But here’s something you might not know: the reasons we never put Transmit 5 in the App Store. They’re simple. We weren’t sure we could provide a good-enough Transmit experience under the stringent sandboxing security the App Store requires. And frankly, we weren’t sure Apple cared that much about the App Store on the Mac.
Since then, a lot has changed. macOS Mojave gave us a significantly improved App Store that caters to professionals like yourself and seems to treat apps with respect. And sandboxing has evolved enough that Transmit can be nearly feature-parity with its non-sandboxed cousin.
So, as we promised at WWDC: it was time to give this another go.
The twist is that the Mac App Store version of Transmit is an annual subscription of about $25, instead of the $45 flat cost of buying directly from Panic. I have mixed feelings about that; I’m glad a one-time payment option is still available because, if I were still building websites full-time, I wouldn’t want a critical part of my workflow to evaporate if I unsubscribed. However, I can see the benefit from both Panic’s perspective, as well as for a user or agency that can consistently budget for the software.
There’s one more thing about the Mac App Store version that’s unique, and it’s how it encourages some flexibility in MacOS’ sandboxing.
I downloaded Transmit even though I own a copy of the direct-purchase version. I wanted an answer to my question, which I got, at least partially, by dumping the application binary’s “entitlements”, which represent the sandboxing exceptions that the app has received.
New to me among the entitlements is “com.apple.developer.security.privileged-file-operations”, which is a boolean value set to true for Transmit. I don’t see any Google results for this key, so I’m assuming it’s something new that was added for Panic (and maybe BBEdit), and which may or may not be documented in the future for use by other developers.
I didn’t start this week intending to be kind of a jerk about Amazon nearly every day, but, well, they make it so easy. Take their newest creation: a microwave. Sarah Perez, TechCrunch:
Perhaps some microwaves may not have the most intuitive interfaces, but the learning curve isn’t steep. After the first time you learn to program the power level or enter in how many pounds of meat you’re defrosting, you generally retain that knowledge for later use.
But even if you don’t buy into the premise that microwave controls are a challenge to solve, there’s still the novelty aspect of the voice-activated microwave. If it takes the same or less time, but “feels fun,” some consumers may still buy it, I suppose. (???)
Unfortunately, it wasn’t really all that fun.
In fact, it was often frustrating.
I kind of get the idea behind this product. I don’t know anyone who uses the special function buttons on their microwave. But that’s not because it’s necessarily complicated to use those functions on a conventional microwave; it’s because anything beyond time entry adds unnecessary complication.
Also, this may say more about me than this product idea, but if I started telling friends and family when they came over that they should try talking to the microwave, they would think that I was pulling their leg.
I recently moved into a new apartment that came with a microwave because it’s one of those ones that doubles as a range hood. Every time I want to turn on the light above the stove, I have to actively remember that the button for that is on the microwave keypad. It’s ridiculous. All anyone I know wants from a microwave are buttons for time and a big “start” button — that’s it.
In the nearly 10 years since AmazonBasics arrived, the company has manifested an alternative brand reality, one both far more comprehensive and yet less conspicuous than those of its brick-and-mortar predecessors. (A family could mostly sustain itself on Kirkland products, but it would be abundantly aware it was living in Costco’s world.) This effort is broadly understood to have been a success, generating up to $7.5 billion this year and potentially $25 billion by 2022, according to analysis by SunTrust Robinson Humphrey.
Amazon-affiliated brands are promoted in search results on the site and inflated by reviews from Amazon’s Vine program, in which users receive items in exchange for their feedback. And, compared to better known competitors, they tend to be priced aggressively. In creating its own brands Amazon is indeed like any other large store. But Amazon isn’t any other large store. It’s Amazon: the world-historical logistical experiment that happens to call itself a store. It has unlimited shelf space and a boss with an eye on global domination. It tends to try a lot of things at once.
I’ve noticed that when I’m looking for something very specific — a refill pack of the exact heads my Oral B toothbrush requires, or a copy of the Gun Club’s “Mother Juno” LP — Amazon is a great place to comparison shop. Ideally, it’s less expensive and I don’t need the item, like, now; often, it’s about the same price as any store here and I do need the item, like, now.
But if I’m browsing more generally than that — if I’m looking for some kind of LED lightbulb, or a new sweater — Amazon is impossible. There’s lots of apparent choice, but it’s repetitive, overwhelming, and often from a brand I’ve never heard of at a suspiciously low price. It’s not long before I feel like I’m browsing the bin behind a factory that exclusively makes counterfeits. And there’s no indication that we want this much choice. It would be like if Apple Music advertised itself as having over a hundred million songs, but didn’t mention that eighty million of them are drunken karaoke performances of “Mambo No. 5”. It feels like a scam.
AT&T CEO Randall Stephenson yesterday urged Congress to pass net neutrality and consumer data privacy laws that would prevent states from issuing their own stricter laws.
“There are a number of states that are now passing their own legislation around privacy and, by the way, net neutrality,” Stephenson said in an interview at a Wall Street Journal tech conference (see video). “What would be a total disaster for the technology and innovation you see happening in Silicon Valley and elsewhere is to pick our head up and have 50 different sets of rules for companies trying to operate in the United States.”
Amazon today announced that we have selected New York City and Arlington, Virginia, as the locations for our new headquarters. Amazon will invest $5 billion and create more than 50,000 jobs across the two new headquarters locations, with more than 25,000 employees each in New York City and Arlington. The new locations will join Seattle as the company’s three headquarters in North America. In addition, Amazon announced that it has selected Nashville for a new Center of Excellence for its Operations business, which is responsible for the company’s customer fulfillment, transportation, supply chain, and other similar activities. The Operations Center of Excellence in Nashville will create more than 5,000 jobs.
Amazon’s HQ2 search was not a contest but a con. Amazon will soon have 3 HQs. And guess what? The Bezos family owns homes in all 3 cities. And, you’ll never believe it, the new HQs (if you can call them that) will be within a bike ride, or quick Uber, from Bezos’s homes in DC and NYC. The middle finger on Amazon’s other hand came into full view when they announced they were awarding their HQ to not one, but two cities. So, really, the search, and hyped media topic, should have been called “Two More Offices.” Only that’s not compelling and doesn’t sell. Would that story have become a news obsession for the last 14 months, garnering Amazon hundreds of millions in unearned media?
Both New York and Virginia have agreed to not charge the second highest-valued public company on Earth billions of dollars in taxes and give them ridiculous and unnecessary incentives, despite the already-strained infrastructure in those cities. This, just a year after Wisconsin did the same to attract a Foxconn plant which, ultimately, will fall far short of economic expectations used to justify tax breaks and subsidies there, because of course it will.
See Also:Derek Thompson in an article for the Atlantic arguing for a law prohibiting, as he puts it, “this sort of corporate bribery”.
Under agreement between Amazon and Virginia, the commonwealth will give the company written notice about any FOIA requests “to allow the Company to seek a protective order or other appropriate remedy”.
Even for the high level of incentives that could be expected for Amazon’s PR stunt, concessions like these are extraordinary and set a highly dangerous precedent.
The T2 is “a guillotine that [Apple is] holding over” product owners, iFixit CEO Kyle Wiens told The Verge over email. That’s because it’s the key to locking down Mac products by only allowing select replacement parts into the machine when they’ve come from an authorized source — a process that the T2 chip now checks for during post-repair reboot. “It’s very possible the goal is to exert more control over who can perform repairs by limiting access to parts,” Wiens said. “This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don’t know.”
It’s unfortunate that those are the only two possibilities in Wiens’ mind: either Apple is being a dictator or an autocrat. “We just don’t know”. Is there any reason that could be less insidious and headline-grabbing, and more justifiable?
Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the new repair requirements for T2-equipped Macs. But Apple could not provide a list of repairs that required this or what devices were affected. It also couldn’t say whether it began this protocol with the iMac Pro’s introduction last year or if it’s a new policy instituted recently.
Apple is requiring that repairs involving security-sensitive components use genuine Apple parts and are verified after completion — I know that’s a somewhat less attention-grabbing story, but it is a more accurate take on what the company is doing here. That’s not to defend this practice, by the way. It’s understandable, given the prevalence of badly-made fake components that could compromise security, but I wish there were alternatives for those who don’t live close to an Apple Store.
Also, for what it’s worth, I think it’s slightly irresponsible to be quoting Wiens at length for stories like these without disclosing fully that iFixit sells replacement parts and servicing tools. I know that’s fairly widely-known, but journalists should disclose financial interests or other conflicts-of-interests that their sources might hold. I don’t think there’s anything shameful or untrustworthy about putting quotes in context.
Sam Rutherford of Gizmodo, shortly after Apple announced their new iPhone lineup in September:
The new iPhones are here, and with them, Apple has once again pushed the price of smartphones even higher — especially the iPhone Xs Max which starts at $1,100 and goes all the way up to a staggering $1,450 if you upgrade to 512GB of storage.
This isn’t unusual for Rutherford; when the iPhone X was launched last year, he described its price as “eye-watering” and “outrageous”.
Rutherford today, reacting to the rumoured price of Samsung’s experimental foldable screen phone, in an article with the headline “Samsung’s First Flexible Phone Could Cost $1,700, and That Price Seems Totally Reasonable”:
That’s because Samsung’s flexible screen device — which has been dubbed the Galaxy F for now — may cost around 2 million won (about $1,760 U.S.) when it goes on sale in the first half of 2019, according to an estimate from Golden Bridge Investment published by the Korea Times.
That price may come as a major downer for people who have been searching for alternatives to the boring glass bricks we’ve been living with for the past decade or so. But if you consider the state of smartphones today, 2 million won doesn’t actually seem that outlandish.
Rutherford does a bunch of math based on guesses — like an assumption that the screen will withstand wear and tear for years — still ends up $350 short of the rumoured price of the flexible phone, and somehow just hand-waves that away.
I have absolutely no problem with anyone trying to justify to themselves the high price of a product they want. But you can bet that, if Apple were the ones launching an $1,800 phone that has two folding screens, Rutherford’s commentary would not be so glowing.
I don’t mean to pick on just one person, either. I just think it’s quite weird that it’s somehow less justifiable to charge a high price for a well-made and proven product that people actually want than it is for an experimental and gimmicky product.
I’ve been planning to write a post about the new Apple products for over a week, but I keep getting distracted. Today, I went to Apple’s PR pages for the MacBook Air, the Mac mini, and the iPad Pro to download images and went off on another tangent. As usual, I will inflict that tangent on you.
Apple provides the product images as zipped archives, so when I clicked on the link in the press release, I was confronted with this “what do I do?” screen in Safari.
The efficient thing would have been to walk ten feet over to my iMac and download the zip files there, where they can be expanded with almost no thought. But I took the procrastinator’s way out, deciding to solve the problem of dealing with zip files on iOS once and for all.
This is one of those iOS things that has always driven me nuts, especially on my iPad. MacOS has unarchiving built into it; iOS pretends that it just doesn’t know what to do with any archive format.
iOS 11 slightly improved upon this with the introduction of the Files app. You can tap the “Preview Content” button and then tap the list button to see the contents of the archive.1 Then you can select each file individually and then tap the share button to save each file individually. That’s not very efficient at all.
There are some unarchiving apps in the store, but they’re all pretty ropey. Drang’s shortcut is probably the best solution I’ve found so far, but this is one of those things that iOS should just be able to handle.
Also, Files apparently thinks that “1” is followed by “10”, unlike the MacOS Finder. ↩︎
iFixit opened up Apple’s new MacBook Air and Mac Mini and there are some notable changes to the assembly methods of each. The Mini now has user-replaceable RAM, reversing Apple’s decision in 2014 to solder it directly to the board, while the Air differs from recent MacBook Pro models by allowing the battery to be replaced independently of the top case. Yes, storage is still mounted directly on the logic board, but it’s understandable from a security perspective — it is closely linked to the T2’s hardware encryption. (See update below.) Overall, these are small but welcome improvements to repair-averse recent production techniques.
Update: It doesn’t appear that the security features of the T2 necessarily prevent a Mac from having changeable internal storage — at least, not according to the security guide and, more tellingly, iFixit’s teardown of the iMac Pro.
For a while now I have been bouncing back and forth between using Dark Sky and Hello Weather as my tools of choice. Then a few months ago, after seeing some new features (at the time) of CARROT Weather, I decided to give the quirky app a try. The thing about CARROT is that the entire aesthetic and tone of the app makes it seem like it’s not a serious app.
However, I’ve found that it is perhaps the best weather app. Allow me to explain why.
I’ve bounced around between a lot of weather apps, but Carrot has stuck with me for a long time now. It’s not just well-illustrated and hilarious — particularly if you turn the “personality” setting to “overkill”, as I immediately did upon finding said setting — it is information-dense and customizable, too. If you haven’t tried it yet, consider giving Carrot a shot.
In the wake of several apps abusing subscriptions, Charles Arthur put together a well-illustrated guide to finding the app subscriptions management screen on iOS. It isn’t in the App Store, nor can you search for it in Settings because it’s inside of a web view. Ryan Jones previously registered a single-serving domain that redirected to the subscription management screen, but Apple legal didn’t like that.
This needs to be easier. Subscriptions are an increasingly-relevant revenue model. It has been two years since Apple revised the terms of subscriptions to make them more developer-friendly, but the management UI for users has simply never been easily-found.
If you’ve read our iPad Pro review, you know most of those claims hold up. Apple’s latest iOS devices aren’t perfect, but even the platform’s biggest detractors recognize that the company is leading the market when it comes to mobile CPU and GPU performance—not by a little, but by a lot. It’s all done on custom silicon designed within Apple—a different approach than that taken by any mainstream Android or Windows device.
But not every consumer—even the “professional” target consumer of the iPad Pro—really groks the fact this gap is so big. How is this possible? What does this architecture actually look like? Why is Apple doing this, and how did it get here?
After the hardware announcements last week, Ars sat down with Anand Shimpi from Hardware Technologies at Apple and Apple’s Senior VP of Marketing Phil Schiller to ask. We wanted to hear exactly what Apple is trying to accomplish by making its own chips and how the A12X is architected. It turns out that the iPad Pro’s striking, console-level graphics performance and many of the other headlining features in new Apple devices (like FaceID and various augmented-reality applications) may not be possible any other way.
Every passing year that Intel drops the ball is another reinforcement that Apple’s $278 million purchase of P.A. Semi ten years ago was the deal of the century, especially when they announce that they’re building a MacBook on their own architecture.
AT&T will alert a little more than a dozen customers within the next week or so that their service will be terminated due to copyright infringement, according to sources familiar with its plans.
[…]
AT&T owns a content network after its purchase of Time Warner earlier this year, an entity now called WarnerMedia. Content networks are typically responsible for issuing these types of allegations to internet service providers (ISPs) for them to address with their customers.
A source said it’s unclear whether WarnerMedia was involved directly in issuing piracy allegations in these instances, although it’s possible.
Studios and record labels have been fighting for ages to get users disconnected for copyright infringement. Many of them must be thrilled to now be owned by the same people who control internet access — frequently with little competition, leaving users with few or no alternatives.
Apple wisely seeded Marco Arment with a Mac Mini review model:
It’s the same size as the old one, which is the right tradeoff. I know zero Mac Mini owners who really need it to get smaller, and many who don’t want it to get fewer ports or worse performance.
The point of the Mac Mini is to be as versatile as possible, addressing lots of diverse and edge-case needs that the other Macs can’t with their vastly different form factors and more opinionated designs. The Mac Mini needs to be a utility product, not a design statement. (Although, even as someone tired of space-gray everything, I have to admit that the Mini looks fantastic in its new color.)
This new Mini is one of the best updates Apple has shipped recently for the Mac. I know it’s more expensive than the previous model, but I really think that this is a clear instance of “we don’t ship junk”. I say that not necessarily because it’s more powerful in CPU benchmarks than any other Mac, save the iMac Pro and the highest-end Mac Pro configuration — though that’s very nice — but because it’s a product that is very capable in almost every aspect. The only exception to that is graphics performance; but, if that’s important to your workflow, you can pick up an external GPU for maximum power in that regard and have a truly excellent, albeit highly modular, system. I don’t mean this as a slight: I hope the next update is not also four years in the making.
The biggest downside to the new Mac Mini, to my eyes, is that there are simply no good Thunderbolt 5K displays out there. That market just doesn’t exist yet.
A new post by Justin O’Beirne is an immediate must-read for me, and this latest one is no exception. In fact, it’s maybe the one I would most recommend because it’s an analysis of the first leg of a four-year project Apple unveiled earlier this year. Here’s what Matthew Panzarino wrote at the time for TechCrunch:
The coupling of high-resolution image data from car and satellite, plus a 3D point cloud, results in Apple now being able to produce full orthogonal reconstructions of city streets with textures in place. This is massively higher-resolution and easier to see, visually. And it’s synchronized with the “panoramic” images from the car, the satellite view and the raw data. These techniques are used in self-driving applications because they provide a really holistic view of what’s going on around the car. But the ortho view can do even more for human viewers of the data by allowing them to “see” through brush or tree cover that would normally obscure roads, buildings and addresses.
Regardless of how Apple is creating all of its buildings and other shapes, Apple is filling its map with so many of them that Google now looks empty in comparison. […]
And all of these details create the impression that Apple hasn’t just closed the gap with Google — but has, in many ways, exceeded it…
[…]
But for all of the detail Apple has added, it still doesn’t have some of the businesses and places that Google has.
[…]
This suggests that Apple isn’t algorithmically extracting businesses and other places out of the imagery its vans are collecting.
Instead, all of the businesses shown on Apple’s Markleeville map seem to be coming from Yelp, Apple’s primary place data provider.
Rebuilding Maps in such a comprehensive way is going to take some time, so I read O’Beirne’s analysis as a progress report. But, even keeping that in mind, it’s a little disappointing that what has seemingly been prioritized so far in this Maps update is to add more detailed shapes for terrain and foliage, rather than fixing what places are mapped and where they’re located. It isn’t as though progress isn’t being made, or that it’s entirely misdirected — roads are now far more accurate, buildings are recognizable, and city parks increasingly look like city parks — but the thing that frustrates me most about Apple Maps in my use is that the places I want to go are either incorrectly-placed, not there, or have inaccurate information like hours of operation.
SmugMug is making lots of changes to Flickr, which they acquired in April from Verizon, via Oath, via Yahoo. Yesterday, they announced that they would be supporting wide colour gamuts and move to Amazon Web Services from Yahoo’s data centres; today, they said that they would — finally — disconnect from Yahoo’s account and login system.
But perhaps the biggest Flickr news of today is the discontinuation of the virtually-unlimited terabyte of storage offered to free accounts. Andrew Stadlen, Flickr’s VP of product:
Beginning January 8, 2019, Free accounts will be limited to 1,000 photos and videos. If you need unlimited storage, you’ll need to upgrade to Flickr Pro.
[…]
Second, you can tell a lot about a product by how it makes money. Giving away vast amounts of storage creates data that can be sold to advertisers, with the inevitable result being that advertisers’ interests are prioritized over yours. Reducing the free storage offering ensures that we run Flickr on subscriptions, which guarantees that our focus is always on how to make your experience better. SmugMug, the photography company that recently acquired Flickr from Yahoo, has long had a saying that resonates deeply with the Flickr team and the way we believe we can best serve your needs: “You are not our product. You are our priority.” We want to build features and experiences that delight you, not our advertisers; ensuring that our members are also our customers makes this possible.
This decision is understandable, but it is a little confusing: what happens to your pictures if you, like I, have an account that exceeds the thousand-photo limit? A footnote on Flickr’s announcement page goes partway towards explaining:
Free members with more than 1,000 photos or videos uploaded to Flickr have until Tuesday, January 8, 2019, to upgrade to Pro or download content over the limit. After January 8, 2019, members over the limit will no longer be able to upload new photos to Flickr. After February 5, 2019, free accounts that contain over 1,000 photos or videos will have content actively deleted — starting from oldest to newest date uploaded — to meet the new limit.
It sounds like they’re just going to literally delete older photos past the limit, which is pretty wild. It’s not every day that a company tells its users that, in the near future, it’s going to start deleting their data.
But what remains unanswered is if they are truly erasing old photos or if they’re just hiding them from public and user view. I would assume that, if you do pay for a Pro subscription after the February 5 deadline, these photos would once again be visible, but I don’t know that for sure. It is also unclear if there are changes for users with expired pro subscriptions. I’ve reached out to SmugMug and will update this post if I hear back with answers.
In the interim, my suggestion is to download your photos and videos, just to be safe. Head to your Flickr settings and click the button to request your account data.
One of Facebook’s major efforts to add transparency to political advertisements is a required “Paid for by” disclosure at the top of each ad supposedly telling users who is paying for political ads that show up in their news feeds.
But on the eve of the 2018 midterm elections, a VICE News investigation found the “Paid for by” feature is easily manipulated and appears to allow anyone to lie about who is paying for a political ad, or to pose as someone paying for the ad.
To test it, VICE News applied to buy fake ads on behalf of all 100 sitting U.S. senators, including ads “Paid for by” by Mitch McConnell and Chuck Schumer. Facebook’s approvals were bipartisan: All 100 sailed through the system, indicating that just about anyone can buy an ad identified as “Paid for by” by a major U.S. politician.
Feature built to curb abuse relies on… people and organizations using it in good faith.
If you can’t trust organizations trying to manipulate elections by preying on individuals’ trust in apparently honest discourse at this tense time in the world, who can you trust?
There’s a lot to discuss following today’s Apple event in New York, but one thing, in particular, that I’d like to highlight is how they promoted external display capabilities as one reason for the change on the new iPad Pro to a USB-C connector from Apple’s proprietary Lightning connector. It’s something John Ternus mentioned a few times onstage but, oddly, this capability is only shown in the video on the iPad Pro’s marketing webpages and it has barely been given a passing mention in the company’s press release.
Even with the limited information available, I think this speaks to Apple’s greater ambitions for the iPad as much — or even more than — the power and software improvements they’ve made over the past few years. The future of the computer probably looks a lot like plugging a display into an iPad and using a connected keyboard and perhaps a trackpad with a different UI.
This isn’t entirely revolutionary; Microsoft has been pursuing a similar strategy with their Surface line for years. The critical difference, I think, is that the Surface was borne of a desktop-and-laptop world, while the iPad was derived from a smartphone. In 2012, I wrote a piece where I proposed — poorly — that that the reason the iPad was selling well where Microsoft’s tablet efforts, at the time, were not was because the common criticism of the iPad as a bigger iPhone was actually an advantage.
If there is a smartphone-to-desktop continuum, with the tablet somewhere in the middle, Microsoft has long approached it as skinning Windows with touch drivers and bigger buttons, while Apple chose to start by making a touchscreen phone and build up from there.
The vestiges of these differing approaches are clearly evident today. There are still plenty of examples of Windows feeling like a desktop operating system even when running on a tablet; and there are lots of places throughout iOS that feel like upscaled smartphone interfaces.
Looking beyond that, though, at what is plausibly within reach in the next few years is a culmination of efforts to overhaul the way we think about computers. Apple has, for years, been touting the iPad as the computer of the future — the pioneer in the post-PC era. But the product has not necessarily matched the company’s rhetoric, largely because it’s still trying to grow out of the smartphone-based constraints that are primarily exposed in software; that’s the root of where most of its limitations still lie.
If the scenario I outlined above is, indeed, the way Apple sees the future of this product line, there’s still a long way to go: multitasking isn’t there yet, the keyboard remains an afterthought, an iPad isn’t as information-dense because its controls still need to be touch-friendly, and so on. But there are clues that Apple is very serious about the iPad as a replacement computer. USB-C and the singling-out of external display support is one such indicator, I feel; iOS 11 brought the Dock to the iPad, which makes it feel much faster for switching between apps; and there are some iPad-specific Springboard improvements destined for iOS 13 that ought to shake things up.
Taking a step back, I think it’s worth addressing how far the iPad’s software has felt compared to the hardware, as far as telling a complete and elegant story about using it as a full Mac replacement. The new iPad Pro models look wildly impressive — like pure slabs of magic internet-connected glass. But the software has evolved far slower. A big reason for this is, I believe, that using iOS as the basis for the future of personal computers has required a rethink of every system paradigm taken for granted on the Mac. I don’t think it has been universally successful. But I do truly believe that by building iOS up as opposed to breaking MacOS down — that is, adding functionality within a made-for-touch framework rather than glomming touch onto MacOS — will prove to be a wise choice in the coming years.
Thomas Brewster of Forbes broke the news of the existence of GrayKey in March, and has been covering it brilliantly since:
Now, though, Apple has put up what may be an insurmountable wall. Multiple sources familiar with the GrayKey tech tell Forbes the device can no longer break the passcodes of any iPhone running iOS 12 or above. On those devices, GrayKey can only do what’s called a “partial extraction,” sources from the forensic community said. That means police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures.
Previously, GrayKey used “brute forcing” techniques to guess passcodes and had found a way to get around Apple’s protections preventing such repeat guesses. But no more. And if it’s impossible for GrayKey, which counts an ex-Apple security engineer among its founders, it’s a safe assumption few can break iPhone passcodes.
That last sentence requires two more words: “for now”. That’s how it works. After a security threat is revealed, it is patched; repeat constantly until the end of time. The biggest difference here is that there’s an enormous market for iOS vulnerabilities due to its high grade of security and its popularity, so it is not in the best interests of those who find these vulnerabilities to report them to Apple or disclose them publicly.
That, in part, is why the method by which Apple prevented GrayKey from working is just as mysterious as the means by which GrayKey worked in the first place. It’s also why it is plausible that there is a vulnerability just as insidious in every iOS device out there that won’t get reported to Apple for fixing if it’s good enough for Grayshift or Cellebrite to buy.
Last April, Steven Schoen received an email from someone named Natalie Andrea who said she worked for a company called We Purchase Apps. She wanted to buy his Android app, Emoji Switcher. But right away, something seemed off.
[…]
Schoen had a Skype call with Andrea and her colleague, who said his name was Zac Ezra, but whose full name is Tzachi Ezrati. They agreed on a price and to pay Schoen up front in bitcoin.
“I would say it was more than I had expected,” Schoen said of the price. That helped convince him to sell.
A similar scenario played out for five other app developers who told BuzzFeed News they sold their apps to We Purchase Apps or directly to Ezrati. (Ezrati told BuzzFeed News he was only hired to buy apps and had no idea what happened to them after they were acquired.)
Giant klaxons are already blaring in my head and this doesn’t even concern the actual — you know — fraud part of the story. The ability to migrate apps and their entire user bases to different developers is an alarming security risk, particularly with the broad use of automatic update mechanisms. This reminds me of when the Stylish browser extension was sold to a new owner that immediately saddled it with spyware. Users should be made fully aware of an ownership change and some sort of action on the user’s ought to be required for them to update to a newer version of the software.
Silverman:
One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app’s human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News’ request.
This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems.
[…]
App metrics firm AppsFlyer estimated that between $700 million and $800 million was stolen from mobile apps alone in the first quarter of this year, a 30% increase over the previous year. Pixalate’s latest analysis of in-app fraud found that 23% of all ad impressions in mobile apps are in some way fraudulent. Overall, Juniper Research estimates $19 billion will be stolen this year by digital ad fraudsters, but others believe the actual figure could be three times that.
In other forms of advertising, spots are pre-sold for a specific fee based only on an estimated audience. If yet another vacuum-packed mattress company buys ads in an episode of a podcast, it doesn’t matter whether that episode is downloaded ten thousand times or a hundred thousand times — the mattress company will have paid the same price for that spot. Sponsoring later episodes might cost them more if there are an increasing number of listeners, or the podcaster may cut them a deal for multiple sponsorships, but there isn’t a real-time bidding scheme. It’s the same for print and television. Effectiveness in terms of action taken is harder to measure directly, but that encourages advertisers and creative firms to make something eye-catching and memorable.
For most online advertising, though, this is completely backwards: advertisers are charged and ad placements are paid out based on how many views or clicks there have been, not how many there are expected to be. This makes it much harder to differentiate fraudulent behaviour from honest views. It typically requires more tracking in order to be able to model real human behaviour — something that was defeated in this case. And, according to a recent report produced for Radiocentre — a trade group for British commercial radio stations — online ads of all types are completely ineffective (PDF).1
In general, the incentives of online advertising encourage fraud, clickbait, and spyware. This will continue to be the case so long as these ads are behaviourally targeted, and are paid for based directly on the number of views and clicks.
One side effect of the ineffectiveness of online ads is that a huge industry has been built on the basis of creating ads that don’t look like ads. Social media “influencers”, native advertising, and content marketing all fall into this bucket. They’re generally just as unmemorable as other online advertising, but with the added bonus of feeling scummier and more manipulative because they aren’t obviously ads. ↩︎
Apple granted Jack Nicas of the New York Times a rare glimpse inside its Apple News team’s editorial discussions:
Apple has waded into the messy world of news with a service that is read regularly by roughly 90 million people. But while Google, Facebook and Twitter have come under intense scrutiny for their disproportionate — and sometimes harmful — influence over the spread of information, Apple has so far avoided controversy. One big reason is that while its Silicon Valley peers rely on machines and algorithms to pick headlines, Apple uses humans like [editor in chief Lauren Kern].
[…]
That approach also led Apple News to not run an ABC News bombshell in December about Robert Mueller’s investigation into the Trump campaign’s ties to Russia. The story alleged that former national security adviser Michael Flynn was prepared to testify that Mr. Trump had directed him to contact Russian officials during the 2016 campaign. It rocketed across the internet, boosted by Google, Facebook and Twitter, before ABC News retracted it.
Ms. Kern said she and her team did not run the story because they didn’t trust it. Why? It’s not a formula that can be baked into an algorithm, she said.
“I mean, you read a story and it doesn’t quite pass the smell test,” she said.
There has been a rush to make much of the world driven by machine learning because we now can do that, but seemingly few of the people who are a position to make decisions about this have actually questioned whether we should be letting algorithms replace thought. Apple’s solution is imperfect, but it certainly helps reduce the likelihood of embarrassing blunders — even Apple itself can learn from that.
Apple CEO Tim Cook today called on the US government to pass “a comprehensive federal privacy law,” saying that tech companies that collect wide swaths of user data are engaging in surveillance.
Speaking at the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels, Cook said that businesses are creating “an enduring digital profile” of each user and that the trade of such data “has exploded into a data-industrial complex.”
“This is surveillance,” Cook said. “And these stockpiles of personal data serve only to enrich the companies that collect them. This should make us very uncomfortable.”
Apple is, of course, imperfect in this regard: while they try to restrict the ways in which app developers may collect sensitive data, there are plenty of apps that still ask for access to your contact list, ostensibly to allow you to find friends using the same app or service, but without clearly indicating how they will treat that list over a long term; and, as others have mentioned, they have retained Google as the default search provider in Safari on all platforms. The latter is particularly hard to reconcile — last year, they changed web searches made through Siri or Apple Search from Bing to Google. Google reportedly paid Apple $9 billion in 2018 for this privilege, which feels a little bit like a bribe to collect Safari users’ personal information.
On the other hand, Apple has made strides to reduce users’ dependency on Google. The website suggestions that appear as you type in the address bar are not driven by Google, but by Apple’s own web crawler; the suggestions in Search on iOS for things like the weather and sports scores are also not powered by Google. Apple has also continued to roll out privacy protections in Safari with features like Intelligent Tracking Prevention.
It’s much easier to be a privacy hawk when your business doesn’t depend on surveillance-based advertising. Even so, Tim Cook’s critique of the “data industrial complex” is a watershed for tech industry discourse.
It’s also much easier to not build a business dependent on surveillance when you are a privacy hawk.
Cook’s speech reads to me as an honest representation of his own stance and Apple’s ideals about how data ought to be collected and stored. Privacy does not seem like an add-on, but an integral part of the company’s development processes. It is a principled stance.
Embargoes for reviews of the iPhone XR were lifted this morning and John Voorhees of MacStories collected some of the more notable excerpts. Based on everything I’ve read, it sounds like you’re getting virtually all of the experience of an iPhone XS Max in a slightly smaller, far more colourful, and vastly less-expensive device with a not-as-spectacular-but-still-excellent display. All of that sounds great.
But there is one thing eating at me with this new iPhone lineup: the starting price for a current model year iPhone is now $50 more than last year, and $100 more than two years’ prior. It’s as though they’ve dropped the entry-level model and are starting at what was previously Plus model pricing. In Canada, the difference is even more pronounced — for the first time, you cannot get a current model year iPhone for under $1,000. The iPhone XR might be the least-expensive iPhone Apple launched this year, but it is by no means a budget device.
That’s not to say that it’s necessarily the wrong move from a unit sales perspective. Presales of the XR seem strong, and every indication — including the rapidly-rising average selling price — indicates that the iPhone X and XS models have sold very well indeed. It is arguably indicative of how much we value our smartphones compared to any other consumer electronics device. But it also means that getting into the iPhone ecosystem at the base model flagship level has become markedly more pricey.
There are two ways of looking at this: Apple has made more affordable the iPhone X design and features, and Apple has dramatically increased the base price of an iPhone.
According to a [Bloomberg] company source, editorial staff has been “frustrated” that competing news organizations haven’t managed to match the scoop. Sources tell the Erik Wemple Blog that the New York Times, the Wall Street Journal and The Post have each sunk resources into confirming the story, only to come up empty-handed. (The Post did run a story summarizing Bloomberg’s findings, along with various denials and official skepticism.) It behooves such outlets to dispatch entire teams to search for corroboration: If, indeed, it’s true that China has embarked on this sort of attack, there will be a long tail of implications. No self-respecting news organization will want to be left out of those stories. “Unlike software, hardware leaves behind a good trail of evidence. If somebody decides to go down that path, it means that they don’t care about the consequences,” Stathakopoulos says.
In the face of challenges to the story’s veracity, Bloomberg has commissioned additional reporting to reinforce its initial findings. One of the story’s reporters, for example, contacted a former Apple employee on Oct. 10 seeking information on the alleged purge of Supermicro servers, according to correspondence reviewed by the Erik Wemple Blog. We asked Bloomberg about any additional reporting on the alleged hack. “We do not comment on our unpublished newsgathering, editorial processes, or plans for future reporting,” replied a company spokeswoman.
Michael Riley, one of the reporters on the story, quickly asserted after the story’s publication that the physical evidence assured that corroborating stories would soon be published. Not only has that not happened, it’s the inverse that has: source after source raising doubts about the accuracy of the story’s core arguments. This isn’t just embarrassing, it’s toxic to Bloomberg’s credibility and the often-necessary use of sources speaking only on background.
The result has been an impasse between some of the world’s most powerful corporations and a highly respected news organization, even in the face of questions from Congress. On Thursday evening, an indignant Cook further ratcheted up the tension in response to an inquiry from BuzzFeed News.
“There is no truth in their story about Apple,” Cook told BuzzFeed News in a phone interview. “They need to do that right thing and retract it.”
This is an extraordinary statement from Cook and Apple. The company has never previously publicly (though it may have done so privately) called for the retraction of a news story — even in cases where the stories have had majorerrors or were demonstratively false, such as a This American Life episode that was shown to be fabricated.
What’s wild to me is, if Bloomberg’s story is completely true, no other news organization has been able to independently corroborate it — even in part. Reporters at the New York Times, Wall Street Journal, and Financial Times all have terrific sources within the tech companies concerned, the Chinese supply chain, and the American government. Surely, if the story is as Bloomberg describes, one of those publications ought to be able to use the story as a starting point to confirm either an ongoing investigation or the existence of the suspicious components, right? Or how about well-connected infosec and supply chain experts — why haven’t they, as Buzzfeed reports, been able to echo any of Bloomberg’s claims?
This is one of the most baffling sagas I can remember. Either the supply chain is hosed and companies like Apple and Amazon really have no idea, they do know and their executives are covering it up in flagrant violation of the law, or an esteemed news organization fucked up to an immense degree. If it’s the latter, Bloomberg is doing themselves no favours by continuing to stand by its increasingly dubious reporting.
