Pixel Envy

Written by Nick Heer.

Archive for May, 2016

A 1-Million-Site Measurement and Analysis of Online Tracking

Steven Englehardt and Arvind Narayanan of Princeton University measured the third-party tracking scripts on the top million websites as ranked by Alexa. Some findings aren’t surprising — of the top twenty third-party domains, for example, twelve are owned by Google.

But there are some fairly new styles of tracking out there. For example:

Firefox’s third-party cookie blocking is very effective, only 237 sites (0.4%) have any third-party cookies set from a domain other than the landing page of the site. Most of these are for benign reasons, such as redirecting to the U.S. version of a non-U.S. site. We did find a handful of exceptions, including 32 that contained ID cookies. These sites appeared to be deliberately redirecting the landing page to a separate domain before redirecting back to the initial domain.

I’ve previously discussed how Criteo and AdRoll engage in this behaviour.

The HTML Canvas allows web application to draw graphics in real time, with functions to support drawing shapes, arcs, and text to a custom canvas element. Differences in font rendering, smoothing, anti-aliasing, as well as other device features cause devices to draw the image differently. This allows the resulting pixels to be used a part of a device fingerprint. […]

We found canvas fingerprinting on 14,371 sites, caused by scripts loaded from about 400 different domains.

That’s nearly 1.5% of the top million websites, from about 0.5% of all third-party trackers in the study.

Steven Englehardt followed up on Princeton’s Freedom to Tinker blog with one particularly new way a small number of websites are tracking visitors:

[…] One of our more surprising findings was the discovery of two apparent attempts to use the HTML5 Audio API for fingerprinting.

The figure is a visualization of the audio processing executed on users’ browsers by third-party fingerprinting scripts. We found two different AudioNode configurations in use. In both configurations an audio signal is generated by an oscillator and the resulting signal is hashed to create an identifier. Initial testing shows that the techniques may have some limitations when used for fingerprinting, but further analysis is necessary.

Expedia, Hotels.com, and Travelocity are all prepared to use audio fingerprinting, but have not actively implemented it.

It feels like those of us who value a modicum of privacy online are losing a battle against advertising and marketing technology companies. Users are overwhelmingly distrusting of the handling of their personal information by Google and Facebook; imagine how they’d react when they find out that a bunch of smaller companies they’ve never heard of are also collecting vast amounts of data.

These smaller companies are held to a different set of standards than a giant like Google because almost nobody knows they exist. What websites they’re on, what information they collect, and how that information is used often remains a complete mystery. These companies will tell critics that users can always opt-out, but it’s hard to opt out of something when its existence isn’t disclosed.

We need a stronger set of rules regarding the collection and use of personal information. Automatic opt-in should not be the default, and the ability to know what information is collected and how it’s being used ought to be significantly easier.

Google Assistant

I followed along with the Verge’s liveblog of today’s Google I/O opening keynote and, for my money, the standout announcements of the day were Home, an Echo-like always-on hardware bot, and Assistant.

Assistant looks less like a new product and more like a refinement of Google’s other voice-query virtual assistant products, but that’s setting a significantly higher bar than much of the rest of the industry. From the Verge’s liveblog:

In the US, 1 in 5 queries are voice queries. “And that share is growing.” […]

There are over a billion entities in the Knowledge Graph, Google’s super database of stuff that it understands. […]

140 billion words translated per day

It’s that kind of scale that allows Assistant to be as accurate and fast as I saw in the demoes. If you feel comfortable with the privacy tradeoffs of a product like this, it has the potential of becoming indispensable in a way that Siri wishes it were if you’re the sort of person who likes speaking with devices.

I think there are a lot of people — myself included — who will see this as a glorified phone tree, but a super-reliable always-on virtual assistant is a boon from an accessibility and general usability perspective.

One thing remains clear: there is no company that can automatically interpret words and phrases like Google can. They are setting the high watermark and, believe me, it is very high.

On the Female Gendering of Bots

Mandy Brown:

Notably, Amazon’s Alexa, x.ai’s Amy, Apple’s Siri, and Microsoft’s Cortana have something else in common: they are all explicitly gendered as female. […] The neutral politeness that infects them all furthers that convention: women should be utilitarian, performing their duties on command without fuss or flourish. This is a vile, harmful, and dreadfully boring fantasy; not the least because there is so much extraordinary art around AI that both deconstructs and subverts these stereotypes. It takes a massive failure of imagination to commit yourself to building an artificial intelligence and then name it ‘Amy.’

Google’s Assistant, announced today at I/O, is does not have a gendered name, but the voiceover is still decidedly female.

A Collection of iTunes 12.4-Related Links

James Pinkstone, who wrote that post earlier this month about Apple Music erasing his iTunes library, was visited at home by two senior Apple engineers to try to diagnose the bug:

In the days leading up to our face-to-face encounter, they’d earned more of my trust when they acknowledged that A), they’d read the phone transcripts, and although they maintained that she was mistaken, they did not dispute my account of what Amber had told me, and B), they, too, were convinced this was not user error. […]

One of the things on which Tom, Ezra, and I seemed to agree was that Apple is not off of the hook yet. Their software failed me in a spectacular, destructive way; and since I rang that bell, many people have come forward with similar stories. Some may be a result of user error, but I have a hard time believing all are. I think Apple does, too; which is why, as of this writing, they have stated they are currently working on an iTunes update with additional safeguards added.

Sarah Perez, TechCrunch:

The iTunes update that aims to correct this problem is version 12.4, released just yesterday, TechCrunch has confirmed with sources familiar with the matter.

What’s odd is that Apple has not been able to cause music deletions to happen in internal testing. Without being able to reproduce the problem, it’s unclear at this time if the fix being shipped will actually solve this issue for good. It’s also unclear whether the issue is tied to Apple Music’s subscription service, as suspected, or if it could affect regular iTunes users as well.

In non-song-deletion news, Doug Adams of Doug’s AppleScripts for iTunes notoriety says that iTunes 12.4 includes AppleScript additions. In 2016. Miraculous.

Kirk McElhearn:

As timmorrislw points out in the comments, there’s a new iCloud Status of No Longer Available. This shows tracks that you added to your Apple Music library that record labels are no longer allowing to be streamed. It’s interesting to create a smart playlist with this condition, to find how many tracks have been removed. Previously, I had, as the comments said, a smart playlist excluding all the other statuses. Out of 16,000 tracks in my Apple Music library, 843 are no longer available.

And people wonder why I still prefer my local library.

The Ironic Loss of the Postmodern Best Store Facades

Really fascinating article from a couple of years ago, but which was surfaced this week by Vanessa Grall. Margaret McCormick writing at Failed Architecture:

In the mid 1970s, the Lewis Family (the owners and operators of catalogue company Best Products) hired Sculpture In The Environment (SITE) to create a series of facades for nine showrooms across the US. Regardless of the project’s relative financial benefits, the clients gave SITE the one thing all designers crave and fear: full creative reign. […]

What made the Best Showrooms so successful as architectural statements was the balance of spite and sincerity. SITE at the time had all the swagger and irony, but without contempt for the users or client. Going by the old Mel Brooks dogma of really loving the object of your mockery.

You just have to see the photos in the post, and more over on SITE’s website. It’s rather disappointing that such outstanding examples of architectural ingenuity and carte blanche brilliance have vanished.

‘You Were Born Here; You Bought This; You Made This; You Posted These’

Miranda July — who you may know as the creator the We Think Alone series — and Paul Ford — the amazing technology journalist responsible for What is Code? — teamed up for this year’s Seven on Seven conference. Whitney Mallett of Vice was there:

The last team to take the stage at this year’s iteration, July and Ford began telling a story with an incantatory second-person refrain. You were born here. You bought this. You made this. You posted these — all with corresponding cell phone photos, videos and screenshots projected behind them.

Mostly, though, the content was spoken. “Congratulations on learning Debussy’s Clair de Lune,” July intoned, her voice at once steady and melodic. “I think we can all agree with your mother when she says, ‘Makes me want to move the piano out in the field so you can play by the light.’”

When a crappy cellphone video of a waitress singing happy birthday played, I realized these were not fictional characters but real people. Slowly, it dawned on us who “you” was.

I found this an extraordinarily powerful meditation on what we choose to share. Our guard is slowly but certainly coming down, and we’re more comfortable than ever sharing intimate details and moments. This performance is haunting, concerning, invasive, and poetic, all at the same time.

The Unbearable Lightness of Being Yourself

Jason Kottke:

I wonder if Snapchat’s intimacy is entirely due to the ephemerality and lack of a “fave-based economy”. Blogs, Flickr, Twitter, Vine, and Instagram all started off as places to be yourself, but as they became more mainstream and their communities developed behavioral norms, the output became more crafted and refined. Users flooded in and optimized for what worked best on each platform. Blogs became more newsy and less personal, Flickr shifted toward professional-style photography, Vine got funnier, and Twitter’s users turned toward carefully crafted cultural commentary and link sharing. Editing worked its way in between the making and sharing steps.

Snapchat feels, to me, a lot like Twitter in its earliest days, despite operating at a scale many times greater than that. It feels lithe and quick. You share things either publicly — to the “Story” — or privately with a handful of people, and doing either feels completely effortless.

But I see all of these social networks as places to be yourself. You don’t have to refine your tweets or hone them for what drives engagement — *sigh* — or tweak your blog posts so they’re “newsy”. It’s totally possible to be entirely yourself everywhere; I feel that I am. And, if you’re as guarded as I am, the “editing” part of the equation never leaves. Everything you publish is yourself, selectively. I don’t see Snapchat as inherently more intimate, but I do see it as more nimble, with every photo feeling like it has the same amount of mental weight as it does physical weight: zero.

MCX Postpones Rollout of CurrentC

A year and a half after its debut, CurrentC still hasn’t see a proper launch. And, as Ingrid Lunden reports for TechCrunch, it’s unlikely to do so in the future:

Merchant Customer Exchange (MCX) today announced it would postpone a nationwide rollout of CurrentC, a smartphone payment initiative originally conceived as a mobile wallet rival to smartphone-led services like Apple Pay and Android Pay. As a result, MCX said it would lay off 30 people as it shifted its focus to working with financial institutions.

So far, CurrentC was deployed to just nine retailers in Columbus, Ohio.

The accompanying statement from the CEO of MCX Brian Mooney was squirrelly enough to get a fresh PR-speak translation from John Gruber:

Utilizing unique feedback from the marketplace and our Columbus pilot, MCX has made a decision to concentrate more heavily in the immediate term on other aspects of our business including working with financial institutions, like our partnership with Chase, to enable and scale mobile payment solutions.

CurrentC is a complete and utter failure.

In a nut, yeah.

AnandTech’s iPhone SE Review

Speaking of the iPhone SE, Brandon Chester has just completed his in-depth review of the iPhone SE for AnandTech. There’s obviously a lot to digest here, but I want to highlight two sentences in particular:

It’s probably no surprise at this point, but the iPhone SE is going to be a familiar phone. With essentially the same chassis as the iPhone 5s, the iPhone SE marks the first time that Apple has used the same design in three generations of an iPhone.

I wonder if the SE is Apple’s way of setting an expectation for three generations of iPhone using the same chassis.1 Current rumours regarding this year’s big iPhone models indicate a hardware design that’s largely consistent with the current iPhone models.


  1. As far as I’m concerned, Apple can keep issuing new phones that look like the 5, 5S, and SE. What a classic piece of industrial design. ↩︎

‘Shrink It and Pink It’ Done Right

Adrianne Jeffries of Vice used the iPhone SE for a few weeks in lieu of her usual Android phone:

Using the smaller iPhone SE was delightful. My current Z5 Compact and the Z3 Compact I had before it were both excellent, premium phones, and waterproof to boot. However, the iPhone is a luxury by comparison. It was nice to use a luxury phone in my size. If I were in the market for a new phone right now, I’d seriously consider buying one. It is the only truly small high-end smartphone.

But:

There still isn’t much choice when it comes to size for top-shelf smartphones. I’m crossing my fingers that the success of the SE turns the hypetrain the other way.

Every time I head into my local Apple Store, I fiddle around with one of the SE models on display, if I can get my hands on one — the table is often pretty full. I’m always struck by how right it feels. The display of my 6S is vastly better and I love 3D Touch, but I’ve heard of a lot of people switching back because of its size. It’s awfully tempting to do the same.

Roughly thirty million four-inch iPhones sold in 2015 should give Apple a pretty good reason to consider updating the SE (or a comparable model) annually.

Even Neil Young Isn’t Using Pono

Longtime readers will know that my favourite celebrity-driven lossless streaming pet project is not Tidal; it’s Neil Young’s Pono. Debuted in 2012 but not released until 2015, the Pono Player was Neil Young’s attempt to rescue the world from the supposedly muddy waters of other streaming music services. And, I’m just guessing here, it hasn’t been a rousing success. Christina Warren, Mashable:

But now, in an ironic twist, the first track off of Young’s latest album, EARTH, isn’t available on Pono. The track is a Tidal exclusive.

First, I’ll note that Warren’s source is Digital Music News, which we’ve briefly discussed as being, uh, unreliable. But this isn’t a rumour about Apple coming from them; it’s just news.

Second, Tidal does accomplish many of the goals with which Young launched Pono: the tracks are lossless, and the service is artist-centric. However, it isn’t available at the mega-high bit depths and sample rates as Pono, which makes it — by his own marketing — unlistenable.

Dark Patterns

Natasha Singer, New York Times:

Harry Brignull, a user-experience consultant in Britain who helps websites and apps develop consumer-friendly features, has a professional bone to pick with sites that seem to maneuver people into signing up for services they might not actually want.

He even has a name for the exploitative techniques: “dark patterns.” To him, these are debased versions of the typical sign-up, sharing, shopping, checkout and download processes that are standard practice online. […]

There’s the “sneak into basket” technique, where a retailer automatically adds products — like a magazine subscription or travel insurance — to consumers’ shopping carts and makes it hard for them to remove the unwanted items. There’s the “roach motel” or “walled-garden” technique, in which sites offer fast-and-easy sign-up processes but make it much more cumbersome for consumers to close accounts.

I, too, dislike it when companies allow you to register for or subscribe to something online, but require you to opt-out by phone or mail.

Twitter to Stop Counting Photos and Links in Character Limit

Sarah Frier, Bloomberg:

Twitter Inc. will soon stop counting photos and links in their 140-character limit for tweets, according to a person familiar with the matter.

The change could happen in the next two weeks, said the person who asked not to be named because the decision isn’t yet public. Links currently take up 23 characters, even after Twitter automatically shortens them. The company declined to comment.

Strangely absent from this scoop: any mention of also discounting @-replies and user handles. Sometimes, discussions can become deeply nested with many participants, and the character count can impede the discussion,1 particularly if it involves people with longer handles.

A counterpoint to this might be that not including user handles in the character limit could allow some jackass to spam lots more accounts at one time. I think this could be solved by limiting the number of users anyone is allowed to mention — perhaps seven to ten might be a good maximum.


  1. It’s reasonable to ask whether Twitter is a suitable platform for that kind of discussion, to which I would answer “not really, but that’s how it’s being used and Twitter’s best changes have always been driven by the community”. ↩︎

Apple Releases OS X 10.11.5, iTunes 12.4

Looks like the 10.11.5 update fixes some of the same enterprise bugs as iOS 9.3.2, while iTunes 12.4 has a slightly refreshed UI. Here’s hoping the update also fixes some of the myriad bugs I’ve filed against iTunes 12 since it was launched, though it doesn’t appear to change the integration of Apple Music much, if at all.

Update: No word on whether iTunes 12.4 includes a fix for the disappearing media bug.

Update: iTunes 12.4 fixes a bug where the Albums view would jump back to the topmost position when selecting an album if the Recently Added section was visible. It resolves this by — get this — moving the Recently Added section out of the Albums view and into its own view. I guess that’s technically a fix.

Apple Releases iOS 9.3.2

Remember that FairPlay bug that was preventing me — and, presumably, at least a few other people — from using native watchOS apps? You probably remember it as the thing I kept mentioning until Apple paid attention to it. Well, this is a bug fix nearly a year in the making: iOS 9.3.2 resolves it. And they don’t even mention this in the release notes.

For those of you with an iPhone SE, or if you want to use Night Shift and low battery mode at the same time, this update fixes issues there too.

Update: Mayur Dhaka:

Meanwhile launching the camera still pauses your music. One would think it isn’t a complicated fix.

One day, listening to music while taking a photo will once again be possible. I have hope.

Update: Apparently, this update is bricking some 9.7-inch iPad Pro models with an “error 56” message. Out with one debilitating bug; in with another.

Jason Scott Is Archiving Thousands of Hip-Hop Mixtapes

Jason Scott:

There’s parody, there’s aggrandizement, and there’s every attempt to draw in the listeners in what is a pretty large pile of material floating around. I can listen to some of it, but not really much before I ‘get it’.

But it’s not about my personal preferences in music – it’s about the fact this whole set of material has meaning, reality and relevance to many, many people.

The web is old enough that links regularly rot,1 but young enough that we haven’t quite figured out how to deal with preserving this data. The Internet Archive is an invaluable resource that comfortably, if unofficially, fills this gap.


  1. Slide “Contempt for the Past”. ↩︎

When Worse Is Better

Good post from Daniel Jalkut, on how Amazon’s relatively limited feature set for the Alexa family makes it less susceptible to disappointment than Siri. He compares it to the handwriting recognition software that was in the Newton and Palm Pilots in the ’90’s:

By dramatically diminishing the magic of its handwriting recognition technology, Palm dramatically increased its reliability. Users seemed to appreciate this compromise, as Newton sputtered, and Palm Pilots went on to define the whole genre of hand-held digital assistants.

It’s like the uncanny valley, but in terms of capability rather than human likeness. Unfortunately, once the threshold has been crossed, there’s no place to go but up. Apple isn’t going to strip functionality from Siri; they now need to make it vastly more capable and reliable at the same time. It’s a good thing third-party developers will soon be able to help them out with that, so I hear.

Apple Has Dramatically Reduced App Review Time

Federico Viticci, MacStories:

Apple appears to be shortening review times for new app and update submissions to the App Store. According to data collected by independent app review tracking website AppReviewTimes and as reported by Bloomberg today, review times have approached 2 days as opposed to the 7-10 days it took Apple to review apps in the past.

If this keeps up, there are going to be some happy developers at WWDC this year.

Apple Invests $1B in Didi Chuxing, China’s Uber

Yeah — a billion dollars, with a B. Julia Love, Reuters:

The investment gives Apple, which has hired dozens of automotive experts over the past year, a sizeable stake in Uber Technologies Inc’s chief rival in China. [Tim] Cook said in an interview that he sees opportunities for Apple and Didi Chuxing to collaborate in the future.

“We are making the investment for a number of strategic reasons, including a chance to learn more about certain segments of the China market,” he said. “Of course, we believe it will deliver a strong return for our invested capital over time as well.”

A casual observer of Apple-related rumours will remember their ongoing electric car project, and could potentially see some good tie-in here. Maybe a way to mass-test electronics or some sort of automated hailing service.

I have no On the other hand… speculation. That’s pretty much it, plus a way to gain some major brownie points with China’s regulators.

Automattic to Offer .blog TLD

Mark Armstrong of Automattic:

Automattic — the parent company of WordPress.com — secured the rights to oversee and operate the sale and registration of .blog domains, a new and never-before available top-level domain. You’ll be able to purchase a .blog domain at WordPress.com or through our partner domain name registrars. And again, the .blog domain will be available to everyone, regardless of what kind of site you have or who hosts it.

ICANN’s decision to allow private companies to own and control generic top-level domains was incredibly short-sighted. I think it will backfire in the not-too-distant future.

That said, I’d rather Automattic control .blog than Google. I linked to a great article by Drew Crawford last year, but it’s just as relevant today:

My point is that if you think Google is some kind of Patron Saint of the Open Web, shit son. Tim Cook on his best day could not conceive of a dastardly plan like this. This is a methodical, coordinated, long-running and well-planned attack on the open web that comes from the highest levels of Google leadership.

Google was planning on using .dev for internal Google use alone, and making .blog available exclusively to Blogspot users. At least Automattic allows anyone to register a domain, regardless of their platform choice.