Welcome back! After our week off for Labor Day, we have an abundance of articles for you, starting with the announcement of Apple’s “Wonderlust” event on 12 September 2023—watch it with us in SlackBITS. Apple updated all its core operating systems to block a vulnerability exploited by the Pegasus spyware and explained why it pulled back from scanning iCloud Photos for CSAM. Mozilla reports that modern cars are privacy nightmares. Adam Engst summarizes our last two Do You Use It? polls to share reader recommendations for iPhone weather apps. (Spoiler: Apple’s Weather app is the most popular, but many people use several apps, and everyone seems to miss Dark Sky.) Julio Ojeda-Zapata rejoins us with a photo essay chronicling his efforts in photographing a multi-day bike tour with his iPhone, backed up by other tech he couldn’t resist packing. Finally, this week’s poll asks iPhone 14 Pro owners if they use the ballyhooed Always-On display. Notable Mac app releases this week include just Carbon Copy Cloner 6.1.7.
In keeping with its traditional schedule for iPhone and Apple Watch releases, Apple has announced an event for 12 September 2023 at 10 AM (Pacific Time). You can stream it from Apple’s website or on your Apple TV, and Apple makes it easy to add it to your calendar.
Apple is being its usual cagey self, with invitations to the press including the teaser word “Wonderlust.” The event will almost certainly herald the release of the iPhone 15 lineup, along with the Apple Watch Series 9 and perhaps an Apple Watch Ultra 2. If past performance is any indication, you’ll be able to place pre-orders on Friday, September 15, and receive them a week later on September 22. Release dates for at least iOS 17 and watchOS 10 will also likely be announced.
There have been plenty of rumors surrounding the next iPhone and Apple Watch models, but if you ignore them, you won’t be disappointed by those that turn out to be fiction or intentional misinformation (see “TidBITS Doesn’t Cover Rumors. Here’s Why,” 17 May 2023).
Security updates for Apple’s core operating systems address two zero-click vulnerabilities actively being exploited to deliver the NSO Group’s Pegasus spyware. Kudos to The Citizen Lab at the University of Toronto for identifying and reporting them to Apple. In the first vulnerability, processing a maliciously crafted image could lead to arbitrary code execution; it affects macOS, iOS, and iPadOS. In the second, the Wallet app could allow arbitrary code execution when processing a maliciously crafted attachment; only the current versions of iOS, iPadOS, and watchOS are at risk. Apple doesn’t list any other changes in these updates:
- macOS Ventura 13.5.2
- macOS Monterey 12.6.9
- macOS Big Sur 11.7.10
- iOS 16.6.1 and iPadOS 16.6.1
- iOS 15.7.9 and iPadOS 15.7.9
- watchOS 9.6.2
Although these vulnerabilities are severe, it’s improbable that normal Apple users would be targeted by a hostile government intelligence agency using Pegasus. (If you are concerned about being targeted by a nation-state, mash that Update button as fast as you can. And enable Lockdown Mode.) Nonetheless, I still recommend that everyone update soon because these zero-click vulnerabilities don’t require any user interaction to take over the device. They could theoretically be weaponized in spam email or text messages by online criminals as well.
It’s too bad Apple didn’t address these vulnerabilities with Rapid Security Response updates that are faster to install and easily reverted. The need for the initial watchOS update and subsequent coverage in older operating systems may be why, given that Rapid Security Responses are possible only for the current versions of macOS, iOS, and iPadOS (see “What Are Rapid Security Responses and Why Are They Important?” 2 May 2023).
Apple initially didn’t indicate whether these image and Wallet vulnerabilities would also affect older versions of its operating systems, but as I expected, Apple released updates to Monterey, Big Sur, and iOS and iPadOS 15 a few days later. Nonetheless, given that Citizen Lab reported the vulnerabilities to Apple only a week or so ago, it’s still an impressive turnaround time.
Two years ago, Apple first announced a photo-scanning technology aimed at detecting CSAM—child sexual abuse material—and then, after receiving widespread criticism, put those plans on hold. Read “Apple Delays CSAM Detection Launch” (3 September 2021) for our last article, which links to the rest of our coverage. In December 2022, Apple told Wired that those plans were dead, something I missed at the time, but gave no indication of why it was shelving its proposal.
Now, in response to a child safety group, Apple has explained its reasoning, with the company’s director of User Privacy and Child Safety Erik Neuenschwander writing:
We decided to not proceed with the proposal for a hybrid client-server approach to CSAM detection for iCloud Photos from a few years ago, for a number of good reasons. After having consulted extensively with child safety advocates, human rights organizations, privacy and security technologists, and academics, and having considered scanning technology from virtually every angle, we concluded it was not practically possible to implement without ultimately imperiling the security and privacy of our users.
Wired’s article includes a PDF of Neuenschwander’s letter, which says Apple came to believe that scanning photos uploaded to iCloud Photos could potentially create new attack vectors, trigger a slippery slope of unintended consequences, and sweep innocent parties into “dystopian dragnets.” In this regard, Apple’s messaging now lines up with its resistance to legislative proposals that seek back doors into end-to-end-encrypted messaging technologies.
It’s important to realize that although Apple speaks with a single voice when it makes public announcements, there are many voices within the company. Given Apple’s uncharacteristically hamfisted job with the CSAM announcement, I suspect there was significant internal contention surrounding the CSAM proposal, especially given that fighting the horror of child sexual abuse and protecting user privacy are both highly laudable goals. But once criticism hit a certain level, those troubled by the possibility of scanning photos in iCloud Photos opening doors to digital thieves and government intelligence agencies gained ascendance in the debate.
Neuenschwander said Apple is focusing its efforts on its Communication Safety technology:
Communication Safety is designed to intervene and offer helpful resources to children when they receive or attempt to send messages that contain nudity. The goal is to disrupt grooming of children by making it harder for predators to normalize this behavior.
In its next major operating system releases, Apple is expanding Communication Safety to cover video and photos, turning the feature on by default for all child accounts, and integrating it into AirDrop, the Photo picker, FaceTime video messages, and Contact Posters in the Phone app. Plus, Apple has opened the Communication Safety API up to independent developers so they can build such capabilities into other communication apps.
Car makers have been bragging about their cars being “computers on wheels” for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants’ privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.
All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.
These findings fall into the category of “I had no idea, but I guess I’m not surprised.” Mozilla concluded that car companies are terrible about privacy because they collect too much personal data, share or sell collected data, give drivers little to no control over their data, and don’t publish useful security details, such as whether all that data is encrypted at rest. Nor are they good at protecting what they collect—Honda, Mercedes-Benz, Nissan, Toyota, and Volkswagen have suffered breaches affecting millions of drivers.
Sensitive personal information, including driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information.
At least the source of those particular data types is “Direct contact with users”—your Nissan Leaf isn’t detecting backseat nookie. But between today’s sensor- and camera-laden vehicles and their accompanying apps, carmakers can hoover up a vast amount of information about how you drive. Along with geolocation data, Hyundai says it may collect:
driving data about the operation of a Vehicle, such as speed, acceleration and braking data; direction of travel; trip data (mileage, date, length, conditions); ignition events; steering events; cruise control data; seatbelt status; information about Vehicle incidents or events; other information about how you drive a Vehicle; as well as associated date/time stamps for such information.
What remains unknown is just how real the privacy risks are. Just because carmakers craft their privacy policies to say they can collect data about your tooth enamel doesn’t mean they’re doing it or sharing the details with fly-by-night dentists. However, even if nothing is actually happening now, it’s still troubling that carmakers are giving themselves legal cover for whatever they decide to do in the future.
Mozilla’s reports on each carmaker offer suggestions for reducing the impact of this data collection, but there’s not much you can do and little difference between manufacturers. Perhaps signing Mozilla’s petition and helping to spread the word can embarrass some of these companies into doing better.
Tonya and I pay a lot of attention to the weather because of the time we spend running, biking, and participating in other outdoor activities that require planning ahead. I’ve always wondered if we are unusual and normal people aren’t nearly as involved. Who knows about “normal people,” but I do have the ability to ask TidBITS readers, so I prepared a pair of polls.
The first poll asked how people checked the weather on their iPhones, offering the choice of Apple’s default Weather app, a third-party app, or a non-iPhone approach. I was gratified to see that only 2% of respondents didn’t use their iPhones for weather info—at least Tonya and I aren’t outliers among TidBITS readers. The poll also asked respondents to share what third-party apps they used.
After I’d collected and tallied enough suggestions, I built the second poll, which let respondents vote for multiple apps. I kept Apple’s Weather app in the mix because quite a few people reported using it alongside other apps, but the first poll allowed only one answer. This time, Apple’s Weather garnered 75% of the votes, implying that lots of people use it to supplement whatever other app they use.
After that, the top apps were Weather Underground, with 25% of the votes, CARROT Weather with 19%, The Weather Channel with 18%, AccuWeather with 15%, WeatherBug with 13%, and Windy and MyRadar, both with 11%. No other apps drew more than 5% of the votes, which is not to say that there’s anything wrong with them, just that they’re less commonly used by TidBITS readers. Links to all the rest are in the poll itself.
The elephant in the room in any discussion of iPhone weather apps is Dark Sky. Over 10% of the comments lamented the loss of Dark Sky following Apple’s acquisition (see “Dark Sky Fading; iOS 16’s Weather Brightens,” 19 September 2022). TidBITS readers liked Dark Sky a lot, and many feel that Apple’s Weather still lacks the features and interface niceties they appreciated in Dark Sky. Sad, but apart from sending feedback to Apple, there’s nothing to be done about it.
I was astonished at the variety of ways people acquire weather information, and even my second poll fell short in documenting them because I focused on general-purpose weather apps that function anywhere. Once I started to drill into the hundreds of suggestions, I found they clumped into four categories:
- Location-specific apps: Weather is local to each of us, and many people rely on country-specific apps, often those published by national weather offices.
- Focused weather apps: What aspects of the weather you care about varies, and readers recommended apps for astronomers, sailors, and pilots. Plus, millions of people have become far more interested in air quality over the past few months of widespread wildfire smoke, and while most weather apps report on air quality, plenty of people prefer specific apps.
- Weather station apps: A handful of respondents said the apps they preferred were those that reported on data gathered by their personal weather stations.
- Websites: Although apps tailor their interfaces to the iPhone screen and interaction model, some respondents said they prefer particular websites for the quality of their data.
Let’s dive in.
TidBITS readers hail from around the world, so it shouldn’t be surprising that they recommended numerous apps primarily of interest to iPhone users in particular countries. Australians particularly liked their local apps, but the app I regret not including in the second poll is Yr, published by the Norwegian Meteorological Institute. When I built the poll, I thought it was limited to Europe, but it also offers weather information and forecasts for other parts of the world. Many people spoke glowingly about it, with one person suggesting it was worthwhile partly because its European global weather model has a finer resolution and is better at large-scale weather patterns. Recommended apps by country are as follows, and note that many may work for nearby countries as well.
- Australia: BOM Weather (Australia’s official app), Oz Weather Plus, Rain Parrot, WillyWeather
- Belgium: KMI-IRM
- Canada: WeatherCAN
- France: Météo-France
- Ireland: Met Éireann Weather Ireland
- Italy: iLMeteo
- Netherlands: Buienradar, Het Weer in Nederland, WeerPlaza
- New Zealand: MetService
- Norway: Yr
- Sweden: Blixtvakt (lightning), SMHI Väder
- United Kingdom: BBC Weather, Met Office Weather Forecast, XCWeather
Focused Weather Apps
While everyone needs a general weather app, those with particular professions or hobbies often turn to focused weather apps.
- Astronomy: Astrospheric, Clear Outside
- Aviation: ForeFlight Mobile EFB
- Sailing: NVS Explorer (iPad), SailFlow, Tide Graph, WindAlert, Windy
Plus, there are weather apps that focus on just a specific aspect of the weather, such as air quality or lightning strikes. Some of these duplicate entries above.
- Air quality: EPA AIRNow, IQAir AirVisual, Local Haze, Paku for PurpleAir
- Lightning: Blixtvakt (Sweden), My Lightning Tracker Pro, WeatherBug
- Storms/Hurricanes: Hurricane Tracker, RadarScope, Storm Radar, Yr
- Tides: NVS Explorer (iPad), Tide Graph
- Wind: PredictWind, SailFlow, WindAlert, Windy
Personal Weather Stations and Apps
Unsurprisingly, some TidBITS readers are so involved in the weather that they run their own personal weather stations.
- Ambient Weather Smart Weather Station
- Davis Professional Weather Stations
- Netatmo Smart Home Weather Station
- Tempest Weather System
A few people also mentioned that they prefer using weather apps that display data from a multitude of personal weather stations.
As good and convenient as iPhone apps are, many poll respondents still prefer to use websites on their Macs. Weather sites can often provide more expansive views of data and maps, and specialized sites offer information that no one has yet encapsulated in an app.
- Air Sports Net Aviation Weather Report and Forecast
- Aviation Weather Center
- AWEKAS (aggregates personal weather stations)
- Citizen Weather Observer Program
- DeepZoom (tides)
- Fog Today (San Francisco Bay Area fog)
- Forecast Advisor (rankings of weather services)
- Merry Sky
- Météo France (France)
- National Hurricane Center
- PWSWeather (aggregates personal weather stations)
- Storm Prediction Center
- Tenki.jp (Japan)
- The Weather Channel
- Weather Underground
- US National Weather Service
Phew! I hope all these suggestions give you ideas for enhancing your awareness of your local weather conditions.
About four years ago, at the pinnacle of my bicycling prowess, I embarked on the longest ride of my life—a 4-day, 250-mile tour of central Minnesota with my pal Chris and about 300 other riders.
Painstakingly mapped out over the preceding months by Bicycling Around Minnesota (BAM), the 2019 trek was an exhilaratingly eccentric tour of rural and small-town America. Attractions along the route included Sinclair Lewis’s boyhood home, the MaxBat baseball bat factory, the Hemker Park & Zoo, the 1800s-vintage Forest City Stockade, the Darwin Twine Ball Museum, and, adjacent to the Lake Wobegon Trail in Collegeville, my St. John’s University alma mater with its Brutalist-style, visible-for-miles Abbey Church.
I took hundreds of photos with my iPhone Xs Max, repeatedly whipping it out of my jersey pocket to capture the sights. As an iPhone photographer, I border on the obsessive, and these were priceless opportunities.
But the BAM ride left me unsatisfied in another sense. I had wanted to capture the cycling action too, but I couldn’t do that safely while in motion, and I had limited time on rest breaks. Chris and I had a schedule to keep; I was a rider first and a photographer second.
A lot has happened to me since that ride: a blood infection soon after BAM that nearly did me in, COVID-19 restrictions that took BAM and other cycling events off my calendar, and a cycling-related concussion a year ago that triggered all manner of horrific symptoms and prompted me to set my riding aside for now (see “Using Smart Speakers While Temporarily Blind,” 10 April 2023). As a result, I have recently felt unmoored and in need of excitement and purpose.
BAM came to my rescue last month. Chris had proposed I join the group’s first post-COVID ride in a non-cyclist capacity, so I volunteered to be the event’s semi-official photographer. Here, at last, was my chance to capture every facet of a BAM ride. And I would do it all with an iPhone—I haven’t owned an interchangeable-lens camera since the days of 35mm film.
I have snapped hundreds of thousands of iPhone shots since the device’s 2007 launch, but never in a role approximating that of a professional. I am no such pro, but impersonating one for a few days was a gas—and I got some pretty nice shots. I’ll let you decide whether they approach pro quality.
From the iPhone perspective, BAM is inconveniently timed, with current models on the verge of being displaced. Shortly after BAM 2023, Apple announced its “Wonderlust” media event for 12 September 2023, and the Internet is awash with rumors of new camera features like a “periscope lens” with a 5x, 6x, or even 10x optical zoom for the larger of the Pro models.
On this trip, I wasn’t exactly slumming it with my iPhone 14 Pro, though. And I had other tech along, including the recently released 15-inch MacBook Air. More on its utility in a bit, along with the tale of a road mishap just miles from BAM’s finish line that added some final excitement.
As we had done in 2019, in August, Chris and I journeyed in his beloved Mini Cooper to the BAM starting point. This year, the ride began and ended in Lanesboro with overnights in Rushford, La Crescent, and Houston, which are part of Minnesota’s gorgeous bluff country. Chris turned the Mini Cooper over to me for use on my photo rounds while he went on the ride. I would spend the next four days excitedly manual-shifting through the hilly land while glancing at the Ride with GPS bicycling app to keep pace with the pack of riders.
I kept my photo routine simple. Given my desire to shoot, edit, and post to BAM’s Facebook page quickly while on the move, I decided I would focus on still images. Perhaps I’ll dabble with slo-mo video next year.
I became a fixture by the side of roads, awkwardly crouching on the pavement or adjacent gravel or grass while aiming my iPhone at the oncoming riders. I wanted to get them at a slightly upward-pointing angle with an occasional bit of tilt.
The 3x optical zoom quickly became my new best friend, though it’s typically my least-used of the three iPhone Pro lenses. It just wasn’t possible to get close enough to fill the frame with riders without the zoom, and I wouldn’t turn up my nose at a 6x zoom if Apple were to add such a lens to the next iPhone.
Over and over, I’d channel Wayne Gretzky and aim my iPhone at the empty road just ahead of where cyclists would soon be, so they’d slide into my iPhone display. Sarah and Abhi enhanced the scene below by playfully pausing their pedaling and holding their poses.
One foggy morning, I pointed my iPhone across the road with the sun on the opposite side so riders would zoom in and out of view. I sought silhouettes and caught some good ones.
Another morning, I played up the weird clouds.
Camping at the overnight locales is half the BAM fun. Here’s that fog and the weird sky again.
Attractions along the way included Amish crafts and baked goods, fine wine at a vineyard on the Mississippi, a water-powered flour mill, and trailside sinkholes in Fountain, which bills itself as the Sinkhole Capital of the US (I can’t imagine there’s much competition). My favorite attraction shots are of Chris clowning around at a state-run fishery in Peterson and of young royals at a Spring Grove Soda Pop open house.
Essential Tech for the Roving iPhone Photographer
I’m notorious in my family for packing far more tech gear for a trip than I need, and this one was no exception—but it’s better to be over-equipped than at a loss in a pinch, am I right? Here’s a rundown of my critical kit.
15-inch MacBook Air
I debated whether to stay lean and forgo a laptop on the trip. The iPhone is as powerful as many computers, and it seems to be all the kids need these days to become social media influencers. Besides, I’d have a backup phone on the trip—an Android-based Samsung Galaxy S21—so a notebook seemed like tech overkill, not to mention a physical burden.
But I happened to have a 15-inch MacBook Air on loan from Apple, and I couldn’t resist. The MacBook Air’s portability seduced me. This M2 model, released in June 2023 as the big brother to the 13-inch MacBook Air, may seem excessively large for a camping trip—but those are just the X and Y axes. It’s crazy thin at 0.45 inches (1.15 cm), barely thicker than the 13-inch model, and only a bit heavier at 3.3 pounds (1.51 kg).
The Mac ended up going everywhere with me on the trip, tucked into my backpack, and I barely knew it was there. My iPhone got by far the most use during the day as I shot and posted batches of pictures to BAM’s Facebook page. But I’d stop the Mini Cooper now and then to unfold my camping chair and plop down in the shade for a bit of picture triaging.
I also pulled it out in the evenings after a meal and a visit to the shower trailer. Those were my moments of greatest happiness on the trip, luxuriating in the MacBook Air’s generously sized screen for powering through tasks that would have taken two or three times as long on a cramped iPhone display. The Apple silicon-powered machine stayed cool and quiet.
I would have regretted not packing the MacBook Air.
Backup Cellular Plan
I was wise to worry about cellular connectivity on the trip. US carriers have come a long way in bathing the hinterlands with high-speed bandwidth, but I still found myself in numerous dead spots during my travels.
As a precaution, I set myself up with a backup mobile plan at no cost. That’s a cinch since some cellular providers offer test drives with varying durations and data allocations. They install effortlessly on an iPhone via its eSIM capability.
T-Mobile was my first choice because its test drive lasts for a whopping 3 months or 30 GB of data, whichever comes first, but I could not get the eSIM installation to work, possibly because I tested T-Mobile in the past.
I ended up with the Verizon-powered Visible, which provides a 15-day test drive with what it says is unlimited data. I didn’t use the account enough to test that claim, but it did work nicely when my regular AT&T service didn’t provide coverage.
You can install additional eSIM accounts in a dormant state. I loaded Mint Mobile and Google Fi for double and triple backup but used neither. The Mint trial is ridiculously stingy at 7 days and 250 MB of data. Google Fi’s 7-day trial is unlimited (though throttled after 10 GB of data use), but its iPhone setup is absurdly fussy, and I never got around to finishing it.
EGO Nexus Power Station
Chris’s eyes bugged out when he saw what I wanted to pack for portable power. The EGO Nexus Power Station is a massive device requiring two handles to lug around. It sports four USB-A ports and three AC outlets, and gets its power from removable battery packs that slide into four slots on the side when you’re not using them to power EGO-branded lawnmowers, snow blowers, and other tools.
A screen on the Nexus Power Station was supposed to tell me how many hours of power I had left, but it never displayed the same number twice, with estimates jumping between 30 and 80 hours. That did not matter, however, because Chris and I got more than enough juice to charge our phones, portable battery packs, his bicycle computer, my Mac, and more multiple times throughout the trip. We could have recharged the battery packs by plugging the Nexus Power Station into a wall outlet, but that was never necessary.
I initially intended to haul the Nexus Power Station into my tent at night instead of leaving it in the Mini Cooper, fearing the device would get stolen. But it was such a hassle that I abandoned the plan after the first night.
The four-battery Nexus Power Station costs $1299, but you may find it overkill, as I did, and EGO seems to be phasing that model out. EGO also sells a two-pack model for $999. I probably could have gotten by with one of EGO’s smaller, more affordable inverters that work off a single power pack.
Adobe Photoshop Generative Fill
I never dreamed that the phrase “artificial intelligence” would appear in this article, but a kind of AI used for photo editing solved a thorny problem for me.
Remember the young royals? Here is how the photo of them originally looked. The woman in the yellow shirt spoils the shot.
Photo-editing tools such as Google’s Magic Eraser exist to excise unwanted elements from images, but all those I tried spoiled the picture further. Enter my TidBITS colleague Jeff Carlson, a photography expert who has dabbled with a pro-level tool called Generative Fill built into recent Photoshop betas.
Based on Firefly AI tech, Generative Fill gets its name from its scary-smart ability to conjure up imagery that is added to pictures. That can be as simple as extending a field or a forest beyond the borders of the original photograph or as wacky as placing a singing bison onto a Venetian gondola (hat tip to Jeff for the example).
You usually make or adjust images with text prompts describing what you’d like to see—the cloud-based AI tool generates the image based on what it has learned about similar scenes.
However, no text prompts were required in this case. Generative Fill flawlessly removed the pesky woman in two takes—upper torso first, and then her legs from under the table—and then seamlessly filled in what it believed the background should look like. Jeff explains:
I grabbed the Lasso tool, drew a round selection around the person in yellow, clicked the Generative Fill button in the floating toolbar that appears, then clicked the Generate button without typing anything into the field that would normally specify what you want to appear. With nothing in the field, it assumes you just want to remove whatever is selected.
I was about 15 miles from the BAM finish line when, for about the 30th time, I pulled to the side of the road for rider shots.
This time, the Mini Cooper’s front right tire sank into an invisible patch of soft soil. No amount of revving and reversing got the car to move. Worse, it started to tilt sideways, and its back-left wheel rose off the pavement. Fearing the Mini would roll down the embankment, I had to exit frantically… and curse minutes later for forgetting to seize my iPhone. At least I had the Samsung phone in my pocket—this photo is the only time I used it on the trip.
A couple of my BAM colleagues enlisted a farmer with a tractor, but he was reluctant to pull on the front or the back of the Mini Cooper for fear of damaging body panels.
We finally summoned a tow truck driver who—in a maneuver I’d never seen—attached soft hooks to the front-left and back-left wheel axles and then slowly winched the car sideways to safety. It turns out I did shoot some iPhone video on this trip.