Written by Nick Heer.

Inside the Investigation That Took Down AlphaBay and Hansa

Andy Greenberg, author of “Sandworm”, has a new book out called “Tracers in the Dark” about the new investigative techniques to find criminals who use Tor and cryptocurrencies. Over the past month and a half, Wired has dripped out a lengthy excerpt from the book. The final part was published this week and I spent today reading the whole thing in full.

It leaves much to think about. There are huge ethical questions with unsatisfying answers. For example, Hansa was secretly operated by Dutch police for about a month before it was shut down. But when Greenberg asked investigators whether they had any qualms about facilitating thousands of drug sales, they seemed to give it little thought.

Nevertheless, it is an extraordinary look into a large and expertly coordinated investigation of a modern-day drug market kingpin, well narrated by Greenberg. I was a big fan of “Sandworm”, and I am looking forward to this book becoming available for me at my library.

Apple’s Advertising Spend on Twitter

I made a mistake. In my piece about the first month of Twitter’s new ownership at the hands of someone who is, at best, an unreliable narrator of his own reality, I did not add the word “alleged” to the phrase “Apple’s reduced advertising spend”. For some unknown reason, I decided that was the one claim I could take literally, even though the person making that claim is, at best, an unreliable narrator of his own reality.

Thomas Germain, Gizmodo:

The data contradicts Musk’s claims that the iPhone maker “mostly stopped advertising on Twitter.” Apple’s Twitter advertising purchases actually grew from October to November, Pathmatics’ research showed. Apple spent $1,005,784 on Twitter ads in the first 28 days of November, already more than that company’s October budget of $988,523, according to the analytics firm.

Yesterday, Musk said during a Twitter Spaces broadcast that Apple had “fully resumed” its advertising spend, just days after he claimed it had “mostly stopped” its Twitter ads. Neither of these claims is believable and I regret the error on my part.

Update: Ryan Mac, Mike Isaac, and Kate Conger of the New York Times report Apple paused its Twitter ad spending on November 19 following the mass murder at Club Q. This pause was over a week before Musk complained, and Pathmatics’ analysis indicates Apple’s spending from November 1 through when it paused spending was still higher than that of the previous month.

Apple Continues to Tease Lossless Support in Future AirPods

Kashfia Kabir, What Hi-Fi?:

And the longer it goes on, the more the question needs repeating. Is hi-res audio a priority for Apple?

[AirPods engineer Esge] Andersen remains coy, saying that while audio quality is always a priority, “it is important to understand that we can still make big strides without changing the codec. And the codec choice we have there today, it’s more about reliability. So it’s about making something robust in all environments.”

Lossless support was rumoured for the second-generation AirPods Pro models since Bluetooth 5.0 is capable of 16-bit, 44.1 kHz streaming. But Apple Music streams files up to 24-bit and 192 kHz. Even if it is not possible to hear the difference with human ears, I am sure Apple would love to be able to say some version of its AirPods stream bit-perfect high-resolution audio — eventually.

The Twitter Fizzle

Todd Spangler, in a mess of a Variety article:

The new disclosures, touted as “The Twitter Files,” were posted in a lengthy Twitter thread by investigative reporter and author Matt Taibbi (and retweeted by Musk). It’s based on “thousands of internal documents obtained by sources at Twitter,” according to Taibbi — shared with him, it would appear, with the blessing of Musk, the conservative tech mogul who is the world’s richest person.

In his newsletter, Taibbi said the process which produced this thread began four days prior and acknowledged he “had to agree to certain conditions” to cover it. Presumably, two of those conditions were to tweet his findings instead of putting them behind a paywall in his newsletter, and to not acknowledge Musk as the source of these documents.

If you are blessedly unaware of the backstory for Taibbi’s supposed blockbuster thread, Andrew Rice and Olivia Nuzzi reported it out back in September in New York magazine, except without nearly as much drama. Or you can read the story from Kate Conger and Mike Isaac, published in the NYT two days after the New York Post published its story about Hunter Biden’s laptop. Taibbi’s thread today backfilled context from Twitter’s side, but it does not undermine past reporting on Twitter’s decision.

But you might not know that if you read Spangler’s story:

“Twitter took extraordinary steps to suppress the story, removing links and posting warnings that it may be ‘unsafe,’” Taibbi wrote. “They even blocked its transmission via direct message, a tool hitherto reserved for extreme cases, e.g. child pornography.”

This is untrue by omission. As Micah Lee has repeatedly written, Twitter has used this tool to prevent distribution of Distributed Denial of Secrets materials. Under the same policy, it briefly blocked links to the Post story — which is what it said at the time — before lifting the block. This appears to be a rare demonstration of consistency in moderation. But it does not block Wikileaks links, raising questions about why DDoSecrets continues to be prohibited.


Musk, commenting on the reaction to the “Twitter Files,” tweeted, “Twitter acting by itself to suppress free speech is not a 1st amendment violation, but acting under orders from the government to suppress free speech, with no judicial review, is.”

What Musk is referring to here is that someone on Biden’s campaign team emailed Twitter with links to tweets containing nonconsensual nude images of Hunter Biden and others. There was almost no context in the email Taibbi published, and he did not add any aside from saying it was sent by a Biden staffer. But — and I cannot believe I need to say this, but — it matters what was in the tweets! The publication of nonconsensual or “revenge” pornography has long been prohibited on Twitter, and it is illegal in many regions. The removal of these specific tweets is not some kind of mysterious coverup.

What Musk does not say — and Spangler does not clarify — is that this entire ordeal took place before the presidential election. When these tweets were reported by Biden staff members, they were not acting as government officials. Twitter’s ability to decide whether to take action against its users and its internal processes for doing so is exercising its free speech in both law and spirit.

Perhaps the biggest wet blanket in Taibbi’s thread was his confirmation that government representatives were not involved in any moderation decisions around this story. Some staff members at Twitter decided all on their own that the Post story ran afoul of the site’s rules in a way that made sense at the time, and then some others raised questions about the decision, and then it was reversed. All of this was known already and was admitted by the company’s representatives.

Taibbi says tonight’s thread is just the first reporting he will do based on the documents leaked to him by Musk or someone acting on his behalf. I am sure there are people waiting for some smoking guns that prove some kind of specific political moderation bias, though one has yet to be seen in Twitter’s moderation decisions. I am certain there are going to be some embarrassing conversations in those files, especially for people who still work at Twitter and whose internal communications appear to have been unceremoniously dumped in the lap of a writer by the company’s new owner. But this thread? It is a mildly interesting distraction from Twitter’s current and much bigger problems.

I feel the worst for Hunter Biden, whose private struggles are treated by the worst kind of people as fodder for winning the political meme war. If the most serious allegations are true, which imply corruption of his now-President dad, that is a different story. For now, it is simply an exploitative and dehumanized glimpse into the darkest parts of his life.

Andreessen Horowitz Stops Producing Marketing Gunge at Future.com

Hey, remember Future — the kind with an uppercase F? It launched last June as a way for Andreessen Horwitz to promote its investment activities, almost explicitly:

“We want to write about stuff we know and that we invest in,” says [Margit] Wennmachers. This includes topics like crypto, biotech, fintech and real-estate, which all have dedicated partners at the firm.

Wennmachers’s job title at A16Z is “Operating Partner, Marketing” and was part of Future’s leadership. At the time of its launch, she said it was a long-term investment and effort, and I suppose fifteen months is long-term by somebody’s standards.

Rob Price and Melia Russell, Insider:

Future hasn’t published a new article in months, most of its editorial staffers have left, and its newsletter is defunct. A source familiar with Andreessen Horowitz’s content strategy confirmed to Insider that Future is shutting down.


Andreessen Horowitz remains committed to “going direct” and plans to continue to crank out content at a regular cadence, a person familiar with the firm’s content strategy said, but such material will live on its main website instead. A16z concluded over the past year that it wasn’t worth spending the time and energy building a new, separate brand given the firm’s prominence, the person added.

Jeff John Roberts, Fortune:

[…] As several people in Silicon Valley have told me, the firm wants to be another William Morris talent agency that mints celebrities—but with a client base composed of tech geeks and crypto oddballs rather than singers and actors. […]

For more on A16Z’s political and cultural ambitions, see last week’s Fortune feature by Eric Newcomer and Jessica Mathews.

Google Is Rolling Out ‘Side Rail’ Ads in Two Weeks

Thomas Germain, Gizmodo:

Sure, the internet is great, but it has a serious flaw. There just aren’t enough ads. If you’re anything like me, you spend your time online casting your eyes across the screen, desperately hoping for another way to turn your attention into advertising revenue. At last, there’s some good news on that front, thanks to our hardworking friends in the tech industry. Starting December 23rd, Google is launching a new ad format called called “side rails” that will use show up on the sides of webpages and keep you company as you scroll.

According to Google’s documentation, these ads will actually begin appearing December 13, and they will automatically be switched on for any AdSense user who also uses anchor ads. All I want for Christmas this year is to make the web harder to read and, by golly, will Google deliver.

Wordle Answers Are Now Preselected Instead of Randomized

Everdeen Mason, New York Times:

Now we can shift our work to editing the puzzle. Tracy Bennett, who joined The Times as an associate puzzle editor in 2020, will be the editor of Wordle. The game will have a Times-curated word list and will be programmed and tested like the Spelling Bee and the Crossword.

This includes themed answers, like last week’s DRIVE and FEAST which were chosen for American Thanksgiving. If there is one thing Wordle players wanted, it is for the Times to strip away the randomized fun and inject a serious sense of predictability.

Google Still Preserves Records of Sensitive Location Searches

Johana Bhuiyan, the Guardian:

The tech advocacy group Accountable Tech conducted an experiment in August and October to test Google’s pledge. Using a brand new Android device, researchers with the group analyzed their Google activity timeline, where the company shows what information is logged about an account holder’s actions. This activity helps make Google’s services “more useful” to users, according to the company – for instance, by “helping you rediscover the things that you’ve searched for, read and watched”. However, any information collected by Google is potentially subject to law enforcement requests, including the data logged in “My Activity”.

The group found that searches for directions to abortion clinics on Google Maps, as well as the routes taken to visit two Planned Parenthood locations, were stored in their Google activity timeline for weeks after it occurred. At the time of this article’s publication, the information was still stored and available at myactivity.google.com.

Not exactly surprising but still worrisome. In a narrower scope, it points to Google’s confusing mess of privacy settings, in which it treats location privacy as separate from searches and directions in Google Maps. The best thing you can do right now, regardless of who you are or what you think you will search for in the future, is to turn off Web and App Activity.

If you widen the scope, though, it is obvious such controls should not be left up to individual users to figure out, nor should it the decision of specific data brokers whether to retain or flush sensitive information. This is a systemic issue that requires a systemic legislative response.

Extension of Copyright Law in Canada Will Take Effect on December 30, Threatening Public Domain

Andrea Mills, of Internet Archive Canada:

With the passing of Bill C-19 this past June, the Copyright Act was amended to extend the term of copyright for literary, dramatic or musical works and engravings to life of the author plus a period of 70 years following the end of the calendar year in which that author dies. What was unclear at the time of royal assent was WHEN exactly this would come into force — if on or after January 1, 2023, one more year of works would enter the public domain. Unfortunately, we now know that this date has been fixed as December 30, 2022, meaning that no new works will enter the Canadian public domain for the next 20 years.

At the time, the Minister of Justice prepared a customary statement summarizing the likely effects of the bill, and blamed these changes on the 2018 revisions to NAFTA:

This legislation implements one of Canada’s obligations under the Canada–United States–Mexico Agreement, is consistent with that of many other nations, and may support Canadian creators in the international marketplace.

Timothy Vollmer of Creative Commons pointed out how much this kneecaps the public domain and threatens new creative works. A disappointing development, to be sure.

MacBook ‘Butterfly’ Keyboard Class Action Settlement Receives Preliminary Court Approval

According to a filing today in the “butterfly” keyboard lawsuit, the class action settlement has been approved. If you are part of the class — that is, a U.S. buyer of a 2015–2019 MacBook, MacBook Air, or MacBook Pro model, and you had the keyboard repaired or a keycap replaced — you will receive your notice beginning December 12.

I am writing this in part to once again express my dismay that this suit was settled before substantial information was made public about this keyboard’s development and failure rate. I am sure there is an interesting story here. This specific era of Mac hardware made for a frustrating time to be an Apple customer, and it would be cathartic to understand it more deeply. I hope someone will tell it.

One Wild Month

We are officially one month into Elon Musk’s ownership of Twitter. One month of needlessly cruel layoffs, of cozying up to far right goons, of uncertainty about the direction my favourite bar is taking. It is under new management which thinks few people are unwelcome to stay regardless of their behaviour, and fired most of the bouncers so there are fewer people keeping an eye out for things that drive others away. At best, he is spineless. At worst, he is enabling and even welcoming terrible people; that is certainly how they read it.

Is it any wonder advertisers are reportedly spooked?

Now he has decided to take on what used to be his biggest advertiser after they, in the words of Musk, “threatened to withhold Twitter” from the App Store, apparently without explanation. But it does not take a close Apple watcher to speculate on why it would be newly concerned about the Twitter app: it requires all apps which permit user submissions to have functional filtering, blocking, and reporting mechanisms. This is not a mystery. Apple is probably — understandably — worried about Musk’s statements and the laying off of thousands of moderators. In fairness, Twitter does not have a spectacular track record of ridding its platform of even the most heinous material but, also in fairness, eliminating all but one person tasked with removing CSAM in the world’s most populous region will make it harder to solve this problem, despite claims to the contrary.

Musk framed Apple’s reduced advertising spend as an attack on free speech. That is a wild accusation to throw at a company that, as Jason Koebler at Vice pointed out, twice challenged the FBI when the Bureau attempted to compromise encryption. Apple’s control of native app distribution on iOS devices means it is uniquely positioned to influence acceptable limits of speech and, as Musk also complained about today, it extracts fees from digital businesses. Those are also concerning factors — ones which I have repeatedly writen about. But Musk has no credibility in framing its ad spending as a free speech issue.

Of note, Twitter has also been a staunch defender of free speech. This bar I love has long been home to anonymous users and a crack legal team pushing back against worldwide interference. It has also established internal boundaries to try to improve the comfort of its guests. Many of the people making those decisions have been pushed out, replaced by people more obedient to the whims of an owner who believes none of that is necessary. He says he will comply with regulators while laying off staff responsible for that. This bar is filling up with assholes who are making many of us uncomfortable and driving some away. Hopefully, the new spot can fill the void. Even so, it still feels like a loss.

The Early Years of Digital Cinema, From Some of the People Who Made It

Samuel Wigley of the British Film Institute:

An HD cam filming driver-passenger conversations from the dashboard – an impossible space to fit one of your old-school movie cameras (Abbas Kiarostami’s 10). An unbroken 90-minute take gliding through St Petersburg’s Hermitage Museum – an impossible length of time to capture in one go on 35mm (Aleksandr Sokurov’s Russian Ark). A nine-hour documentary that embeds us in the slow decline of a Shenyang industrial district, all shot by a crew of one (Wang Bing’s West of the Tracks). In the spring of 2002, Attack of the Clones wasn’t the only world premiere using digital cameras to recalibrate our expectations of what a film could be.

I was glad to see a brief mention of Michael Mann’s “Miami Vice”. It was shot almost entirely digitally, and its visuals now feel grainy and blocky, yet retain that Mann-specific cinematic feel.

Tesla Rolls Out ‘Full Self Driving’ Beta to All U.S. And Canadian Owners Who Specced It

Rebecca Bellan, TechCrunch:

Despite concerns, any driver who has already paid the steep price for Tesla’s FSD will be able to access the software in North America. Tesla had previously extended FSD access to 160,000 owners in the U.S. and Canada in September, and today’s widespread rollout makes good on previous promises from Musk to get FSD in every Tesla by the end of 2022.

If it is only available in North America, it does not fulfill the promise to have Full Self Driving in every Tesla this year — thankfully. Tesla owners, lured by the perennially broken promise of fully autonomous transportation and who paid up to $15,000 USD for that possibility, can now enable it even though Tesla’s autonomous systems are such a public safety hazard they are likely facing a criminal investigation.

Facebook’s Widely Viewed Content Report No Longer Looks Like the Worst of the Web

Earlier this week, Facebook released its most recent Widely Viewed Content Report, for which it still does not create unique permalinks. There is a copy on the Internet Archive for, you know, archival purposes. The Widely Viewed Links section of the report is notable for being full of celebrity gossip but, unlike previous reports, none of them were associated with scams or were removed for violating the company’s policies.

Jeff Horwitz, Wall Street Journal:

Over several months, members of Meta’s product, user-experience and integrity teams hammered out better definitions for low-quality content and agreed on ways the company could avoid amplifying it, according to the documents and people.


As part of its efforts in the new “Content Quality War Room,” the company sought to better identify what made users feel a post was trashy. The effort homed in on finding ways to measure “un-aesthetic attributes, unoriginality, low integrity, and ‘low-calorie’ content,” as one director later wrote.

While the headline on Horwitz’s article is “Facebook’s Most Popular Posts Were Trash. Here Is How It Cleaned Up.”, I would avoid drawing any specific conclusions from this single report. This is a three-month slice of, according to Facebook, 0.05% of U.S. News Feed posts. And the most viewed posts on the website are still pretty lightweight, too. This is not a collection of the finest investigative reporting or original video projects. But it is noticeably better than it used to be.

Also, please stop calling parts of your office the “war room” unless you are actually at war. The teams responsible for this are trying to make sure their platform is not amplifying Minion memes, not sending people into battle. Relax.

The Smartphone Continues to Prove Its Form Factor Perfection

David Pierce, the Verge:

Smartphones may be boring now, but that’s only because they’ve been so good for so long. As they’ve become so entrenched and ubiquitous in our lives, they’ve become even harder to disrupt. How do you beat the device that can do everything and is always with you? Battery life, I suppose. But good luck with that on your AR glasses.

The iPhone was, as Brian Mccullough put it on the tenth anniversary of the device’s announcement, “conceptually perfect”. Just about every post-iPhone smartphone has been a clear evolution of that first model in almost every single way: a device small enough to fit in your pocket but with a display for immersive applications, with a wide range of connectivity options, and a battery that lasts for about a day. It is an immersive device that does not require total immersion, unlike many of the products pitched for our future. The single biggest conceptual difference between the original iPhone and today’s smartphones is the shift of the camera as an afterthought to one of any smartphone’s key features.

None of us can predict the future. But it is difficult to imagine improving upon it with anywhere near the smartphone’s mass adoption.

Only one main issue with Pierce’s piece I see:

Amazon’s big idea about Alexa wasn’t wrong, exactly. In fact, most of the tech industry shares the ambient computing vision: a seamless network of gadgets that know you and can act on your behalf to accomplish all kinds of goals. And there are lots of Alexa devices out there in people’s homes, playing music and setting timers. But nobody’s figured out how to make ambient computing profitable.

I am not sure this is right. The two most recognizable entrants into the ambient computing space — if by “ambient computing” you mean a creepy egg — are Amazon and Google, which sell their devices at a loss — but that is their choice. They could, theoretically, price these gadgets with healthier margins. But that would likely price them out of impulse buys, into the realm of things that need more fulsome justification. And that is the real problem. The hard part of ambient computing is not making it profitable, it is making it good and compelling.

Something with no visual interface sounds amazing until you realize it is impossible to know its boundaries. You can ask for a translation to one language and it will work perfectly, but a different language is not translatable. A command that activates some smart home gadget may not work the same way for a different device. If all an egg is reliably good for is setting timers and reminding you of chores, it is no surprise that few people are likely to pay hundreds of dollars for one.

Amazon Is Gutting Alexa

Eugene Kim, Insider:

Insider spoke with over a dozen current and former employees on the company’s hardware team to get a better picture of its current condition. They described a division in crisis. While Alexa was once one of the company’s most rapidly growing projects, the mounting losses and massive job cuts underscore the swift downfall of the voice-assistant and Amazon’s larger hardware division.


Meanwhile, the first cracks in the products business model began to show. Internally, the team worried about the quality of user engagements. By then Alexa was getting a billion interactions per week, but most of those conversations were trivial, commands to play music or ask about the weather. That meant less opportunities to monetize. Amazon can’t make money from Alexa telling you the weather — and playing music through the Echo only gives Amazon a small piece of the proceeds.

I cannot put it much better than Todd in the Shadows did:

Amazon sold the Alexa as a loss leader that didn’t actually lead to anything.

We are often told technology companies are reinventing the way many of us will purchase products, but I do not buy that narrative. Before voice assistants — which would apparently result in us shopping by verbal commands — Amazon released Dash buttons. Various direct-to-consumer brands originally operated as online-only retailers, only to realize many people do not want to buy a mattress or eyeglasses without trying them in person. The COVID-19 pandemic brought with it another wave of how different the world will operate on a fundamental level.

It seems none of these predictions has fully panned out. There are many people who will continue ordering groceries with curb-side pickup, buy everything online with the understanding anything unwanted can simply be sent back, and maybe some people will yell at their speaker to send them a new box of Dutch Blitz after a particularly aggressive board game night. Most people probably will not. We will mostly continue to click “Add to Cart” and shop in stores near where we live. We should make cities more accessible and less car-centric because that helps our communities far more than pressing a button near your laundry machine to have more detergent shipped to you.

I am curious about how in-app shopping will fare in places like TikTok and Instagram. In five years, will people be buying clothes and home furnishings from the people they follow? There is no way to know, but it seems like a story we have all heard before.

Last.fm Turns Twenty

Last.fm on Twitter:

It’s our 20th birthday today . A huge thank you to everyone who supported us and scrobbled with us throughout that time. You make http://Last.fm possible. Bring on the next 20.

Via Jacob Kastrenakes at the Verge:

I was a little surprised to see that Last.fm was still around when I first started writing this story, let alone that it had new communities flourishing around its data. (The company didn’t respond to a request for an interview.) But I suppose in a world where most services close off and hide your data, there’ll always be people looking for a way to track it and analyze it themselves. And in exchange, they get the joy of arguing about music stats every day — and not just once a year when Wrapped comes out.

It is not just about the stats and the tracking — it is about what those things can do. When I re-activated my Last.fm scrobbling last spring, my goal was to pair Apple Music’s massive library with Last.fm’s more compelling listening suggestions. Keeping those things separate also makes it more portable. If I ever decide to switch to Spotify or drop my Apple Music subscription and rely only on local files again, my history and recommendations will be preserved elsewhere.

Oh, the Places Your Apple ID Will Go

Here is a short and curious Twitter thread from app developers and security researchers Tommy Mysk and Talal Haj Bakry:

Apple’s analytics data include an ID called “dsId”. We were able to verify that “dsId” is the “Directory Services Identifier”, an ID that uniquely identifies an iCloud account. Meaning, Apple’s analytics can personally identify you.

Apple states in their Device Analytics & Privacy statement that the collected data does not identify you personally. This is inaccurate. We also showed earlier that the #AppStore keeps sending detailed analytics to Apple even when sharing analytics is switched off.

Apple also refers to the DSID by other names, such as the “Apple User Account Identifier”, “Apple ID Number”, “Apple ID Reference Number”, and “Original Unique Identifier”. Based on my 2021 data request it is, as described, a proxy for a specific Apple ID. It identifies you with Apple’s services, including for things like marketing and communications efforts. I have a spreadsheet of the nearly nine hundred times me and my DSID ignored Apple’s attempts to upsell me on Apple One, a service which launched just thirteen months before I made this data request. I also have a list of all the times I contacted AppleCare and the same identifier is attached. In most, but not all, instances, this numeric identifier is the only personal identification entirely without redaction. In my records from Apple, my name, email address, Apple ID and aliases, and phone number are only shown in part.

I am not surprised Apple assigns a personal identifier for its services; Mysk and Bakry say they found the same identifier in analytics logs for the App Store, Apple Music, and other company services.1 The researchers point to Apple’s Device Analytics & Privacy document where it says in the iOS Device Analytics section that “[n]one of the collected information identifies you personally”. But this does not pertain to Apple’s services which are covered by entirely different policies. Both the App Store and Apple Music say usage information is collected. These are not device analytics, they are services analytics. How else are recommendations or search features supposed to work? If anything, I wish Apple used this information in even smarter ways: up until recently, a search for “Low” in Apple Music would always return several results related to the Flo Rida song first, which does not see any playback from me, instead of the band I often listen to. I wish those results were more tailored to my use of the service.

In fairness, perhaps the Device Analytics toggle in Settings should be worded more clearly to indicate that turning it off will not opt out of store and services activity. I am also shocked by the granularity of information in these storefront analytics. It is relevant to Apple’s recommendation engine if I listened to an album or song and whether I finished it, but it is hard to see what value it has in knowing my track playback to the millisecond. I also think the identifier used by Apple’s services should be different than the Apple ID that is correlated with your device purchase history and support requests.

Where I think things take a more concerning turn are in the logs Apple collects alongside bug reports and crashes. If I am reading the Device Analytics policy correctly, these would fall under a category of logged personal data which “is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple”. However, I am not sure that is strictly true. I downloaded the copy hosted by Apple of a sysdiagnose package sent by my MacBook Pro — which does not have a beta profile installed and is running a public non-beta version of MacOS — and found my identifier in three files. If these are in the copy I downloaded from Feedback Assistant, Apple has copies of these three files, all of which are associated with iCloud features. Because that identifier is also used in some iCloud API requests, I also spotted the same value in activity logs for third-party applications using things in my iCloud account, as well as in metadata for local copies of documents I downloaded from my drive at iCloud.com. However, I did not see this identifier in any other diagnostic report, usage logs, or other analytics on my Mac.2

I may be getting something wildly wrong here, but I am not sure I see the presence of this Apple ID proxy in Apple’s services logs to be a violation of either its own policies or users’ expectations for using internet services in general. Its highly granular analytics are more comprehensive than I think many people would believe is necessary, to an extent they violate the spirit of what Apple professes to stand for, and it would be better if this identifier were sandboxed to avoid any association with real-world activity like service requests. I do not think it is news that device analytics are not the same as services analytics, certainly not to the extent that it justifies a lawsuit.

But there is a quirk that interests me: does Apple continue to view the iPhone as a device with a unified and interconnected set of hardware, software, and services it controls at a platform level? While it is possible to use an iPhone without an Apple ID, it is not possible to use the App Store without one, and installing software outside of the App Store is officially not possible. Because of DRM, it is also not possible to sign into the App Store for the purpose of downloading a third-party app, then sign out of an Apple ID and be able to use that app. Apple may not strictly be associating someone’s use of an iPhone with a personal identifier, but it is extremely limiting to avoid using an iPhone’s features without associating with that identifier. A wall between these aspects may be overprotective, but overprotective is how Apple markets itself.

A good question is whether Apple violated privacy laws like GDPR with the use of this identifier combined with the description of the device analytics opt-out. An answer to that question is well outside my expertise.

  1. As an aside, and I do not intend this to be mean, I think it is a little funny how Gizmodo described the way Mysk and Bakry gathered information on the analytics Apple collects: “they used a jail broken iPhone running iOS 14.6, which allowed them to decrypt the traffic and examine exactly what data was being sent”, and they “also examined a regular iPhone running iOS 16”. It makes it sound like this is information impossible to be found without some laborious and technical work.

    But this same information appears to be available if you just ask for it. I have some giant spreadsheets here containing all sorts of analytics about my activity in the App Store, Apple Music, Apple Books, and other Apple services. Maybe I am missing something, but this does not strike me as a massive secret if it is something Apple will hand over if you simply ask.

    Collecting this information at the device or network level may not be telling the whole story. Apple says it adds layers of randomization upon receipt of the data, before it or its products are made available internally. ↩︎

  2. My iPhone is running the latest beta seed of iOS so I assumed it would collect more information. A spot check of a few analytics and usage files did not contain my identifier, but I would not draw general conclusions about iOS from beta builds. ↩︎

The Rapid Security Response for iOS 16.2 Beta Was Just a Test

Jeff Butts, the Mac Observer:

Beginning in iOS 16, Apple has added the ability to push out security fixes without requiring a full iOS update. This can be much faster to install, since the patches are generally much smaller. Wednesday, Apple released one of these updates, called a Rapid Security Response, to testers running iOS 16.2 beta 3. After some time, we learned this update was only for testing purposes.

When I saw this update on my iPhone earlier this week, I assumed it was fixing some kind of critical vulnerability. Alas, it seems it contains no material changes, even though it was over 70 MB for me. I wish this was better documented as a test, but it is good to know this capability exists and, as far as I can tell, appears to work as intended.

The Twitter Train Chugs Along

Elizabeth Lopatto, writing at the Verge in April:

Now, if Musk buys Twitter, I feel like we all have a vague idea of how this goes. First, a lot of Twitter employees quit because Musk’s companies are notoriously miserable places to work. Second, Musk tweets about a bunch of shit and then does some of it — which may or may not include reinstating Donald Trump on Twitter, getting rid of all the spam bots, and adding a fart button. Third: uh, maybe profit?

As of tonight, this train is right on schedule with slim chances of reaching its most optimistic destination.

Younger Generations Have a More Complex Relationship With Data Privacy

I looked between the couch cushions and found some news for you that is not related to Twitter. A pre-emptive caveat that fixed generational boundaries are not my favourite way of grouping people, but I thought the results of this survey were interesting enough to share.

Jordan Marlatt, Morning Consult:

Although complicated, Gen Z’s relationship with data privacy should be a consideration for brands when strategizing their data privacy policies and messaging for the future. Expectations around data privacy are shifting from something that sets companies apart in consumers’ minds to something that people expect the same way one might expect a service or product to work as advertised. For Gen Zers, this takes the form of skepticism that companies will keep their data safe, and their reluctance to give companies credit for getting it right means that good data privacy practices will increasingly be more about maintaining trust than building it.

A shift from privacy as a plus to privacy as an expectation is long overdue, but entirely welcome. It may also explain the bizarre chart that shows younger respondents who were more favourable to companies that engage in a set of anti-privacy practices, like collecting user data without disclosing what purpose it serves or sharing collected information with other companies. If younger respondents believe changing company behaviour and regulations can establish a baseline for privacy, it might result in less concern.

Then again, maybe it is just naïvety. A 2013 survey found Millennials were, at the time, more likely to care less about privacy online, leading the Center for the Digital Future to ask “is online privacy over?” and a Pew survey found much the same. The oldest memebers of Gen Z are in their mid-twenties. Perhaps privacy is something people, in general, begin to worry more about as they become older.

Sponsor: Due — Annoying, Indispensable, Game-Changing

My thanks to Due for sponsoring Pixel Envy this week. Due’s developer asked me to remind you of what makes the app different.

“Annoying” is probably not a word a developer would like his app to be associated with.

I certainly don’t mind.

Thankfully, users have also thought of my app as “indispensable” and a “game changer”.

It has helped people living with ADHD and early dementia. It has saved marriages. And it seems to have even saved lives. I’d love to say I had these noble goals in mind when I made Due in 2010.

The truth is, I created Due for myself.

The first version tackled just one thing — quickly capture what needs to be done, and when it needs to be done.

When I realized it was easy to miss notifications, I added Auto Snooze. It repeatedly notifies me of overdue reminders until I act on them.

Then, I found myself needing to reschedule reminders frequently. So I made it easy to postpone a reminder — even without launching the app.

Someone who had used Due for the past 9 years said the person who created Due knows his stuff.

I guess that’s because there isn’t a day that goes by where I don’t use Due myself.

Learn more about what Due can do for you. Perhaps you’d find Due as useful as my customers1 and I do.

  1. Links to App Store reviews used in post. ↩︎

Two Questions For Twitter’s Future

Max Read:

[…] Put another way, the rest of Twitter will go like the whole verification episode did: it’ll be stupid and annoying for a while, then chaotic, then pretty funny, and then, at the end of the process, basically the same as before, but slightly worse.

Or, that’s how it will go if Musk works hard at rehiring a workforce and repairing the site infrastructure. The problem is that arresting and reversing the decline in functionality is going to take a lot of money and a lot of time. […]

The first question Read poses — how long can the public experience of Twitter continue to work in the midst of chaos and layoffs? — is, I think, less knowable and predictable than the second: how much money is Musk willing to sink into this thing? I would love to believe we win in any circumstance, but I do not think Twitter shutting down is a good thing individually or for the world; it is okay to like Twitter.

Besides, there is a very obvious third direction for the site to take: Musk’s policies could make Twitter worse. He has already promised shadow banning as a policy, which I think is less kind than reminding users of platform rules. It is possible a year or two of speed running website moderation will enable a bunch of awful people and spam while the site maintains comparable influence. If Musk has deep enough pockets, even a decline in advertising dollars may not dent his enthusiasm of owning a big social media platform. That would be an obviously worse outcome.

In 2018, Five Times as Many Shaw Employees Accepted Buyouts as the Company Expected

Christine Dobby, writing for the Globe and Mail in 2018:

Less than three weeks ago, Shaw gave 6,500 non-unionized employees the option to take voluntary severance packages, but said it expected just 10 per cent, or 650 people, to accept the buyouts; on Thursday, it said 3,300 employees had taken the offer – one-quarter of the company’s workforce.

I think about this story more often than you might imagine. For one, it demonstrates the effectiveness of unionization. For another, it also indicates a high level of staff dissatisfaction of management. At the time, annual layoffs were routine at Shaw, but these buyouts were offered to more employees than usual — nearly half the company’s staff at the time. Over half of offered staff accepted the buyouts. That was a lot of people who chose to walk away from an assumed stable job and income, and did not reflect well on Shaw.

Fred Brooks Has Died

Steven M. Bellovin on Twitter:

Sad news from @unccs — Fred P. Brooks, the founder and long-time chair of the department (and a major influence on my professional outlook) passed away a few hours ago.

Brooks, of course, was responsible for Brooks’ Law as described in the Mythical Man-Month: “adding manpower to a late software project makes it later”. An icon and one of the great thinkers in computing.