How to ditch Google and switch to DuckDuckGo


The door mat at DuckDuckGo HQ.
The door mat at DuckDuckGo HQ.
Photo: DuckDuckGo

DuckDuckGo is a private search engine. Unlike Google, it doesn’t track your internet use, save your searches, or track your location. DuckDuckGo’s reason for existing is to protect your privacy on the internet, but it’s also a great search engine. And when it doesn’t find the results you want, it’s easy to run that search in Google.

Today we’ll see how to switch all your searches to DuckDuckGo, and how to add a one-tap Google backup search.

How to stop your Mac from installing Apple’s silent updates


Switching off Apple's silent updates is probably a bad idea, but here's how to do it if you must.
Switching off Apple's silent updates is probably a bad idea, but here's how to do it if you must.
Photo: Charlie Sorrel/Cult of Mac

Thanks to the Zoom fiasco, which left a secret webcam-sharing server running on Macs of anyone who previously installed the videoconferencing app, Apple issued two silent updates in the past week or so.

These silent updates are security patches that Apple can apply to your Mac automatically, without asking you first. They’re relatively rare, and are a great way for Apple to patch security holes almost instantly. They prove especially helpful for the kind of user that never, ever bothers to run software updates.

But what if you are a Mac nerd? Maybe you want to have a say over this kind of thing. Or perhaps you run IT for a company, and don’t want anything being installed on the business Macs without you checking it first. Can you switch off Apple’s silent updates? Yes, you can. Here’s how.

Beta users can now sign into iCloud using Face ID or Touch ID


The latest Apple betas offer the option of signing in with Face ID or Touch ID.
The latest Apple betas offer the option of signing in with Face ID or Touch ID.
Screenshot: Charlie Sorrel

Users running the latest iOS 13, iPadOS 13 or macOS Catalina betas can now sign into iCloud using either Face ID or Touch ID.

If you’re using these beta versions, visiting iCloud in Safari will present a pop-up asking if you want to log in using biometrics.

’CrescentCore’ malware attacks your Mac, evades antivirus tools


Don’t install Flash Player. Not even the real one.
Photo: Intego

Security researches have discovered new malware that targets macOS users and evades popular antivirus tools.

“CrescentCore” is distributed as a DMG package that’s disguised as Adobe Flash Player. It can now be found on multiple websites — one of which is “a high-ranking Google search result,” according to Intego.

Apple security chief will talk iOS 13, macOS Catalina at Black Hat


Ivan Krstic last appeared at Black Hat in 2016.
Photo: Black Hat

Apple security chief Ivan Krstic will be returning to the Black Hat security conference this summer to discuss iOS 13 and macOS Catalina — as well as the security protections in Apple’s new Find My service.

The 50-minute talk, titled “Behind the scene of iOS and Mac Security,” will take place on August 8. Krstic describes it as the “first public discussion of several key technologies new to iOS 13 and the Mac.”

How to ask Google to auto-wipe your activity data on iOS


It takes care of itself.
Photo: Killian Bell/Cult of Mac

You can now ask the Google app on iOS to automatically wipe your location and activity history.

The new feature, which was showcased during Google I/O in late May, takes the hassle out of covering your tracks. You only have to set it up once and it will take care of itself going forward. Here’s how to get started.

If you’re using an AirPort, you should upgrade it ASAP


AirPort Express
Anyone with an AirPort Express like this one should install the latest security update.
Photo: Apple/Cult of Mac

Apple discontinued the AirPort line of wireless routers last year but continues to support them, including efforts to keep out hackers. The US government’s Cybersecurity and Infrastructure Security Agency (CISA) released a statement urging users of networking equipment to install a new firmware patch to block attacks.

How (and why) to make your own power-only USB cable


Title image
Assemble your tools for a fun hack attack
Photo: Charlie Sorrel/Cult of Mac

USB is dirty. Just like you’d never stick your body parts into a mysterious public hole, neither should you plug your iPhone into a public charging station. iOS is pretty good at rejecting unknown connections from USB, but why take the risk?

There are a few ways to make public iPhone charging safe. One is to plug into a power outlet using your own plug and cable. But what about on a plane or train, or other public spot where only USB outlets are available? Or a friend’s computer, one that might be riddled with malware? Then you need a custom USB cable, one that only passes power, and not data. The good news is that, if you have an old Lightning USB cable laying around, you can easily fashion your own, just by yanking out two pins from inside the USB plug.

Here’s how.

Be very careful about buying used Nest security cams [Update]


Who’s watching you through your Nest?
Photo: Nest

UPDATE: See the statement received from Google at the bottom of this story.

You might want to think twice about buying used Nest security cameras.

A new report reveals that secondhand models can allow previous owners to spy on new users — even if they correctly follow Nest’s instructions on resetting the device. There’s currently no fix for the security flaw.

Guardian Firewall is the first true privacy-protecting firewall for iOS


A partial visual pun for a firewall.
A partial visual pun for a firewall.
Photo: Charlie Sorrel/Cult of Mac

Guardian Firewall claims to be the first proper firewall app for iOS. It works by routing all the network connections from your iPhone or iPad through a VPN, and then filtering out privacy-invading trackers on Guardian’s own servers.

The idea is that all the heavy lifting is done on those servers, so you don’t have to worry about battery drain, or on the iOS security features that prevent an app from futzing with your internet connection.

Sounds good, but should you trust Guardian Firewall?