Facebook Reportedly Planning to Add Encryption to Messenger

Danny Yadron, the Guardian:

In the coming months, according to three people close to the project, the social media company plans to release an optional encrypted communications mode for its Messenger app, which is used by more than 900 million people. […]

Yet Facebook plans to make the tougher encryption an opt-in, because turning it on would get in the way of some new machine learning features it is building into Messenger, sources said. In May, Google faced blowback from privacy activists after it made a similar choice for its new Allo messaging app. […]

Google later confirmed to the Guardian that it made the extra privacy an opt-in feature because many of Allo’s smarts would no longer work if users turn on incognito mode, which prevents certain types of data from passing through Google’s servers.

For comparison, iMessage is encrypted end-to-end and there’s no way to turn that off. That’s not to say Apple couldn’t add similar functionality to Messages; if that’s something they’re planning, I expect that they would retain their existing prioritization of privacy and security.

Apple’s bet on assistive technologies so far is that they are able to interpret and suggest data locally, but one of the criticisms they’ve faced is that their implementation of these features is not as robust or as capable as their competitors’. For example, Google Photos includes auto-categorization and object detection features that some have doubted Apple can compete against, especially while retaining their locked-down approach to data sharing.

As I see it, there are three possible ways for Apple to compete with Google and Facebook in this area: process data locally, augment local operations with remote services, or decline to compete with the assumption that it’s a trend that will pass. My money is on the first method, but whether it will1 rise to the same level of accuracy, reliability, and predictability is a very good question.


  1. I do see it more as a question of will than can↩︎

Microsoft’s Upgrade Deceptions Are Undermining Windows 10

Paul Thurrott:

Last week, Microsoft silently changed Get Windows 10 yet again. And this time, it has gone beyond the social engineering scheme that has been fooling people into inadvertently upgrading to Windows 10 for months. This time, it actually changed the behavior of the window that appears so that if you click the ‘Close’ window box, you are actually agreeing to the upgrade. Without you knowing what just happened.

Previously, closing this window would correctly signal that you do not want the upgrade. So Microsoft didn’t change the wording in the window. It didn’t make an ‘Upgrade now’ button bigger, or a non-existent ‘don’t ever upgrade’ button smaller. It pulled a switcheroonie. It’s like going out to your car in the morning and discovering that the gas pedal now applies the brakes, while the brake pedal washes the windshield. Have a fun commute!

Despite becoming fairly commonplace, automatic updates can feel confusing and invasive to lots of users, particularly when they’re more substantial and obvious. But remapping the “close” button on a dialog box to trigger the update is deceitful to the point of feeling malicious. It’s a method that nefarious popups on the web typically engage in, not a legitimate operating system from a major company, and it reflects poorly on the system itself.

Seven Hundred Million

That’s approximately how many passwords to popular web services were leaked over the past week or so, as lists from LinkedIn, Tumblr, MySpace, and others have all showed up for sale on pseudonymous marketplaces.

Troy Hunt is the creator of Have I Been Pwned, a service that allows you to type in your email address or username and see if your account is among those compromised by major security breaches:

There are some really interesting patterns emerging here. One is obviously the age; the newest breach of this recent spate is still more than 3 years old. This data has been lying dormant (or at least out of public sight) for long periods of time.

The other is the size and these 4 breaches are all in the top 5 largest ones HIBP has ever seen. That’s out of 109 breaches to date, too. Not only that, but these 4 incidents account for two thirds of all the data in the system, or least they will once MySpace turns up.

Hunt doesn’t (yet) have a copy of the MySpace database, but you can assume that if you had a MySpace account at any point prior to 2013, its password is among those on the list. Whether that leak comprises 427 million or 360 million passwords is currently a bit ambiguous, but either way, it is by far the largest breach ever recorded by Have I Been Pwned.

If you needed yet another reminder to choose secure, long, and — most importantly — unique passwords, this is probably a good one.

Update: Troy Hunt has now added approximately 360 million MySpace passwords to the HIBP database. The list appears to be from 2008 or 2009, right at the tail end of MySpace’s popularity.

Every Default OS X Desktop Picture

I still use the Tiger default blue pattern. A while back, I filed a radar asking for a version of it free of JPEG artifacts (and perhaps Retina-sized, too); it was closed pretty quickly with a note: “there are no plans to revive older desktop pictures.”

Via Stephen Hackett, of course.

Facebook Begins Allowing Advertisers to Target Non-Users

Juan Carlos Perez, writing for PC World in 2009:

Facebook’s controversial Beacon ad system tracks the activities of all users of its third-party partner sites, including people who have never signed up with Facebook or who have deactivated their accounts, CA (Computer Associates) has found.

Beacon captures detailed data on what users do on the external partner sites and sends it back to Facebook along with users’ IP addresses, Stefan Berteau, senior research engineer at CA’s Threat Research Group, said today in an interview.

Byron Acohido, writing for USA Today in 2011:

Facebook officials are now acknowledging that the social media giant has been able to create a running log of the web pages that each of its 800 million or so members has visited during the previous 90 days. Facebook also keeps close track of where millions more non-members of the social network go on the Web, after they visit a Facebook web page for any reason.

Samuel Gibbs, writing for the Guardian in 2015:

Facebook has admitted that it tracked users who do not have an account with the social network, but says that the tracking only happened because of a bug that is now being fixed. […]

“The researchers did find a bug that may have sent cookies to some people when they weren’t on Facebook. This was not our intention – a fix for this is already under way,” wrote Richard Allan, Facebook’s vice president of policy for Europe in a rebuttal.

Natasha Lomas, writing for *TechCrunch earlier this year:

Yet more privacy problems for Facebook in Europe. Now the French data protection authority, the CNIL, has issued the company with a formal notice to get its house in order and comply with European data protection law or face possible referral to the CNIL’s select committee which could then choose to pursue a sanction against the company.

Facebook has been given three months to make the changes deemed necessary by the CNIL. If it does so to the DPA’s satisfaction it will not face any sanctions, the DPA said yesterday.

Jack Marshall, of the Wall Street Journal, today:

Facebook has set out to power all advertising across the Internet.

To that end, the social network and online advertising company said Thursday it will now help marketers show ads to all users who visit websites and applications in its Audience Network ad network. Previously Facebook only showed ads to members of its social network when they visited those third-party properties.

Some of the reactions to this piece of news are full of outrage and incredulity. But Facebook has been doing this for years; they’re simply monetizing it now. It’s no more invasive than what they’ve been doing since at least 2009, nor is it any creepier than what Google has been doing since 2007. Now there are two enormous companies with unfathomable amounts of personal information tied to individual users. Think anything is going to change?

Motorola Is on Its Way Out at Lenovo

Jon Russell, TechCrunch:

Lenovo has admitted that it has failed to build on its acquisition of Motorola. The Chinese firm acquired the phone-maker from Google for $2.91 billion in late 2014 and, in its end-of-year earnings report published today, it said the post-deal performance “did not meet expectations.”

That admission underscores why Lenovo plans to phase out the Motorola brand, as it revealed earlier this year, and instead focus on utilizing its own branding. (And perhaps even Razr?!)

Lenovo shipped 66.1 million smartphones over its full-year 2015/2016 and 10.9 million devices in the final quarter of the period. The firm said that Motorola devices contributed just five million to that quarterly tally, and that’s below its target.

Microsoft announced yesterday that they would be exiting the phone hardware market just two years after buying Nokia’s smartphone division. How bizarre is it that we are entering an era without either Motorola or Nokia — the two stalwart companies that pretty much invented the cellphone and its industry — competing for a slice of the market?

The Similarity of Differences

Very smart article by Seth Clifford, and not just because he cited me:

I’m delighted that Apple wants to protect my information and is loudly standing up to the degradation of that idea in public and within the legal system. They may even be able to pull off the things I’m hoping for, without the compromises I’m looking to avoid. I’m also really excited to see what Google can actually do to advance the entire industry and provide new ways of solving serious problems. I think there are a lot of ways that these two approaches can exist together, in complementary layers, that can give us more of the future we’d hoped for.

As Federico Viticci notes, there are vast cultural differences between Apple and Google. One of those key differences is, of course, in the way each company handles personal data. Apple hasn’t wavered with their commitment to protecting personal data, even appointing so-called “privacy czars” internally to vet the use of customer information in any project.

Remember Steve Jobs’ concept of the “brand bank”?

Steve went on record many times about the importance of building a strong Apple brand. And he benefited from having a high balance in the brand bank many times. One of the most negative stories in recent years was the now-famous “Antennagate” controversy. When iPhone 4 was launched, Apple was battered by journalists and influential bloggers over what was perceived to be a flawed antenna design. Despite the heavily negative press and ridiculing by late-night TV hosts, Apple’s customers remained true. Now that episode is remembered only as an example of overreaction, with virtually no long-term impact.

Having a high balance in the brand bank makes all the difference.

Apple has a very high balance in their “privacy bank”, as it were. If Siri needs additional data, perhaps it’s time to make a withdrawal. I’m not necessarily saying that Apple should do that — I think their long-term commitment to privacy is admirable and just. But I’m saying that they could do so, if they felt it was necessary.

Adobe Addresses ProRes Support on Windows

Last month, after a major security vulnerability was announced in QuickTime Player for Windows, Apple quietly confirmed that they were dropping support for it. No update will be issued to fix this gaping issue, or any others. QuickTime is dead on Windows.

So what’s the big deal? Who uses QuickTime anyway? Well, it turns out that a bunch of pro apps — especially those that need to support ProRes — use QuickTime as both an encoder and decoder.

The developers of these apps are now scrambling to implement their own solutions, thereby eliminating their dependency on QuickTime. David McGavran of Adobe:

Today we’re pleased to announce that Adobe has been able to accelerate work that was already in progress to support native reading of ProRes. This new capability is fully licensed and certified by Apple, and barring any unforeseen issues during pre-release, these fixes will be included into an update to the relevant products in Creative Cloud shortly.

Over the weekend, I visited Edmonton to see Beyoncé kick some major ass in the freezing cold and rain. While I was there, I got to meet up with Colby Ludwig and Gus Bendinelli; Gus is a cinematographer based in Los Angeles.

Over coffee, he mentioned that the industry made a big push several years ago to establishing ProRes as the across-the-board standard. Everyone — from those using DSLRs to shoot an indie film, right up to major movies shot on the ARRI Alexa and RED cameras — uses ProRes. Back when everyone made the switch, it seemed like a perfectly sensible choice: it’s a very high quality compression format, so it isn’t always necessary to transfer unfathomably large raw video files. It’s also well-supported on both Macs and PCs, with a wide variety of industry-standard software, and is the format Apple requests for iTunes Store submissions.

While ProRes is closed-source, Apple has licensed the encoder and decoder to lots of software and hardware companies. Some companies, like Adobe, chose instead to use Apple’s QuickTime SDK and (legitimately) piggybacking on its included ProRes codecs. Without a safe QuickTime for Windows, applications that the industry relies upon — like, say, Adobe’s suite — cannot read from or export to ProRes-encoded files. Apple has now expedited their licensing to Adobe of a software implementation of ProRes that doesn’t rely upon QuickTime, and Adobe is rushing to get it into updates to Premiere and After Effects.

This is a pretty crappy situation for movie editors who have a Windows-centric workflow. Apple really ought to have better handled the decommissioning of QuickTime, and Adobe ought to have licensed the ProRes encoder instead of assuming future reliance upon QuickTime.

Update: Ryan Holmes, a director, editor, and film colourist:

For Apple bungling EOLed ProApps reference: Shake, FCP7, XServe, Final Cut Server, and Aperture. Bad track record with PR for ProApps

The loss of Aperture still stings.

This reminded me of one additional thing Gus told me about: QuickTime Animation files were previously popular in the film industry until support for the file type was effectively discontinued. I can’t find an official end-of-life notice, but it was deprecated over the past few years, apparently because of licensing conflicts.

TD Canada Training Employees on Apple Pay

Gary Ng:

Yesterday we learned BMO updated their iOS app to say Apple Pay was “coming soon” (possibly June 1), and now we’ve learned TD employees have started to receive documentation and training on the upcoming launch.

The launch date is unknown at this point, aside from mid-June. What we’ve learned from sources familiar with the matter is an updated version of TD Canada for iOS will bring forth Apple Pay, as the app will be one way to verify cards, the other by phone.

WWDC begins in just eighteen days. Tick tock, TD.

A Nineteenth-Century ASCII Mystery

Jacob Harris, for the Atlantic:

This is the story of how I ended up captivated by a chance encounter with a 135-year-old newspaper advertisement — and how the random face staring back at me from the archives would reveal the surprising origins of ASCII art, a graphic design technique that’s usually associated with 20th-century computer art.

I’m not sure if this 1881 advertisement is truly the origin of ASCII art, but it’s certainly the oldest use I’ve seen. There are older examples of text laid in a specific shape, but none that I can find of a repeating letter used as a pattern element.

Update: Via Wikimedia, these ads in the Brooklyn Daily Eagle from 1875 predate Harris’ discovery.

Microsoft to Stop Making Smartphones

A little over two years ago, Microsoft closed their $7.2B acquisition of Nokia’s smartphone business. Now, there’s basically nothing left. Jussi Rosendahl and Tuomas Forsell, Reuters:

The U.S. company said it would shed up to 1,850 jobs, most of them in Finland, and write down $950 million from the business. It did not say how many employees currently work on smartphones in the group as a whole.

A Finnish union representative told Reuters the cuts would essentially put an end to Microsoft’s development of new phones.

“My understanding is that Windows 10 will go on as an operating system, but there will be no more phones made by Microsoft,” said Kalle Kiili, a shop steward.

The predictability of this news doesn’t mask how shitty it is. What a loss.

As for Nokia, their feature phone business will live on. Last week, they announced that Hon Hai (you know them as Foxconn) would be manufacturing cellphones to be sold by HMD — a brand new company, run by former Microsoft VPs.

See Also: Ben Thompson:

Microsoft under Nadella’s leadership has, over the last three years, undergone a tremendous transformation, embracing its destiny as a device-agnostic service provider; still, it is fighting the headwinds of Amazon’s cloud, open source tooling, and the fact that mobile users had six years to get used to a world without Microsoft software. How much stronger might the company have been had it faced reality in 2007, but the culture made that impossible.

Meet VocalIQ

VocalIQ was a small Cambridge-based startup, launched in 2011, that specialized in natural speech recognition and conversational interactions. From their website, circa August last year:

Every time your application is used it gets a little bit smarter. Previous conversations are central to it’s [sic] learning process – allowing the system to better understand future requests and in turn, react more intelligently. As a developer, you have the ability to change your system’s interpretation or behavior directly in your app.

And from a Times article published in June:

“The internet of things won’t be possible without a simple way to interact with all of these devices,” Vishal Chatrath, of VocalIQ, says. The Cambridge-based start-up has developed an alternative to Apple’s Siri that engages the user in conversation. The company is releasing a trial app next month.

The ambition does not end there. “One of our key projects is to develop a car that can talk to you, like in Knight Rider,” Mr Chatrath says. “That’s the level we’re targeting.”

Compelling, right? Turns out that Apple acquired them in October. And Brian Roemmele has been following along with VocalIQ for a long time:

If Apple utilizes just a small subset of the technology developed by VocalIQ, we will see a far more advanced Siri. However I am quite certain the amazing work of Tom Gruber will also be utilized. Additionally the amazing technology from Emollient, Perception and a number of unannounced and future Apple acquistions [sic] will also become a big part of Apple’s AI future.

By “Perception”, Roemmele likely means the automatic photo classification startup Perceptio. Apple confirmed their acquisition of the company just three days after they purchased VocalIQ.

So, who’s excited for WWDC?

Apple Reportedly Working on Siri API, Hardware Companion

A well-timed leak that should assuage recent concerns about the state of Siri indicates that Apple is, predictably, working on a Siri API and a hardware companion to compete with Amazon’s Echo.

Juli Clover of MacRumors summarizes what Amir Efrati originally reported for the paywalled Information:

Citing a source with direct knowledge of Apple’s plans, the report suggests Apple is working on a Siri-based device that would include a speaker and microphone that could be used for features like listening to music, getting news headlines, and more.

In addition to developing such a device, Apple is planning to improve Siri by opening the voice assistant up to outside developers. Apple is said to be preparing to release a Siri software development kit that would allow developers to make their apps and their app content accessible through Siri voice commands. Apple plans to require developers to use the tool responsibly.

My first thought for the form factor of the always-on hardware companion for Siri was the Apple TV;1 my second thought was the AirPort base station.

But nothing in this rumour really addresses Siri’s reliability which, I believe, is currently its single biggest hurdle. Most of the time, it’s pretty fast and much more accurate than before. Yet it still occasionally gets confused by homonyms, can’t handle some accents, loses context, and sometimes silently fails for no obvious reason. Last night, I asked Siri on my Watch to remind me about something, and it “thought” for a while before telling me it couldn’t connect. I tried again on my phone and it worked perfectly.

Some of these issues could be mitigated by simply providing a textual interface for Siri. And I’d probably feel much more comfortable using it, to boot.

Update: Ben Bajarin:

Tease to our voice assistant study coming out next week. More people have/are using Siri than any other voice assistant.

Apple has a huge head-start in this space. They may appear to be resting on their laurels, but recent reports and acquisitions suggest they’re doing anything but.

Update: Jordan Nevet, VentureBeat:

Apple is working on its answer to Amazon’s Echo, the voice-activated assistant packaged inside a speaker, but it may come in the form of a refreshed Apple TV, rather than a new hardware product, VentureBeat has learned.

The company will build on its enhancements to the Apple TV announced last year, which brought the Siri virtual assistant to the set-top box. A new version of the Apple TV will solve problems with the existing box and remote control, a source familiar with the matter claims.

“They want Apple TV to be just the hub of everything,” the source told VentureBeat.

Imagine that.


  1. Wouldn’t it be great if the iOS 10 update simply enabled this on existing fourth-generation Apple TVs? As Apple is still a hardware-centric company, this is unlikely to happen, but one can dream. ↩︎

Twitter Officially Announces Changes to Character Counting in Tweets

In a letter to shareholders earlier this year (PDF), Twitter CEO Jack Dorsey previewed some adjustments to the way replies would work in the future:

We are going to fix the broken windows and confusing parts, like the .@name syntax and @reply rules, that we know inhibit usage and drive people away.

The future is now, and Twitter is preparing to roll out some changes to replies and character counts. Ironically, for a company built on direct communication, Twitter’s explanation for these changes is rather longwinded and confusing:

We are simplifying the way that replies and attachments work on Twitter by moving some of the “scaffolding” of Tweets into display elements so they no longer count towards the character limit within the Tweet.

  • Replies: @names that auto-populate at the start of a reply Tweet will not count towards the character limit (but new non-reply Tweets starting with a @mention will count, as will @mentions added explicitly by the user in the body of the Tweet). Additionally, new Tweets that begin with a username will no longer have to use the “.@” convention in order to have those Tweets reach all of their followers.

  • Media attachments: A URL at the end of Tweets generated from attaching photos, a video, GIF, poll, Quote Tweet, or DM deep link will also not count towards the character limit (URLs typed or pasted inside the Tweet will be counted towards the character limit as they do today).

This poor explanation has generated some misleading comments and poor articles that attempt to report on Twitter’s changes, and inciting worries that these changes will dramatically increase spam and harassment on the service. These changes are neither as straightforward as they should be, nor as confusing as Twitter makes them out to be.

In short, anything Twitter adds to a tweet — including URLs for images, polls, and quoted tweets — is not counted against the character limit; most things you add to a tweet do count.

For example, in this tweet:

.@ashleyfeinberg wrote 3,500 words on whether Trump has a weave. http://gawker.com/is-donald-trump-s-hair-a-60-000-weave-a-gawker-invest-1777581357

both the @ mention and external URL — condensed into a t.co address, of course — would be counted against the character limit because they were both added manually by the user. This tweet was surfaced in my stream by Christina Warren, who retweeted it. If I were to reply to it, I am presented with this starting point:

@noahshachtman @ashleyfeinberg @film_girl

These three @ mentions would not count against the character limit because it’s a reply to a tweet containing all three user handles. I would still have 140 characters to write my reply, not the 98 of today. If I were to then write something like this:

@noahshachtman @ashleyfeinberg @film_girl Looks like Gawker is about to hit a Fuckface von Nervestick, right @TheDailyShow? https://twitter.com/TheDailyShow/status/330373292651315201

My comment and my additional mention of the Daily Show handle would count against the character limit, but the quoted tweet URL would not. If that URL were instead pointed to, say, the Daily Show video clip, it would count against the limit.

Twitter is limiting the total number of accounts in a reply to fifty, but — as we’ve seen — this doesn’t mean users can mention fifty accounts per tweet. Whether this will impact spam or abuse on Twitter remains to be seen, but it looks these changes have been more thoughtfully designed than many headlines are making it out to be. That said, Twitter absolutely needs to take greater steps to curb harassment.

And you still can’t edit tweets.

Update: Where it gets confusing and weird is that a straight-up mention like this:

@TD_Canada Give me Apple Pay convenience or give me death.

looks identical to a tweet that’s a reply to, say, this tweet:

@TD_Canada Give me Apple Pay convenience or give me death.

Yet, in the latter, the user handle is not counted against the character limit; in the former, it is.

Machine Learning Bias

Julia Angwin and Jeff Larson of ProPublica:

We obtained the risk scores assigned to more than 7,000 people arrested in Broward County, Florida, in 2013 and 2014 and checked to see how many were charged with new crimes over the next two years, the same benchmark used by the creators of the algorithm.

The score proved remarkably unreliable in forecasting violent crime: Only 20 percent of the people predicted to commit violent crimes actually went on to do so.

When a full range of crimes were taken into account — including misdemeanors such as driving with an expired license — the algorithm was somewhat more accurate than a coin flip. Of those deemed likely to re-offend, 61 percent were arrested for any subsequent crimes within two years.

We also turned up significant racial disparities, just as Holder feared. In forecasting who would re-offend, the algorithm made mistakes with black and white defendants at roughly the same rate but in very different ways.

After collecting and assessing unprecedented amounts of data, we’re rapidly accelerating the rate at which we believe that computers can make decisions on our behalf. We’ve never before, in the whole of human history, had access to this much information, and we now believe that it can effectively tell us what to do. It’s happening on a smaller scale with virtual assistants and bots. But, while it’s a little irritating when they get a command wrong, it’s nothing on risk assessment scores, which can fuck up someone’s life.

Streaming Apps

Jen Simmons of Mozilla:

This idea that the web sucks. And apps are awesome. And the web can only be ‘saved’ by making it more like ‘apps’.

Ugh.

This bothers me.

[…]

It’s not that I think *no* one should create a website that’s “app-like”. It’s that I think this pressure for *everyone* to is dead wrong.

It’s not that streaming apps that don’t require installation are not clever, it’s that apps are not necessarily the correct solutions.

From an iOS perspective, the ironic thing about the post-shit sandwich app situation is that Mobile Safari has become a vastly more powerful development platform while being de-emphasized as such.

There truly is an xkcd for everything.

Illegal Numbers

Chris Baraniuk for the BBC:

Jon Johansen’s program worked. The Norwegian teenager watched as it downloaded 200 megabytes of a recently released movie, The Matrix, from a DVD onto his computer. The program that he and two anonymous others had created that year, 1999, was called DeCSS. But their project was about to cause something of a ruckus. DeCSS allowed people to unlock content on commercial DVDs without the publisher’s permission, so it instantly became the subject of legal objections from the movie industry.

What happened next likely took the lawyers at a number of big movie studios by surprise. Johansen was later acquitted, but wrangling over DeCSS turned into a debate about the essence of computing and what things could logically be banned. The contention right at the heart of this was the fact that any computer file or program could be represented by a number. Could you really make numbers illegal? And if so, what did that mean for the control of information?

In the midst of the debate over whether encryption should — or even could — be made illegal, as it’s simply a series of mathematical equations, this article notes some instances of numbers that are illegal.

Allo and Duo

Google debuted two new cross-platform messaging apps at yesterday’s I/O kickoff: Allo, for text-based conversations augmented by search, and Duo for video calls.

They look like fine apps, aside from Allo’s poor security defaults — they might even be brilliant apps. But Casey Newton of the Verge points out why they’re always going to be flawed:

Three years ago, Google set out to fix its chaotic messaging strategy with a single app. This summer, getting the full Google messaging experience will mean downloading as many as four apps: Hangouts, Allo, Duo, and Google Messenger, for sending SMS messages on Android.

That list doesn’t include Who’s Down, their quietly-released private chat app for meeting up with friends, nor does it include the text capabilities in Google Voice. All of these apps are currently being developed.

I don’t see why Google felt the need to separate chat functionality into six different apps. It’s overcomplicated and messy.

New Union Square Apple Store Opening on Saturday

This is a brand new store to replace the famous but crowded Stockton Street location. Apple PR:

Apple Union Square’s glass doors open the store to Post Street and Union Square. The building’s unique position connects San Francisco’s most famous square to a rejuvenated plaza to the north, creating a beautiful gathering place for the community. The art-filled plaza offers seating, public Wi-Fi, a 50-foot tall “green wall” and regular acoustic performances. The store is powered by 100 percent renewable energy, including power produced by photovoltaic panels integrated into the building’s roof.

It’s a testament to how iconic these retail stores are that they no longer feel a need to put an Apple logo anywhere on the face of them. They’ve been doing this for a little while with the newer stores,1 and I think it looks great.

Rene Ritchie was invited to the press preview today, and he has some photos of the impressive new space.

By the way, those glass doors will sure be nice for rolling cars in and out of the store, don’t you think?

Update: Jim Dalrymple was also at the press preview:

Ahrendts said the company even thought about how sections of the Apple stores were named, like the Genius Bar. The word “bar” brings up thoughts of a busy, noisy space—not really what you’re looking for when trying to talk to an expert about your problems.

Apple renamed it the Genius Grove and added trees and seating, which gives it a more relaxed look and feel. It’s calming.

How does this scale to smaller mall stores?


  1. Speaking of which, Apple is also opening a new store in Jinan this Saturday. ↩︎

A 1-Million-Site Measurement and Analysis of Online Tracking

Steven Englehardt and Arvind Narayanan of Princeton University measured the third-party tracking scripts on the top million websites as ranked by Alexa. Some findings aren’t surprising — of the top twenty third-party domains, for example, twelve are owned by Google.

But there are some fairly new styles of tracking out there. For example:

Firefox’s third-party cookie blocking is very effective, only 237 sites (0.4%) have any third-party cookies set from a domain other than the landing page of the site. Most of these are for benign reasons, such as redirecting to the U.S. version of a non-U.S. site. We did find a handful of exceptions, including 32 that contained ID cookies. These sites appeared to be deliberately redirecting the landing page to a separate domain before redirecting back to the initial domain.

I’ve previously discussed how Criteo and AdRoll engage in this behaviour.

The HTML Canvas allows web application to draw graphics in real time, with functions to support drawing shapes, arcs, and text to a custom canvas element. Differences in font rendering, smoothing, anti-aliasing, as well as other device features cause devices to draw the image differently. This allows the resulting pixels to be used a part of a device fingerprint. […]

We found canvas fingerprinting on 14,371 sites, caused by scripts loaded from about 400 different domains.

That’s nearly 1.5% of the top million websites, from about 0.5% of all third-party trackers in the study.

Steven Englehardt followed up on Princeton’s Freedom to Tinker blog with one particularly new way a small number of websites are tracking visitors:

[…] One of our more surprising findings was the discovery of two apparent attempts to use the HTML5 Audio API for fingerprinting.

The figure is a visualization of the audio processing executed on users’ browsers by third-party fingerprinting scripts. We found two different AudioNode configurations in use. In both configurations an audio signal is generated by an oscillator and the resulting signal is hashed to create an identifier. Initial testing shows that the techniques may have some limitations when used for fingerprinting, but further analysis is necessary.

Expedia, Hotels.com, and Travelocity are all prepared to use audio fingerprinting, but have not actively implemented it.

It feels like those of us who value a modicum of privacy online are losing a battle against advertising and marketing technology companies. Users are overwhelmingly distrusting of the handling of their personal information by Google and Facebook; imagine how they’d react when they find out that a bunch of smaller companies they’ve never heard of are also collecting vast amounts of data.

These smaller companies are held to a different set of standards than a giant like Google because almost nobody knows they exist. What websites they’re on, what information they collect, and how that information is used often remains a complete mystery. These companies will tell critics that users can always opt-out, but it’s hard to opt out of something when its existence isn’t disclosed.

We need a stronger set of rules regarding the collection and use of personal information. Automatic opt-in should not be the default, and the ability to know what information is collected and how it’s being used ought to be significantly easier.

Google Assistant

I followed along with the Verge’s liveblog of today’s Google I/O opening keynote and, for my money, the standout announcements of the day were Home, an Echo-like always-on hardware bot, and Assistant.

Assistant looks less like a new product and more like a refinement of Google’s other voice-query virtual assistant products, but that’s setting a significantly higher bar than much of the rest of the industry. From the Verge’s liveblog:

In the US, 1 in 5 queries are voice queries. “And that share is growing.” […]

There are over a billion entities in the Knowledge Graph, Google’s super database of stuff that it understands. […]

140 billion words translated per day

It’s that kind of scale that allows Assistant to be as accurate and fast as I saw in the demoes. If you feel comfortable with the privacy tradeoffs of a product like this, it has the potential of becoming indispensable in a way that Siri wishes it were if you’re the sort of person who likes speaking with devices.

I think there are a lot of people — myself included — who will see this as a glorified phone tree, but a super-reliable always-on virtual assistant is a boon from an accessibility and general usability perspective.

One thing remains clear: there is no company that can automatically interpret words and phrases like Google can. They are setting the high watermark and, believe me, it is very high.

On the Female Gendering of Bots

Mandy Brown:

Notably, Amazon’s Alexa, x.ai’s Amy, Apple’s Siri, and Microsoft’s Cortana have something else in common: they are all explicitly gendered as female. […] The neutral politeness that infects them all furthers that convention: women should be utilitarian, performing their duties on command without fuss or flourish. This is a vile, harmful, and dreadfully boring fantasy; not the least because there is so much extraordinary art around AI that both deconstructs and subverts these stereotypes. It takes a massive failure of imagination to commit yourself to building an artificial intelligence and then name it ‘Amy.’

Google’s Assistant, announced today at I/O, is does not have a gendered name, but the voiceover is still decidedly female.

A Collection of iTunes 12.4-Related Links

James Pinkstone, who wrote that post earlier this month about Apple Music erasing his iTunes library, was visited at home by two senior Apple engineers to try to diagnose the bug:

In the days leading up to our face-to-face encounter, they’d earned more of my trust when they acknowledged that A), they’d read the phone transcripts, and although they maintained that she was mistaken, they did not dispute my account of what Amber had told me, and B), they, too, were convinced this was not user error. […]

One of the things on which Tom, Ezra, and I seemed to agree was that Apple is not off of the hook yet. Their software failed me in a spectacular, destructive way; and since I rang that bell, many people have come forward with similar stories. Some may be a result of user error, but I have a hard time believing all are. I think Apple does, too; which is why, as of this writing, they have stated they are currently working on an iTunes update with additional safeguards added.

Sarah Perez, TechCrunch:

The iTunes update that aims to correct this problem is version 12.4, released just yesterday, TechCrunch has confirmed with sources familiar with the matter.

What’s odd is that Apple has not been able to cause music deletions to happen in internal testing. Without being able to reproduce the problem, it’s unclear at this time if the fix being shipped will actually solve this issue for good. It’s also unclear whether the issue is tied to Apple Music’s subscription service, as suspected, or if it could affect regular iTunes users as well.

In non-song-deletion news, Doug Adams of Doug’s AppleScripts for iTunes notoriety says that iTunes 12.4 includes AppleScript additions. In 2016. Miraculous.

Kirk McElhearn:

As timmorrislw points out in the comments, there’s a new iCloud Status of No Longer Available. This shows tracks that you added to your Apple Music library that record labels are no longer allowing to be streamed. It’s interesting to create a smart playlist with this condition, to find how many tracks have been removed. Previously, I had, as the comments said, a smart playlist excluding all the other statuses. Out of 16,000 tracks in my Apple Music library, 843 are no longer available.

And people wonder why I still prefer my local library.

The Ironic Loss of the Postmodern Best Store Facades

Really fascinating article from a couple of years ago, but which was surfaced this week by Vanessa Grall. Margaret McCormick writing at Failed Architecture:

In the mid 1970s, the Lewis Family (the owners and operators of catalogue company Best Products) hired Sculpture In The Environment (SITE) to create a series of facades for nine showrooms across the US. Regardless of the project’s relative financial benefits, the clients gave SITE the one thing all designers crave and fear: full creative reign. […]

What made the Best Showrooms so successful as architectural statements was the balance of spite and sincerity. SITE at the time had all the swagger and irony, but without contempt for the users or client. Going by the old Mel Brooks dogma of really loving the object of your mockery.

You just have to see the photos in the post, and more over on SITE’s website. It’s rather disappointing that such outstanding examples of architectural ingenuity and carte blanche brilliance have vanished.