U.S. President Joe Biden today signed an executive order, previously covered, which intends to limit the sale and distribution of Americans’ sensitive data to “countries of concern”:

To address this threat and to take further steps with respect to the national emergency declared in Executive Order 13873, the order authorizes the Attorney General, in coordination with the Secretary of Homeland Security and in consultation with the heads of relevant agencies, to issue, subject to public notice and comment, regulations to prohibit or otherwise restrict the large-scale transfer of Americans’ personal data to countries of concern and to provide safeguards around other activities that can give those countries access to sensitive data. […]

According to a fact sheet (PDF) from the U.S. Department of Justice, six countries are being considered for restrictions: “China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela”. The sensitive data which will be covered includes attributes like a person’s name, their location, and health and financial information.

This sounds great in theory, but it will be difficult to enforce in practice as data brokers operating outside the U.S. will not have the same restrictions. That is not to say it is useless. However, it is not as effective as creating conditions hostile to this kind of exploitation to begin with. You should not have to worry that your precise location is being shared with a data broker somewhere just because you checked the weather, nor should you need to be extremely diligent in reviewing the specific policies of each app or website you visit.

Bryon Tau, in an excerpt from his new book “Means of Control”, as published in Wired with a clarification in brackets by me:

Initially, PlanetRisk was sampling data country by country, but it didn’t take long for the team to wonder what it would cost to buy the entire world. The sales rep at UberMedia provided the answer: For a few hundred thousand dollars a month, the company would provide a global feed of [the location of] every phone on earth that the company could collect on. The economics were impressive. For the military and intelligence community, a few hundred thousand a month was essentially a rounding error — in 2020, the intelligence budget was $62.7 billion. Here was a powerful intelligence tool for peanuts.

Locomotive, the first version of which was coded in 2016, blew away Pentagon brass. One government official demanded midway through the demo that the rest of it be conducted inside a SCIF, a secure government facility where classified information could be discussed. The official didn’t understand how or what PlanetRisk was doing but assumed it must be a secret. A PlanetRisk employee at the briefing was mystified. “We were like, well, this is just stuff we’ve seen commercially,” they recall. “We just licensed the data.” After all, how could marketing data be classified?

Government officials were so enthralled by the capability that PlanetRisk was asked to keep Locomotive quiet. It wouldn’t be classified, but the company would be asked to tightly control word of the capability to give the military time to take advantage of public ignorance of this kind of data and turn it into an operational surveillance program.

In the where are they now? vein, UberMedia was acquired by Near, a name you might recognize from recent coverage of how its data was used to target visitors to abortion clinics. Sen. Ron Wyden has requested (PDF) an investigation from the FTC and SEC; the former has been on a roll settling data broker and privacy violations.

Mark Gurman, Bloomberg:

Apple Inc. is canceling a decade-long effort to build an electric car, according to people with knowledge of the matter, abandoning one of the most ambitious projects in the history of the company.

2023 California testing reports, made public earlier this month, showed Apple had been running its cars more than ever. In hindsight and with the context of this news, it looks from the outside like all that was a last-chance effort to assess the likelihood of the project’s success.

This must be devastating for a lot of employees. It is also a testament to Apple’s lack of comment regarding unreleased products. Tim Cook disclosed a little about the company’s efforts in self-driving, though this minor acknowledgement would have come anyway because of those mandatory reports. But because Apple was not, officially, developing a car, it does not need to say anything about the project’s future. Difficult internally, I am sure, but easy in public.

I have to say I am looking forward to the inevitable tell-all article or book. Also, how much do you think Apple wants for the track?

What people with Big Business Brains often like to argue about the unethical but wildly successful ad tech industry is that it is not as bad as it looks because your individual data does not have any real use or value. Ad tech vendors would not bother retaining such granular details because it is beneficial, they say, only in a more aggregated and generalized form.

The problem with this argument is that it keeps getting blown up by their demonstrable behaviour.1 For a recent example, consider Avast, an antivirus and security software provider, which installed to users’ computers a web browser toolbar that promised to protect against third-party tracking but, in actual fact, was collecting browsing history for — and you are not going to believe this — third-party tracking and advertising companies on behalf of the Avast subsidiary Jumpshot. It was supposed to be anonymized but, according to the U.S. Federal Trade Commission, this “proprietary algorithm” was so ineffective that Avast managed to collect six petabytes of revealing browsing history between 2014–2020. Then, it sold access (PDF):

[…] For example, from May 2017 to April 2019, Jumpshot granted LiveRamp, a data company that specializes in various identity services, a “world-wide license” to use consumers’ granular browsing information, including all clicks, timestamps, persistent identifiers, and cookie values, for a number of specified purposes. […]

One agreement between LiveRamp and Jumpshot stated that Jumpshot would use two services: first, “ID Syncing Services,” in which “LiveRamp and [Jumpshot] will engage in a synchronization and matching of identifiers,” and second, “Data Distribution Services,” in which “LiveRamp will ingest online Client Data and facilitate the distribution of Client’s Data (i.e., data segments and attributes of its users associated with Client IDs) to third-party platforms for the purpose of performing ad targeting and measurement.” These provisions permit the targeting of Avast consumers using LiveRamp’s ability to match Respondents’ persistent identifiers to LiveRamp’s own persistent identifiers, thereby associating data collected from Avast users with LiveRamp’s data.

We know these allegations due to the FTC’s settlement — though, I should say, these claims have not been proven, because Avast paid a $16.5 million penalty and said it would not use any of the data it collected “for advertising purposes”. The caveat makes this settlement feel a little incomplete to me. While there are other ways aggregated personal data can be used, like in market research, it does not seem Avast and Jumpshot were all that careful about obtaining consent when this software was first rolled out. When they did, the results were predictable (PDF):

Respondents had direct evidence that many consumers did not want their browsing information to be sold to third parties, even when they were told that the information would only be shared in de-identified form. In 2019, when Avast asked users of other Avast antivirus software to opt-in to the collection and sale of de-identified browsing information, fewer than 50% of consumers did so.

I am interpreting “fewer than 50%” as “between 40–49%”; if 18% of users had opted in, I expect the FTC would have said “fewer than 20%”. Most people do not want to be tracked. For comparison, this seems to be at the upper end of App Tracking Transparency opt-in rates.

I noted the LiveRamp connection when I first linked to investigations of Avast’s deceptive behaviour, though it seems Wolfie Christl beat me to the punch in December 2019. Christl also pointed out Jumpshot’s supply of data to Lotame, something the FTC also objected to. LiveRamp’s whole thing is resolving audiences based on personal information, though it says it will not return this information directly. Still, this granular identity resolution is not the kind of thing most people would like to participate in. Even if they consent, it is unclear if they are fully aware of the consequences.

This is just one settlement but it helps illustrate the distribution and mingling of granular user data. Marketers may be restricted to larger audiences and it may not be possible to directly extract users’ personally identifiable information — though it is often trivial to do so. But it is not comforting to be told collected data is only useful as part of a broader set. First of all, it is not: there are existing albeit limited ways it is possible to target small numbers of people. Even if that were true, though, this highly specific data is the foundation of larger sets. Ad tech companies want to follow you as specifically and closely as they can, and there are only nominal safeguards because collecting it all is too damn valuable.


  1. Well, and also how weird it is to be totally okay with collecting a massive amount of data with virtually no oversight or regulations so long as industry players pinky promise to only use some of it. ↥︎

When I linked to Tim Burke’s indictment yesterday, I compared the ridiculousness of the case to Josh Renaud’s near-indictment for viewing the source of a webpage. I missed an obviously more analogous and equally outrageous case: that of Aaron Swartz.

Sarah Jeong, of the Verge,

[…] Swartz was prosecuted for scraping JSTOR, a paywalled academic database that could be freely accessed on MIT’s campus network. Theoretically, his access began to “exceed authorization” when he signed into the network as Gary Host (G. Host, or Ghost), and then when, after campus IT attempted to block his computer for excessive server requests, he spoofed his DNS.

These are disproportionate consequences for actions which are, at worst, mischievous, not criminal. And we need a little mischief.

Online privacy isn’t just something you should be hoping for – it’s something you should expect. You should ensure your browsing history stays private and is not harvested by ad networks.

By blocking ad trackers, Magic Lasso Adblock stops you being followed by ads around the web.

Magic Lasso Adblock screenshot

It’s a native Safari content blocker for your iPhone, iPad, and Mac that’s been designed from the ground up to protect your privacy.

Rely on Magic Lasso Adblock to:

  • Remove ad trackers, annoyances, and background crypto-mining scripts

  • Browse common websites 2.0× faster

  • Double battery life during heavy web browsing

  • Lower data usage when on the go

So, join over 280,000 users and download Magic Lasso Adblock today.

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

Justin Garcia, Dan Sullivan, Jay Cridlin, and Olivia George, Tampa Bay Times:

Tampa media consultant Tim Burke was charged Thursday with 14 federal crimes related to alleged computer hacks at Fox News.

[…]

According to the indictment, Burke and an unnamed person used “compromised credentials” to access and save protected commercial broadcast video streams, then disseminate specific clips after taking steps to mask where they came from and how they were obtained.

The indictment, thankfully embedded by the Times, makes it sound like Burke was some master hacker. But in an interview with Mathew Ingram of Columbia Journalism Review, Burke’s defence attorney Mark Rasch has a different explanation:

Here’s what we know: Fox News does the Kanye West–Tucker Carlson interview. They broadcast two hours of it. At the same time, Fox, like many other broadcasters, are livestreaming continuously to many different entities — to their affiliates, and so on — and these live feeds are in high definition and encrypted. But at the same time, they are also broadcasting low-definition, unencrypted feeds. They’re internet addressable, with no user ID and password required. All you need to know is the URL.

There are third-party sites that transmit these live feeds as a service. They have password-protected websites. And in this case, somebody on the internet provided Tim with the publicly posted user ID and password for a demo account on one of these services that are used by broadcasters. So Tim logs in to the site, and the site automatically downloads to his computer a list of all the livestreams on the site. The important thing to note here is that those livestreams did not require a user ID and password to access them, just a URL.

If this is as described, it is as idiotic to treat Burke as a criminal it was for Missouri Governor Mike Parson to go after a journalist who viewed the source of a webpage and reported it was leaking teachers’ Social Security Numbers. Charges were not filed in that case but the prosecutor left dangling a suspicion that it was still illegal. Now, there is Burke being charged with fourteen counts for similarly bogus reasons, and questioning whether what he does is actually journalism. It is nonsense.

Oh, and there is a Vice connection.

Alexander Saeedy and Alexandra Bruell, Wall Street Journal:

Vice Media said it would stop publishing content on its flagship website and plans to cut hundreds of jobs, following a failed effort by owner Fortress Investment Group to sell the embattled digital publisher and its brands.

From the internal memo sent by Bruce Dixon, Vice CEO:

We create and produce outstanding original content true to the Vice brand. However, it is no longer cost-effective for us to distribute our digital content the way we have done previously. Moving forward, we will look to partner with established media companies to distribute our digital content, including news, on their global platforms, as we fully transition to a studio model. As part of this shift, we will no longer publish content on vice.com, instead putting more emphasis on our social channels as we accelerate our discussions with partners to take our content to where it will be viewed most broadly.

The way Vice has “distributed [its] digital content […] previously” is by having a website. That it is not “cost-effective” to run a website is creating rumours that it is about to be shuttered without any real effort at preservation.

This is a real shame; Vice had some of the best privacy and security coverage in the industry. I am sure I have referenced the site’s work at least dozens of times. Its record is imperfect, especially recently, but it has published solid, creative reporting for decades. Four of its former writers founded 404 Media last year, and other have found new gigs. Still, if all these articles disappear from everywhere but the Internet Archive, it will be a deep loss.

Apple, in a post credited to Security Engineering and Architecture:

Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.

Do note, as you read through this post, that the different security levels shown are an Apple invention, not an industry standard.

This sounds like a huge leap forward — a way of cryptographically securing today’s data on today’s devices against future threats from future computers. It is both an affirmation of Apple’s dedication to even hypothetical security threats, and a political statement.

Yet I am left with many questions. Apple says this protocol will begin rolling out with the public releases of iOS 17.4, iPadOS 17.4, MacOS 14.4, and WatchOS 10.4 — missing from that list is VisionOS, though I am not sure I should read anything into that — but it is not clear to me if these operating systems are required for PQ3 encryption. In other words, if a device has not been updated or cannot be updated to these software versions, does that preclude messages from being encrypted using this protocol? If so, that might be true of all iMessage contacts, and it does not appear there is any way of knowing which encryption protocol is being used.

Furthermore, is this protocol defeated by regular iCloud backups — those to an account without Advanced Data Protection — through the same loophole as existing iMessage end-to-end encryption? It does not seem to me that Apple’s goal has ever been to entirely prevent law enforcement access. But it is notable if all this protection against quantum computer decoding is also capable of being defeated by legal demand or, indeed, legal threat. Even so, I have a hunch how this news will be received by anti-encryption authorities.

These are among the many questions I have for Apple, and I expect to hear more as this update approaches its release. However, I do not think I will get an answer to the thing I am most curious about: is a protocol similar to PQ3 going to be used by Apple to secure other end-to-end encrypted data against future threats? It would make sense.

When I bought my mid-2017 iMac, I had assumed I would get eight to ten years of updates from it, similar to my mid-2012 MacBook Air. Alas, just four years after it was on my desk, Apple deemed it unworthy of running MacOS Sonoma, which means I have begun looking at desktop replacements on a slightly more urgent timetable. Not today, mind you, and hopefully not for a while — but my desk will need something new eventually.

And it will be very different because Apple now only makes one iMac. The 27-inch model used to fill an in-between prosumer role for those who needed more power, but could not afford or justify something like the Mac Pro.1 It has been an ideal computer for me, and I want to at least match it spec-for-spec: a 27-inch display, top-of-the-line CPU, 1 TB of internal storage, and 64 GB of RAM. Mine cost CAD $3,750, with two caveats:

  1. I bought it refurbished, which saved me CAD $350.

  2. I got the best spec I could in every way except storage — a terabyte is fine for me — and RAM, which I left at the base 16 GB configuration. I then paid CAD $346 from Amazon for 64 GB of RAM, which I was able to install myself.

    One might protest, saying this is an unfair comparison, to which I would respond: yes, that is kind of the point. There is no longer an option to install aftermarket upgrades of any kind, which means Apple should give users a reason to trust its pricing.

For complete fairness, however, I will compare only new non-refurbished prices, and I will use U.S. dollars to prevent currency conversion issues. If I had bought this computer in this spec from Apple in a not-refurbished state, in the United States, it would have cost me USD $4,500. (For the record, $1,400 of that cost is from upgrading the stock 16 GB of RAM to 64 GB. This was robbery even by 2017 standards.)

Ideally, I will be able to match the price I paid for my iMac and, to be even fairer, I will adjust for inflation: about USD $5,500 is my target. So let us start with the simplest issue: the display.

Since the iMac of today is no longer viable due to its single size, my contenders are the Mac Mini, the Mac Studio, and the Mac Pro. All of these will require an external display, and if I want to match my iMac’s 5K Retina display, the choices are infamously poor. Aside from Apple’s Studio Display, there are two other options: LG’s UHD UltraFine and Samsung’s ViewFinity S9. The LG monitor is $1,300 and, as I understand it, still unreliable, while the Samsung is the same price as Apple’s at $1,600. Since I would likely end up with either of the latter, my target computer costs $3,900 or less.

I can write off the Mac Pro because it starts at $7,000, even though its base spec satisfies my requirements. With a Studio Display, the total bill is nearly double what my iMac would have cost. The Mac Mini is no good, either, because its RAM ceiling is just 32 GB. Please do not send me email about how 32 GB of Apple’s special memory is equivalent to 64 GB of standard RAM.

That leaves the Mac Studio. The model with the best Ultra system-on-a-chip comes standard with the RAM and storage spec I want, but it is $5,000. With a display, it will be over a thousand dollars above my inflation-adjusted target. But hang on, because the CPU upgrade is $1,000 on its own; with the base Ultra SoC, I am just above the inflation-adjusted budget. That is close enough for my books, and a surprising result: you can now get the second-best SoC available on any Mac with a display for basically the same as the highest-end 2017 iMac.

Remember, too, that the iMac I bought was nowhere near the fastest model Apple introduced in 2017 — that was the iMac Pro, which started at $5,000, but with 32 GB of RAM. Upgrading that to 64 GB would have cost $800, and I have not even factored in inflation. The spiritual successor to the iMac Pro is probably the Mac Studio with an Ultra SoC, and it is less expensive at the same spec — including a display — than the iMac Pro used to be.

Perhaps that makes the Mac Studio with the Max SoC the successor to the 27-inch high-spec iMac models. As of writing, a Mac Studio configured with 64 GB of RAM, a 1 TB SSD, and the best Max SoC available is $2,800. Add a display, and you are looking at a setup $100 less expensive than the non-inflation-adjusted list price of my iMac.

These are all expensive computers, and I still think Apple charges way too much for RAM — though at least upgrading from 32 to 64 GB is now just $400. But this is a way better situation than I had expected. I thought I would be in a very difficult buying situation when it comes time to replace my beloved iMac without a direct equivalent. But writing this article as a way of working out my options has me feeling pleasantly surprised.

Now just wait a moment as I take a sip of water and look at the pricing in the Canadian store.


  1. If you are a little bit old, you may remember a time when the performance Mac tower was almost affordable. The Power Mac G5, for example, started at USD $2,000, and the highest standard configuration was $3,000. Adjusted for inflation, that is under $5,000 for Apple’s highest-performance Mac. ↥︎

Bryan Carney, the Tyee, March 2019:

The RCMP has been quietly running an operation monitoring individuals’ Facebook, Twitter, Instagram and other social media activity for at least two years, The Tyee has learned.

[…]

“There is a position taken that this is public information and does not constitute private information, and that is an inaccurate assessment of the way that Canadian law assess public and private in this country as far as I’m concerned,” he [Chris Parsons of Citizen Lab] said.

Carney, of the Tyee, in a November 2020 followup article:

A 3,000-page batch of internal communications from the RCMP obtained by The Tyee provides a window into how the force builds its capabilities to spy on internet users and works to hide its methods from the public.

[…]

Back on Dec. 28, 2016, the RCMP ordered “optional goods” — extra software and features — in a Babel X contract found in the documents, but the list was blanked out. No contract or procurement documents naming Babel X appeared on Public Services and Procurement Canada websites until 2020.

Last year, the U.S. Office of the Director of National Intelligence published a report acknowledging it collects vastly more information than it needs for immediate investigative purposes.

Philippe Dufrense, Privacy Commissioner of Canada, in the introduction to a similarly scathing report about the RCMP’s Project Wide Awake program, published Thursday:

These issues are at the heart of the Office of the Privacy Commissioner of Canada’s (OPC) investigation into the Royal Canadian Mounted Police’s (RCMP) Project Wide Awake initiative.

The initiative uses privacy impactful third-party services to collect personal information from a range of sources, including social media, forums, the dark web, location-based services and fee-for-access private databases. The data is used for a variety of policing purposes, including investigating suspected unlawful activity, locating missing persons, identifying suspects, detecting threats at public events attended by high-profile individuals, and maintaining situational awareness during an active situation.

The OPC’s investigation identified concerns related to both accountability and transparency, namely that the RCMP did not take the necessary steps to ensure that the personal information collection practices of all of its service providers were compliant with Canadian privacy law.

The Commissioner found possible violations of privacy law, particularly with the use of Babel X, and says the office made three specific recommendations, “none of which were accepted by the RCMP”. Alas, this office has little recourse; Facebook and Clearview could simply ignore the results of similar investigations.

It is that time of year again. A panel of smart people, and also me, have completed Jason Snell’s annual survey of how we think Apple is doing when it comes to products, services, and social obligations.

The grades I gave were generally aligned with the rest of the panel — just look at that steep drop in the iPad’s grade, for good reasons. Where I seem to differ from many other people, based on the average grade, is in software quality.

I remain disappointed by how poorly Apple’s software often works for me. A MacOS Ventura update last year introduced a strange problem where my MacBook Pro would seize up any time HDR media was displayed, similar to problems early in the product’s release. No amount of troubleshooting fixed it until I upgraded to MacOS Sonoma which, alas, introduced new issues of its own, like notifications that sometimes fade onscreen instead of animating from the right, and text drawing problems. Smaller details, to be sure, but it all adds up to fragile experience. I routinely see graphical inconsistencies, hanging first-party applications, Siri problems, and insufficient contrast across all Apple devices I use.

My expectations are not that high. I only wish MacOS, in particular, would not feel as though it was rusting beneath the surface.

Want to experience twice as fast load times in Safari on your iPhone, iPad, and Mac?

Then download Magic Lasso Adblock — the ad blocker designed for you. It’s easy to set up, blocks all ads, and doubles the speed at which Safari loads.

Magic Lasso Adblock is an efficient and high performance ad blocker for your iPhone, iPad, and Mac. It simply and easily blocks all intrusive ads, trackers, and annoyances in Safari. Just enable to browse in bliss.

Magic Lasso screenshot

By cutting down on ads and trackers, common news websites load 2× faster and use less data.

Over 280,000+ users rely on Magic Lasso Adblock to:

  • Improve their privacy and security by removing ad trackers

  • Block annoying cookie notices and privacy prompts

  • Double battery life during heavy web browsing

  • Lower data usage when on the go

And unlike some other ad blockers, Magic Lasso Adblock respects your privacy, doesn’t accept payment from advertisers, and is 100% supported by its community of users.

With over 5,000 five star reviews, it’s simply the best ad blocker for your iPhone, iPad, and Mac.

Download today via the Magic Lasso website.

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

James Moore, Open Web Advocacy:

We have been alerted that Apple has broken Web App (PWA) support in the EU via iOS 17.4 Beta. Sites installed to the homescreen failed to launch in their own top-level activities, opening in Safari instead. This demotes Web Apps from first-class citizens in the OS to mere shortcuts. Developers confirmed the bug did not occur outside the EU.

Apple:

The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

Michael Tsai:

Apple had two years or so to prepare for the DMA, but they “had to” to remove the feature entirely (and throw away user data) rather than give the third-party API parity with what Safari can do. I find the privacy argument totally unconvincing because the alternative they chose is to put all the sites in the same browser. If you’re concerned about buggy data isolation or permissions, isn’t this even worse?

Manton Reece:

Apple repeatedly talks about these “600 new APIs” as if it is a favor to developers, but it was Apple’s choice to handle it this way. For example, to comply with the DMA’s requirements on sideloading or marketplaces, Apple could’ve chosen a system similar to installing apps from TestFlight. This would require zero new APIs for developers, just as TestFlight itself has no new APIs when building a beta version of your app.

Apple created the new APIs — a significant number in MarketplaceKit alone — so that they would have control over distribution. By both reviewing marketplaces and requiring that marketplaces use new APIs to install apps, Apple can track app install numbers, allowing them to invoice developers the new €0.50 Core Technology Fee. The new APIs help Apple, not developers.

Apple has long promoted web apps as an open and free — as in speech — alternative to the more restrictive policies of the App Store. No matter why Apple made this decision, it is trading the inherently competitive web for third-party browser engines and app distribution for reasons that, as Reece explains, are difficult to believe.

To be clear, web apps will still work in the E.U. because, well, they are websites. But the gulf between them and native apps will be wider than it is elsewhere since none of the six hundred new APIs are for making Progressive Web Apps work with third-party browser engines.

OpenAI:

We explore large-scale training of generative models on video data. Specifically, we train text-conditional diffusion models jointly on videos and images of variable durations, resolutions and aspect ratios. We leverage a transformer architecture that operates on spacetime patches of video and image latent codes. Our largest model, Sora, is capable of generating a minute of high fidelity video. Our results suggest that scaling video generation models is a promising path towards building general purpose simulators of the physical world.

I am linking to the research page for Sora; the overview page has other examples but is less descriptive. Unfortunately, reading this research is difficult because, for me in Safari, the many lazy loading embedded videos cause the scroll position to move around unexpectedly.

The products of Sora are far more impressive than this janky webpage suggests. It is hard not to be in awe of how far these systems have progressed and what they are now able to do — from whole-cloth generation to more nuanced examples like extending the runtime or changing a video’s setting.

Oliver Darcy, in CNN’s Reliable Sources newsletter, asked Meta what it meant by “political” posts:

The Meta spokesperson, instead, offered this vague statement: “Informed by research, our definition of political content is content likely to be about topics related to government or elections; for example, posts about laws, elections, or social topics. These global issues are complex and dynamic, which means this definition will evolve as we continue to engage with the people and communities who use our platforms and external experts to refine our approach.”

The statement only raised more questions than answers. A lot can be categorized under the banner of “social topics.”

Even though Adam Mosseri said people will still see posts from users they follow regardless of whether they contain some undefinable “political” topics, I have seen plenty of questions about the likelihood of this ranking change affecting all “political” posts. It is a fair concern, especially since there is no way for Threads to default to showing only posts from people a user follows.

A timeline based on rankings and suggestions requires a great deal of trust — something which Meta lacks. Lacking a clear definition for what is being moderated differently does not help.

Mark Gurman, Bloomberg:

Apple Inc., racing to add more artificial intelligence capabilities, is nearing the completion of a critical new software tool for app developers that would step up competition with Microsoft Corp.

The company has been working on the tool for the last year as part of the next major version of Xcode, Apple’s flagship programming software. It has now expanded testing of the features internally and has ramped up development ahead of a plan to release it to third-party software makers as early as this year, according to people with knowledge of the matter.

“Racing”, in the sense that it has been developing this for at least a year, and its release will likely coincide with WWDC — if it does actually launch this year. Gurman’s sources seem to be fuzzy on that timeline, only noting Apple could release this new version of Xcode “as early as this year”, which is the kind of commitment to a deadline a company takes if is is, indeed, “racing”.

Sixth paragraph:

Apple shares, which had been down as much 1.5%, briefly turned positive on the news. They were little changed at the close Thursday, trading at $183.86. Microsoft fell less than 1% to $406.56.

Some things never change.

Paris Marx:

After being unable to turn a profit for well over a decade, Uber seems to have finally gotten there. But it didn’t do it by building a sustainable business that benefits all its stakeholders. To get to this point, it fired thousands of workers, hiked the prices for its millions of customers, and further turned the screws on the people most important to its business: the drivers and delivery workers. They need to suffer so investors can get a $7 billion share buyback and a maybe even a dividend.

Uber only seems to work financially if it behaves less like an aspirational tech company and more like a logistics broker flexing its leverage.

Alfred Ng, Politico:

A company allegedly tracked people’s visits to nearly 600 Planned Parenthood locations across 48 states and provided that data for one of the largest anti-abortion ad campaigns in the nation, according to an investigation by Sen. Ron Wyden, a scope that far exceeds what was previously known.

[…]

Wyden’s letter asks the Federal Trade Commission and the Securities and Exchange Commission to investigate Near Intelligence, a location data provider that gathered and sold the information. The company claims to have information on 1.6 billion people across 44 countries, according to its website.

Scrutiny over Near Intelligence first began at the Markup before the Wall Street Journal reported how its data was used for this ad campaign.

Data brokers like Near provide the critical link that allows precise targeting for ad campaigns like this one. People are overwhelmingly concerned about the exploitation of their private data, yet have little understanding of how it works. It is hard to blame anyone for finding this industry impenetrable. That makes it easier for data brokers like Near to dampen even the most modest attempts at restricting their business and, because regulators have limited legal footing on privacy grounds, they must resort to finding procedural infractions. It is like Al Capone’s imprisonment on tax offences.

An effective privacy framework would make it more difficult for third parties to collect users’ data, would limit its use, and would require its destruction after it has served its purpose. Unfortunately, a policy like that would also destroy the data broker industry, sharply curtail Silicon Valley advertising giants, and limit intelligence gathering efforts. So, instead, users must nominally consent and pretend they — we — have meaningful control.