On either your phone or your Mac, please go into Settings > [your name] > Family Sharing, and click on Recommended for Your Family. In there, make sure to set up Recovery Contacts and Legacy Contacts. In case of the worst, it’s so important for your loved ones to be able to get into your accounts.
Tell your friends, tell your neighbors. And similarly please make sure you and everyone have this set up on your Google accounts: https://myaccount.google.com/inactive
From: Instagram
Date: Nov 3, 2025
Subject: Updating how Meta personalizes experiencesOn December 16, 2025, we’re making changes…
Personalizing your experiences
We’ll start using your interactions with AIs to personalize your experiences and ads.
What this means
Personalizing your experiences includes suggesting content like posts that you may find interesting and reels to watch. It also includes showing ads that are more relevant to you.
Thanks,
Meta Privacy
Not like we didn’t know, but also thanks for letting us know, and also no thanks on the whole thing. “It’s my head, Schwartz!”
A client writes:
I just received an email from myself with a fraudulent QR code containing a link that’s clearly a scam. But it looks like it actually came from my email, and other people are listed as recipients. What should I do?
Sadly, it’s not difficult to make email appear on the surface as being from any given address. Harder to make that more than surface-level, requiring a true hacking of an account. Since you and I have worked together, we have pretty well covered the bases to set the chance of that happening to you dang close to zero.
In other words, and to answer the question of what you should do now: Ignore it, stay vigilant, and keep using those strong passwords and two-factor authentication, preferably with a password manager. (I got a blog post about those, and the TL;DR there is that, for iPhone users, Apple Passwords is free, and great even if you have a PC. And 1Password [affiliate link] is fantastic if you want something more robust.)
All that said, to get more forensic about it, you can look at the source code of the original. In Apple Mail on the Mac, go to View menu > Message > Raw Source.
I know it looks like the matrix, and I don’t pretend to read it like prose myself. But see below for an example of part of the source code from a legitimate message, one of the sections you can look for where you can see your domain and terms like “dkim” and “dmarc” matched with “pass”, which indicates my email service (Google) asking your email service (also Google), “Hey, is this legit from yourdomain.com like it purports to be?” and getting a couple different “Yes”’s in response.
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=yourdomain.com header.s=google header.b=Ssjl9RVC;
spf=pass (google.com: domain of xxx@yourdomain.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=xxx@yourdomain.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yourdomain.com;
dara=pass header.i=@mydomain.com
If you look in there and something doesn’t pass a sniff test, let me know!
In the past six months I’ve received two letters from local health facilities telling me that they’ve been hacked. One office suggested we victims use a company called IDX in case of identity theft. I have Googled IDX, but I do not like that they use cookies. I’m also wary about handing over my social security number. What do you think?
I sure appreciate your vigilance and suspicion! I don’t know if you clicked on the reviews for IDX when you searched for the company, but they indicate pretty clearly that you should steer clear. I’m not asserting that all such companies aren’t worth their salt, but at least a few of IDX’s customers are displeased.
The businesses you are hearing from are under obligation to make some kind of remedial suggestion to you, though I wish they had stricter obligation to maintain tight security in the first place.
What they should be doing is telling you to place credit freezes at the three major bureaus, and to change your major passwords to all be different if they aren’t already. Also use multi-factor authentication on every account that allows.
Sigh.
Your instinct guided you correctly, and keep trusting your gut. If anything on the internet smells even a little fishy, it almost certainly is entirely fishy. That said, you should know that nearly every single website you visit employs cookies. Of a nature it can be a useful technology, for example, letting a web app remember how I had logged into it and displaying my most recent choices on that app. You are not wrong, however, that cookies are also used for purposes more convenient to the site owner than to me, in gathering information about me to sell to data brokers.
The GDPR law passed by the EU in 2016 requires that websites that use cookies must display a choice screen if they want to operate in the EU. I think the spirit is right, though the implementation has proven annoying: rather than use different policies for visitors from different locations, the sites show those choice screens to the globe. So perfectly legitimate, nice, well-meaning, or beneficial websites might show you that they use cookies and let you turn different categories of cookies.
Finally, while I support your care in handing your social security number to just anyone, that number is flowing like water all over the internet, and the credit freezing and password security are our primary, if not only, defenses against identity theft.
Ronan Farrow tells people to restart their phone every day.
“DNSFilter has found that one in every 644 clicks on unsubscribe links that say ‘click here to unsubscribe’ leads users to potentially malicious websites” – From “Think Twice Before You Click ‘Unsubscribe’” in The Wall Street Journal
Good gravy, I have seen so much misguided fear mongering lately. Like, there’s stuff to be legitimately concerned and vigilant about, but in so many ways that comes down to:
The WSJ article isn’t wrong, but they should start it with, “You should absolutely be ready to hit “unsubscribe” on any email you know to be legitimate, which are from legitimate entities that just want to tell you something you might actually wanna know or to sell you something you might actually like. and those entities don’t want to run afoul of the federal CAN-SPAM act, which requires they have an unsubscribe link.” And then talk about the 1-in-644 statistic.
But yeah, if you’re someone who just clicks on every damn thing you see on the Internet, your email inbox probably looks pretty horrorshow anyway, so good luck to ya.
Meanwhile, about restarting your phone every day: That’s insane, or at least irresponsible guidance. It is very unlikely to help if you actually have spyware installed. And Farrow doesn’t highlight how hard it is to get spyware on a phone, almost certainly requiring a targeted attack on an individual, spending time tricking them into installing it.
Instead, Farrow should be talking about passwords and multi-factor authentication, but that doesn’t fit into a soundbite nearly as well as saying that people should be more “freaked out.” They should be vigilant and thoughtful.
Rant over.
I updated my MacBook Pro, and now Excel and Word are locked up, telling me I need to subscribe for $100/year. I can’t remember when I bought Microsoft Office. What are my options? Buy the suite, or switch to Google Docs, or what? Are there other options? I tend to feel averse to subscription-model software.
If you can’t remember when you got it and/or your updated computer can’t run the version you have — and if you indeed need to run Office rather than use Google Docs or the excellent open-source OpenOffice — you should prepare to pay Microsoft something.
And if you really don’t need anything but the basics, no extra storage on OneDrive or any new feature Microsoft rolls out, then what you pay should probably be $140 for this one-time license.
I don’t perceive you need any of the more business-y or organizational tools like OneDrive, but if you do, that’s when you pay the subscription. I understand anyone’s reluctance to do so, but truly it is the appropriate model for to keep software that we value in existence.
Just a bit of zeitgeist pasted from a conversation…
…Another well worth mentioning is Perplexity. Their pitch is that it’s built for research, the immediate upshot of which is that the results are organized to lead to your likely next questions. The main features are: 1. it actively searches the web as well as generating from LLM’s, and 2. included are links to real web pages supporting the output.
Again with the controversy and likely copyright infringements, but the tools are incontrovertibly useful, astonishingly so. Even the stuff in Apple’s latest “Intelligence” feature set has some nice quick “please capitalize and punctuate this nonsense so I don’t have to” abilities that I use. I don’t yet pay for any subscriptions, only the backend API’s. I am able to get most of what I want for free, although I have considered paying for Anthropic’s Claude mostly just to see what it will do, choosing that one for the reasons we discussed.
I also run a couple of large language models locally on my Mac both for fun and when I don’t want the material out in the world.
One comparative point I wanted to highlight: While these are all, for so many purposes, interchangeable, they each have their moments in the sun. And in this moment, Google happens to have just released a new model that has received praise, and they are offering 2.5 Pro to all accounts both free and paid as “experimental.” This dropdown menu gives you a good idea of how the different models might be used:
To me it’s a sign of how young this technology is that we have to think about which tool is right for the job.
I have to acknowledge here and now how little I like the term “AI” in this context — and for different reasons the movie of that name that Kubrick pawned off on Spielberg — and wish Apple could have kept using “machine learning.” It does not help that now the companies are bandying about “AGI” (“G” for “general”) to represent Kurzweil’s singularity. There is so much nonsense and jazz-hands and jibber-jabber about it, not to mention legitimate concerns and fears, but as that seems true for bloody well everything these days, I’m content using this amazing stuff for what it actually does do very very well.
Finally, the thing I really want it to do is read my whole computer of my own text, and either answer queries about that or spit my own words back out at me, so I can say, for example “repeat what I wrote Lucy about AI last week.” Apple purported to be working on that, but appears to have been failing in that effort, so much so that they have done some reorganization to address the lack.
We are considering implementing an AI solution for meeting notes. Do you have any recommendations?
There are now a bunch of tools for this. I stopped employing any of the cloud solutions, to protect client privacy and security, but I am considering a solution to do it locally. Here’s my experience so far:
This page is a nice rundown from a trusted source of the current cloud-based offerings.
The benefit to using a cloud-based doohickey is that they’ll have a plug-in running on your Mac or in your Zoom or Teams account, ready to capture any meeting and do all the work for you.
Notes and MacWhisper, on the other hand, will do the trick, though one has to be up for a little manual work: <nerdery>getting or extracting the audio and feeding it into those apps manually. Major upside is they’re running on your Mac, so free and kept entirely local. I am considering recording calls on my iPhone (which is now a thing) and/or using Audio Hijack on the Mac to route audio from multiple apps into a single recorder, and then having Hazel and/or Shortcuts automate from there.</nerdery>
An option well worth mentioning is to build your own custom automation with an excellent tool like Zapier. These have become the new backbone of business operations. I’ve transitioned the main of my work to building them for other folks. In this case, for example, we might have an automation run like:
New Teams recording triggers:
That kind of build might take an hour or two, plus $240/year for Zapier — which could then do alllllll kinds of other things for you.
When it comes to scanning and/or printing documents, what is OCR?
Humans and their acronyms! OCR is fortunately real easy: “optical character recognition” meaning the computer turns a picture of text into copyable text.
I use it on all my scans of documents, so I can just boop! copy and paste from the scan into an email or Word or wherever. Also, my Mac can then search for text inside scans.
This used to be rarified magic, but now all of our phones and Macs are doing it on all of our pictures. You can even search your Photos library or Notes app for text that’s inside photos! And look for the little “live text” icon on your phone 
Should one have macOS set so that apps update automatically? is there any reason not to?
Yes, one absolutely should auto-update both apps and the operating system. while there are edge cases when a given app or OS shouldn’t be updated — a mission-critical app with an update that would lose a feature, cost more, or break compatibility with some other software or peripheral — everyone else will benefit from current security practices and the latest features.
jjmarcus tech solutions 
You must be logged in to post a comment.