Maybe you order sparkling water, start every meal with an appetizer or prefer dining right when the restaurant opens. You might not track these habits. OpenTable might.

Some restaurants are now seeing new AI-assisted tags about diners when they book a table. These tags can note drink patterns, spending levels, review habits and last-minute cancellations.

These insights surfaced after Kat Menter, a host at a Michelin-starred restaurant who posts about food under the name Eating Out Austin, spotted the new “AI-assisted” tags at work. She shared a look at the system in a TikTok video that quickly caught attention. Media outlets then confirmed the test with additional restaurants.

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

WOULD YOU EAT AT A RESTAURANT RUN BY AI?

The AI tags pull from reservation and POS data to highlight patterns like drink choices, spending ranges and dining habits across visits. (Jeffrey Greenberg/UCG/Universal Images Group via Getty Images)

How OpenTable gathers this information

OpenTable integrates with POS (Point of Sale) platforms such as Toast or Epos. These systems handle orders, payments and timing during a meal. When your contact details match your OpenTable account, the platform can connect your visit to your profile.

This can include arrival time, general order details, time spent and bill totals. Reporting shows that these items help OpenTable generate AI summaries of non-identifiable guest data when the restaurant uses a supported POS system and has enabled data sharing. You do not need to book through OpenTable for this to happen. You only need an account and matching contact information.

Some users who pulled their data through OpenTable’s privacy request form saw very limited information. Basic contact details and a list of past reservations were the main items. That suggests the insight level depends on which restaurants use POS integrations and how long they have used them.

Why restaurants want these insights

Restaurants have tracked guest preferences for years. Staff may note favorite dishes or preferred seating. They may watch for frequent lateness or recurring celebrations. This helps them shape a smooth visit.

OpenTable’s AI-summarized guest insights aim to offer a simplified version of these notes. They highlight drink categories, spending ranges or behavior patterns. However, Menter notes the tags can be off base. A single business dinner can mark someone as a high spender. Eating with friends who order cocktails can make a person look like a cocktail lover. Because of this, Menter treats the tags as loose suggestions rather than reliable signals.

THAT’S NOT A HUMAN TALKING TO YOU IN THE FAST FOOD DRIVE-THRU

How the AI works

OpenTable says the AI does not process personal guest data. Instead, it is employed for high-level classification and categorization of large, anonymized data sets. For instance, the AI analyzes various point-of-sale descriptions (like “glass of cabernet”) to consistently categorize them as “red wine,” “white wine,” etc., without ever interacting with specific guest profiles.

The platform says these insights can help staff suggest dishes or set a relaxed pace. OpenTable also says the use of POS information depends on the privacy settings you choose, and you can review, adjust or opt out of data sharing at any time. Still, the privacy policy uses broad terms like dining preferences.

A TikTok video from a Michelin-starred restaurant host first revealed the AI-assisted diner tags now being tested in OpenTable’s Pro tools. (iStock)

“Guest insights are the engine of personalization, allowing restaurants to optimize their service and deliver the kind of thoughtful hospitality that both benefits the business and offers a special experience for the diner,” an OpenTable representative told CyberGuy. “These insights come from a mix of sources — including OpenTable, our restaurant partners, and POS partners — and are limited to non-confidential information.”

“They might help a server suggest a dish you’ll love or recognize that you prefer a more relaxed dining pace,” the representative said. “We also share these insights across our network so restaurants can learn and improve the hospitality experience for everyone, not just individual guests. You’re in charge of what data you share. Through your OpenTable preferences and settings, you can review, adjust, or opt out of data sharing at any time. What we share with restaurants is guided by the choices you’ve made in your privacy preferences.”

What data gets shared and how to limit it

If a diner is opted in, OpenTable shares your name, contact details, party size and special requests with the restaurant you book. The company also confirms that participating restaurants share POS data with OpenTable. This can include items ordered, bill totals and how long you stayed. OpenTable then turns this into aggregated insights.

RESTAURANT INSIDERS SHARE THE SECRETS OF SNAGGING HARD-TO-GET RESERVATIONS

OpenTable reportedly shares insights across its broader restaurant network. This applies only where enabled and only for restaurants on the OpenTable Pro plan, and is a feature in Beta.

How to turn off the “Point of sale information” toggle 

If you want more privacy, you can turn off the “Point of sale information” setting:

• Log in to your OpenTable account
• Tap on your profile in the upper right corner
• Click Account settings 
• Tap Communications
• Scroll down and toggle off Allow OpenTable to use Point of Sale information
• Click Save 

This stops your order history from contributing to future insights.

What this means to you

Your dining habits may move with you when you dine at restaurants that use OpenTable Pro.

This awareness helps you understand what your apps track. It also gives you the chance to adjust your privacy settings so you stay in control of your information.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com 

Diners can limit how much data contributes to these insights by turning off OpenTable’s point-of-sale sharing setting in their account. (Education Images/Universal Images Group via Getty Images)

BE ON HIGH ALERT IF YOU USE THIS POPULAR RESERVATION APP

Kurt’s key takeaways

Dining out should feel simple, yet today’s tech adds a new layer to the experience. These AI-assisted tags give restaurants extra insight, but they also remind you how much of your behavior gets logged behind the scenes. By checking your privacy settings and turning off POS data sharing, you keep more control over what follows you from one meal to the next. Staying aware makes a big difference. It helps you enjoy your night out without wondering who’s tracking your habits or how your data might appear on a screen. With a few quick choices, you can shape what restaurants see and keep your preferences truly personal.

Would you change how you dine out if you knew your ordering habits might follow you to restaurants you have never visited? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com. All rights reserved.  

Google officially shut down remote control features for first and second generation Nest Learning Thermostats last month. Many owners assumed the devices would stop talking to Google once the company removed smart functions.

New research, however, shows that these early Nest devices continue uploading detailed logs to Google even though support has ended.

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Early Nest Learning Thermostats still send sensor data to Google even after losing remote features. (Google)

Researcher finds unexpected data uploads from old Nest devices

Security researcher Cody Kociemba uncovered this quiet data flow after digging into the backend as part of a repair bounty challenge run by FULU, a right-to-repair group cofounded by electronics repair expert and YouTuber Louis Rossmann. The challenge asked developers to restore lost smart features for unsupported Nest devices. Kociemba teamed up with the open-source community and created No Longer Evil, software that brings smart functionality back to these aging thermostats.

While cloning Google’s API to build the project, he suddenly received a flood of logs from customer devices. That surprise led to a deeper look at what Google still collects.

Researcher Cody Kociemba uncovered the ongoing data uploads while building a tool to restore smart functions. (Google)

What Nest thermostats keep sending to Google

Even though remote control no longer works, Kociemba found that early Nest Learning Thermostats still upload a steady stream of sensor data to Google. This includes:

• Manual temperature changes
• Whether someone is in the room
• When sunlight hits the device
• Temperature readings
• Humidity levels
• Motion activity
• Ambient light data

Kociemba says the volume of logs was extensive. He turned off the incoming data because he never expected the devices to remain connected to Google after the shutdown.

Google previously said unsupported models will “continue to report logs for issue diagnostics.” However, Kociemba points out that Google cannot use that data to help customers anymore because support is fully discontinued. That makes the continued data flow even more puzzling.

AI FLAW LEAKED GMAIL DATA BEFORE OPENAI PATCH

CyberGuy contacted Google for comment, and a spokesperson provided us with the statement, 

“The Nest Learning Thermostat (1st and 2nd Gen) is no longer supported in the Nest and Home apps, but temperature and scheduling adjustments can still be made directly on the unit. These devices will soon be unpaired and removed from all user accounts. Diagnostic logs, which are not tied to a specific user account, will continue to be sent to Google for service and issue tracking. Users who prefer to stop providing these logs can simply disconnect their device from Wi-Fi via the on-device settings menu.” 

The thermostats continue reporting temperature, motion and light data even though official support has ended.

Why this discovery matters

Google cut access to remote control, security updates, software updates and status checks through the Nest and Google Home apps. Owners can no longer rely on the devices for key smart features. Yet the thermostats still push data to Google, creating a one-way connection that helps the company more than the customer.

Users do not benefit from the logs because support has been discontinued. Google cannot use these logs to diagnose problems or offer help. That raises questions about transparency and user choice for people who assumed the connection ended.

The FULU bounty that sparked the discovery

FULU’s bounty program encouraged developers to build tools that restore functionality to devices abandoned by their makers. After reviewing submissions, FULU awarded Kociemba and another developer known as Team Dinosaur the top bounty of $14,772 for bringing smart features back to early Nest models.

Their work highlights how community-driven repair efforts can keep useful devices alive. It also reveals how companies handle device data long after official support stops.

Ways to stay safe if you still use an old Nest thermostat

If you keep one of these unsupported Nest thermostats on your network, you can take a few simple steps to protect your privacy. These tips help reduce what the device sends to Google and lower your exposure.

1) Review your Google account activity

Start by checking what Google has linked to your home devices. Visit myactivity.google.com and look for thermostat logs or events you do not expect.

2) Place the device on a separate Wi-Fi network

A guest network keeps the thermostat away from your main devices. This limits what the thermostat can reach and helps prevent broader access.

3) Block outbound traffic when possible

Some routers let you stop individual devices from sending data to the internet. This cuts off log uploads while still letting the thermostat control heating and cooling.

4) Disable any remaining cloud features

If the device menu still offers cloud settings, turn off anything related to remote access or online diagnostics. Even partial controls help reduce data flow.

5) Remove old device associations from your Google account

Check your connected devices in your Google settings. Remove any old Nest entries that no longer serve a purpose. This stops leftover links that may still send data.

6) Adjust router settings that report device analytics

Some routers send analytics back to the router maker. Turn off cloud diagnostics to reduce the footprint of unsupported smart products.

7) Plan your replacement

Unsupported devices lose security updates. If you cannot isolate the thermostat on your network, consider upgrading to a model that still receives patches.

Pro Tip: Reduce your footprint with a data removal service

A data removal service can help you cut down on the amount of personal information available to data brokers. This adds another layer of privacy that supports your smart home security.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

OVER 2B USERS FACE PHISHING RISKS AFTER GOOGLE DATA LEAK

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

The discovery that old Nest thermostats still send data to Google long after losing smart features gives owners a reason to take a closer look at their connected home. Unsupported devices can continue to talk to servers even when the useful side of the relationship ends. Understanding what your gadgets share helps you make informed decisions about what stays on your network.

Would you keep using a device that still sends data to its manufacturer even after it loses the features you paid for? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.  

Smartphone banking has made life easier, but it has also opened new opportunities for cybercriminals.

Over the past few years, we have seen Android malware steal passwords, intercept OTPs and even take remote control of phones to drain accounts. Some scams focus on fake banking apps, while others rely on phishing messages that trick you into entering sensitive details.

Security researchers have now discovered a new threat that goes a step further. Instead of simply stealing login information, this malware gives thieves the ability to walk up to an ATM and withdraw your money in real time.

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Android malware like NGate tricks users into downloading fake banking apps that steal sensitive data. (Kurt “CyberGuy” Knutsson)

How the NGate malware works

The Polish Computer Emergency Response Team (CERT Polska) discovered a new Android malware called NGate that uses NFC activity to access a victim’s bank account. This malware monitors contactless payment actions on the victim’s phone and forwards all transaction data, including the PIN, directly to a server controlled by attackers. It does not just copy card details. Instead, it waits until the victim taps to pay or performs a verification step, then captures the fresh, one-time authentication codes that modern Visa and Mastercard chips generate.

To pull this off, attackers need to infect the phone first. They typically send phishing messages claiming there is a security problem with the victim’s bank account. These messages often push people to download a fake banking app from a non-official source. Once the victim installs it, the app walks them through fake verification prompts and requests permissions that allow it to read NFC activity. As soon as the victim taps their phone or enters their PIN, the malware captures everything the ATM needs to validate a withdrawal.

MANAGE ANDROID APPS WITH THE NEW ‘UNINSTALL’ BUTTON

Once installed, the malware captures NFC tap-to-pay codes and PINs the moment the victim uses their phone.  (Kurt “CyberGuy” Knutsson)

What attackers do with the stolen data at the ATM

The attackers rely on speed. The one-time codes generated during an NFC transaction are valid for only a short period. As soon as the infected phone captures the data, the information is uploaded to the attacker’s server. An accomplice waits near an ATM, holding a device capable of emulating a contactless card. This could be another phone, a smartwatch or custom NFC hardware.

When the data arrives, the accomplice presents the card-emulating device at the ATM. Since the information contains fresh, valid authentication codes and the correct PIN, the machine treats it like a real card. The ATM authorizes the withdrawal because everything appears to match a legitimate transaction. All of this happens without the criminal ever touching the victim’s physical card. Everything depends on timing, planning and getting the victim to unknowingly complete the transaction on their own phone.

Criminals use the stolen, time-limited codes at an ATM to make real withdrawals without the victim’s card. (Kurt “CyberGuy” Knutsson)

7 steps you can take to stay safe from Android NGate malware

As attacks like NGate become more sophisticated, staying safe comes down to a mix of good digital habits and a few simple tools that protect your phone and your financial data.

1) Download apps only from the Play Store

Most malicious banking apps spread through direct links sent in texts or emails. These links lead to APK files hosted on random servers. When you install apps only from the Play Store, you get Google’s built-in security checks. Play Protect regularly scans apps for malware and removes harmful ones from your device. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. Even if attackers send convincing messages, avoid installing anything from outside the official store. If your bank wants you to update an app, you will always find it on the Play Store.

2) Use strong antivirus software

One careless tap on a fake bank alert can hand criminals everything they need. Strong antivirus software can stop most threats before they cause damage. It scans new downloads, blocks unsafe links and alerts you when an app behaves in ways that could expose your financial data. Many threats like NGate rely on fake banking apps, so having real-time scanning turned on gives you an early warning if something suspicious tries to install itself.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

ATM ‘JACKPOTTING’ CRIME WAVE GROWS AFTER THIEVES WALK AWAY WITH HUNDREDS OF THOUSANDS IN CASH

3) Keep your device and apps updated

Security patches fix vulnerabilities that attackers use to hijack permission settings or read sensitive data. Updates also improve how Android monitors NFC and payment activity. Turn on automatic updates for both the operating system and apps, especially banking and payment apps. A fully updated device closes many of the holes that malware tries to exploit.

4) Use a password manager to avoid phishing traps

Phishing attacks often direct you to fake websites or fake app login pages that look identical to the real thing. A password manager saves your credentials and fills them in only when the website or app is authentic. If it refuses to autofill, it is a clear sign that you are on a fake page. Consider using a password manager to generate and store complex passwords.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Turn on two-factor authentication for all financial services

Two-factor authentication gives you a second layer of protection, even if your password is compromised. App-based authenticators are more secure than SMS codes because they cannot be intercepted as easily. For banking apps, enabling 2FA adds friction for attackers trying to perform unauthorized actions. Combined with strong passwords from a password manager, it significantly reduces the chance of account takeover.

6) Ignore suspicious texts, emails and calls

Attackers rely on urgency to trick you. They often claim that your card is blocked, your account is frozen, or a payment needs verification. These messages push you to act fast and install a fake app. Always pause and check your bank’s official channels. Contact the bank through verified customer care numbers or the official app. Never click links or open attachments in unsolicited messages, even if they look legitimate.

7) Review app permissions

Most people install apps and forget about them. Over time, unused apps pile up with unnecessary permissions that increase risk. Open your phone’s permission settings and check what each app can access. If a simple tool asks for access to NFC, messages, or accessibility features, uninstall it. Attackers exploit these excessive permissions to monitor your activity or capture data without your knowledge.

Kurt’s key takeaway

Cybercriminals are now combining social engineering with the secure hardware features inside modern payment systems. The malware does not break NFC security. Instead, it tricks you into performing a real transaction and steals the one-time codes at that moment. This makes the attack difficult to spot and even harder to reverse once the withdrawal goes through. The best defense is simple awareness. If a bank ever urges you to download an app from outside the Play Store, treat it as an immediate warning sign. Keeping your phone clean is now as important as keeping your physical card safe.

Have you ever downloaded an app from outside the Play Store? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.