Keep Your Personal Data Private on the Internet!

Learn how to prevent advertisers, hackers, and other parties from seeing
sensitive information with Take Control of Your Online Privacy by Joe Kissell.

How Not to Take a Vacation

(updated June 20, 2018)

A vacation is looming, but your work schedule deals with that poorly—there are things people need while you’re gone, most of them don’t have anyone else to do them. The obvious, and wrong, solution: work twice as long prior to the vacation in order to “get ahead,” and then check in regularly during vacation, putting in “just an hour or two” to keep things humming.

Put another way: if you work through four straight weekends in order to take a seven-day vacation, you know that’s nuts, right? The same thing applies if two 40-hour weeks become 60-hour weeks.

This isn’t about renegotiating commitments. This is honoring the negotiations already made. When you were given vacation time, and weekends, and a reasonable expectation that you’d be off the clock before bedtime most days, those were promises made to you. Requiring you to work an extra week’s worth of time to “pay back” for vacation is just as much a violation as you taking off a week without warning, for no reason, after you’ve used all your vacation.

The only people who should be volunteering such time are people with ownership stakes in their companies. Everyone else either gets compensated fairly for extra work, or has the right to turn down such demands. Getting neither is the definition of exploitation. It doesn’t make a difference that most of us are acculturated to this treatment.

You can consciously choose to make sacrifices, for whatever reasons you like. Just always do so deliberately, and make clear whenever possible that such a choice is not a guarantee it’ll happen next time.


Want more? All the Links to Take Control of Your Productivity Web Content

Posted by Jeff Porten (Permalink)

Tips and Tricks for More Productive Use of Your Tech Tools

(updated June 20, 2018)

One thing about life in the early 21st century is that technology is ubiquitous—a good thing if you’re a technophile, bad if you think that’s the reason we’re all on-call 24/7. We have computers in our pockets and the Internet is airborne. If you want to be disconnected, you really have to work at it.

The side effect is that we take it for granted, which means that even experts tend to overlook basic aspects of what their technology does for them. When you name a document, “Dec-10 meeting,” do you notice that it already had a creation date of December 10th? Are you constantly going to the fourth page of your iPhone to launch an app, but haven’t noticed you don’t use one of the apps in your Dock?

This chapter is a menu of ways you can make your technology work better for you, usually independent of what that technology actually is. Not all of them will work for you. (Naming a document “Dec-10 meeting” is a fine idea when you create it a few days early, and edit it a few days later; you might want to consider naming it 2018-12-10 meeting so it sorts better alphabetically, though.) It’s partially meant to give you specific implementations, but also hopefully will train you to take a closer look at how you’re using all of the tools in your system for improvements and tweaks.

There are two sections to this post:

  • Making the most of things that are built into your existing technology, which you’ve probably overlooked.

  • Approaches which can be universally applied to nearly every gadget or computer, from a more conceptual point of view.

Technology Tricks and Tips

This is a menu, not a checklist. I’ll be pointing out aspects of your computers and devices that you’ve likely noted in passing, but have never considered to be a productivity technique.

File Management

Most of the white-collar work we do is centered around files: on drives, on mobile devices (where files are usually pretty well hidden), in the cloud. But most of the techniques we use to manage them are dinosaurs from the dawn of the graphic user interface in the 1980s (which in turn were based on far older paper systems). Today, you can do better.

Storing Files in Apps: When to Do So, When to Avoid It

Most productivity software has the ability to attach files to tasks or projects. Usually there’s a paperclip icon or an Attach File command, which looks similar to attachments in email. But email attachments are always copies of your files. App file storage is different.

Some apps actually make a copy and put it somewhere—stored in a database, or hidden in a folder that it has access to. This makes your task app data bigger, sometimes really big if you do this often. It can also radically slow down how quickly your system backs up and syncs to the cloud. But like any copy, if you edit the file your changes won’t appear in the copy in the task copy. Double-click the one in your task app, and you’ll accidentally be in a different file than the one you see elsewhere.

Some apps create aliases or shortcuts to your files. They don’t increase size, and when you open them, you’re working with the original file. This is usually better, but now your file won’t cloud sync automatically, and if you delete it because “it’s in your task app,” it’s gone. There’s only one document, you never copied it.

Some apps let you do both, and choose on the fly. Very few people should do this, it maximizes the opportunities to get it wrong.

My recommendation: don’t use this feature except to provide a rapid-access way of double-clicking a file in your task app. Organize your files on your desktop (see below), and create a pointer to that instead.

Use Your Desktop

Computers have various special folders, mostly places where you shouldn’t muck about so everything keeps working. But there’s one special folder that’s set aside for you: your desktop. Most people either subscribe to a clean desk policy and keep nothing there, or keep everything there and make it into a horrible mess of hundreds of documents, cleaning up only when they run out of room in the grid.

Both are unproductive. Your desktop is the only place where you can visually get a heads-up of all of your work, at any time. You can temporarily group files together in virtual space. You can more permanently create arbitrary folders and give them specific names related not only to a project, but to the specific task they’re related to. And you can drag all sorts of things out of browsers and other applications to create files, a fast way of putting things in a desktop collection point (which gets a recurring pointer in your task app).

Note: Turn off “snap to grid” if you want to make messy piles of icons when organizing, but when you’re done, you should put each pile into a folder on your desktop. Computers aren’t very good about storing the locations of your icons, and they can get “cleaned up” for you when you’re not looking.

In other words, the only files that should live on your desktop are your current work. A glance tells you what to do when it’s an implicit task, and also creates a heads-up on how many open projects you’ve got going. When you’re done with a file, put it elsewhere (suggestions below). Set a recurring pointer to review your desktop and make sure that nothing lingers from completed tasks. As for the files that should be there, you can take two approaches:

  • If a file is an implicit task, set a pointer to the desktop to remind you to deal with everything there.

  • If a file needs a little more prep or explanation each time you start, or if you know you’re just not going to get to it for a while, document its task in your task app. You can still leave working files on your desktop (or organize them in a folder on your desktop), but put files for on-hold projects elsewhere. Cluttering your desktop cuts down on its value.

Note: If your desktop is starting out as an unmanageable mess, create a new folder named “Previous Desktop,” and drag all of your files there. Instant cleanup. That folder is probably a collection point now (that nothing new should be added to, but which needs to be cleaned out), so set up a recurring pointer or sprint to deal with what’s there.

This is how my desktop looks at the moment:

Mac Desktop organized by tags

This is a plain old Mac desktop, but most of the files here have been tagged so they sort by the colored dots. You can keep your desktop sorted by tags (changing tags or creating new files always re-sorts them immediately) like this by choosing View > Sort By > Tags, or you can do a one-time sort (new files go wherever you put them, and tags don’t stay sorted) with View > Clean Up By > Tags. Anything on my desktop that isn’t tagged is a new file I haven’t organized yet; this way, my desktop is a combination of organization and collection point. Here’s what my tags mean (I use a lot of tags):

The tags I use, such as marking files as complete, active or urgent.

Here are Apple’s instructions on using tags. Windows users don’t have it nearly so good—tags don’t change the display of files quite so prominently, but here’s how to do it.

Note: This is an extremely geeky tip, only for people comfortable using the Terminal. Homebrew has an excellent command you can install called, well, tag. This allows you to do all sorts of things at the commmand line far easier than in Finder—and with the AppleScript do shell script command, far easier in your AppleScripts.

Maybe Use Other Special Folders

Your home folder has other default folders that you might think you should use for organization. But it’s not always the best idea.

Many of these have special attributes. Put anything into a Dropbox or Google Drive folder, and it’s in the cloud. Your Music folder may have subfolders dedicated to iTunes and other music apps; mess with these accidentally, and watch your apps break. Plenty of apps feel free to stick new folders in there wherever they feel like. That’s an argument to leave special folders alone, and create new places to organize the stuff that looks it should go there. Best place: the Documents folder inside your home folder (although it also suffers from the “apps add new folders” problem).

On the other hand, having a Music folder and a Documents > Music folder is just messy. If you can figure out what you’re doing, and remember not to touch the special folders, go ahead.

Note: If you have two such folders, and find yourself going to the wrong folder often, make an alias or shortcut from one to the other so you can quickly get there.

Assign Better Filenames

Quick: that document on your desktop that’s named, “Joe letter.doc.” Which Joe, and which project? If you know, no problem. If you don’t, use better names.

Names can be temporary. Give your file one name on the desktop to remind you what to do with it. When you archive it, rename it to what you’ll remember to use when you search for it later. A file on my desktop might be called “Joe Kissell.doc,” then get filed away as “Pitch to Joe Kissell re Take Control productivity book.doc.” Alternatively, make the file the only item in a folder, and name the folder with a instruction; I might create a folder named “Finish the book outline and add a cover letter,” put the Joe Kissell.doc file into it, and suddenly my task is implicit. When I’m done working with it, I file the document and discard the folder.

Note: You can also use File > Get Info on Mac or file properties in Windows to set a comment for a file. These aren’t as useful as they might be, because the comment can’t be seen easily. This is a good place to put search keywords, though, if they don’t appear in the document.

Make Copies Without Making Copies

It’s frequently useful to put a document in multiple places. It’s also an excellent way to accidentally destroy your documents, or your project, if you’re not careful—multiple copies mean the chance to put multiple changes in very different places, and send what you think is a finish document that’s missing half of what it should have.

There are three ways to put a file in several places, and each one is different.

  • You can duplicate the file. But that creates a problem when you make edits, because they won’t be in the other copies.

  • You can create an alias (Mac) or a shortcut (Windows). An alias looks like a copy of the original, but it’s actually a pointer to it. Alias icons have a little arrow in the corner to remind you of this; their default filenames also say so, but you might change those. The downside: delete the original “because you have copies elsewhere,” and the pointer goes nowhere—the document is gone.

  • Mac users have an oddball third option, called a “hard link.” Hard linked files look like aliases, but so far as the hard drive is concerned, the files actually live in both places. Delete the “original” (in quotes, because your computer doesn’t care), and the file keeps living elsewhere. A file is only deleted when all of its hard links are gone—the original has the first one.

    The problem: this is a feature Macs inherited from Unix, and there’s no easy way to do it. And I’ve noticed that the Finder and Spotlight can get awfully confused by them, showing weird results. Again, only use these if you’re comfortable in the Terminal; here’s how.

Cloud Storage

Some people sync files to the cloud too infrequently, others too often.

If you’re in the habit of only syncing files to the cloud to share them with other people, consider sharing them with yourself. Cloud files can show up on your mobile devices, and are a handy way of always having them on a second screen, or on the go.

On the other hand, sharing too many files can cause ownership problems. Anything that lands on a work computer (in the US; varies in other countries) can be inspected at any time by your bosses and IT staff. Worse, they can claim sole ownership of those files, and take you to court to force you to delete all other copies. I’ve never heard of this happening with productivity app data, but it’s certainly happened when a vindictive former employer wanted to steal private intellectual property.

The other problem is that private files in the cloud are, well, in the cloud. Once they’re there, they’re out of your control. Cloud services are usually trustworthy about encryption, and making sure other people can’t get access—but if it’s not in the cloud, you’re 100% certain about it.

For this reason, I recommend against productivity tricks that put everything in the cloud. Some articles recommend buying unlimited (or very large) cloud storage, and making your cloud folders your main Documents folder. Macs allow you to sync your entire Desktop and Documents folders, and appallingly make this an easy-to-miss default during some macOS upgrades. Turn these off.

Note: Some online backup services, such as Backblaze, can be used as an ersatz cloud service for your entire drive. You can download individual files to your computers or mobile devices; the only issue is that you have to wait a bit for it to get there.

Revision Tracking

Stop naming copies of files “Big Report Final Final FINAL this time I mean it Final.doc.” Mac and Windows automatically keep a revision history in most apps. Save your changes in one place, and only make copies when you’re certain you want to freeze something in place for posterity. If you go back to one of these, hide the newer versions somewhere for reference only, and stop editing them.

Note: While it’s fine to rely on apps auto-saving your documents, and on your OS to maintain a version history, it still doesn’t hurt anything to hit Command-S or Control-S whenever you finish a bit of work you want to make sure is neatly stored somewhere, in case your dog chews through the power cable.


There is more to come here, but I haven’t had time to reformat the rest for the web. Check back shortly. —Jeff


Want more? All the Links to Take Control of Your Productivity Web Content

Posted by Jeff Porten (Permalink)

Task Apps to Consider

(updated June 20, 2018)

When I first outlined the book, I planned an entire chapter talking about productivity applications so you would be able to pick one out of a menu. But then it turned out that I had plenty of other things to say, Joe Kissell (head honcho at Take Control) didn’t want the book to be 500 pages, and the easiest thing to cut was a chapter of which most of you would only need a few paragraphs.

Even so, a menu is useful, because the apps I mention in the book aren’t necessarily right for you. Here are some other good ones. Note that a listing here does not necessarily mean it’s recommended; read the description before trying it out. But everything here is best-in-class for at least one feature, and if that’s the key thing you’re looking for, maybe you’ll overlook any drawbacks.

Remember: web apps are usually compatible with both Windows and Mac, and sometimes with mobile devices—it’s always better when a web app developer ships a native app for mobile platforms, though. If an entry says “Mac, Windows, web,” that means that there are native apps for those platforms in addition to a web app.

Asana

Platform: web
Complexity: high, but with an attractive interface that hides it well
Best for: teams, including very large ones

Asana is way too large for me to be able to give it an effective review, so I’ll just say that I’ve included it because I’ve repeatedly heard it mentioned as having traction in large companies. Most of the other team tools I’m mentioning are primarily for smaller ones; this one, you can apparently throw an army into. Fastest way to acquaint yourself: check out their tour, where they apparently agree with my large-team assessment, as a sample project is “Mission to the Moon.”

Monday

Platform: web
Complexity: simple to medium
Best for: teams

Monday (formerly called “dapulse,” and yes, that’s the capitalization they used) is a team management app that values simplicity and visualization over an extensive feature set. The website doesn’t try to describe much about it (and neither will I), as it’s much faster to watch this one-minute video demonstrating how it works. Reviews of the software are mixed: either so fawning I suspect a paid placement or noting showstopping drawbacks while still giving it a middling rating. (No recurring tasks? Really?)

I haven’t tested this software, primarily because I would have preferred they invested in actually describing their software with words rather than the rock music soundtrack of the video—for example, while a review said they have mobile apps available, Monday doesn’t believe that’s worth mentioning on their own website. Very annoying for anyone trying to, I don’t know, evaluate the software.

Also, in the five minutes I’ve been writing this paragraph, the Monday.com browser page has flipped into an ad asking me to give them my email address three times, and minor annoyances like that are not a good idea when I’m deciding whether to spend time kicking the tires. They’re here because there’s one thing notably in their favor: if you like simple Gantt charting, the video seems to indicate they’ve nailed it.

Outlook and OneNote

Platform: Multiple, but really, it’s mainly Windows
Complexity: Depends
Best for: individuals

I’ve never heard of anyone seeking out Outlook; it’s more the app that people end up using because everyone else in their office does. I hear there are Microsoft Office gurus who can make these apps turn on a dime and give you eight cents change—and I believe it, because for a long time Microsoft Entourage (now Outlook for Mac) was one of the best tools available. I’m just not in a Microsoft environment enough to know how well it works—and the reason I said its complexity “depends” is because you have to get to know a bunch of Office apps pretty well in order to really make use of Outlook’s integrations.

That all said, I’ve seen several people saying that Outlook plus OneNote is a fantastically powerful toolset. If you’re spending all your time in Office apps already, maybe you already have the tools you need.

Remember the Milk

Platform: Mac, Windows, iOS, Android, web, others
Complexity: simple to medium
Best for: individuals

Remember the Milk makes the cut because: 1) its attention to additional platforms—you can also get the app for Linux, Blackberry 10, and Kindle Fire tablets, and 2) it seemingly integrates with nearly everything else you might use, including Google apps, Outlook, Evernote, Alexa, Siri, Twitter, IFTTT automation, and email. Rapid task capture and metadata-on-the-fly (such as repeats, tags, and priorities) seem to be a strong suit; less so complex projects and organizational needs.

A top contender as a great app to use in addition to your task app, as you can use it to pull data from nearly everywhere and see it on nearly everything; it could also be a decent task app if your structuring isn’t too complex, and you’re willing to give up some management features.

Salesforce

Platform: web with mobile apps
Complexity: I’ve been trying to learn it for three years and can still barely use it
Best for: teams the size of, say, Google

If you want to see why I was so effusive in the book about Daylite, the CRM software for Mac, just give Salesforce a spin. I’ve been working with CRM and productivity software for over two decades, I’ve spent three years trying to learn Salesforce (I’m on the board of a nonprofit that uses it), and every time I use the site it takes me 15 minutes to do the simplest things.

Apparently, the way most people use Salesforce is either with out-of-the-box solutions (which apparently, no one has ever bolted onto what I’ve tried to use), or with bespoke custom applications created by very expensive consultants. As I understand it, there’s almost nothing Salesforce can’t do, if you have a deep enough checkbook. But the problem with Salesforce is mainly that I don’t understand it—and I’m usually really good at understanding software.

TaskPaper

Platform: Mac, but see below
Complexity: simple to medium
Best for: individuals

TaskPaper is a Mac app with an important wrinkle: all of its data is written to plain text files in an attractive way, which you can then open and edit on anything else. When you view these files in TaskPaper, you get various bells and whistles (such as collating your Due list into one place), but when you’re looking at the same files elsewhere you can get similar functionality with a text search. Toss your files into Dropbox or another cloud service, and boom, instant everywhere. Edit these files in a way that TaskPaper understands, and when you re-open them in the app you’ll get the bells and whistles.

The drawback to this method is that you have to learn the “language” of how to format what you write so TaskPaper can understand it; programmers and techie people will understand this instantly, but it’s a bit fiddly for the general public. Check out their videos to see if it’s your cup of tea.

Note: TaskPaper doesn’t have much complexity baked in, but because you can come up with whatever text tagging you can imagine, and spread out your data over as many text files as you like, it’s possible to build a great deal of complexity—provided you’re the kind of person who can memorize the text formatting you have to invent to create it.

TickTick

Platform: Mac, Windows, iOS, Android, web, and others
Complexity: simple interface covering better-than-medium complexity
Best for: individuals or teams

TickTick didn’t come to my attention until late in the book’s production (I heard about it on the Back to Work podcast), but my initial impression is solid enough that I might promote it to a top app in the next edition of the book.

It looks like a simple Reminders-style app, but has tons of features beneath the hood at a reasonable price. Notably: team delegation, tracking of each person’s activities on a task, deeply nested tasks, multiple alarms per task, a monthly calendar and timeline view for your due dates, widgets for mobile devices, smart lists generated from rules, and intelligent parsing of both spoken words and text for rapid task entry. There’s even a white noise feature on mobile apps, so you can drown out distracting noises while working.

Tinderbox

Platform: Mac
Complexity: insanely high
Best for: individuals

Tinderbox isn’t so much a task management app as it is the kind of tool you’d use to organize all of your research if you wanted to write the Encyclopedia Britannica. For that kind of thing, it’s simply ridiculously powerful, and as such, could also be used to do ridiculously complex planning. But based on its home page, I can’t tell if it understands the concept of a repeating task out of the box—although I’m fairly certain you can build a data structure for that.

I’ve kicked the tires on a few trials over the years, and it’s the kind of software I’d love to use—if you’re the type who wants to full-text search every website you read 14 years ago when you don’t have an Internet connection, like I am, this is for you. But at $250 it’s also ridiculously expensive; I’ve never used it longer than a free trial. Mentioned primarily because for what it can do, I don’t know of any other software that does it as well.

Todoist

Platform: Mac, Windows, iOS, Android, web, and others
Complexity: simple with a few extras
Best for: individuals

Todoist is below my threshold for “complex enough to satisfy most of my readers,” but gets listed here because it’s mentioned very often in glowing terms by people discussing productivity in my podcast feed. It’s a multiplatform simple task manager featuring rapid data capture and natural language parsing; its flashiest feature is a graphic visualizer that shows you how productive you’ve been.


Want more? All the Links to Take Control of Your Productivity Web Content

Posted by Jeff Porten (Permalink)

Cross-Platforming Mac and Windows

(updated June 20, 2018)

If you have two different computers (most commonly, a Mac at home and Windows at work), there are a few ways to handle this. None of them are thrilling.

  • Cross-platform apps: The seemingly obvious solution is to pick an app that can live in both places. There are problems with this: first, there are very few app options here, and you’re much more likely to fit yourself to the software than the reverse. Second, if your data lives on your company’s hardware, they legally own it, and can review it (or demand passwords) at any time.

  • Web apps: Usually preferable to native applications (in this situation only). Your data lives in the cloud, so no one at work can get to your database. But it has the same lack-of-options downside: web apps are less complex than native applications (usually; Salesforce is a major exception).

  • Run Windows on your Mac: There are several ways to run Windows software on your Mac. This actually works really well. The issue is, spoiler alert, Mac apps are just better across the board: more choices, better design. The how-to for this is a book on its own (and unfortunately, Take Control’s book about it is out of print), but here are the software names to Google to get you started: Boot Camp, Parallels Desktop, VMware Fusion, VirtualBox.

  • Run Mac on your PC, sort of: You can’t run Mac apps on a PC, but you can share the screen of your Mac at home. You see the screen on your Windows monitor, anything you type or mouse gets sent home, your Mac does the work and sends back the screen. It’s not perfect—there’s a little lag, and sometimes everything pauses for a few seconds if the Internet connection slows down. The main problem, though, is that you need to leave your Mac running at home to use it, and some tech wizardry is necessary to set up your home router. Get started here: how to share the screen on your Mac, and software you’ll need on Windows.

I think most people will be served best by a task app that runs on mobile hardware that they own. Run your task app on a tablet, and you can prop it up side-by-side with either computer, using pointers to make any organization use do on all three perfectly manageable.


Want more? All the Links to Take Control of Your Productivity Web Content

Posted by Jeff Porten (Permalink)

Joe Kissell Takes Control of Apple Mail in iOS 11 and High Sierra

It’s been a while since the previous edition of Take Control of Apple Mail was published, so I had a lot to catch up on in my interview with Chuck Joiner on MacVoices. I’m not exactly a green rage monster this time, but there are a number of things about Mail I’m…less than happy about. If you feel the same way, I hope you find this interview therapeutic.

Posted by Joe Kissell (Permalink)

What You Need to Know About the EFAIL Vulnerability

Note: Please see the end of this article for updates.

Just hours before the scheduled release of Take Control of Apple Mail, Fourth Edition, my Twitter feed started blowing up with Urgent! Breathless! Warnings! about a newly discovered vulnerability that affects email messages encrypted with S/MIME or OpenPGP, about which I have a whole chapter in my book (“Sign and Encrypt Messages”). And my first thought was, oh, great, my book needs revising before it’s even out. I’ve now examined the original report that prompted the warnings and have a better understanding of the situation, which I’d like to share with you here, and which I plan to update as new facts emerge. Let me start with this, however:

The sky is not falling.

Yes, there is a problem, but (a) the odds that you will encounter it, even if you regularly use email encryption—and most people don’t—are incredibly small; (b) there are easy temporary workarounds; and (c) it is being fixed even as I type these words.

Let’s go over the details.

The Problem

A team of European researchers found a vulnerability that they’ve dubbed EFAIL. That site summarizes the issue; their complete technical paper (PDF) is here. The very short version of the problem is that there is a technique that an attacker could potentially use to cause your email client to send the decrypted contents of an encrypted message to outside parties. This technique exploits a combination of weaknesses in two encryption standards, design flaws in certain modern email clients (Apple Mail among them, on both macOS and iOS), and less-than-ideal default settings. It works only when you receive and open a message that contains a hidden copy of encrypted email you’ve already sent or received—meaning you are almost certainly being targeted directly. And it affects both of the most common encryption methods—S/MIME (built into most email clients) and OpenPGP (used by GnuPG and other software).

In order for this exploit to work, the attacker must already have encrypted messages sent to or from you. (There are numerous ways these could be obtained, but all of them require the extra, and sometimes quite challenging, step of first hacking into your email in some way.) Once that’s done, the attacker takes the encrypted contents of one or more of these messages and hides it in a new, specially crafted, encrypted message sent to one of the original senders or recipients (and, presumably, made to look as though it comes from a trusted source). When the victim opens this message, their email client decrypts it and sends the attacker the plaintext contents of the encrypted message(s) hidden within it. So, this doesn’t give the attacker the ability to freely read all your encrypted email, only those specific messages sent to you or the other party in the email transaction in this sneaky way.

Why You Probably Don’t Have to Worry

EFAIL almost certainly won’t affect you, even if you take no action. Here’s why:

  • Very few people encrypt their email anyway. If you’re not using S/MIME or OpenPGP—and believe me, you’d know it if you were—there’s just nothing to see here.

  • I have seen no evidence, or even hints, that this exploit is being used, or has ever been used, in the wild. As far as I know, only the researchers who discovered the technique have actually tried it. (Obviously, that could change in hours or days, but it’s not like the bad guys have been actively using this already.) And remember, even if or when it does get out into the wild, an attacker can’t use this on you without first obtaining the existing encrypted email messages from your account that they want the contents of. That’s a nontrivial extra step.

  • The companies that make the affected email clients and third-party software are working on fixes right now. For example, the team that makes GPGTools has already tweeted that a mitigation is imminent, in GPGTools 2018.2, and that there’s an easy workaround in the meantime (about which, read on). And if Apple doesn’t address this in macOS 10.3.5 and iOS 11.4 within days, I’ll be shocked. (In other words: the vulnerability will likely be eliminated before anyone has time to exploit it.)

As the EFAIL researchers point out, although the developers of apps like Apple Mail, Thunderbird, and GPGTools can and should fix a variety of vulnerabilities, a complete and permanent fix requires changes to the S/MIME and OpenPGP standards, which will take longer. Even so, I fully expect the problem to resolve itself before it has any meaningful real-world effect.

What You Can Do Now

Long story short, flipping one switch is probably adequate.

macOS
If you are using Apple Mail on a Mac, and are actively using S/MIME or OpenPGP, the quickest and easiest way to immunize yourself against the most likely forms of this attack is simply to uncheck one box:

  1. Go to Mail > Preferences > Viewing.
  2. Uncheck “Load remote content in messages.”
  3. Close the Preferences window.

(I already had this unchecked in my copy of Mail, and have long recommended that other people do so too, because loading images from HTML messages is often used for tracking, and although some of this tracking is entirely benign, I prefer a little more privacy than the default.)

The Electronic Frontier Foundation (EFF) recommends going further—removing the GPGMail plugin (if you use it) to prevent Mail from decrypting messages automatically at all. But I agree with the GPGTools developers that this step is entirely unnecessary.

iOS
On an iOS device, do this:

  1. Go to Settings > Mail.
  2. Turn “Load Remote Images” off.

And that’s it.

A Few Last Remarks

In the paper that kicked off this whole crisis, the researchers included tables detailing which of the tested clients, on various platforms, are vulnerable to each of several variations on this attack. Interestingly, Canary Mail for iOS, an OpenPGP client I mention in my book, is not vulnerable. (The researchers didn’t test the Mac version, but I assume it’s also safe.) So, if you rely on OpenPGP-encrypted email on a Mac or iOS device, switching (even temporarily) to this client might be something to consider.

Finally, and I’ve said this many times in many books, keep your software up to date. All these fixes that developers are working on do you no good if you don’t install them. So please, keep up with system updates and security fixes for macOS and iOS, and make sure your third-party apps are also up to date.

If any significant new developments arise, I’ll update this article accordingly.

Update 2 (June 9, 2018): On June 4, GPG Suite from GPGTools was updated to version 2018.02, with mitigations for EFAIL. Apple also says that macOS 10.13.5 (released on June 1) addresses S/MIME vulnerabilities, although testing by the GPGTools developers indicates that Mail remains vulnerable to some EFAIL-related exploits.

Update 1 (May 31, 2018): Contrary to my expectations, neither Apple nor GPGTools has yet delivered an update to address this problem. I still expect fixes soon, but they didn’t happen as soon as they should have. In addition, one researcher has published a proof of concept exploit that could theoretically put your email at risk even if you disable the loading of remote images as described above. (And in any case, I should note that any mitigations you undertake on your own devices won’t help if your correspondents’ devices are compromised.) Even so, I have yet to hear of any real-world attacks involving the EFAIL vulnerability, and I still believe the sky is not falling. But I sure wish the security folks at Apple and elsewhere would kick their bug-fixing into high gear.

Posted by Joe Kissell (Permalink)

Apple Watch updated; Apple Watch book, not so much

In the nearly three years since the Apple Watch was introduced, we’ve seen four hardware iterations, four operating system releases, and millions of orders, making it a fairly mature product by modern tech standards.

During that time, we’ve also seen four releases of Apple Watch: A Take Control Crash Course, including the first version we published before the watch was even released. And now…well, we think four is a pretty good number, for now. Sales of the book aren’t enough to justify updating the manuscript to account for the changes in Apple Watch Series 3 and watchOS 4.

That turns out to be a pretty good opportunity for you and/or dozens of your Apple Watch-owning friends, because we’ve put together a great deal. Looking over the current version, easily 95% of the information is still relevant and helpful to anyone with an Apple Watch. Want to install apps, customize watch faces and complications, get driving or walking directions, or send messages? It’s all there.

So here’s the deal: you can now buy the (slightly outdated) book for just $5—half of its original price!

Here’s an overview of what’s changed in the Apple Watch that isn’t specifically in the book:

  • The Apple Watch now runs watchOS 4, which represents more of a focus on fitness activities and technologies used in Apple’s ecosystem. watchOS 4 runs on all versions of Apple Watch, even the original “Series 0” hardware.

  • The Dock, which comes up when you press the side button, now displays apps as a layer of cards representing the most recent apps you’ve used. In the Watch app on the iPhone (in My Watch > Dock), you can change that to display Favorites, and put the apps in the order you prefer.

  • The app screen is, by default, the same blobby collection of circular app icons, but now there’s an alternative. Force-touch the app screen and choose List View to see the apps as a scrolling list.

  • Apple introduced a few new watch faces in watchOS 4. The Siri face is named because it has a prominent Siri button you can tap (if you’d prefer to invoke the assistant with a tap instead of pressing the digital crown or raising the watch and saying, “Hey Siri”). It also features informative cards that display things such as Apple News items, calendar events, and reminders. Also new is a Kaleidoscope face that takes photos and mirrors them into geometric patterns. And I also confess an affinity for the dozens of fun, animated Toy Story-themed faces.

  • The Apple Watch Series 3 includes a model with built-in cellular networking, which means the iPhone doesn’t need to be connected to the watch to use wireless features such as messaging, phone calls, or streaming music playback. Prices to enable the cellular feature vary among wireless providers, but in most cases it’s an extra monthly fee.

  • The Apple Watch Series 3 models also include an altimeter, a faster processor, more internal memory, and Bluetooth 4.2 wireless networking.

  • watchOS 4 adds the capability to stream music with an Apple Music subscription, versus syncing music tracks to the device separately. It also supports sending and receiving money via Apple Pay’s peer-to-peer payment feature.

  • The fitness features in watchOS 4 include more types of workouts, as well as compatibility with several gym equipment models to sync more detailed real-time workout data as you’re exercising.

  • Apple incorporated more coaching prompts and reminders to the activity features, providing nudges throughout the day if, for example, your exercise ring isn’t as far along at some point compared to the same time on other days. It sounds like a nagging feature, but in my experience, Apple has found a good balance between motivation and exasperation.

These are mostly refinements for what was already in the Apple Watch experience since the last release of Apple Watch: A Take Control Crash Course. If you’re looking for a great guide that covers all of the other foundational topics about the watch, take advantage of our new pricing for the book at just $5.

Posted by Jeff Carlson (Permalink)

What Happened to Read Me First: A Take Control Crash Course?

Thanks for your interest in my ebook, Read Me First: A Take Control Crash Course! Written in 2014, this title was available for free from the Take Control website until midway through 2017, when it was withdrawn because the screenshots were dated and the information wasn’t always accurate for new versions of macOS.

When I wrote this ebook, I was editor-in-chief of the Take Control series, and I wrote it largely so we didn’t have to repeat certain topics in other Take Control titles. Of these, the three biggies were figuring out what version of macOS or iOS you were running, launching the System Preferences app on the Mac, and understanding directory paths. Keep reading below for tips on these three tasks.

The 49-page ebook did cover a few other topics, and if you’re running 10.9 Mavericks, 10.10 Yosemite, or 10.11 El Capitan and really want a copy of the PDF, feel free to ask at support@tidbits.com. Some time after this title lived out its useful life, I used it as the starting point for another ebook, Take Control of Mac Basics. Weighing in at about three times the page count, Take Control of Mac Basics costs $15 and covers even more of the fundamentals of using a Mac while sharing oodles of tips for improving your everyday Mac experience.

Finding Your System Version

To complete this simple task on the Mac, move the pointer to the upper-left corner of the screen and click the Apple icon. Choose About This Mac from the menu. A window appears. Text in this window tells you the operating system version. Where, exactly, that text appears depends on which version. Look carefully and you’ll find it.

What about iOS? In iOS, open the Settings app and tap General. Then, tap About. Look on the About screen for the Version line, which will provide the version of iOS.

Launching System Preferences

Imagine this. You want to change the background image on your Mac’s Desktop. You search in Google for instructions and find an article that promises to tell you what to do. But, it tells you to open System Preferences. Okay, fine… but where is System Preferences? For that matter, what is System Preferences?

First, it’s an app that provides a home for “preference panes,” most of which come from Apple and let you configure various aspects of your Mac experience. Other preference panes are installed by third-party apps.

To open System Preferences, click the Apple icon at the upper-left corner of the Mac screen. Then, choose System Preferences. That’s the most obvious and reliable method, but there are lots of other methods, such as clicking its gear icon in the Dock, pressing Command-Space to invoke Spotlight, and then typing “sys,” and even clicking the round Siri icon on the menu bar and saying “open System Preferences” (assuming you’re running macOS 10.12 Sierra or later and have Siri enabled).

Understanding Paths

Any file or folder on a Mac can be found by navigating from a known starting point—usually the main level of a drive, through any intervening folders, to the item. Instead of writing out all that navigation with a lot of “Open this, then open that,” we use a path.

For example, if I want to tell someone where to find their Photos Library, I could say “open your home folder. Then open your Pictures folder. That’s where you’ll find a file called Photos Library.photoslibrary.” That’s a lot to write out and boring to read. So, instead, I could use a path and say, “You’ll find your Photos Library at /Users/homeFolder/Pictures/Photos Library.photoslibrary.”

A Tilde ~ in a Path

Paths like the one above that tell you to go to a spot inside the home folder can be awkward, since the writer can’t know the name of your home folder. Fortunately, there’s a shortcut. To indicate more gracefully that a path includes the user’s home folder, a writer might begin the path with a tilde character, like this: ~/Pictures/Photos Library.photoslibrary.

Typing or Pasting a Path

Instead of following a path by clicking from folder to folder in the Finder, you might wish to type the path—or copy and paste it. Pasting is handy when you want to follow a complex path that you see in an ebook or on the Web—you can copy the path using the Edit > Copy command and then paste it with Edit > Paste. Typing a path can also be a useful way to view a folder that is normally hidden. For example, if the instructions for some Unix task tell you to look in /var/log, this is your only method of navigating there—unless you want to work on the command line.

To follow a path by typing or pasting it, follow these steps:

  1. In the Finder, choose Go > Go to Folder.
  2. Enter the path by typing or pasting it, if you’ve already copied it.
  3. Click the Go button.

A Finder window opens, showing the folder whose path you entered.

Posted by Tonya Engst (Permalink)

Try This Quick Tip for Making Your Pointer Easier to See

Yesterday was the first webinar for Take Control of Mac Basics, and I had fun sharing my actual Mac screen with viewers as I demonstrated some of my favorite Mac features. One viewer commented, however, that he had trouble seeing the mouse pointer. “Drat!” I thought, “I’m sure there’s a way to enlarge the pointer, and I wish I’d thought of that before starting the webinar.” Sure enough, its easy to make this change: go to System Preferences > Accessibility > Display, and drag the Cursor Size slider as desired. Saturday’s show will feature the pointer at nearly the largest size! (To access the webinars, make sure you have version 1.1 of the ebook and look in the chapter “The Mac Basics Webinar.”)

Posted by Tonya Engst (Permalink)

Joe Discusses the New Editions of His “Mac Fitness” Books

I joined Chuck Joiner on MacVoices (audio and video) to discuss the new editions of Take Control of Backing Up Your Mac, Take Control of Maintaining Your Mac, Take Control of Troubleshooting Your Mac, and Take Control of Speeding Up Your Mac—including their transition from Joe On Tech books back to the Take Control world:

MacVoices #17227: Joe Kissell Releases Four Take Control Titles Updated for High Sierra

Posted by Joe Kissell (Permalink)