By Glenn Fleishman

December 29, 2025 8:40 AM PT

Report a mistake

You spin me right round (like a Wi-Fi identifier)

It seems like everyone—hackers, governments, corporations—want to track everything we do online and in the physical world. Apple has a multi-year history of rolling out new methods of deflecting, deterring, or blocking new forms of unwanted tracking. One that may have slipped under your radar could affect how your devices connect and stay connected over Wi-Fi at your home or office and while using hotspots on the ground or in the air.

Called Private Wi-Fi Address by Apple, it’s really just one example of a more generic kind of networking component that dates back decades, tracing its roots to Ethernet addressing over local networks. Network interfaces need a way to identify themselves, so that when one device wants to send information to another, it can stamp a data packet uniquely so that the recipient device will receive it.

A big MAC attack

On local area networks, or LANs, that method is a MAC: Media Access Control address. The MAC is one of several layers in a network model. The important aspect of this model is that each layer is “responsible” for a different task. The lowest layer in the simplest model covers the physical interface, like Wi-Fi or Ethernet, and how data packets are addressed to traverse that layer.¹

The MAC address—distinct from a Mac’s address—defines a network interface uniquely. If you have several interfaces on your device, like Ethernet, Wi-Fi, Ethernet-over-Thunderbolt, and so forth, each has its own MAC address.

For fixed devices, like desktop computers and routers, having an unchanging MAC address doesn’t give much away, because the MAC addresses can only be seen on a LAN. That address is stripped when traffic is routed over the Internet, which uses Internet Protocol (IP) addresses, which operate at a higher network layer.

The emergence of laptops and, more so, mobile devices like phones, tablets, and oodles of other gear that connects to Wi-Fi whenever they can means that it’s far easier for people and organizations to sniff the MAC address of a device. Whenever that device connects successfully to a wireless LAN (WLAN), its MAC address is exposed.

Now, that doesn’t sound so bad. Except that people with insidious goals—criminal or marketing—who have access in the LAN and to Web sites can associate your MAC address with certain activities you might perform. This requires the collaboration (or subversion) of companies offering Wi-Fi access with marketers who infer individuals’ identities by actions they connect. This might allow them to know who you are, where you are, and some of what you’re doing.

As Apple explains it, “If the device always uses the same Wi-Fi MAC address across all networks, network operators and other network observers can more easily relate that address to the device’s network activity and location over time. This allows a kind of user tracking or profiling, and it affects all devices on all Wi-Fi networks.”

Private Wi-Fi Address provides a deterrent effect by taking that fixed, unique MAC address, and changing it from time to time.

Long before Apple introduced this option—I think back in the early 2000s—I remember reading up on how Linux and Windows users had utilities that let them change the MAC address on their Wi-Fi adapters for improved anonymity. Having that process automated as a privacy feature feels like a big step up.

However, it can bite you, as you don’t always want to appear like a unique device every time the MAC address shifts over. Apple offers controls that can help.

Each network, a new MAC Address

For starters, with your iPhone, iPad, or Mac, Apple automatically generates a unique private MAC address for two kinds of Wi-Fi networks:

• Networks with no password: These are typically publicly available ones that may be completely open, or require a click to agree to policies and join (or an email address or other personal information) or payment to use.
• Networks with weak security: While the oldest form of Wi-Fi network encryption is essentially dead, a slightly newer form, the original WPA flavor, remains in use while having many weaknesses.² WPA2 and WPA3 are considered strong.

This prevents tracking across networks that attempt to associate your behavior. In the two cases above, the default setting for Private Wi-Fi Address is Rotating: the MAC address changes about every two weeks. Apple offers Off, in which your actual physically assigned MAC address is used, and Fixed, which creates a MAC address for a network and then never changes it.

Because sometimes you want to keep the address the same over time, you might switch from Rotating to Fixed or even Off. Public networks often track you over time not for nefarious purposes, but because they’ve added your MAC address to their approved list and you don’t have to authenticate again! If you trust the network, you may want to change the setting for it to Fixed. I believe that some airline Wi-Fi is quite sensitive to MAC addresses, and setting those networks to fixed can keep you connected and prevent session expiration.³

Here’s where to make the change:

• On a Mac, go to Apple Menu: System Settings: Wi-Fi. Click Details next to an active network or click the More… button next to another listed network and choose Network Settings. You can then choose Fixed or Off from the “Private Wi-Fi address” menu.

• On an iPhone or iPad, open the Settings app, tap Wi-Fi, and then tap the info (i) icon to the right of a network in the main Wi-Fi list and change the MAC rotation from the Private Wi-Fi Address menu.⁴

Note that the Wi-Fi/MAC address appears below the Private Wi-Fi Address menu in each of these views. If you need to provide a MAC address to a network administrator, after setting it to Fixed, copy that address. If your address is set to Fixed on your own network, or you change it to Fixed, most routers let you use a MAC address to assign a specific local private IP address—or, for kids, control their access to the Internet!

For further reading

I address (sorry) private Wi-Fi addresses and many other practical and security issues in two books:

• Take Control of Securing Your Apple Devices offers a broad overview of iOS, iPadOS, and macOS security largely from the perspective of protecting access to your physical devices and intrusion into them from people, apps, and Web sites, and protecting data at rest.
• Take Control of Wi-Fi Networking and Security goes deep on setting up and tweaking Wi-Fi networks, while keeping them as secure as you want them to be.

[Got a question for the column? You can email glenn@sixcolors.com or use /glenn in our subscriber-only Discord community.]

[Glenn Fleishman is a printing and comics historian, Jeopardy champion, and serial Kickstarterer. His latest books are Six Centuries of Type & Printing (Aperiodical LLC) and How Comics Are Made (Andrews McMeel Publishing).]

By Jason Snell

December 26, 2025 9:00 AM PT

Report a mistake

Wish List: A more flexible Apple display strategy

I’ve been thinking about Apple’s relationship with computer displays lately. Maybe it was the report that the iMac Pro might somehow return, combined with John Voorhees of MacStories detailing how he gave up the Studio Display for an ASUS monitor? And, of course, there’s the prospect that we may be seeing new Apple-made standalone displays in 2026.

I don’t want to go back to a world where Apple no longer makes standalone displays. But that said, I think the company’s approach to display technology needs a serious upgrade.

Let’s start with the entire concept of the iMac. Back in the day, you could repurpose a non-retina iMac as an external monitor via a feature called Target Display Mode. When the iMac went to 5K in 2014, that feature got dropped because a retina display has a lot of pixels, and we just didn’t have the technology to connect a 5K display to an external device.

But we do now. My MacBook Pro can drive an 8K display and two 6K displays at 60Hz. It can drive a 240Hz 4K display. It can drive three 6K displays and a 4K display at 60Hz. This is a solved problem. And yet modern iMacs still can’t be repurposed as external displays.

The Apple silicon era is great, but there is no doubt that a modern M4 iMac will become slow and outmoded long before its 4.5K display wears out. As I wrote a couple of years ago:

It’s already a little painful to think about how wasteful an all-in-one computer can be, given that displays can have lifespans vastly longer than the computers they’re attached to. Apple could assuage a lot of that frustration if it would engineer the iMac to double as a display for another device. Given the company’s commitment to the environment, perhaps it’s time to build a new Target Display Mode.

I’ll point out that the Studio Display, Apple’s nearly four-year-old 27-inch 5K display, is powered by an A13 Bionic chip running a version of iOS. Apple should absolutely be able to design any all-in-one Mac it sells with the ability to be placed in “display mode” and accept Thunderbolt input. Surely any modern Apple silicon processor could handle running the same software that’s in the Studio Display.

And as John Voorhees pointed out, the Studio Display itself is not so hot. Voorhees wanted a display that could do more than just display the contents of a Mac. His ASUS display might be a little lower-resolution than a Studio Display, but it accepts HDMI and DisplayPort input, allowing him to hook up a gaming PC, console, or Apple TV as well as his computer.

Anyone who has tried to use the Studio Display for literally anything other than hooking it up to a Mac or iPad will tell you that it’s a nightmare. Why is such a display—still too expensive, and long surpassed in specs by numerous other displays—so inflexible? I’d be much more inclined to buy a new Studio Display if I knew it could be used by other devices. Or if it supported AirPlay. (Yes, you can AirPlay to a Mac—but that’s a really limited use case.) If these displays are going to be powered by iPhone-class processors, they should be more capable!

I’ve bought two Studio Displays. There are a lot of advantages to using an Apple display. But this is an area in which Apple is doing its own brand dirty. The next Studio Display needs to be more flexible, and if Apple introduces a big-screen iMac that can’t ever be used by any device other than its own embedded, non-upgradeable Mac, that will be a tragedy.

By Joe Rosensteel

December 23, 2025 10:38 AM PT

Report a mistake

When you give tech gifts, also give the gift of installation

‘Tis the season to be harried. There’s a work thing, a friend thing, some poor sucker has a birthday in December, shopping for food, shopping for presents, donations, shopping for food again because you forgot something… The list of things to do is endless. So when you do get a gift lined up for a loved one, and it’s something from a premium electronics brand like Apple, you might feel like you’ve done your job. The recipient will be so excited to open that new Apple Watch for the holidays, but remember that they may not really be prepared for a multi-part setup process.

I’ll share a slightly cautionary tale of giving myself an Apple Watch Series 11 as a combination Christmas and “It’s too bad my birthday is close to Christmas” gift.

The battery on my Apple Watch Series 7 was no longer lasting the day, and that is the primary reason to upgrade an Apple Watch these days. Whomever you’re gifting an Apple device to is probably in a similar situation, where it’s mostly the battery or physical damage, so it seems like a straightforward gift.

First of all, the new Watch paired with my iPhone just fine, but it needed to download and install watchOS 26.1. That took forever, and it lacked an accurate estimate of when user intervention would be needed again.

Sure, there are several spans of time that are mentioned, but it might as well be a random number generator. I just kept checking my iPhone over and over by unlocking it, and waiting for the interface to refresh to tell me what cryptic step it was on.

That’s a really crummy experience, since the iPhone and the Watch need to be near each other, and the Watch needs to be on a charger. Keep in mind that a charging cable is included with the Watch, but there’s no power adapter. You might want to have a charging block on hand, and potentially the means to keep their iPhone charged, too, if you don’t want to have to keep leaving your holiday celebrations to check on the installation, pairing, and restore process.¹

Don’t merely hand a boxed Apple Watch to your loved one before you walk out the door, or they hop on a plane. Part of your gift is this annoying setup.

Second of all, after watchOS 26.1 was installed, the pairing process froze. I needed to back out of it on my iPhone, complete with a dire warning that my Watch would be reset to factory settings. There was little choice, so I resigned myself to it. This got the iPhone in a state where the Watch app said it was unpairing with my Watch for about 10 minutes. Once that was finished, the iPhone and Watch were able to start the pairing process again, but did not have to redownload and install the latest watchOS. In total, this was an hour and a half of my time.

Third, even though it’s supposed to migrate your data and settings from your old Watch, it doesn’t do that in its entirety.

Reauthorizing credit cards for Apple Pay means taking out each credit card and entering the security code information. Also, as it turns out, you need to make sure the default credit card for Apple Pay doesn’t get changed, and confirm that express transit is set to the correct card. Neither was correct for me when I upgraded from Series 7 to Series 11. I spent a couple of days using another card that was the same color as my default card before I realized it was wrong.

There’s no way to skip some of the helpful onboarding dialogs, even if the person is migrating from a recent Apple Watch. My old watch was running watchOS 26.1, but I still got the whole walkthrough about how the Digital Crown works, and the Workouts app still wanted to explain the “new” Workouts app I had already been using. These are minor annoyances that require no guidance from you, but rest assured that Apple just doesn’t care if someone has already gone through these steps.

I have the Tips app set to never, ever, ever give me tips about anything, and yet that was reverted to helpful pings about how Apple Watches work. If the person you’re gifting an Apple Watch to finds these useful, then that’s fine, but if they don’t, they will really appreciate it if you dig into the Watch app’s notifications tab for them.

After the watch was allegedly ready to go, my Modular watch face was missing all of my complications, and there didn’t seem to be any way to force it to reload them. They did appear when I checked again an hour later, but nothing is reassuring about it. If you notice something is missing, then preemptively tell the person that you’ll leave it on the charger for a little bit and wait for it to finish doing some background tasks. Again, adding to that hour and a half to two hours you might have already spent.

The final thing that will spring up on their new Apple Watch are permissions authorizations. Those are not restored from the old watch, and they don’t happen during the setup process. They reveal themselves only if something is invoked that requires those permissions.

For example, when I got into the car and used Siri to pull up directions in CarPlay, my wrist buzzed that Maps wanted access to my location information. It was not safe for me to fiddle with my wrist watch while I was driving on the freeway, so I didn’t get any of the helpful little wrist buzzes for turns. It’s not a huge deal, but maybe just pop Maps open for them before they go out into the world.

Remember that as a technology enthusiast, your gift giving is not the money you spend on the gift, or physically wrapping and handing them a box, but in supporting them to actually enjoy their present instead of being frustrated by some of the technical hiccups. If you’re not ready to go through with helping them set up Apple products, maybe get them some pears from Harry & David instead?

[Joe Rosensteel is a VFX artist and writer based in Los Angeles.]

By Glenn Fleishman

December 22, 2025 1:37 PM PT

Report a mistake

AirDrop codes allow temporary persistent contact

With the release of iOS 26.2, iPadOS 26.2, and macOS 26.2, Apple has tweaked its AirDrop protocol once again, adding an additional bar to sending items to other people through this wireless service when you are not in their contact list. Instead of just tapping or clicking, you must exchange a code. The new AirDrop code provides more privacy (and security), and even creates a temporary contact entry for a party agreeing to receive material.¹

However, it makes it even harder to use AirDrop in an ad hoc fashion—sending or receiving items quickly with another person a single time or a few times when permission is granted.

How did we get here? And how does AirDrop code work in practice? Let’s dig in.

I will turn this plane around

Apple had a problem with AirDrop. Even as the company made the proximity-based protocol for sending files, links, and images work consistently—after years of complaints—people persisted in using it for harassment or trolling. If you left AirDrop’s receive setting tuned to Everyone, you might get unwanted images, including photos of private parts.²

In 2022, a Southwest Airlines pilot told passengers he was going to return the plane to the gate if they didn’t stop using AirDrop to send unsolicited nude pictures. “Whatever that AirDrop thing is — quit sending naked pictures. Let’s get yourself to Cabo,” he was recorded saying on a TikTok video.

Possibly in response to that, and possibly due to reported but unconfirmed demands by the Chinese government, Apple changed the iPhone and iPad receiving option “Everyone” to “Everyone for 10 Minutes.” After 10 minutes, the setting reverted to Contacts Only. (You can also disable receiving items via AirDrop entirely.)

That 10-minute period ostensibly let you provide an opening for someone else to transmit something to you via AirDrop without providing a longer time period in which you might receive unwanted images. (I have to expect that most trolls and creeps using AirDrop to send such stuff gave up on it when there wasn’t a massive list of available destinations anymore.)

(In iOS 17, Apple also added a way to verify that two iPhones can exchange AirDrop transmissions by holding them next to each other. That proximity generates a bubbly visual effect and grants permission for a transfer, so long as you have Start Sharing By Bringing Devices Together turned on in Settings: General: AirDrop.)

With the introduction of AirDrop codes in the 26.2 releases last week, the AirDrop verification process has changed further. Instead of a recipient enabling Everyone for 10 Minutes on an iPhone or iPad or Everyone on a Mac and then being able to accept items one at a time after that, you have to take an additional step to send or receive material.

One more step in the permissions dance

An AirDrop code effectively prevents an unknown party from sending without authentication, as the code is now required for any attempt to transmit an item to someone who doesn’t have the sender in their contacts.

The requirements for an AirDrop code are as follows:

• Both parties have a 26.2 release installed.
• The recipient has enabled Everyone for 10 Minutes/Everyone.
• The sender is not in the recipient’s contacts by the identity used with AirDrop.

You cannot disable the use of an AirDrop code.

Here’s how the process works:

1. The recipient sets AirDrop to Everyone for 10 Minutes (on iPad or iPhone: Settings > General > AirDrop) or Everyone (on Mac: System Settings > General > AirDrop & Handoff). (You can also use Control Center’s AirDrop widget.)
2. A sender tries to send a file, image, or other item over AirDrop to the recipient.
3. The recipient has a notification appear on their device. Tap or click Get AirDrop Code. To turn down the request, tap the X close button on an iPhone or iPad, or click Not Now on a Mac.
4. If you chose Get AirDrop Code, the recipient sees a six-digit code appear with a message that lists the other party’s name as it’s shared. The recipient provides that code to the sender to proceed.
5. The sender enters the code (or taps or clicks Cancel to exit). In testing, I was able to get a Mac to accept a code generated on an iPhone, but no matter what I did, the iPhone would not accept a code generated by the Mac; I assume this is either particular to my system or a bug soon to be fixed.
6. Once the code is accepted, the normal Contacts Only style of AirDrop ensues, where the recipient must accept or deny the incoming item.

With the process successful in step 6, the sender is added for 30 days to a Other Known list within contacts, allowing future AirDrop transmissions within that period when the recipient’s AirDrop is set to Contacts Only. This list includes any contacts in FaceTime, Messages, or Phone that you’ve marked as known from the Unknown Callers/Senders or Spam categories.

To remove the contact before 30 days is up, go to Settings > General > AirDrop and tap Manage Known AirDrop Contacts or System Settings > General > AirDrop & Handoff and click Manage next to Known AirDrop Contacts.

Extra friction in a service designed to be smooth

Adding friction to AirDrop seems to run counter to the simplicity of how it is supposed to work. For sending in circumstances like protest rallies or other semi-anonymized gatherings, it definitely provides more grit, something desired by authoritarians. Is this another potential nod by Apple to repressive governments? There’s a case to be made, though the 10-minute limit already restricted AirDrop’s utility in such cases tremendously.

Because this code method allows 30 days of sending after using a code, it offers some balance between unwanted contact and persistent availability in the vast majority of cases in which AirDrop is used.

[Got a question for the column? You can email glenn@sixcolors.com or use /glenn in our subscriber-only Discord community.]

[Glenn Fleishman is a printing and comics historian, Jeopardy champion, and serial Kickstarterer. His latest books are Six Centuries of Type & Printing (Aperiodical LLC) and How Comics Are Made (Andrews McMeel Publishing).]

By Jason Snell

December 18, 2025 2:42 PM PT

Report a mistake

Apple is forcing iPhones to update to iOS 26 to patch security holes

I wrote earlier this week about the important security updates Apple just rolled out in its 26.2 operating system updates. Among the security fixes are two zero-day bugs affecting WebKit, the browser engine that drives Safari. According to Apple, “this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

Pretty serious. There are also many other security fixes, including (as I mentioned) a major Messages privacy leak. When a serious security update comes out, users should update. It’s just the smart move.

Apple generally tries not to leave behind users who haven’t updated or can’t update to the latest OS version. Apple also usually offers security updates for past OS versions, and indeed, the company also released iOS 18.7.3 to address the same issues.

Unfortunately, there’s an ugly catch: Numerous iPhone users have reported that if your iPhone is capable of running iOS 26 but you’re still back on iOS 18, you won’t be offered iOS 18.7.3. Instead, the only update option you’ll be given is iOS 26.2.

There are a lot of reasons to avoid updating to iOS 26, from a dislike of Liquid Glass to software compatibility to a general wariness to install major updates for a while. This move effectively forces users to take the iOS 26 upgrade if they want the security updates. (iPhones not capable of running iOS 26 are offered the 18.7.3 update. iPads seem to be unaffected.)

This isn’t great. Apple shouldn’t be withholding a security update from people not willing to upgrade to the next OS version. I don’t know if this is an error, bug, or policy decision, and as of this writing, Apple hasn’t responded to my questions about this issue.

Several users have reported to me that a workaround is to sign up for Apple’s public beta program and opt in to the iOS 18 public beta track, at which point you’ll be offered 18.7.3. Seems like a long way to go just to get security fixes.

In general, Apple is very good about supplying security updates to older operating systems, so all its users can stay protected. But in cases like this, users should never be forced to choose between ignoring a security update and updating to an OS version they’re not ready for.