How to Scan for Nearby AirTags Using an Android Phone

Here’s how this works: AirTags use Bluetooth so nearby devices on Apple’s Find My network can spot them. If you use a Bluetooth scanner app—the kind of app that shows nearby Bluetooth devices—you will see any nearby AirTags appear in the list of nearby Bluetooth devices.

It’s a little more complicated than it sounds. The Apple AirTag won’t show up as an “AirTag” in the list, but it will appear as an unnamed Bluetooth device—and it does say it’s an Apple device, so it might be easy to spot the AirTag if you don’t own any Apple-made Bluetooth gadgets.

How to Scan for AirTags on Android

To scan or nearby AirTags, you’ll need a Bluetooth scanner app. We used LightBlue, a free Bluetooth scanner app available on the Google Play Store. Install the app on your Android phone, launch it, and perform a scan. You’ll see all nearby Bluetooth devices here—everything from Bluetooth mice and keyboards to headphones to AirTags. If you live in an apartment building or you’re currently in a public location, bear in mind that you may see other people’s nearby devices in this list.

So, if you want an easier time spotting AirTags in the list, it might be helpful to get away from other people’s devices. You’ll have an easier time spotting an AirTag in your bag if you’re in the middle of an empty field than if you’re sitting in the middle of an airport.

The AirTag will appear as an “Unnamed” device. If you tap it, you’ll see that the “Manufacturer specific data” field says this particular entry is an Apple device, which is a hint that this particular device might be an AirTag. It could also be another piece of hardware made by Apple, of course.

Note: Note that the AirTag’s device ID—that’s the string of values that appears as “42:9A:35:A7:99:51” in the below screenshot—will automatically change to new random values over time. You can’t rely on the ID alone to spot an AirTag over time.

The LightBlue app on Android showing an AirTag.

How to Find a Nearby AirTag

If you’re pretty sure there’s an AirTag near you, you can use the device’s signal strength displayed in the app to help find it. The closer your phone gets to the AirTag, the more the signal strength meter will fill up. By moving your phone around, you might be able to get a better idea of where the nearby AirTag is located.

The signal strength for a nearby AirTag displayed in LightBlue.

Scan the AirTag with NFC

Once you find the AirTag, if it’s in Lost Mode and is tracking you, you can scan the white side of the AirTag with NFC to view contact information and a message the AirTag’s owner might have set. Just tap the back of your Android phone (or an iPhone) against the white side of the AirTag.

Obviously, This Isn’t Ideal

Clearly, this isn’t an ideal solution. With the launch of AirTags in early 2021, iPhone users will get a quick notification that an AirTag is following them—but Android users have to wait three days to hear a beep or scan for AirTags manually. That’s far from ideal.

What happens if Google releases a similar Bluetooth tracker in the future? Do Android users get a quick notification a Google Tag is following them, but iPhone users have to wait three days to hear a beep?

Clearly, more interoperability would be ideal—if Apple and Google created a cross-platform standard that would let Android quickly detect nearby AirTags in the same way, that’d be great. Unfortunately, we’re not holding our breaths for that kind of cooperation.

[mai mult...]

How to Test Whether Your VPN Is Working (and Spot VPN Leaks)

A hand about to press a big VPN button.

If you signed up to a VPN and want to make sure it’s safe to use before browsing the web, then the best way to do so is to test it yourself. There are several free tools that allow you to test your connection’s security and determine whether or not your VPN is doing its job. You need no special knowledge to do so, so let’s get started.

What Are VPNs?
In short, VPNs are services that will let you connect to the internet through their servers, effectively changing your IP address and partially protecting you from tracking by your ISP and any websites that you visit. If you want to keep yourself undetected while browsing, they’re an important part of your toolkit, although you’ll also need to use Incognito Mode and follow some other steps for anything resembling anonymity.

However, VPNs aren’t bulletproof: There are some problems that can pop up in even the best of VPNs that can potentially reveal your IP address to the sites or services that you visit, thus rendering your VPN useless. Thankfully, there are a number of free tools available on the web that can help you track down these issues and deal with them.

Types of VPN Leaks

When a VPN broadcasts your IP address instead of that of the VPN’s server, that’s called a leak. There are three types of leaks that you can easily detect with simple tools: IP leaks, WebRTC leaks, and DNS leaks. IP leaks come in two flavors: IPv4 and IPv6 leaks. (We have an article on the difference between IPv4 and IPv6). An IPv4 leak is when the VPN fails to protect your connection, pure and simple. You won’t see too many of these, if ever, as they only happen when a VPN fails.

According to Dimitar Dobrev, founder of VPNArea, IPv6 leaks happen if both you and the website you connect to support IPv6, but your VPN only supports IPv4. With the IPv6 connection effectively unprotected, the site can see your IP address. The only good way to prevent this is to upgrade to a VPN that uses IPv6 protection or has the option to shut it off. If your VPN has neither, then get another.

WebRTC leaks are a different issue: In the words of ExpressVPN Vice President Harold Li, Web Real-Time Communication (WebRTC) is a collection of standardized technologies that allows web browsers to communicate with each other directly without the need for an intermediate server. As this goes on, occasionally, a browser can accidentally reveal your IPv4 address and with it, your location. If this happens, you can disable WebRTC requests with a browser extension.

Last but not least are DNS leaks, which are quite common, and even high-end VPNs will occasionally suffer from them. They happen when your DNS requests are sent to your standard DNS servers directly without going through the VPN and using the VPN’s DNS servers. Changing servers should fix it, but if it happens regularly, you probably need to change VPNs.

VPN Testing Tools

Now that we know what we’re looking for, let’s take a look at how we can detect these three types of leaks. There are a number of tools to choose from: Our favorites are ipleak.net—owned by AirVPN—and ipleak.org, which is owned by VPNArea. Both do a fine job of showing you what you need to know, but since we like ipleak.net’s interface a little better, we’ll be using that one for the purposes of this article.

If you’re experienced in working with the backend of computers, our favorite VPN service, ExpressVPN, has put out its testing tools on GitHub. If you’re comfortable with more advanced tools like this, we recommend that you give them a whirl and get not just information on leaks, but also on a host of other data.

Testing Your Connection

To show you how the tests work, first, we’ll go to ipleak.net without enabling a VPN. There’s no introduction screen or anything. You’re immediately brought to your test results.

Test result without VPN enabled

At the top is your IP address. Under that are the country and the city you’re in (Hello from sunny Cyprus.). However, sometimes, your city might show up differently: For instance, ipleak.net usually shows my city as Larnaca or Nicosia (both of which are about 50 miles away). This is due to my ISP connecting to a server elsewhere on the island.

The IPv6 test is just to the right of your IP address. It showing up as “not reachable” means that you passed, in this case, so we’re safe. Below that is WebRTC detection. If it’s empty, you’re also good. Last but not least is your DNS test, which shows a host of IP addresses, which can be from anywhere. These are the different servers that your signal has bounced between before hitting ipleak.net’s server. As it is now, it’s also fine.

Since running a test on an unprotected connection is kind of pointless, let’s connect to a server in the Netherlands. All you need to do in this case is connect, and then reload the ipleak.net page. The test will be run again automatically.

Connect, and then reload the ipleak.net page, and the test will be run again automatically.

In this test, there are a few things to note: The results for the IPv6 and WebRTC tests are fine. To find out whether our VPN passed the DNS leak test, we need to look through the list of IP addresses and see whether or not our original IP is there: If it’s not, like now, we’re all good. This means that the connection is all good and that the VPN has passed.

However, there is one thing to note, and if you start running your tests yourself, you’ll come across this quite often: The location of the VPN’s IP address is different than what we selected. We chose a server in Amsterdam, but this IP places us in Overijssel, which is a province about 60 miles or 100km from Amsterdam.

According to Mr. Dobrev, this has to do with the way that IPs are registered. IP addresses can be moved around, but it often takes a while for the registrar to update this information. Also, to further complicate the issue, there’s more than one registrar. However, this is not a security issue. Usually, within a few days, the IP address will show up where it needs to be.

What Do Bad Results Look Like?

However, not all tests will look this rosy. Generally speaking, IPv4, IPv6, and WebRTC leaks will happen the least. Your author has tested a lot of VPNs and has only come across a few of these. However, DNS leaks are a lot more common, so always be sure to look carefully through the DNS servers to make sure that you don’t spy your own IP address among them.

[mai mult...]

How to Migrate from Gmail to ProtonMail

Import Your Gmail Inbox to ProtonMail

The first thing you’ll want to do is bring the contents of your old inbox over to the new one. Even though ProtonMail has a generous free plan, it falls well short of what Google can offer with Gmail. One of the most limiting factors is likely to be the 500MB inbox size limit.

If you have more than 500MB of email to import, you’ll need to upgrade to a larger plan to transfer the contents of your inbox. Alternatively, wipe the slate clean and start again (but keep ahold of your Gmail account so that you still have access to your old inbox).

Gmail Account Usage

If space isn’t a concern, there are two ways to import your Gmail inbox to ProtonMail: by using the Import Assistant in ProtonMail V4 (free), or by using the Import-Export desktop app for Windows, Mac, and Linux (premium account required).

At the time of writing in April 2021, ProtonMail V4 is currently in beta and can be accessed via beta.protonmail.com. Beta access is available to all users of ProtonMail, as this version will eventually become the default version for anyone who uses ProtonMail in a browser.

If you’re using ProtonMail V4 (or later), you’ll see it listed in the version number in the bottom left of the screen when you’re logged in. If you see an earlier version number, head to beta.protonmail.com and log in, then click on the “Settings” icon at the top of the screen.

ProtonMail V4

Under “Import & export,” click on “Import Assistant,” followed by “Continue with IMAP.” In the pop-up that appears, click on “Gmail” to see instructions on how to prepare your account (Don’t worry, we’ll run through them here.).

Now, head to Gmail and log in. Click on the “Settings” cog icon at the top of the screen, followed by “See all settings.” On the “Forwarding and POP/IMAP” tab, make sure that “Enable IMAP” is on so that the “Status” area reads “IMAP is enabled” in green text.

Gmail IMAP Enabled

On the “Labels” tab, make sure that you enable any labels that you’d like to show up by checking them as “Show in IMAP.” If you want to avoid transferring certain labels (like chats), disable them.

Show Gmail Labels in IMAP

Finally, head to your Google Account settings at myaccount.google.com and log in, and then visit the Security section. Under “Less secure app access,” make sure that you click “Turn on access (not recommended).”

If you have 2-step verification enabled on your account, you’ll need to create a new app password under the “App passwords” section instead. Make a note of this password, since you’ll need it for the next step.

Google 2-Step Verification App Passwords

Next, click “Start Import Assistant” (also labeled as “Skip to Import”) to get the ball rolling. You’ll need to log in with your Gmail account by using your primary credentials (username and password), or by using your email address and app-specific password (if you have 2-step verification enabled).

Skip to Import

Once you’re authenticated, ProtonMail will tell you exactly what will be imported. You can click on the “Customize Import” button to make further changes, like to cut-off dates and folders (labels), or hit “Start import” to begin the process.

Start Import Process in ProtonMail

If you don’t have enough space in your ProtonMail account for the email you wish to import, you will be warned. You can then make changes to your import so that everything fits. Learn more about importing via ProtonMail V4 on the Import Assistant support page.

Use the Import-Export Desktop App (Requires Premium)

If you have a premium ProtonMail account, you can use the dedicated Import-Export desktop app for Windows, Mac, or Linux to perform a similar import. In addition to this, you can also use the Import-Export app to import locally stored EML and MBOX files from other mail clients.

To do this, download Import-Export, and then follow the instructions to import your mail. This process can be made much easier by simply downloading your entire Gmail history in MBOX format via the official Google Takeout service.

Download Gmail as MBOX

As a paid customer, you have priority access to ProtonMail support to help you with any issues that you might encounter along the way.

Import Your Gmail Contacts to ProtonMail

You can import your contacts to ProtonMail relatively easily by exporting them as a CSV (comma-separated value) file directly from Google. You can do this by logging in to your Google account at contacts.google.com and then clicking on the “menu” button (which looks like three horizontal lines) and selecting “Export.”

By default, this will export all of your contacts. If you only want to export certain contacts, head back to the main list and select which contacts you want to export, and then head back to the Export page. Leave the format as “Google CSV” and click “Export” to download the CSV file.

Export Gmail Contacts as CSV

Head back to mail.protonmail.com and log in, and then click on the “Contacts” button at the top of the screen. From here, you can click on “Import,” and then drag your .CSV file into the window to upload your contacts. You might want to spend some time on the Contacts page tidying up entries after you’ve completed this process.

Import Contacts via CSV to ProtonMail

Don’t see the option to import via CSV? Log in at contacts.protonmail.com and then click on “Settings,” followed by “Import.” You can then use the “Import Contacts” button to locate the CSV file and upload your contacts here. If you are using ProtonMail V4 or later, you’ll need to use this method.

Forward Incoming Gmail Messages to ProtonMail

With your inbox and contacts successfully imported, you will likely want to make sure that any mail going to your old address is forwarded to your new one. If this isn’t the case (for example, if you are “starting fresh” due to too much incoming mail at your old address), then you can skip this step.

To forward mail from your Gmail account, log in at mail.google.com and click on the “Settings” cog at the top of the page, followed by “See all settings.” Under the “Forwarding and POP/IMAP” tab, click “Add a forwarding address” and enter your new (ProtonMail) address.

Add Forwarding Address to Gmail

Click “Next” and then “Proceed” to finalize your decision. Head back to your ProtonMail account, where you should find a confirmation email from Google. You’ll need to click the link in this email to complete the process.

Gmail Forwarding Confirmation Email

Refresh your Gmail account one last time and head back to Settings > Forwarding and POP/IMAP. Then select “Forward a copy of incoming mail” and specify the ProtonMail address you just added. Hit “Save Changes” at the bottom of the screen and you’re done.

Set Up Forwarding in Gmail

The Finishing Touches

With your inbox transferred, mail forwarded, and contacts ready to go, it’s time to start using your new email address. There are a few things that you should remember to do to ensure that you can complete the migration:

  • Update your online accounts to reflect your email address changes (social media, online shopping, utilities, health care, and so on).
  • Notify your contacts of your new address. You should use the “BCC” field to send mail to multiple contacts without sharing the full list of recipients.
  • Download the ProtonMail mobile app for Android or iPhone so that you can access your email on the go.
  • If you’re a premium ProtonMail user, you can download ProtonMail Bridge, which allows ProtonMail to work with mail clients like Outlook, Thunderbird, and Apple Mail.
[mai mult...]

How to Reset a ProtonMail Password

ProtonMail logo

Since ProtonMail is a secure email service that prioritizes privacy and security, resetting your password is a bit different from “regular” webmail providers like Gmail. You can do it, but here’s what you need to know.

ProtonMail has two password modes: single-password mode and two-password mode. If you haven’t enabled two-password mode, you don’t need to worry about this, as you’ll be using the default single-password mode.

In single-password mode, the same password is used to log in and decrypt your inbox. In two-password mode, you have one password for logging in (your account password) and another for decrypting your mailbox (your mailbox password). ProtonMail itself does not have access to any of your passwords, regardless of which mode you’re using.

ProtonMail Two-Password Mode

If you’re using two-password mode, changing either of your passwords will default you to single-password mode. When the password used to decrypt your mailbox is changed, you will no longer be able to read your old emails. If you remember it later, you can restore access to your older emails by recovering the decryption key.

Regardless of which password mode you’re using, changing your password will result in your older emails no longer being readable. You will still be able to see unencrypted data like the sender, subject line, and metadata, but you won’t be able to read the message body or access attachments.

When you create a new password, you’ll also create a new key used to decrypt data stored in your inbox. You will only be able to read any emails sent or received after the reset, since they will be encrypted using the new key.

Reset Your ProtonMail Password via Recovery Email

This method assumes that you set up a recovery email when you registered your ProtonMail account. To reset your account password, visit mail.protonmail.com and click on the “Get help” link below the “Login” button.

ProtonMail Login

Using two-password mode? To reset your mailbox password, log in using your account password. Then, on the “Decrypt Mailbox” screen, use the “Forgot Password” link, and follow the rest of the process as normal.

Reset ProtonMail Password

Click on “Reset Password” and enter your ProtonMail username and a recovery email. This email must match the one that you specified when signing up in the first place.

ProtonMail Recovery Email and Username

Confirm your decision in the box that appears and make sure that you understand that proceeding will prevent you from being able to decrypt the contents of your inbox. In the next step, you will be sent a recovery code, but be sure to leave the recovery web page open while waiting for the email to arrive.

Warning: This will wipe all the emails in your account. You’ll be able to access your account again, but all of your previously received emails will be gone. You will still receive emails sent to the address in the future.

confirm your password reset

Once you have the email, enter the recovery code, followed by the “Reset Password” button. Another window will appear warning you about what will happen to your inbox when you proceed with the next step.

ProtonMail Reset Password Recovery Code

Enter the word “DANGER” in capital letters into the box to confirm your decision, followed by the “Reset” button.

ProtonMail Confirm Reset

Finally, enter a new password, and make a note of it in a secure place (like a password manager). Hit “Reset Password” to complete the process. You can now head back to mail.protonmail.com and log in with your new password.

Reenable Additional Security When You’re Done

Resetting your password will disable two-password mode and two-factor authentication. If you want to carry on using these features, make sure that you reenable them via Settings > Account (two-password mode) and Settings > Security (two-factor authentication).

Enable Two-Factor Authentication in ProtonMail

[mai mult...]

How to Read a REG File and Check If It’s Safe

The REG file icon on a Windows 10 desktop.

On Windows, a .reg file contains a list of changes to the Windows Registry. These files are a quick way to make simple changes—but they can also be dangerous. Here’s how to see what a REG file does before you run it.

What Is a REG File?

The Windows Registry is a database where Windows and some third-party applications store settings and other data. Many options on Windows 10 can only be changed in the Windows Registry. Some options can also be changed in Group Policy—but only Professional, Enterprise, and Education editions of Windows 10 have access to that.

We cover a lot of “registry hacks”—changes to the Windows Registry—here at How-To Geek. You can change these settings yourself using the Registry Editor, but it takes some clicking. To speed things up, we also offer downloadable REG files you can run to make these changes.

REG files can be created in several ways—you can use the “Export” option in the Registry Editor or write the REG file by hand in a text editor like Notepad.

The Registry Editor on Windows 10.

Why REG Files Can Be Dangerous

REG files just contain a list of Registry changes. When you double-click the REG file, Windows will make the changes specified in the file.

If the REG file is from a trustworthy source and doesn’t have any mistakes in it, that’s fine. For example, you can write your own REG file to quickly make your favorite changes to any new Windows PC.However, a REG file can also do bad things. It can mess up various settings or delete parts of the Windows Registry when you run it.

How to View a REG File’s Contents

Before running a REG file, we recommend examining its contents. We’ll demonstrate how to do this, using our “LastActiveClick” registry hack, which makes a single click on a taskbar icon activate the last window you used from that program—no multiple clicks necessary.

To view the contents of a REG file, right-click it in File Explorer and select “Edit.” This will open it in Notepad.

Note: If you don’t see the “Edit” option, the REG file may be inside a ZIP archive. You may need to extract the REG file from the ZIP archive before continuing. You can just copy-and-paste or drag-and-drop it to another folder.

Right-click a REG file and select "Edit" in File Explorer.

You will see a warning before you open the file if you downloaded it from the web. As long as you clicked “Edit,” you can click “Run” to continue. It’s safe—you’re just opening a text file in Notepad.

Note: If you accidentally click “Merge” instead—or if you double-click the file—you will see a User Account Control window after clicking “Run.” Click “No” to the prompt if you’re not ready to add the contents of the file to your registry yet.

Click "Run" to open the file in Notepad.

How to Read a REG File

You’ll see the contents of the REG file displayed in Notepad. If it’s a simple registry hack, you should just see a few lines. Here’s what our Last Active Click registry hack looks like:

Windows Registry Editor Version 5.00

; created by Walter Glenn
; for How-To Geek
; article: https://www.howtogeek.com/281522/how-to-make-your-taskbar-buttons-always-switch-to-the-last-active-window/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"LastActiveClick"=dword:00000001

The first line, “Windows Registry Editor Version 5.00”, just lets you know what type of file this is.

In this file, lines two through four begin with a “;” character. The fifth and sixth lines are the meat of this particular file. The fifth line tells Windows to make a change at the following location, or “key,” in the registry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

The sixth line tells Windows to create a DWORD value named “LastActiveClick” and set its value to “1”. (If the value already exists, Windows will set its value to “1”.)

We also have a registry file that undoes these changes. It differs by having this text instead:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"LastActiveClick"=-

The minus sign (“-“) tells Windows to delete the LastActiveClick value. REG files can continue many lines of changes, but they’ll all be in a similar format.

How to Know If a REG File Is Safe
We pair downloadable REG files with instructions for changing the setting on your own in the registry. If you would be comfortable making a change in the registry by hand, you should be comfortable with running a REG file that makes the same change.

If you don’t understand what the REG file does—and especially if you don’t trust its source—then don’t run it.

Tip: We don’t recommend you just trust us, either! Please, feel free to check our work: When you download a REG file from us, check its contents and ensure you’re comfortable with them before you run the file. It’s good to get in the habit of double-checking all REG files before you run them.

If you do trust the file, just double-click it—or right-click it and select “Merge.” Windows will ask you if you want to let the Registry Editor make changes to your computer. Agree and the contents of the registry file will be merged with your PC’s registry.

[mai mult...]

How to Clear Your Tracked Step History on iPhone

If you’ve ever set up a profile in Apple Health on your iPhone, the app will collect data on how many steps you take each day. If you’d like to clear this record of your physical activity, it’s easy to erase it in the Health app. Here’s how. First, open the Apple Health app. If you can’t find it, swipe downward with one finger in the middle of your iPhone screen, then type “health” in the search bar. Tap the “Health” app icon that appears.

Using Spotlight, search for "Health" then tap the Health icon.

In the Health app, scroll down until you see “Steps,” then tap it. (Depending on how many other health metrics you use, the “Steps” section could be located on various parts of the screen.)

In the Health app, tap "Steps."

On the “Steps” screen, scroll down to the very bottom and tap “Show All Data.”

Tap "Show All Data"

On the “All Recorded Data” screen, tap “Edit” in the upper-right corner of the screen.

Tap "Edit"

The screen will change to an edit screen where you can delete data from individual days using the red circles beside each entry. To delete all recorded step data, tap “Delete All.”

Warning: Once you delete your step data, you won’t be able to get it back.

Tap "Delete All"

After confirming the deletion, Health will erase all of your step data. This does not prevent Health from collecting future step data, however. To do so, we’ll need to take a trip to Settings in the section below.

How to Disable Apple Health Activity Tracking on iPhone

If you’ve just cleared your step data and would like to prevent the Health app from collecting activity data in the future, it’s easy to turn off in Settings. First, open the Settings app.

Tap the "Settings" icon on iPhone

In Settings, tap “Privacy.”

In iPhone Settings, tap "Privacy."

In “Privacy,” scroll down and select “Motion & Fitness.”

Tap "Motion & Fitness."

In “Motion and Fitness,” tap the switch beside “Health” to turn it off. This will prevent the Health app from receiving any future activity data from your iPhone’s sensors.

Turn off the switch beside "Health."

Alternately, you can completely disable “Fitness Tracking” at the top of the screen, but doing so will also prevent other apps from using activity data. If that’s fine with you, just switch “Fitness Tracking” to “Off.” After that, exit Settings, and you’re done. From now on, Health will no longer know how many steps you take every day. Stay healthy out there!

[mai mult...]

What Are Android Security Updates, and Why Are They Important?

android security update

In the Android world, there are basically three types of updates: big annual firmware updates that bump up the version number (11 to 12), smaller monthly security updates, and “Google Play System Updates,” which are another type of security update.

What Is an Android Security Update?

An Android Security Update is an update that is primarily geared toward improving security and fixing bugs. These updates don’t typically include features that you might notice in your daily use. When a new Android version is released, there will inevitably be issues with it. That’s just a reality of human-designed products. However, Google doesn’t want to send a full system update just to iron out some bugs. Instead, they’ll fix the problems with a smaller update.

As you might expect from the name, these updates are also very important for security reasons. Some bugs present security risks, and these can be quickly addressed with an update. Security updates can also fix vulnerabilities to new attacks that have cropped up.

These updates are sometimes called “patches,” which is a great way to think of them. They’re small fixes that contribute to the whole of the operating system.

Why Are Android Security Updates Important?

You may not notice any fancy new features when you install an Android Security Update, but they’re very important nonetheless. Software is rarely ever “done.” It constantly needs maintenance and fixes to keep it safe and secure. These smaller updates are important, as they cumulatively fix bugs and patch holes. Think of them like holes in a bucket full of water. A few tiny holes might not cause the water level to go down much, but if you punch enough holes, the entire bottom could fall out.

We mentioned before that smaller updates can quickly address new vulnerabilities, and that’s critically important, too. You don’t want to have to wait for a full version update to patch a glaring security risk. Smaller updates allow for faster turnaround time. It’s important to download these updates as soon as you can.

How to Check for Android Security Updates

With all that in mind, you’re probably wondering how to check whether you have the latest security update. It’s easy to find out. First, swipe down from the top of the screen (once or twice, depending on your device’s manufacturer). Then, tap the gear icon to open the Settings menu.

swipe down and tap the gear icon

Tap “Security.”

select security

At the top of the screen, you’ll see a “Security Status” section. Look for “Security Update” and check the date.

check the date

There’s a pretty good chance that you won’t have the update for the current month. Unfortunately, a lot of Android devices lag behind. If you have a new-ish Samsung phone or a Google Pixel, you should be up to date. You can check for an update by selecting “Security Update” and tapping the “Check for Update” button.

Tap "Check for Update."

Why Is My Android Phone behind on Security Updates?

In a perfect world, every Android device would get the latest security update at the same time. Sadly, that doesn’t happen. Each month, Google makes the fixes and posts the security update for its partners (Samsung, LG, OnePlus, etc.). It’s then up to these companies to approve the fixes, add any of their own, and release them to devices.

This is why Pixel phones typically get security updates right away. Google controls the whole process. Other devices are dependent on the manufacturer. Samsung is good at keeping its high-end devices up to date, but some lower-end phones can lag behind.

Before buying an Android phone, take some time to check what the manufacturer says about promised updates. Samsung, for example, promises four years of updates for many of its devices. Stay away from manufacturers with poor track records.

[mai mult...]

How to Turn off Background App Refresh on iPhone or iPad

By default, your iPhone (or iPad) lets apps check for new data in the background. It can reduce loading times when switching back to an app, but it also reduces battery life, takes a bit of cellular data, and could allow some apps to spy on you. Here’s how to turn “Background App Refresh” off.

First, open the “Settings” app on your iPhone.

THE BEST TECH NEWSLETTER ANYWHERE

Join 425,000 subscribers and get a daily digest of features, articles, news, and trivia.

By submitting your email, you agree to the Terms of Use and Privacy Policy.

Tap the "Settings" icon on iPhone

In “Settings,” tap “General.”

In Settings on iPhone or iPad, tap "General."

In “General,” tap “Background App Refresh.”

In General, tap "Background App Refresh."

Next, you’ll see the “Background App Refresh” settings. If you’d like, you can disable Background App Refresh on an app-by-app basis here. Just tap the switch beside each app you’d like to disable to turn it off.

In 2019, the Washington Post discovered that some apps use the Background App Refresh feature to send data about your activities through the internet when you don’t suspect it, so unless you completely trust an app vendor and think the refreshing is likely useful to you, it is probably best to turn the feature off for most of your apps.

In "Background App Refresh" settings, you can turn the feature on or off for individual apps.

Luckily, Apple also makes it easy to completely disable Background App Refresh. To do so, tap “Background App Refresh” at the top of the page.

Tap "Background App Refresh" again.

On the next screen, select “Off” from the list.

In "Background App Refresh," select "Off."

After that, exit Settings, and you’re all set.

Interestingly, Background App Refresh is one of the features that gets disabled when you enable Low Power Mode on your iPhone. Your iPhone will use less battery power in idle mode from now on.

[mai mult...]

What Is a Burner Phone, and When Should You Use One?

A hand holding an old feature phone.

A “burner phone” is a cheap, prepaid mobile phone that you can destroy or discard when you no longer need it. In popular media, criminals often use burner phones to evade detection by authorities. You might use a burner phone for privacy reasons, as a last resort, or during an emergency. A “burner SIM” is a related term, and refers to a cheap, prepaid SIM card that you can insert into another phone. You may plan on only using the SIM card for a limited period of time and not linking it to your real identity.

What Is a Burner?

A burner phone is a cheap, prepaid mobile phone that the owner generally doesn’t intend to use long term. These phones have traditionally been purchased with cash to avoid any kind of paper trail that would tie the phone number to an individual.

The term was popularized in the hit 2002 HBO series The Wire, where “burners” were used to avoid detection by authorities. Once a number was suspected of being compromised, the device was discarded or “burned” so that the trail would go cold. Since the rise of iPhones and Android devices, burners are more commonly referred to as “feature phones” or “dumb phones,” since the smartphones of today didn’t exist in the early 2000s. While the term “burner phone” is still common, SIM cards could also be used in such a manner.

Instead of purchasing an entirely new device, a burner SIM can be used in a smartphone to switch between numbers for a variety of reasons. Some smartphones can even accommodate more than one SIM at a time for this purpose. With that in mind, some of the applications of a burner phone rely solely on having a second dedicated device you can use.

You might use a burner phone or a SIM to protect your identity. If you can manage to procure a handset or SIM card that isn’t linked to your real-world identity, you can use the number without the risk of being identified.

There are all sorts of reasons that someone might want to remain anonymous. Maybe you’re phoning in an anonymous tip to an employer. Maybe you would like to use a secure messaging service like Signal or Telegram without disclosing your primary phone number. Maybe you’re trying to avoid giving your main phone number to marketers who will likely send you follow-up messages—like when you’re viewing a real estate listing or looking for insurance quotes.

Since burner phones are feature phones, they are severely limited in their abilities. Most lack cameras or access to a modern browser, and are instead limited to phone calls and text messaging. Since they are relatively lightweight devices, they have excellent battery life, too.

Many such devices will last for days on a single charge, and sometimes even months if you use the battery sparingly. This makes burner phones ideal for use in an emergency. They are often found in emergency survival kits since they can be charged and turned off until they are required. A burner phone is a spare phone with long battery life that doesn’t need an expensive cell phone plan—what’s not to like?

A Burner Doesn’t Guarantee Anonymity

If you’re buying a burner phone for privacy reasons that extend beyond simply using the number to send anonymous Signal messages or avoiding spam, be aware that no cell phone provides you with true anonymity. It’s all about your “threat model”—what threats are you trying to protect your privacy from?

Just think about the process of getting a burner phone from the store. Let’s say that you drive to a store, buy the burner phone with a credit card, drive home, and turn it on. In the process of this: If you took your normal phone with you, your cellular carrier will know that you were at the store at the time the phone was purchased. License plate cameras on the route may have captured your license plate and recorded your movements. A camera in the store may have recorded you buying the phone. Your credit card company will have a record of you buying the phone. When you turn the phone on at home, the cellular carrier your phone uses will have a pretty good idea of where your home address is.

And if you carry your burner phone and normal phone at the same time and both are powered on, anyone looking at cellular phone records can get a pretty good idea that those phones are owned by the same person.

Yes, that’s a lot of ways that you could be traced by an adversary with serious resources. If you’re really trying to evade government authorities—well, good luck. You’ll need it. On the other hand, if you just want a new phone number that isn’t directly and easily linked to your identity by the companies you deal with and the people you call, that’ll do just fine.

And if you’re not looking for anonymity and just want a secondary cell phone with long battery life for use in emergencies, this doesn’t really matter.

 

Nokia 110

If you’re really looking for anonymity, how far you want to go in anonymizing your purchase is up to you. You could ask someone else to buy it for you, or ask them to purchase you a gift card, which you then might use to buy the phone. You could also use cash in person. For the sake of anonymity, you probably want to avoid using your credit or debit card, so purchasing from an online retailer is probably not the best idea.

If you’re only purchasing a burner to throw into a survival kit or to keep in the car for emergencies, you can comb the web for the best deals without worrying about privacy implications. Amazon, eBay, or your preferred local service provider are great places to start.

What About Google Voice and Other Services?

If you’re simply looking for a second number that you can use to call and text from a computer, or to use with a service like Signal or Telegram, consider VoIP services. Google Voice, Skype, and other internet telephony providers can give you a number that you can use for basic texting and calling.

Google Voice only works in the U.S., but it’s free and easy to sign up for. You can register a new Google Account to use with your new number and take precautions like hiding your IP address using a VPN. Other providers exist, but they will likely charge you for a number (and that may require linking your card).

Google Voice

If you’re using a burner for privacy reasons, make sure that you take appropriate steps to distance your identity from your purchase. If your interest in a burner is purely for emergency or backup use, make sure that you charge the phone before you stow it (and consider an AA battery charger). Wondering how you can charge your burner while away from a power outlet? Learn how to charge your phone in the middle of nowhere. If you’re wondering how police have tackled this phenomenon in the past, consider watching The Wire.

[mai mult...]

How to Sign up for Signal or Telegram Anonymously

Signal and Telegram app icons.

Secure messaging apps like Signal and Telegram go the extra mile to protect your privacy and secure your conversations. But what if you want to truly chat anonymously, without giving away your personal phone number?

Signal and Telegram Require Your Phone Number

In order to use Signal or Telegram, you need a phone number. This number is shared with anyone you talk to while using these platforms, and can even be used to find you. These apps may use end-to-end encryption and other practices to keep your information private, but that doesn’t mean that they are anonymous services.

People you speak with over Signal or Telegram will see the phone number you used to sign up. This could be a problem if you’re a whistleblower, an anonymous source, or someone who just doesn’t want your conversations linked to your real-world phone number.

If You Already Have a Primary Signal or Telegram Account

You should think of these messaging services as an extension of your phone number. So, if you already have a main Signal or Telegram account and want to create an anonymous secondary one, here are some things to consider:

For Signal, only one phone number can be linked to your Signal account, which means that you never need to create a password. You’ll need multiple smartphones to use more than one Signal account at a time. Alternatively, you can deactivate your account, then switch to a secondary account. In Signal, switching accounts is inconvenient, since all of your conversations will be lost when you do so. Since Signal focuses on security, none of your correspondence is stored in the cloud. There’s no way of recovering messages or media you have sent or received unless you are transferring from an old device.

Telegram isn’t quite as restrictive. The Telegram desktop and tablet apps let you log in using a separate number on a desktop or tablet app. This doesn’t have to be linked to your smartphone or your “real” Telegram number. You can use this to your advantage, since you don’t need to abandon your main account to log in on a secondary one. If you’re wondering whether you should use Telegram or Signal for your confidential, anonymous messaging needs, you might find that Telegram is the more convenient choice between the two. Just make sure that you enable secret chats in Telegram before doing so.

Option 1: Use a Burner Phone (or SIM)

One of the easiest ways of using a service like Telegram or Signal anonymously is to sign up with a new phone number. In many cases, you can grab a prepaid “burner” phone or SIM card for very little (sometimes for free), which you can use to log in. You do not need to send any messages using this number, so you don’t need to spend any money if you don’t want to. All you need the secondary number for is to receive a message with a code in it. This code is all you need to log in using either service, since your phone number is only used as a means of identifying you.

A hand inserting a SIM card into a smartphone.

Signal requires access to this number the first time you log in (to receive a code). You will also need to use your primary device (an iPhone or Android smartphone) to add any linked devices you want to use with your anonymous number. Linked devices may need to be reauthorized from time to time, which will require access to your “burner” SIM, so keep it handy and active.

Telegram works the same way, except you won’t need to use a smartphone to add linked devices, since you can log in directly. Simply input your new “burner” phone number, enter the code you receive, and you’re off to the races.

Option 2: Use a VoIP Service Like Google Voice

If you don’t fancy switching SIM cards to go incognito, consider using a VoIP number instead. Google Voice is the obvious choice, offering a free U.S. phone number to those residing in the United States. You can also use a service like Skype, or any internet telephony provider that will give you a number (You may need to pay for it, though.).

There are a wide variety of other apps that can give you secondary “burner” phone numbers, too.

Google Voice

Once you’ve got your number, you can sign up as you would normally. For Signal, this means using a smartphone that isn’t already registered with the service or removing the app from your device. On Telegram, you can download the app for your platform of choice and log in.

Option 3: Use a Landline (Signal Only)

Signal is primarily designed for use with a mobile number, but you can enter any number you like when signing up. This includes landlines, like the one sitting on your desk at work. Unfortunately, during testing, we couldn’t activate Telegram using this method (but you may have more luck).

When signing up this way, you won’t be able to receive your code in the standard manner via SMS. Instead, you can request that Signal call you. Selecting this option should prompt Signal to call you via an auto-dialer that speaks the required code out loud over the phone.

Request Signal code via phone

Signal attempts to send you a code via SMS when you enter your number. If you wait a minute, you’ll be able to tap the “I didn’t get a code” button, which will present you with the “Call Me Instead” option. Tap it, answer the phone, and listen to the code. You can then use this code to log in and send messages.

Telegram will also send you a code via SMS, alongside a “Haven’t received the code?” button, which doesn’t offer an option to receive a call by phone instead. This may have been due to the use of an Australian mobile number, so your mileage may vary using this method.

Can’t Register a Second Number on Your Smartphone?

If you have already registered your personal number with either service, you might be surprised to see that there’s no option to log out of the service. The easiest workaround is to delete the app in question. This will remove local data from your device (including login tokens), forcing you to log in when you re-download the app.

Delete Signal from Device

In the case of Signal, this will remove all conversations from your device. Since Telegram allows you to sign in using a number and the Telegram app for your platform of choice (including Windows, Mac, and Linux), there’s no need to purge your smartphone. Learn how to delete apps on your iPhone, or how to delete apps on Android.

If you’re a Signal user, you’ll need to repeat the process to get back to your “main” Signal or Telegram account after authorizing your secondary number.

No Guarantee of Anonymity

Even if you sign up for a secondary phone number, your real identity may still be traced. In some countries, you need to provide identification to get a SIM card, so your phone provider may know exactly who you are even if this information isn’t available to the general public. The same is true for VoIP services such as Google Voice. While Google and Skype aren’t going to make information like your email address and IP address available to anyone, they still hold it on file and could be forced to hand it over in court.

[mai mult...]