Pittsburgh Tech Guy

US consumers are now holding onto their smartphones for more than 2.5 years, on average, before upgrading, according to new research from The NPD Group.

The average US smartphone upgrade cycle, as of the second half of 2017, was 32 months, the market research firm wrote in its latest Mobile Connectivity report. That's up from 25 months a year prior.

It's also not uncommon these days for people to hold onto their smartphones for more than three years, the firm noted. In the second half of 2017, 22 percent of US smartphone users said they wait more than 36 months to upgrade, up from 18 percent who said the same a year earlier.

Prepaid users are quickest to upgrade. In the latter half of last year, 21 percent of prepaid smartphone users reported upgrading their devices within a year of purchasing them. Just 10 percent of postpaid customers said the same.

"The continuous improvement of device build quality and components, coupled with higher price tags, has motivated consumers to hold on to their smartphones for longer periods than in the past," Brad Akyuz, director and industry analyst at NPD Connected Intelligence, said in a statement.

Carriers' stricter upgrade policies of late have also impacted the upgrade cycle. "Many carriers require that customers fully pay off their devices before trade-in, which has slowed down upgrade cycles for postpaid customers," Akyuz said.

Buried inside most smartphones is a capability that few people take advantage of but that I have come to rely on more and more: the ability to turn the phone into a Wi-Fi hotspot.

Using my phone as a hotspot (also known as Wi-Fi tethering) means that whenever I have a couple of bars of signal strength, I can get my tablet or laptop online — and share my internet connection with work colleagues. It’s my way to stay on top of work wherever I am, allowing me to read and send emails, move data back and forth with the company’s servers and even get a taste of the latest office gossip from the comfort of a full-sized device.  Click here for the Computerworld full article in detail.

Google last week spelled out the schedule it will use to reverse years of advice from security experts when browsing the Web - to "look for the padlock." Starting in July, the search giant will mark insecure URLs in its market-dominant Chrome, not those that already are secure. Google's goal? Pressure all website owners to adopt digital certificates and encrypt the traffic of all their pages.

The decision to tag HTTP sites - those not locked down with a certificate and which don't encrypt server-to-browser and browser-to-server communications - rather than label the safer HTTPS websites, didn't come out of nowhere. Google has been promising as much since 2014.

And Google will likely prevail: Chrome's browser share, now north of 60%, almost assures that.

Security pros praised Google's campaign, and the probable end-game. "I won't have to tell my mom to look for the padlock," said Chester Wisniewski, principal research scientist at security firm Sophos, of the switcheroo. "She can just use her computer."

But what are Chrome's rivals doing? Marching in step or sticking to tradition? Computerworld fired up the Big Four - Chrome, Mozilla's Firefox, Apple's Safari and Microsoft's Edge - to find out.

Safari

Apple's browser currently uses the traditional model of signage: It puts a small padlock icon in the address bar when a page is protected by a digital certificate and traffic between the Mac and site server is encrypted.

No padlock? That means the site does not encrypt traffic.

Recent versions of the browser, however, take additional steps in certain circumstances. If the user is at an insecure site - one not locked down with a certificate and encryption - and attempts tasks such as entering info into log-on fields or those designed to accept credit card numbers, Safari throws up a red text warning in the address bar that starts as Not Secure and then changes to Website Not Secure. Those hard-to-miss alerts debuted with the version of Safari bundled with macOS 10.13.4, an update issued March 29. (Mac owners running OS X 10.11 (El Capitan) or macOS 10.12 (Sierra) got the same functionality in the Safari 11.1 update on the same day.)

Apple

The Website Not Secure warning also should appear if the certificate is out-of-date or illegitimate.

Firefox

Mozilla's browser is on a path similar to Google's Chrome; it will eventually tag all sites sans encryption with a distinctive marker. But Firefox is not there yet.

Mozilla

Currently, Firefox shows a padlock with a red strike-through line when the user reaches an HTTP page that contains a username+password log-on combination. Placing the cursor in one of the fields - by clicking in one, for instance - adds a textual warning that reads This connection is not secure. Logins entered here could be compromised.

Otherwise, tradition still rules in Firefox: HTTPS websites are marked by green padlocks in the address bar, while regular HTTP pages are unmarked.

Mozilla has committed to reversing the iconography, though. "Firefox will eventually display the struck-through lock icon for all pages that don't use HTTPS [emphasis added], to make clear that they are not secure," wrote Tanvi Vyas and Peter Dolanjski, a security engineer and product manager, respectively, in a blog post over a year ago. "As our plans evolve, we will continue to post updates, but our hope is that all developers are encouraged by these changes to take the necessary steps to protect users of the Web through HTTPS."

Mozilla

The mark-all-HTTP feature is tucked inside Firefox, but it's not been enabled in the current production-quality browser, Firefox 60. Users can switch it on manually, however.

• Type about:config in Firefox's address bar
• Search for security.insecure_connection_icon.enabled
• Double-click that item; the false under Value will change to true

You can test the change by entering an HTTP page into the address bar, like bbc.com.

Chrome

Chrome still uses the usual padlock to mark HTTPS sites and does not call out unencrypted traffic (HTTP), at least at a quick glance to the address bar. (Clicking the information icon in the address bar, the symbol of a lowercase i within a circle, at the left of the URL, displays a drop-down that does call attention to existing insecure connections, however.)

Google

And since 2017, Chrome has tagged sites that transmit either passwords or credit card information over HTTP connections as Not secure using text in the address bar.

But Google has scheduled several additional steps for this year that will move Chrome closer to a goal of overturning decades of visual signals that mark traffic encryption.

The changes begin in July with Chrome 68 - set to ship the week of July 22-28 - that will mark all HTTP sites with text that reads Not Secure preceding the URL in the address bar.

Google

Users can enable Chrome 68's behavior with these steps in the current Chrome 66:

• Type chrome://flags in the address bar.
• Find the item Mark non-secure origins as non-secure.
• Select Enable (mark with a Not Secure warning) and relaunch Chrome.
• Optionally, choose Enable (mark as actively dangerous)instead to display the red icon, too.

Google

Next, Chrome 69 - slated for release during the week of Sept. 2-8 - the browser will drop the green Secure text from the address bar for HTTPS pages and show only the small padlock icon. Google characterized that as a step away from affirmatively noting a secure page, and toward a more neutral label.

Google

Then in October, Chrome 70 will appear (during the week of Oct. 14-20), labeling any HTTP site with a small red triangle to indicate an insecure connection, along with the text Not secure in the address bar. Those signals show as soon as the user interacts with any input field.

Edge

In much the same way as Apple's Safari, Microsoft's lead browser has stuck with the HTTPS-is-marked, HTTP-is-not model.

Edge displays a padlock icon in the address bar when the page is protected by a digital certificate, and traffic between the Windows 10 PC and server is encrypted. If there is no padlock, the site does not encrypt traffic, relying on HTTP instead. To get the full story, however, users must click on the icon - an i within a circle - and read the text in the ensuing pop-up. "Be careful here," Edge warns. "Your connection to this website isn't encrypted. This makes it easier for someone to steal sensitive information like passwords."

Microsoft

Unlike Safari, Firefox and Chrome, Edge does not proffer special warnings when the user visits an HTTP site sporting important input fields, like those dedicated to passwords or credit card numbers.

It costs $20 to port your landline number to Google Voice -- but you'll have to move it to a mobile carrier before you can do that.

Still hanging onto your home phone? Worse, still paying for it?

I suspect this is pretty common. It's a hassle to give up a landline, if only because that number you've had for so many years is "on file" at so many places. It's your home number -- and you need to keep that, right?

The number, yes. But the service? Well, that's another matter. By porting that number to Google Voice, you can keep your home number and actually make it a little more versatile. You can also stop paying extra for it -- probably.

How much is your landline costing you?

I know from an informal social media poll that some folks out there still have plain old telephone service (or a POTS) and are still paying anywhere from $30-$80 per month. Yikes.

Assuming you have reliable and speedy internet service, you could switch to a voice-over-IP (VoIP) phone system like Ooma. The Ooma Telo ($79.98 at Amazon.com) box plugs into your router and then delivers basic home-phone service -- with your same number -- for free. Ooma Premier adds a bunch of bells and whistles for $10 per month -- still way cheaper than most POTS options.

If your home number is bundled with your cable or internet, however, it might not be costing you that much. Or, to think about it another way, you might not save anything by unbundling it from your service plan. It's worth a phone call to find out.

Maybe you've been thinking about cutting the cord anyway? If you're ditching two out of your three bundled services, now you're probably looking at a lower monthly bill. (Not in the mood to haggle with your cable company? A service such as BillFixers, Billshark or Shrinkabill will do it for you -- for a fee, of course.)

Why Google Voice?

What's the advantage of moving your home number to Google Voice? For starters, it's free -- at least, it has been since 2009. Is there a chance Google could start charging for it? Absolutely, but you can cross that bridge when you come to it.

The key advantage to Google Voice is its versatility. You can route incoming calls to one or more other numbers -- like, say, every family member's mobile phone. That means you can receive home-phone calls even when you're not home.

You can also set up voicemail so that messages are transcribed to text messages or delivered by email. There's even a call-recording option, though it only works for incoming calls. 

OK, but does all this mean you can no longer use the cordless phone system that's been a household staple for all these years? Actually, it's possible to keep that hardware in the loop -- keep reading to find out how.

Why not Google Voice?

There's one important concern: You can't use Google Voice for 911 calls. So although you're keeping your number, giving up your landline means you'll need to use your mobile phone or some other method to dial emergency services.

Also, if you currently have a Google Voice number that you're using for other purposes, porting your landline will override that number. (If that's the case, it might be better to set up a new account with a new Google Voice number that you won't mind losing.)

Can you make the move?

There's a bit of a technical hurdle to moving your home phone number to Google Voice: The service can't port in numbers from landlines or VoIP services. (But you should still check Google's number-porting page to see if maybe your number is already eligible.)

It can port numbers from mobile carriers, though. So the trick is to first move your landline number to a mobile carrier, then move it to Google Voice.

By all accounts, the best way to do that is to buy a T-Mobile SIM card, create a new account, port the landline number to that account, then make your move to Google Voice.

Rather than walk you through each step of that process, I'm going to send you to Obihai's straightforward tutorial for porting a nonmobile number to Google Voice. And the reason I've chosen that particular tutorial is that Obihai also makes an inexpensive device you might find useful after the switch. See the next section for further details.

Once you get your landline number transferred to a mobile carrier, Google charges a one-time $20 porting-in fee. Before you perform that final step, you'll need to make sure your Google Voice number is linked to a phone number other than your landline. (You link numbers in the Google Voice settings. I recommend linking to your mobile phone, at least for now.)

OK, it's ported to Google Voice -- now what?

This Obihai adapter makes your Google Voice number accessible via your home phone system.

After the porting process is complete, you'll want to return to settings and forward incoming calls to one or more other numbers. (This could include an office line, for example, but most likely you'll want calls to go straight to your cell, and maybe other family members' as well.)

Another option: Let calls to your landline number ring your cordless phone system, just like they did before. You can do this by installing an Obihai adapter such as the popular Obi200 ($50 at Amazon). It plugs into your router, much like the aforementioned Ooma, then your phone system's base station plugs into the adapter. Now you can do incoming and outgoing calls pretty much the same as always -- but without monthly fees.