NC_2024_12_15
This episode covers updates to MindNode, focusing on the launch of MindNode Next, user retention, new features, document management in iCloud, and the importance of cybersecurity awareness.
Automatic Shownotes
Chapters
Long Summary
In this episode, I delve into the intriguing developments surrounding MindNode, my chosen mind mapping tool following the discontinuation of iThoughts. Since my transition, there have been significant updates to MindNode, particularly with the introduction of MindNode Next, a complete overhaul of the classic version. This episode not only outlines these changes but also addresses the concerns that come with offering two parallel versions of the software: MindNode Classic and MindNode Next.
After a brief backstory on my transition and the community discussions that accompanied it, I discuss the company’s decision to continue support for MindNode Classic while simultaneously pushing the new iteration into the public eye. The implications of this decision raise questions about user retention and satisfaction, especially as MindNode Next misses some features present in Classic. With careful consideration, I aim to clarify the development path chosen by the MindNode team and illustrate how this delicate balance can benefit users in the long run.
As I navigate through the new features of MindNode Next, I emphasize the concept of document management and the significant departure from the traditional document-based approach to a system managed directly within the application and stored in iCloud. This shift may not appeal to everyone, especially those who value having their documents displayed in Finder, but early indications suggest effective iCloud syncing capabilities. I provide insight into the various import and export functionalities, highlighting the current limitations while underscoring the promised future enhancements that will expand compatibility with various file types.
In discussing the interface, I introduce the inline inspector, which serves as a powerful new addition allowing for quick styling changes to nodes while also including functionalities such as a fold button to manage node visibility effortlessly. Collaboration is another exciting venture for MindNode Next, and I solicit input from my listeners to join me in testing out these real-time features together.
Additionally, I touch on the enhancements made to Tiny Mac Tips, a series designed to elevate users from adequate to power users of the Mac. I have streamlined navigation through a linked index and categories for easier access to tips, ensuring that both newcomers and seasoned users can benefit from this collection. I recap the evolution of these posts and how their accessibility has been significantly improved, enabling users to jump directly to their areas of interest.
Towards the end of the episode, I reflect on the importance of being informed and prepared against potential scams in our digital world, exemplified by ongoing discussions with Adam Engst about recent tactics employed by fraudsters. From the detailed analysis of a specific scam targeting obituaries to practical advice on social media, this conversation serves to equip listeners with strategies to recognize and avoid pitfalls.
As I wrap up, I encourage everyone to remain vigilant and up to date with their software, reiterating a core piece of advice: stay patched to stay secure. This reinforces the overarching theme of being proactive in our engagement with technology, ensuring we continue to adapt and evolve alongside the tools we use. Stay tuned for further reviews and insights as I continue to explore the capabilities of MindNode Next and share lessons learned from my interactions with the wider tech community.
After a brief backstory on my transition and the community discussions that accompanied it, I discuss the company’s decision to continue support for MindNode Classic while simultaneously pushing the new iteration into the public eye. The implications of this decision raise questions about user retention and satisfaction, especially as MindNode Next misses some features present in Classic. With careful consideration, I aim to clarify the development path chosen by the MindNode team and illustrate how this delicate balance can benefit users in the long run.
As I navigate through the new features of MindNode Next, I emphasize the concept of document management and the significant departure from the traditional document-based approach to a system managed directly within the application and stored in iCloud. This shift may not appeal to everyone, especially those who value having their documents displayed in Finder, but early indications suggest effective iCloud syncing capabilities. I provide insight into the various import and export functionalities, highlighting the current limitations while underscoring the promised future enhancements that will expand compatibility with various file types.
In discussing the interface, I introduce the inline inspector, which serves as a powerful new addition allowing for quick styling changes to nodes while also including functionalities such as a fold button to manage node visibility effortlessly. Collaboration is another exciting venture for MindNode Next, and I solicit input from my listeners to join me in testing out these real-time features together.
Additionally, I touch on the enhancements made to Tiny Mac Tips, a series designed to elevate users from adequate to power users of the Mac. I have streamlined navigation through a linked index and categories for easier access to tips, ensuring that both newcomers and seasoned users can benefit from this collection. I recap the evolution of these posts and how their accessibility has been significantly improved, enabling users to jump directly to their areas of interest.
Towards the end of the episode, I reflect on the importance of being informed and prepared against potential scams in our digital world, exemplified by ongoing discussions with Adam Engst about recent tactics employed by fraudsters. From the detailed analysis of a specific scam targeting obituaries to practical advice on social media, this conversation serves to equip listeners with strategies to recognize and avoid pitfalls.
As I wrap up, I encourage everyone to remain vigilant and up to date with their software, reiterating a core piece of advice: stay patched to stay secure. This reinforces the overarching theme of being proactive in our engagement with technology, ensuring we continue to adapt and evolve alongside the tools we use. Stay tuned for further reviews and insights as I continue to explore the capabilities of MindNode Next and share lessons learned from my interactions with the wider tech community.
Brief Summary
In this episode, I explore the significant updates to MindNode following my transition from iThoughts. With the launch of MindNode Next, I discuss the implications of maintaining both MindNode Classic and the new version. This includes an analysis of user retention as MindNode Next lacks certain features found in Classic. I highlight the transition to a document management system stored in iCloud, examine new functionalities such as the inline inspector, and invite listeners to collaborate on testing real-time features. Additionally, I share developments in my Tiny Mac Tips series aimed at improving user accessibility. The episode concludes with thoughts on cybersecurity and the importance of staying informed to recognize potential scams. I encourage my audience to remain proactive with their software to ensure security and adaptability in our digital landscape.
Tags
MindNode
iThoughts
updates
MindNode Next
user retention
document management
iCloud
inline inspector
collaboration
cybersecurity
Transcript
[0:00]
NC_2024_12_15
[0:00]Music.
[0:05]A technology geek podcast with an ever so slight Apple bias. Today is Sunday, December 15th, 2024, and this is show number 1023. Before we get started, I want to tell you there will not be a live show next week because our kids are going to be here on Sunday. So I'll be publishing the show early on Saturday, the 21st. Now, we will have a live show on the 29th of December if anybody's interested. But Steve and I will be in Vegas for CES on the following Sunday, which is the 5th of January, so there'll be no live show that day either. So I'll remind you of that on the 29th, but the main thing to remember is next week, no live show, but the following week there will be. So we will be back on the 29th. All right, everybody with me? Let's get going.
[0:52]
MindNode → MindNode Classic → MindNode Next
[0:55]Well, when the developer of iThoughts decided to shutter the doors on his business, I chose MindNode as my new mind mapping tool of choice. My post in April entitled RIP iThoughts is probably in my top 10 most commented articles. A lot of people jumped into the discussion just to say thanks for the trade study I did where I picked out the tool I was going to use, while others joined in to offer alternative solutions. It's really been great having a group of people to share a common topic of interest. Well, here we are nine months later and big changes are coming to MindNode. I'm not ready to call the changes a success, but I'm really intrigued by the path the company has taken. Imagine you rewrite your flagship product from the ground up, and it's working great, but it's not yet in full feature parity with the previous version. What do you do? You got a couple of choices. One path would be to sit tight and just keep working your little coding fingers to the bone until 100% of the features in the old product are now available in the new. Or you could go down kind of a risky path where you release the new version, missing some features and have it exist almost kind of side-by-side with the original. That second path is what the folks at MindNote have chosen to do.
[2:06]I think it's a path with a lot of merit, but it could cause people who don't understand what's going on to abandon the new software or leave bad reviews for it. My goal is to explain what they're doing, and then with knowledge you can decide if you think they're on the right path. First, let's understand the naming conventions. The original MindNode has been rebranded as MindNode Classic, and the new hotness is called MindNode Next. I think it's going to be pretty easy to keep those names straight. They did a good job there. For the time being, the only version you can get through Setapp is MyNodeClassic. They believe they'll probably replace it with MyNodeNext eventually, but they have to figure out how to make that transition. In the iOS App Store and the Mac App Store, the only option you'll see is MyNodeNext. But don't panic. It's not gone. It's just unlisted. I put a link in the show notes where you'll find direct links to MyNodeClassic in both the Mac App Store and the iOS App Store. Now here's an even more interesting tidbit. They're still developing Mindnode Classic and adding features. I'm sure new development will slow down as the two versions converge, but it gives me a good feeling about their dedication to a smooth transition. Turns out you can run both apps side-by-side right now and for the foreseeable future. I'm sure at some point they'll sunset Mindnode Classic, but it's not going to be anytime soon.
[3:28]If you want to keep up to date on the development of both products, you can go to mynode.com slash releases. When you look at the release page, you need a magic decoder ring, which I've suggested they should put on the page. If you see a feature that says 2024.x, that means it's a feature they've added to mynode next. If it says 2023.x, that means it's a feature for mynode classic. I got to tell you, I've been surprised at how often I see updates on this release notes page. One more naming convention. You can use MyNode Classic and MyNode Next without paying a single Huniaker for it. You get a limited feature set, but it might be everything you need. If you want a full feature set, you can subscribe to MyNode Plus for both versions for $25 a year or $3 a month. If you want to compare features between free and plus, you can go to MyNode.com slash download, and of course there's a link in the show notes to that as well. Now let's finally talk about MyNode Next. I'm not going to give you any kind of a deep dive on the product until I have time to really dig into the app, and I'll probably wait to do that until it's more in feature parity with MindNode Classic. I keep talking about the lack of features, but I haven't explained what's missing. The MindNode folks have created a great page where they document, using a mind map, what features are in MindNode Classic and how they're progressing on shipping those features.
[4:50]Let's talk about some of the new features and talk about what's missing. One of the biggest changes in MindNote Next is that it's no longer document-based. Rather, your documents are managed directly in the app and stored in iCloud. If you feel strongly about the ability to see your documents in Finder, this will not be a welcome change. The main reason I care about an app being document-based is to ensure portability of my data. If the import and export options are solid, I think I can live with it. I'd still prefer it be document-based, but like I said, I think I can live with it.
[5:21]I can say that in my limited first use of the app, iCloud syncing works really well. Changes on one device were visible nearly instantaneously on my other devices. With iThoughts being document-based, I was constantly finding conflicted versions of a mind map. So I'd have one version, then the same version, I'm sorry, I'd have one file, and then the same file name, and it would say conflicted, and I had no way to tell which one was the right one, and there was no way to tell what was different between the two. So maybe this is a good change. to have iCloud syncing instead. In the currently shipping version of MindNode Next, you can only import MindNode Classic files, plain text files, and Markdown files. On the planned section of the roadmap, you will be able to import OPML, RTF, TextBundle, TextPack, Freemind, S-Mind, MindJet MindManager, and my beloved iThoughts. I breathed a sigh of relief when I read that as import of iThoughts was one of my top criteria.
[6:19]Now, remember how I said I thought it was risky to come out with a new app when it wasn't quite baked? I suspect many people will declare MindNode next hot garbage due to its limited file import capabilities. I'm specifically trying to calm people down because I personally panicked when I saw it couldn't import iThoughts, and I immediately posted, I'm going to go look for a new mind mapping application. Don't be like me. Give them a minute to get more features implemented. Now, I said you can import plain text, markdown, and MyNode classic files, but in MyNode next, you'll be baffled as to how to accomplish that feat. You're not going to find file open or file import, no option like that in the menu bar. I wrote to my contact at MyNode, and they said, oh, you have to start from the finder. Select a file you want to import, right-click, choose open with, and then choose MyNode next.
[7:10]Okay, you need to tell us that though, right? Now, you can also drag the file onto the MyNodeNext icon if you keep it in the doc. I suggested perhaps a little hint about that. The app might reduce confusion and keep a few haters calmed down. Now, export's a lot easier. There's an obvious shero where you can export to MyNodeClassic file, PDF, SVG, image, markdown, or text. Now, SVG stands for Scalable Vector Graphic, which means these images can be resized without losing any quality. And that's super cool for a mind map especially say a giant complex one like the time I mapped all the iOS settings in what Donald Burr calls my mind map of doom. One of the problems I have with that is that I can't show it to anybody because if you had it printed out, I think I calculated if it was printed on 8.5 by 11 sideways landscape, it would be like 6 feet tall. So having it in SVG would mean you could zoom in and out anytime you want. So it's really cool that they do have that as export.
[8:08]Now, one of the biggest new features of MindNode Next is you'll be able to collaborate with others. I haven't been able to test this with anyone yet. If anybody out there is running MindNode and willing to take a look at MindNode Next, I'd really love it if you could let me know. Maybe we can just have a little play date where we do comparing notes on trying to collaborate and see how it works. I wouldn't probably let anybody play with most of the mind maps I do, but I can see it as a great way to brainstorm with someone on a topic since you're supposed to be able to see these changes real-time. Now, with MyNode Classic, they use a right sidebar to change things like fonts and the color or shape of a node. You can still do that with MyNodeNext, but they've added a new inline inspector that's, oh, I love this thing. It pops up whenever you select a node. In addition to the styling options, the inline inspector includes a fold button so you can quickly fold and unfold nodes beneath the currently selected node.
[9:02]Now, wait, there's more. According to the page where they document new features in each release, they say you can use Apple Image Playground to create images based on your node's content. They also say you can ask Siri about the content of your document and let Apple Intelligence summarize it. I haven't figured out how to do any of that yet, but remember, this is not a review of MyNodeNext. The bottom line is that I'm going to give the folks at MyNode a chance to succeed with this new version. I'll wait to judge MyNodeNext until it's a feature parity with MyNode Classic. Over the upcoming months, I'll be using MindNode Next in anger, as the Europeans say, putting it through its paces with my real work with mind maps, so stay tuned for a future review. I hope you keep an open mind about MindNode Next and give them some space to make it even better than MindNode Classic.
[9:49]
Making Tiny Mac Tips Easier to Find
[9:49]Music.
[9:58]Noticed by now that I've created quite a few Tiny Mac Tips posts over the last couple of years with the goal of helping people move from adequate users of the Mac to power users. I just ran a count and there are 53 tips posted so far and I have even more in the queue.
[10:13]Now as I finished Tiny Mac Tips 9 a few weeks ago and gave a second presentation to a Mac user group on some of the tips, I realized that improvements could be made to help people more easily navigate this body of work. Even when I wanted to find a tip myself, I had to refer back to my own Notion database of the tips to figure out which tip number had that particular tiny Mac tip. Now, how on earth could consumers of this content ever find the one they remembered hearing about? What if you wanted to send someone to my site for all of the tiny Mac tips? How would you do that? Before I explain the improvements, let's look at the evolution of the posts. I created the first tiny Mac tips post, not realizing this would take on a life of its own. It was pretty simple to navigate, with each heading being a new tip. But after I had a few more posts published, I thought maybe it would be handy to be able to jump between the posts. They're often separated in time of publishing by months. So without some assistance, it would be kind of hard to find them all. I decided to create links in the post to help you navigate. At the end of Tiny Mac Tips 1, I added a link to Tiny Mac Tips 2. In Tiny Mac Tips 2, up at the top, I put a link back to Tiny Mac Tips 1. Now that sounds silly when you only talk about two posts and they're self-referential. But now, no matter what Tiny Mac Tips post you're on, there are links to all of the previous posts at the top and a link at the bottom to the next one.
[11:34]That certainly helped. Then I got to thinking, what if you wanted to see all of the tips posted at once without opening every single one in a separate tab? To solve this, I created a category in WordPress called tiny-mac-tips, and I assigned all of the tiny mac tips posts to that category. Once a category exists, it's possible to navigate to a page that contains all posts in that category. This is how the blog posts and security bits and even the podcast pages exist. There's simply every item in one of those pages just has that category as its name, and that's how it ends up on that page. This also explains why you can see security bits on the security bits page and on the blog post page. I put them in both categories. It also explains why sometimes you can't find the most recent security bits post because sometimes I forget to check the box that adds it to the security bits category.
[12:28]I usually, somebody tells me that I forgot to do it, and I put it in there, and it's okay by the time you see it. I created the red buttons on the podfeed.com homepage so that you have an easy way to see these category-created pages. If I didn't, you'd have to remember a URL like podfeed.com slash blog slash category slash security dash bits. That's a lot of unnecessary glop for you to memorize, right? The buttons mean you don't have to worry your pretty little heads about it. I added a red button to my Tiny Mac Tips category on the homepage of PodFeed.com so you can get to it quite easily too. And in keeping with my everything good starts with PodFeed.com, I went to my web server again and created a redirect to that long, gloppy, and unmemorable URL. So now you can get to all of the tips by going to PodFeed.com slash Tiny Mac Tips. Right? Everything good starts with PodFeed.com. Now you can get to all of the tiny Mac tips by that simple URL, or you can use the red button to get to tiny Mac tips. And once you're inside any of the tiny Mac tips, you can navigate forward and backwards to all of the posts. But you know what? There were still opportunities for improvement.
[13:34]The next problem to be solved was improving how you would know which tips are in each post. Maybe you remember that I talked about how to use your iPhone as a scanner to the Mac, but you don't remember which post had that tip. As it stood, you'd have to navigate to every single tip post and read the entire post, or at least scroll through looking at all the headings to find the tip about scanning with the iPhone. Now, I toyed with the idea of putting shortened versions of the tip headings into the name of each post, but that got really ungainly with some of the ones that have a lot of little tips. I decided that it would be a big improvement if you had a little index at the top of each post, where you could not only see which tips were within the post, but you could also click on the tips to jump right to the heading for that tip.
[14:17]In HTML and sort of with Markdown, you can create a special kind of link that takes you to a different position within a document rather than linking to some other page source. I learned how to make these links ages ago, but I hate doing it because it's tedious. But because I love you all so much, I decided to take on the challenge. Regular HTML links start with ahref equals quote some URL, and it's in little angle brackets. You know, where some URL is where you want the person to go. These are called anchor links, hence starting with A, and the href means hyperlink reference. Next, you put in a link title, which is the text the viewer will see on the page. Links need to be closed, which for anchor tags means following them with the slash A. Putting it all together, there's a long thing, gloppy thing in the show notes. You can look at it if you want to.
[15:06]All right, that's great. But some URL takes you to another web page, not the new location on the same page. To stay on the same page, we need to use a jump link. It's pretty similar in formatting to a regular anchor link, but since you don't have a URL to send them to, you need another method to identify the location to which you want the link to jump. Since we want to identify that location, we give the location an ID, and then we link that ID as the hyperlink reference. So let's do it by example. In TinyMac Tips 9, one of the tips was about Quick Look. Right at the heading for the Quick Look tip, I created a jump link. So all it says is a space id equals quote quick look then slash a. Again I have to open and close that anchor link but I don't have to put anything in between the opening and closing. I'm just marking a location with an id so it can be an empty space if you want. Now that I have a place to go to with an id I can put a link at the top of tinymac tips 9 that's a link to that id.
[16:06]Now instead of using a url for the hyperlink I put the id I want to jump to with a hash mark in front of it to designate that this is an ID. As the link text, I chose to put the heading title so you'd know which one I was pointing to. I created a heading at the top of every TinyMac Tips post called Jump to Tips, and I placed all of the jump links right under it. Now at a glance, you can see what tips are in a particular post and jump directly to that specific tip. Now the only possible downside I see to this is that now the top of every tip page is getting pretty long with links because you have the jump to tip section followed by the links to the previous pages. I think it's going to be okay because you can always jump past the list of previous tip pages by using the jump links to get to specific tips.
[16:52]Now, I'm sure at least some of you are thinking, well, this is all well and good, Allison, but how do I figure out which post has a specific tip I'm looking for? Do I have to go to each tiny MacTips post and look at that fancy new index on each page? I'm glad you asked. I've been tracking my tiny MacTips using a Notion database, thanks to Jill from the Northwoods for teaching me how, and it lets me publish a web page of the data for you to see for easy reference. On the category page where you can see all the tiny MacTips posts, you'll see a link at the top to the table of tips with the post number and URL links to take you right to them. Now the bottom line is that the TinyMac tips have been a really well received and I'm pretty happy with the improvements I made for you to be able to find them. You've now got the button at the homepage, you've got an easy to remember URL with podfee.com slash tinymac tips, every page has links to the tips within it and previous and next tip pages, and you've even got a table to find the tip you're seeking.
[17:49]
Support the Show
[17:53]Well, this week's hero is Mike Brombarek, who used the shiny new podfee.com slash donate option to throw me a tip. He thanked me for my tutorial on how to print holiday address labels directly from Apple Contacts. These instructions are very old. I mean, the screenshots are still aqua, and yet the process works nearly the same as they did so very long ago. The only bummer is you can't word wrap in the name field anymore with Mac OS Sequoia, but other than that, it made Mike happy enough to donate. Thank you so much, Mike.
[18:23]
CCATP #803 Adam Engst on Obituary Scams Triggering iPhone Security Warnings
[18:22]Music.
[18:30]Well, it's that time of the week again. It's time for Chit Chat Across the Pond. This is episode number 803 for December 10th, 2024. And I'm your host, Alison Sheridan. And we're back with Adam Engst of Tidbits. How are you doing today, Adam? Fine, thank you. I've got a new microphone, so we've actually managed to play with something and have it work for once as opposed to all my old microphones, which were bugging the heck out of me. Well, I was going to ask you exactly how much have I cost you so far between buying a new mic, you've got a fancy new boom arm too, because you like to stand? I do. I do like to stand and I like to move. So, we're going to have to see if it actually works. What I need is actually the thing that wraps around my neck and kind of puts the microphone in front of me like that so I can... Get wild. Yeah. But I'll try. I'll try to stand still. You're feeling so restrained. Have I made you buy any software? I'm a high-energy person. No, no, I have all the software. Okay, that's good, that's good. Well, yeah, I don't think everybody knows in the background all the different mics that you tried. You had a Blue Snowball? Blue Yeti. I had a Blue Yeti first, and that just broke. Right. And then a Blue Snowball. And I actually have a Blue Snowflake, which was a tiny little snowball. And that didn't work so well.
[19:54]And then on your recommendation, I got this Audio Technica ATR something or other. ATR 2100 something or other, is what I recall. You know, I will say, when they called it a Blue Snowball or a Blue Yeti, you remember what the name is. That's true. If you called it an ATR 2100 XTR something or other, no one remembers. Well, actually, since that mic has been around for practically ever. So I do remember the name of it because it was one of my first mics and I've recommended it to others I've still got one of mine so I brought it in we did a bunch of experiments and we decided that that's why we kept going back to the AirPods though that the sound wasn't great but they were reliable they worked every time but now you're on a big boy microphone.
[20:41]Yes and the AirPods did keep working that was the problem is that they were continually functional And I have to say, I've been using the AirPods Pro more and more because of the noise cancelling. Okay. I've been to a couple of concerts where they were absolutely essential, and we were in a restaurant in Toronto recently, last weekend, which I have never been in a restaurant that was so loud. I actually took sound readings. Really? I have a decibel meter app on the phone, and it was averaging around 86 and was peaking to over 108, something like that. Was it like metal floors and ceilings or something? It was, I mean, it was very hard surfaces and, you know, it was a very weird kind of building where it was very tall. So, it was like three floors and fairly narrow and some big groups. And, man, it was just so freaking loud. And Tanya and I both put in the AirPods Pro and put them on noise cancelling, some level of noise cancelling, and tried to hear Tristan across the table. Did you end up doing the transparency mode, but with noise cancellation?
[21:52]Adaptive, actually. Okay. So, what I've sort of realized is the interface gives you transparency, adaptive, and noise cancellation. And adaptive then has its own settings separately, quite a ways away, in the interface where you can do less noise, default, or more noise. And what that basically means, what my testing showed me anyway, is that essentially then you get three adaptive settings plus the two. So it's basically five settings for how much noise cancellation you want.
[22:31]And so, yeah, and it made a difference. I mean, like, you know, you could put it on adaptive on more or less noise and really hear the difference in how much was getting through. And so it's kind of brilliant in that regard uh what we really wanted and i i could not figure out if there's such a thing even exists is wouldn't it be cool if like three people could have airpods in and just talk each other over them like make a little loop right right just like just in person like so everything else is being canceled um like no other sound is is is is getting it may just not work because of you're making your own noise and so you can kind of hear yourself, but who knows um it just seemed like something that should be possible yeah don't put it past i really wish the airpods pro would stand my ear they just ooze out fairly quickly so yeah enough to be annoying steve's it's just like he looks at a pair of head uh earbuds and they just go boink and pop out of his ears you know none of them fit in him well and then yeah the different Different tips made a big difference for us. Yeah, I tried different tips. I tried third-party tips. I tried everything I could find, and they just didn't work for me. But then we got the Beats Fit Pro that have that little phalange-y thing that kind of curls inside your ear, and that made the difference. So we both wear those. And they do noise cancellation, but they don't have any of the new tricky stuff, so not quite going. But that's not actually the subject of the day.
[23:58]No, it's not. Completely different topic. Last week on the show, Pat Dengler came on and told a story. She's an Apple consultant. She told a story of a neighbor who got scammed recently. And it was just this close to losing $30,000. It was a really horrible story. And Pat saved her just in time. But you got an email or something from a Tidbits reader within a slight panic, you said, about something that happened to them. And I thought your analysis of how you went through showing why this was not something that was terrible was really interesting. I thought maybe we could talk about that today. Yeah, yeah. So, I mean, I sort of, in some sense, I kind of hate to be writing about this stuff because, like, scams are kind of horrible. They're not fun in that regard. This one proved a little bit more so, but just to set some background, the reason why I'm kind of feeling a little scam-heavy right now is another person who's sort of somewhat connected today, but had gotten a copyright infringement scam where they were told that they were using some image without permission and they had to put a…, you know, put a... Knowledge letters? Attribution. Okay. Sorry. Lost the word. They had to attribute it and put a link in. Oh.
[25:23]And it used DMCA language and blah, blah, blah. And what was interesting about it was, is that, you know, this image probably was being used without permission. You know, it may have been from Pexels or one of the places that claims that all the images are licensed, but maybe not. But it was in some sense really easy, right? Because you could just, oh, I'll put the attribution on in the link, and this will all go away as a problem. Of course, what it is is, in fact, a scam to get SEO ranking improved for some scammy site that you're linking to from your legitimate site. Oh, that's genius. Yes. Right. And the email message that came with that was, in fact, really hard to identify as a scam because it came from a legitimate-sounding person at a legitimate-sounding law firm. It wasn't written badly. It sounded like lawyer speak, all those kinds of things. And so, that one required much more investigation of the actual lawyer and the law firm and things like that to prove that it was not true. How did your friend find this, figure out that it was a scam?
[26:34]Well, so I was actually doing it for her. But basically, among other things, we looked at the, you know, the State Bar Association, the address of the law firm was in Arizona. And we looked at the State Bar Association, no lawyer by that name, no law firm by that name. And when you looked up the address in Google Maps, which it was on the fourth floor, supposedly, you looked up the address and it's this, you know, one-story Adobe building. But what made you suspicious in the first place, though?
[27:07]Um, and this was where it was a little hard. One is, it was calling for all sorts of DMC, it was using the DMCA, was talking about the DMCA, oh, you're in violation of the DMCA, which stands for the Digital Millennium Copyright Act. And that's one of those blah, blah, blah, blah acronyms that people hear and just kind of panic. But in reality, all the DMCA can be used for is takedown notices. Oh. So if someone has your copyrighted stuff on their site, you can issue a DMC takedown notice, which has to have very specific language and all that sort of stuff, and they have to take it down.
[27:48]Or lawyers get involved very quickly. But it's only takedown. You can't use DMCA to ask for attribution or links or anything like that. How did you know that? Nor can you use the DMCA to basically require payment. So the other kind of copyright infringements, not really a scam, I mean, it's sort of a scam, but it's kind of real, is there's companies that go out and look for images that are being used without permission and then basically build the websites that have used them. And those are, it's sketchy, but it's not actually a scam. I mean, assuming that the image is in fact being used without permission. And assuming they own the rights to it. And they own the rights to it, yeah. I mean, so, you know, it does happen, you know, you know, again, often a lawyer can get that, get them to go away because often they're, they're trying, the scam part of it is they're often trying to charge too much or, you know, use all sorts of techniques that really are not quite legal. But, but nonetheless, it is a, it is real. I mean, there are companies that do this. Well, I think it's important to talk about these, to keep people alert to thinking about these things. And maybe you won't get hit with this one, but maybe you get hit with something else where it just makes you go, let me do a little bit of investigation before I freak out.
[29:08]So, the first thing that I did that actually, you know, in essence revealed that this one was a scam pretty quickly was I searched on more than just, like, the company name. Because, oh, and to be clear, the website, there was a full website for this law firm. Oh, really? With bios for all of the lawyers and, you know, lawyerly sounding pages and all that kind of stuff. You know, they had information about various things.
[29:36]Very simple kind of site to fake. these days yeah um and so on a very quick you know you clicked through you know like it all it all matched up like it looked real enough but if you did a little bit more searching one um what you found very quickly was this this company name and lawyer name had been used uh multiple times okay and other people had discovered it was a scam and written okay okay so if you searched on more than just like the name of the company or more than just the name of the lawyer if you like search on them together or you searched on the whole company's address all the search engines would then pick up the fact that this other people had written about this scam okay so so so so doing a little bit more detailed searching would get you that far on this one but then you know again what if you were the first person right and that's where i was like hey go to the state bar association and, you know, do a Google Maps search on the address. Does it look right? You know, could it? Because Google Maps tells you what businesses are at address. Right. Right. So, yeah. You know, and then there were businesses at the address they gave, but they were clearly not law firms. I wonder whether you could have looked it up in Dun & Bradstreet. That's one of the ways I look for, like, is a company maybe even a legitimate company, but are they a U.S. Company? You can see where they're located. Yeah.
[31:01]And the problem with this is, like, when you looked at the company name, it was something like, I don't know, Commonwealth Law Services or something like that. I forgot. Commonwealth Legal Services. It was such a generic name that you would find other firms with very similar sounding names in other places. So, again, you had to kind of look past the really simple stuff. And then, you know, when you look, again, once you'd realize that it was a scam, like all of, if you did, there's this wonderful, do you know about TinEye?
[31:31]T-I-N-E-Y-E? It's an image search engine. How do you spell it again? So you can feed… TinEye, like an eyeball, T-I-N-E-Y-E. And so, you can feed TinEye an image, and it will tell you where the image is located. You know, anywhere else on the web. It's a reverse image search engine. And so, I fed it the headshot of the lawyer. And all the results came back with file names of, like, generated.photos, basically showing that it was AI generated. You know, And so, if you do a legitimate search, it'll actually, you know, like, if you search on your picture or something like that, it'll probably find, you know, some legitimate things. So, you know, it's one of those things you can prove, like, this wasn't a real person. Wow. That's, you're really clever. But I like this because you're giving us more generic tools for figuring this out than this specific kind of a scam.
[32:30]And normally with phishing... They're not very well-written, and they're not very good. And the reason for that is somewhat intentional. They don't want people who are paying close attention and are super, you know, alert and all that. They want people who are like, oh, no, you know, like, I better do what this thing tells me, right? Right, right. Because once you start looking, it's always going to fall apart at some point. And so they actually would prefer to find people who are, like, if you're going to figure out the scam right away, they don't want to talk to you. They're just wasting their time at that point. Okay.
[33:14]So normal phishing is often like that. We'll get to the ones I talked about in this most recent article, too. But the other ones that I've been seeing a ton of recently are PayPal and DocuSign spam. Oh, I've heard of the DocuSign one. Yeah, I think Bart talked about it. The problems with both of them is they come from PayPal and DocuSign. Oh. So, they're real email. They're not fake email. They're not forged. But you can send an invoice, you can set up a PayPal account, apparently very easily, I guess, I don't know. I mean, they're doing it. And then you can send someone an invoice. Okay. And, you know, if you're someone like me and you get an invoice from, you know, Mac Store or, you know, Apple Store or something like that, you know, you look twice at it because I do buy stuff from Apple, you know. I might have bought some stuff too. That's funny.
[34:10]Just, you know, every now and then you buy something from Apple. And so, the point being, though, that the only thing that is quote-unquote wrong with these is that you're being billed for something that is completely fake. Right, right. But they have semi-real names, and it's PayPal's true invoice message. It's being sent through PayPal. So, you actually, and PayPal even has a link, report this as a scam. And you can click the link. And if you're the first person, you know, then it will thank you for reporting it. If you're not the first person, you will get a message saying this invoice is no longer available because it was paid. Okay, so, and you send that to PayPal or to DocuSign or whoever? Well, that's following the link. I'm not sure about DocuSign. With PayPal, there's also an address, phishing, P-H-I-S-C-H-I-N-G, phishing at paypal.com. And I always forward all these things to PayPal as well. Probably not. Because I figure it's just a little bit. I don't think there's a C in phishing, but. Yeah, P-H-I-S-H. There we go. Yeah. Yeah, yeah. It's not the F-phish, it's the P-H-phish. Right, right.
[35:28]Okay, so. So, that's the other one. It just keeps going. Yeah. So, let's switch gears and talk about the one that you got from a tidbits reader. The one that just happened, right. The one that I'm like, oh my gosh, this is turning into a trend. So, this one, the tidbits reader in question is older, he's retired, and like those of us who are getting on there, we know more and more people who have died. So, obituaries become a little bit more common for something that we might look at.
[36:02]And he was searching, I think, for a neighbor who had died, obituary. I think the guy might have been named Chris Gamble, to judge from the search results. And so, he finds, you know, Chris Gamble obituaries on his iPhone, and he taps one, And he immediately starts, his iPhone kind of blows up with these, like, you know, your iPhone has been infected. You know, quick tap this to get a cleaner app or, you know, use a VPN for protection, that kind of thing. And he just freaks, basically. And that's when he contacted me because he was like, you know, what is going on here? Actually, I take it back. It wasn't when he contacted me. um about 10 minutes later he gets email from one password legitimate totally legitimate email which he confirms with uh with one password support basically saying that one pass you know that a device has logged into your one password account oh geez and this is too close in in in time right and so he's he's really worried that oh my gosh they just told me my iphone was hacked and now I've got a 1Password someone logged into my 1Password account, and 1Password support was very good and they told him that well it is a legitimate message the 1Password thing is not fake in any way.
[37:28]But that was when he contacted me you said he closed Safari immediately after seeing these pop-ups so at first he was like okay that's probably not real but then the other thing happens and he's thinking well wait a minute what's going on here, And what I don't know, and I'm not sure he remembers, I mean, he was moving quickly, et cetera, et cetera, is how he closed Safari.
[37:50]So, if you force quit Safari and then bring it back up for any reason, it's conceivable that that could trigger the 1Password message because it sort of has to reconnect to the 1Password site. The 1Password extension does, is the theory. And there's a number of other things that can kind of do this, too. Like, if you change your IP number or change networks, you know, you've got a new IP number, and suddenly one password's like, ah, I'm not sure this is a good idea. I need to reconnect. I'm going to do reconnect, but then send the message saying that I did this. But doing that doesn't always trigger that message, just sometimes. No, it doesn't always do it.
[38:37]It's, you know, when I looked into it, you know, like, there's a collection of five or six things that can trigger that message, but they do not generally. It's more that if you've gotten one of those messages and didn't do something yourself, that's probably why. Okay, okay. But it's not a common thing for people to have this message show up spuriously. All right. So, that was just a coincidence, but, oh, you also looked into the IP. Coincidence, yeah, coincidence, but certainly related. But so, yeah, the first thing was it said, you know, 1Password said, hey, you know, your 1Password extension at this IP address just connected. Okay. And so the first thing I had him check is there's a website called whatsmyip.com.
[39:22]And it's just a very quick and easy way to figure out what other sites on the internet see your IP address as. Right, right. Because remember, your IP address is usually going to be the IP of your router. Not what your Mac says. So, it's not usually helpful to look it up and try to look it up on your Mac. So, you want a website to say, you know, this is what I'm seeing coming from you. So, by the way, that's a very memorable URL, and that's awesome. But I prefer IP chicken. It's the same thing. It's got a chicken on it.
[40:00]It's hard to go wrong. Exactly. I must admit. Chicken's never wrong. Okay. so you were able to match up uh he saw that ip address from what's my ip.com the same ip address so if it's coming from within the house well well yeah so that's the problem right so on the one hand good news it's not you know someone out on the internet who's who's hacked into your o1 password right like that is good news because if it was not coming from within the house then you've got bigger problems because someone really has got your password um but so yeah right Right, it's coming from the house, but of course, that'll be the same IP address for his Mac and for his iPhone and for everything, because it's, again, probably his router that's actually producing the IP address that's being reported. So that was thing one. So I'm like, okay, well, good news that it's not someone out on the internet, you know, that's hacked in, but bad news that, okay, like, conceivable, is it conceivable that someone hasn't, you know, that some malware, because obviously not you as a person, that some malware has somehow managed to hack into your 1Password account and trigger this message.
[41:08]And that's where you know nothing is impossible like you know cannot a hundred percent guarantee that this did not happen however um the way one password works is you have an account password and that's your your kind of your bastard password and that's what you know like if you you know you if you have to you know enter your password after you've restarted your mac for instance. You'll have to enter that account password. But when you set up a new device, you have a secret key as well. Right. And the secret key is not quite random because it actually has some stuff at the beginning that I know that's always the same or identifies in different ways. And then it's got a whole bunch of random stuff. Right. And so what 1Password does to make its encryption key is it combines your account password, which you've selected and you've made, with this random secret key. And that's one of the big distinctions between 1Password and LastPass, at least around the time that LastPass was getting hacked every couple of minutes. Yeah, I was going to say, who knows what LastPass does anymore? Because I and everyone else I know immediately got off. Exactly, exactly. But that was one of the extra layers of security. Even if your 1Password got compromised, they have to have the secret key to mash together with it.
[42:29]Precisely. And that secret key is a pretty, you know, it's a pretty long set of digits and numbers and things like that, you know, letters and characters. So that really does massively increase the security. So the secret key is in fact stored locally. That's how, you know, once you've entered it, you don't have to enter it again on a device. So, again, it is 99.999999% sure that 1Password was not compromised. But I cannot 100% guarantee it because it's, you know, the information is all present in the right place at the right time. It's just that, oh boy, would Apple's overall security have to be compromised for this to, and your device's overall security would have to be compromised for this to become a real problem. Right, right.
[43:22]And so, like, if you're, you know, a retired guy in, you know, the Bay Area, you're probably not a high enough value target for anyone who might have that level of tech. Yeah. You know, that's the, you know, we're going after, you know, we're a repressive government and we want to get the leader of the opposition. Right. You know, that's the kind of tech you use on those people.
[43:50]The exploits that you get to use once because once it's used, Apple will figure it out and block it from then out. So they wouldn't waste that on me, for example. Not a chance. Yeah, I mean, you know, it's funny because there is this sort of, you know, it used to be saying back in the old days, people used to say, oh, I'm not that interesting. You know, no one would ever bother hacking me. Well, that's true at the very high level now. Right. No one's going to waste one of those million-dollar exploits. Right. I mean, basically, if you find one, if you're a security researcher and you find one of these things, if you're ethically challenged, yeah, you can sell it for a million dollars. Yeah. You know, there are people that will pay that pretty happily. And, I mean, that's why Apple actually and most other companies pay bug bounties, security bounties. Because, I mean, they're not going to pay a million, but they want to make sure that, you know, people are like, well, geez, you know, I can get a million or I can get nothing. Millions looking pretty good. Apple does pay, yeah, millions looking pretty good. But nonetheless, the...
[45:00]I was going with this. But most security problems are now automated, right? They're bots, they're script kitties, you know, it's stuff that you don't actually, you're not targeted personally. And so, yeah, you are interesting enough to be targeted by a bot. And so that's why, you know, that's why we all get phishing attacks all the time and spam and things like that, because it's easy. Why wouldn't you spread off this, you know, spread this, this, you know, phishing attack, you know, across a few million people, because you only need to get one for it to be worth doing to a million people. And part has been explained to us that there's now basically malware as a service. So you don't have to write your own malware. You just, you just buy some. So let's switch gears and talk about the, the obituary site he was on. What did you learn about that?
[45:52]Yeah, so that was really kind of interesting. So, well, first of all, it was just a sloppily built WordPress site. I have a little Chrome extension called BuiltWith, which reveals what technology is behind the site. Oh, really? Okay. Yeah, yeah, it's kind of neat. And because all these sites have to, you know, they have to, you know, just in what they do, what they promote, you can usually get Telltale stuff. So, Built With is kind of fun to look. And it was more that I was just trying to see how real was this site. And it was pretty clearly not real. I mean, it was a simple WordPress site that had been spun up on November 13th because all the posts were dated November 13th. And they were undoubtedly AI written obituaries because a number of them said, you know, so-and-so passed away, insert date here. Okay.
[46:48]But those are going to get better. And the one that – well, in some sense, they're fine already because, I mean, obituaries are of style. Like, they all sound the same. Like, I didn't – I mean, I could have read any one of these except for the insert date here and not thought twice about it. Okay. You know, they kind of went on, frankly. Like, okay, we get it. Respected member of the community, moving along. Survived by –, Yes. And so, in the particular one that my friend found, it was actually a very easy giveaway because the title was, you know, Chris Gamble passed away. And then, I don't know, as soon as you got into the body of it, it was a guy named Alex Brodsky. So, you know, it didn't even manage to match up the title and the title on the body in that one. But, you know, there were others on the site that were properly matched.
[47:42]And the other slight giveaway there was, you know, they had ads for gambling sites. Nice, nice. So, I mean, it was pretty clearly a scam site. But that wasn't the interesting part, because that one really was, you could figure out, oh, this is fake pretty quickly. What was interesting was, is if you went to it from an iPhone, and only an iPhone, if you didn't hit on a computer, it didn't trigger all this stuff, then all of these pop-ups would start appearing. You know, like where it would redirect you to another page that would, you know, have like, you know, 44 viruses found, you know, and show up something, pop up with things like, you know, clean them or something. And then when you, my friend, as I said, my friend panicked at that point, but I'm fairly comfortable that Apple, iOS is not vulnerable to this, any kind of, you know, malware that's going to exist on these kind of sites. Right. You know, that you can do, you can display stuff, but you can't actually do anything to iOS. IOS is too good for that. Again, if you have the exploit that can break iOS, especially by visiting a site, you're selling it for a million dollars. You're not using it on obituaries. On a poorly written WordPress site for obituaries. Yep. Yep. Not wasting the silver bullet on those.
[49:04]So, I just basically kept going to this site repeatedly until I'd collected, I don't know, like nine different examples of these alerts. I'm noticing, so he's got screenshots in his wonderfully written article, and every one of them looks different. They're not the same alert each time. Some of them have the system settings logo in them. Some are just badly drawn. Some of them look like a classic alert.
[49:35]It's really interesting that they're so different. And this is the same website over and over again? Or different websites? Yep. those are well they have different urls um so so it's it's a it's different websites but it's all triggered from the same source obituary site so basically you go to the source obituary site and when it detects you're on iphone it redirects oh to one of these other sites oh wow um.
[50:04]And, and then if you tap one of their, you know, like basically you tap anything more or less because they'll put up dialogue saying allow or cancel or, you know, whatever they're doing, you know, whatever the makes sense for this particular alert, whatever you tap, it will take you to the app store and load a VPN app or some kind of system cleaner app or something promising to protect you from bad stuff on the iPhone. And these are real apps. Well yeah are they real apps what do those real apps do did you install any of them so so as i said i'm foolhardy enough to to load malicious websites i'm not foolhardy enough to load malicious apps um because once you've once you've a lot i mean an app obviously in theory can't do much because it's been sandboxed or whatever but you know vpn apps install profiles profiles yeah.
[51:00]It's like i'm i'm not going there i was trying to think could i do it with an old iphone that i'm logged out of icloud but you can't you can't install something from the app store without being logged into an icloud account you you need a full test test count yeah and again like i don't i i don't i just play i just do this on tv i'm not i'm not a real security expert so you you put screenshots of uh some of the apps that came up in visigard vpn purely cleaner vpn lumos i'm I'm wondering, you know, some of these have, well, I guess they're in the low tens of reviews.
[51:35]So reviews can be purchased so that doesn't right um and so yeah i mean like there's 13 000.
[51:44]There's whole swaths of sites uh products on amazon which have just you know vast amounts of reviews because i just purchased reviews so um what was interesting is some of the one or two of the apps was very very new like it was like i don't know 1.0 version 1.0.1 others have been around for years and the problem is is i don't know i mean like i don't know if they're i mean they obviously must do enough to have gotten past apple's basic vetting right and so i doubt they're you know like in hugely problematic um in that regard because apple they went got past apple um and i can't quite i couldn't i went through the app review guidelines and i couldn't quite determine if it's against apple's guidelines to to promote your app with with spam oh like how you got there right like you can't do anything like that within apple's world but but but i'm not i couldn't quite like there's some wording in there that suggests you you can't you know do anything fraudulent to to um direct people to the app but again i you know and and these companies if they're real companies, could just say, well, we don't know. I have no idea how our link got into that scam, you know? Right, right.
[53:10]So that's why I didn't automatically say, you know, these are evil apps that you should be very careful about. Yeah, I get a sketchy, ick feeling looking at them, though.
[53:23]Don't you? Don't you? I mean, they are not, like, these are not, you know, companies you've ever heard of or, you know, anything else. And many of these, like, there's not a lot you can clean on the iPhone. So, like, the concept of a cleaner app. Yeah, I find it odd to believe that that would be allowed on iOS. Yeah. So, interestingly, you cannot report apps using the App Store unless you've purchased them.
[53:59]So, I actually am still trying to figure out how to get this. I have, quote-unquote, reported it, but I'm trying to figure out a better way to say, I think these apps are scams. You know, look at them again. And because the, you know, the automated method just won't work for me unless I'm willing to download them, which I prefer not to even clutter my history with them, put it that way. Right, right. Right. Plus, you know, like, and I'm working through the basic, you know, a really simple form where I, you know, like, I want to say, look, no, here's the background of why I think these things are scams. Not like I'm going to click, you know, report a problem. And, you know, I think it's fraudulent and then not be able to say anything in detail. I'm looking at Purely Cleaner, only has one rating, but it's got four stars for that one rating. But what they promise to do is allow you to see things like duplicate photos and duplicate videos. And that's something you can do with apps from the App Store. I've got one that does that. Let's you see a bunch of images and you can pick which one's the one you want to keep. But it also has merged duplicate contacts, and I don't remember being allowed to do that with anything.
[55:15]Might be if you can request, I mean, like busy contacts and the like would request access to your contacts, and it can do that. From iOS? Or is that Mac OS? Not for sure, but I wouldn't be entirely surprised. But I don't think that's a Mac App Store app, is it? Once you have read-write access, once you have read-write access, yeah, there's an iOS app, I think. Okay, okay. um so card hop certainly from fantastic the fantastic flexibits people right um but if you can read and you can write you can probably merge so i you know like it will probably have to ask for all those permissions but that would seem you know you would probably grant them if you got this app okay oh yeah card hop is in the app store okay huh yeah so you know the question is though, like is it somehow exfiltrating all this data you know you know yes you've given me access to all your contacts now i have all your contacts i'm going to send that off to my my server in some some you know backwater country right right new uh new people to scam so what do you see as the lessons to take away from all of this i mean you did a lot of digging that people wouldn't go that far.
[56:24]I mean, I think the, well, a big one is be careful of obituary sites, unfortunately, because, well, even legitimate ones, a lot of people have the same names, right? You search on, you know, a name, obituary, you're going to find a lot of people on a totally legitimate site, you know, legacy.com or whatever. So, you know, pay a little bit of attention to make sure you're on a legitimate site if you're looking at obituaries, because it's awfully easy to fake those. And Glenn, when he was, Glenn Fleischman was editing my article, he was pointing out that there's actually, you know, whole lots of scams, you know, which don't require the same, you know, even, you know, even faking them. So, you know, it's just, you know, be careful when reading obituaries. And people are often not necessarily in the best state of mind. I'm wondering whether you don't have to put the adjective obituary in front of sites. Be careful of sites.
[57:23]Boy it does seem that way these days so so that's thing one um thing two is.
[57:32]It's pretty unlikely that any website is going to be able to cause problems on an iphone or an ipad right you know apple security is pretty darn good and and and they're i mean and partly they're constantly improving it that's why we have all these stupid updates to install all the time right um the last you know they were just you know 18.1.1 was for two zero day vulnerabilities in javascript and webkit so you know like those were those were bad website bugs so you know so always keep stay up to date um with the security updates they really are important and um and but that said if you do end up in one of these sites just you know close the tab don't you know you You don't have to interact with it in any way. You know, it can't do anything to you, so you don't have to be scared by it. You can just go, ah, another one of those. And then you tap the tab button, and you tap the X, and the tab goes away, and it's not a problem. Okay.
[58:31]So, you know, I'm a big fan of Hitchhiker's Guide to the Galaxy because, you know, don't panic is really good advice. Well, and that is one of the things that they feed on is that panic, right? With the example of Pat's friend where it's that urgency that they give you. If they're giving you an overwhelming amount of urgency that's making you super anxious, you should do everything possible to reverse that in your head and go, hang on, why is that urgent?
[59:03]Yeah, yeah. Well, and also, I mean, to get back to that copyright infringement one, that completely freaks people out because you're being hit with a lawyer letter, right? You know, nothing ever good comes out of letters from lawyers.
[59:19]Um and so you know so that you know it's the same trigger that that fight or flight you know response and so you know i think the the bigger picture story is you know be aware that a lot of things are going to try to do this to you and of course it doesn't help that social media wants to do this in general right you know social media wants engagement and the best way to get engagement is to have things that make you crazy. So, you know, I mean, general advice is always avoid social media like the plague that it is. But, you know, it's the same physiological response that all the social media sites are trying to trigger that is what's causing these scams to be as effective as they are in some respects. Right, right. I feel inadequate that I did so little when my mother-in-law called and said, but Allison, there's something weird on my screen. Can I share my screen with you? And I looked at it and I was like, okay, I'm looking at this. It's got a red X in the upper right, not a red dot in the upper left. So Apple things are always red dots. As soon as you see a red X in the upper right, you know that's not for you. And she goes, oh, okay. And she closed it and I said, okay, moving on. Good job. But I didn't go any further than that. I was just like, yep, she's fine.
[1:00:39]Well and and part of the way i've gotten into these um is that one people are really falling for them you know and actually you know in both of these cases the copyright infringement one um the paypal docusign invoice stuff um you know this obituary these were real people who are not dumb right like this is you know these this is not a this is not made up or super newbies who couldn't possibly have figured this out you know because people who don't know computers, nope no not at all um you know the uh you know so so they they are real and like even after i posted the obituary one i've gotten a couple of notes saying yes my wife just got this the other day wow you know you know thank you thank you for you know kind of resetting us you know you know of explaining what's going on here because we just saw this. Yeah. And so, it is out there. And, you know, and again, like, I don't want to just be writing about this nonstop, but I'm always intrigued when there's a new type. Oh, right. And so, it's like, oh, well, that's an interesting way to scam people. Like, clever, clever scammers. Too bad you're, you know, slime balls because that's kind of clever. Yeah, Bert and I talk about that often where you're like, man, I kind of respect him for thinking of this. That's crazy, but okay, still hate you, but...
[1:02:03]Yeah, right. Precisely. You're still a scumbag. Right, right. You know, so, yeah. And, you know, and again, you know, I do feel that people who are older, I know a number of friends, you know, getting into their, you know, 70s and early 80s and stuff like that, and they're just not doing as well at identifying this stuff anymore.
[1:02:29]And, you know, as I said, it's the particular people I'm thinking of, and, you know, I don't know how to do anything more other than just try to get the information out there so that hopefully it triggers when they run into one of these things as opposed to them having to call me each time it does. Yeah, I do think that one of the big values of doing this out to, like, in my case, this is a nerd community who's going to be listening to this is not just to protect themselves, that is going to be an aspect of it, but to really preach that when your friend, relative, school teacher, whatever, calls you and says, I see this thing, treat them with as much respect and honor as you can for having them called you and make them feel good. Like, wow, that's amazing. You caught, that's great. Thank you for checking in with me. Not, oh, you idiot. You know, I can't believe you were going to fall for this. You know, we can't ever do that. No, no, no. And not at all, because this stuff isn't easy. And it's going to get you and me eventually.
[1:03:35]Oh, yeah. No, I mean, I've only once, the closest I've ever come was, I had a friend of mine who passed away.
[1:03:50]And the right afterwards, like that, oh, no, it was like, oh, no, I'm sorry. It was a friend passed away, and then a woman who was his boss, her account was hacked and used to send spam of some sort, I forget exactly, which I would never normally have in any way fallen for. I mean, I didn't do anything particular, but I read it, and I was like, uh-oh. You know, I almost replied and everything. But basically, because it was, again, so coincident in time that this guy had just died, and his boss, who I also knew, you know, was sending mail that, you know, somehow made me want to go do this thing. And it really was like the, oh my gosh, I almost fell for that. You know, like, I was that close. Because it just pushed all the buttons. And so it doesn't take much, and people are moving faster than ever, not reading carefully. And, you know, it's easy to miss these things. I think we should close this out with Bart's tagline, which is, stay patched so you stay secure.
[1:05:06]Yep, it is absolutely true. Those security patches, they make a difference. And the problem is it's hard to say when because you'll never know. You just won't have a problem. Well, thanks for coming on and giving us the investigatory methods that you've been using, too, because I think as we learn more about these, we need to have more tools in our tool belt to be able to figure it out. I never would have thought of looking at the Bar Association, for example.
[1:05:32]And one thing I will actually also just mention as another quick thing to try, not that you should necessarily trust it implicitly and everything, but the AI chatbots are actually interesting ways to feed these things. Because you can feed them an entire message and say, is this legitimate? Oh, and it might give you some links to something that helps you investigate further? Well, not so much. I mean, the links, if it's using perplexity, for instance, which is more of a real search engine, chat GPT is sort of notorious for doing bad links. It's more just that if what they're good at, right, is saying stuff like this. Oh, okay. Right, right. And so if stuff like this is like all of these other dubious things, they'll probably say nicely, you might want to look into this more deeply. You know, things like this have been used for scams in the past. And so it's just one new tool that we have. And when I pasted the copyright infringement stuff in, yeah, ChatGPT was like, yeah, all over. That's probably a scam. That's probably an LLM superpower, right? Have you seen this pattern of words? Why, yes, I have. That's what I do.
[1:06:56]Yeah. So that's, so that's the one sort of new thing. And I, you know, I, I didn't, I don't quite want to, you know, you know, I don't want to say you should absolutely trust everything they say, because of course, they're LLMs, they get stuff wrong. But as a just yet another data point in all of this, you know, and it can be, it can be an easy one, right? Like, you can literally just copy, paste. Is this real? No. Okay, thank you. You know, and then if you need more backup, you can. Most of the time, we don't need more. The only time we care is when you're being like me and you want to like, well, is that lawyer a real lawyer? Is that firm a real firm? Are they on the fourth floor? No, I don't think so.
[1:07:37]Sounds like you had fun with that. Well, thanks again for coming on and telling us all about it, Adam. You're welcome. Nice to be here. Well, that's going to wind us up for this week. Did you know you can email me at allison at podfeet.com anytime you like. If you have questions or suggestions, just send it on over. Hey, we haven't had any dumb questions in a long time. I'm sure you have some dumb questions. We have dumb question music even, but we haven't had any. So send some out over. Those are fun to work with. Remember, everything good starts with podfee.com. You can follow me on Mastodon at podfee.com slash Mastodon. If you want to listen to the podcast on YouTube, you can go to podfee.com slash YouTube. Want to find those tiny Mac tips? podfee.com slash tiny Mac tips. If you want to join in the conversation, you can join our Slack community at podfee.com slash Slack. And there you can talk to me and all of the other lovely NoCillaCast ways in there. You can support the show at podfee.com slash Patreon or with a one-time donation at podfee.com slash donate like Mike. You can use Apple Pay or any credit card while you're there. Or you can use podfee.com slash PayPal. And if you want to join in the fun of the live show, wait until December 29th and then head on over to podfee.com slash live on Sunday nights at 5 p.m. Pacific time.
[1:08:46]Music.