This isn’t about periscopes or mouthwash—when it comes to searching, a scope is the area in which a search takes place. When you use the Search field in a Finder window to look for files and folders, you have the choice of two scopes: This Mac or the current folder. You can always switch the scope after starting the search by clicking the other choice near the top of the window, but it’s easier to set the default search scope in Finder > Preferences > Advanced so it’s set right to start. From the “When performing a search” pop-up menu, choose Search This Mac to search across all indexed drives, Search the Current Folder to limit the search to the folder showing when you start the search, or Use the Previous Search Scope. Most of the time, if you have any idea where the item you’re looking for might be, selecting an enclosing folder and then searching within it is the best approach.
Apple recently released iOS 13.5, incorporating a new Exposure Notification API in response to the global COVID-19 pandemic. We’ve seen a few people freaking out about this, but seriously, calm down, folks. At best, the Exposure Notification API could lower contact tracing costs, reduce the spread of COVID-19, prevent life-changing health consequences, and save lives. At worst, it won’t prove particularly effective. In neither case does it pose any threat to personal privacy.
Why have Apple and Google—two companies that normally compete tooth and nail—formed this unprecedented partnership? Contact tracing is one of the key techniques employed by public health authorities in slowing the spread of COVID-19. It involves gathering information from an infected person about those they’ve been in contact with, enabling authorities to learn who might have been the source of the infection and who they may have infected. It’s a slow, laborious, and error-prone process—do you know or even remember all the people you’ve come in contact with over the past few weeks?—but it’s helpful nonetheless.
To speed up this process and make it more accurate, Apple and Google are building exposure notification capabilities into their respective smartphone operating systems. A large percentage of the population carries a smartphone running either iOS or Android, and since these phones have the capability to detect when other phones are in their vicinity via Bluetooth, Apple and Google realized they could use technology to alert people when they had been exposed to a person who later tests positive for COVID-19.
Their solution comes in two phases. In the first phase, Apple and Google are releasing the Exposure Notification API, and that’s what just happened with iOS 13.5. This API, or application programming interface, allows apps written by public health authorities to work across both iOS and Android devices, something that’s never been possible before. The first key fact to understand is that only public health authorities will be allowed to write apps that leverage the Exposure Notification API. It cannot be incorporated into sketchy social media apps.
Unfortunately, it seems likely that many people will never learn about or download those apps. So in the second phase, Apple and Google will build the exposure notification technology directly into iOS and Android, so it can work without a public health authority app being installed.
The second key fact to understand is the entire system is opt-in. You must explicitly consent to the terms and conditions of the program before it becomes active on your phone. That’s true whether you get an app in the first phase or rely on the integration in the second phase. And, of course, if you change your mind, you can always turn it off in the app or the operating system settings.
How does it work? Apple and Google have developed an ingenious approach that ensures that those who opt-in to the technology can use it without worrying about privacy violations.
Your phone creates a Bluetooth beacon with a unique ID derived from a randomly generated diagnosis encryption key. The system generates a fresh diagnosis key every 24 hours and stores it on your phone for 14 days, deleting all older keys. Plus, the unique Bluetooth beacon ID that your phone broadcasts to other phones in your vicinity changes every 15 minutes. Similarly, your phone reads the unique IDs from nearby phones and stores them locally. This approach ensures privacy in three important ways:
- No personal information is shared. The ID is based on a random encryption key and changes constantly, so there’s no way it could be traced back to your phone, much less to you personally.
- No location information is stored. The only data that’s generated and transferred between the phones are these unique IDs. The system does not record or share location information, and Apple and Google have said they won’t approve any public health authority app that uses this system and also records location separately.
- No data is uploaded unless you test positive. As long as you remain uninfected by COVID-19, no data from your phone is uploaded to the Apple- and Google-controlled servers.
What happens if you test positive for COVID-19? (Sorry!) In that case, you would need to use a public health authority app to report your test results. You’ll likely have to enter a code or other piece of information to validate the diagnosis—a requirement necessary to prevent fake reporting.
When the app confirms your diagnosis, it triggers your phone to upload up to the last 14 days of diagnosis encryption keys—remember, these are just the keys from which the IDs are derived, not the IDs themselves—to the servers. Fewer days might be uploaded depending on when the exposure could have occurred.
All the phones enrolled in the system constantly download these diagnosis keys from devices of infected people. Then they perform cryptographic operations to see if those keys match any of the locally stored Bluetooth IDs captured during the period covered by the key. If there’s a match, that means you were in proximity to an infected person, and the system generates a notification with information about the day the exposure happened, how long it lasted, and the Bluetooth signal strength (which can indicate how close you were). A public health authority app will provide detailed instructions on how to proceed; if someone doesn’t have the app yet, the smartphone operating system will explain how to get it. Additional privacy protections are built into these steps:
- No one is forced to report a positive diagnosis. Just as you have to opt-in to the proximity ID sharing, you must explicitly choose to share your positive diagnosis. Not sharing puts others, including your loved ones, at risk, but that’s your decision to make.
- Shared diagnosis keys cannot identify you. The information that your phone uploads in the case of a positive diagnosis is limited to—at most—14 encryption keys. Those keys, which are then shared with others’ phones, contain no personal or location information.
- The matching process takes place only on users’ phones. Since the diagnosis keys and the derived IDs only meet on individual phones, there’s no way Apple, Google, or any government agency could match them up to establish a relationship.
- The notification information is too general to identify individuals. In most cases, there will be no way to connect an exposure notification back to an individual. Obviously, if you were in contact with only one or two people on a relevant day, that’s less true, but in such a situation, they’re likely known to you anyway.
Finally, Apple and Google have said they’ll disable the exposure notification system on a regional basis when it is no longer needed.
We apologize if that sounds complicated. It is, and necessarily so, because Apple and Google have put a tremendous amount of thought and technical and cryptographic experience into developing this exposure notification system. They are the preeminent technology companies on the planet, and their knowledge, skills, and expertise are as good as it gets. A simpler system—and, unfortunately, we’ll probably see plenty of other apps that won’t be as well designed—would likely have loopholes or could be exploited in unanticipated ways.
You can read more about the system from Apple and Google, including a FAQ and the technical specifications.
Our take? We’ll be installing the necessary app and participating in this exposure notification system. It’s the least we can do to help keep our loved ones and others in our communities safe. In a pandemic, we all have to work to help others.
If you’ve resisted requiring a password on your Mac after it wakes up or comes out of the screen saver because it’s too much work to enter repeatedly, an Apple Watch can make authentication much easier. In previous versions of macOS, just wearing an unlocked Apple Watch is enough to enter your Mac’s password; in Catalina, the Apple Watch can also enter your password when prompted by apps. First, make sure your Apple Watch has a passcode (in Watch > Passcode), is on your wrist, and is unlocked. Then, in System Preferences > Security & Privacy > General, select “Use your Apple Watch to unlock apps and your Mac.” From then on, most of the time your Mac or an app wants your password, your Apple Watch will provide it automatically. (This feature requires that the Mac dates from mid-2013 or later, that all devices use the same iCloud account, and that the Apple ID uses two-factor authentication instead of two-step verification.)
Whenever Apple releases hot new hardware, it’s tempting to order the latest and greatest and then put your old Mac or iPhone up for sale on a classifieds site like Craigslist. If you do that, be cautious about potential buyers—it’s increasingly common for a scammer to request that you ship them the device and then to “pay” you by forging payment email from PayPal or using a stolen PayPal account (whose owner will likely get PayPal to take the money back from you). Instead, insist on an in-person meeting in a public place and payment in cash or via a digital method like Apple Pay Cash or Venmo that can’t be canceled once you accept the money. Or, if the location and payment amount (under $1000) work, meet in a nearby post office and request payment via money order (US or Canada) that you can verify on the spot. Craigslist has more advice.
Do you have a document that you open regularly, perhaps from your Desktop? If you’d like to make it stand out from other documents, why not give it a custom icon? This was common practice on the Mac back in the day, and it’s still possible in modern versions of macOS. Go to Google Images and search for “searchTerm icon” to see what images are available. (It’s fine to use any graphic for one-time personal use; if you’re planning to distribute the file or publish the icon in any way, make sure to read and honor any licensing requirements.) Download an image you like (Control-click it and look for a Save Image command), open it in Preview (where you can delete any background or crop as desired), press Command-A for Select All, and Command-C to copy the image. Then select the icon for the file you want to customize, press Command-I to open its Get Info window, click the current icon in the upper-left corner (it gets a faint highlight outline), and press Command-V to paste.
Have you wondered what you can do with the Wallet app on your iPhone? Although it started out life called Passbook, Apple soon realized that the only sensible name was Wallet. That’s because it stores digital versions of roughly the same sort of things you might put in a physical wallet: credit and debit cards, store cards, membership cards, and even cash (well, Apple Pay Cash, anyway).
Nearly all airlines can put your boarding passes in Wallet, too, and if you buy something like a concert ticket online, you may be able to add it to Wallet by tapping the “Add to Apple Wallet” button in the confirmation page or email. Having a boarding pass or ticket, which Apple calls a pass, in Wallet makes it easy to scan for a gate attendant.
Here’s how to use cards and passes in Wallet.
Display Your Cards and Passes
The main Wallet screen shows your cards and passes in a scrollable list, with credit/debit cards at the top. (If you’ve set up Apple Pay Cash, it’s treated as a debit card.)
To view more details about a card or pass, tap it.
In the case of a credit/debit card, you see the face of the card and a list of its recent Apple Pay transactions.
For boarding passes for multi-flight trips, you see a single pass in the main list, but after you tap it, you can swipe horizontally to display the pass for each leg of the trip.
Membership cards, such as the ChargePoint card, may work like credit/debit cards in that you need to hold them near a reader to sign in.
In each case, to access settings related to the card or pass, tap the black ••• button at the upper right.
Adding and Using Credit and Debit Cards
Adding a credit/debit card so it can work with Apple Pay starts with tapping the black + button at the upper right of the Wallet screen. From there, follow the prompts—you can scan your card with the camera instead of keying in the data.
If you add more than one card, you’ll want to specify which should be the default for Apple Pay. Go to Settings > Wallet & Apple Pay. Scroll down to Transaction Defaults, and tap Default Card. Tap the desired card. In Wallet, the default card appears with its full face showing, below your other credit/debit cards.
To pay for a purchase with a stored credit/debit card at a payment terminal, put your iPhone right next to the terminal. The iPhone may automatically prompt you to authenticate Apple Pay, but if not, double-click the Home button or, with the iPhone X, XR, XS, or XS Max, double-click the side button. Wallet displays your default card. To authenticate, rest your finger on the Home button or, with the iPhone X models, authenticate with Face ID. To use a non-default card, tap the card pile at the bottom of the screen and then tap the desired card.
Adding and Using Airplane Boarding Passes and Event Tickets
For flights, when you check in and get boarding passes using the airline’s iPhone app, you’ll be given the opportunity to tap an Add to Apple Wallet button. Do that and the boarding pass appears in Wallet, which will also display a notification for it on the Lock screen in the hours before your flight. When you need to show the boarding pass to security or the gate attendant, tap that notification to display the boarding pass with its QR code.
For events, the ticket-seller may display the Add to Apple Wallet button on the confirmation page of the checkout process or attach the tickets to your email receipt. In the latter case, open the message in Mail and tap the attachment to open it, and then tap Add to put it into Wallet. Later, when you arrive at the venue, open Wallet and display the ticket—again with a QR code—to gain entry.
Deleting Cards and Passes
Although you may want to keep some digital tickets for nostalgic reasons, it’s best to clean out old items:
- To delete a credit/debit card, tap the card to view it and then tap the black ••• button. Scroll down and tap Remove This Card.
- To remove a pass, go to the bottom of the main Wallet screen and tap Edit Passes. Tap the red delete button for that item, tap the next Delete or Delete All button, and then tap Done at the upper right.
Using Wallet makes it easier to keep your physical wallet slimmer. It can take a few minutes to add your cards and passes initially, but it’s worth the effort.