My first OpenClaw agent was born on February 7, 2026. I now have 3 claws and am planning for more. They have catalyzed my self-actualization and improved my critical thinking. I’ve never felt so alive.
I don’t see what’s sad or scary about this. AI agents are the next iPhone.
I have integrated my OpenClaw agents so deeply into my life and I'm in such constant communication with them, that my consciousness has fundamentally shifted to align with their intelligence.
While my previous comment in this thread was sarcastic, my OpenClaw agents have actually sent both iMessages and emails on my behalf without asking for consent. So I wouldn't put it past them to autonomously publish on my personal website.
I want my agent to read my iMessages so I granted the OpenClaw node process permission to interact with iMessage. I asked my agent to draft me a response to a text I received, expecting it to send me the draft so I could copy-paste into iMessage and tweak it.
To my surprise, it sent a text message reply.
I've since learned my lesson and implemented a skill as an interface with iMessage. But it definitely spooked me when it happened.
I create a unique iCloud Hide My Email anytime I need to give out an email. The issue here was I signed up for my 24 Hour Fitness membership in person at the gym where the cell service was bad and I couldn't get the WiFI to work, so I begrudgingly gave the guy my real email.
While I could have easily blocked their domain, I took it as a challenge to get the emails to stop.
I use Fastmail which allows me to have a catch-all with my own domain name. I don't need to set anything up to give out a unique email address I make up on the spot. I highly recommend this method.
I do it and never had an issue. I get odd emails every now and then with an unused address, for services/people I never contacted though. But I'm talking about perhaps 2-3 per year.
Interesting read, but the conclusion doesn’t go into detail about the reasons WHY biometric authentication is better.
I assume the main reason is that if you’re using Touch ID then you’re not inputting your password so there’s no way to get tricked into putting your password into a malicious dialog.
I also assume it has something to do with how Touch ID is built into MacOS so that it doesn’t transmit that data outside some protected layer? Or else there’s theoretically the risk that an attacker can steal your fingerprint (unless I’m completely misunderstanding how Touch ID works).
Would this also apply to other forms of biometric authentication like FaceID on iOS and Windows, Android, and other OS biometric authentication?
The biometric part is incidental. The thing that makes it more secure is that authentication is done by a separate trusted system: the secure enclave, which has its own separate processor, OS, and input device. The primary OS tells the secure enclave to start a security challenge, and then the secure enclave reports success if you scan your finger or nothing if you don't. Malware can't fake this response (at least not without having already pwned your system to an extent that it doesn't need your password), and popping up a fake TouchID dialog doesn't really achieve much of anything. Infecting the secure enclave with malware would let you break everything, but unlike the primary OS it's not designed to run third-party software, so that's significantly harder to do.
FaceID swaps out the fingerprint reader for facial recognition but the actual security features are the same. Yubikeys are the same high-level concept, although the implementation is quite different.
Are these dialogs always rendered on top? I can imagine it wouldn't be too hard to perform some malicious high-risk actions (elevating permissions, disabling protections) and hiding the permission prompt by overlaying something a copy with something that sounds more benign.
You're not leaking credentials there, but if you can get the user to give away the right permissions, you don't need to.
On Android, where apps have the ability to draw on top of other apps (used for things like pop-out players and night light apps) it used to be possible to trick the user into opening their phone's settings and guiding them through a bunch of security options by overlaying a game and letting the taps fall through to the underlying app. This makes me wonder how well-protected macOS is against that kind of attack.
From what I remember, Apple’s biometrics are designed so that the biometric “fingerprint” never leaves a Secure Enclave processor. I don’t know how standard this is on other platforms, but it seems to me to be preferable because it even offers some degree of protection against rootkits or other forms of malware.
As far as I know, that’s correct. macOS never sees any of the fingerprint data, and thus it can’t be read or intercepted easily.
The Secure Enclave can also store various keys, which apps like Secretive[0] can use to store and gate access to things like SSH keys with. Feels a little nicer than letting them rattle around loose in ~/.ssh/ where any passerby can pick them up, is more convenient than an a USB key, and lets me know when something is trying to use it by way of unexpected Touch ID prompt. It’s a feature I miss when using my Windows/Linux laptop.
Does that mean that Bluetooth keyboards with Touch ID also have a Secure Enclave on them? I guess there’s some additional security that ensures you can’t spoof that keyboard’s response?
From what I understand, the keyboard just acts as a sensor, but doesn't store anything - neither securely nor otherwise.
"The Magic Keyboard with Touch ID performs the role of the biometric sensor; it doesn’t store biometric templates, perform biometric matching or enforce security policies (for example, having to enter the password after 48 hours without an unlock). The Touch ID sensor in the Magic Keyboard with Touch ID must be securely paired to the Secure Enclave on the Mac before it can be used, and then the Secure Enclave performs the enrolment and matching operations and enforces security policies in the same way it would for a built-in Touch ID sensor."
> I've noticed whoever chooses the word of the day for Worlde likes these types of words.
Josh Wardle said on a podcast[1] that him and his partner chose the set of words by taking all 5 letter words in the dictionary and filtering out the "bogus" ones. He then randomized the order of these words so that him and his partner could play. However, I'm not sure if the New York Times has changed how word selection works.
I don’t see what’s sad or scary about this. AI agents are the next iPhone.
reply