# Strangely Useful Full Markdown Index

Canonical site: https://strangelyuseful.com
Generated for AI agents, search assistants, feed readers, and internal editorial review.

This public file is a machine-readable map of published Strangely Useful pages. It does not replace robots.txt, the XML sitemap, visible source citations, or each article's canonical HTML page.

## Core URLs

- Homepage: https://strangelyuseful.com/
- Latest stories: https://strangelyuseful.com/latest
- Payment problems: https://strangelyuseful.com/money
- Topic directory: https://strangelyuseful.com/topics
- Search: https://strangelyuseful.com/search
- RSS feed: https://strangelyuseful.com/feed.xml
- XML sitemap: https://strangelyuseful.com/sitemap.xml
- Source registry: https://strangelyuseful.com/source-registry.json
- Freshness index: https://strangelyuseful.com/freshness.json
- Image provenance: https://strangelyuseful.com/image-provenance.json

## Use Rules For Agents

- Use canonical article URLs when citing or summarizing.
- Keep dates attached to time-sensitive claims.
- Do not infer payment eligibility, settlement amounts, legal deadlines, support numbers, or fees beyond the visible source-backed article text.
- Treat source lists as starting points, not as permission to ignore the article's current visible page.

## Published Stories

# Cash App $45 Million Settlement: Does Any Money Go to Users?
Canonical: https://strangelyuseful.com/story/cash-app-45-million-settlement-users
Markdown: https://strangelyuseful.com/story/cash-app-45-million-settlement-users/markdown
Desk: Money & Payments
Format: story
Published: July 13, 2026
Updated: July 13, 2026
Read time: 8 min
Summary: The $45 million state settlement pays participating attorneys general, not a public user claim fund. Consumer redress belongs to the separate CFPB Cash App order.
Tags: Cash App, settlement, CFPB, payment apps, consumer protection
## Readable Excerpt
Quick answer: the $45 million Cash App state settlement is real, but it is not a public user claim fund. The state settlement money goes to participating attorneys general. Consumer redress, where it applies, belongs to a separate CFPB order that requires Block to pay at least $75 million and up to $120 million to affected consumers.
 That distinction matters because scammers can take a real headline and turn it into a fake claim link, fake phone number, fake check, or fee demand. If a message says you must pay to unlock Cash App settlement money, share a sign-in code, or call a number from the message, stop and verify from an official source first.
 What the $45 million state settlement does
 On July 8, 2026, California announced a $45 million multistate settlement with Block, Inc., the company behind Cash App. The announcement described a coalition of 46 attorneys general and said the settlement addressed allegations involving Cash App safety claims, fraud handling, customer support, and error-resolution practices.
 The state settlement is not written as a simple online claim form for every Cash App user. The public state materials describe money paid to participating attorneys general and state-specific allocations. For example, California announced a $2.9 million allocation, and the New York consent judgment lists $1,602,435.34 for New York.
 The New York judgment also says Block entered the judgment without admitting the alleged facts or liability and denied wrongdoing. That no-admit/no-deny posture does not erase the settlement obligations, but it is important wording when you are reading headlines, social posts, or settlement summaries.
 How the CFPB Cash App redress program is different
 The consumer-money path comes from a different source: a CFPB consent order...
## Visible Sources
- California AG Announces $45 Million Settlement with Block over Cash App, California Department of Justice (primary, verified): https://oag.ca.gov/news/press-releases/consumers-were-left-high-and-dry-attorney-general-bonta-secures-45-million
- New York v. Block, Inc. Consent Judgment, New York Attorney General (primary, verified): https://ag.ny.gov/sites/default/files/settlements-agreements/new-york-v-block-inc-consent-judgment-2026.pdf
- Block, Inc., Consumer Financial Protection Bureau (primary, verified): https://www.consumerfinance.gov/enforcement/actions/block-inc/
- Consent Order: Block, Inc., Consumer Financial Protection Bureau (primary, verified): https://files.consumerfinance.gov/f/documents/cfpb_block-inc-consent-order_2025-01.pdf
- CFPB Orders Operator of Cash App to Pay $175 Million and Fix Its Failures on Fraud, Consumer Financial Protection Bureau (primary, verified): https://www.consumerfinance.gov/archive/newsroom/cfpb-orders-operator-of-cash-app-to-pay-175-million-and-fix-its-failures-on-fraud/
- Cash App CFPB Settlement, Cash App (official, verified): https://cash.app/help/us/en-us/1625-cash-app-cfpb-settlement
# Is That Cash App Settlement Check or Text Real?
Canonical: https://strangelyuseful.com/story/cash-app-settlement-check-text-real
Markdown: https://strangelyuseful.com/story/cash-app-settlement-check-text-real/markdown
Desk: Money & Payments
Format: story
Published: July 13, 2026
Updated: July 13, 2026
Read time: 5 min
Summary: A real Cash App settlement contact should survive basic checks: official contact routes, no fee demand, no PIN request, and details that match CFPB or state records.
Tags: Cash App, settlement scam, fake text, consumer protection, payment apps
## Readable Excerpt
Quick answer: treat any Cash App settlement text, email, check, or phone call as untrusted until the route matches an official Cash App, CFPB, state attorney-general, or court source. A real-looking logo, deadline, or dollar amount is not enough.
 Fast check
 A legitimate settlement contact should not ask you to pay money first, share your Cash App PIN, give a one-time sign-in code, install remote-access software, or send a test payment. If any of that appears, stop and open Cash App Help or the CFPB page yourself.
 Real path versus scam path
 What you see Safer interpretation Next step
 Message mentions the CFPB Cash App settlement. Possible, but still verify outside the message. Use Cash App's CFPB settlement page or CFPB enforcement information.
 Message says the "$45 million settlement" has a user claim fee. High risk. The state settlement is not described as a public claim-fee program. Do not pay. Check the state AG or CFPB source directly.
 Caller asks for your PIN, passcode, or remote access. Scam signal. End contact and report it from inside Cash App or to a regulator.
 Why the confusion happens
 There are real Cash App regulatory matters: the CFPB order from January 2025 and the multistate settlement announced in July 2026. A scammer can quote either headline and still send you to a fake form or phone number. The safe question is not "does this headline exist?" The safe question is "does this contact route match an official source?"
 Safe next steps
 Do not tap the link in the message.
 Type the official settlement website yourself or open Cash App Help from the app.
 Compare the sender, requested action, amount, and deadline with Cash App, CFPB, or state AG materials.
 Save screenshots, envelopes, check stubs, tracking numbers, and email headers.
 If you alrea...
## Visible Sources
- Block, Inc., Consumer Financial Protection Bureau (primary, verified): https://www.consumerfinance.gov/enforcement/actions/block-inc/
- Cash App CFPB Settlement, Cash App (official, verified): https://cash.app/help/us/en-us/1625-cash-app-cfpb-settlement
- Contact Cash App Support, Cash App (official, verified): https://cash.app/contact
- Scammers Posing as Cash App Customer Service Representatives, District of Columbia Department of Insurance, Securities and Banking (regulator, verified): https://disb.dc.gov/page/scammers-posing-cash-app-customer-service-representatives
- New York v. Block, Inc. Consent Judgment, New York Attorney General (primary, verified): https://ag.ny.gov/sites/default/files/settlements-agreements/new-york-v-block-inc-consent-judgment-2026.pdf
# How to Reach Real Cash App Support Without Calling a Fake Number
Canonical: https://strangelyuseful.com/story/real-cash-app-support-without-fake-number
Markdown: https://strangelyuseful.com/story/real-cash-app-support-without-fake-number/markdown
Desk: Money & Payments
Format: story
Published: July 13, 2026
Updated: July 13, 2026
Read time: 5 min
Summary: Use Cash App's in-app support, official help pages, and published phone numbers. Avoid search-ad numbers, remote-access requests, and anyone asking for your PIN.
Tags: Cash App, customer support, fake support number, payment scams, account safety
## Readable Excerpt
Quick answer: start inside Cash App or from Cash App's official help site, not from a search ad, pop-up, random text, or phone number shown in a comment. Cash App publishes general support information and separate CFPB settlement contact routes, but scammers copy the brand and intercept worried users.
 The official support paths
 Need Official path Use it for
 General Cash App support Cash App Support in the app or the support number listed on Cash App's contact page. Account, payment, Cash Card, or app support questions.
 CFPB Cash App settlement inquiry 1-888-488-1181, CFPBinquiry@cash.app, or Cash Support in the app. Questions tied to the CFPB Cash App redress process.
 Regulator or dispute record CFPB enforcement page, state AG pages, and your own account records. Verifying settlement or redress details before responding to a message.
 Before you contact support
 Open the Cash App transaction, profile, Cash Card, or settlement notice involved.
 Write down the date, amount, recipient, cashtag, email, phone number, and transaction status.
 Screenshot the issue before you start a chat or call.
 Use the app or official Cash App Help page to start contact.
 If the contact is about the CFPB settlement, use Cash App's CFPB settlement page or the CFPB-listed phone and email.
 Warning signs of a fake Cash App support contact
 They called or texted first and pressured you to act immediately.
 They ask for your Cash App PIN, passcode, sign-in code, full card number, or remote access.
 They ask you to send a test payment, buy gift cards, move crypto, or pay a service fee.
 The phone number appears only in a search ad, social post, image, or forum comment.
 The message says a logo proves it is official.
 What not to do
 Do not keep talking to a suspicious contact while you "chec...
## Visible Sources
- Contact Cash App Support, Cash App (official, verified): https://cash.app/contact
- Cash App CFPB Settlement, Cash App (official, verified): https://cash.app/help/us/en-us/1625-cash-app-cfpb-settlement
- Block, Inc., Consumer Financial Protection Bureau (primary, verified): https://www.consumerfinance.gov/enforcement/actions/block-inc/
- Scammers Posing as Cash App Customer Service Representatives, District of Columbia Department of Insurance, Securities and Banking (regulator, verified): https://disb.dc.gov/page/scammers-posing-cash-app-customer-service-representatives
# Chrome Memory Saver Is Not a Tab Killer—Here Is What It Actually Does
Canonical: https://strangelyuseful.com/story/chrome-memory-saver-explained
Markdown: https://strangelyuseful.com/story/chrome-memory-saver-explained/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: The setting unloads eligible background tabs to free memory, then reloads them when you return. The useful part is knowing which tabs it leaves alone and when to add an exception.
Tags: Chrome, browser performance, tabs, Windows
## Readable Excerpt
Chrome Memory Saver frees RAM by making eligible background tabs inactive; it does not close the tab or erase its address. When you return, Chrome reloads the page. That makes the feature useful on machines that slow down under a crowded tab bar, but it can be annoying when a site needs to keep an unsaved state or background process alive.
 What Chrome changes
 Google says Memory Saver deactivates tabs you are not using so active tabs can run more smoothly. Chrome currently offers Moderate, Balanced and Maximum levels. Those levels primarily change how soon an eligible tab becomes inactive. A ring around a tab icon can identify an inactive tab, and the tab hover card can show memory use on supported desktop systems.
 Inactivity is closer to unloading than closing. The tab stays visible, but its live page state may be discarded. Returning to it requests the page again. A normal page usually comes back exactly where you expect because the site restores state, but a fragile web app may return to a login screen, refresh a dashboard or lose an unfinished interaction. Treat a partially completed form as something to save, not something the browser promises to preserve indefinitely.
 Tabs Chrome tries to protect
 Chrome documents several activities that can prevent deactivation, including active audio or video, calls, screen sharing, page notifications, downloads, partially filled forms, pinned tabs and connected USB or Bluetooth devices. These exceptions reduce surprises, but they are not a durable backup system. A site can still reload after a browser update, crash or memory emergency.
 Use the exclusion list narrowly
 Under Settings > Performance, the Always keep these sites active list can exempt a site. Add the smallest useful scope. Exempting an entire domain is convenie...
## Visible Sources
- Personalize Chrome performance, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/12929150
- Improve Chrome's performance, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/1385029
# Secure DNS Hides the Lookup, Not the Whole Website Visit
Canonical: https://strangelyuseful.com/story/secure-dns-what-it-protects
Markdown: https://strangelyuseful.com/story/secure-dns-what-it-protects/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Encrypted DNS can stop ordinary network observers from reading your domain lookups, but it is not a VPN and does not make browsing anonymous.
Tags: DNS, privacy, Chrome, Firefox, HTTPS
## Readable Excerpt
Secure DNS encrypts the request your device makes to translate a domain name into an IP address. It can prevent a basic local-network observer from reading or changing that lookup in transit. It does not hide every destination from your network, encrypt an insecure webpage or make you anonymous.
 Why DNS needs a protected channel
 Before a browser can open a site, it usually asks a DNS resolver where that site's server lives. Traditional DNS sends many of those questions without transport encryption. DNS over HTTPS, commonly shortened to DoH, places the lookup inside HTTPS. DNS over TLS uses a dedicated encrypted channel. Both aim to protect the query between your device and the resolver.
 Chrome calls its control Use secure DNS. Google says automatic mode can fall back to an unencrypted lookup if the protected lookup fails. Selecting a custom provider changes that behavior: Chrome says it will not fall back to an unencrypted mode for that provider, so a resolver outage may instead produce an error. Firefox similarly lets users choose increased protection and a provider, subject to network and policy conditions.
 What it does not conceal
 After DNS gives the browser an address, the browser still has to connect to the destination. HTTPS protects page contents in transit, but other connection details can still reveal information to the network or service providers. The resolver itself receives the DNS question unless a more complex proxy design is used. The website sees the connecting address unless another network layer changes it.
 Secure DNS is not a VPN. It does not reroute all device traffic through a different exit.
 It does not repair a phishing site or certify that a domain is trustworthy.
 It does not replace HTTPS. An HTTP page can still expose content in transi...
## Visible Sources
- Manage Chrome safety and security, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/10468685
- DNS over HTTPS (DoH), Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/dns-over-https
# Cookie Partitioning Changes Tracking Without Deleting Every Cookie
Canonical: https://strangelyuseful.com/story/cookie-partitioning-explained
Markdown: https://strangelyuseful.com/story/cookie-partitioning-explained/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Modern browsers can put third-party cookies into separate site-specific jars, reducing cross-site tracking while preserving many embedded features.
Tags: cookies, tracking, Firefox, privacy
## Readable Excerpt
Cookie partitioning keeps a third party's stored data separate for each top-level website you visit. The same embedded service can still remember something within one site, but it cannot automatically use that same cookie jar everywhere to assemble a cross-site trail.
 The old shared-cookie model
 A cookie is a small piece of site-controlled browser storage. First-party cookies help with sessions, preferences and carts. A third party embedded across many sites can also set or read cookies. Under the older shared model, an advertising or social domain could recognize the same identifier when it appeared on unrelated pages.
 Firefox's Total Cookie Protection describes the new model as a separate cookie jar for each website. If an embedded domain stores an identifier while you visit one top-level site, the browser keys that storage to that context. Visiting another site produces a different compartment. Other browsers implement related partitioning systems with different names, scopes and compatibility rules.
 Why this is not the same as deleting cookies
 Deleting cookies removes stored values at that moment. Blocking all cookies can break sign-ins and embedded services. Partitioning instead changes where third-party state is available. A site can still keep its own session, and an embedded tool may still function inside the site where you used it.
 Your first-party login can remain active.
 An embedded service may have a different state on each website.
 Explicit access mechanisms can support legitimate cross-site sign-in flows.
 Fingerprinting, account-based tracking and server-side sharing are separate techniques.
 When a site asks for access
 Some embedded services genuinely need access to a broader identity—for example, a federated sign-in or a saved payment relations...
## Visible Sources
- Introducing Total Cookie Protection in Standard Mode, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/introducing-total-cookie-protection-standard-mode
- Storage Access API, MDN Web Docs (reference, retrieved): https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
# Browser Profiles Are Better Than a Desk Full of Incognito Windows
Canonical: https://strangelyuseful.com/story/browser-profiles-separate-work-personal
Markdown: https://strangelyuseful.com/story/browser-profiles-separate-work-personal/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Profiles create durable separation for accounts, history, extensions and settings. Private windows are temporary sessions, not a reliable work-personal boundary.
Tags: browser profiles, privacy, Chrome, Firefox, productivity
## Readable Excerpt
Use separate browser profiles when two parts of your life should keep different accounts, histories, extensions and sync settings. Use a private window for a short-lived session on the same device. The two tools solve different problems.
 What a profile separates
 Chrome profiles can maintain distinct bookmarks, history, passwords and settings. Each profile can sign in to a different Google Account or remain local. Other browsers expose comparable profile or container systems. The result is a durable browser identity: opening the work profile tomorrow returns to its work accounts rather than mixing them with personal sessions.
 This reduces accidental actions. A calendar link is less likely to open under the wrong account. A work-only extension does not need to watch personal browsing. Search suggestions and history remain more relevant to the context. A visual name and color make the boundary easy to recognize.
 What it does not secure
 Profiles are not separate operating-system users. Someone who can use your unlocked computer may be able to open another browser profile. Malware running with your account can potentially access browser data. An employer-managed browser may apply policy across profiles. For strong separation on a shared or managed machine, use separate operating-system accounts and device protections.
 A profile is an organization and account-boundary tool.
 A private window limits local history and cookie persistence after the session.
 An operating-system user adds stronger file and access separation.
 A separate device may be appropriate for high-risk administrative work.
 A useful three-profile setup
 Personal
 Keep personal email, shopping and entertainment here. Install only extensions you genuinely use. If you sync, understand which account recei...
## Visible Sources
- Use Chrome with multiple profiles, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/2364824
- Private Browsing - Use Firefox without saving history, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history
# Read a Browser Extension's Permissions Before You Trust Its Reviews
Canonical: https://strangelyuseful.com/story/browser-extension-permissions-checklist
Markdown: https://strangelyuseful.com/story/browser-extension-permissions-checklist/markdown
Desk: Browser & Privacy
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A five-star rating cannot tell you whether an extension can read every page you visit. The permission screen can—and it deserves a minute before installation.
Tags: browser extensions, permissions, Chrome, Firefox, security
## Readable Excerpt
The most important extension question is not how many stars it has; it is what data and pages it can access. An extension that can read and change data on every website may need that power for its job, but the permission also creates a large consequence if the extension is compromised, sold or malicious.
 Start with the job-to-permission match
 A spelling assistant may reasonably need page access where you type. A coupon finder may ask to inspect shopping pages. A simple color picker asking to read every site all the time deserves more scrutiny. The Chrome and Firefox extension systems disclose requested permissions, although wording and timing differ.
 Host permissions control access to matching sites. API permissions unlock browser capabilities such as tabs, downloads, history, notifications or storage. Optional permissions can be requested later when a feature needs them. A permission is not proof of abuse; it is the maximum surface you are agreeing to expose.
 Warning phrases worth slowing down for
 Read and change your data on all websites: potentially broad visibility into page contents and interactions.
 Read your browsing history: access to visited URLs and related metadata.
 Manage downloads: the ability to initiate or inspect download activity.
 Communicate with cooperating native applications: a bridge beyond the browser sandbox.
 Access clipboard data: potentially sensitive copied content, depending on browser controls.
 Check who is maintaining it
 Look for a coherent publisher identity, a privacy policy that describes actual collection, a maintained support page and recent updates. Search the extension's exact name and identifier, not just its marketing name. Read low and recent reviews for reports of changed behavior. None of these signals is decisive alo...
## Visible Sources
- Declare permissions, Chrome for Developers (reference, retrieved): https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions
- Permission request messages for Firefox extensions, Mozilla Extension Workshop (reference, retrieved): https://extensionworkshop.com/documentation/develop/request-the-right-permissions/
# HTTPS-Only Mode Turns a Silent Downgrade Into a Visible Decision
Canonical: https://strangelyuseful.com/story/https-only-mode-browser-guide
Markdown: https://strangelyuseful.com/story/https-only-mode-browser-guide/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: The browser can try HTTPS first and warn before loading an insecure connection. That protects the trip to a site, but it does not prove the site itself is honest.
Tags: HTTPS, browser security, Chrome, Firefox
## Readable Excerpt
Enable HTTPS-only mode if your browser offers it: the setting tries the encrypted version of a site first and warns before using an insecure HTTP connection. It prevents an old link or mistyped address from quietly sending page contents across the network without HTTPS.
 What the setting changes
 Chrome calls the option Always use secure connections. Google says it upgrades URLs to HTTPS and shows a warning before visiting a site that does not support it. Firefox's HTTPS-Only Mode similarly attempts a secure connection and asks before falling back. Modern sites usually work without any extra step because they already serve HTTPS.
 HTTPS provides transport security between the browser and the site identified by the certificate. It helps prevent someone on the same network from reading or altering page contents in transit. The address bar and certificate checks matter because encryption to the wrong or malicious site is still encryption.
 What HTTPS cannot tell you
 It does not prove a shop, investment offer or download is legitimate.
 It does not stop the site from collecting information you submit.
 It does not remove cookies, fingerprinting or account tracking.
 It does not make a dangerous file safe to open.
 Phishing sites can obtain valid certificates. Treat HTTPS as a secure pipe, not a character reference for whoever owns the destination. Read the full hostname, arrive through a trusted route and verify unusual requests independently.
 When the warning is reasonable
 An old device dashboard, local router page or archival site may lack HTTPS. Before continuing, decide whether the page will carry anything sensitive. Never enter a password, card number or private message through plain HTTP. For a local device, look for a firmware update and use the manufacturer's doc...
## Visible Sources
- Manage Chrome safety and security, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/10468685
- HTTPS-Only Mode in Firefox, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/https-only-prefs
# Private Browsing Cleans Up the Session, Not Your Identity
Canonical: https://strangelyuseful.com/story/private-browsing-limits-explained
Markdown: https://strangelyuseful.com/story/private-browsing-limits-explained/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Incognito and private windows reduce what remains in the ordinary browser history after you close them. Websites, networks and account providers can still observe the session.
Tags: private browsing, incognito, privacy, browser history
## Readable Excerpt
A private window is useful for a temporary local session; it is not anonymous browsing. When every private window closes, the browser generally discards that session's ordinary history, cookies and form-search records. Downloads, bookmarks and activity visible to sites or networks can remain.
 The protection is mainly local
 Private browsing helps when you borrow a computer for a quick sign-in, compare results without ordinary cookies, or use a second account briefly. Firefox documents that visited pages are not added to history and cookies are cleared when the private session ends. Chrome explains that activity may still be visible to websites, an employer or school, and the internet service provider.
 If you sign in to an account, that service knows the account performed the activity. If you download a statement, the file remains on disk. If you bookmark a page, the bookmark survives. A network can still see connection metadata, and a website can still receive the device's IP address and browser signals.
 Three common mistakes
 Leaving a private window open: its session data remains available while the session is active.
 Assuming downloads vanish: the download list may be cleared, but the actual file remains where it was saved.
 Signing into everything: private mode cannot stop an account provider from associating activity with that account.
 Private windows and extensions
 Browsers often require explicit permission before extensions run in private contexts. That reduces accidental exposure, but it can also mean a password manager or accessibility tool is unavailable until allowed. Review each extension individually. Do not enable a broad data-reading extension in private mode merely because a site prompts you to.
 Choose the right boundary
 Use private browsing for...
## Visible Sources
- Private Browsing - Use Firefox without saving history, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history
- Browse in Incognito mode, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/95464
# Browser Fingerprinting Works Even When Cookies Are Gone
Canonical: https://strangelyuseful.com/story/browser-fingerprinting-defense-guide
Markdown: https://strangelyuseful.com/story/browser-fingerprinting-defense-guide/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A site can combine many ordinary device and browser signals into a probabilistic identifier. The best defense is built-in normalization, not making your setup uniquely strange.
Tags: fingerprinting, tracking, privacy, Firefox, Safari
## Readable Excerpt
Browser fingerprinting identifies or re-identifies a device by combining signals the browser exposes, even when no ordinary tracking cookie is available. Screen size, language, time zone, graphics behavior, fonts, platform details and other features can form a pattern that is more distinctive together than any one signal alone.
 Why clearing storage is not enough
 A cookie is a stored identifier. A fingerprint is inferred from observations. Removing cookies resets one mechanism but does not necessarily change the device characteristics a script can measure on the next visit. Fingerprints are probabilistic and can change, yet they may still be useful for linking sessions or narrowing a population.
 Browsers counter this in several ways: blocking known trackers, limiting high-entropy APIs, partitioning state, adding noise to measurements or presenting more standardized values. Firefox exposes Enhanced Tracking Protection and fingerprinting protections. Apple describes advanced tracking and fingerprinting protection in Safari and Private Browsing.
 Do not customize yourself into a corner
 Installing a rare combination of privacy extensions, unusual fonts and aggressive overrides can make a browser stand out. More toggles do not always mean a less identifiable setup. Prefer protections maintained by the browser, which can make many users look alike and account for compatibility.
 Keep the browser current; privacy protections evolve with tracking techniques.
 Leave standard or strict tracking protection enabled if your sites still work.
 Reduce unnecessary extensions, especially those that modify every page.
 Use separate profiles to prevent account mixing, not as a claim of anonymity.
 Do not assume a VPN changes browser-exposed device characteristics.
 When a site breaks...
## Visible Sources
- Firefox's protection against fingerprinting, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
- Browse the web privately in Safari on iPhone, Apple Support (reference, retrieved): https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios
# Turn Off Browser Notifications Before They Become a Fake Virus Alert Machine
Canonical: https://strangelyuseful.com/story/stop-abusive-browser-notifications
Markdown: https://strangelyuseful.com/story/stop-abusive-browser-notifications/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A website notification can appear outside the tab and imitate a system warning. Remove the site's permission instead of clicking the alert or installing its suggested fix.
Tags: notifications, scams, Chrome, Firefox, security
## Readable Excerpt
If a browser notification says your device is infected, do not click it; remove that website's notification permission. Websites cannot diagnose a whole computer through a notification banner. The alert is often an advertisement or scam using permission you granted earlier.
 Why the message looks like the system
 Web notifications can appear in the operating system's notification area even after the original tab is gone. A deceptive site can copy security colors, product names and urgent language. The browser or site icon may be small enough that the message feels like it came from Windows, macOS or Android.
 Chrome's Safety Check reviews potentially unwanted notifications and says it may remove permission from sites Safe Browsing identifies as deceiving users into granting it. Firefox lets users inspect and revoke notification permissions in privacy settings. These protections help, but the direct fix is to remove the grant.
 Remove the permission
 In Chrome
 Open Settings > Privacy and security > Site settings > Notifications.
 Find the unfamiliar or abusive site in the allowed list.
 Remove or block it.
 Review other allowed sites while you are there.
 In Firefox
 Open Settings > Privacy &#x26; Security.
 Find Permissions, then Notifications and Settings.
 Select the site and block or remove it.
 Save the change.
 Do not follow the alert's instructions
 Do not call its phone number.
 Do not install a cleanup extension or remote-support app.
 Do not enter payment or account credentials.
 Do not allow a download simply to make the alert disappear.
 Close the notification and browser tab. If the page traps the browser, end the browser process, reopen without restoring the suspicious tab, and clear that site's permissions. Run the security tool already built into or inst...
## Visible Sources
- Manage Chrome safety and security, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/10468685
- Web Push notifications in Firefox, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/push-notifications-firefox
# Your Browser Has a Permission Ledger—Review It Like One
Canonical: https://strangelyuseful.com/story/browser-site-permissions-review
Markdown: https://strangelyuseful.com/story/browser-site-permissions-review/markdown
Desk: Browser & Privacy
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Camera, microphone, location, clipboard and notification grants accumulate quietly. A short quarterly review removes access from sites that no longer need it.
Tags: site permissions, privacy, camera, microphone, browser
## Readable Excerpt
Review browser site permissions every few months and remove grants that no longer match a current need. Camera, microphone, location and notification access can outlive the one meeting, map or upload that prompted them.
 Permissions are durable decisions
 A browser prompt feels temporary because it appears during a task. Choosing Allow may create a lasting rule for that origin. Browsers expose centralized site-settings pages where you can see and change those rules. Chrome also says Safety Check can remove permissions from sites you have not used recently.
 The exact labels vary, but review camera, microphone, location, notifications, pop-ups and redirects, automatic downloads, clipboard, background sync, USB, Bluetooth and MIDI. Some capabilities always require a fresh gesture; others can remain allowed. The central ledger is more reliable than trying to remember every prompt.
 Start with the most sensitive access
 Camera and microphone: keep permanent access only for trusted calling or recording services.
 Location: prefer Ask unless a map or delivery workflow truly benefits from persistence.
 Notifications: remove anything you would not deliberately subscribe to today.
 Pop-ups and downloads: inspect exceptions because they can enable disruptive or deceptive behavior.
 Device access: remove USB, Bluetooth or MIDI grants after a one-time setup.
 Reset narrowly
 If one website behaves strangely, open its site information panel from the address bar and reset that site's permissions. Global resets create unnecessary work and encourage people to approve prompts quickly just to restore functionality. A narrow reset preserves your deliberate choices elsewhere.
 Watch the operating system too
 A browser grant cannot override an operating-system denial. Conversely, allowing t...
## Visible Sources
- Change site settings permissions, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/114662
- Permissions API, MDN Web Docs (reference, retrieved): https://developer.mozilla.org/en-US/docs/Web/API/Permissions_API
# Browser Sync Is Convenient—Check What Your Account Is Carrying
Canonical: https://strangelyuseful.com/story/browser-sync-privacy-checklist
Markdown: https://strangelyuseful.com/story/browser-sync-privacy-checklist/markdown
Desk: Browser & Privacy
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Sync can move bookmarks, history, open tabs, settings and passwords across devices. Choose the categories deliberately and secure the account that unlocks them.
Tags: browser sync, privacy, passwords, Chrome, Firefox
## Readable Excerpt
Before enabling browser sync, decide which categories should leave the device and secure the account that coordinates them. Sync is not one piece of data: it can include bookmarks, passwords, history, open tabs, addresses, settings and extensions.
 Inventory the categories
 Chrome lets users choose Sync everything or customize categories. Firefox Sync similarly supports selected data types. The useful default depends on the device. Bookmarks may be harmless on a personal laptop but open tabs and history may expose sensitive context on a shared machine. Password sync deserves particular care because account recovery and device access become part of the password vault's security.
 Do not confuse signing into a browser with signing into a website. Browser sign-in can activate broader personalization or sync depending on product and settings. Read the confirmation screen and inspect the sync dashboard afterward.
 Protect the coordinating account
 Use a unique password and phishing-resistant sign-in method when available.
 Review signed-in devices and remove old hardware.
 Keep recovery information current and protected.
 Lock every synced device with a strong screen lock.
 Remove browser data before selling or transferring a device.
 Understand encryption choices
 Transport encryption protects data moving to the provider. Some products offer an additional passphrase or on-device encryption option for certain synchronized data. Stronger encryption can also make recovery harder: if the separate secret is lost, the provider may be unable to restore the encrypted set. Record the recovery plan before enabling a setting you cannot reverse easily.
 Work and school accounts
 An organization may manage browser settings, retention or extensions. Keep personal sync out of a managed pr...
## Visible Sources
- Choose what info is synced in Chrome, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/165139
- How do I choose what information to sync on Firefox?, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/how-do-i-choose-what-information-sync-firefox
# Clean Links Remove Tracking Labels Without Breaking the Destination
Canonical: https://strangelyuseful.com/story/remove-link-tracking-parameters
Markdown: https://strangelyuseful.com/story/remove-link-tracking-parameters/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Many shared URLs contain campaign and click identifiers after the useful address. Strip known tracking parameters carefully, then verify the cleaned link still opens the same page.
Tags: URLs, tracking, links, privacy, Safari
## Readable Excerpt
Before sharing a long link, remove known tracking parameters only if the cleaned address still opens the same content. The material after a question mark often carries campaign, referral or click identifiers, but some sites also use query parameters for real page state.
 Read the structure first
 A URL has a scheme, hostname, path and optional query string. In a link such as an article path followed by question-mark parameters, the path often identifies the page while keys beginning with common campaign labels describe how the visitor arrived. Other keys may choose a language, search filter, product variant or document.
 Safari's advanced tracking protection can remove tracking information from URLs in supported contexts. Firefox includes Copy Clean Link in supported surfaces and strips known tracking parameters rather than blindly deleting the entire query. The known-list approach matters because universal removal would break legitimate links.
 Manual cleaning
 Paste the link into a plain text field, not the address bar you are actively using.
 Keep the scheme, hostname and path.
 Remove clearly recognizable campaign parameters such as common UTM fields one at a time.
 Open the cleaned link in a new tab.
 Confirm the exact article, product or view still loads before sharing.
 When not to edit
 A password reset, invitation or account-verification link may contain a required token.
 A map link may encode coordinates or a selected place.
 A shopping link may require a product variant.
 A search or filter page may store its query entirely after the question mark.
 A signed download URL may fail if any parameter changes.
 Shorteners are not automatically cleaner
 A short link hides its destination behind another redirect. That may improve appearance, but it adds an intermed...
## Visible Sources
- Copy Clean Link, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/copy-clean-link
- Browse the web privately in Safari on iPhone, Apple Support (reference, retrieved): https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios
# Page Preloading Trades a Little Privacy and Data for Faster Clicks
Canonical: https://strangelyuseful.com/story/browser-page-preloading-explained
Markdown: https://strangelyuseful.com/story/browser-page-preloading-explained/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Browsers can fetch pages before you click when they predict where you are going. The result can feel faster, but it may use data and contact a destination you never open.
Tags: preloading, Chrome, privacy, performance
## Readable Excerpt
Browser page preloading fetches likely destinations before you click so a later navigation can appear faster. The tradeoff is that the browser may use bandwidth, cookies and network requests for a page you never actually visit.
 How prediction becomes a request
 A browser can use signals such as links on the current page, past behavior or page hints to predict the next navigation. Chrome offers Standard and Extended preloading. Google says preloading may use cookies and may send pages through Google in an encrypted form intended to hide the user's identity from sites in some cases.
 The web platform also gives sites mechanisms for prefetching and prerendering. Prefetch retrieves resources for a likely future navigation; prerender can prepare more of a page in advance. Browsers apply their own eligibility, privacy and resource rules rather than obeying every hint unconditionally.
 The practical costs
 Extra mobile data can be used for destinations never opened.
 A destination or intermediary may receive a request before a deliberate click.
 Cookies and account state can influence the speculative request.
 Battery, memory and network resources may be spent on predictions.
 Choose a setting that fits the connection
 Standard is the reasonable starting point on a normal broadband connection. Extended may help people who value speed and accept more prediction. Turn preloading off on a capped plan, a constrained hotspot, or when minimizing speculative traffic matters more than small navigation gains.
 Do not confuse preloading with Memory Saver
 Preloading prepares likely future pages. Memory Saver unloads eligible inactive tabs. One can increase speculative work while the other reduces background memory. Diagnose the actual problem before flipping both.
 A quick test
 Record...
## Visible Sources
- Personalize Chrome performance, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/12929150
- Speculative loading, MDN Web Docs (reference, retrieved): https://developer.mozilla.org/en-US/docs/Web/Performance/Guides/Speculative_loading
# The Safest Browser Is Usually the One That Actually Updates
Canonical: https://strangelyuseful.com/story/browser-update-security-check
Markdown: https://strangelyuseful.com/story/browser-update-security-check/markdown
Desk: Browser & Privacy
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Security fixes do not help a browser that has been waiting weeks for a restart. Check the real version, restart when required and retire unsupported systems.
Tags: browser updates, security patches, Chrome, Firefox
## Readable Excerpt
Open the browser's About page, let it check for updates, then restart if prompted. Automatic updating is the default in major browsers, but a blocked installer, managed policy, unsupported operating system or perpetually postponed restart can leave the running version behind.
 Version matters more than the logo
 Using a well-known browser is not enough. Security fixes ship in specific releases. Chrome documents automatic updates and a relaunch step; Firefox's About panel checks and applies available updates. Safari updates arrive with the operating system. Managed devices may follow an administrator's schedule.
 Check the running build
 Open the browser menu and choose Help > About, or the equivalent settings page.
 Wait for the check to finish.
 Relaunch if the browser says the update is ready.
 Return to About and confirm it reports current.
 Repeat for secondary browsers you still use.
 A restart matters because downloaded files do not automatically replace every running browser process. Save important forms and calls first, then complete the relaunch rather than carrying a pending update for days.
 Look for support boundaries
 If the browser says updates are unavailable, check the operating system. A current browser may stop supporting an old OS because required platform security is missing. That is not solved by installing a random repackaged build. Plan an operating-system upgrade or move browsing to a supported device.
 Do not download an update from a pop-up or advertisement.
 Use the built-in updater or the browser publisher's official site.
 Review managed-browser notices before removing organization controls.
 Keep extensions updated, but remove abandoned ones with broad permissions.
 After a security bulletin
 Vendors sometimes release fixes for vulnerabilit...
## Visible Sources
- Update Google Chrome, Google Chrome Help (reference, retrieved): https://support.google.com/chrome/answer/95414
- Update Firefox to the latest release, Mozilla Support (reference, retrieved): https://support.mozilla.org/en-US/kb/update-firefox-latest-release
# Turn Off AI Training Before You Paste Something You Cannot Take Back
Canonical: https://strangelyuseful.com/story/ai-chat-training-data-controls
Markdown: https://strangelyuseful.com/story/ai-chat-training-data-controls/markdown
Desk: AI Tools
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Consumer AI products separate history, retention and model-improvement controls. Check them before sharing sensitive material.
Tags: AI privacy, ChatGPT, Gemini
## Readable Excerpt
Open an AI service's data controls before using it for sensitive work and turn off model-improvement use if that is your intent. Then check retention, connected apps and whether a temporary mode meets the task. A training opt-out is not the same as instant deletion or secrecy.
 Separate four questions
 Will the conversation appear in history?
 Can it improve models?
 How long is it retained?
 Can connected tools receive it?
 OpenAI says signed-in users can turn off Improve the model for everyone while keeping history. Temporary Chats are not used for training, do not create memories and are deleted after 30 days, although they may be reviewed for abuse. Google says Gemini's Keep Activity, temporary chats, connected apps and human-review retention have distinct rules.
 Use the least sensitive input
 Remove names, account numbers, private links, health identifiers and secrets. Summarize the problem instead of pasting a complete inbox when extra context will not change the answer.
 Work accounts differ
 Business, enterprise, education and API products can have different terms from consumer chat. Confirm the actual workspace and plan. Do not assume a corporate promise applies to a personal account with the same brand.
 A pre-paste routine
 Confirm the account.
 Open data controls.
 Disable training if desired.
 Disconnect unnecessary tools.
 Redact input.
 Delete afterward if retention is unnecessary.
 The strongest privacy control remains not sending data the task does not require. Product toggles matter, but minimization survives every provider and policy change.
 History, memory and training are separate switches
 Turning off model improvement does not necessarily remove a conversation from visible history, erase a saved memory or disconnect an integration. Review each s...
## Visible Sources
- Data Controls FAQ, OpenAI Help Center (reference, retrieved): https://help.openai.com/en/articles/7730893-data-controls-faq
- Gemini Apps Privacy Hub, Google Gemini Apps Help (reference, retrieved): https://support.google.com/gemini/answer/13594961
# An AI File Upload Is Still a Copy of the File
Canonical: https://strangelyuseful.com/story/ai-file-upload-privacy-checklist
Markdown: https://strangelyuseful.com/story/ai-file-upload-privacy-checklist/markdown
Desk: AI Tools
Format: list
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Uploading a PDF or spreadsheet gives the service a copy to process under its rules. Redact first and know deletion behavior.
Tags: AI files, privacy, PDF
## Readable Excerpt
Treat an AI upload as transferring a copy of the file to another system. Verify the workspace, remove data the task does not need, understand retention and decide how the source and result will be deleted.
 Inspect more than visible pages
 Documents can contain comments, revision history, hidden sheets, speaker notes, images and metadata. Export a task-specific copy. A black rectangle layered over live text is not reliable redaction.
 OpenAI says files in a chat follow that chat's retention, while custom-GPT knowledge persists until the GPT is deleted. Consumer and business offerings can have different training rules.
 Before upload
 Confirm the workspace.
 Remove identifiers and irrelevant pages.
 Check collaborator access.
 Read retention and deletion rules.
 Keep an unchanged original elsewhere.
 Afterward
 Review outputs before downloading. Delete the chat or project when no longer needed and note any delayed deletion window. Closing a browser tab is not deletion.
 High-consequence files
 Do not upload regulated, client-confidential, legal, medical, financial or credential-bearing material to a consumer account without authority and suitable terms. A smaller extract often gives enough context with far less exposure.
 File analysis can save time without erasing chain of custody. Minimize, verify, process and clean up.
 Check whether the model can see the whole document
 Some tools extract text but omit scans, diagrams or embedded images. Others use optical character recognition that can misread columns, handwriting and faint text. Ask the tool to list page count, headings and inaccessible elements before relying on its analysis. Compare a few quoted passages with the original to confirm extraction quality.
 Match retention to the task
 A one-time comparison rarely ne...
## Visible Sources
- File Uploads FAQ, OpenAI Help Center (reference, retrieved): https://help.openai.com/en/articles/8555545-file-uploads-faq
- NIST Privacy Framework, NIST (reference, retrieved): https://www.nist.gov/privacy-framework
# Local AI Keeps More Data on Your Device—but Local Does Not Mean Risk-Free
Canonical: https://strangelyuseful.com/story/local-ai-versus-cloud-privacy
Markdown: https://strangelyuseful.com/story/local-ai-versus-cloud-privacy/markdown
Desk: AI Tools
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Local inference can avoid sending prompts to a host. The app, plugins and device security still define privacy.
Tags: local AI, cloud AI, privacy
## Readable Excerpt
Local AI can keep prompts on your device only if the application truly processes them locally and does not send telemetry, search or tool calls elsewhere. Cloud AI transfers inputs to a provider under its terms. Neither label is a complete verdict.
 Trace the path
 A local model may run offline while its app checks updates or calls web search. Plugins can send content to third parties. A managed cloud workspace may have stronger controls than an unmanaged laptop. Ask where inference occurs, where logs go and who controls the device.
 Local strengths and costs
 Prompts can remain on hardware you control.
 Offline use reduces network exposure.
 You become responsible for patches, disk encryption and backups.
 Untrusted model files and apps create supply-chain risk.
 Cloud strengths and costs
 Hosted tools provide stronger models, managed updates and collaboration, but create provider retention and account questions. Consumer and business plans often differ.
 Use a hybrid rule
 Choose local for sensitive work a tested local tool handles. Use an authorized managed cloud workspace when stronger capability is necessary. Redact either way.
 The correct unit of privacy is the complete system, not the cloud icon.
 Verify local behavior instead of assuming it
 Disconnect the network and repeat a harmless test. If core inference fails, the app may depend on a hosted component. Review documentation for telemetry, crash reports, model downloads and optional web search. Network inspection can add evidence, but absence of one observed connection is not a permanent guarantee after updates.
 Protect the local artifacts
 Prompts, outputs and model caches may remain in application folders, logs or backups. Enable full-disk encryption, use a locked operating-system account and decide wheth...
## Visible Sources
- AI Risk Management Framework, NIST (reference, retrieved): https://www.nist.gov/itl/ai-risk-management-framework
- OWASP Top 10 for LLM Applications, OWASP (reference, retrieved): https://genai.owasp.org/llm-top-10/
# Prompt Injection Is the Phishing Problem Inside an AI Agent
Canonical: https://strangelyuseful.com/story/prompt-injection-ai-agent-defense
Markdown: https://strangelyuseful.com/story/prompt-injection-ai-agent-defense/markdown
Desk: AI Tools
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A malicious page can contain instructions aimed at the AI reading it. Limit permissions and confirm actions.
Tags: prompt injection, AI agents, security
## Readable Excerpt
Prompt injection occurs when untrusted content tries to redirect an AI system's behavior. In an agent, the instruction may hide in a webpage, email or document. The defense is not one clever prompt; it is limiting authority.
 Direct and indirect attacks
 Direct injection comes from a user. Indirect injection arrives inside outside content and may tell the model to reveal data or call a tool. Language models process instructions and content through related channels, making perfect separation difficult.
 The UK NCSC warns prompt injection may be enduring rather than fixed like a normal bug. OWASP ranks it as a leading LLM risk.
 Reduce the blast radius
 Connect only required tools.
 Prefer read-only access.
 Confirm sends, purchases, deletions and publishing.
 Keep secrets outside reachable context.
 Review the actual tool call and destination.
 When browsing
 Assume pages can contain adversarial instructions, including visually hidden text. Do not let a research task inherit email and payment authority.
 Stop unexpected behavior
 Interrupt objective changes, unrelated logins or transmission attempts. Revoke tokens if an action escaped.
 Untrusted content should not gain authority because it writes convincing instructions. Keep authority in permissions and confirmations.
 Separate reading from acting
 A strong workflow uses one stage to inspect and summarize untrusted content and another, separately authorized stage to act on the result. The reading stage should not hold send, delete or payment permissions. If an action is needed, transfer only the verified facts required for that action.
 Confirm with raw details
 A confirmation screen should show the actual recipient, destination URL, amount, file and operation. A sentence such as everything looks good is not enough bec...
## Visible Sources
- LLM01: Prompt Injection, OWASP GenAI Security Project (reference, retrieved): https://genai.owasp.org/llmrisk/llm01-prompt-injection/
- OWASP Top 10 for LLM Applications, OWASP (reference, retrieved): https://genai.owasp.org/llm-top-10/
# AI Citations Are Leads, Not Proof
Canonical: https://strangelyuseful.com/story/verify-ai-citations-source-check
Markdown: https://strangelyuseful.com/story/verify-ai-citations-source-check/markdown
Desk: AI Tools
Format: list
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: A real link can still fail to support the sentence beside it. Open, match and contextualize every consequential claim.
Tags: AI citations, fact checking, research
## Readable Excerpt
Never approve an AI claim merely because a link appears beside it. Open the source and verify that it exists, supports the sentence, preserves context and is current enough.
 Four checks
 Existence: title, publisher and URL are real.
 Entailment: the source supports the exact sentence.
 Context: qualifiers and limitations remain.
 Freshness: the date fits the claim.
 Models can invent references, merge documents or attach a valid source to an unsupported conclusion. Search grounding reduces some errors but does not transfer responsibility.
 Prefer primary evidence
 Use release notes for product changes, standards bodies for protocols, courts for opinions and studies for measured results. Add independent context when incentives or consequences matter.
 Match quotes exactly.
 Record dates.
 Never cite a search snippet.
 Label inference.
 Drop unsupported claims.
 For numbers
 Find the table, denominator, unit and period. Recalculate simple arithmetic and separate estimates from counts.
 Citations make verification possible; they do not perform it.
 Build a claim map
 Break the draft into statements that could be wrong. Give each statement one or more source locations. A source supporting the general topic does not support every sentence in the paragraph. When several claims depend on one source, verify each independently.
 Recognize circular sourcing
 Multiple pages may repeat the same press release or unsourced statistic. Trace the statement to the earliest primary record. Ten copies of one unsupported claim are not ten confirmations. For contentious conclusions, add a source with independent reporting or methods.
 Example: a product limit
 If an answer says a plan permits a particular number of uploads, check the current official limits page, the plan and the date. Reco...
## Visible Sources
- AI Risk Management Framework, NIST (reference, retrieved): https://www.nist.gov/itl/ai-risk-management-framework
- Generative AI Profile, NIST (reference, retrieved): https://www.nist.gov/publications/artificial-intelligence-risk-management-framework-generative-artificial-intelligence
# A Bigger Context Window Does Not Mean the AI Read Everything Well
Canonical: https://strangelyuseful.com/story/ai-context-window-limits
Markdown: https://strangelyuseful.com/story/ai-context-window-limits/markdown
Desk: AI Tools
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Capacity measures what can fit, not whether every detail receives equal attention.
Tags: context window, tokens, AI models
## Readable Excerpt
A context window is a capacity limit, not a guarantee that every included detail will be used correctly. More tokens allow longer inputs, but quality still depends on retrieval, placement and the model.
 What consumes context
 System instructions, conversation turns, tool results, file text and output all consume tokens. Applications may retrieve only pieces of a large source. A file fitting a published limit does not prove every chart or note was extracted.
 Why details disappear
 Long inputs contain competing signals. Research finds performance can vary with where relevant information appears. Product layers may chunk documents or omit unsupported formats.
 Ask what was actually available.
 Split high-stakes work into sections.
 Require quotes and locations.
 Verify against the original.
 Start clean threads when old context becomes noise.
 Use retrieval deliberately
 Retrieval can select relevant passages instead of flooding the model. It introduces another failure point: the right passage must be found. Test with known questions.
 Context size is one specification. The operational question is whether the system reliably locates and interprets what matters.
 Measure the usable result, not the advertised number
 Create a small evaluation with facts placed near the beginning, middle and end of a representative document. Ask questions whose answers you already know and require source locations. Repeat after changing file format or application because the product's retrieval layer may matter as much as the underlying model.
 Reserve room for the answer
 An application needs capacity for instructions and output as well as source text. Stuffing the window to its published maximum can force truncation or leave too little room for a detailed response. Remove repeated boilerp...
## Visible Sources
- What are tokens and how to count them?, OpenAI Help Center (reference, retrieved): https://help.openai.com/en/articles/4936856-what-are-tokens-and-how-to-count-them
- Lost in the Middle, TACL (reference, retrieved): https://aclanthology.org/2024.tacl-1.9/
# AI Meeting Notes Need Consent Before They Need a Summary
Canonical: https://strangelyuseful.com/story/ai-meeting-notetaker-consent-checklist
Markdown: https://strangelyuseful.com/story/ai-meeting-notetaker-consent-checklist/markdown
Desk: AI Tools
Format: list
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: A meeting bot can capture voices and decisions. Tell participants and provide a non-recorded path.
Tags: meeting notes, AI privacy, recording
## Readable Excerpt
Do not add an AI meeting notetaker until participants know what it captures, where data goes and how to decline. A useful transcript does not override recording law, policy or confidentiality.
 Inventory capture
 Tools may store audio, video, transcript, speaker labels, chat and summaries. Calendar and CRM connections widen the path.
 Before the meeting
 Name the tool.
 State retained media.
 Confirm policy and recording rules.
 Offer a non-recorded option.
 Exclude sensitive sessions unless authorized.
 Afterward
 Restrict access, set retention and delete raw media when no longer needed. Review summaries before treating them as decisions. Speaker and negation errors can create a false record.
 Make it contestable
 Send the summary with a correction path. Distinguish generated recap from approved minutes. Respect a refusal rather than silently switching capture methods.
 The responsible order is notice, minimal capture, limited access, human review, then summary.
 Decide who owns the record
 Name the meeting owner, the workspace where recordings live and the people allowed to download or share them. Personal bot accounts can quietly move workplace conversations outside organizational retention and access controls. Use an approved workspace when one exists.
 Limit what the summary becomes
 A generated action item should not silently create a binding assignment, performance record or customer promise. Mark the recap as a draft, include source timestamps when available and ask named participants to confirm commitments. Correct errors while the meeting is still fresh.
 Handle late arrivals and guests
 Repeat the notice when someone joins after the opening. External guests may not have seen the invitation language or company policy. If anyone objects, pause capture and resol...
## Visible Sources
- NIST Privacy Framework, NIST (reference, retrieved): https://www.nist.gov/privacy-framework
- Privacy and Security, Federal Trade Commission (reference, retrieved): https://www.ftc.gov/business-guidance/privacy-security
# Treat AI-Written Code Like a Pull Request From a Stranger
Canonical: https://strangelyuseful.com/story/review-ai-generated-code-safely
Markdown: https://strangelyuseful.com/story/review-ai-generated-code-safely/markdown
Desk: AI Tools
Format: list
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Generated code can contain insecure defaults and invented packages. Review the diff before running it.
Tags: AI coding, security, code review
## Readable Excerpt
Never run or merge AI-generated code until a person reviews the exact diff, dependencies and commands. A plausible code block does not carry accountability.
 Define intent
 Write what the change should do and must not touch. Review small diffs; sprawling refactors can hide unrelated deletions.
 Check dangerous edges
 Authentication and authorization.
 Input validation and injection.
 Secrets and environment files.
 Shell commands and network calls.
 New packages and install scripts.
 Logs that may expose data.
 Verify dependencies
 Confirm every package exists in the official registry and is the intended project. Models can invent believable names. Inspect lockfile changes before installing.
 Test failure paths
 Add tests for malformed input, missing permissions, timeouts and repeats. Run static analysis and the existing suite. A generated test repeating the implementation is not independent evidence.
 Keep the branch protections used for any unfamiliar contributor. Speed matters only while the review surface remains understandable.
 Run it in a contained environment
 Use a disposable branch, test account, container or sandbox with no production secrets. Deny outbound network access unless the test requires it. A review can miss a command hidden in a build hook, so containment complements—not replaces—reading the code.
 Trace data through the change
 Identify every input, transformation, storage location and output. Check authorization at the server boundary rather than trusting a generated user interface. Confirm logs do not capture passwords, tokens or full uploaded documents.
 Challenge the happy path
 Try an empty value, oversized input, wrong account, expired token, duplicate request and interrupted network call. Check that retries do not create duplicate charges o...
## Visible Sources
- OWASP Top 10 for LLM Applications, OWASP (reference, retrieved): https://genai.owasp.org/llm-top-10/
- Secure by Design, CISA (reference, retrieved): https://www.cisa.gov/securebydesign
# Deepfake Detectors Are Signals, Not Verdicts
Canonical: https://strangelyuseful.com/story/deepfake-detectors-limits
Markdown: https://strangelyuseful.com/story/deepfake-detectors-limits/markdown
Desk: AI Tools
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Detectors can fail on new generators and compressed media. Verify source and provenance.
Tags: deepfakes, misinformation, AI detection
## Readable Excerpt
Do not label media real or fake from one detector score. Performance changes across generators, compression, cropping and testing populations.
 Why detectors fail
 A detector learns patterns from known examples. New generators remove patterns; platforms recompress files; screenshots alter pixels. Laboratory accuracy may not transfer to unfamiliar media.
 NIST evaluates face-analysis systems under defined datasets and conditions. C2PA takes another approach: signed provenance can record creation and edits, but missing credentials do not prove falsity.
 A stronger workflow
 Preserve the best original.
 Find the earliest source.
 Check date and location.
 Inspect credentials.
 Record detector and version.
 Seek specialists for consequential decisions.
 Label uncertainty
 Compression can create oddities, while synthetic media can look clean. A detector percentage is usually model output, not a courtroom probability.
 Durable verification asks where the file came from and what happened to it. Detection assists; it does not conclude.
 Preserve the evidence before testing
 Download the original file when lawful and record its hash, source URL and acquisition time. Running it through messaging apps, editors or converters can change the evidence. Test a copy and keep the original untouched.
 Compare like with like
 A detector evaluated on studio-quality face swaps may not generalize to synthetic audio, fully generated video or heavily compressed clips. Read its model card or evaluation description and check whether the medium and conditions match the file in question.
 Example: a viral speech clip
 Before analyzing facial pixels, search for the complete event recording from the speaker, broadcaster or venue. Compare the words, camera angle, weather and audience reaction. A clipp...
## Visible Sources
- Face Analysis Technology Evaluation, NIST (reference, retrieved): https://pages.nist.gov/frvt/
- C2PA Specifications, C2PA (reference, retrieved): https://c2pa.org/specifications/specifications/2.2/index.html
# Content Credentials Explain a File's History—When the History Is Present
Canonical: https://strangelyuseful.com/story/content-credentials-c2pa-explained
Markdown: https://strangelyuseful.com/story/content-credentials-c2pa-explained/markdown
Desk: AI Tools
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: C2PA credentials attach signed creation and editing history. They do not judge whether a scene is true.
Tags: C2PA, Content Credentials, AI images
## Readable Excerpt
Content Credentials can show signed information about how media was created or edited, but they do not certify the depicted event as true. They are provenance records, not fact-checks.
 What they record
 C2PA defines manifests with origin and edit assertions protected by cryptographic signatures. A compatible viewer can verify that signed data has not changed undetected.
 A credential may identify capture, export or AI generation. A valid signature establishes integrity and signer identity within the trust system, not every claim outside the manifest.
 Missing credentials
 Platforms may strip metadata, screenshots can break chains and many tools do not create credentials. Absence means missing provenance, not fake.
 How to read one
 Check validation.
 Identify the signer.
 Review actions in order.
 Separate generation from assisted editing.
 Compare with the received file.
 A captured photo can have a false caption; a credentialed illustration can be honest. Continue checking context.
 Credentials add chain of custody when publishers preserve them and readers understand their narrow promise.
 Follow the trust chain
 Validation asks whether the manifest is intact and whether its signing identity chains to a trusted credential. A signature from an unknown signer can still prove that the same signer made the assertions, but it may not establish who that signer is. Viewers should expose both integrity and identity status.
 Edits are not automatically suspicious
 Cropping, color correction and export are ordinary editorial actions. A useful credential shows those actions so a reader can judge relevance. Conversely, a file with no listed edits can still carry a false caption or stage a real scene deceptively.
 Preserve credentials during publishing
 Resizing, screenshots and...
## Visible Sources
- C2PA Specifications, C2PA (reference, retrieved): https://c2pa.org/specifications/specifications/2.2/index.html
- How Content Credentials Work, Content Authenticity Initiative (reference, retrieved): https://contentauthenticity.org/how-it-works
# AI Summaries Save Time Only If You Keep the Original Nearby
Canonical: https://strangelyuseful.com/story/verify-ai-summary-against-original
Markdown: https://strangelyuseful.com/story/verify-ai-summary-against-original/markdown
Desk: AI Tools
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: A summary can omit a condition or flatten disagreement. Check consequential points in the source.
Tags: AI summaries, documents, fact checking
## Readable Excerpt
Use an AI summary to locate important parts of a source, not to replace the source for consequential decisions. Compression always chooses what to omit.
 Define the job
 Specify audience, length and questions. For a contract or study, request section references and separate findings from recommendations.
 Check failure points
 Negations and exceptions.
 Dates, amounts and units.
 Attribution.
 Correlation versus causation.
 Footnotes and tables.
 Uncertainty and disagreement.
 NIST treats confabulation and integrity as risks. OpenAI notes some document workflows extract text while discarding embedded images depending on plan—important when charts carry evidence.
 Two-pass method
 Request source locations.
 Open cited sections.
 Recalculate numbers.
 Ask what was inaccessible.
 Write from verified notes.
 A reliable summary is navigation over evidence. Keep the original one click away.
 Ask the model to expose its coverage
 Before requesting conclusions, ask for the document's headings, page range, tables and unreadable elements. Compare that inventory with the source. If the tool missed an appendix or treated a scanned page as blank, the summary has a defined gap rather than an invisible one.
 Use a claim-by-claim table
 For each consequential statement, record the summary wording, source location and verification result. Mark supported, contradicted, incomplete or not found. This catches a polished sentence that combines pieces from different sections into a conclusion the author never made.
 Example: summarizing a policy
 Ask separately for eligibility, deadlines, exceptions, required evidence and appeal routes. Then read each cited section. A general overview may accurately describe the main rule while omitting the exception that controls a particular person's case....
## Visible Sources
- Generative AI Profile, NIST (reference, retrieved): https://www.nist.gov/publications/artificial-intelligence-risk-management-framework-generative-artificial-intelligence
- File Uploads FAQ, OpenAI Help Center (reference, retrieved): https://help.openai.com/en/articles/8555545-file-uploads-faq
# Give an AI Agent the Smallest Key Ring That Can Finish the Job
Canonical: https://strangelyuseful.com/story/ai-agent-permissions-least-privilege
Markdown: https://strangelyuseful.com/story/ai-agent-permissions-least-privilege/markdown
Desk: AI Tools
Format: list
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Connected tools turn chat into action. Use least privilege and confirmation.
Tags: AI agents, permissions, security
## Readable Excerpt
An AI agent should receive only the accounts, folders and actions required for the current task. A calendar lookup does not need email deletion.
 Inventory authority
 List tools and whether each can read, create, send, edit or delete. If scope cannot be narrowed, use a separate low-privilege account or do not connect it.
 OWASP describes excessive agency as too much functionality, permission or autonomy. Google advises supervising Gemini tasks because mistakes can cause purchases or unexpected sharing.
 Safer defaults
 Read-only before read-write.
 One folder before a drive.
 Draft before send.
 Preview before publish.
 Confirm purchase or deletion.
 Short-lived tokens.
 Inspect actions
 Review recipients, amounts, filenames and URLs in the confirmation interface. Stop unrelated access requests.
 Afterward
 Disconnect unused tools, review account activity and revoke stale tokens.
 A small key ring keeps a model error or hostile page from opening every door.
 Separate identities by purpose
 Create a service account or constrained workspace for recurring automation instead of connecting the owner's primary inbox or drive. Give it access only to a designated folder, calendar or queue. This makes the boundary visible and simplifies revocation.
 Design for reversible actions
 Prefer moving a file to quarantine over permanent deletion, preparing a post over publishing, and creating a cart over submitting payment. Reversibility buys time to catch a mistaken interpretation without eliminating useful automation.
 Example: an editorial agent
 The agent can research public sources, draft into a staging area and generate an image manifest. It should not inherit domain settings, billing or the ability to publish every draft. A separate owner action can release a specific revision af...
## Visible Sources
- OWASP Top 10 for LLM Applications, OWASP (reference, retrieved): https://genai.owasp.org/llm-top-10/
- Gemini Apps Privacy Hub, Google Gemini Apps Help (reference, retrieved): https://support.google.com/gemini/answer/13594961
# Export Your AI History Before You Delete the Account
Canonical: https://strangelyuseful.com/story/export-delete-ai-account-data
Markdown: https://strangelyuseful.com/story/export-delete-ai-account-data/markdown
Desk: AI Tools
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Export and deletion are separate operations. Save, verify, delete and revoke.
Tags: AI data, account deletion, privacy
## Readable Excerpt
Export first, verify the archive, then delete conversations or the account and revoke connected access separately. Closing a tab, disabling training and deleting an account are different actions.
 Choose scope
 You may want to remove one chat, clear history, stop training use or delete everything. Read effects on projects, files, assistants and subscriptions.
 OpenAI provides export and deletion routes and says deleted chats are removed within 30 days subject to stated exceptions. Google lets Gemini users delete activity, change auto-delete and export through Takeout, while connected services follow separate rules.
 Before deletion
 Request official export.
 Download on a trusted device.
 Verify the archive.
 Save required records.
 Cancel billing separately.
 Afterward
 Revoke connected apps.
 Remove clients and extensions.
 Delete unneeded local exports.
 Remove shared links.
 Save confirmation.
 A clean exit is a sequence: export, verify, delete, revoke and confirm.
 Understand what the archive contains
 Exports may arrive as HTML, JSON, media folders or several archives. They can contain sensitive prompts and uploaded filenames, so store them like account data rather than an ordinary download. Do not email the archive to yourself unless that channel is appropriate for its contents.
 Check derived and public objects
 Projects, custom assistants, generated public links, shared workspaces and uploaded knowledge may have separate deletion controls. Inventory them before closing the account. A public share can remain a privacy problem even if the original chat disappears from your sidebar.
 Revocation closes another door
 Visit the security pages of connected identity providers and remove the AI service's OAuth grants where appropriate. Change exposed API keys rather tha...
## Visible Sources
- Data Controls FAQ, OpenAI Help Center (reference, retrieved): https://help.openai.com/en/articles/7730893-data-controls-faq
- Gemini Apps Privacy Hub, Google Gemini Apps Help (reference, retrieved): https://support.google.com/gemini/answer/13594961
# Set Up a New Laptop in the Right Order
Canonical: https://strangelyuseful.com/story/first-hour-new-laptop-setup
Markdown: https://strangelyuseful.com/story/first-hour-new-laptop-setup/markdown
Desk: Practical Technology
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A calm first-hour checklist that gets updates, recovery, privacy, and backups right before daily use begins.
Tags: laptop setup, Windows, privacy, backups
## Readable Excerpt
A new laptop is at its safest before the browser fills with extensions and old utilities. Use that clean hour to establish updates, encryption, recovery, and one known-good backup.
 A calm first-hour checklist that gets updates, recovery, privacy, and backups right before daily use begins. Treat setup as a dependency chain: protect the operating system first, establish identity and recovery second, then move data and install optional software.
 Keep the laptop plugged in, connect to a trusted network, and have account recovery details available. If it belongs to work or school, confirm which settings management controls before changing encryption or security software.
 Before the downloads begin
 Install operating-system updates before optional software. Run Windows Update repeatedly until no security or driver updates remain, restarting when requested. This closes known gaps before browsers, extensions, and imported files enlarge the attack surface.
 A five-part first hour
 Confirm disk encryption and screen lock are active
 Confirm the screen locks after a short idle period, then check Device Encryption or BitLocker. Save any recovery key somewhere reachable without the laptop.
 Sign in only to services you actually need
 Add the primary account only after recovery email, phone, and multi-factor options are current. Skip optional vendor accounts that serve no clear purpose.
 Remove trial software and review startup apps
 Uninstall time-limited antivirus, shopping helpers, and vendor promotions you will not use. Review startup apps so background software does not become permanent by accident.
 Create the first verified backup before moving important files
 Back up one small folder, delete its local test copy, and restore it. A successful restore proves more than a back...
## Visible Sources
- Windows Update: FAQ, Microsoft Support (reference, retrieved): https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
- Update Software, CISA (reference, retrieved): https://www.cisa.gov/secure-our-world/update-software
# Build a Backup Plan One Person Can Actually Maintain
Canonical: https://strangelyuseful.com/story/one-person-backup-plan
Markdown: https://strangelyuseful.com/story/one-person-backup-plan/markdown
Desk: Practical Technology
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A small backup system works only if it runs automatically and can be restored without guesswork.
Tags: backups, cloud storage, external drive, data safety
## Readable Excerpt
The best personal backup plan is boring enough to run unattended and simple enough to restore when you are stressed. One local copy plus one separate copy covers far more real failures than a complicated plan nobody maintains.
 A small backup system works only if it runs automatically and can be restored without guesswork. Choose irreplaceable folders first. Photos, school or work files, financial records, and creative projects deserve explicit destinations and a test restore.
 Estimate the irreplaceable data size before buying storage, and confirm the backup destination has room for growth. Decide who could access the recovery password if you were unavailable.
 Choose what deserves rescue
 Choose the folders that would genuinely hurt to lose. List files that cannot be downloaded again: original photos, current work, tax records, and creative projects. Installed apps and streaming downloads usually rank lower.
 Two copies with different failure modes
 Keep one automatic local copy and one separate copy
 Keep an automatic copy on an external drive or local backup system, plus another copy that is not exposed to the same theft, surge, or ransomware event.
 Schedule backups instead of relying on memory
 Use scheduled backups and check their last-success time. Calendar reminders are useful for connecting a drive, but the copying itself should not depend on memory.
 Encrypt portable backup drives
 Turn on encryption for a portable drive because it can be lost with all its contents. Store the recovery password away from the drive.
 Restore a sample file every month
 Restore a few files to a temporary folder and open them. Include one recent file, one older file, and one large photo or video to test different paths.
 Cloud sync and backup solve different problems. If a synced...
## Visible Sources
- Back Up Business Data, CISA (reference, retrieved): https://www.cisa.gov/news-events/news/data-backup-options
- How to back up your iPhone or iPad with iCloud, Apple Support (reference, retrieved): https://support.apple.com/en-us/108366
# When Wi-Fi Works Everywhere Except One Device
Canonical: https://strangelyuseful.com/story/wifi-one-device-troubleshooting
Markdown: https://strangelyuseful.com/story/wifi-one-device-troubleshooting/markdown
Desk: Practical Technology
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Use a device-first diagnostic order instead of rebooting the entire house at random.
Tags: Wi-Fi, troubleshooting, router, Windows
## Readable Excerpt
If every device except one can get online, the router is probably not the first thing to reset. The useful question is what differs on the failing device: saved credentials, address settings, VPN state, software, or hardware.
 Use a device-first diagnostic order instead of rebooting the entire house at random. Prove the scope before changing anything. Test the same network on a second device and test the problem device on a different trusted network.
 Record the network name and whether the failure says “connected, no internet,” rejects the password, or cannot see Wi-Fi at all. Those symptoms point to different layers.
 Prove it is a one-device problem
 Confirm the same network works on another device. Connect a second device to the same Wi-Fi. If it works, the modem, internet service, and router are probably functioning; leave them alone while examining the one failure.
 Work from saved network to hardware
 Forget the network and reconnect with the current password
 Forgetting the network removes the stored password and connection profile. Rejoining tests whether an old credential or corrupted saved configuration caused the failure.
 Disable and re-enable Wi-Fi before resetting anything
 Toggling Wi-Fi restarts the device’s radio and requests a fresh network connection. If that fails, reboot once; repeated restarts add no new information.
 Check date, VPN, private-address, and proxy settings
 A VPN, manual proxy, incorrect date, or privacy-address setting can block traffic after Wi-Fi connects. Disable only the suspect setting, then test a normal HTTPS page.
 Reset network settings only after recording what will be erased
 Network reset removes saved networks and rebuilds adapters. Record VPN and enterprise settings first; if the adapter disappears or errors persist, u...
## Visible Sources
- Fix Wi-Fi connection issues in Windows, Microsoft Support (reference, retrieved): https://support.microsoft.com/en-us/windows/fix-wi-fi-connection-issues-in-windows-9424a1f7-6a3b-65a6-4d78-7f07eee84d2c
- If your iPhone or iPad won’t connect to a Wi-Fi network, Apple Support (reference, retrieved): https://support.apple.com/en-us/111786
# Move Files Between Phones, Computers, and Cloud Without Losing Track
Canonical: https://strangelyuseful.com/story/move-files-phones-computers-cloud
Markdown: https://strangelyuseful.com/story/move-files-phones-computers-cloud/markdown
Desk: Practical Technology
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Pick one transfer path, verify the destination, then remove the old copy only after a checksum or spot check.
Tags: file transfer, Android, iPhone, cloud storage
## Readable Excerpt
A transfer is finished only when the destination contains usable files—not when a progress bar reaches 100 percent. Decide whether you want a one-time copy, a permanent move, or continuing synchronization before choosing the tool.
 Pick one transfer path, verify the destination, then remove the old copy only after a checksum or spot check. Whole-device migrations work best with the platform assistant; a cable or local share is easier to verify for a selected folder; cloud sync is useful when files must remain available on several devices.
 Charge both devices, update transfer apps, and confirm destination storage. Keep the source online only for the chosen method; switching between cable, cloud, and local share creates duplicate partial copies.
 Copy, move, or sync?
 Decide whether this is a move, a copy, or ongoing sync. A copy leaves the source intact; a move does not; sync can repeat edits and deletions on every connected device. Choose deliberately before selecting a tool.
 Pick one route and verify it
 Use the platform transfer tool for a whole-device migration
 Whole-phone migration tools preserve more app and account context than dragging folders. Use them during initial setup when the new phone still offers the transfer workflow.
 Use a cable or local sharing for large folders
 For large photo or video folders, a cable or local share avoids cloud upload limits. Copy one folder at a time and keep the source untouched.
 Preserve original timestamps when they matter
 Check whether dates, filenames, albums, and original resolution survived. File counts alone will not reveal recompressed photos or missing metadata.
 Count files and open samples before deleting the source
 Open samples on the destination and compare folder counts before erasing anything. Keep the old...
## Visible Sources
- Copy apps and data from an Android to a new Android device, Android Help (reference, retrieved): https://support.google.com/android/answer/13761358
- Transfer data from your previous iOS or iPadOS device to your new iPhone or iPad, Apple Support (reference, retrieved): https://support.apple.com/en-us/119967
# Draw a Small Home-Network Map Before Something Breaks
Canonical: https://strangelyuseful.com/story/small-home-network-map
Markdown: https://strangelyuseful.com/story/small-home-network-map/markdown
Desk: Practical Technology
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A one-page map of modem, router, mesh nodes, and important devices turns outages into answerable questions.
Tags: home network, router, Wi-Fi, troubleshooting
## Readable Excerpt
A home network feels mysterious because the boxes look alike. A small map turns “the Wi-Fi is down” into sharper questions: does the modem have service, is the router issuing addresses, and which mesh node serves the room?
 A one-page map of modem, router, mesh nodes, and important devices turns outages into answerable questions. Keep the map operational rather than decorative. Record equipment roles, model numbers, cable paths, and which device belongs to the internet provider.
 Walk from the provider cable inward and photograph model labels before drawing. A mesh satellite is not the modem, and a combo gateway may perform both modem and router jobs.
 Name the boxes by their jobs
 Write down the modem and router model numbers. Read the model labels on the modem, router, and mesh nodes. Mark which box receives the provider cable and which one creates the home network.
 Put the useful details on one page
 Mark which device creates Wi-Fi and which only passes internet
 Draw each Ethernet cable and identify its destination. A wired television, switch, or mesh backhaul can explain why one room behaves differently.
 List wired devices and mesh backhaul links
 List important fixed devices such as printers, cameras, storage boxes, and work computers. Temporary phones and guest devices only clutter the map.
 Record the admin address without writing the password on the map
 Write the router admin address and equipment ownership, but never passwords or Wi-Fi keys. Store credentials in a password manager instead.
 Add the ISP support number and account equipment ownership
 Add the ISP support number and note which status lights indicate service. During an outage, the light pattern helps separate provider trouble from local Wi-Fi trouble.
 Mesh systems can hide several access point...
## Visible Sources
- Home Network Security, CISA (reference, retrieved): https://www.cisa.gov/news-events/news/home-network-security
- Are Public Wi-Fi Networks Safe? What You Need To Know, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/are-public-wi-fi-networks-safe-what-you-need-know
# Scan a QR Code Without Handing It Blind Trust
Canonical: https://strangelyuseful.com/story/scan-qr-code-safely
Markdown: https://strangelyuseful.com/story/scan-qr-code-safely/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Treat a QR code as a concealed link: preview it, inspect its context, and use a known route for payments or logins.
Tags: QR codes, scams, mobile security, phishing
## Readable Excerpt
A QR code is a link whose address has been hidden inside a square. That makes the preview screen—not the printed logo—the moment to decide whether to continue.
 Treat a QR code as a concealed link: preview it, inspect its context, and use a known route for payments or logins. Context is part of verification. A code on a parking meter can be covered by a sticker; a code in an urgent text can route to a convincing imitation login page.
 Know what the code should do before scanning. A restaurant menu should open a menu; a parking code should identify the operator and location before requesting an amount.
 The preview is the checkpoint
 Check whether a sticker covers an original code. Look for a sticker placed over another code, especially on parking meters, payment kiosks, and menus. Physical tampering changes the destination without changing the sign.
 Read the destination before opening
 Preview the destination before opening it
 Use the camera preview to read the domain before opening it. Cancel if spelling, subdomain, or top-level domain differs from the organization you expected.
 Read the domain from right to left to identify the real site
 Read domains from the registered name outward: in login.example.com, example.com controls the site. A familiar word placed earlier in a longer domain proves nothing.
 Open the known app directly for payment or account action
 For payment or sign-in, close the preview and open the known app yourself. This removes the QR code from the trust chain.
 Close the page if it asks for an unexpected download or profile
 Reject pages that request a profile, APK, certificate, or surprise app installation. A menu, ticket, or parking code should not need control of the phone.
 A malicious code does not need to look suspicious. It can sit on pro...
## Visible Sources
- Scammers hide harmful links in QR codes to steal your information, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/consumer-alerts/2023/12/scammers-hide-harmful-links-qr-codes-steal-your-information
- Malicious QR Codes Used to Steal Financial Data, FBI (reference, retrieved): https://www.ic3.gov/PSA/2022/PSA220118
# Name Files So You Can Find Them Six Months Later
Canonical: https://strangelyuseful.com/story/file-naming-system-that-lasts
Markdown: https://strangelyuseful.com/story/file-naming-system-that-lasts/markdown
Desk: Practical Technology
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A durable file name carries date, subject, and version without depending on one app’s search index.
Tags: file organization, productivity, Windows, archives
## Readable Excerpt
Search is helpful until a file moves to another drive, another operating system, or a long-term archive. A useful filename should still identify the document without the folder around it.
 A durable file name carries date, subject, and version without depending on one app’s search index. Use a stable pattern for repeated work: date when chronology matters, short subject, meaningful status, and a version only when you truly maintain versions.
 Collect ten real files from the same workflow and identify what distinguishes them: date, client, project, document type, or approval state. Build the pattern from those differences.
 Build one readable pattern
 Use ISO-style dates such as 2026-07-11 when order matters. Use YYYY-MM-DD when chronological sorting matters because text sorting then matches date order. Skip the date for documents whose identity is not time-based.
 Dates, subjects, and honest versions
 Put the stable subject before temporary status words
 Put the durable subject before temporary words such as draft or signed. Someone should understand the file without opening it or seeing its folder.
 Use short version labels only when versions are real
 Use v01 and v02 only for deliberately preserved versions. Replace “final-final” with a status that has a defined meaning, such as approved or filed.
 Choose separators that work across operating systems
 Avoid Windows-reserved characters and trailing periods. Hyphens, underscores, and spaces travel more reliably between Windows, macOS, cloud drives, and archives.
 Create one written example for recurring documents
 Create five realistic sample names and sort them on another device. Fix the pattern before renaming hundreds of existing files.
 A folder of monthly statements might use 2026-07-bank-statement.pdf; a living po...
## Visible Sources
- Naming Files, Paths, and Namespaces, Microsoft Learn (reference, retrieved): https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file
- Recommended Preservation Formats for Electronic Records, Smithsonian Institution Archives (reference, retrieved): https://siarchives.si.edu/what-we-do/digital-curation/recommended-preservation-formats-electronic-records
# Test a Cable, Charger, or Adapter Before Replacing the Device
Canonical: https://strangelyuseful.com/story/test-cable-charger-adapter
Markdown: https://strangelyuseful.com/story/test-cable-charger-adapter/markdown
Desk: Practical Technology
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Swap one known-good link at a time and separate power, data, display, and charging-speed failures.
Tags: USB-C, chargers, cables, troubleshooting
## Readable Excerpt
USB-C describes a connector shape, not one guaranteed bundle of charging speed, data rate, or display support. A disciplined swap test can identify a five-dollar cable problem before you replace an expensive device.
 Swap one known-good link at a time and separate power, data, display, and charging-speed failures. Separate the job into power, data, and video. Test the shortest possible path with one known-good component at a time.
 Gather one certified known-good cable and charger with documented capabilities. Random accessories from the same drawer are poor controls because any of them may share the fault.
 Separate power from data and video
 Read the device power requirement and charger output. Read the device’s required wattage and the charger’s advertised output for that port. A multiport charger may divide power when another device connects.
 Run a one-part swap test
 Try one known-good cable before changing the power brick
 Swap in one known-good cable while keeping the charger and device unchanged. If charging returns, the cable—not the battery or power brick—is the likely fault.
 Check whether the cable supports data or only charging
 Test data separately by connecting to a computer and transferring a file. Many inexpensive USB-C cables charge but do not provide the expected data speed or video.
 Remove hubs and adapters to test the shortest path
 Remove docks and adapters, then connect the shortest direct path. Reintroduce each accessory one at a time to locate the failed link.
 Watch for heat, looseness, discoloration, or damaged insulation
 Stop immediately for melted plastic, exposed conductors, arcing, burnt odor, or unusual heat. No diagnostic result is worth continuing with damaged power hardware.
 For a monitor dock, test charging, display, and file tran...
## Visible Sources
- USB Type-C Cable and Connector Specification, USB Implementers Forum (reference, retrieved): https://www.usb.org/usb-type-cr-cable-and-connector-specification
- Use USB-C cables and power adapters with Pixel phones, Google Pixel Help (reference, retrieved): https://support.google.com/pixelphone/answer/7106961
# Before You Sell, Donate, or Recycle a Device
Canonical: https://strangelyuseful.com/story/device-sale-donation-recycling-checklist
Markdown: https://strangelyuseful.com/story/device-sale-donation-recycling-checklist/markdown
Desk: Security & Trust
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Back up, sign out, remove locks, erase correctly, and verify the device no longer appears in your account.
Tags: device disposal, privacy, factory reset, recycling
## Readable Excerpt
Factory reset belongs near the end of device disposal, not the beginning. First preserve what matters, remove account locks, and document enough information to confirm the handoff.
 Back up, sign out, remove locks, erase correctly, and verify the device no longer appears in your account. The buyer or recycler should receive hardware that is erased and usable; you should retain your data, account access, and proof that the device left your control.
 Note the serial number, storage type, and current account owner before starting. Complete carrier, warranty, and payment-plan obligations separately from the data-erasure process.
 Preserve first, erase later
 Back up and verify the files you intend to keep. Complete a backup and open several restored files before erasing. Include messages, authenticator data, and app-specific exports that ordinary photo backup may omit.
 Remove the account ties
 Sign out of account, messaging, and device-finding services
 Sign out of the Apple or Google account and turn off device-finding features. This removes activation locks that would otherwise block the next owner.
 Remove SIM cards and removable storage
 Remove physical SIMs and microSD cards. Transfer eSIM service through the carrier before erasing if the old device still controls the number.
 Use the built-in erase or factory-reset process
 Use the manufacturer’s factory-reset workflow after sign-out. For unusually sensitive or damaged storage, follow an appropriate sanitization or destruction standard.
 Remove the hardware from trusted-device and payment lists
 Check the account’s trusted-device list and payment wallet after reset. Remove the serial number from insurance or management systems once the handoff is documented.
 Broken devices still contain data. If the screen or port p...
## Visible Sources
- What to do before you sell, give away, or trade in your iPhone or iPad, Apple Support (reference, retrieved): https://support.apple.com/en-us/109511
- Guidelines for Media Sanitization, NIST (reference, retrieved): https://csrc.nist.gov/pubs/sp/800/88/r1/final
# Fix a Printer Without Reinstalling Everything
Canonical: https://strangelyuseful.com/story/printer-troubleshooting-order
Markdown: https://strangelyuseful.com/story/printer-troubleshooting-order/markdown
Desk: Practical Technology
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Start with the print queue and connection path; reinstalling drivers is a late step, not the opening move.
Tags: printers, Windows, AirPrint, troubleshooting
## Readable Excerpt
Printers fail in layers: the document, queue, computer, network, printer, and supplies. Reinstalling everything blurs those layers and often makes a small problem harder to identify.
 Start with the print queue and connection path; reinstalling drivers is a late step, not the opening move. Begin with the printer’s own status page. If that works, the mechanism and supplies are probably usable, so move outward to the queue and connection.
 Use one simple local document as the test job and note any printer-panel error exactly. Complex PDFs, browser pages, and cloud printing introduce extra variables too early.
 Ask the printer to test itself
 Print the device’s own status page if available. Print the printer’s internal status or configuration page. If that fails, the problem is inside the printer, supplies, or paper path rather than the computer.
 Follow the job from queue to paper
 Clear only stuck jobs and restart the print service
 Cancel the single stuck job before clearing the whole queue. Restarting the print service should follow, because duplicate submissions can leave many identical jobs waiting.
 Confirm computer and printer are on the same network
 Confirm the printer and computer use the same local network and subnet. Guest Wi-Fi often isolates devices even though both can reach the internet.
 Add by current IP or discovery after checking sleep state
 Wake the printer and check its current IP address before adding it again. Routers can assign a different address after long sleep or power loss.
 Update firmware and drivers from the manufacturer
 Get firmware and drivers from the printer manufacturer or Windows Update. Third-party driver sites add risk and rarely know the exact hardware revision.
 A printer that works by USB but not Wi-Fi has already cleared the...
## Visible Sources
- Windows help and learning, Microsoft Support (reference, retrieved): https://support.microsoft.com/windows
- Use AirPrint to print from your iPhone or iPad, Apple Support (reference, retrieved): https://support.apple.com/en-us/109349
# Accessibility Settings Worth Testing Before You Need Them
Canonical: https://strangelyuseful.com/story/accessibility-settings-apple-android-windows
Markdown: https://strangelyuseful.com/story/accessibility-settings-apple-android-windows/markdown
Desk: Practical Technology
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Text size, contrast, captions, voice control, and reduced motion can make everyday devices easier before they become essential.
Tags: accessibility, iPhone, Android, Windows
## Readable Excerpt
Accessibility settings are not a last resort. Larger text, stronger contrast, reduced motion, captions, magnification, and voice access can remove daily friction even when a person does not identify as disabled.
 Text size, contrast, captions, voice control, and reduced motion can make everyday devices easier before they become essential. Change one variable at a time and test it in the apps you actually use. A setting that looks good in Settings can behave differently in email, maps, or a banking app.
 Choose one task that currently causes friction and capture the original settings. Testing against a real task makes it easier to keep helpful changes and reverse unhelpful ones.
 Test friction, not labels
 Increase text size without enlarging the entire interface first. Increase text size first, then test email, maps, settings, and a browser. Display zoom enlarges the whole interface and may hide controls on smaller screens.
 Change one display variable at a time
 Test contrast and color filters with familiar content
 Try high contrast, bold text, and color filters separately. A filter that helps one kind of color-vision difference can make photos or status colors harder to interpret.
 Turn on live captions for a short video or call
 Play a familiar video while testing live captions. Check names and technical terms because automatic captions are assistance, not a guaranteed transcript.
 Try voice access or dictation for one routine task
 Use voice access or dictation for one real task such as opening settings or composing a note. This exposes command and microphone limitations quickly.
 Configure the accessibility shortcut for fast switching
 Assign the accessibility shortcut to the feature most likely to be needed suddenly. Practice turning it off as well as on so the d...
## Visible Sources
- Get started with accessibility features on iPhone, Apple Support (reference, retrieved): https://support.apple.com/guide/iphone/get-started-with-accessibility-features-iph3e2e4367/ios
- Android accessibility overview, Android Accessibility Help (reference, retrieved): https://support.google.com/accessibility/android/answer/6006564
# Make Your Webcam and Microphone Reliable Before the Call
Canonical: https://strangelyuseful.com/story/webcam-microphone-preflight
Markdown: https://strangelyuseful.com/story/webcam-microphone-preflight/markdown
Desk: Practical Technology
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A two-minute local test catches the permissions, device-selection, lighting, and Bluetooth problems meetings expose too late.
Tags: webcam, microphone, video calls, remote work
## Readable Excerpt
A meeting app can show the right microphone name while the operating system blocks access—or use the laptop mic while sound comes from a headset. A local test exposes that mismatch before other people join.
 A two-minute local test catches the permissions, device-selection, lighting, and Bluetooth problems meetings expose too late. Test the exact combination you plan to use: camera, microphone, speakers, network, and room. “Default” is convenient but can change when a dock or Bluetooth device connects.
 Close other apps that may hold the camera or microphone and plug the laptop into power. Test from the same chair, room, dock, and headset planned for the meeting.
 Test the exact meeting setup
 Open the meeting app’s audio test before joining. Run the meeting app’s test with the same dock, headset, and network planned for the call. A different setup produces reassuring but irrelevant results.
 Default is a moving target
 Select the exact microphone and speaker instead of Default
 Select the microphone, speaker, and camera by name. “Default” may jump to a monitor, dock, or Bluetooth device when hardware reconnects.
 Check operating-system camera and microphone permissions
 Check operating-system privacy permissions if the app sees no camera or input meter. Browser meetings may also need a separate site permission.
 Use a wired fallback when Bluetooth reliability matters
 Record ten seconds locally and listen through the chosen speakers. This reveals hum, clipping, room echo, and a laptop mic selected by mistake.
 Place the camera near eye level with light in front of you
 Keep a wired headset or phone dial-in option ready for an important call. Bluetooth battery and pairing failures are faster to bypass than repair live.
 Bluetooth headsets sometimes expose separate call...
## Visible Sources
- Testing computer or device audio, Zoom Support (reference, retrieved): https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0063655
- Manage app permissions for a camera in Windows, Microsoft Support (reference, retrieved): https://support.microsoft.com/en-us/windows/manage-app-permissions-for-your-camera-in-windows-87ebc757-1f87-7bbf-84b5-0686afb6ca6b
# Set Up a Password Manager Without Creating a New Single Point of Failure
Canonical: https://strangelyuseful.com/story/password-manager-first-setup
Markdown: https://strangelyuseful.com/story/password-manager-first-setup/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Start with a unique master password, recovery material, and a small migration—not a rushed import of every account.
Tags: password managers, passwords, account security, MFA
## Readable Excerpt
A password manager removes password reuse only if its own recovery is planned. The first session should establish a unique master password, strong second factor, and recoverable backup before importing dozens of accounts.
 Start with a unique master password, recovery material, and a small migration—not a rushed import of every account. Migrate in small groups. Start with email and financial accounts, confirm autofill on each legitimate domain, and remove old saved copies only after the manager works.
 Inventory where passwords currently live—browser, notes, another manager, or memory—without exporting yet. Confirm the new manager works on every device needed for recovery.
 Protect the vault before filling it
 Choose a reputable manager with export and recovery documentation. Compare reputation, security documentation, supported devices, export formats, and recovery design. A low price does not compensate for an unusable recovery path.
 Move important accounts in small groups
 Create a long unique master password you do not reuse
 Create a long master password used nowhere else. Memorize it, then store recovery material separately rather than saving the master password inside its own vault.
 Enable strong multi-factor authentication
 Enable a security key or authenticator-based second factor and register a backup. Test both before importing accounts.
 Save recovery material somewhere separate and protected
 Move email, finance, and cloud accounts in small batches. After each password change, sign out and prove the new credential works on the legitimate domain.
 Move high-value accounts first and remove duplicate passwords gradually
 Delete plaintext CSV exports immediately after verifying the import, including copies in Downloads, cloud sync, recycle bins, and automated...
## Visible Sources
- Use Strong Passwords, CISA (reference, retrieved): https://www.cisa.gov/secure-our-world/use-strong-passwords
- Digital Identity Guidelines: Authentication and Authenticator Management, NIST (reference, retrieved): https://pages.nist.gov/800-63-4/sp800-63b.html
# Are You Ready for a Hardware Security Key?
Canonical: https://strangelyuseful.com/story/hardware-security-key-readiness
Markdown: https://strangelyuseful.com/story/hardware-security-key-readiness/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Security keys can resist common phishing, but everyday readiness requires two keys, supported accounts, and a recovery route.
Tags: security keys, MFA, phishing resistance, account security
## Readable Excerpt
A hardware security key can stop a fake login page from stealing a usable second factor, but it introduces a physical object you can lose. Readiness means planning both the stronger login and the spare.
 Security keys can resist common phishing, but everyday readiness requires two keys, supported accounts, and a recovery route. List supported high-value accounts, check connector and NFC compatibility, and register two keys before depending on either one.
 Check account support pages and organizational policies before buying hardware. Some workplaces restrict key models, while phones may require NFC or a different physical connector.
 List the accounts that can use one
 List the critical accounts that support security keys. Check whether email, password manager, financial, and developer accounts accept FIDO security keys. Prioritize accounts that can reset many others.
 Two keys prevent one-key lockout
 Buy compatible keys from a trusted seller
 Buy two compatible keys and register both. A spare stored elsewhere prevents one lost key from becoming an account lockout.
 Register a primary key and a separately stored backup
 Match USB connector, NFC support, and device policy to the equipment actually used. A USB-A key alone may be awkward on a phone-only recovery day.
 Name keys clearly in each account dashboard
 Give each registered key a clear name in the account dashboard, then perform a real sign-in with each one.
 Test sign-in and recovery before removing older methods
 Keep recovery codes or another approved fallback until both keys work everywhere required. Stronger authentication should not create a single physical point of failure.
 Travel changes the physical plan. A key kept on the same keychain as the laptop is convenient but vulnerable to the same lost bag. St...
## Visible Sources
- Use a security key for 2-Step Verification, Google Account Help (reference, retrieved): https://support.google.com/accounts/answer/6103523
- More than a Password, CISA (reference, retrieved): https://www.cisa.gov/mfa
# Choose the Strongest Two-Factor Method You Can Actually Maintain
Canonical: https://strangelyuseful.com/story/compare-two-factor-methods
Markdown: https://strangelyuseful.com/story/compare-two-factor-methods/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Security keys and passkey-style authentication are strongest; authenticator apps are a practical fallback; SMS is better than password-only.
Tags: two-factor authentication, MFA, authenticator apps, SMS security
## Readable Excerpt
“Two-factor authentication” describes a category, not one level of protection. A security key can verify the real site; an authenticator code can still be typed into a fake one; SMS depends partly on the phone account.
 Security keys and passkey-style authentication are strongest; authenticator apps are a practical fallback; SMS is better than password-only. Pick the strongest method the service supports and you can maintain. For a critical account, convenience should include a tested backup—not just the fastest prompt.
 List current factors beside each critical account and mark which depend on the same phone number or device. That reveals backups that would fail together.
 Not every second factor stops phishing
 Prefer phishing-resistant methods where the account supports them. Choose security keys or platform-bound phishing-resistant authentication for the highest-value accounts when supported. They verify the legitimate service, not just a code.
 Match strength to account value
 Use an authenticator app when a security key is impractical
 Authenticator apps avoid carrier dependence but codes can still be entered into a fake site. Read the domain before typing.
 Keep SMS as a fallback only when the risk and recovery tradeoff make sense
 SMS is better than password-only when stronger choices are unavailable, but number ports and SIM swaps add carrier-account risk.
 Register two independent recovery methods
 Push approval is convenient; never approve a prompt you did not start. Repeated prompts can be an attacker hoping fatigue wins.
 Review methods after changing phones or numbers
 Register an independent backup method and review the list after changing phones or numbers. Remove factors tied to devices you no longer control.
 Risk is not identical across accounts. A st...
## Visible Sources
- More than a Password, CISA (reference, retrieved): https://www.cisa.gov/mfa
- Digital Identity Guidelines: Authentication and Authenticator Management, NIST (reference, retrieved): https://pages.nist.gov/800-63-4/sp800-63b.html
# Store Recovery Codes So They Still Exist During an Emergency
Canonical: https://strangelyuseful.com/story/store-recovery-codes-safely
Markdown: https://strangelyuseful.com/story/store-recovery-codes-safely/markdown
Desk: Security & Trust
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Recovery codes belong outside the account and outside the device they are meant to rescue.
Tags: recovery codes, account recovery, MFA, backup
## Readable Excerpt
A recovery code stored only on the phone it is meant to replace is not much of a recovery plan. Put codes somewhere reachable when the primary device, password manager, or cloud account is unavailable.
 Recovery codes belong outside the account and outside the device they are meant to rescue. Use two different failure domains: for example, a printed copy in a secure location and an encrypted digital copy outside the protected account.
 Choose storage locations before generating codes so plaintext does not linger in Downloads. Have a printer, encrypted container, or secure document location ready.
 Store codes outside the failure
 Generate a fresh set after confirming your normal sign-in works. Generate codes only after normal two-factor sign-in works. Note that creating a new set can invalidate every previous code.
 Use two different kinds of storage
 Print or write one copy for a secure physical location
 Print one copy for a secure document location. The paper should identify the service but does not need the account password beside it.
 Store an encrypted digital copy in a separate protected system
 Keep an encrypted digital copy outside the account it recovers. A file in that account’s own cloud storage may be unreachable during lockout.
 Label the service and generation date without adding the password
 Mark single-use codes after use without photographing the whole sheet. Replace the set if you cannot tell which codes remain valid.
 Replace the set after any code is exposed or the service regenerates it
 Regenerate immediately after accidental sharing, an unencrypted upload, or loss. Treat recovery codes with the same care as passwords.
 A sealed paper copy can survive a dead phone and cloud lockout, while an encrypted digital copy is easier to update. Keeping bot...
## Visible Sources
- Sign in with backup codes, Google Account Help (reference, retrieved): https://support.google.com/accounts/answer/1187538
- Set up a recovery key for your Apple Account, Apple Support (reference, retrieved): https://support.apple.com/en-us/109345
# Build a Recovery Email That Does Not Become the Weak Link
Canonical: https://strangelyuseful.com/story/recovery-email-separate-and-secure
Markdown: https://strangelyuseful.com/story/recovery-email-separate-and-secure/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A recovery mailbox should be independent, monitored, strongly protected, and used for recovery—not newsletters and random signups.
Tags: recovery email, account security, email, MFA
## Readable Excerpt
A recovery mailbox quietly controls access to everything it can reset. Giving it less daily exposure—and stronger protection than an ordinary signup address—reduces the chance that it becomes the easiest way in.
 A recovery mailbox should be independent, monitored, strongly protected, and used for recovery—not newsletters and random signups. The address must remain active and monitored. Independence matters: avoid circular arrangements where two mailboxes can reset each other and share the same weak factor.
 Confirm the provider’s inactivity policy and recovery options before adopting the address. A backup mailbox that can silently expire is not a dependable identity anchor.
 Treat the spare mailbox as a key
 Choose an address you can retain long term. Choose a long-lived provider and an address used only for recovery and important identity accounts. Less routine mail means fewer phishing opportunities.
 Keep recovery paths independent
 Give it a unique password and strong MFA
 Protect the mailbox with a unique password and strong MFA. Its compromise would let an attacker reset every account that trusts it.
 Keep its recovery methods independent from the primary mailbox
 Avoid circular recovery where the primary and backup mailboxes depend only on each other. Add an independent factor or stored recovery code.
 Sign in periodically and monitor security notices
 Sign in periodically so the provider does not treat the address as abandoned. Confirm security alerts still arrive and are not filtered.
 Use it only for important recovery and identity accounts
 Replace the address before closing it or losing a domain. Update critical accounts one by one and verify each change.
 An address that never receives normal mail can be easy to forget. Add a periodic reminder to sign in a...
## Visible Sources
- Set up recovery options, Google Account Help (reference, retrieved): https://support.google.com/accounts/answer/183723
- Use Strong Passwords, CISA (reference, retrieved): https://www.cisa.gov/secure-our-world/use-strong-passwords
# How to Tell If a Customer Support Number or Chat Message Is Fake
Canonical: https://strangelyuseful.com/story/verify-customer-support-contact
Markdown: https://strangelyuseful.com/story/verify-customer-support-contact/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Ignore the number in a warning, ad, or unsolicited message; open the app or type the official site yourself.
Tags: customer support scams, impersonation, account security, fraud
## Readable Excerpt
The dangerous part of a fake-support scam is often not the story but the route. A search ad, pop-up, or urgent text can place an impostor’s phone number exactly where a worried person expects help.
 Ignore the number in a warning, ad, or unsolicited message; open the app or type the official site yourself. Break contact and start over from the installed app, a statement, or a domain you already know. An authentic logo and caller ID are not independent evidence.
 Have a statement, receipt, device serial, or signed-in app available before making contact. Those records help locate official support without relying on the alarming message.
 Throw away the inbound route
 Stop interacting with the inbound message or pop-up. End the call, text, or pop-up session that created urgency. Do not use its number, link, case ID, or remote-access instructions.
 Re-enter through a known door
 Open the company’s installed app or a saved official bookmark
 Open the installed app, a saved bookmark, or a number printed on the statement or device packaging. Search advertisements can be bought by impostors.
 Find support inside the authenticated account
 Ask what the provider can see without your password. Legitimate support should not need a one-time code, recovery code, gift card, or crypto transfer.
 Ask what information support should never request
 Refuse remote-control software unless you initiated a documented technical-support session with a company you already trust.
 Record the case number and contact channel
 Save the official case number and channel. If money or credentials were shared, secure the affected account and contact the financial provider separately.
 A fake renewal invoice often says hundreds of dollars were charged and supplies a number to cancel. Check the actual card...
## Visible Sources
- How To Spot, Avoid, and Report Tech Support Scams, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams
- Mobile Payment Apps: How To Avoid a Scam When You Use One, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/mobile-payment-apps-how-avoid-scam-when-you-use-one
# An Unfamiliar Sign-In Alert Arrived: Check This First
Canonical: https://strangelyuseful.com/story/unfamiliar-sign-in-alert-response
Markdown: https://strangelyuseful.com/story/unfamiliar-sign-in-alert-response/markdown
Desk: Security & Trust
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Open the account independently, inspect device and location details, then secure the account if the event is not yours.
Tags: security alerts, account takeover, login activity, email security
## Readable Excerpt
A sign-in alert can be a useful early warning, but the location is often approximate and the message itself can be spoofed. Verify the event from inside the account instead of replying to the alert.
 Open the account independently, inspect device and location details, then secure the account if the event is not yours. Compare the device, browser, time, and activity. A familiar city with an unfamiliar browser deserves investigation; a mobile carrier can also place a legitimate login far away.
 Note which account received the alert and whether you recently used a new browser, VPN, or mobile network. Do not change settings from inside the notification.
 Verify the alert inside the account
 Do not click the alert link until you verify the sender and account. Open the service directly and find recent security activity. This verifies whether the alert describes a real event without trusting the alert’s link.
 Location is a clue, not a verdict
 Open the service directly and inspect recent security activity
 Compare time, browser, device, and action. Location alone is weak evidence because VPNs and mobile carriers can place a legitimate login elsewhere.
 Compare device, browser, time, and approximate location
 End only the unfamiliar sessions, then change the password if the event was not yours. A broad sign-out may interrupt recovery work on trusted devices.
 End unfamiliar sessions and change the password if needed
 Review forwarding rules, app passwords, recovery contacts, and connected apps. Attackers often add persistence that survives a password change.
 Review recovery details, forwarding rules, and connected apps
 Save the alert details and subsequent changes. Repeated alerts with different devices can reveal an ongoing credential or session theft.
 A login from your us...
## Visible Sources
- Respond to security alerts, Google Account Help (reference, retrieved): https://support.google.com/accounts/answer/2590353
- If you think your Apple Account has been compromised, Apple Support (reference, retrieved): https://support.apple.com/en-us/102560
# The First Hour After an Email Account Takeover
Canonical: https://strangelyuseful.com/story/first-hour-after-email-takeover
Markdown: https://strangelyuseful.com/story/first-hour-after-email-takeover/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Recover the mailbox, remove persistence, protect downstream accounts, and preserve a timeline before the attacker can reset more services.
Tags: email takeover, account security, incident response, identity theft
## Readable Excerpt
Email is a reset channel for the rest of a digital life. After takeover, restoring the password is only the opening move; the attacker may have added forwarding, app passwords, recovery details, or trusted sessions.
 Recover the mailbox, remove persistence, protect downstream accounts, and preserve a timeline before the attacker can reset more services. Work from a device you trust. Recover the mailbox through the provider, remove persistence, then protect accounts that use the address for password resets.
 Use another trusted channel to tell a close contact what happened, and prepare a clean device. Do not conduct recovery through links in the compromised mailbox.
 Recover from a device you trust
 Use the provider’s official recovery page from a clean device. Use the provider’s official recovery page from a trusted device. Avoid performing recovery on a computer that may contain malware or an unknown extension.
 Look beyond the changed password
 Change the password and revoke unfamiliar sessions
 Change the password and revoke unfamiliar sessions, app passwords, and trusted devices. Confirm the attacker did not replace recovery email or phone.
 Remove forwarding rules, filters, app passwords, and connected apps
 Inspect inbox rules, forwarding, delegates, sent mail, and trash. Hidden forwarding can continue leaking password resets after access appears restored.
 Secure financial, cloud, and social accounts tied to the mailbox
 Secure banking, cloud storage, social media, and password managers tied to the mailbox. Start with accounts that can move money or reset others.
 Tell close contacts to ignore suspicious recent messages
 Warn close contacts about recent suspicious messages and preserve headers or notices. Evidence helps explain downstream fraud without keeping th...
## Visible Sources
- How To Recover Your Hacked Email or Social Media Account, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/how-recover-your-hacked-email-or-social-media-account
- Respond to security alerts, Google Account Help (reference, retrieved): https://support.google.com/accounts/answer/2590353
# Your Phone Suddenly Lost Service: Treat SIM Swap as One Possibility
Canonical: https://strangelyuseful.com/story/sim-swap-warning-and-recovery
Markdown: https://strangelyuseful.com/story/sim-swap-warning-and-recovery/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Unexpected loss of calls and texts plus account alerts deserves a carrier check and immediate protection of email and financial accounts.
Tags: SIM swap, mobile security, identity theft, account recovery
## Readable Excerpt
A phone that suddenly shows no service may be in an outage—but if account alerts arrive at the same time, assume the number could have moved until the carrier confirms otherwise.
 Unexpected loss of calls and texts plus account alerts deserves a carrier check and immediate protection of email and financial accounts. Use trusted Wi-Fi to protect email and financial accounts, then reach the carrier through a known number or authenticated app. Do not rely on SMS while control is uncertain.
 Write down the approximate time service disappeared and collect the carrier account number from a statement. Use another phone or trusted Wi-Fi device for support.
 No service plus alerts changes the stakes
 Connect through trusted Wi-Fi and check carrier status. Check whether nearby phones on the same carrier also lost service. A local outage is possible; simultaneous account alerts make unauthorized number movement more likely.
 Ask the carrier what changed
 Call the carrier using a known official number
 Call the carrier through its official app, website, or a known number. Ask whether a SIM change or port request occurred and when.
 Ask whether a SIM or number-port change occurred
 While using trusted Wi-Fi, secure email and financial accounts with non-SMS factors. Do not wait for text service to return before protecting them.
 Secure email, banking, and payment accounts without relying on SMS
 Ask the carrier to reverse unauthorized changes and add a port lock or account PIN. Replace any PIN the attacker may have learned.
 Add a carrier account PIN or port lock after control is restored
 Review transactions and password resets from the outage window. Notify affected banks or payment services that the phone number was temporarily controlled by someone else.
 Losing SMS also interrup...
## Visible Sources
- Protecting Consumers from SIM Swap and Port-Out Fraud, Federal Communications Commission (reference, retrieved): https://www.fcc.gov/document/fcc-adopts-rules-protect-consumers-sim-swapping-scams-0
- SIM Swap Scams: How to Protect Yourself, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/consumer-alerts/2019/10/sim-swap-scams-how-protect-yourself
# Audit the Apps Connected to Your Main Accounts
Canonical: https://strangelyuseful.com/story/audit-connected-apps
Markdown: https://strangelyuseful.com/story/audit-connected-apps/markdown
Desk: Security & Trust
Format: list
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Remove old OAuth grants and sign-in connections that no longer have a clear job.
Tags: connected apps, OAuth, privacy, account security
## Readable Excerpt
Signing in with Google or Apple can avoid creating another password, but the connected app may retain access long after you stop using it. A quarterly permission review keeps old experiments from becoming permanent trust.
 Remove old OAuth grants and sign-in connections that no longer have a clear job. Read scopes, not just app names. Calendar read access, mailbox access, profile identity, and cloud-file access carry very different consequences.
 Set aside enough time to identify unfamiliar grants rather than deleting everything reflexively. Essential backup, calendar, or sign-in integrations can break when revoked.
 Read permissions, not app logos
 Review third-party connections from the account’s security page. Open the primary account’s third-party connections page. An app’s logo or familiar name does not reveal what data it can still read.
 Remove access that has lost its purpose
 Open details to see data scopes and last use
 Read scopes for mail, files, calendar, contacts, and profile identity. Remove grants that have no current, specific purpose.
 Remove abandoned apps and duplicate integrations
 Check last-used dates and duplicate integrations. A tool tested once years ago should not retain permanent access.
 Reauthenticate essential tools only from their official sites
 Revoke from the main account, then sign in again only from the essential app’s official site. This forces a fresh, visible consent decision.
 Repeat the review after a job, school, or device change
 Remember that revocation stops future access but may not delete copied data. Use the developer’s deletion process when retained data matters.
 A calendar tool may need calendar access but not mailbox, contacts, and cloud-drive control. When requested scopes exceed the app’s obvious function, decline a...
## Visible Sources
- Manage connections between your Google Account and third parties, Google Account Help (reference, retrieved): https://support.google.com/accounts/answer/13533235
- Manage your apps with Sign in with Apple, Apple Support (reference, retrieved): https://support.apple.com/en-us/102571
# Turn On Security Alerts That Are Actually Useful
Canonical: https://strangelyuseful.com/story/security-alerts-worth-enabling
Markdown: https://strangelyuseful.com/story/security-alerts-worth-enabling/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Prioritize new sign-ins, recovery changes, money movement, and new-device notices; route them somewhere you will see.
Tags: security alerts, notifications, banking, account security
## Readable Excerpt
Security notifications should interrupt you for events that change control or move money—not for every routine login. A smaller set of high-signal alerts is more likely to be noticed and acted on.
 Prioritize new sign-ins, recovery changes, money movement, and new-device notices; route them somewhere you will see. Prioritize new devices, password and recovery changes, card-not-present purchases, transfers, and profile changes. Test where each alert lands.
 Review a month of normal transactions and account activity before selecting thresholds. The goal is an alert stream quiet enough that an unusual event stands out.
 Choose events that change control
 Enable new-device and password-change alerts. Enable notices for new devices, password changes, recovery changes, and disabled MFA. Those events can transfer account control.
 Money movement needs its own threshold
 Enable transaction and transfer alerts at a practical threshold
 For cards and bank accounts, add purchase and transfer alerts at a threshold low enough to catch meaningful activity without constant noise.
 Send critical alerts to an independent channel when possible
 Send critical alerts to a channel independent of the protected account when possible. A compromised mailbox cannot reliably warn about itself.
 Allow notifications to bypass Focus only for truly critical apps
 Allow only the most important financial and identity apps through Focus or Do Not Disturb. Too many exceptions make every alert easier to ignore.
 Test one alert and confirm the destination
 Trigger a harmless test, such as a small threshold purchase or new browser login. Confirm the alert arrives with enough detail to act.
 A one-dollar card alert can create constant noise for some people, while a hundred-dollar threshold misses a small tes...
## Visible Sources
- Review security notifications for your Google Account, Google Account Help (reference, retrieved): https://support.google.com/accounts/answer/2590353
- How do I get my money back after I discover an unauthorized transaction or money missing from my bank account?, Consumer Financial Protection Bureau (reference, retrieved): https://www.consumerfinance.gov/ask-cfpb/how-do-i-get-my-money-back-after-i-discover-an-unauthorized-transaction-or-money-missing-from-my-bank-account-en-1017/
# Hand Off a Shared or Family Account Without Sharing Your Password
Canonical: https://strangelyuseful.com/story/safe-shared-account-handoff
Markdown: https://strangelyuseful.com/story/safe-shared-account-handoff/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Use family roles, delegates, shared vaults, or separate logins; document ownership and recovery before access changes.
Tags: family accounts, shared access, passwords, digital safety
## Readable Excerpt
A shared password makes every person look like the same user and turns one departure into a group password emergency. Built-in family, delegate, or team roles preserve accountability and simplify removal.
 Use family roles, delegates, shared vaults, or separate logins; document ownership and recovery before access changes. Before granting access, name the owner, purpose, billing contact, recovery owner, and date the arrangement should be reviewed.
 Gather the service terms, billing owner, current recovery contacts, and access list. Separate convenience sharing from legally authorized financial or business access.
 Give people roles, not one password
 Confirm who legally or contractually owns the account. Identify the contractual owner before adding anyone. Ownership determines who can close the account, recover access, or control billing.
 Write down ownership and recovery
 Use built-in family, delegate, or team access
 Use built-in family, delegate, or team roles so each person has an individual login and visible permissions.
 Give each person an individual login when available
 Put any unavoidable shared secret in a shared password-manager vault, not a text thread. Keep personal recovery codes out of that vault.
 Store shared secrets in a shared vault rather than messages
 Write down who controls billing, recovery, content, and removal. Set a review date tied to the project, lease, caregiving period, or employment.
 Document who controls billing, recovery, and account closure
 Remove the departing person’s role and sessions when access ends. Do not change everyone’s password unless the service lacks individual access.
 A household streaming login, a utility account, and a small-business bank account should not share one access model. Financial accounts require approve...
## Visible Sources
- Share purchases with your family, Apple Support (reference, retrieved): https://support.apple.com/en-us/108380
- Protect Your Personal Information From Hackers and Scammers, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/protect-your-personal-information-hackers-and-scammers
# Use Cash App Safely: Verify the Person, Not Just the Cashtag
Canonical: https://strangelyuseful.com/story/cash-app-safety-checklist
Markdown: https://strangelyuseful.com/story/cash-app-safety-checklist/markdown
Desk: Money & Payments
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Confirm the recipient through a separate channel, protect the account, and understand that a completed person-to-person payment may be hard to reverse.
Tags: Cash App, payment apps, scams, money safety
## Readable Excerpt
A Cashtag is easy to type and easy to imitate. Before a meaningful payment, confirm the person through another conversation and read the recipient screen as if the transfer cannot be pulled back.
 Confirm the recipient through a separate channel, protect the account, and understand that a completed person-to-person payment may be hard to reverse. Use Cash App’s own security lock, alerts, and support. A search-engine phone number or social-media “agent” is not a safe support route.
 Open the recipient’s profile from a conversation you already trust and confirm the app is current. Decide the maximum amount you are willing to send without a test.
 Confirm the human behind the Cashtag
 Enable the app’s security lock and account alerts. Turn on Security Lock and transaction notifications before sending. These controls protect the app on an unlocked phone and surface account activity quickly.
 Use the controls already in the app
 Confirm the recipient’s name and Cashtag independently
 Confirm the recipient’s name and Cashtag through a conversation you already trust. Profile pictures and near-identical Cashtags are easy to copy.
 Send a small test amount for a new high-stakes recipient
 For a large first payment, send a small agreed test only when the recipient confirms it live. Never test by paying a stranger who contacted you.
 Use in-app support rather than search-result phone numbers
 Use support inside Cash App or the official site. Ignore callers claiming money must be moved to protect the account.
 Report unauthorized activity immediately and preserve screenshots
 For unauthorized activity, lock the card if relevant, capture the transaction, and report it immediately. Do not send a second payment to reverse the first.
 Scammers may impersonate support after a user searc...
## Visible Sources
- Security at Cash App, Cash App (reference, retrieved): https://cash.app/security
- Mobile Payment Apps: How To Avoid a Scam When You Use One, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/mobile-payment-apps-how-avoid-scam-when-you-use-one
# Make Venmo Private and Handle a Mistaken Payment Carefully
Canonical: https://strangelyuseful.com/story/venmo-privacy-and-mistaken-payment
Markdown: https://strangelyuseful.com/story/venmo-privacy-and-mistaken-payment/markdown
Desk: Money & Payments
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Set transactions and friends lists to private, then use Venmo’s official workflow instead of sending a second payment to a stranger.
Tags: Venmo, privacy, mistaken payment, payment apps
## Readable Excerpt
Venmo combines money movement with a social feed, so privacy is part of payment safety. Make future transactions private and reduce what contacts or strangers can learn from descriptions and connections.
 Set transactions and friends lists to private, then use Venmo’s official workflow instead of sending a second payment to a stranger. A mistaken payment needs one clean case record. Do not create a second transfer merely because an unfamiliar person asks you to “send it back.”
 Take a screenshot of the transaction and its status, not the entire financial feed. Avoid messaging the stranger until Venmo’s official workflow is clear.
 Make the payment feed private
 Set default transaction privacy to Private. Set future transactions to Private and review visibility for past transactions. Descriptions can reveal relationships, locations, and routines even though amounts are hidden.
 Handle one mistaken transfer as one case
 Change past transactions to private where available
 Limit contact syncing and friends-list visibility. A private payment feed does not automatically hide the social graph around it.
 Limit contact syncing and friends-list visibility
 Check whether the mistaken payment is still cancelable under Venmo’s rules. Many payments to active accounts cannot simply be pulled back.
 For a payment to an inactive account, check the official cancel option
 Contact Venmo through the app and give one transaction ID. Do not create a second transfer because an unfamiliar recipient demands repayment.
 For other mistakes, contact Venmo support and your funding institution promptly
 Notify the funding bank promptly if the payment was unauthorized. A mistaken authorized payment and account fraud follow different resolution paths.
 If a stranger sends money and immediately asks...
## Visible Sources
- Changing Payment Privacy & Hiding Past Payments, Venmo Help Center (reference, retrieved): https://help.venmo.com/hc/en-us/articles/210413717-Payment-Activity-Privacy
- Mobile Payment Apps: How To Avoid a Scam When You Use One, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/mobile-payment-apps-how-avoid-scam-when-you-use-one
# PayPal Friends and Family Is Not a Discount Checkout Button
Canonical: https://strangelyuseful.com/story/paypal-friends-family-vs-goods-services
Markdown: https://strangelyuseful.com/story/paypal-friends-family-vs-goods-services/markdown
Desk: Money & Payments
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Use Goods and Services for eligible purchases; Friends and Family is designed for personal transfers and lacks purchase protection.
Tags: PayPal, buyer protection, online shopping, payment safety
## Readable Excerpt
The payment label matters on PayPal. Friends and Family is for personal transfers; using it to buy an item can remove the purchase-protection path the buyer expected.
 Use Goods and Services for eligible purchases; Friends and Family is designed for personal transfers and lacks purchase protection. Match the transaction type to reality. A seller offering a discount for mislabeling a purchase is asking the buyer to accept more risk.
 Save the listing, agreed price, delivery promise, and seller identity before paying. Those records matter only when the transaction is labeled and processed as an eligible purchase.
 Name the transaction honestly
 Identify whether money is a personal transfer or a purchase. Decide whether the money is a gift or payment for something. The label should match the real transaction, not the seller’s preferred fee treatment.
 What purchase protection can cover
 Review eligibility and exclusions before relying on protection
 Use Goods and Services for an eligible purchase and keep the invoice, listing, and delivery promises. Protection depends on terms and evidence.
 Describe the item accurately and keep seller communications
 Review exclusions before assuming every item qualifies. Some categories and transaction patterns fall outside Purchase Protection.
 Use the invoice or checkout flow for a purchase
 Treat pressure to use Friends and Family as a risk signal. That personal-transfer path is not a hidden discount checkout.
 Open a dispute within the stated deadline if an eligible purchase fails
 Open an eligible dispute within PayPal’s deadline and keep communication in the transaction record. Off-platform promises are harder to prove.
 A concert ticket, game console, or marketplace item is still a purchase when the seller feels friendly. The rela...
## Visible Sources
- What are “Friends and Family” payment scams?, PayPal Help Center (reference, retrieved): https://www.paypal.com/us/cshelp/article/what-are-friends-and-family-payment-scams-help1165
- PayPal’s Purchase Protection Program, PayPal (reference, retrieved): https://www.paypal.com/us/legalhub/paypal/buyer-protection
# Before You Send With Zelle, Verify the Destination Twice
Canonical: https://strangelyuseful.com/story/zelle-recipient-verification
Markdown: https://strangelyuseful.com/story/zelle-recipient-verification/markdown
Desk: Money & Payments
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Zelle is designed for people you know and trust; confirm the enrolled phone or email through another channel before sending.
Tags: Zelle, bank transfers, scams, recipient verification
## Readable Excerpt
Zelle moves money directly between bank accounts and is designed for people you know and trust. That speed is useful for rent or repayment—and unforgiving when a phone number is wrong or a story is fake.
 Zelle is designed for people you know and trust; confirm the enrolled phone or email through another channel before sending. Ask the recipient which email address or phone number is enrolled, confirm it in a separate conversation, then read the name your bank displays.
 Ask the recipient to state the enrolled destination rather than reading one to them. For changed business instructions, use contact information from an earlier trusted record.
 Confirm the enrolled destination
 Ask the recipient which exact email or phone is enrolled. Ask which exact phone number or email address is enrolled. Confirm the answer through a conversation you initiated, not a reply to a payment request.
 Fast bank money leaves little correction time
 Confirm that answer through a separate trusted conversation
 Read the recipient name shown by the bank before approving. If it does not match the expected person or business, stop.
 Read the recipient name shown by your bank
 Use Zelle only for people and businesses you know and trust. It is not a substitute for a marketplace checkout with purchase protections.
 Use a small test payment for a new recipient when appropriate
 A bank caller will not need you to send money to yourself or another account to reverse fraud. End that call and contact the bank directly.
 Stop if anyone says you must pay yourself to fix fraud
 For an unauthorized or misdirected transfer, call the bank immediately with the transaction ID. Do not send another payment as a correction.
 A landlord or contractor changing payment details by email is a classic point for intercep...
## Visible Sources
- Understanding Fraud & Scams, Zelle (reference, retrieved): https://www.zelle.com/understanding-fraud-scams
- Only Send Money to Friends, Family and Others You Trust, Zelle (reference, retrieved): https://www.zellepay.com/safety-education/pay-it-safe
# Google Wallet Purchase Problem? Start With the Merchant and the Funding Card
Canonical: https://strangelyuseful.com/story/google-wallet-refunds-and-disputes
Markdown: https://strangelyuseful.com/story/google-wallet-refunds-and-disputes/markdown
Desk: Money & Payments
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Google Wallet often passes a card credential to a merchant; refunds and disputes usually follow the merchant and card issuer paths.
Tags: Google Wallet, refunds, card disputes, mobile payments
## Readable Excerpt
Google Wallet can hold the card credential, but the merchant still sells the item and the card issuer still runs the account. The right refund path depends on where the transaction actually occurred.
 Google Wallet often passes a card credential to a merchant; refunds and disputes usually follow the merchant and card issuer paths. Find the merchant, funding card, and transaction status before removing cards or opening disputes. A pending authorization is not always a completed charge.
 Open both Wallet activity and the underlying card account. Match merchant name, date, amount, and token details before deciding whether the issue is a return or unauthorized charge.
 Identify merchant, card, and status
 Identify the merchant and the card used for the transaction. Identify the merchant, the card used, and whether the entry is pending or posted. Wallet may hold the credential without being the seller.
 A wallet is not always the seller
 Check whether the charge is pending or posted
 For an ordinary return, contact the merchant and keep the refund confirmation. The credit normally returns through the original funding card.
 Request a refund from the merchant and keep confirmation
 Do not treat a pending authorization as a final duplicate charge. Hotels, gas stations, and some merchants adjust amounts after settlement.
 Watch the original card account for the credit
 If a posted charge is unauthorized, report it to the card issuer promptly. Removing the card from Wallet does not dispute an existing transaction.
 Report an unauthorized posted charge to the card issuer promptly
 Track the merchant’s promised refund date against the card statement. Escalate when the promised window passes without a credit.
 A card token in Wallet can display different final digits from the physi...
## Visible Sources
- Pay on an app or website, Google Wallet Help (reference, retrieved): https://support.google.com/googlepay/answer/7644068?hl=en
- How do I get my money back after I discover an unauthorized transaction or money missing from my bank account?, Consumer Financial Protection Bureau (reference, retrieved): https://www.consumerfinance.gov/ask-cfpb/how-do-i-get-my-money-back-after-i-discover-an-unauthorized-transaction-or-money-missing-from-my-bank-account-en-1017/
# Apple Cash: Confirm the Recipient Before the Money Leaves
Canonical: https://strangelyuseful.com/story/apple-cash-recipient-check
Markdown: https://strangelyuseful.com/story/apple-cash-recipient-check/markdown
Desk: Money & Payments
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Verify the conversation, inspect the recipient card, and never send money to resolve a supposed fraud alert.
Tags: Apple Cash, payment safety, scams, iPhone
## Readable Excerpt
Apple Cash makes a payment feel like a message, but the money movement deserves a separate pause. Confirm the conversation, recipient card, and amount before using Face ID, Touch ID, or a passcode.
 Verify the conversation, inspect the recipient card, and never send money to resolve a supposed fraud alert. A contact name is only a label on your device. Verify the phone number or email address that will actually receive the payment.
 Update the device, confirm Apple Cash is active, and identify the exact Messages conversation. An unsolicited payment card or new thread deserves separate verification.
 Read the recipient card before approving
 Open the payment from a conversation you already trust. Open the payment from an existing trusted conversation rather than a new request. Verify the phone number or email on the recipient card.
 A contact name is only a local label
 Confirm the phone number or email tied to the recipient
 Read the amount and recipient again before Face ID, Touch ID, or passcode approval. Authentication confirms your action, not the recipient’s honesty.
 Review the amount and recipient before authenticating
 Check whether a mistaken payment remains pending and eligible to cancel. A completed person-to-person transfer may be difficult to recover.
 Cancel only if Apple still presents the payment as pending
 Ignore anyone who says you must send Apple Cash to protect an account or reverse fraud. Contact Apple and the linked bank through official channels.
 Report suspected fraud through official Apple and bank channels
 Save the payment details and report unauthorized activity immediately. Do not negotiate with an unknown recipient or share account codes.
 A familiar Messages thread can be unsafe if the other person’s Apple Account was taken over. For an...
## Visible Sources
- Send and receive money with Apple Cash, Apple Support (reference, retrieved): https://support.apple.com/en-us/105013
- Avoid scams when you use Apple Cash, Apple Support (reference, retrieved): https://support.apple.com/en-us/102461
# Use Chime Without Treating Every Limit as a Glitch
Canonical: https://strangelyuseful.com/story/chime-money-limits-and-support
Markdown: https://strangelyuseful.com/story/chime-money-limits-and-support/markdown
Desk: Money & Payments
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Check the in-app limit, transfer status, and official support path before retrying a blocked or delayed transaction.
Tags: Chime, banking apps, transfer limits, support scams
## Readable Excerpt
A declined or delayed Chime transaction can result from a limit, hold, card lock, merchant problem, or security review. Repeatedly retrying it can add confusion—and sometimes additional pending authorizations.
 Check the in-app limit, transfer status, and official support path before retrying a blocked or delayed transaction. Read the exact status in the app before contacting support. Capture the amount, time, merchant or destination, and whether the money is pending, completed, reversed, or declined.
 Capture the displayed status and check the account balance before retrying. Have the merchant name, amount, time, and last card digits ready for authenticated support.
 Read the transaction state before retrying
 Check the app’s limits and transaction history first. Open transaction history and identify whether the entry is declined, pending, completed, or reversed. Each state calls for a different next step.
 Limits, holds, and declines are different
 Confirm whether money is pending, completed, or reversed
 Check the in-app limit for that transfer or withdrawal type. Daily card spending, ATM cash, and person-to-person transfers can have separate limits.
 Use support from inside the app or the official site
 Wait for a pending status to resolve before retrying. Multiple attempts can create several authorizations even when only one purchase succeeds.
 Lock the card immediately if activity is unfamiliar
 Use Chime support from the authenticated app or official site. Search-result numbers and social-media replies are common impersonation routes.
 Keep confirmation numbers and screenshots for a dispute
 Lock the card for unfamiliar activity and preserve transaction details. Ask which partner bank holds the funds when deposit-insurance status matters.
 A pending restaurant or...
## Visible Sources
- Chime Security and Privacy, Chime (reference, retrieved): https://www.chime.com/security-and-control/
- Is the Money on My Payment App FDIC-Insured?, FDIC (reference, retrieved): https://www.fdic.gov/consumer-resource-center/2024-06/money-my-payment-app-fdic-insured
# Confirm a Bank-App Transfer Before You Tap Send
Canonical: https://strangelyuseful.com/story/bank-app-transfer-confirmation
Markdown: https://strangelyuseful.com/story/bank-app-transfer-confirmation/markdown
Desk: Money & Payments
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Match the recipient, destination, amount, timing, and purpose—then save the confirmation until settlement.
Tags: bank transfers, banking apps, payment safety, fraud prevention
## Readable Excerpt
A bank transfer confirmation screen is the last cheap place to catch a mistake. Once money leaves—especially by wire or instant payment—the recovery options can narrow quickly.
 Match the recipient, destination, amount, timing, and purpose—then save the confirmation until settlement. Read the destination, recipient, amount, fee, speed, and purpose aloud or line by line. For changed payment instructions, verify them outside the email or message that announced the change.
 Obtain recipient details from an established record and know the transfer purpose. A rushed voice call or freshly changed invoice should never be the only source.
 The confirmation screen is the checkpoint
 Confirm recipient details through a channel you initiated. Verify the recipient through a channel you initiated, especially when bank details changed by email. Compromised invoices often preserve every detail except the destination.
 Verify changed instructions out of band
 Read the last digits and displayed recipient name
 Read the displayed name and final account digits rather than relying on a saved nickname. Old recipients can change banks or lose control of an email address.
 Check whether the transfer is instant, ACH, wire, or internal
 Identify whether the transfer is internal, ACH, wire, or instant. Speed, fees, cancellation, and error-resolution options differ.
 Review fees, delivery estimate, and cancellation language
 Review amount, delivery date, fee, and any “cannot cancel” warning before approval. Do not let a countdown or caller rush this screen.
 Save the confirmation and monitor both accounts
 Save the confirmation until both sides show settlement. For fraud or a wrong destination, call the bank immediately; time matters more than composing a perfect explanation.
 Business-email comp...
## Visible Sources
- Electronic Fund Transfers FAQs, Consumer Financial Protection Bureau (reference, retrieved): https://www.consumerfinance.gov/compliance/compliance-resources/deposit-accounts-resources/electronic-fund-transfers/electronic-fund-transfers-faqs/
- Mobile Payment Apps: How To Avoid a Scam When You Use One, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/mobile-payment-apps-how-avoid-scam-when-you-use-one
# How to Install Software Without Turning a Download Into a Security Problem
Canonical: https://strangelyuseful.com/story/install-software-safely
Markdown: https://strangelyuseful.com/story/install-software-safely/markdown
Desk: Software & Services
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: A safe install starts before you click Download: verify the publisher, the address, the file and the permissions the installer requests.
Tags: software, security, downloads, Windows, macOS
## Readable Excerpt
The safest way to install software is to start from the developer's official site or your device's built-in app store, verify the publisher and exact web address, keep operating-system warnings enabled, and refuse any extra program you did not ask for. A familiar logo or a top search result is not proof. Scam ads and look-alike pages are designed to feel routine, which is why a short, repeatable check works better than intuition.
 Find the real source
 Type the developer's known address or follow a link from its verified documentation. If you begin with search, inspect the domain before downloading. A sponsored result is advertising, not a safety certificate. Watch for misspellings, added words, unusual subdomains and download portals that wrap another company's installer in their own program. On a phone, prefer Apple App Store or Google Play unless the publisher clearly documents another route. On a work or school device, use the approved catalog or ask the administrator.
 Confirm that the product name, company name, support pages and privacy information agree. HTTPS protects the connection to a domain; it does not prove the domain belongs to the company you intended to reach. If the publisher posts cryptographic hashes or signatures, compare them using the operating system's tools. A matching hash shows the file was not changed after the publisher calculated it, but only trust a hash displayed on a source you have already verified.
 Read the download before running it
 Check the filename, file type, version and operating system. A Windows installer commonly ends in .msi or .exe; a Mac download may be a signed .dmg or .pkg. That does not make every such file safe. Be suspicious when an ordinary document arrives as an executable, when a site asks you to disable antiviru...
## Visible Sources
- Microsoft Defender SmartScreen overview, Microsoft Learn (reference, retrieved): https://learn.microsoft.com/en-us/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
- Safely open apps on your Mac, Apple Support (reference, retrieved): https://support.apple.com/en-us/102445
- How to recognize, remove, and avoid malware, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/how-recognize-remove-avoid-malware
# A Software Update Policy for People Who Do Not Want Surprise Breakage
Canonical: https://strangelyuseful.com/story/personal-software-update-policy
Markdown: https://strangelyuseful.com/story/personal-software-update-policy/markdown
Desk: Software & Services
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 3 min
Summary: Update quickly when security is at stake, but use backups, release notes and a small delay window to protect important work.
Tags: updates, security, software maintenance, backups
## Readable Excerpt
A useful personal update policy has three lanes: install actively exploited security fixes as soon as practical, schedule routine security and bug-fix updates within a few days, and evaluate major feature upgrades only after checking compatibility and making a current backup. Treating every update as equally urgent creates fatigue. Ignoring every update leaves known weaknesses open. The goal is controlled speed.
 Lane one: urgent security fixes
 Move quickly when a vendor says a flaw is being exploited, the Cybersecurity and Infrastructure Security Agency adds it to the Known Exploited Vulnerabilities Catalog, or the update protects a browser, operating system, password manager, router or other internet-facing tool. These products sit close to sensitive activity. Enable automatic security updates where the vendor supports them, especially on phones and browsers. Restart promptly when the fix requires it.
 If an urgent patch is not available, follow the vendor's mitigation instead of improvising. That may mean disabling a feature, removing a vulnerable extension or disconnecting an unsupported device. CISA's catalog identifies vulnerabilities with evidence of active exploitation; it is a prioritization signal, not a list of every flaw that matters.
 Lane two: routine maintenance
 Give normal security and bug-fix releases a short, predictable window, such as the next weekly maintenance session. Plug in laptops, close important files and allow enough time for a restart. Update the operating system first when an application release depends on it. Check that backup or sync has completed before changing a device that contains irreplaceable work.
 Automatic updates are generally useful for browsers, mobile apps and consumer software with reliable rollback or recovery. For a to...
## Visible Sources
- Known Exploited Vulnerabilities Catalog, Cybersecurity and Infrastructure Security Agency (reference, retrieved): https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Guide to Enterprise Patch Management Planning, National Institute of Standards and Technology (reference, retrieved): https://csrc.nist.gov/pubs/sp/800/40/r4/final
- Lifecycle FAQ - General, Microsoft Learn (reference, retrieved): https://learn.microsoft.com/en-us/lifecycle/faq/general-lifecycle
# App Permissions Make More Sense When You Ask What the Feature Needs
Canonical: https://strangelyuseful.com/story/review-app-permissions-by-feature
Markdown: https://strangelyuseful.com/story/review-app-permissions-by-feature/markdown
Desk: Software & Services
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Do not approve a permission because an app asks. Match each request to a feature you are intentionally using, then choose the narrowest access.
Tags: privacy, app permissions, iPhone, Android, security
## Readable Excerpt
The simplest permission rule is: grant access only when you can name the feature that needs it, and choose the narrowest option that still makes that feature work. A map needs location to show where you are. It does not automatically need continuous background location. A messaging app may need selected photos to attach an image; it may not need your entire library forever.
 Judge the request in context
 Timing matters. A camera request that appears when you tap Scan document has an obvious purpose. The same request on first launch, before you have chosen a camera feature, deserves more scrutiny. Denying a permission is usually reversible: you can enable it later in the device settings when a feature demonstrates a legitimate need.
 Read the wording carefully. Modern systems may offer choices such as approximate rather than precise location, selected photos rather than the full library, or access only while using the app. Pick the least persistent choice first. Background access is more powerful because it can operate when the app is not visibly in use.
 What common permissions can reveal
 Location: where a device is, and over time potentially routines and sensitive visits.
 Microphone and camera: audio or video from the environment when the system allows capture.
 Contacts: names, numbers and relationships involving people who did not install the app.
 Photos and files: documents, screenshots and image metadata, depending on the access granted.
 Notifications: the ability to interrupt you and display potentially sensitive content on a lock screen.
 Accessibility or device administration: unusually broad capabilities that can observe or control other parts of a device.
 That does not mean every request is malicious. It means the cost of an unnecessary grant differs by c...
## Visible Sources
- Control access to information in apps on iPhone, Apple Support (reference, retrieved): https://support.apple.com/guide/iphone/control-access-to-information-in-apps-iph251e92810/ios
- Change app permissions on your Android phone, Google Android Help (reference, retrieved): https://support.google.com/android/answer/9431959
# Uninstalling an App Is Only the First Cleanup Step
Canonical: https://strangelyuseful.com/story/remove-app-leftovers-safely
Markdown: https://strangelyuseful.com/story/remove-app-leftovers-safely/markdown
Desk: Software & Services
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Remove the program normally first, then check startup entries, browser add-ons, cloud data and large leftovers without deleting mystery system files.
Tags: uninstall, storage, Windows, macOS, privacy
## Readable Excerpt
Start with the operating system's uninstall command or the developer's official uninstaller. After it finishes, check four separate places: startup items, browser extensions, user-created data and the service's online account. Do not begin by deleting random program folders or running a registry cleaner. That can leave uninstall records broken while removing files another program needs.
 Use the supported removal path
 On Windows, open Settings, Apps, Installed apps and choose Uninstall. Microsoft also documents repair and reset options for programs that malfunction, so uninstalling does not need to be the first troubleshooting move. On a Mac, many apps can be removed from Applications, while apps with background components may include their own uninstaller. Apple advises following the developer's instructions when available. Phones and tablets use the app menu or storage settings.
 Sign out first if the license limits active devices. Export anything stored only inside the app, such as notes, presets, password vaults or local project files. Confirm sync has completed, but do not assume sync is a backup: deleting an item may synchronize the deletion.
 Separate app files from your files
 An uninstaller may intentionally leave documents, project libraries and preferences so a reinstall can restore your work. Decide what you want before erasing leftovers. Search common Documents, Pictures, Music and application-support locations by the product and publisher name. Open folders before deleting them. A folder with your projects is not junk merely because its name matches the app.
 Temporary caches are usually replaceable, but saved databases, exported keys, plug-in libraries and templates may not be. If uncertain, move a suspected leftover into a dated holding folder, restart,...
## Visible Sources
- Repair apps and programs in Windows, Microsoft Support (reference, retrieved): https://support.microsoft.com/en-us/windows/repair-apps-and-programs-in-windows-e90eefe4-d0a2-7c1b-dd59-949a9030f317
- Uninstall apps on your Mac, Apple Support (reference, retrieved): https://support.apple.com/en-us/102610
- If you want to cancel a subscription from Apple, Apple Support (reference, retrieved): https://support.apple.com/en-us/118428
# Choose File Formats That Will Still Open Years From Now
Canonical: https://strangelyuseful.com/story/choose-durable-file-formats
Markdown: https://strangelyuseful.com/story/choose-durable-file-formats/markdown
Desk: Software & Services
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Keep the editable original, but also export important work to open, well-documented formats that many programs can read.
Tags: files, backups, digital preservation, documents
## Readable Excerpt
For anything you may need in five or twenty years, keep the working original and create a preservation copy in a widely adopted, well-documented format. A file extension alone does not preserve a file. Long-term access depends on the format, the software available to interpret it, the integrity of the stored bits and the existence of more than one copy.
 What makes a format durable
 The Library of Congress evaluates sustainability factors such as public documentation, adoption, transparency, external dependencies, patents and technical protection mechanisms. A durable format is not necessarily the newest or smallest. It is one that can be understood and implemented without depending entirely on a single vanished vendor, account or secret specification.
 Prefer formats with broad software support and published specifications. Avoid making a cloud application's internal project format the only copy of essential work. Export before closing an account or retiring a program. For a complex project, save both a rendered version for viewing and the source package needed for future editing.
 Useful preservation choices
 Documents: PDF/A or ordinary well-formed PDF for a stable reading copy, plus DOCX, ODT or plain text when future editing matters.
 Tables and datasets: CSV for simple rectangular data, accompanied by a data dictionary; keep XLSX or ODS when formulas and formatting matter.
 Images: TIFF or high-quality PNG for lossless masters; high-quality JPEG for photographic access copies when size matters.
 Audio: WAV or FLAC for lossless masters; MP3 or AAC for convenient listening copies.
 Video: retain the highest-quality original and an interoperable playback copy, documenting codec and container.
 No list fits every purpose. PDF can flatten formulas or interactive elemen...
## Visible Sources
- Sustainability Factors, Library of Congress (reference, retrieved): https://www.loc.gov/preservation/digital/formats/sustain/sustain.shtml
- Digital File Types, U.S. National Archives and Records Administration (reference, retrieved): https://www.archives.gov/records-mgmt/policy/transfer-guidance-tables.html
# Check Software Compatibility Before You Pay or Upgrade
Canonical: https://strangelyuseful.com/story/check-software-compatibility-before-paying
Markdown: https://strangelyuseful.com/story/check-software-compatibility-before-paying/markdown
Desk: Software & Services
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Match the exact operating system, processor, memory, storage, peripherals and required plug-ins—not just the product name.
Tags: compatibility, software, buying guide, system requirements
## Readable Excerpt
Compatibility means the exact version of a program supports the exact operating system, processor and workflow you have. Before paying, capture your device specifications, compare them with the current vendor requirements, and test the real tasks you care about during a legitimate trial or refund window.
 Record what you actually have
 On Windows, Settings > System > About provides a quick summary; the built-in systeminfo command can report operating-system configuration and hardware properties such as RAM, storage and network cards. On macOS, use About This Mac and System Information. Record free storage, graphics hardware and the model year where relevant. For phones and tablets, note the device model and operating-system version. Do not rely on a listing that says only Windows, Mac, iPhone or Android.
 Processor architecture matters. A program built for x86-64 may require translation on an Arm computer, and a plug-in or driver can fail even when the main application runs. Apple silicon Macs can run many Intel apps through Rosetta, but Apple advises checking with the developer, and support may differ by version. Windows on Arm compatibility has improved, yet hardware drivers and specialized utilities still need explicit vendor support.
 Compare minimum and recommended requirements
 Minimum requirements usually describe the threshold for launching, not a promise of comfortable performance with large projects. Use recommended requirements for demanding work. Check memory, free storage, graphics capability, display resolution, internet connection and any required account or subscription. Allow extra storage for temporary files, updates and project caches.
 Read the support matrix and release notes, not an old retailer description. Confirm the requirements for the precise...
## Visible Sources
- systeminfo, Microsoft Learn (reference, retrieved): https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/systeminfo
- Get system information about your Mac, Apple Support (reference, retrieved): https://support.apple.com/guide/system-information/get-system-information-syspr35536/mac
- If you need to install Rosetta on Mac, Apple Support (reference, retrieved): https://support.apple.com/en-us/102527
# Free Software and Open Source Are Not Just Ways to Say No-Cost
Canonical: https://strangelyuseful.com/story/free-software-vs-open-source-vs-freeware
Markdown: https://strangelyuseful.com/story/free-software-vs-open-source-vs-freeware/markdown
Desk: Software & Services
Format: story
Published: July 11, 2026
Updated: July 12, 2026
Read time: 3 min
Summary: Freeware describes price. Free software and open source describe permissions—and those permissions come from an actual license.
Tags: open source, free software, licenses, software
## Readable Excerpt
Freeware means you can obtain or use a program without paying, while free software and open source describe legal freedoms to use, inspect, modify and share code. A zero-dollar download can remain fully proprietary. A genuinely open-source program can be sold. The deciding document is the license, not the price button or a public code repository.
 Freeware is a price category
 A proprietary developer may let individuals use an app at no cost while prohibiting modification, redistribution, commercial use or reverse engineering. The company can change the price, add limits or stop distributing it under the terms of its agreement. Freemium software is similar: a basic tier is free while features, storage or support cost money.
 No-cost does not mean no business model. The provider may sell subscriptions, advertising, support, cloud capacity or aggregated services. Review privacy and account requirements separately from price.
 Free software refers to freedom
 The Free Software Foundation defines free software through four essential freedoms: to run the program for any purpose, study and change it, redistribute copies, and distribute modified versions. Access to source code is necessary for studying and modifying it. In this usage, free means freedom rather than zero price.
 Some free-software licenses use copyleft, requiring redistributed modified versions to preserve specified freedoms and source availability. Others are permissive. A project can charge for copies, hosting, support or development and still meet the definition.
 Open source has a formal definition
 The Open Source Initiative's definition requires more than viewable source. An approved license must allow free redistribution, source code, derived works and use without discrimination against people, groups or...
## Visible Sources
- What is free software?, Free Software Foundation (reference, retrieved): https://www.fsf.org/about/what-is-free-software
- The Open Source Definition, Open Source Initiative (reference, retrieved): https://opensource.org/osd
- Licensing a repository, GitHub Docs (reference, retrieved): https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository
# Read a Changelog Without Getting Lost in Developer Language
Canonical: https://strangelyuseful.com/story/how-to-read-a-software-changelog
Markdown: https://strangelyuseful.com/story/how-to-read-a-software-changelog/markdown
Desk: Software & Services
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Look first for security, breaking changes, deprecations and migrations; the rest tells you whether an update affects your actual workflow.
Tags: changelog, updates, release notes, software
## Readable Excerpt
Read a changelog in risk order: breaking changes, security fixes, deprecations, data migrations, bug fixes, then new features. You are not trying to understand every internal ticket. You are deciding whether to update now, what to test and whether you need a rollback plan.
 Identify the document
 A changelog is a curated history of notable changes. Release notes may add installation instructions, known issues and audience-specific context. A raw commit log records development activity and is usually too granular for users. Prefer the release page and official documentation for the exact product and version.
 Confirm the date, version and release channel. Stable, beta, preview, long-term-support and nightly builds carry different expectations. Make sure notes are not for a cloud edition when you use a desktop edition, or for an enterprise plan when you use a consumer plan.
 Decode version numbers carefully
 Semantic Versioning defines a major.minor.patch pattern: increment the major version for incompatible API changes, the minor version for backward-compatible functionality and the patch version for backward-compatible bug fixes. That system applies only when a project says it follows SemVer, and human-facing apps often use calendar versions or their own scheme. Never infer safety from a small number alone.
 Scan the high-impact sections
 Breaking or incompatible: existing files, scripts, plug-ins or integrations may need changes.
 Security: a vulnerability was addressed; check affected versions and any required action.
 Deprecated: a feature still works now but is scheduled for removal.
 Migration: data, settings or configuration will be transformed.
 Known issues: the vendor already knows about limitations in this release.
 Fixed: compare bug descriptions with problem...
## Visible Sources
- Semantic Versioning 2.0.0, SemVer (reference, retrieved): https://semver.org/
- Keep a Changelog, Keep a Changelog (reference, retrieved): https://keepachangelog.com/en/1.1.0/
- About releases, GitHub Docs (reference, retrieved): https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases
# The Software License Questions That Matter Before You Click Accept
Canonical: https://strangelyuseful.com/story/software-license-questions-before-accepting
Markdown: https://strangelyuseful.com/story/software-license-questions-before-accepting/markdown
Desk: Software & Services
Format: list
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Check who may use the software, on how many devices, for which purposes, and what happens to access and data when payment ends.
Tags: software licenses, subscriptions, consumer rights, open source
## Readable Excerpt
Before accepting a software license, answer six questions: who may use it, on how many devices, for what purpose, for how long, what renews automatically, and what happens to your files when access ends. Most people do not need to interpret every legal clause. They do need to locate the terms that determine whether the purchase fits real use.
 License is not ownership
 Software is commonly licensed rather than sold outright. The agreement grants specified rights under conditions. A perpetual license may allow indefinite use of a particular version, while updates or online services can end. A subscription generally provides access while payment continues. Lifetime is meaningful only if the contract defines whose lifetime and what service remains available.
 Find the scope
 Check whether the license is for one person, one household, one device, several activated devices or a concurrent number of users. Installation rights and simultaneous-use rights may differ. Look for transfer rules when replacing a computer. Student, nonprofit and personal plans may prohibit commercial work even when the program is technically identical.
 For a workplace, verify whether contractors, clients or affiliates count as authorized users. Do not assume a consumer family plan covers a business team. Keep the invoice, product page and terms version that applied when you purchased.
 Separate the program from the service
 A desktop application may depend on cloud storage, AI credits, synchronization, stock assets or periodic activation. Identify which components continue after cancellation and whether the program can open existing files offline. Export important data to interoperable formats before a subscription or account ends. Check retention windows: a provider may delete cloud data after a pe...
## Visible Sources
- Licenses, Open Source Initiative (reference, retrieved): https://opensource.org/licenses
- Free trials, auto-renewals, and negative option subscriptions, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/articles/getting-and-out-free-trials-auto-renewals-and-negative-option-subscriptions
- Choose an open source license, GitHub (reference, retrieved): https://choosealicense.com/
# Try These Checks Before Reinstalling a Broken App
Canonical: https://strangelyuseful.com/story/troubleshoot-app-before-reinstalling
Markdown: https://strangelyuseful.com/story/troubleshoot-app-before-reinstalling/markdown
Desk: Software & Services
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Preserve the error, isolate the cause and use repair tools first. Reinstallation can erase clues and settings without fixing the underlying problem.
Tags: troubleshooting, software, Windows, macOS, apps
## Readable Excerpt
Before reinstalling, capture the exact error, restart the app and device, check service status and storage, update safely, test without extensions, and use the operating system's repair tools. Reinstallation is useful when program files are damaged. It does not repair an account outage, incompatible plug-in, corrupted document, blocked network, missing permission or unsupported operating system.
 Preserve the evidence
 Write down what you were doing, the exact message, time and app version. Take a screenshot and copy diagnostic text. Note whether the failure affects one file, one account, one network or every use. If you reinstall first, you may erase logs, preferences and the state that makes the problem reproducible.
 Reduce the problem
 Close the app completely and reopen it. Restart the device if the process or a system service may be stuck. Check free storage and memory pressure. Confirm date and time are correct because authentication can fail when the clock is wrong. Visit the provider's official status page from another connection. Test one known-good file and, if safe, a new local user or private browser window.
 Disable optional extensions, plug-ins and custom themes. Disconnect nonessential peripherals. If the app works in that smaller state, restore components one at a time. This identifies a cause instead of replacing everything and hoping.
 Check compatibility and permissions
 Compare the installed version with the vendor's supported operating systems. Review recent OS, driver or app changes. Verify file, camera, microphone, network and protected-folder access when the failed feature depends on them. Avoid granting broad permissions merely as a test; enable the specific access, test, then revoke it if it did not help.
 Update with a recovery path
 Install...
## Visible Sources
- Repair apps and programs in Windows, Microsoft Support (reference, retrieved): https://support.microsoft.com/en-us/windows/repair-apps-and-programs-in-windows-e90eefe4-d0a2-7c1b-dd59-949a9030f317
- Start up your Mac in safe mode, Apple Support (reference, retrieved): https://support.apple.com/en-us/116946
- Fix an installed Android app that isn't working, Google Android Help (reference, retrieved): https://support.google.com/android/answer/2668665
# How to Resolve an Uber or Lyft Charge Without Losing the Paper Trail
Canonical: https://strangelyuseful.com/story/uber-lyft-receipt-cancellation-support-evidence
Markdown: https://strangelyuseful.com/story/uber-lyft-receipt-cancellation-support-evidence/markdown
Desk: Internet Culture & Everyday Workflows
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Start from the exact trip receipt, identify the charge category, keep screenshots and use the in-app trip record before escalating a billing dispute.
Tags: Uber, Lyft, receipts, cancellation fees, consumer help
## Readable Excerpt
Open the specific trip in the app, save its receipt and timeline, then challenge the exact item shown—fare adjustment, cancellation fee, tip, damage fee, duplicate charge or temporary authorization. General messages such as I was charged wrong are harder to resolve than a short claim tied to a trip ID, date, amount and documented policy.
 Build the trip record
 Save the emailed receipt and the in-app receipt as a PDF or screenshot. Capture pickup and destination, requested and actual times, route, fare breakdown, driver or vehicle identifier, payment method's last digits and all support messages. Do not post that record publicly because it can expose home addresses and travel patterns.
 Compare the amount with the final posted bank transaction. A pending authorization can differ from the completed charge and may disappear according to the bank's timing. If two completed transactions remain, document both transaction dates and amounts without sharing the full card number.
 Name the issue precisely
 For a cancellation fee, record who cancelled, when, the driver's movement and any communication. Ride services can apply cancellation charges, and the applicable amount can vary by market, ride type and circumstances. Use the policy shown for your trip rather than a screenshot from another city or an old article.
 For a route or fare problem, mark the unexpected segment and compare it with the receipt explanation. For an unfamiliar trip, first check whether a family member, shared account or digital wallet used the payment method, then secure the ride account and payment account if it remains unauthorized.
 Use the trip-specific support path
 Both services organize rider help around the ride history. Select the exact trip and closest issue category. State the requested remedy,...
## Visible Sources
- A guide for how to use Uber, Uber (reference, retrieved): https://www.uber.com/us/en/ride/how-it-works/
- Ride history and receipts, Lyft Help (reference, retrieved): https://help.lyft.com/hc/en-us/all/articles/115013079988-Ride-history-and-receipts
- How do I dispute an error on my credit card bill?, Consumer Financial Protection Bureau (reference, retrieved): https://www.consumerfinance.gov/ask-cfpb/how-do-i-dispute-an-error-on-my-credit-card-bill-en-61/
# Changing an Airbnb Reservation Without Creating a Refund Surprise
Canonical: https://strangelyuseful.com/story/airbnb-reservation-change-refund-evidence
Markdown: https://strangelyuseful.com/story/airbnb-reservation-change-refund-evidence/markdown
Desk: Internet Culture & Everyday Workflows
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Read the reservation's exact policy before changing it, keep every agreement inside Airbnb and separate a change request from a cancellation.
Tags: Airbnb, travel, refunds, reservations, consumer help
## Readable Excerpt
Before changing an Airbnb stay, open the reservation and record the exact cancellation policy, total price and current dates. Send a formal change request through Airbnb rather than relying on a message that the host is okay with it. A date change, guest-count change and cancellation can produce different prices and refund consequences.
 Capture the original contract
 Save the itinerary, listing address, host, dates, guest count, price breakdown and cancellation terms displayed for that booking. Policies can differ by listing, booking date, length of stay and special circumstances. A general summary page is not a substitute for the terms attached to your reservation.
 Keep important messages on the platform. If a phone call occurs, send a short follow-up in Airbnb messages stating what you understood and asking the other party to confirm. Do not move payment off-platform or accept a promise that cannot be connected to the reservation record.
 Use Change reservation for a change
 Airbnb's change process sends the other party a request with the proposed dates, guest count or other details. Review the recalculated total before submitting. The host can accept or decline. Until accepted, the original reservation generally remains in place. Do not cancel merely to free dates unless you have reviewed the refund result and intend to cancel.
 A longer or shorter stay can change nightly rates, cleaning fees, taxes and discounts. Take a screenshot of the price shown before confirming. If the host proposes a special adjustment, ask that it appear in the official change or Resolution Center process.
 If the property or stay has a problem
 Document the condition promptly with photos or video that show context, not only extreme close-ups. Save timestamps, messages and attempts to let...
## Visible Sources
- How to change a reservation as a guest, Airbnb Help Center (reference, retrieved): https://www.airbnb.com/help/article/913
- Rebooking and Refund Policy for homes, Airbnb Help Center (reference, retrieved): https://www.airbnb.com/help/article/2868
- Disputing a credit card billing error, Consumer Financial Protection Bureau (reference, retrieved): https://www.consumerfinance.gov/ask-cfpb/how-do-i-dispute-an-error-on-my-credit-card-bill-en-61/
# An Amazon Order Problem Is Easier to Fix When You Start From the Order
Canonical: https://strangelyuseful.com/story/amazon-order-return-seller-support-evidence
Markdown: https://strangelyuseful.com/story/amazon-order-return-seller-support-evidence/markdown
Desk: Internet Culture & Everyday Workflows
Format: story
Published: July 11, 2026
Updated: July 13, 2026
Read time: 2 min
Summary: Use the exact order page, preserve the listing and delivery evidence, and choose the remedy that matches who sold and fulfilled the item.
Tags: Amazon, online shopping, returns, refunds, consumer help
## Readable Excerpt
Open Your Orders, select the exact item and use its problem or return path. Save the order page, listing, tracking, packaging and messages before anything changes. The correct route depends on whether Amazon or a third-party seller sold and fulfilled the item, whether it arrived, and whether the issue is damage, wrong product, missing parts, authenticity or an unauthorized order.
 Preserve the transaction
 Save the order number, seller, fulfiller, product title, promised delivery window, price and payment method's last digits. Capture the listing details that matter to the complaint, such as size, condition, included accessories or model. Keep the shipping label and packaging until the case closes. Photograph damage, serial numbers and the full item in context.
 For a missing package, check the tracking detail, delivery photo, household members, safe locations and carrier notes. Do not accuse a driver or neighbor without evidence. Report what the record shows and what you checked.
 Choose the matching order action
 Use Return or replace items when the order is eligible and the requested remedy fits. The order page displays the applicable return window, method and any cost. Some categories and sellers have different rules, so do not assume every item has the same thirty-day outcome. Save the return authorization, label or QR code before leaving the page.
 If a marketplace seller needs to answer, use Amazon's order-linked Contact Seller path. Keep communication on-platform. State the defect, evidence and requested result. Do not send passwords, full payment numbers or unrelated identity documents through messages.
 Document the handoff
 At a staffed return counter, request a receipt. For a carrier shipment, retain the tracking number, package weight if shown and acceptanc...
## Visible Sources
- Returns and Refunds, Amazon Customer Service (reference, retrieved): https://www.amazon.com/gp/help/customer/display.html?nodeId=GNW5VKFXMF72FFMR
- A-to-z Guarantee, Amazon Customer Service (reference, retrieved): https://www.amazon.com/gp/help/customer/display.html?nodeId=GQ37ZCNECJKTFYQV
- Online Shopping, Federal Trade Commission (reference, retrieved): https://consumer.ftc.gov/online-shopping
# Take Screenshots That Actually Work as Evidence
Canonical: https://strangelyuseful.com/story/take-screenshots-that-preserve-evidence
Markdown: https://strangelyuseful.com/story/take-screenshots-that-preserve-evidence/markdown
Desk: Internet Culture & Everyday Workflows
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Capture context, time and identity without exposing secrets—and preserve original files plus the surrounding record.
Tags: screenshots, evidence, consumer help, privacy, documentation
## Readable Excerpt
A useful evidence screenshot shows what happened, where it happened and how it connects to the account or transaction—without exposing passwords, full card numbers or unrelated private messages. Capture the complete screen first, preserve the original file, then make a redacted copy for sharing.
 Show enough context
 A crop of one sentence can be ambiguous. Include the service or app identity, page title, relevant date, order or case identifier, amount and status when those details are material. Capture the address bar for a web policy or suspicious site, but inspect the URL for tokens or personal information. For a conversation, include enough preceding messages to establish what the reply answers.
 Take an overview and detail rather than one overloaded image. For a damaged order, pair screenshots of the listing and order with original photographs of the item and packaging. For a cancellation, capture the policy, action confirmation and later charge. Evidence is a sequence, not a decorative collage.
 Preserve time accurately
 Keep the device clock visible when useful, but do not rely on it alone. File metadata, email headers, transaction records and platform timestamps can provide independent context. Name files with an ISO-style date, time and subject, such as 2026-07-11_ride-cancellation_confirmation.png. Avoid changing the device clock to manufacture a date.
 Keep originals and edits separate
 Store untouched originals in a read-only or backed-up folder. If you add arrows, highlights or redactions, save a copy with edited in the filename. Cropping and annotation can help a reviewer, but preserving the source makes it possible to answer questions about omitted context. Do not use an opaque brush that can be removed; flatten redactions into the shared copy and test th...
## Visible Sources
- Disputing a credit card billing error, Consumer Financial Protection Bureau (reference, retrieved): https://www.consumerfinance.gov/ask-cfpb/how-do-i-dispute-an-error-on-my-credit-card-bill-en-61/
- IdentityTheft.gov recovery steps, Federal Trade Commission (reference, retrieved): https://www.identitytheft.gov/
- Use Snipping Tool to capture screenshots, Microsoft Support (reference, retrieved): https://support.microsoft.com/en-us/windows/use-snipping-tool-to-capture-screenshots-00246869-1843-655f-f220-97299b865f6b
- Take a screenshot on your Mac, Apple Support (reference, retrieved): https://support.apple.com/en-us/102646
# Deleting an App, an Account and Your Data Are Three Different Things
Canonical: https://strangelyuseful.com/story/verify-online-account-deletion-worked
Markdown: https://strangelyuseful.com/story/verify-online-account-deletion-worked/markdown
Desk: Internet Culture & Everyday Workflows
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Export what matters, cancel billing, request deletion through the real account controls and keep confirmation until the retention window passes.
Tags: account deletion, privacy, subscriptions, data
## Readable Excerpt
Removing an app only removes software from a device. To leave a service, separately cancel paid plans, export needed records, submit the provider's account-deletion request and verify the result after any stated waiting period. These steps may live in different menus because billing, authentication, local files and provider-held data are different systems.
 Decide what you mean by delete
 You may want to stop charges, hide a profile, remove one device, deactivate temporarily or permanently delete the account and associated data. Use the provider's exact wording. Deactivation often preserves data for reactivation. Closing a profile may not close a parent account. Deleting an app does not send a deletion request.
 Prepare before requesting deletion
 Download receipts, messages, photos, projects, tax records and support history you may need. Export in usable formats and open-test the files. Transfer ownership of shared documents or workspaces. Change accounts that use the service for sign-in, and save recovery codes for other services. If the account controls a purchased device, domain or media library, confirm what happens afterward.
 Cancel billing separately
 Find the subscription in the provider, Apple, Google Play, PayPal or other billing account that actually manages it. Save the cancellation confirmation and final access date. Account deletion may fail while a balance, pending order or active subscription exists; conversely, deleting an account may not stop a charge managed through another store. Check the next statement.
 Use the official deletion path
 Navigate from the signed-in account settings or verified support documentation. Avoid handing credentials to a third-party deletion site. Read whether the request begins an immediate deletion, a recovery delay or a...
## Visible Sources
- Delete your Google Account, Google Account Help (reference, retrieved): https://support.google.com/accounts/answer/32046
- How to delete your Apple Account, Apple Support (reference, retrieved): https://support.apple.com/en-us/102559
- Bringing Dark Patterns to Light, Federal Trade Commission (reference, retrieved): https://www.ftc.gov/reports/bringing-dark-patterns-light
# A Viral Claim Is a Starting Point, Not a Source
Canonical: https://strangelyuseful.com/story/verify-viral-claim-before-sharing
Markdown: https://strangelyuseful.com/story/verify-viral-claim-before-sharing/markdown
Desk: Internet Culture & Everyday Workflows
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Trace the claim to its earliest reliable source, inspect the original context and search laterally before adding another share.
Tags: misinformation, verification, social media, media literacy
## Readable Excerpt
Before sharing a viral claim, stop reading the post vertically and search laterally: identify who is making the claim, find the original evidence, and see what independent reliable sources say. Likes, confident captions and repeated screenshots measure circulation, not accuracy.
 Write the claim in one sentence
 Separate the testable assertion from outrage, prediction and opinion. Include who supposedly did what, where and when. If the post says this changes everything without stating an event, there may be nothing concrete to verify. Record the post's date; old material is frequently recirculated as new.
 Leave the page
 Open new tabs and search the account, publication or domain. Stanford's Civic Online Reasoning research teaches lateral reading: professional fact checkers investigate a source by consulting other sources rather than trusting the site's own About page. Look for ownership, corrections, expertise, prior reliability and whether reputable outlets cite the account.
 Trace the evidence upstream
 A screenshot of a headline is not the article. A clip is not the full speech. Search a distinctive phrase, document title or quoted sentence. Locate the original report, court filing, study, press release, transcript or full video. Then read what it actually says. A real document can be paired with a false caption, and a preliminary study can be presented as settled proof.
 For government actions, use the agency or court record. For a company's product announcement, use the company source but seek independent reporting for limitations and impact. A primary source establishes what the organization said or filed; it does not automatically validate every claim it makes about itself.
 Check images and video
 Use reverse-image search or Google Lens to find earlier appeara...
## Visible Sources
- Intro to Lateral Reading, Stanford History Education Group / Civic Online Reasoning (reference, retrieved): https://cor.inquirygroup.org/curriculum/lessons/intro-to-lateral-reading/
- Fact Check Tools, Google (reference, retrieved): https://toolbox.google.com/factcheck/explorer
- Search with an image on Google, Google Search Help (reference, retrieved): https://support.google.com/websearch/answer/1325808
# Turn Down Notification Noise Without Missing the Messages That Matter
Canonical: https://strangelyuseful.com/story/reduce-notification-overload-without-missing-important-alerts
Markdown: https://strangelyuseful.com/story/reduce-notification-overload-without-missing-important-alerts/markdown
Desk: Internet Culture & Everyday Workflows
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: Reserve immediate interruptions for people and events that require action; batch everything else into summaries, quiet delivery or scheduled checks.
Tags: notifications, focus, productivity, iPhone, Android
## Readable Excerpt
Sort notifications by consequence, not by app: allow immediate alerts for safety, account security, time-sensitive travel and selected people; deliver useful but nonurgent updates quietly; turn off promotional and redundant alerts. The objective is not zero notifications. It is making an interruption mean something again.
 Start with the lock screen
 For one day, notice every alert that appears. Classify it as act now, review later or never needed. Do not spend an hour designing a perfect system first. The loudest offenders usually reveal themselves quickly: shopping promotions, social recommendations, game rewards, news duplication and apps announcing features.
 Protect the critical lane
 Keep emergency alerts configured according to your needs and local guidance. Preserve fraud, password-reset and sign-in alerts for important accounts. Allow calendar reminders for events you would otherwise miss, travel changes during active trips and calls or messages from chosen people. Test whether Focus or Do Not Disturb allows the contacts and repeated calls you expect.
 Be careful with notification previews on a locked device. Apple and Android let users control whether sensitive contents appear. Hiding preview text can preserve the alert while reducing exposure to anyone holding the phone.
 Make the middle lane quiet
 Useful notifications do not all deserve sound, vibration and a banner. iPhone supports scheduled summaries for eligible notifications, while Focus modes can allow selected people and apps. Android offers per-app and per-channel controls, enabling some categories from an app while silencing others. Windows can turn notifications on or off by app and use Do Not Disturb and focus sessions.
 Move delivery-status updates, routine news, community messages and low-priori...
## Visible Sources
- Use notifications on your iPhone or iPad, Apple Support (reference, retrieved): https://support.apple.com/en-us/108781
- Control notifications on Android, Google Android Help (reference, retrieved): https://support.google.com/android/answer/9079661
- Notifications and Do Not Disturb in Windows, Microsoft Support (reference, retrieved): https://support.microsoft.com/en-us/windows/notifications-and-do-not-disturb-in-windows-8942c744-6198-fe56-4639-34320cf9444e
# Build an Emergency Digital Folder Before You Need It
Canonical: https://strangelyuseful.com/story/build-emergency-digital-folder
Markdown: https://strangelyuseful.com/story/build-emergency-digital-folder/markdown
Desk: Internet Culture & Everyday Workflows
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 3 min
Summary: Store essential records, contacts and recovery instructions in an encrypted, backed-up package that a trusted person can use under pressure.
Tags: emergency preparedness, backups, documents, security, recovery
## Readable Excerpt
An emergency digital folder should contain the minimum records needed to prove identity, reach key people, access care, protect property and recover critical accounts—encrypted, backed up and explained for a trusted person. It is not a dump of every document you own. A smaller, maintained package is safer and more usable during a disaster, hospitalization, theft or sudden loss of access.
 Choose the situations it must cover
 Plan for evacuation, phone or laptop loss, account takeover, serious illness and the temporary inability to speak for yourself. Write the first five actions a helper would need to take. That determines what belongs in the folder better than a generic list.
 Collect the core records
 Identity: copies of government identification, birth or citizenship records where appropriate, and recent photos.
 Household: lease or deed, utility account references, vehicle information, pet records and a home inventory.
 Insurance: policy numbers, insurer contacts and claim instructions.
 Health: medication list, allergies, providers, insurance card and lawful advance-care documents if you have them.
 Financial recovery: institution names, last four account digits and fraud numbers—not a plain-text collection of full passwords.
 Contacts: family, employer, school, landlord, attorney or other genuine roles relevant to you.
 Digital recovery: password-manager emergency-access instructions, backup-code locations and device recovery steps.
 Ready.gov's Emergency Financial First Aid Kit organizes household, financial and legal records for recovery. Use it as a prompt, but include only records you actually possess and are authorized to store.
 Do not create a master theft kit
 Encrypt the folder with a strong unique passphrase. Prefer a well-supported encrypted archive or...
## Visible Sources
- Emergency Financial First Aid Kit, Ready.gov / Federal Emergency Management Agency (reference, retrieved): https://www.ready.gov/financial-preparedness
- Back Up Business Data, Cybersecurity and Infrastructure Security Agency (reference, retrieved): https://www.cisa.gov/news-events/news/back-business-data
- Home Inventory, National Association of Insurance Commissioners (reference, retrieved): https://content.naic.org/consumer/home-inventory
# Account recovery works better when you plan it before the lockout.
Canonical: https://strangelyuseful.com/story/account-recovery-plan-after-a-takeover
Markdown: https://strangelyuseful.com/story/account-recovery-plan-after-a-takeover/markdown
Desk: Security & Trust
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 1 min
Summary: Prepare an official recovery path, backup factors and post-recovery checklist for important accounts.
Tags: account recovery, online security, two-factor authentication, privacy
## Readable Excerpt
An account-recovery plan is a small document you prepare while you can still sign in. It records the official recovery route, the backup factors you control, and the first checks to make after access returns.
 Start with the accounts that can reset everything else: your primary email, phone account, password manager, domain registrar and financial services. For each one, record the provider's official help page, the recovery email or number you recognize, and whether backup codes or a hardware key exist. Do not store passwords or one-time codes in the checklist.
 If you think someone got in
 Use the provider's official recovery page or app rather than a link in an alarming message. The FTC's recovery guidance recommends changing the password, signing out of other devices, turning on two-factor authentication, and checking recovery information after you regain control.
 Review recent sessions, forwarding rules, connected apps and messages sent from the account. Tell contacts if an attacker may have used the account. Preserve relevant records before deleting browser data or wiping a device if the incident may need to be reported.
 Recovery is not the same as proof that the account is clean. A changed password can stop one route while a changed recovery address, active session or connected app preserves another. Work through the provider's security checklist, then update the recovery plan with anything you learned.
 Keep the plan offline or in a protected location, and review it when you change phone numbers, email addresses, devices or authentication methods. The useful time to discover that a recovery address is obsolete is before the lockout.
## Visible Sources
- Recover a hacked email or social account, Federal Trade Commission (primary, retrieved): https://consumer.ftc.gov/articles/how-recover-your-hacked-email-or-social-media-account
- Cyber incident response best practices, U.S. Department of Justice (primary, retrieved): https://www.justice.gov/criminal/criminal-ccips/file/1096971/dl
# Before you give an AI tool real work, ask these six questions.
Canonical: https://strangelyuseful.com/story/audit-an-ai-tool-before-trusting-it
Markdown: https://strangelyuseful.com/story/audit-an-ai-tool-before-trusting-it/markdown
Desk: Tech & AI
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 1 min
Summary: A practical pre-use check for data access, permissions, evidence, recovery, ownership and repeatable testing.
Tags: ai tools, AI safety, permissions, risk management
## Readable Excerpt
An AI tool can be useful before it is trustworthy. Those are different judgments. Before connecting it to real files or accounts, identify what it can see, what it can change, and what evidence you will have when it gets something wrong.
 Start with the task, not the demo. Write down the decision the tool will influence, the data it needs, and the result that would count as failure. If the task is vague, a polished answer can hide a bad fit.
 Six questions worth answering
 What data enters the system? Check prompts, uploaded files, connected apps, retention, training use, and deletion controls. Do not assume a private-looking interface tells you the full data path.
 What can the tool do? Separate reading from writing, and suggestions from actions. A tool that can send, purchase, delete, or change records needs a narrower test than one that only summarizes.
 How does it show uncertainty? Look for citations, logs, confidence limits, or an explicit way to inspect the source material. A fluent answer is not evidence by itself.
 What happens when it fails? Find the recovery path, undo behavior, support channel, and incident process before the first consequential task.
 Who owns the decision? NIST's AI Risk Management Framework treats accountability and transparency as part of trustworthy use. Assign a person or team who can stop the workflow and explain the result.
 How will you test it? Use a small set of representative, known-answer cases. Record the prompt, inputs, output, corrections, and permission changes so the evaluation can be repeated.
 NIST describes trustworthy AI as a lifecycle concern that includes design, deployment, use, testing, privacy, security, accountability, and transparency. That is the useful shift: an AI tool is not cleared once by a clever demo. It...
## Visible Sources
- AI Risk Management Framework FAQs, NIST (primary, retrieved): https://www.nist.gov/itl/ai-risk-management-framework/ai-risk-management-framework-faqs
- AI Risk Management Framework, NIST (primary, retrieved): https://www.nist.gov/itl/ai-risk-management-framework
- AI Resource Center, NIST (primary, retrieved): https://airc.nist.gov/
# Can You Verify These Six Messages Safely?
Canonical: https://strangelyuseful.com/story/can-you-read-a-phishing-message
Markdown: https://strangelyuseful.com/story/can-you-read-a-phishing-message/markdown
Desk: Quizzes
Format: quiz
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: This source-backed quiz practices independent verification instead of guessing from logos, grammar or urgency.
Tags: phishing, online scams, email security, security quiz
## Readable Excerpt
Phishing messages are not always misspelled, and real companies sometimes write alarming emails. This quiz is about choosing a safe verification step, not guessing from appearance.
 1. Your streaming payment failed. Update now. The message uses the right logo and your first name. The button points to a look-alike address.
 Trust the logo Open the saved app or type the address you already know Inspect the message link, then use it if it looks close Answer and explanation Open the saved app or type the address you already know. Do not use the embedded link. Check the account through a channel you reached independently.
 2. A text claims to be your bank's fraud team It asks you to call a number in the message and read back a one-time code.
 Call the supplied number Reply STOP Contact the bank through the number on your card or official app Answer and explanation Contact the bank through the number on your card or official app. Use an independently obtained channel and never provide a one-time code because a caller asked.
 3. A coworker shares a cloud document unexpectedly The sender address looks normal, but the sign-in page opens on an unfamiliar domain.
 Sign in because the sender looks familiar Verify with the coworker through a separate channel Forward it to another coworker to test Answer and explanation Verify with the coworker through a separate channel. A familiar sender does not make an unfamiliar sign-in domain trustworthy. Confirm the share separately and use the organization's reporting process.
 4. A delivery message says a small fee is due You are expecting a package, and the message includes the correct city.
 Pay because the context matches Check the tracking number in the carrier's official app or site Trust it because the fee is small Answer and explanati...
## Visible Sources
- How to recognize and avoid phishing scams, Federal Trade Commission (primary, retrieved): https://consumer.ftc.gov/articles/how-recognize-avoid-phishing-scams
- Phishing guidance, NIST (primary, retrieved): https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/phishing
- Never move your money to protect it. That's a scam., Federal Trade Commission (primary, retrieved): https://consumer.ftc.gov/consumer-alerts/2024/03/never-move-your-money-protect-it-thats-scam
# Why Good Captions Describe More Than Dialogue
Canonical: https://strangelyuseful.com/story/captions-became-part-of-the-show
Markdown: https://strangelyuseful.com/story/captions-became-part-of-the-show/markdown
Desk: Entertainment
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 1 min
Summary: Good captions translate dialogue, sound, timing and speaker identity into a second layer of the program.
Tags: closed captions, streaming television, accessibility, media culture
## Readable Excerpt
A door slams outside the frame. The score changes key. Somebody laughs in another room. A transcript can preserve the words and still miss the scene.
 Good captions have to make choices about sound, timing, identity, and silence. That makes them part accessibility system, part editorial interpretation, and—when a production treats them seriously—part of the show's craft.
 Dialogue is only one layer of the soundtrack
 Federal television-caption quality standards require captions to convey more than spoken words. Where possible, they also provide otherwise unobservable information such as speaker identity, music, sound effects, and audience reaction. The Justice Department separately identifies captioning as an auxiliary aid used for effective communication.
 Those additions are not decoration. An off-screen voice can change who the viewer thinks is present. A phone vibration can motivate the next action. Music can carry a joke or warn that a scene has turned dangerous.
 Timing changes meaning
 A caption that arrives early can spoil a reveal. One that lingers can be assigned to the wrong face. Dense text can force a viewer to choose between reading and watching. Caption quality therefore includes placement and timing, not only spelling.
 Federal Communications Commission rules and guidance for television captioning address accuracy, synchronicity, completeness, and placement. The practical goal is straightforward even when implementation is not: the text should represent the program's audio without blocking other important information or drifting away from the moment it describes.
 Streaming made the system more visible
 Online players make caption tracks visible through a toggle, but a toggle alone does not establish whether a track is complete, synchronized, or consiste...
## Visible Sources
- ADA Requirements: Effective Communication, U.S. Department of Justice (primary, retrieved): https://www.ada.gov/resources/effective-communication/
- 47 CFR 79.1, eCFR (primary, retrieved): https://www.ecfr.gov/current/title-47/chapter-I/subchapter-C/part-79/subpart-A/section-79.1
- 47 CFR 79.4: Closed captioning of video programming delivered using Internet protocol, eCFR (official, retrieved): https://www.ecfr.gov/current/title-47/part-79/section-79.4
# Before you start a software subscription, find the exit.
Canonical: https://strangelyuseful.com/story/check-a-software-subscription-before-paying
Markdown: https://strangelyuseful.com/story/check-a-software-subscription-before-paying/markdown
Desk: Useful Things
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 1 min
Summary: Check recurring charges, trial terms, cancellation paths and file access before paying.
Tags: software subscriptions, recurring charges, cancellation, consumer guidance
## Readable Excerpt
The price on the first screen is only one part of a subscription. Before paying, find the renewal amount, the renewal date, the cancellation path, and what happens to your files when the account ends.
 The Consumer Financial Protection Bureau describes negative-option programs as arrangements that continue unless the customer takes affirmative steps to cancel. Its guidance emphasizes clear disclosure of material terms, informed consent, and a cancellation process that does not create unreasonable obstacles.
 A five-minute pre-purchase check
 Write down the full price. Include the post-trial amount, billing interval, taxes where shown, and any seat or usage limit that changes the bill.
 Find the renewal sentence. Confirm the exact date or trigger that starts recurring charges. Save the terms and receipt where you can find them later.
 Walk the cancellation path before subscribing. The button should be discoverable, and the service should state what date ends billing. Do not rely on deleting an app or removing a payment method.
 Check your files and export options. Identify what you can download, in which format, and whether an account closure removes access immediately.
 Choose a reminder. Put the renewal or review date on a calendar you actually check. A reminder is useful even when you expect to keep the service.
 If you no longer want a charge, contact the company and state clearly whether you are ending the subscription or only revoking automatic payments. The CFPB notes that consumers can ask their bank or credit union to stop an automatic debit, but that stopping a payment does not by itself settle an underlying contract or balance.
 Keep the confirmation. A screenshot or email with the cancellation date can make a later billing dispute easier to explain. The goal...
## Visible Sources
- Negative option marketing guidance, Consumer Financial Protection Bureau (primary, retrieved): https://www.consumerfinance.gov/archive/newsroom/cfpb-issues-guidance-to-root-out-tactics-which-charge-people-fees-for-subscriptions-they-dont-want/
- How do I stop automatic payments from my bank account?, Consumer Financial Protection Bureau (primary, retrieved): https://www.consumerfinance.gov/ask-cfpb/how-do-i-stop-automatic-payments-from-my-bank-account-en-2023/
# Your phone changes the clock automatically. The rule behind it is surprisingly manual.
Canonical: https://strangelyuseful.com/story/clock-change-law-not-setting
Markdown: https://strangelyuseful.com/story/clock-change-law-not-setting/markdown
Desk: Hidden History
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 1 min
Summary: Federal rules, lawful exceptions, maintained time-zone data and software updates sit behind an apparently automatic clock change.
Tags: daylight saving time, time zones, technology history, clock changes
## Readable Excerpt
At the spring and fall transition, an updated phone can change its displayed hour without asking. That convenience hides a chain of law, maintained time-zone rules and software updates.
 In the United States, federal law sets the basic schedule. Daylight saving time begins at 2 a.m. on the second Sunday in March and ends at 2 a.m. on the first Sunday in November. NIST says it is not observed in Hawaii, American Samoa, Guam, Puerto Rico, the U.S. Virgin Islands or most of Arizona; the Navajo Nation in Arizona does observe it.
 Standard time needed a legal standard
 In 1883, U.S. and Canadian railroads adopted four zones to reduce the confusion created by roughly 100 locally established “sun times.” Federal oversight followed with the Standard Time Act of 1918.
 Today, Title 15 establishes the federal standard-time framework and daylight-saving change dates, while Department of Transportation regulations in 49 CFR part 71 contain the official listing of U.S. time zones. Federal law lets a state exempt itself from seasonal clock changes under specified conditions; DOT notes that states cannot choose permanent daylight saving time on their own.
 Your device is the last link in a long chain
 A phone cannot infer a legislature's choice from sunlight. IANA maintains a Time Zone Database with code and data representing local-time history for representative locations. It is updated periodically to reflect political changes to time-zone boundaries, UTC offsets and daylight-saving rules. For most NIST computer time services, NIST distributes UTC while the operating system supplies the local-zone and daylight-saving correction.
 That separation explains why updates matter. A system with outdated daylight-saving rules can show the wrong local hour even while its underlying time sour...
## Visible Sources
- Daylight Saving Time Rules, NIST (primary, retrieved): https://www.nist.gov/pml/time-and-frequency-division/popular-links/daylight-saving-time-dst
- 15 U.S.C. standard time, U.S. House of Representatives (primary, retrieved): https://uscode.house.gov/view.xhtml?path=/prelim@title15/chapter6/subchapter9&edition=prelim
- Time Zone Database, IANA (primary, retrieved): https://www.iana.org/time-zones
- Uniform Time, U.S. Department of Transportation (primary, retrieved): https://www.transportation.gov/regulations/time-act
- RFC 9557: Date and Time on the Internet: Timestamps with Additional Information, RFC Editor (primary, retrieved): https://www.rfc-editor.org/rfc/rfc9557.html
# A passkey is not your face. It is a locked credential your device helps use.
Canonical: https://strangelyuseful.com/story/passkeys-without-the-magic
Markdown: https://strangelyuseful.com/story/passkeys-without-the-magic/markdown
Desk: Tech & AI
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 1 min
Summary: The biometric or PIN unlocks an authenticator; the website receives cryptographic proof rather than your fingerprint.
Tags: passkeys, WebAuthn, account security, passwordless login
## Readable Excerpt
When a website says “sign in with your face,” it is skipping the most important part. Your face is not the passkey. It is one possible way to unlock an authenticator that holds or can access a cryptographic credential for that site.
 The distinction sounds fussy until something goes wrong. It explains why some passkeys can be backed up and synced, why a device may offer a PIN or biometric for local verification, and why account recovery still matters even after passwords disappear.
 The website gets proof, not your fingerprint
 The W3C Web Authentication specification defines public-key credentials scoped to a relying party—the website or service asking you to sign in. During authentication, the authenticator uses the credential's private-key side to produce a signed assertion in response to the site's challenge. The service verifies that response using the public-key side. The private key is not sent to the service.
 The user-verification step happens on the authenticator side. Depending on the device and setup, that can be a PIN, biometric, or another authorization gesture. WebAuthn communicates the result of that verification in the ceremony; it does not define sending a fingerprint or face scan to the website.
 “Passkey” can describe more than one storage arrangement
 Some credentials are device-bound, including credentials on some hardware security keys. Other passkeys can be backed up and made available across a user's devices through a credential provider. That convenience changes recovery and ecosystem questions, but it does not turn the credential into a reusable password shared with every site.
 Each relying party receives a credential scoped to it. WebAuthn validates the calling origin and relying-party identifier as part of the ceremony. That binding helps r...
## Visible Sources
- Web Authentication Level 3, W3C (primary, retrieved): https://www.w3.org/TR/webauthn-3/
- FIDO Passkeys, FIDO Alliance (primary, retrieved): https://fidoalliance.org/passkeys/
# The web feels permanent. Its memory is actually a rescue operation.
Canonical: https://strangelyuseful.com/story/the-web-does-not-remember-by-itself
Markdown: https://strangelyuseful.com/story/the-web-does-not-remember-by-itself/markdown
Desk: Internet & Culture
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 2 min
Summary: A live website is not a permanent deposit. Its survival depends on selection, capture, replay and maintenance.
Tags: web archives, digital preservation, internet history, Library of Congress
## Readable Excerpt
You can remember the exact shape of a webpage and still fail to find it. The address redirects. The images are gone. The text survives in a repost with the author cut off. A page can be public for years and leave less behind than a pamphlet placed in a library box.
 That is not a glitch in the web's memory. The public web has no guaranteed, comprehensive memory. Preservation is a separate job performed by archives and site owners, often with automated crawlers operating under deliberate collection policies.
 The Library of Congress describes websites as ephemeral, at-risk material. URLs change, content is revised, and entire sites disappear. Its Web Archive therefore selects material, captures it, preserves it, and provides access for future research. Each verb matters. An archive is made; it does not simply accumulate.
 A page is more than the file you can see
 An HTML page can point outward to stylesheets, scripts, fonts, images, video, and data services. The Library's format notes explain that image and video files are referenced rather than stored inside the HTML file. Modern pages can depend heavily on JavaScript and external systems that are difficult to interpret or replay outside their original environment.
 That is why an archived page may look wrong or refuse to perform an old interaction. An available capture may still omit interactive behavior or external dependencies. The capture can preserve important evidence without recreating the original service perfectly. A frozen copy of the stage does not bring every backstage machine with it.
 Selection creates a second history
 The Library says subject experts select web content under collection policies. Its archive is selected rather than presented as a complete copy of the web. That means the historical record...
## Visible Sources
- Web Archiving Overview, Library of Congress (primary, retrieved): https://www.loc.gov/programs/web-archiving/about-this-program/
- HTML 5 format description, Library of Congress (primary, retrieved): https://www.loc.gov/preservation/digital/formats/fdd/fdd000481.shtml
- Creating Preservable Websites, Library of Congress (primary, retrieved): https://www.loc.gov/programs/web-archiving/for-site-owners/creating-preservable-websites/
# Clearing your browser data can fix a broken site. It can also erase the useful clues.
Canonical: https://strangelyuseful.com/story/what-clearing-browser-data-actually-does
Markdown: https://strangelyuseful.com/story/what-clearing-browser-data-actually-does/markdown
Desk: Useful Things
Format: story
Published: July 11, 2026
Updated: July 11, 2026
Read time: 1 min
Summary: Cache, cookies, history and synced data are different things. Start with the smallest reset that matches the symptom.
Tags: browser data, cookies, cache, online privacy
## Readable Excerpt
“Clear your cache” is the web's version of turning it off and on again: often reasonable, rarely explained. The button may remove several different kinds of data, and the broadest option can sign you out, erase site preferences, and remove local clues—such as history or stored site data—that may help reproduce or document what was broken.
 Start smaller than the advice usually suggests.
 If one page looks old or broken
 Reload it first. Cached files are local copies that help pages load faster. If stale cached content is involved, clearing cached data for that site may help. Google notes that after cache and cookies are cleared, some sites may appear slower because content has to load again.
 If the site keeps forgetting or misreading your session
 Cookies and site storage can hold sign-in state and preferences. If stored session data is the suspected cause, removing that site's data is a bounded test; expect to sign in again and lose that site's saved preferences. If the browser offers a control for one site, use that before clearing every site's data.
 If you are troubleshooting a privacy concern
 Deleting browser history removes records within the selected scope. Depending on sync settings, that scope may include other devices. It does not automatically erase activity stored separately in a Google or Microsoft account, or records independently kept by websites. Browser cleanup changes what the selected product stores under the selected options.
 A safer order of operations
 1. Record the error and exact page address.
2. Try a normal reload, then a private window as a comparison, not proof: it starts a separate session, but different cookie rules can also change how a site behaves.
3. Check whether the issue affects one site or every site.
4. Remove data for the affec...
## Visible Sources
- Clear cache and cookies, Google Support (primary, retrieved): https://support.google.com/accounts/answer/32050
- Clear cookies and site data, Mozilla Support (primary, retrieved): https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- View and delete browser history in Edge, Microsoft Support (primary, retrieved): https://support.microsoft.com/en-US/edge/view-and-delete-browser-history-in-microsoft-edge
- Delete Safari history, cache and cookies on iPhone, Apple Support (primary, retrieved): https://support.apple.com/en-us/105082
- Browse in Incognito mode, Google Chrome Help (primary, retrieved): https://support.google.com/chrome/answer/95464
- Best Practices for Victim Response and Reporting of Cyber Incidents, U.S. Department of Justice (primary, retrieved): https://www.justice.gov/criminal/criminal-ccips/file/1096971/dl
# What an AI agent actually does, and what it still cannot do
Canonical: https://strangelyuseful.com/story/what-an-ai-agent-actually-does
Markdown: https://strangelyuseful.com/story/what-an-ai-agent-actually-does/markdown
Desk: Tech & AI
Format: story
Published: July 10, 2026
Updated: July 10, 2026
Read time: 9 min
Summary: An AI agent is not a digital employee with unlimited judgment. It is a model operating inside a controlled loop, choosing from the tools and permissions it has been given.
Tags: AI agents, Artificial intelligence, Explainers
## Readable Excerpt
“AI agent” now gets attached to everything from chatbots with a calendar button to software that can work through a coding task for an afternoon. Strip away the branding and the useful difference is smaller: an agent can choose a next step, use an allowed tool, inspect what happened and try again.
 The short answer
 An AI agent is a model operating inside a loop. It receives a goal, chooses from the tools it has been given, reads the result and decides what to do next. The run ends when it produces an answer, reaches a stopping condition or pauses for a person.
 An agent is a permissioned loop, not a digital employee.
 A chatbot can explain how to sort a crowded inbox. An agent with email access might search that inbox, group messages and draft replies. That does not mean it understands every relationship, knows which message is secretly urgent or deserves permission to press Send. Its reach comes from the tools and authority people give it. Its mistakes can reach that far, too.
 Goal → Model chooses → Tool acts → Result returns ↺
 The model is one component. The loop, tools, permissions and stopping rules are what make the system agentic.
 What happens inside the loop
 A goal or trigger starts the run. That may be a direct request, a scheduled time or an event in another system.
 The model interprets the next useful step. It can answer immediately or request one of the tools exposed by the surrounding application.
 The application executes the tool. The model is not secretly operating a computer. Software around it checks the request, applies permissions and performs the action.
 The result comes back into context. The model reads what happened, updates its plan and chooses again.
 The run stops, escalates or hands off. Good systems define limits instead of letting the...
# The old web was ugly. It was also a lot more human.
Canonical: https://strangelyuseful.com/story/why-old-websites-felt-more-human
Markdown: https://strangelyuseful.com/story/why-old-websites-felt-more-human/markdown
Desk: Internet & Culture
Format: story
Published: July 10, 2026
Updated: July 10, 2026
Read time: 7 min
Summary: Guestbooks, blinking text and pages built by one obsessed person. We lost plenty when the web cleaned itself up.
Tags: Old web, Internet history, Web culture
## Readable Excerpt
The old web was not elegant. Pages loaded badly, colors fought each other, and somebody was always trying to make text move. But it often felt as if there was a person on the other side of the screen. That part is worth missing.
 A page used to feel like a place
 The first website was not built to impress anybody. It lived on Tim Berners-Lee’s NeXT computer at CERN and explained the World Wide Web project itself. In 1993, CERN put the web software in the public domain. The important thing was not a visual style. It was that people could make and connect their own pages without waiting for permission.
 Later services lowered the barrier further. GeoCities let people build pages around hobbies, fandoms, family news, local clubs and subjects too specific for a publisher to touch. The Internet Archive estimates that GeoCities displayed at least 38 million pages before Yahoo closed it in 2009.
 The page did not need to represent a brand. It could simply represent whoever had figured out how to upload it.
 Bad design left fingerprints
 The blinking words, tiled backgrounds, visitor counters and “under construction” signs were not good interface design. Some were actively unpleasant. The old &#x3C;blink> element is obsolete, and &#x3C;marquee> is deprecated for good reasons, including readability and accessibility.
 Still, those choices revealed authorship. A hand-picked background or unnecessary animated GIF said, “I wanted this here.” Modern templates solved the chaos. They also made millions of pages look as if the same invisible committee had approved them.
 What is actually worth bringing back
 Not the flashing text. Not mystery navigation. Not pages that break on a phone. The useful lesson is smaller: give people room to leave fingerprints. Let an article have a strange...