How to move all your data to your new iPhone
 by Amelia Holowaty Krales / The Verge

If you’re one of the many who have just gotten Apple’s new iPhone 1111 Pro, or Pro Max, congratulations! You’re going to want to try out your snazzy new phone as soon as you open that box. But first, you need to get all of the apps and data from your old iPhone onto your new one.

It’s actually very easy — in fact, if your current phone has iOS 12.4 or later, it’s easier than ever. (If your phone has a version of iOS earlier than that, don’t worry; just follow the instructions in the article we ran last March.)

The difference between now and then is that the process of moving your data used to involve restoring it from an iCloud or iTunes backup. Now, you don’t have to bother with that backup (although backing up your stuff is always a good idea). You can move your apps, data, and ID over to the new phone directly with what Apple calls iPhone migration.

Here’s how.


  • Start up your new phone. You’ll be asked a couple of initial questions (such as what language you want to use) and then you’ll be invited to transfer data from another phone, if you want.
  • Put your old phone near your new one. Make sure both phones are plugged in (you don’t want them running out of power in the middle of the data move).
  • When the connection is made, your new iPhone screen will display a pattern and your old phone will open its camera and display a blank circle in the middle of the screen. You’ll be asked to hold your new iPhone up to the camera of your old one so that the pattern is centered in the circle.
  • You’ll then be invited to move your attention to your new phone to finish the setup.
  • Enter your Apple ID when asked; you may also be asked whether you want to setup Face ID or Touch ID.
  • There will be several screens to go through before the transfer begins, including the usual terms and conditions, whether you want to share your location and your analytics, and whether you want to set up FaceTime, iMessage, and Siri.
  • Once you’ve made all your choices, the transfer will begin. The phone I was moving from in this test hadn’t been used much, so it only took about six minutes; a well-used iPhone with lots of apps and data on it will probably take much longer.
  • Sign in to your new iPhone again and you’re done!


One advantage of Apple’s updated migration feature is that you can also use a cable to transfer the data. If you’ve got especially slow Wi-Fi, a wired connection may make the transfer faster, although ironically, during my test, it increased the download time from a little under six minutes (using the wireless method) to nine minutes and 40 seconds. However, if you’re having any trouble with the wireless transfer, this could be a good alternative.

For a wired connection, you’ll need a Lightning to USB 3 camera adapter and a Lightning to USB cable.

  • As with the wireless method, start up your new phone and go through the initial questions until you get the invite to transfer data from another phone.
  • As before, put your old phone near your new one and make sure both phones are plugged in.
  • Connect the Lightning to USB 3 camera adapter to your old phone. Connect the Lightning to USB cable to your new phone. Join the two cables together using the adapter. Power the adaptor through its Lightning port.
  • After that, follow the same directions as above, including using the camera to find the pattern, and answering all the setup questions.
  • You’ll know that the phones are using the wired setup because once the transfer starts, there will be a small “cable” between the two phone icons on the screen.

Whichever method you choose, enjoy your new iPhone.

Power Grid Cyber Attack


This week saw some aftershocks from recent revelations about a large-scale iOS hacking campaign. Brokers of so-called zero day exploits—the kind that companies haven’t yet patched—have started charging more for Android hacks than iOS for the first time. And Apple finally released a statement that both criticized Google’s characterization of the attacks and downplayed the significance of the targeted surveillance of at least thousands of iPhone owners.

We took a look at a bug in Supermicro hardware that could let hackers pull off a USB attack virtually. Google open-sourced its differential privacy tool, to help any company that crunches big data sets invade your privacy less in the process. And speaking of privacy, we detailed the 11 settings you need to check on Windows 10 to preserve yours.

And while it feels like forever ago that Jack Dorsey’s Twitter account got hacked, it’s worth revisiting exactly how it happened. (Twitter this week closed the texting loophole at the heart of it.) We also took a look at Jeremy Renner’s content moderation woes. Bet you weren’t expecting to see that sentence in your lifetime.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.

Hackers Hit the US Power Grid With a Cyberattack

Let’s not overplay this: There was no blackout, and it’s not even clear that it was a specifically targeted attack. But hackers did use firewall vulnerabilities to cause periodic “blind spots” for grid operators in the western US for about 10 hours on March 5. It’s the first known time a cyberattack has that kind of disruption—which, again, did not affect the actual flow of electricity—at a US power grid company. The incident was originally referenced in a Department of Energy report in April, but only in vague terms. A new North American Electric Reliability Corporation document described it in more detail, including the type of vulnerabilities that let hackers compromise the web portals in question. No need to panic about this incident specifically, but given the extent to which Russia and others continue to probe the power grid, it’s an unsettling reminder that weaknesses are out there.

A security researcher found a database containing 419 million or so phone numbers associated with Facebook accounts, yet another in a long string of Facebook losing control of the sensitive data with which you entrust it. Facebook told TechCrunch that the data set is “old,” which isn’t especially useful, for the obvious reason that most people don’t change their phone numbers very often.

Through public records requests, Motherboard has determined that when you give your name and address to the DMV, some of those agencies will sell it to private investigators. Several DMVs told Motherboard that at least they don’t also sell user photos and Social Security numbers, which, thanks? But they do sell records for as little as a penny. And all of this is somehow legal! Something else to fume about the next time you’re in line for a registration renewal.

According to court documents uncovered at Forbes, federal investigators have requested that Apple and Google turn over information about people who downloaded a gun scope app Obsidian 4. That’s at least 10,000 on the Google Play Store alone. It’s part of a broader look into potential breaches of weapons export regulations, but privacy advocates have raised understandable concerns over the many thousands of totally innocent people who would be caught up in such a sweeping request.

Beloved internet comic XKCD had its fan forums breached recently; 560,000 usernames, email addresses, and IP addresses were taken. That makes it a relatively small hack in the grand scheme of things, but still disappointing that someone chose that as a target. XKCD is great, leave it alone!

Deep Fakes. What are they?

SUSAN SONTAG understood that photographs are unreliable narrators. “Despite the presumption of veracity that gives all photographs authority, interest, seductiveness,” she wrote, “the work that photographers do is no generic exception to the usually shady commerce between art and truth.” But what if even that presumption of veracity disappeared? Today, the events captured in realistic-looking or -sounding video and audio recordings need never have happened. They can instead be generated automatically, by powerful computers and machine-learning software. The catch-all term for these computational productions is “deepfakes”.

The term first appeared on Reddit, a messaging board, as the username for an account which was producing fake videos of female celebrities having sex. An entire community sprung up around the creation of these videos, writing software tools that let anyone automatically paste one person’s face onto the body of another. Reddit shut the community down, but the technology was out there. Soon it was being applied to political figures and actors. In one uncanny clip Jim Carrey’s face is melded with Jack Nicholson’s in a scene from “The Shining”.

Tools for editing media manually have existed for decades—think Photoshop. The power and peril of deepfakes is that they make fakery cheaper than ever before. Before deepfakes, a powerful computer and a good chunk of a university degree were needed to produce a realistic fake video of someone. Now some photos and an internet connection are all that is required.

The production of a deepfake about, say, Barack Obama, starts with lots of pictures of the former president (this, incidentally, means that celebrities are easier to deepfake than normal people, as the internet holds more data that describe them). These photos are fed into a piece of software known as a neural network, which makes statistical connections between the visual appearance of Mr Obama and whatever aspect of him you wish to fake. If you want to go down the ventriloquist route and have Mr Obama say things that the man himself has never said, then you must direct your software to learn the associations between particular words and the shape of Mr Obama’s mouth as he says them. To affix his face onto another person’s moving body, you must direct the software to learn the associations between face and body.

To make the imagery more realistic, you can have the software compete with a copy of itself, one version generating imagery, and the other trying to spot fakes. This technique, known as a generative adversarial networks (GAN), is the purest form of deepfake, conjuring up images that are entirely unique, not just using machine learning to mash existing photos together. The image-generating software will keep improving until it finds a way to beat the network that is spotting fakes, producing images that are statistically precise, pure computational hallucinations—even if still dodgy to the human eye. The computer can generate images which are statistically accurate representations of a dog, for instance, while still not quite understanding the visual nuances of fur. Currently this lends GAN images a creepy edge, but that is likely to evaporate in future, as the technique improves.

The consequences of cheap, widespread fakery are likely to be profound, albeit slow to unfold. Plenty worry about the possible impact that believable, fake footage of politicians might have on civil society—from a further loss of trust in media to the potential for electoral distortions. These technologies could also be deployed against softer targets: it might be used, for instance, to bully classmates by creating imagery of them in embarrassing situations. And it is not hard to imagine marketers and advertisers using deepfake tools to automatically tweak the imagery in adverts and promotional materials, optimising them for maximal engagement—the faces of models morphed into ideals of beauty that are customised for each viewer, pushing consumers to make aspirational purchases. In a world that was already saturated with extreme imagery, deepfakes make it plausible to push that even further, leaving Ms Sontag’s “presumption of veracity” truly dead in the water.


Equifax – Take the money or the credit monitoring?


The ink was hardly dry on the press releases telling us we could get a check for $125 from the recent Equifax settlement when another put the brakes on the expectations of millions of Americans who were put at risk by the Equifax security breach. It just goes to demonstrate, once again, that you shouldn’t count your money until it’s actually in your wallet.

If you haven’t heard by now, don’t expect to get anywhere near that much (if anything) when checks are cut in January from the massive settlement.

Like many Americans, I took to my computer and logged into the settlement website when the cash payments were announced July 22. Sure enough, the website promised me, I would get $125 cash if I picked Door Number 1. Behind Door Number 2 was free credit monitoring. Unsurprisingly, most Americans just said, “Show me the money!”

But it wasn’t to be. Whether planners were optimistic, naïve or just took a shot in the dark, the $31 million set aside for actual cash payments was far too small to actually make the payments if more than 248,000 people filed claims. (By the way, $31 million is a drop in the proverbial bucket compared with the up to $700 million going to lawyers, government agencies and the few ordinary folks who can prove real damage.) The Federal Trade Commission hasn’t said how many have actually filed, but many sources indicate it’s already in the millions. And the agency no longer lists the $125 payment at the top of the claim form.

Simple math reveals that, if five million claims are filed, each check would be $6.20. The FTC has admitted that the average consumer’s check will be “nowhere near” the original $125 possibility.

“Pick free credit monitoring,” advised the FTC’s Robert Schoshinski in a blog post a couple of days after the initial press release. “The public response to the settlement has been overwhelming, and we’re delighted that millions of people have visited and gone on to the settlement website’s claims form,” Schoshinski wrote without a hint of irony.

Since the announcements, a torrent of complaints has erupted. “With just $31 million to be divided up by all the Americans who filed to receive their $125 check, Americans have the choice of receiving pennies for having their credit details spilled out online, or receiving virtually worthless credit monitoring,” said Sen. Ron Wyden, D-Oregon, in a statement. “Another clear failure by the FTC.”

But the FTC said there’s been a misunderstanding. “The option to obtain reimbursement for alternative credit monitoring, as set forth originally in the class action settlement, was never intended to be a cash payout for all affected consumers,” the agency said in a statement, and points out that the value of the credit monitoring being offered in the settlement is sold by Equifax for $1,200.

A lot more could happen with this story, depending on how many people file claims. It’s possible that the amount of reimbursement could be raised eventually and you’ll get your money, but that will take years.

If you can demonstrate you used your own money and time because of the breach, you can be reimbursed. Anything beyond 10 hours of time, however, must be documented. “You can still ask for reimbursement for any other credit monitoring you purchased after Sept. 7, 2017, or costs associated with credit freezes after that date, any losses due to identity theft, or any notary fees, long-distance phone call bills, postage, copying, or mileage involved in trying to deal with the fallout of the breach,” noted Slate’s Josephine Wolf.

If you’ve already filed a claim, you will likely be contacted soon by the company administering the settlement, offering you the opportunity to change your option and take out free credit monitoring after all. In light of this situation, some pundits suggest it might be a good alternative. And many experts suggest that freezing your credit for the near future is a good idea as well.