Frequently Asked Questions Surrounding Apple’s Expanded Protections for Children

Apple’s recent announcement that it would soon be releasing two new technologies aimed at protecting children has generated a firestorm of media coverage and questions from customers. Unfortunately, much of the media coverage has been based on misconceptions about how the technology works, abetted by uncharacteristically bungled communications from Apple. It’s not inconceivable that Apple will modify or even drop these technologies in the official release of iOS 15, iPadOS 15, and macOS 12 Monterey, but in the meantime, we can provide answers to the common questions we’ve been hearing.

What exactly did Apple announce?

Two unrelated technologies:

  • Messages will gain features that warn children and their parents when sexually explicit photos are received or sent. Such content will be blurred, the child will be warned and given the option to avoid viewing the image, and parents may be alerted (depending on the age of the child and settings).
  • Photos uploaded by US users to iCloud Photos will be matched—using a complex, privacy-protecting method that Apple has developed—against known illegal photos considered Child Sexual Abuse Material, or CSAM. If a sufficient number of images match, they’re verified by a human reviewer at Apple to be CSAM and then reported to the National Center for Missing and Exploited Children (NCMEC), which works with law enforcement in the US.

Does this mean Apple is scanning all my iPhone photos?

Yes and no. Messages will use machine learning to identify sexually explicit content in received and sent images. That scanning takes place entirely on the iPhone—Apple knows nothing about it, and no data is ever transmitted to or from Apple as a result. It’s much like the kind of scanning that Photos does to identify images that contain cats so you can find them with a search. So scanning is taking place with this Messages feature, but Apple isn’t doing it.

The CSAM detection feature operates only on images uploaded to iCloud Photos. (People who don’t use iCloud Photos aren’t affected by the system at all.) On the device, an algorithm called NeuralHash creates a hash and matches it against an on-device database of hashes for known illegal CSAM. (A hash is a one-way numeric representation that identifies an image—it’s much like how a person’s fingerprint identifies them but can’t be used to re-create that person.) NeuralHash knows nothing about the content of any image—it’s just trying to match one hash against another. In this case, it’s matching against existing image hashes, not scanning for a type of content, and Apple is notified only after enough image hashes match.

It’s also important to note that this is different from how companies like Facebook, Google, and Microsoft scan your photos now. They use machine learning to scan all uploaded photos for CSAM, and if they detect it, they’re legally required to report it to the NCMEC’s CyberTipline, which received 21.7 million CSAM reports from tech companies in 2020, over 20 million from Facebook alone. Because Apple does not scan iCloud Photos in the US like other companies scan their photo services, it made only 265 reports in 2020.

What happens if the CSAM detection feature makes a mistake?

This is called a false positive, and while vanishingly improbable, it’s not mathematically impossible. Apple tested 100,000,000 images against NeuralHash and its CSAM hash database and found 3 false positives. In another test using 500,000 adult pornography images, NeuralHash found no false positives.

Even if NeuralHash does match an image hash with one in the known CSAM hash database, nothing happens. And nothing continues to happen until NeuralHash has matched 30 images. Apple says that the chances of there being 30 false positives for the same account are 1 in 1 trillion.

I have terrible luck. What if that happens with my account?

Once at least 30 images have matched, the system enables Apple to decrypt the low-resolution previews of those images so a human can review them to see if they are CSAM. Assuming they are all false positives—remember that possession of CSAM is illegal in the US—the reviewer sends them to Apple engineers to improve the NeuralHash algorithm.

Could non-CSAM images end up in Apple’s CSAM hash database?

It’s extremely unlikely. Apple is constructing its database with NCMEC and other child-safety organizations in other countries. Apple’s database contains image hashes (not the actual images; it’s illegal for Apple to possess them) for known illegal CSAM images that exist both in the NCMEC database and at least one other similar database. So multiple international organizations would have to be subverted for such image hashes to end up in Apple’s database. Each source database will have its own hash, and Apple said it would provide ways for users and independent auditors to verify that Apple’s database wasn’t tampered with after creation.

Plus, even if a non-CSAM image hash were somehow added to Apple’s database and matched by NeuralHash, nothing would happen until there were 30 such images from the same account. And if those images weren’t CSAM, Apple’s human reviewers would do nothing other than pass the images to engineering for evaluation, which would likely enable Apple to determine how the database was tampered with.

Couldn’t a government require Apple to modify the system to spy on users?

This is where much of the criticism of Apple’s CSAM detection system originates, even though Apple says the system will be active only in the US. On the one hand, Apple has said it would resist any such requests from governments, as it did when the FBI asked Apple to create a version of iOS that would enable it to break into the San Bernardino shooter’s iPhone. On the other hand, Apple has to obey local laws wherever it does business. In China, that already means that iCloud is run by a Chinese company that presumably has the right to scan iCloud Photos uploaded by Chinese users.

It’s conceivable that some country could legally require Apple to add non-CSAM images to a database, instruct its human reviewers to look for images the country finds objectionable, and report them to law enforcement in that country. But if a country could successfully require that of Apple, it could presumably force Apple to do much more, which hasn’t happened so far. Plus, the CSAM detection system identifies only known images—it’s not useful for identifying unknown images.

Is Apple heading down a slippery slope?

There’s no way to know. Apple believes this CSAM detection system protects the privacy of its users more than scanning iCloud Photos in the cloud would, as other companies do. But it’s highly unusual for a technology that runs on consumer-level devices to have the capacity to detect criminal activity.

(Featured image by iStock.com/metamorworks)

When Should You Upgrade to macOS 12 Monterey, iOS 15, iPadOS 15, watchOS 8, and tvOS 15?

September is here, which means that Apple will soon start releasing major upgrades for all its operating systems. Apple previewed these releases at its Worldwide Developers Conference in June, and many people have been testing the public betas since. Once Apple judges macOS 12 Monterey, iOS 15, iPadOS 15, watchOS 8, and tvOS 15 to be ready for prime time, the question arises—when should you install them?

(Note that we say when and not if. There’s no harm in delaying a major operating system upgrade until Apple has sanded off rough edges that slipped through testing. But waiting too long puts you at risk from security vulnerabilities, increases compatibility annoyances, and prevents you from taking advantage of new features. Plus, when you buy a new Mac, iPhone, or iPad after these operating systems have shipped, you’ll get the latest version, which could pose problems for your existing apps. It’s best to be prepared if you have to replace a device unexpectedly.)

In the past, we’ve offered separate takes on when you should install each of Apple’s operating systems, but many of this year’s new features are spread across multiple operating systems. For instance, the marquee feature of this season’s releases is SharePlay, which promises to let users watch videos, listen to audio, share screens, and more, all while on a FaceTime call that could involve an iPhone, iPad, Mac, or Apple TV. SharePlay sounds technically impressive—we’ll let you decide if it interests you—but it’s not a reason to upgrade right away. Apple has already announced that SharePlay is delayed and won’t ship until later in the year.

So here’s the general upgrade order that we suggest, starting with the iPad. Remember, always make a backup before upgrading a Mac, iPhone, or iPad so you can revert right away if necessary.

iPadOS 15

Upgrade your iPad to iPadOS 15 first. For the most part, iPadOS is a superset of iOS, so why should you upgrade your iPad before your iPhone? The big reason is that Apple has again taken a swing at improving iPad multitasking, and the changes are worth investigating. People who rely heavily on iPads will likely appreciate the new multitasking features, and those for whom the iPad is less important have nothing to lose by upgrading shortly after release.

Particularly welcome is a Multitasking menu at the top center of every window that lets you create a full screen, Split View, Slide Over, and in some cases (like Mail), a center window. There’s also a shelf at the bottom of the screen that shows open windows within an app. You can create Split View spaces by dragging one app from the App Switcher onto another. Finally, a list of keyboard shortcuts appears when you press and hold the Command key on an external keyboard. At long last, discoverability comes to multitasking!

Apple migrated some iOS 14 improvements to iPadOS 15. Widgets can now appear anywhere on the Home screen, and a new larger widget size lets apps display more information. Also coming to iPadOS 15 is the App Library, which automatically organizes all your apps into categories and enables you to avoid cluttered Home screens.

If you’re a Notes user, you’ll appreciate the new Quick Note feature, which lets you create a note with a swipe up from the corner of the screen using your finger or an Apple Pencil. Quick Note can automatically pull in highlighted text or links to a website or app, and it’s easy to add more with the Apple Pencil or keyboard.

Other welcome changes include a Focus mode that reduces distractions; voice searching and tab groups in Safari; FaceTime improvements; Live Text that allows you to search for, select, copy, and translate text in photos (on iPads with an A12 Bionic chip or later); and increased city detail in Maps.

iOS 15

It’s usually safe to upgrade iOS fairly quickly because Apple puts significant effort into ensuring that the new iOS version is a good experience for those who buy the new iPhones that come with it. However, because iPhones are so crucial to our everyday lives, it’s probably worth delaying the upgrade to iOS 15 for a few weeks, just in case. After that, you can install it and enjoy the new features.

Although SharePlay won’t arrive on day one, FaceTime still gets welcome improvements inspired by competing videoconferencing systems. There’s finally a grid view, Portrait mode for blurring the background, different mic modes for focusing on your voice or on sound in the room, the capability to include Windows and Android users, and FaceTime Web links for scheduling and sharing calls.

Messages will collect links, images, and other content that your friends have sent you in a new Shared with You section, which you’ll also find in other Apple apps like Photos, Safari, Apple News, Music, and Podcasts. Plus, when someone sends you multiple photos in Messages, they appear as either a collage or a stack that you can swipe through. There are also new Memoji options to try if you’re into that.

Other new features are similar to those in iPadOS 15, including Focus mode, voice searches and tab groups in Safari, Live Text in Camera and Photos, and improved city detail in Maps, which also gains immersive walking instructions.

watchOS 8

Once you upgrade your iPhone to iOS 15, go ahead and upgrade your Apple Watch to watchOS 8 right away. You may not even notice the difference since none of the changes will force changes in your existing usage patterns.

New features include Portrait mode photos on your watch face, Memories from Photos pushed to your watch, the capability to share photos via Messages and Mail, integration with HomeKit security cameras, more control over scenes and devices in the Home app, digital keys for HomeKit locks, a new Mindfulness app that replaces the Breathe app, a Pilates option in the Workout app, tracking of your sleeping respiratory rate, and a Find Devices app for locating lost devices from your wrist.

tvOS 15

Why put tvOS ahead of macOS? The decision to upgrade to tvOS 15 is easy for most people. It’s unlikely to cause problems for your Apple TV, and the new features won’t get in the way of basic TV watching. Plus, if you have automatic updates turned on in Settings > Software Updates, it will install automatically at some point after release.

You might not want to wait for the automatic update, though. There are plenty of small but welcome improvements, such as the capability to sign in to Apple TV apps using Face ID or Touch ID on your iPhone. The playback interface has a redesigned scrubber that displays more information. The Apple TV will automatically detect nearby AirPods and show a notification to connect them, saving you a manual step. If you have AirPods Pro or AirPods Max, you can listen to Apple TV audio with dynamic head tracking. The TV app will include a “For All of You” row based on the interests of everyone in the house (via Family Sharing). Finally, you can ask a HomePod to play a particular show on the Apple TV and even use one or two HomePod mini speakers as the default audio output.

macOS 12 Monterey

The hardest upgrade decision revolves around your Mac, as always. For the most part, macOS 11 Big Sur has been relatively solid, with fewer complaints than plagued macOS 10.15 Catalina. Some beta testers believe that macOS 12 Monterey is more of a refinement upgrade without the major architectural changes that marked Big Sur and Catalina. That would suggest more stability and the possibility of an easier and earlier upgrade.

Plus, Monterey has some unique features. Most notable is Universal Control, which lets you work seamlessly between multiple Macs and your iPad, connected wirelessly or via USB. You can move the pointer from a Mac to the iPad, type into iPad apps with your Mac’s keyboard, and even drag and drop content from one Mac to another. Another welcome addition is the option to use AirPlay to display video, play audio, or present content from another Apple device to a Mac, something that has previously been possible only in the other direction. Finally, Monterey brings the Shortcuts automation app to the Mac, making it easier to automate repetitive tasks without learning AppleScript or using the aging Automator.

Apart from those features, you’ve already read about most of the changes. They include FaceTime improvements, support for Focus mode, Shared with You collections in Apple apps, tab groups (but not voice searching, sadly) in Safari, a Quick Note hot corner activation option, Live Text, and Maps enhancements.

You may find some of these features compelling, but we recommend waiting to upgrade to Monterey for at least a few months. App compatibility isn’t usually a big problem with the other operating systems, but most of us rely on specific Mac apps—sometimes older versions—to get our work done. Even once you’re confident your apps will work properly in Monterey, there may be workflow or intra-office compatibility concerns if some people upgrade and others don’t. And, of course, unanticipated bugs could crop up at professionally inconvenient times—important work takes place on Macs! So please, do not upgrade to Monterey without checking with us first. With luck, the start of the new year will have brought both the bug fixes and app updates necessary to give the green light.

(Featured image by Apple)

Solve Networking Puzzles with Powerline Networking and MoCA

For most homes and offices, a standard or mesh Wi-Fi network works fine for providing Internet access throughout the building. And when higher throughput is necessary, it’s usually not that difficult to pull Ethernet cable from room to room.

But some buildings seem almost impervious to networking—imagine thick brick walls that both block Wi-Fi signals and make it nearly impossible to pull wire from one room to another. It may not be the entire building—you may just have trouble extending a network into a remote attic or basement room, or to a freestanding outdoor structure.

Where there’s a will (and enough money), there’s a way, of course, but there are two affordable alternatives for bringing network access to tricky spots: powerline networking and MoCA.

Powerline Networking

As you might expect from the name, powerline networking uses technical magic to piggyback data on top of the standard electric cables that are undoubtedly already in every room of your home or office. It has been around for years but was long considered slow and unreliable. Modern iterations of the technology, called HomePlug, have solved many of those problems and offer up to 2 gigabits per second (Gbps) of throughput.

You need a pair of powerline adapters to create a network, and all you have to do is plug them in. However, there are a few things to keep in mind:

  • Powerline adapters must plug directly into a wall socket. You can’t connect them to a power strip or an uninterruptible power supply because the surge protection blocks the frequencies they use for transmitting data.
  • It’s often said that powerline adapters must be on the same circuit, but it’s impossible to predict exactly what that means with the wiring in your particular building. The only way to know for sure is to test to make sure the adapters pair up and provide acceptable throughput. (Depending on the wiring, they may work, but at slower speeds.)
  • If you’re in an apartment or a building with electrical wiring that might extend outside of your space, you can enable security to ensure that other powerline adapters can’t join your network.

The simplest powerline adapters provide just an Ethernet port, but others may offer an additional Ethernet jack, a pass-through electric outlet, and even a built-in Wi-Fi extender. Regardless, they’re inexpensive, with prices for a two-pack well under $100.

MoCA

Its name may sound like a tasty hot drink, but MoCA stands for Multimedia over Coax Alliance, and it’s a standard for using coaxial cables for networking. This isn’t a new idea: those who were around the tech world in the 1980s and 1990s may remember 10BASE2 Ethernet, also known as thin Ethernet, which used thin coaxial cable. However, 10BASE2 Ethernet ran at only 10 megabits per second (Mbps), whereas MoCA offers throughput of up to 2.5 Gbps. MoCA’s win is that it runs over the coaxial cables installed in many buildings, primarily homes, to distribute cable TV. If you already have coaxial cable in your walls, why not use it for networking?

Security remains an issue if your coax cables also carry cable TV or broadband Internet and thus extend beyond your control. The problem is that MoCA signals are quite powerful and can travel farther than intended, such as to neighboring houses. The simple solution is a point-of-entry filter added where the coax enters your house—it prevents MoCA signals from leaving your house. You may also be able to configure a MoCA security key to keep your traffic private, but not all MoCA devices support security.

As with powerline networking, setting up a MoCA network generally requires at least two adapters, although some routers have built-in MoCA capabilities. MoCA adapters usually provide one or two Ethernet ports, although it’s also possible to get Wi-Fi network extenders that support MoCA. The hardware is a bit more expensive than powerline gear, with prices for a two-pack in the $120 to $150 range.

Choosing Wires

Both powerline networking and MoCA require that you have properly configured wires in your walls, so there are no guarantees with either. Your building’s electrical system may be too complex for powerline networking, and even if you have coax cables, there’s no way of knowing if they were installed well or have suffered damage over the years.

But neither is particularly expensive, so as long as you purchase from a vendor that allows returns, you should be able to test either one easily. And if you’re looking for a recommendation about particular brands to get or avoid, contact us.

(Featured image by iStock.com/architectphd)

Need to Share Files Securely? Try Password-Protected ZIP Archives

Imagine you’re staring at a file or folder—perhaps confidential employee information that you need to send to your accountant. If attaching it to an email message makes you think, “That doesn’t seem like a good idea,” award yourself a gold star!

Sending sensitive files via email is a bad idea, partly because the email could be intercepted in transit (possible but highly unlikely), but more because the files then live in both your and your recipient’s email accounts in an unprotected form. If an attacker were to gain access to either of your email accounts, they might scan for patterns like credit card numbers, ID numbers, phone numbers, and postal addresses and find them even in attachments.

There are ways of encrypting email messages so they can be read only by the recipient and never exist in an unencrypted form other than while being created or read, but they’re difficult to set up and fussy to use. For most people, most of the time, encrypted email is overkill.

For a more straightforward solution to exchanging information securely via email, use password-protected and encrypted ZIP archives. They’re easy to create on the Mac, either using a simple command in Terminal or with a third-party utility. And better yet, any Mac user can expand them using the built-in Archive Utility simply by double-clicking and entering the necessary password.

Create Encrypted ZIP Archive Using Terminal

Although many Mac users are intimidated by using the Unix command line in Terminal, making an encrypted ZIP archive is easy enough for anyone. All it takes is typing a single command, dragging a file or folder to Terminal, and entering a password twice. Follow these steps, which make an encrypted ZIP archive on your Desktop:

  1. In your Applications folder, open the Utilities folder and double-click Terminal to launch it.
  2. Type (or copy and paste) this command, replacing “archiveName” with whatever you want to name the ZIP file and making sure to type a space after the last letter—the “p” in “zip”. (The tilde ~ character is Shift-backtick, and it’s the key to the left of the numeral 1 key.)
    zip -er ~/Desktop/archiveName.zip
  3. Drag the file or folder you want to protect into the Terminal window to complete the command.
  4. Press Return, and when prompted, enter the desired password twice—the second time is for confirmation.

Create Encrypted ZIP Archive Using Archiver

If you have trouble with the command-line method or plan to create encrypted ZIP archives regularly, it’s worth using a Mac app that simplifies the process even more. There are various apps, but a particularly straightforward one for those running macOS 11 Big Sur is Archiver ($19.99, with a free trial). Download it and then follow these steps to create an encrypted ZIP archive:

  1. Launch Archiver.
  2. Drag a file or folder to the Archiver window and click the Archive button in the toolbar.
  3. Select the archive format (use ZIP), click the Encrypt checkbox, enter the password twice, and click the Archive button in the toolbar.
  4. Drag the ZIP archive to the Desktop or another folder and click the Done button.

Decrypting a ZIP Archive

As noted earlier, decrypting a password-protected ZIP archive on the Mac is as simple as double-clicking it and entering the password when prompted.

What about iOS or iPadOS? Never fear, since the Files app can also decrypt ZIP archives; just tap the archive to open it and enter the password when prompted.

A Word about Passwords

It’s important to think briefly about how you’re going to communicate the password to your recipient. Don’t send it in email or else anyone who compromises either your email account or your recipient’s account could decrypt the ZIP archive.

Instead, use what’s called an “out of band” communication channel. In other words, if you’re going to send the ZIP archive via email, communicate the password in a phone call or text message. That would keep the password safe if either of your email accounts were compromised.

If you’re sending password-protected ZIP archives to a particular person regularly (and the files don’t contain state or corporate secrets), you could agree on a system for generating passwords so you don’t have to communicate each one individually. For instance, you could combine a random word and the current month, so the password would be “cheddar9September” one month and “cheddar10October” the next.

As you can see, you can use this technique with so little extra effort that it’s worth ensuring a higher level of security whenever you need to share confidential information.

(Featured image by iStock.com/brijith vijayan)