
Kirk McElhearn 1:07
I’m doing just fine. Listen, I got to ask you something. Is it true what I saw on TikTok that AirDrop could allow thieves to steal my credit card. (No, it is not true.) The thing about TikTok is people create videos in order to get views, right, to get likes, to get follows. And if someone starts creating a video about something, other people will duplicate it if it’s getting some sort of popularity. And apparently, people started creating videos saying that thieves could steal your credit card, that someone could send you something by AirDrop or receive something. I haven’t bothered to look at these videos. First of all, no one can steal your physical credit card from your phone. What they’re talking about is the credit card that’s in your wallet on your iPhone. But the idea that AirDrop, the air dropping anything could do that would mean that it would have to be able to run executable code to get into a very secure part of the operating system, which contains your credit card. It would be, I mean, this would be true Tom Cruise, wouldn’t it?
Josh Long 2:18
If they could actually accomplish something like that? Then, yeah, absolutely. But this is really not uncommon, this kind of scam where, you know, somebody creates a video, they make it look like something is going on it, most of the time, with a show is something that’s not actually what they’re claiming is happening in the video. Or they’ll, they’ll kind of take still images and kind of mash them all together. I’ve seen a lot of other scam videos sort of along the same lines, not necessarily about AirDrop, but people do this because it gets views and liking or bookmarking. It sends feedback to that platform that, hey, this is a video that people really enjoy, so it spreads even further. And so that’s the problem is that this stuff, whether it’s true or not, if people are engaged and watching the video and interacting with it, that just encourages it to spread even further on the platform. So if you do see scam videos like this, be sure to report them, because that also sends a really strong indicator to the platform to not keep spreading this content.
Kirk McElhearn 3:31
The thing is, we’ve got a well known Apple expert, VanessaRomito13, talking about this, and who wouldn’t believe VanessaRomito13, or TheJourney76 who claims that malicious actors can walk past you now and from one iPhone to another using that AirDrop setting, they can get all of the cards in your wallet, in your Apple wallet. I mean, everyone knows TheJourney76 he hangs out with Tim Cook and Craig Federighi, right? I’ve never heard of either one of these people, but, but as you say, the whole point of the scam here isn’t to get money from you. It’s just to get that little bit of TikTok juice, to get their other videos ranked higher, to get them to show up. And I don’t understand the point of TikTok. We’re going to find out if TikTok is going to survive in the US, because it’s still scheduled to be banned on January 19 in the US. But the Supreme Court just today agreed to hear challenges to the TikTok ban. I believe on January 10, they’re going to hear oral arguments. I think TikTok is asking for a stay from the Supreme Court, which January 19 happens to be the last day of the Biden administration. So if they can get it stayed until the next administration, that might be more TikTok favorable, then perhaps they have a little bit of chance to survive. Meanwhile, the European Commission has opened formal proceedings against TikTok because of a huge amount of misinformation and electoral propaganda in Romania, we don’t often see countries where the country’s Supreme Court or. Ever the equivalent of the Supreme Court has canceled an election and called for it to be rerun. And this is what happened in Romania, where a far right candidate who really didn’t have much support ended up winning the election. It’s not clear if there was other election interference beyond TikTok, but apparently there was a lot of propaganda on TikTok in favor of this person. I think one of the problems with a country like that, maybe TikTok has a lot of moderators in the US and even China, whatever the equivalent of TikTok is there, but in small countries like Romania, maybe they just don’t have many moderators. And if they’re just flooded with propaganda and misinformation videos, they can’t act on them. These videos are probably posted so quickly that they can just delete them, and more are going to be posted.
Josh Long 5:44
That’s an interesting point. And this is something, by the way, that really applies to every platform. It’s not really specific to TikTok. It’s just that they happen to get caught up in this. On any of these video sharing platforms, anybody can create a video and upload it, and the algorithm starts to push it out. And as again, as long as people are interested in it based on their interactions, where how much time they’re spending watching it, it could get, continue to get pushed further and further by the algorithm, because it’s such a rapid pace that this, all of this happens there’s not a lot of time, like, if there’s, if there’s nothing that really makes it obvious that this is potentially, like, you know, election interference or something like that, then it’s just going to spread, and there’s no moderators who are going to catch that and flag it or whatever. So this is a bit of a problem, and it’s something that these platforms need to figure out a better way to address.
Kirk McElhearn 6:43
On top of that, I’m sure that bots can keep flooding the platform with videos over and over, creating accounts posting the same videos.
Josh Long 6:51
Right. And so I’m sure that they probably have some controls in place. I would hope they have controls in place so that if the same video were uploaded multiple times by different people, that it would get blocked. Of course, if they make minor modifications to it, well, that could be harder to to detect. And in part because people do videos like reaction videos, or they, you know, make a minor tweak that you know, they’re calling a parody of of someone else’s video or something like that. So if they are making minor changes, that could be a legitimate change that somebody else is making and recreating it as their own version of that content. So it is a difficult area for, I think, some of these video sharing platforms to deal with.
Kirk McElhearn 7:40
Okay, we discovered a story on nine to five Mac and okay, it’s a little bit dubious. Some company we kind of never heard of that buys and sells iPhones did a survey and found that most users don’t care about AI. And this is not just iPhone owners. This is also Samsung owners. The problem is we don’t know this survey was done. We don’t know. You know, how did they find it talks about 2000 smartphone users, including 1000 iPhone users. Was it a proper polling company? Did it just post this on Facebook or Twitter or something? We don’t know. However, the reason we’re talking about this is I am seeing no end of people on social media saying how useless Apple’s AI features are, particularly the image generation tool, Image Playground, Genmoji. Personally, I think the writing tools are useful. I’ll put a link in the show notes to our complete guide to Apple Intelligence. I think the writing tools can be useful if you know how to use them correctly, to revise, to summarize, etc. But I don’t think there’s much excitement about Apple Intelligence in general, or at least, no more than when the iPhone 12 rolled out with 5G.
Josh Long 8:47
Yeah, your argument here is that this Apple Intelligence thing isn’t really all it was cracked up to be, right? Like, Apple promoted this thing is, this is the next big thing, like, we’ve got Apple Intelligence. It’s not just artificial intelligence. This is Apple Intelligence. This is the good stuff that you’ve been waiting for for years, right? Sure, ChatGPT has been around for years at this point, but you know what? We’ve got the real stuff now. And it’s like, Well, okay, I agree with you, Kirk, first of all that I’ve been seeing a lot of the same kinds of criticism of Apple Intelligence. And I also agree with you that the writing tools so far are the one thing that I’ve actually found to be useful. For example, when you have a big block of text and you just need to reduce the length of it, the summarization feature actually works pretty well. You can sometimes use it multiple times and get it a little bit smaller, but there is a a certain point where it won’t go any any less than that, but, but these are really useful tools in general. Now, where things get really hairy is with the image related features, in particular, Image Playground and Genmoji. And we talked. Talked about these last week, that they’re just not really very useful or practical. I can’t really think of too many real world use cases where people are going to want to spend any time in Image Playground, because, generally speaking, you can go to just about any other image generation, AI chat bot, and put in a prompt, and it’s you’re going to get something better out of it than anything that Image Playground is going to be able to give you.
Kirk McElhearn 10:26
I think it’s important to note that all articles on the Intego Mac security blog are artisanal, bespoke articles which are not written with AI we do sometimes use AI tools in order to I use it for two things, when I’m writing a long article and I’ve made myself an outline, I may ask an AI tool to give me some bullet points for that topic, to see if there’s anything I hadn’t thought of. The other thing that I do, and this I would say a couple of times per article, is, if I’ve got a sentence and there’s a verb that I don’t like and I can’t think of the best replacement, I’ll select that sentence and have Apple’s writing tools rewrite it to see what sort of verb it shows me. I’m using it like a thesaurus. I’d say one out of six times I use what it suggests, and other times I end up looking in dictionary to find what I want. But we’re not pumping out AI slop articles. We are using them. I would say the same way we would use a dictionary or a grammar checker or, you know, that sort of tool. But I think, I think the problem is, once again, this is like the vision pro it’s a solution in search of a problem. Apple had to do catch up. They did link this to ChatGPT. Now, this survey was probably done before or just after the last updates came out. So the 18.2 or the 15.2 and people didn’t have all the new features. I think given time, maybe more people will discover them. One thing is pointed out in the survey is that 29% of the people have used cleanup and Photos, and I’ll put a link in the show notes to my article about that. That’s actually a useful tool. I don’t think people think of it as AI in the same way, because photo editing apps have long had tools to Clean Up, to erase, to remove things, clone tools, etc. So while the way this works is new, it’s just an incremental change from what we had previously.
Josh Long 12:22
Clean Up in Photos. I think that’s actually one of the new useful features as well. We’ve talked about that in previous episodes, and we have an article on the Mac security blog about that, about how that works, and that’s one that I have used and found to be useful. If you just need to remove an object from a photo. It’s really, really convenient to have that on your phone in an Apple built in app, rather than having to go to some third party app to do that. So I do, I do like that feature, too, and some of the others, Notification Summaries is really problematic. There have been, we’ve talked about some of the kind of hallucinations that people have seen where it implies that there are tons of people all at your door all at the same time, and it’s like, you know, what is this a zombie apocalypse or something like, what’s going on?
Kirk McElhearn 13:09
Okay, we’re gonna take a break, and when we come back, we’re gonna talk more about Notification Summaries, because there have been some actually surprising Notifications that this tool has generated,
Voice Over 13:20
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 14:31
So we wanted to talk about Notifications a little bit more. And the reason that Notifications are supposed to be interesting is that they summarize the Notification. In other words, if you get an email, it tries to summarize an email. If you get a message, it tries to summarize a message. I have a ring camera outside my house pointed at my cat flap so I can keep track of where the cats are, and it’s like multiple movements at cat cam in the morning. So it doesn’t really say much, but there was a story on the BB. C news website a couple days ago, which shows some of the danger of these modifications. BBC complains to Apple over misleading shooting headline the BBC News they have screenshots of a Notification from the BBC News app saying that Luigi Mangione shoots himself. He’s the person who killed the health care insurance CEO Brian Thompson in New York recently, and that sort of Notification is problematic because it’s not true. The BBC spokesman said BBC News is the most trusted news media in the world. It is essential to us that our audience can trust any information or journalism published in our name, and that includes Notifications. The article contains another example of a New York Times Notification that mentioned three different stories, so all of them compressed, and the first one was Netanyahu arrested. Well, Benjamin Netanyahu was not arrested. There is an arrest warrant for him from the International Criminal Court, but he hasn’t been arrested. So the problem with these Notifications is you simply can’t trust them. Now, sometimes I get an email Notification or a messages Notification, and it seems to make sense, but other times, it’s just kind of random stuff. And I mean, I’m not going to turn this off, but I’m just going to know that I can never trust the Notifications that I get on my phone anymore.
Josh Long 16:17
Yeah, which is really bad, right? Like, this is the whole thing. This is the whole reason, I feel like, why Apple waited as long as it did to put any kind of AI into the operating system was because of hallucinations. And one could argue that this is more of a mistake than a hallucination, because it’s, again, it’s trying to summarize a big block of text into, like, a few words, right?
Kirk McElhearn 16:40
It’s not making up something in whole cloth. It is, as you say, summarizing, reducing, reducing, reducing to fit in a couple of words.
Josh Long 16:48
And that’s where the problem comes in. Is that sometimes you can’t as easily reduce something down to two words, like Netanyahu arrested clearly those words were in some headline and maybe multiple headlines that it kind of compressed into one two word thing that is clearly not accurate. So this is a problem from the perspective of, if you don’t know that, these are AI generated summaries that you’re getting, and there’s nothing here. There’s no like little badge or anything that says this is AI, beware, there might be some mistakes here. I imagine that there’s a possibility that a lot of Apple users are going to see things like this, believe it’s true, and then, unfortunately, be misinformed based on things that appear to be accurate. Right? Again, New York Times, BBC, push Notifications, you would expect that you can trust these news outlets.
Kirk McElhearn 17:46
What worries me the most is people working trading stocks and bonds that they get in a Notification saying something happened, boom, they go to the computer and they press the big red button to sell everything. It doesn’t take much for that sort of people to react because they’re waiting for the kind of news where if they react a second before someone else, it can mean a lot of money, right? They don’t have time to think in that sort of high speed trading. And that’s really serious that. That’s really disturbing. I’d also like to point out that Apple uses the same technology and summaries of email messages in the Mail app, I find them not quite as bad, but generally, most of the summaries don’t really tell me anything about what’s in the messages, or they just make me confused when I look at them. So I’m going to leave them on for now, because we need to be able to talk about how this works. But I don’t see this as being a really useful technology.
Josh Long 18:38
Speaking of not very useful technologies. Apple just came out with an ad recently showcasing Genmoji, but not actually Genmoji. There’s this whole song that they created for this commercial where it’s just a person singing different prompts. The way that Genmoji works first of all is when you’re trying to send an I message to somebody, you get an option when you want to send an emoji to prompt it for something else. So something that doesn’t isn’t built in. So you can generate a new one. And so these are you would assume, listening to this commercial and watching this commercial, that these are all things that you can just type in and get the results that you’re seeing on the screen in this ad. And unfortunately, it’s not even close to accurate.
Kirk McElhearn 19:30
Yeah, Apple does have a disclaimer at the end of the ad saying, I believe that these were static Gen emojis that were professionally animated afterwards. I mean, when you look at them, you can see that this is nothing like you’re going to get. The shadows, the shading, the detail, is nothing like you’re going to get. And a number of websites have tried to duplicate some of these emoji, like the 12 sided die. Well, I tried. I got a 20 sided die. I got a whole bunch of six sided dice. And it’s just, it’s why waste our time? Speaking of tech. Technologies that are pretty much useless. Firefox has removed the Do Not Track setting after 13 years of users telling websites do not track me, and websites saying, Sorry, what did you say?
Josh Long 20:11
Yeah, this is a feature that was introduced a long time ago with good intention. The whole idea behind this was that there was going to be the standard and all browsers were going to support it, and you could just say, Hey, I don’t want to be tracked. And then the website would comply with the standard and say, oh, okay, no problem. I’ll just opt you out of any tracking that I’m doing. It never took off, and partly because there was no regulation behind it. You know, nobody felt an obligation to comply with this request to opt out. So it just never was really respected or honored by any of the tracking and advertising companies, at least not to the degree that I think users really wanted it to be. And then eventually, I think it just kind of got ignored altogether. Now, ironically, the Do Not Track setting is arguably one of the things that can you help uniquely identify you, in combination with many, many other things that a website can tell about your browser when you visit the site. There’s a website we’ve mentioned many times. Am I unique.org? Where you can go there in whatever browser you prefer to use, and you’ll find that if your browser is not unique, it’s probably one of very few that this website has seen that are exactly like your browser. And part of that is because of things like tiny little settings that a website can determine about how you have your browser set up, that maybe nobody else has that exact combination of settings, and so do not track, is yet another one of these potential settings that can sort of help identify you. But in any case, do not track. Unfortunately, it just doesn’t really work, and so I guess it’s not such a big deal that’s going away. What’s disappointing about this is that this was never really adopted as a standard that anybody really complied with in any meaningful way.
Kirk McElhearn 22:12
Okay, TP Link, which apparently has a 65% market share in the US for routers and other internet devices. This includes like cable modems, range extenders, etc, they may be banned in the US as a national security risk. Now, TP Link is a Chinese company, and obviously there’s a lot of worry about Chinese companies with the recent telecom hacks that have occurred to most of the phone networks in the United States, and it’s thought that perhaps compromised TP Link routers have been used in these hacks. Now, there’s multiple things going on here. Is it just that the routers themselves were hacked because, as we always mentioned, that you got to update the firmware in your router, and maybe people didn’t update it. Is it because there’s a back door in the routers that Chinese hackers know how to exploit? Is there some other combination of reasons why these might be problematic. Now, 65% market share, we looked on a number of different Amazon sites, and in the UK, more than half of the top selling routers are from TP Link. A lot of the others are Amazon’s own Eero brand, but they don’t want to push them too hard to make it look like they’re promoting their own brand over the others. But TP Link is one of the most popular, and they’re probably one of the cheapest, too, right?
Josh Long 23:23
The original source for this story was the Wall Street Journal. They’re the source that is telling us that roughly 65% of the US market for routers is TP Link. I don’t know where they got that information, because I was not able to find any direct confirmation of that elsewhere, but if that’s accurate, and maybe what’s going on there is that TP Link could be a white label option, so that Internet Service Providers maybe are providing something that’s manufactured by TP Link or using their technology, or something like that. This is the home and small business market that we’re talking about here, which is a little different from the telecom networks which are using professional grade routers, they’re not using these like home internet routers. So that is a little bit of a disconnect in this, in this story, if, if there is a connection between TP Link and the compromise of telecoms, that’s not the same thing as a home router that’s potentially compromised. There’s some talk about potentially banning TP Link outright in the US. So we’ll have to see what ultimately ends up happening with that. If you do happen to have a TP Link brand router, I wouldn’t worry too much about it for right now, do make sure that you have the latest firmware update that’s available for your router, so log in check for updates. I wouldn’t be too worried about it at this point. Unfortunately, a lot of times when these sorts of things come up in the news, there’s very little actual evidence for any wrongdoing on the part of these manufacturers, and so unless. They can point to anything specific that is wrong, like, you know, known back doors or router firmware that seems to have been unpatched at the time that it shipped out. You know, like, there would have to be really strong indicators that there’s malicious intent behind something like this for me to really worry about that manufacturer. So I don’t think that you need to throw away your TP Link router and go out and buy a new one at this point, but it is something to just be aware of. Do you have TP Link? I don’t. I use a different brand currently, not, not a brand that I’m going to recommend necessarily, because I have some issues with the one that I do have, I would say that because it’s a popular brand, as popular as it is, I don’t want to immediately discount them and say, Well, yeah, they’re, they’re probably all spies working for that company, and you should never trust this hardware. I I’m not, I’m not willing to go there until we actually have any kind of real world evidence for that.
Kirk McElhearn 25:59
Fair point. I just want to remind listeners that Thursday is restart your browser day. So we’ve talked about this in the past, that for many browsers, they download updates in the background, but they don’t apply them until you quit the browser and re launch it, at which point the browser is going to say, oh, there’s an update here, and they’re going to decompress it and launch it. So Thursday is restart your browser day. We should pick a day of the month for check your router firmware day.
Josh Long 26:24
Sure. We could say maybe the first episode of the month or something. First episode of the month is good. As you’re listening to each of these episodes, you’re going to be restarting your browsers if you’re not already quitting them at the end of the day anyway. So yeah, maybe the first episode of every month check your router, I would say once a month, just to make sure that there’s not any firmware updates available now, by the way, so the router brand that I have, it took more than a year in between updates. And so that’s one of the reasons why I was thinking about maybe getting a new router for the holidays. And when I was looking at Black Friday deals, I didn’t end up buying one. But just after Black Friday, there was another firmware update for my router. And so I was like, Well, okay, maybe I’ll give them a little bit longer, but I do start to get concerned. If it’s been more than a year, there’s a good possibility that they’re not releasing any firmware updates anymore, and so it might be a new time. So it might be the right time to buy a new router at that point.
Kirk McElhearn 27:21
Okay, that’s the end of this week’s episode. Merry Christmas to everyone who celebrates next week, we’ll be doing an overview of Apple security and privacy for the year 2024 until next week, Josh, stay secure. All right. Stay secure.
Voice Over 27:35
Thanks for listening to the Intego Mac podcast. The voice of Mac security with your hosts, Kirk McElhearn and Josh Long. To get every weekly episode be sure to follow us in Apple podcasts or subscribe in your favorite podcast app, and if you can leave a rating, a like or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.
