Pixel Envy

Written by Nick Heer.

First Reviews of the Samsung Galaxy Fold

Dieter Bohn, the Verge:

Samsung isn’t canceling or delaying the launch of this $1,980 folding smartphone from its April 26th launch date. So I feel a sense of responsibility to get this review out before people buy it. I’ll just say it right out front: I cannot recommend that anybody buy this thing until we know what’s up with these broken screens. The whole situation isn’t quite the fiasco of exploding Note 7 smartphones, as nobody’s safety is threatened, but it is, well, weird.

So here’s what I’m going to do: review the Galaxy Fold as if this whole terrible screen breaking thing will get resolved. Don’t take that to mean that I think it absolutely will be or that I think you should dismiss these problems. Entirely the opposite: you should not buy this phone until we get more information — and even then, it’s not a great purchase.

Joanna Stern, Wall Street Journal:

Even then, I have to ask: Why in the world is a $2,000 glamour phone held together by a flimsy piece of plastic? The feeling of cheapness is as great a sin. Why didn’t Samsung integrate this apparently necessary protective layer better into the body of the phone? (The company’s answer: It makes the phone easier to service. There’s a vote of confidence!)

[…]

At a time when smartphone innovation seems to have stalled and companies are looking to sell us the Next Big Thing, the coming years will be about new and exciting experiments like this. Some early adopters will gleefully raise their hands and pay to test drive the future. But we are not all willing beta testers.

Reading these two reviews has helped me understand the potential of the Galaxy Fold in a way that Samsung’s own product launch keynote did not. It’s not a phone that unfolds into a bigger screen; it’s a small and simplified tablet that can fold in half. If the idea of a tablet as just a bigger smartphone is appealing to you, a device like this might also be.

But not this product. Even if we totally ignore the unignorable display problems and questionable reliability, there are so many basic software implementation problems that it’s hard to see this as anything more than a prototype that is years away from being ready to ship to consumers.

Except it isn’t shipping years from now; I still can’t believe Samsung will deliver these things to customers next week. But they will, and those customers will pay $2,000 for an experiment that might break at any time, all so Samsung can say that they were first.

Facebook Acknowledges Millions More Passwords Stored in Plain Text, and Contacts Uploaded Without Consent

Kurt Wagner, Recode:

Facebook first announced late last month that it had stored hundreds of millions of user passwords unencrypted on its servers, a massive security problem. At the time, it said that “tens of thousands” of Instagram passwords were also stored in this way.

On Thursday morning, Facebook updated its blog to say that, actually, “millions” of Instagram users, not “tens of thousands,” were impacted.

That’s real bad, but that’s not all, because it never is with Facebook. Remember how they were asking some users for their email account passwords just two weeks ago?

Rob Price, Business Insider:

Since May 2016, the social-networking company has collected the contact lists of 1.5 million users new to the social network, Business Insider can reveal. The Silicon Valley company said the contact data was “unintentionally uploaded to Facebook,” and it is now deleting them.

The revelation comes after pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities, a move widely condemned by security experts. Business Insider then discovered that if you entered your email password, a message popped up saying it was “importing” your contacts without asking for permission first.

At the time, it wasn’t clear what was happening — but on Wednesday, Facebook disclosed to Business Insider that 1.5 million people’s contacts were collected this way and fed into Facebook’s systems, where they were used to improve Facebook’s ad targeting, build Facebook’s web of social connections, and recommend friends to add.

Are they evil? Is their internal culture and sense of corporate ethics corrupt? Are they merely criminally inept?

Whatever the case, it doesn’t seem to have spooked Facebook’s shareholders. The company’s stock has climbed pretty steadily since the beginning of the year, and it’s at about the same price as this time last year. And, even though Facebook — the website and app — has been losing users, Facebook — the company — has insulated themselves by acquiring apparent alternatives. There are simply few automatic consequences for their repeated, brazen, and systemic breaches of trust.

Samsung Galaxy Fold Reviewers Are Noticing Screen Problems After Days of Use

Dieter Bohn, the Verge:

Look closely at the picture above, and you can see a small bulge right on the crease of my Galaxy Fold review unit. It’s just enough to slightly distort the screen, and I can feel it under my finger. There’s something pressing up against the screen at the hinge, right there in the crease. My best guess is that it’s a piece of debris, something harder than lint for sure. It’s possible that it’s something else, though, like the hinge itself on a defective unit pressing up on the screen.

It’s a distressing thing to discover just two days after receiving my review unit. More distressing is that the bulge eventually pressed sharply enough into the screen to break it. You can see the telltale lines of a broken OLED converging on the spot where the bulge is.

Bohn isn’t the only one with problems: Steve Kovach of CNBC, Mark Gurman, and Marques Brownlee all report broken screens on their review units, which they were provided with earlier this week. It appears that Gurman and Brownlee peeled off a protective layer. It looks kind of like that plastic film that all new devices ship with to protect them in transit, but this one is apparently supposed to stay on the screen.

Samsung said a couple of weeks ago that they tested the Galaxy Fold extensively, but this is not a problem that should occur with a two thousand dollar smartphone that will, apparently, be shipping to customers next week. The Galaxy Fold is still a prototype.

Update: Samsung has given a statement to the Verge emphasizing that users should not remove the film that looks like it can and should be removed from the screen. Some people have said that there’s a note that comes with the device indicating that this film should not be peeled off, but Mark Gurman says that some review devices did not have this notice. Also, according to Joanna Stern, Samsung is not delaying the device’s launch despite the issues reported with devices in the first few days of use. I do not think this will go well.

Apple Music’s Improved ‘For You’ Tab

The “For You” tab in Apple Music received a huge update yesterday, and I’m pretty sure I was the first to notice it, for whatever that’s worth. Juli Clover, MacRumors:

Apple Music is now recommending content based on specific bands you’ve listened to before, and there are categories such as “Case of the Mondays,” “Start Your Week Right,” and “To Make You Smile.” There are also category recommendations for music genres you’ve listened to in the past.

Recommendations can be shifted using the Love and Dislike features in Apple Music, and going forward, Apple plans to provide more regular updates to the “For You” section so you’ll have fresh content and recommendations more frequently.

This is far better than the old version of the tab, which prioritized adding new friends and listening to their music over finding more stuff based on your own tastes. The tab seems to keep up with your day a lot better — for example, I was listening to the National’s “Alligator” for a while today and several albums were suggested soon after in “For You”. That makes more sense than having those suggestions offered hours-to-days later.

I’m still baffled by the “New Releases” section at the bottom. Surely it should suggest, well, new releases, but the second-through-fifth suggestions are all over two weeks old. In that time, new albums have been released from artists I’ve listened to and have “loved” on Apple Music that simply don’t show up, not to mention releases from artists that are closely related to my listening history.

However, the first suggestion in “New Releases” is for an album released Monday, so things are looking up.

As Qualcomm and Apple Settle Litigation, Intel Announces It Won’t Make 5G Modems After All

Apple and Qualcomm jointly released this single paragraph announcement of their litigation settlement following the first day of arguments in its trial:

Qualcomm and Apple today announced an agreement to dismiss all litigation between the two companies worldwide. The settlement includes a payment from Apple to Qualcomm. The companies also have reached a six-year license agreement, effective as of April 1, 2019, including a two-year option to extend, and a multiyear chipset supply agreement.

Shortly after, Intel announced that it would be exiting the 5G modem business. Apple’s first 5G iPhone was expected to ship next year with Intel modems, but that obviously won’t be happening now.

Sadly, this is a victory for Qualcomm’s monopolistic licensing practices for industry standards. Today’s settlement will allow Apple to use Qualcomm’s patents for their own 5G modems, rumoured to be used in iPhones shipping in 2021.

Update: Lauly Li, Cheng Ting-Fang, and Takeshi Shiraishi, Nikkei Asian Review:

Intel has been the sole modem chip supplier for iPhones since 2018, owing to Apple’s legal dispute with Qualcomm.

“Apple had been a little concerned whether a sole supplier for modems could affect the company’s plan to introduce its first 5G smartphone next year,” a person familiar with the matter said.

Two questions:

  1. Did Intel give Apple a heads-up that it would be exiting the 5G modem business, thereby prompting today’s settlement?

  2. If yes, is the time between that notification and the settlement better measured in days, hours, or minutes?

Facebook Shared User Data With High-Spending Advertisers, and Repeatedly Proposed Selling Data

Olivia Solon and Cyrus Farivar, NBC News:

Facebook CEO Mark Zuckerberg oversaw plans to consolidate the social network’s power and control competitors by treating its users’ data as a bargaining chip, while publicly proclaiming to be protecting that data, according to about 4,000 pages of leaked company documents largely spanning 2011 to 2015 and obtained by NBC News.

The documents, which include emails, webchats, presentations, spreadsheets and meeting summaries, show how Zuckerberg, along with his board and management team, found ways to tap Facebook’s trove of user data — including information about friends, relationships and photos — as leverage over companies it partnered with.

In some cases, Facebook would reward favored companies by giving them access to the data of its users. In other cases, it would deny user-data access to rival companies or apps.

The litigation that surfaced these documents concerns a creepy app that allowed users to find friends’ bikini pictures. The app’s ability to use friends’ photo albums was terminated by Facebook not necessarily because it violated a developer agreement or because it’s very gross but, according to these documents, for Facebook’s own power and control purposes.

That is just one of several ways Facebook demonstrated an appalling understanding of its own ethical obligations. Executives discussed plans to sell access to user data, and even gave extended data to highly-valuable advertisers. Posts that users marked as visible only to them were, in some cases, available to third-party apps.

I don’t like the idea of a company strip-mining its users’ every move in the digital and physical worlds to create profiles of information against which shitty ads are sold; but, if that is something that anyone still thinks has societal benefits, let’s all agree that the company should ensure that users have control over how their information is shared further.

The Architecture of Humanity

Osita Nwanevu reacts to yesterday’s heartbreaking fire at Paris’ Notre-Dame:

How many things have we put up over the last few decades that would spiritually wound people the world over if they burned down a century from now?

Albert Burneko, Deadspin:

This is not how buildings go up in modern times, and not only or even mainly because technology and construction methods allow them to go up much faster than they did in the 12th century. The project, in constructing a medieval cathedral, was not to get the building up and completed and into use as quickly or efficiently as possible, so that the developer could begin charging rent on its interior square footage. The project was to make the most beautiful and most awe-inspiring possible work of devotion, to create the most permanent possible monument to the human ideals that inspired the project. The idea was to do this no matter how long it all took — to make the finished product vast and timeless and cumulative; such a building would invariably be filled with mystery, would hum with it, and would be worth tending and nurturing and loving forever.

One of the few projects I can think of that has not yet been completed is Gaudí’s Sagrada Família. When that’s done — probably within the next ten years — what other things have we built over the last hundred years that could safely join the ranks of stuff that has been built for the sake of humanity? What are we building today that, if it were consumed by fire, would cause the kind of global anguish and outpouring of grief that defined much of yesterday for the loss of the structure itself?

Twitter’s Complicated and Messy Verification Process

Twitter’s verification process has been a mess since it launched. It was long only offered by invitation to public figures; but, in 2016, the company created a process for the general public to become verified. Even though Twitter still limited verification to people deemed notable enough, it acknowledged that there were individuals who may have been missed by a company run by young men in California.

In November 2017 Twitter announced it would be suspending its public verification process after an organizer of a white supremacist rally in Charlottesville, Virginia that resulted in the murder of Heather Heyer was found to be a verified Twitter user. However, the company never actually stopped verifying accounts. Cale Guthrie Weissman reported in 2018 for Fast Company that users were still being given a checkmark; and, today, Karissa Bell reports for Mashable that the process has continued:

Celebrities, and others with backchannel connections to the company, are able to become verified as Twitter ignores everyday users and those without insider access. In many ways, this secretive process is now more opaque and unfair than it was when anyone could apply on Twitter’s website. At a time when Twitter says it’s trying to be more transparent about its rules, the lack of an official verification policy is hurting groups already susceptible to abuse, critics say.

Twitter argued that it never intended for verification to be a sign of importance — only a way to indicate a real account belonging to a more public figure. Surely, though, if it’s something that’s open exclusively to those it invites to be verified, that’s an implicit assumption that the person is prominent enough for the company to reach out.

Twitter seems utterly confused about what its verification program ought to be. Should it be just a simple way to communicate that an account is run by a real person or company, rather than an impersonator or a robot? Should it be only for public figures? What is a public figure anyhow, in Twitter’s view? How big of a following does a band or a press photographer or a sound recordist need to have for them to be considered notable in Twitter’s eyes?

Most of the special features of verification have been opened up to all users, though I’ve heard that verified users see fewer ads. So the special feature of verification really is the badge — the indication of public visibility and importance. I don’t think it will ever shake a feeling that users bearing it on their profiles are special. I’m not sure Twitter does enough to recognize that or understand the implications of continuing to show a verified badge on Paul Joseph Watson’s profile, for example, and every nonsense tweet he produces from his internal fountain of fecal matter.

Internet Association Lobbying Group Defangs Illinois State Bill to Ban Unauthorized Microphone Use

Sean Gallagher, Ars Technica:

On April 10, the Illinois State Senate passed the “Keep Internet Devices Safe Act,” a bill that would ban Internet device manufacturers from collecting audio from Internet-connected devices without disclosing it to consumers. But the bill was substantially neutered after a fierce lobbying effort by an industry association backed by Amazon and Google.

[…]

The original bill would have made collection of audio by an Internet device “an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act.” That wording would have allowed device owners to complain to the Illinois Attorney General’s office, or any Illinois state’s attorney, and could result in fines of up to $50,000 per case — on top of any other compensatory damages for privacy violations.

The Internet Association — members of which include Google, Amazon, Microsoft, and Facebook — complained, in part, that the bill would allow for penalties of accidental microphone activation. Bugs happen, of course, but why shouldn’t there be liability for unauthorized collection of personal data, even when it’s a mistake? If anything, it’s pretty astonishing that huge breaches of privacy due to negligence are just sort of waived away.

Foxconn Denies Verge Report That Buildings Photographed Empty Are Actually Empty While Announcing Development of Another Empty Building

Nilay Patel, the Verge:

Earlier this week, The Verge published a lengthy investigation into the many “innovation centers” Foxconn has announced in Wisconsin as part of its deal with President Trump to build a (status unknown) LCD manufacturing plant in the state. After spending 10 days on the ground, we simply reported the obvious: most of the “innovation centers” are empty, some of the buildings were never actually purchased, and no one in Wisconsin really seems to know what’s going on.

Today, Foxconn responded to that piece by… announcing another innovation center in Wisconsin, this one in Madison, the state’s capital. The building, which currently houses a bank, actually sits directly across the street from the Capitol building, and it will continue to house the bank because Foxconn did not announce when it would be moving in.

Here are some other things Foxconn did not announce: how much it had paid for the building, how many floors of the building it would occupy, how many people would work there, or what those people would be doing.

Who cracks first and decides to give up on this act — Foxconn or the government of Wisconsin?

Tesla Artificially Caps $35,000 Model 3, Makes It Available for Purchase in Retail Stores Only

From the Tesla blog:

Last quarter, we introduced two new Model 3 variants with more competitive pricing than ever before – Standard and Standard Plus. Since then, Standard Plus has sold at more than six times the rate of Standard, far exceeding our expectations.

Given the popularity of the Standard Plus relative to the Standard, we have made the decision to simplify our production operations to better optimize cost, minimize complexity and streamline operations. As a result, Model 3 Standard will now be a software-limited version of the Standard Plus, and we are taking it off the online ordering menu, which just means that to get it, customers will need to call us or visit any one of the several hundred Tesla stores. Deliveries of Model 3 Standard will begin this weekend.

It was just a month and a half ago — and at the very same time that the promised $35,000 Model 3 became available — that Tesla said that they were going to shutter virtually all of their physical retail stores. Then, just two weeks later, they halted closure of their retail stores and said that they would increase prices instead.

Now, a month later, they’re announcing that, to purchase a base Model 3, you need to go to one of their stores and do so in person. Oh, and because it’s only an artificially limited version of the pricier Standard Plus, it costs the company the same amount to make it. And they’ve made Autopilot standard across the range, because there’s nothing you want more from a company that doesn’t know what it’s doing than a car that drives itself.

Hat tip to George for this link.

AMP Doesn’t Always Improve Site Performance, But Many Publishers Have No Good Choice

Walid Halabi, Unlike Kinds (via Michael Tsai):

But Google already ranks websites by speed. This tells us that every crawled site’s performance is measured in some way that Google finds accurate enough to use for a site’s ranking – you know, the position on Google’s results that can literally mean the difference between a failed business and one that makes millions of dollars, that an $80 billion industry is built upon.

So you’d imagine that Google’s existing page speed ranking could easily be used to limit which sites appear in the carousel. Anything with a performance score below an 80 could appear as a performance issue in Google Search Console, and the site demoted.

But no, Google insists you build your website with their technology.

Google isn’t slowing down in its push to recraft and control the language used to build the web. A couple of weeks ago, they officially launched AMP for email, which is terrible in every way. Yet, there is simply no good choice for publishers who want a chance of their stories appearing at the top of the page for anyone using Google on their phone. This power grab is disgusting and should be treated as an attempt at a hostile takeover.

The Narrow, Subtle Case Against Julian Assange

Mike Masnick, Techdirt:

I am no fan of Julian Assange or Wikileaks. However, for years I’ve made it clear that prosecuting him for publishing leaked documents would be a huge mistake by the US. The DOJ spent years trying to come up with an excuse to charge Assange, but kept realizing they had no case, because while he may have had malicious intent, none of his public actions in releasing documents were any different — legally speaking — than what any investigative journalism outlet did in releasing obtained documents. The Supreme Court has made it clear that publishing classified documents is protected by the First Amendment. If he went beyond just releasing documents, as the indictment alleges, it becomes a lot trickier — but there’s a fine line here.

It’s been clear in the last year or so, that despite years of not finding anything, the DOJ was finally moving ahead with plans to charge him. As we noted last year, everyone who believes in a free press should be concerned about what this might mean for press freedoms in the US as the case proceeds. And that’s true, even if the specific charges right now are limited to actions that are unrelated to the publishing of the documents.

Rayne” at Emptywheel:

I don’t think Conspiracy to Commit Computer Intrusion (18 USC 371, 1030(a)(1), 1030(a)(2), 1030(c)(2)(B)(ii)) is enough to warrant extradition alone.

Otherwise a Leicestershire 18-year-old would have been looking extradition for his attempted hacking of U.S. officials in October 2015, instead of eight charges of “performing a function with intent to secure unauthorised access,” and two of “unauthorised modification of computer material.”

The waiting game continues.

It is not useful speculating at what, specifically, Assange may be charged with in addition to conspiring to crack a user’s password in an attempt to mask a source accessing classified information. But it is worth keeping a close eye on this case. As several legal observers have noted today, there are parts of Assange’s case that overlap with regular journalistic practices of guarding the identity of sources, and receiving secret and classified information. Therefore, this is a case that must be read in its entirety; no single part of the indictment should be seen as setting precedent to punish journalists who work with leaks involving the same kinds of information.

Foxconn Continues to Be a Mystery in Wisconsin

Josh Dzieza, the Verge:

I heard many theories about what Foxconn was doing while I was in Wisconsin: that it’s a scheme to get visas for Chinese workers, a plot to acquire intellectual property or to buy up real estate and become a landlord or to get access to Lake Michigan water for mysterious reasons. A nearby farmer who’d been watching the project closely thinks it’s a ploy to get investor visas using commercial bonds and an excuse for Koch Industries to pipe freshwater over the subcontinental divide and for the military to make large screens inside the US, and that the final product will be a city of tax-protected warehouses and assembly facilities for mostly imported goods. “It’s all opaque so it’s nothing but a guessing game,” he told me.

But the most plausible explanation I heard is that Foxconn’s secret is that it has no idea what it’s doing in Wisconsin.

“In China, people announce projects like this all the time, and some of them get built, and some of them don’t,” said Willy Shih, a Harvard business school professor who consulted in the screen industry for several years. They’re called “state visit projects,” he said. Politicians get a photo op, and companies to get some political goodwill, but everyone knows the announcement is extremely preliminary. Ultimately, the company will do whatever makes economic sense, and sometimes, that turns out to be nothing.

Setting aside the politics and sheer lunacy of this project, it’s heartbreaking to see what it’s doing to the communities Foxconn is eroding. Hundreds of residents’ lives have been upturned; fields have been converted into dirt pits. It could all be for nothing.

Supermassive Black Hole Revealed for First Time Through Interferometry and Artificial Intelligence

Michelle Lou and Saeed Ahmed, CNN:

A global network of telescopes known as the Event Horizon Telescope project collected millions of gigabytes of data about M87 using a technique known as interferometry. However, there were still large gaps in the data that needed to be filled in.

That’s where [Katie Bouman’s] algorithm — along with several others — came in. Using imaging algorithms like Bouman’s, researchers created three scripted code pipelines to piece together the picture.

They took the “sparse and noisy data” that the telescopes spit out and tried to make an image. For the past few years, Bouman directed the verification of images and selection of imaging parameters.

It’s worth reading the 2016 press release announcing the development of this algorithm for a great explanation of how it works.

Ad Targeting Settings in Facebook Reveal Use of Mass Collections of Private Data

Katie Notopoulos, Buzzfeed News:

On Facebook under Settings, there’s a page in the Ads section where you can view your Ad Preferences. Most of this is fairly straightforward — choices about how you’ll allow ads and how advertisers target you based on things like what pages you’ve liked. But there’s one section there that will probably surprise you: a list of advertisers “Who use a contact list added to Facebook.”

[…]

The list of Advertisers, a feature Facebook added for transparency, is incomprehensible to anyone who isn’t an expert in advertising (and even some who are!), and leads to the unsettling realization that, fuck, man, our data is out there and trafficked without our consent and being used by advertisers in ways we have no clue about.

Here’s mine. Me. A person who has lived in New York for 20 years. There’s a South Carolina real estate agent and car dealerships in Colorado, Arizona, Texas, Michigan, It makes absolutely no sense.

Anti-spam laws seem increasingly antiquated. Canada’s law — which went into effect several years ago and is one of the most stringent I know of — requires that recipients give clear consent to receiving marketing messages through electronic means, including email and text message. But it does not place any restrictions on companies from using email addresses as a means of targeting ads. The American aptly-named CAN SPAM law still allows renting an email list, and there’s nothing preventing that list from being used to target ads.

New Music, Podcasts, and Books Applications Rumoured to Be Coming to MacOS

Steven Troughton-Smith:

I am now fairly confident based on evidence I don’t wish to make public at this point that Apple is planning new (likely UIKit) Music, Podcasts, perhaps even Books, apps for macOS, to join the new TV app. I expect the four to be the next wave of Marzipan apps. Grain of salt, etc

Guilherme Rambo, 9to5Mac:

The new Books app will have a sidebar similar to the News app on the Mac, it will also feature a narrower title bar with different tabs for the Library, Book Store, and Audiobook Store. On the library tab, the sidebar will list the user’s Books, Audiobooks, PDFs and other collections, including custom ones.

The new Music, Podcasts, and TV apps will be made using Marzipan, Apple’s new technology designed to facilitate the porting of iPad apps to the Mac without too many code changes. It’s not clear whether the redesigned Apple Books app will also be made using the technology, but given that the redesign came to iOS first and its usage for the other apps, it’s likely that this new Books app will also be using UIKit.

The unrequited optimist in me is imagining a next generation of cross-platform app that feels completely platform native no matter where it’s running. But I have also used Music on the iPad and it’s not as good as its iPhone sibling — and those are just different versions of the same app on the same platform.

iTunes has seemingly been living on borrowed time for years. Between the launch of Apple Music and the separation of its components on iOS, it has seemed like only a matter of when, not if iTunes was to be killed on the Mac. And, as I have no plans to stop using my local music collection and manually syncing a subset of it to my iPhone, I am wary of what this could mean for my stubborn situation over the long term. Rambo says that his sources indicate that iTunes will be left in MacOS 10.15 for people like me, but what about two years from now, for example? I recognize that this is increasingly uncommon.

Apple Drops Data Migration Fee For New Macs and Repairs

Adam Engst, TidBits:

Apple has dropped the $99 fee that it previously charged for migrating data from an old Mac to a newly purchased machine. TidBITS reader and TekBasics consultant David Price wrote to tell us that he has generally advised clients to pay Apple to migrate data to newly purchased Macs, but when he accompanied his brother-in-law to pick up a freshly migrated iMac last week, Apple informed him that there was no charge for the service.

I contacted an Apple Store Operations Specialist, who confirmed the policy change.

It seems to me that the $99 fee was a legacy cost associated with Apple’s One to One program,1 which was discontinued in 2015.


  1. I still miss Gary Allen. ↩︎

Invisible User Tracking by HTML5’s New ‘Ping’ Attribute for Links

Jeff Johnson:

This is a follow-up to my recent article Safari link tracking can no longer be disabled. I’m quite surprised that my complaining about a hidden preference in Safari has generated so much discussion on the internet. I’m also quite pleased, because I think it’s important to draw attention to the privacy implications of the HTML anchor ping attribute and have a public debate about it. I’ve heard so many people say that they weren’t even aware that anchor ping existed until they saw my article, so I’m glad to raise awareness.

[…]

Anchor ping was supposed to be transparent as in easily perceived by the user. Instead, anchor ping has become “transparent” as in invisible to the user. The browsers never informed the user about the ping notifications. And now browsers such as Safari and Chrome are removing the ability of the user to disable the notifications. As far as privacy is concerned, this is not “a wash” compared to previous tracking methods. It’s a cover-up.

Ever since Johnson posted his first article on the subject, I still can’t figure out what users gain by not being informed of both the target URL and the ping. When links are being used for tracking purposes, it makes sense to show the contents of the href so that users aren’t misled; but, if we start assuming all browser features will be used maliciously, it is easy to see why the ping attribute should also be visible to the user. That’s understandable for anyone who has ever followed a bit.ly link to a phishing attempt, shock website, or catchy 1980s music video — hey, remember when the internet was kind of jokey?

Study Suggests Users Don’t Expect Google To Collect as Much Data as It Does

Jason Kint, Nieman Lab:

Our findings show that many of Google’s data practices deviate from consumer expectations. We find it even more significant that consumer’s expectations are at an all-time low even after 2018, a year in which awareness around consumer privacy reached peak heights.

The results of the study are consistent with our Facebook study: People don’t want surveillance advertising. A majority of consumers indicated they don’t expect to be tracked across Google’s services, let alone be tracked across the web in order to make ads more targeted.

Half of those surveyed didn’t expect Google to combine data collected across the web with data collected in its apps. Only about a third of survey respondents indicated that they thought Google might collect information from non-Google apps and services.

Informed consent means that everyone should understand who gets their data and how they obtain it. Users should get to make that choice. So far, that choice has instead been made through voluminous privacy policies, browsers that default to automatically accepting all cookies, and companies that rely on the ignorance and complacency of users just trying to get things done.

Microsoft Announces It Will Stop Selling E-Books Which, Due to DRM, Will Make Existing Customer Libraries Unusable

Cory Doctorow, Boing Boing:

Microsoft has a DRM-locked ebook store that isn’t making enough money, so they’re shutting it down and taking away every book that every one of its customers acquired effective July 1.

Customers will receive refunds.

This puts the difference between DRM-locked media and unencumbered media into sharp contrast. I have bought a lot of MP3s over the years, thousands of them, and many of the retailers I purchased from are long gone, but I still have the MP3s. Likewise, I have bought many books from long-defunct booksellers and even defunct publishers, but I still own those books.

I remember when the iTunes Store was controversial because songs purchased from it were encumbered with DRM. In 2007, Steve Jobs pointed out that using some form of copy protection was a label requirement, not Apple’s decision, and that the company’s preference was to have DRM-free music. And, over the succeeding two years or so, pretty much every song on the store became DRM-free.

In the subsequent ten years, we have somehow regressed. We are now increasingly dependent on subscriptions where DRM is more understandable, and we have fewer choices for non-DRM downloadable versions. I think this shift will be deeply regrettable over the long term.

Facebook Buys Native Advertising Series in the Telegraph Defending Its Business Practices

Rob Price, Business Insider:

Facebook has found a novel solution to the never-ending deluge of negative headlines and news articles criticizing the company: Simply paying a British newspaper to run laudatory stories about it.

Facebook has partnered with The Daily Telegraph, a broadsheet British newspaper, to run a series of features about the company, Business Insider has found — including stories that defend it on hot-button issues it has been criticised over like terrorist content, online safety, cyberbullying, fake accounts, and hate speech.

The series — called “Being human in the information age” — has published 26 stories over the last month, to run in print and online, and is produced by Telegraph Spark, the newspaper’s sponsored content unit.

As an example, this article — about how an app developer left a hundreds of millions of Facebook users’ records on an publicly-available Amazon server — looks exactly the same as this advertisement for Facebook’s account security practices. And there are twenty-five more where that ad came from, all of which look like puffy-but-legitimate news stories that sit alongside one Facebook scandal after another.

This is exactly the worry about sponsored posts and native advertising. It can be done well, but that’s very rare; it is often sneaky and labelled poorly. But what the Telegraph is enabling here is far worse. The paper is participating in and profiting from Facebook’s whitewashing campaign.

New Powerbeats Pro Wireless Headphones Announced, and Some General Thoughts on Bluetooth Headphones

I’m really picky about what headphones I use. For the past several years, I’ve used various neutrally-equalized in-ear monitors. I like them because they sit inside the ear canal, so they isolate what I’m listening to and effectively mute ambient sounds. I also like that frequencies are balanced across the spectrum: they’re not tinny, but they also don’t overemphasize lower frequencies.

I’ve mentioned previously that Apple’s headphones haven’t ever felt great in my ears. The AirPods seem to fit better, but I’m still adjusting to them. A complaint I’ve seen from others about the AirPods is that bass frequencies sound tinny, but I haven’t noticed that problem at all. Lower frequencies sound rich and full to me; if anything, I’ve found the AirPods a little too bass-heavy for my tastes. This is one of the factors that has helped me realize that my complaints about fit have less to do with the size and shape of Apple’s earbuds in my ears, and more to do with their placement.

All of this is to say that the Powerbeats Pro, introduced today and shipping next month, are enticing to me. They feature the same technology as the AirPods: Apple’s H1 chip that improves connection reliability and allows fast device switching, in-ear detection, and great battery life with automatic charging in their case. But instead of sitting just inside the ear, they burrow their way into the ear canal for better noise isolation and fit. They’re also more subtle than a pair of AirPods, especially if you get them in navy, olive green, or black.

The case is much larger than the dental floss-like case of the AirPods, however, and it doesn’t support Qi charging. The latter point isn’t a concern for me — I exchanged my wirelessly-charging AirPods for a standard wired case because, hey, fifty bucks is fifty bucks — but that may be something that tips the scales for you. If it isn’t that, it’s this: these are nearly $100 more than a set of AirPods in the United States.

There’s also the question of lifespan. The batteries in most of these wireless headphones aren’t exactly replaceable so, even though the electronics inside may be completely functional, there’s no way to power them; you need to recycle them or throw them away when the batteries have expired. Apple offers a battery replacement program, but that’s more of an AirPods replacement program; the fee is the same for lost AirPods as it is for a battery swap.

For what it’s worth, I generally get only a couple of years of life out of the wired headphones I’ve owned — even some of the nicer ones. AirPods are more expensive than any headphones I’ve owned so far — and I would wager that it’s the same story for most AirPods owners — while the Powerbeats Pro model is pricier still. One would hope that they would get a longer life than just a couple of years for financial and environmental reasons. It feels a little silly tossing away a perfectly good set of earbuds because a known consumable item within them cannot really be replaced.

Pursuing Increased Viewership, YouTube Executives Ignored Warnings About the Rise of Conspiracy and Extremist Videos

Mark Bergen’s investigation for Bloomberg is devastating:

Micah Schaffer joined YouTube in 2006, nine months before it was acquired by Google and well before it had become part of the cultural firmament. He was assigned the task of writing policies for the freewheeling site. Back then, YouTube was focused on convincing people why they should watch videos from amateurs and upload their own.

A few years later, when he left YouTube, the site was still unprofitable and largely known for frivolity (A clip of David, a rambling seven-year old drugged up after a trip to a dentist, was the second most-watched video that year.) But even then there were problems with malicious content. Around that time YouTube noticed an uptick in videos praising anorexia. In response, staff moderators began furiously combing the clips to place age restrictions, cut them from recommendations or pull them down entirely. They “threatened the health of our users,” Schaffer recalled.

He was reminded of that episode recently, when videos sermonizing about the so-called perils of vaccinations began spreading on YouTube. That, he thought, would have been a no-brainer back in the earlier days. “We would have severely restricted them or banned them entirely,” Schaffer said. “YouTube should never have allowed dangerous conspiracy theories to become such a dominant part of the platform’s culture.”

Somewhere along the last decade, he added, YouTube prioritized chasing profits over the safety of its users. “We may have been hemorrhaging money,” he said. “But at least dogs riding skateboards never killed anyone.”

It has only gotten worse as YouTube’s popularity has increased and Google has taken a more active role in the company. Bergen cites verbal warnings to YouTube staff members from company lawyers, advising them not to get too involved in content moderation to avoid losing plausible deniability. He writes about an internal demonstration that showed that “alt-right” videos were among the most popular categories on the platform, and how a father’s exploitation of his children was defended with free speech arguments.

Meanwhile, one of the best music critics on YouTube is struggling with having dozens of his videos pulled due to copyright violations — despite falling under fair use allowances — and a small-ish comedy channel was deleted from the platform for reasons that are unclear at best. And these individuals can’t simply go somewhere else; there isn’t another YouTube. It has a monopoly on the independent web video space.

Firefox Nightlies Begin Requiring User Action to Trigger Push Notification Requests

Johann Hofmann of Mozilla:

Permission prompts are a common sight on the web today. They allow websites to prompt for access to powerful features when needed, giving users granular and contextual choice about what to allow. The permission model has allowed browsers to ship features that would have presented risks to privacy and security otherwise.

However, over the last few years the ecosystem has seen a rise in unsolicited, out-of-context permission prompts being put in front of users, particularly ones that ask for permission to send push notifications.

[…]

According to our telemetry data, the notifications prompt is by far the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta in the month from Dec 25 2018 to Jan 24 2019. Not even 3% of these prompts got accepted by users. Most prompts are dismissed, while almost 19% of prompts caused users to leave the site immediately after being confronted with them. This is in stark contrast to the camera/microphone prompt, which has an acceptance rate of about 85%!

This is a great move, and I hope all browsers copy Mozilla’s initiative. This will not, however, block those irritating One Signal prompts; for that, you’ll want to block onesignal.com and cdn.onesignal.com in your favourite ad or script blocker.

All software ought to more carefully consider the ways a new feature can be exploited, but web browsers should be especially vigilant due to the open nature of the web. It’s frustrating how jackass marketers and “growth” teams can’t resist abusing a feature as simple as allowing users to get notified when they have a new message.