Month: September 2015

The team at iFixIt has disassembled the iPhone 6S once more in the name of finding out just how water resistant it is, and it looks like Apple has done some serious waterproofing. From a sticky gasket around the display — not “strips of tape”, as I thought — to cable connectors surrounded by tiny seals, not one of which was ever married to Heidi Klum, there’s a lot going on here. It’s not waterproof, certainly, but it’s definitely less likely to have damage after moderate exposure to liquids. How much less is still a question that’s up in the air, and I’d love to see a side-by-side comparison with its predecessors.

While Apple was busy greatly improving their privacy page, Google announced a new advertising product called “Customer Match” that’s pretty creepy. If you aren’t opted out of personalized advertising, you may be familiar with a situation where you visit one site, then visit other sites only to find an ad from that first site tagging along. This is known as “remarketing”, and Google’s new advertising product takes it to the next level:

Customer Match is a new product designed to help you reach your highest-value customers on Google Search, YouTube, and Gmail — when it matters most. Customer Match allows you to upload a list of email addresses, which can be matched to signed-in users on Google in a secure and privacy-safe way. From there, you can build campaigns and ads specifically designed to reach your audience.

If you use the same email address on a bunch of sites — as most people probably do — and stay signed into Google, those third-party sites can now target you much more specifically.

Google advertising executive Sridhar Ramaswamy in an on-stage interview at Advertising Week New York:

“The real problem is that ad blockers throw out the baby with the bathwater. They make monetization impossible for a whole slew of people,” he said in an interview with Fast Company managing editor Bob Safian. “We need to recognize, as an industry, that this is something we need to deal with. We need to work together to come up with a definition of what an acceptable ad is and what an acceptable ads program can be.”

These are decidedly unacceptable ads.

If you signed up for the three month free trial of Apple Music on the first day of its launch, today is the final day you get free access before having to pony up the monthly rate. So, have the past few months convinced you to go all-in?

I asked this question on Twitter and within a medium-sized Slack channel: the Slack poll is at a perfect 50/50 split right now, while the responses on Twitter have been similarly mixed. Those numbers are a little lower than what was reported in mid-August, but not by much, and there’s still plenty of room to grow — a lot of people I know haven’t even tried it yet.

I’ve already cancelled my Spotify subscription and will be using Apple Music, though not without hesitations. The number of features that rely upon the still-buggy iCloud Music Library is frustrating,1 Connect has tumbleweeds blowing through it, and search has no room for fuzziness. But the combination of that many high-quality tracks and pre-made playlists available directly in my Music app in an integrated fashion is hard to beat. And, for families, the $15 per month pricing is a huge deal.

I sincerely hope Apple keeps improving the app and service, offering better connectivity with real-life friends and more features available without requiring iCloud Music Library to be turned on.

  1. Not only do the lingering bugs make me not want to turn on iCloud Music Library, I actually can’t as it’s still limited to 25,000 songs, as is iTunes Match. Eddy Cue promised at WWDC a 100,000-song limit that would be introduced alongside iOS 9, but Apple hasn’t been able to deliver that yet. ↥︎

Matthew Panzarino:

If you click your way through [Apple’s revised privacy page], you’re going to see a product that looks a lot like the pages that are attempting to sell you iPhones. There is a section that explains Apple’s philosophy; one that tells users in practical terms how to take advantage of Apple’s privacy-and security-related features; an entire section on government information requests; and, finally, its actual privacy policy. […]

This is the template for all other tech companies when it comes to informing users about their privacy. Not a page of dense jargon, and not a page of cutesy simplified language that doesn’t actually communicate the nuance of the thing. Instead, it’s a true product. A product whose aims are to inform and educate, just as Apple says its other products do.

I noticed this too, yesterday, when I was researching for a forthcoming article. The new privacy page is something only Apple can really do because nobody else is actually doing the things they are. But, as a marketing piece, it isn’t necessarily entirely forthcoming. Take the iMessage section:

Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode. Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices. So unlike other companies’ messaging services, Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to. While we do back up iMessage and SMS messages for your convenience using iCloud Backup, you can turn it off whenever you want.

And this excerpt from the iCloud section:

All your iCloud content like your photos, contacts, and reminders is encrypted when sent and, in most cases, when stored on our servers.

When read together — and, particularly, when combined with this support document — this gives the impression that iMessages backed up to iCloud will surely be encrypted, but they’re not. This is alluded to, though not stated explicitly, by the last sentence of the excerpt from the iMessage section above. Apple has done a much better job with this site than its competitors, and people are more likely to actually read it, but it doesn’t always seem to be fully forthcoming. At Apple, privacy is a product, but I don’t think it can entirely be marketed as such.

It’s not like their competition is any better though:

Does Google sell my personal information?

No. We do not sell your personal information.

We do use certain information, such as the searches you have done and your location, to make the ads we show more relevant and useful.

Translation: We do, but only in an intermediary fashion.

Neil Cybart has collected into one place much of what is known about Apple’s “Project Titan” car, reasoning that it has reached mid-2000s-era iPhone development:

Evidence suggests Apple Car is Apple’s growing priority. Project Titan leadership has reportedly been poaching employees from other divisions, and one should expect this trend to intensity in the coming years. This is not to suggest that the iPhone, iPad, and Mac will be put on the back-burner. Instead, Apple is only now finding its stride with those products. As seen with the iPhone 6s / 6s Plus, Apple did not settle for a “S” cycle update but is instead much more focused on shipping new iPhone features each year that help support the shift to a leasing paradigm where many iPhone buyers upgrade to the latest iPhone model every year. Take a look at iPod trends back when the iPhone was being developed; Apple actually saw increasing iPod sales on new and innovative models all the way up to 2008. It is important to not underestimate the breadth of talent Apple has dedicated to its current product lineup, even after taking into consideration losses to Project Titan.

El Capitan will be released tomorrow, but the review embargo has been lifted today. It’s odd seeing Ars Technica’s review not bylined by John Siracusa; no surprise that it took two people to replace him. It’s not as entertaining as one of Siracusa’s, I don’t think,1 but it is extremely comprehensive and well worth the read.

I’m sure this week’s ATP will be solid, though. (That link will be a dead end until the episode is posted.)

  1. Apologies to Andrew Cunningham and Lee Hutchinson, both of whom worked very hard on this review. But they’re going up against a legend. ↥︎

In iOS 9, Siri was updated to provide haptic feedback instead of audible feedback upon activation, by way of pulsing the vibrator in a similar pattern to the familiar “ding-ding” sound. I really liked this change; it felt more personal and connected.

So you can imagine my surprise — after upgrading to an iPhone 6S — to not have any feedback upon holding down on the home button. I figured that it must be a bug in the integration between the Taptic Engine and the lack of audio feedback,1 and I planned on filing a Radar.

So did Daniel Jalkut, until he figured out why this change was made:

Apple “broke” the haptic feedback associated with invoking Siri, by “fixing” the problem that there had ever been any latency before. Have an iPhone 6s or 6s Plus? Go ahead, I dare you: hold down the home button and start talking to Siri. You will not escape its attention. It’s ready to go when you are, so it would be obnoxious of it to impose any contrived delay or to give taptic feedback that is uncalled for. Siri has become a more perfect assistant, and we have to change our habits to accommodate this.

Jalkut is right: this is way better. The lack of feedback is disconcerting at first — if you’re like me, you want some way for Siri to tell you that it’s ready to accept input. But it never really comes, apart from a visual on-screen indication via the histogram.

This somewhat mimics the Watch: if you raise your wrist and say “Hey, Siri” and then proceed to pause as you wait for the words “Hey, Siri” to appear onscreen, the request will likely be sent prematurely. The Watch is slow enough while activating Siri that it creates a pause in which it thinks you’re done speaking. I’ve learned to just plough ahead and hope that Siri catches up, which it does most often.

(The times that it doesn’t — whether it’s due to the speed of the Watch, the connection status of Siri, its fudging of dictation, or whatever — are still very frustrating. It is those times that you’re reminded that it doesn’t matter how natural-language Siri feels, it’s still software.)

  1. The Taptic Engine is somewhat connected to the speaker.

    If you have a 6S, there’s a cool way to feel this by selecting Sounds from Settings, then choosing Text Tone. Pick any of Apple’s tones and notice how the vibration matches the audio. This is made possible by the new “Synchronized” vibration pattern, selected by default. Unfortunately, this doesn’t work with third-party ringtones. ↥︎

Juli Clover, Macrumors:

Apple recently removed older versions of OS X and other discontinued software from the Purchased tab of users who had previously purchased or downloaded them. With the change, it is no longer possible for users to download Aperture, iPhoto, OS X Lion, OS X Mountain Lion, and OS X Mavericks from the Mac App Store.

Even if my beloved Aperture weren’t mentioned, this is still disheartening. And it’s not just the Mac App Store. Panic:

We’ve seen this too. iOS removed-from-sale apps, like Prompt 1, may be unavailable for re-download as well.

This might all simply be a misconfiguration or a mistake, but I’ve long been worried something like this may happen. This is software that was previously purchased; while it’s no longer available for general sale, it should still be offered to those who purchased it to download again. I certainly hope this isn’t a deliberate change.

Earlier today, I linked to a YouTube video that supposedly showed the iPhones 6S surviving constant immersion in water for over an hour while powered on. That’s an impressive feat, especially considering previous attempts at this sort of thing only worked in advertising. And it genuinely came as no surprise to me; it seems logical that the iPhones that followed the Apple Watch would benefit from the latter’s waterproofing innovations.

Upon further consideration, though, a few doubts or caveats linger. For a start, I claimed that iFixIt found no evidence of better waterproofing, but I was reminded that the four adhesive strips affixed to the display gasket could be interpreted that way. But, I must say, I doubt four pieces of tape are all that would allow an iPhone to last underwater for over an hour.

Which brings me to my second question: why wasn’t this set up as a test against previous iPhones? There are stories of older models being lost underwater for days, though these are probably the exception rather than the rule. Surely, though, this video would be far more useful if the 6S were compared to its predecessors.

I wouldn’t try this if I were you, obviously. I hope an adequate testing body can take this for a more thorough spin and see if there’s something to the idea that the new iPhones are far more water resistant. In the interim, keep your new iPhone dry.

I know you will be shocked — shocked — to learn that the people who designed Medium now work at Facebook.

Update: Geoff Teehan says that he had nothing to do with this redesign. Seems silly that Facebook would feel the need to hire the designers behind Medium, and then not utilize their skills while creating their similar-looking product. Thanks to reader Ishtaarth for pointing this out via email.

When I post a link to an article from the Intercept, I’m sure some of you grumble and think “what is it this time?” It turns out that if you’ve browsed the internet since mid-2007 or so, much of your traffic has probably been scooped up and stored by British intelligence. Surprise!

Ryan Gallagher:

By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”

Metadata records in bulk with no identifying information are somewhat inconsequential; it’s basically a giant analytics engine at that point. What GCHQ decided they needed was to align metadata — domain names, access time, IP address, and the like — with actual records:

All GCHQ needs is a single identifier — a “selector,” in agency jargon — to follow a digital trail that can reveal a vast amount about a person’s online activities.

A top-secret GCHQ document from March 2009 reveals the agency has targeted a range of popular websites as part of an effort to covertly collect cookies on a massive scale. It shows a sample search in which the agency was extracting data from cookies containing information about people’s visits to the adult website YouPorn, search engines Yahoo and Google, and the Reuters news website.

Want another reason that targeted, profiling web ads suck? The U.K. government — and, probably, the U.S. government, too — is associating those profiles with scooped web traffic.

John Herrman in the Awl:

It doesn’t seem very useful to reassess our ledgers of privacy without also considering our ledgers of power. Those companies that have invited the most criticism for their erosion of privacy have become vastly more powerful than the people doing the complaining. The alleged surplus of “obsessive” worry didn’t do much to stop that; stories like this one, from 1990, which concludes that we have “no way of knowing all the databases that contain information about us” and that “we are losing control over the information about ourselves,” don’t seem pathetic or wrong-minded in retrospect. Mostly just ill-equipped.

In this new world, the old privacy is discarded with for its lack of utility and its interference with ubiquitous and fundamentally incompatible services.

Well worth your time.

Jack Marshall, Wall Street Journal:

There is money to be made blocking ads and, as it turns out, allowing ads to evade ad blockers. Eyeo GmbH, the company behind popular desktop ad-blocking tool Adblock Plus, now accepts payment from around 70 companies in exchange for letting their ads through its filter. Eyeo stipulates that they must comply with its “acceptable ads” policy, meaning their ads aren’t too disruptive or intrusive to users. In total, ads from some 700 companies meet the acceptable ads policy, an Eyeo spokesman said.

Eyeo is now reaching out to developers of other ad-blocking tools to cut deals that allow certain ads to pass ads through their filters, too, in exchange for payment.

[Crystal developer Dean] Murphy said he has taken Eyeo up on its offer, and plans to implement an option within his app whereby “acceptable” ads will be displayed to users. The feature will be switched on by default, Mr. Murphy said, and he will receive a flat monthly fee from Eyeo in return. Mr. Murphy declined to disclose the fee, but said he expects to make less money from Eyeo’s payments than from sales of the app itself.

I think it’s a little bit weird that this decision has created such a controversy. The most logical consensus seems to be that most people want to block web crap: trackers, page-covering ads, interstitials, dumb copy-and-paste modifications, and the like. But there are plenty of ads that are unobtrusive and don’t kill your smartphone’s data plan, and these ads help support publishers of all sizes. If there were a way to block the worst of the web crap while allowing unobtrusive ads through, thereby supporting publishers, isn’t that a good thing?

I get that it feels uncomfortable or unfair for Murphy to charge users for an app billed as an ad blocker, while also receiving indirect payment from the ad industry for letting some ads through. I think that Murphy should be compensated for his work in building the blocker in the first place, but I’m not so certain that it’s fair to charge ad networks for inclusion on a whitelist.1 Big networks will be the ones that can afford it, but they’re also the most worrying from a privacy standpoint; smaller networks likely won’t be able to afford the toll, so publications that rely upon them will have a much rockier ride ahead, as will publishers that run their own ads.

Perhaps this would be less of an issue if Murphy — or Eyeo — didn’t receive compensation for whitelisted ads. It is, after all, still optional — if you want a full ad blocker, you’ll be able to flip a switch to turn off the whitelist. But I see no issue with an app that can run in a mode that’s more like an ad filter rather than an ad blocker.

Update: Dean Murphy has clarified his decision in a blog post. One of the things I got wrong is my impression that advertisers pay a fee to be included in Eyeo’s whitelist. That’s not always true:

…Around 90% of websites on the Eyeo Acceptable Ads whitelist do not pay a fee to be included, only the absolute largest companies pay for inclusion, assuming they meet the criteria of course. In turn, this allows for better ads that meets the criteria to be displayed.

My assessment that this toll creates a negative environment for smaller networks and publishers isn’t accurate, but this is good news.

Less good are the so-called “Acceptable Ads” on Eyeo’s whitelist. While Eyeo prohibits the most irritating advertising behaviour, they don’t say anything about trackers. If we use the AdBlock Plus exception list as a rough guide, we can see several instances of trackers, beacons, and similar scripts.

Samantha Bielefeld also interviewed Dean Murphy:

Samantha: I would have liked to see you retain control over every aspect of the app’s operation. Was there a reason, besides possibly a financial one, that you didn’t?

Dean: The main reason – I don’t possess the resources necessary to hand pick, and arbitrate what ads are acceptable. It would require making sure they meet a certain criteria, and I would have to then monitor the ads in order to ensure that standards had been met. It would also require me to form business relationships with advertising networks, etc. It would be a massive time sink and would involve a hell of a lot of work that would distract me from everything else.

This makes sense to me. I don’t see this as a major issue, and I’m a bit surprised at the kind of outrage it generated. This feature is optional, good for publishers, and makes the ad industry more aware of what’s tolerable.

  1. It doesn’t help that the Acceptable Ads crew isn’t open about what networks have paid to be included. ↥︎

Yet another terrific talk from Maciej Cegłowski on corporate information gathering and tracking:

Advertising-related surveillance has destroyed our privacy and made the web a much more dangerous place for everyone. The practice of serving unvetted third-party content chosen at the last minute, with no human oversight, creates ideal conditions for malware to spread. The need for robots that can emulate human web users drives a market for hacked home computers.

It’s no accident how much the ad racket resembles high-frequency trading. A small number of sophisticated players are making a killing at the expense of everybody else. The biggest profits go to the most ruthless, encouraging a race to the bottom.

Aptly, for a talk on surveillance, it was recorded; I hope the video gets posted soon.

Speaking of Samantha Bielefeld, the third post on her site is titled “Well, That Didn’t Take Long”, and it’s about pretty much exactly what you’d expect: she’s a woman on the internet, and some jackass decided that was reasonable grounds to write to her and tell her to end her life. Seriously.

G. Keenan Schneider:

Let’s pause and ruminate quickly on the title of her piece: Well, That Didn’t Take Long. How horrid. She was expecting this. She knew merely because of her gender that creating something would make her a target. She was prepared for it, but you get a sense from the wording that she wasn’t expecting the inevitable hatred to be upon her with such swiftness.

Bielefeld, meanwhile, can’t be stopped.

November 2015 Update: Samantha Bielefeld is a fraud.

Speaking of the Verge, Nilay Patel wrote an article a little while back about content blockers, and it ruffled some feathers. I was preparing a response to it when mine was summarily made redundant by Samantha Bielefeld’s excellent retort. Her followup to some back-and-forth with Patel on Twitter is equally golden:

As long as The Verge survives, who cares right? Far be it for a larger publication to take a stand and help enact some change. Not only will small publishers be the ones to vanish, but it will be because their voices don’t carry as far as Vox Media. His article states that the web is dying, yet, he plays it off as nothing more than a war amongst leading tech companies. Apparently the issue has absolutely nothing to do with advertising networks who don’t respect the experience or privacy of the visitors to sites they display ads on.

A great deal of media outlets published, I think, very respectable replies and opinion pieces to ad blockers in iOS. Some were concerned over the future of their sites, others were more concerned about individual writers, and plenty thought it might do the web a favour despite — or perhaps because of — the collateral damage.

But Patel’s response was a semi-conspiratorial prediction of the end of the web, thanks to fighting between Facebook, Google, and Apple. It barely made any sense, unless you’re already hopelessly cynical about this sort of thing. Bielefeld did a great job deconstructing it.