newsletter banner

ISSUE 19.52.F • 2022-12-26 • Text Alerts!Gift Certificates
The next free edition of our newsletter will be published on January 9, 2023.

In this issue

PUBLIC DEFENDER: The best tech secrets of 2022: AirTags, TikTok, Twitter, oh my

Additional articles in the PLUS issue • Get Plus!

MICROSOFT 365: Microsoft 365: Year in review

FREEWARE SPOTLIGHT: Firewall App Blocker — Make the Windows firewall usable

ON SECURITY: Finding good security information


ADVERTISEMENT
Your Ad Here!

Buy new WinX DVD Ripper, Get 4 More Tools for Free

The upgraded WinX DVD Ripper can rip newly-released DVD movies & TV series to MP4 videos at 5X faster speed. It enables you to play DVDs on your new iPhone 14.

In the time-limited Xmas promo, you can get the new WinX DVD Ripper at 82% off and also another 4 useful tools for free.

Get WinX DVD Ripper & 4 Gifts Now >


PUBLIC DEFENDER

The best tech secrets of 2022: AirTags, TikTok, Twitter, oh my

Brian Livingston

By Brian Livingston

Amid my efforts to help you protect yourself against some rather aggressive technologies, I’m glad to report that there’s been at least some progress this year on the worst aspects of our “labor-saving” devices.

Please note: I’m not claiming that my columns by themselves caused any of the changes I describe below. I just report the problems. We can all celebrate when bad tech is improved, whoever may have developed a particular solution.

If you don’t use an iPhone, choose a tracker for Android phones instead

I reported earlier this year that Apple’s new AirTag tracking devices had weak security features.

Specifically, the button-sized, wireless key-ring finders are being used by criminals to track people and trail high-value vehicles to steal. (These uses ignore the devices’ legitimate purpose: helping you find your bicycles, travel luggage, and other possessions). The Positive Security consultancy, using only three inexpensive pieces of tech hardware, was able to defeat all of the fairly limited anti-stalking features that Apple’s AirTags do include.

AirTag warning by Erika Torres

These problems have been shouted about by many people. One of them, TikTok poster Erika Torres, published in a Daily Dot blog a video showing that someone had planted an AirTag on the underside of her car.

After using her iPhone to connect to Apple’s AirTag server, she found that the device had been reporting her location to an unknown stalker when she was at a bar, while driving, and at her home. (See screen capture at left.)

Tracking devices have been available for decades, of course. But they generally required a GPS service, the payment of a monthly fee, and some technical savvy.

Apple’s release of $29 AirTags in 2021 changed all that. For the first time, any criminally minded person with enough skill to turn on an iPhone could track anyone or anything by hiding an AirTag in a victim’s vehicle, purse, etc.

A study of crime reports from eight major US police departments was recently revealed in a Vice blog post. One-third of the AirTag-linked files involved women being illegally tracked by men. Fewer than half of the complaints mentioned AirTags being used to locate and steal cars, bicycles, and other valuables.

While current and former suitors and husbands are the stalkers in most cases, that’s not always true. Police in Indiana arrested a 26-year-old woman in June for allegedly using an AirTag to track her estranged boyfriend to a bar, where she killed him (USA Today).

In an attempt to quell criticism of the AirTag’s lax security, Apple released last December a notification app called Tracker Detect for Android phones. But that app doesn’t work automatically, the way the app for iPhones does. You must run Tracker Detect manually every time you suspect that an AirTag may have been planted on you. (For automatic notification on Android phones, my column recommended the free AirGuard app from Google Play.)

Apple could easily fix most stalking problems. But at this writing, the Cupertino tech giant hasn’t implemented in AirTags even the most basic precautions:

  • You should be alerted to an unwanted AirTag as soon as you’ve driven a few blocks. iPhones currently don’t warn you immediately when a device has been planted in your vehicle or belongings that are moving with you, which likely means a stalker is following you.
  • An AirTag’s beep should alert a stalked person within minutes. Apple doesn’t make the devices beep until a victim has been tracked for 8 to 24 hours — and sometimes longer.
  • The victim should be able to see the stalker’s identity. Apple doesn’t display an AirTag owner’s name unless that person has registered it as “lost.” Someone who is illegally tracking a victim shouldn’t be able to claim their privacy is being violated by mere identification.
  • Stalked persons should be able to make an AirTag beep repeatedly. Apple doesn’t allow an AirTag to sound an alert on demand, once its initial notification has sounded. That makes it hard for a tracked person to locate and disable a hidden tracking device.

More on these recommendations and other concerns can be found in a Tech Wellness blog post.

The problem of people being stalked — as opposed to tracking devices being used to harmlessly locate lost key rings and so forth — can be largely eliminated. Apple, Google, and other smartphone makers should include automatic tracker notification in iOS, Android, and all other mobile operating systems.

Google was rumored to be adding universal tracking notification into Android beta version 22.12.13 back in March. The feature will hopefully allow you to halt alerts of non-worrisome AirTags that a friend traveling with you may be carrying. But the capability is apparently not yet installed, much less turned on by default (9to5Google).

Until automatic warnings are included in all smartphones, the global editor in chief of Tom’s Guide says, “AirTags should be pulled from the market.”

If you don’t own an iPhone, what’s your best bet to automatically get notifications that you’re being stalked, as well as to use these tiny devices to legitimately locate your belongings? Purchase a technology that works with Android devices (which now comprise 72% of the smartphones in the world, according to StatCounter):

Tile tracker versions
Figure 1. The highly rated Tile tracking devices come in four sizes and in different colors: the adhesive Tile Sticker, the square Tile Mate, the rectangular Tile Pro, and the credit card–sized Tile Slim.Source: Branded Tile product page

  • Tile trackers work with both iPhones and Androids. The devices use the widely deployed Sidewalk network, communicating via any nearby Echo speakers, Ring cameras, and other Amazon gadgets. (See my May 24, 2021, explanation of Sidewalk.) Tile devices are No. 1–rated in reviews of the major tracking brands by Tom’s Guide and Technology Personalized.
  • Samsung SmartTags work primarily with Galaxy smartphones. These trackers communicate with nearby Galaxy phones using BLE (Bluetooth Low Energy), Samsung’s SmartThings app, and/or the newer UWB (ultra wideband) radio standard.
  • Chipolo devices work either with a Chipolo app or with Apple’s Find My app. Chipolo’s button-sized ONE and slim CARD trackers communicate with Android smartphones that have Bluetooth enabled. The company’s separate trackers for iOS connect via Apple devices. You must purchase devices that use one technology or the other.
  • Apple AirTags communicate via iPhone 11 or later or via iPad 14.5 or later. In addition to the concerns described above, AirTags have no loops, unlike the other brands. To clip an AirTag onto a keyring, bicycle, or other possession, you must purchase a separate fob.

In addition to the reviews I link to above, read my January 10 and March 7 columns for information on the security (or lack thereof) of AirTags.

TikTok is still as bad as before, but now it’s in even more hot water

I reported this year that TikTok, the hugely popular short-video app, collects users’ passwords, crypto wallet addresses, and much more, transferring all this information to servers that are accessible by officials in Beijing, China.

Chinese Chairman XI and former US President Donald Trump
Figure 2. In 2020, former President Donald Trump proposed banning TikTok or forcing its Chinese owners to sell the app to a US-owned company. Officials serving Chairman Xi Jinping called this prospect “open robbery.”Photo by No Mad

Efforts to ban TikTok in the United States go back to a July 31, 2020, address by former President Donald Trump. In the absence of a ban, he said, he would attempt to force the app to be sold to an American company. (See Figure 2.)

I wrote that legal challenges had frustrated those goals. But the incoming Biden administration subsequently prohibited TikTok’s use on devices employed by the US military, the Department of Homeland Security, and the Transportation Security Administration (TSA). The government of India also banned TikTok and several other Chinese-developed programs from the devices of that country’s 1.4 billion people, calling the apps a threat to national security.

TikTok has only gotten into more trouble since then. In the US, TikTok’s use by government agencies, employees, and contractors is banned as of this writing in 16 states: Alabama, Florida, Georgia, Idaho, Iowa, Maryland, Nebraska, New Hampshire, North Dakota, Oklahoma, South Carolina, South Dakota, Tennessee, Texas, Utah, and Virginia (Wikipedia).

The controversy has barely dented TikTok’s popularity among the general public, however. It was the most sought-after app in the world in 2021, with 656 million downloads, ahead of Instagram’s 545 million (Business of Apps).

See the exposé of TikTok in my July 11 column.

Nonfungible tokens (NFTs) are worth only what someone will pay for them

Early this year, nonfungible tokens were a hot commodity in the cryptocurrency world. Now, NFTs have come down to earth — along with the values of most crypto coins themselves.

I warned in a column at the time that NFTs were vulnerable to a collapse of value. Specifically, the price of the biggest crypto token — bitcoin — has crashed 53% to 93% seven times in the past 11 years. Every time new buyers flowed in, excited by social-media hype, they were taken to the cleaners by insiders who sold. The sellers got their money out of bitcoin while the getting was good.

Axie Infinity game uses NFTs
Figure 3. Axie Infinity is an interactive game in which players buy crypto coins to acquire animal life forms.Source: Axie Infinity white paper

One colorful user of NFTs is Sky Mavis, a Vietnam-based game-development company that runs the multiplayer world called Axie Infinity. Players must purchase the company’s own crypto coin, Axie Infinity Shards (symbol: AXS), to obtain game animals. Each animated creature is associated with its own NFT, theoretically making each character unique.

In August 2021, the tiny Sky Mavis endeavor was enjoying revenue of $15 million per day as more and more gamers discovered its play-to-earn-rewards system (paid in crypto, of course).

Unfortunately, hackers said to be from North Korea managed to make off with $620 million worth of Sky Mavis’s assets last March (CNET). On January 1, 2022, one AXS coin was trading for more than $94. By December 19, with players’ faith in the company shattered, the price people were willing to pay had ground down to only $6.92 per AXS — a loss of 93% (CoinMarketCap). Game animals that players once purchased for more than $300 each are now worth less than $10.

Even without any specific hacker exploits, the dollar values of bitcoin and other crypto tokens — including most NFTs — have crashed hard this year.

Since bitcoin’s all-time high on November 11, 2021, the digital token has lost 76% of its value, as I reported in my December 5 column.

NFTs have fared even worse. The co-founder and former CEO of Twitter, Jack Dorsey, auctioned an NFT that theoretically represented the first-ever tweet. A crypto whale based in Malaysia, Sina Estavi, “won” the auction with a bid of $2.9 million.

Estavi intended to flip the NFT for even more, but the crypto crash was already dragging values down. In October 2022, the latest bid for his token on OpenSea, the largest NFT auction site, was only $132 — an inconceivable loss of 99.995%. Estavi has decided to hold onto his NFT for now (Entrepreneur).

OpenSea itself found in a January 2022 study that more than 80% of the NFTs its users were creating were outright frauds. Promoters simply made digital copies of artworks that actually belonged to the original artists. The starry-eyed buyers didn’t receive the art or anything of value for the money they invested.

For details on this and other aspects of NFTs, see my February 7 column on the subject.

Are 80% of Twitter accounts really bots, and does anyone still care?

A hot topic this year was whether most of the accounts on Twitter, the short-message phenomenon, weren’t human users but were merely automated bot traffic. I reported that more than 80% were bots, based on a study by the head of intelligence at F5, a global network-security firm.

80% of Twitter accounts are bots
Figure 4. It’s trivial for hackers to create automated bots that sign in to major websites and interact with actual human users for devious ends.Photo by T.Y. Lim

The number of Twitter accounts that were just bots acting like real users was a main bone of contention between the CEO of Tesla, Elon Musk, and Twitter executives who were fighting off Musk’s efforts to buy the company.

Musk was eventually forced by a court order to follow through on his buyout promises. On October 27, Musk purchased Twitter for $44 billion, much of that consisting of borrowed money.

Installing himself as Twitter’s CEO, Musk fired the website’s executives and laid off (or lost to resignations) 4,800 of Twitter’s 7,500 employees and terminated its 5,000 contract workers. The story is related in my December 19 column, along with details on the other companies in the Great Tech Layoff.

With the website’s content-moderation group mostly gone, its advertisers largely suspended their ad campaigns — eliminating the money their ads had been paying into Twitter’s budget. Musk himself told an all-hands meeting of the remaining staffers that bankruptcy was a possibility for the once-enormous presence that was Twitter.

Finally, Musk posted a poll on December 18 asking whether Twitter users thought he should step down as CEO, saying he’d abide by the vote. An astonishing 17.5 million people voted, and Musk was crushed. More than 57% gave him the thumbs-down (The Guardian).

The evidence that 80% of supposed Twitter accounts were simply bots was explained in my September 12 column.

Illegitimi non carborundum (Wikipedia). Have a wonderful 2023!

Talk Bubbles Do you know something that we all should know? Tell me about it!
Send your story in confidence to publicdefender@askwoody.com.
Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

The PUBLIC DEFENDER column is Brian Livingston’s campaign to give you consumer protection from tech. If it’s irritating you, and it has an “on” switch, he’ll take the case! Brian is a successful dot-com entrepreneur, author or co-author of 11 Windows Secrets books, and author of the new fintech book Muscular Portfolios. Get his free monthly newsletter.


ADVERTISEMENT
Wildgrain


Here are the other stories in this week’s Plus Newsletter

MICROSOFT 365

Peter Deegan

Microsoft 365: Year in review

By Peter Deegan

Let’s take a minute to check the rearview mirror and review what’s happened this year with Microsoft Office. We’ll also peer over the horizon to speculate about 2023.

There were obvious (and not-so-obvious) changes to Microsoft Office and Microsoft 365. I’ll look at just some of the changes. They might not be the most hyped changes coming from the never-ending road that is Microsoft marketing, and some of them might be overlooked but yet interesting.

FREEWARE SPOTLIGHT

Deanna McElveen

Firewall App Blocker — Make the Windows firewall usable

By Deanna McElveen

Microsoft did a pretty decent job when it added an improved software firewall to Windows XP SP2, and it has gotten even better over the years.

That said, the ease of adding a program to be allowed or blocked by Windows Firewall has not improved much at all.

But that’s okay. Along with its other great programs, Sordum.org has created Firewall App Blocker.

ON SECURITY

Susan Bradley

Finding good security information

By Susan Bradley

I do this so you don’t have to.

And I’ve been doing it for a long time, learning and cultivating sources of knowledge to allow me to make informed decisions about the stability and security of my computing environments, both at home and for my business. The latter has been extremely important to me; as a CPA, I am entrusted with the private financial information from the firm’s clients, which must be dealt with carefully.

Thus, I have been on a decades-long journey through the landscape of NNTP newsgroups, Listservs, email groups, chat rooms — you name it.


Know anyone who would benefit from this information? Please share!
Forward the email and encourage them to sign up via the online form — our public newsletter is free!

Enjoying the newsletter?

Become a PLUS member and get it all!

RoboForm box

Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice.

PLUS, these exclusive benefits:

  • Every article, delivered to your inbox
  • Four bonus issues per year, with original content
  • MS-DEFCON Alerts, delivered to your inbox
  • MS-DEFCON Alerts available via TEXT message
  • Special Plus Alerts, delivered to your inbox
  • Access to the complete archive of nearly two decades of newsletters
  • Identification as a Plus member in our popular forums
  • No ads

We’re supported by donations — choose any amount of $6 or more for a one-year membership.

Join Today buttonGift Certificate button

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, AskWoody.com, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.