Month: August 2017

An Anti-Diversity Manifesto Is Circulating Within Google gizmodo.com

Kate Conger, Gizmodo:

A software engineer’s 10-page screed against Google’s diversity initiatives is going viral inside the company, being shared on an internal meme network and Google+. The document’s existence was first reported by Motherboard, and Gizmodo has obtained it in full.

In the memo, which is the personal opinion of a male Google employee and is titled “Google’s Ideological Echo Chamber,” the author argues that women are underrepresented in tech not because they face bias and discrimination in the workplace, but because of inherent psychological differences between men and women. “We need to stop assuming that gender gaps imply sexism,” he writes, going on to argue that Google’s educational programs for young women may be misguided.

Amongst the fallout from this manifesto, the most abhorrent replies are those praising the author for his bravery in raising these issues — as though it’s a simple matter of opinion, like whether blackberry or raspberry jam is better in a peanut butter sandwich. These responses serve to legitimize bullshit, and that would be a farcical take on the current information climate in which we live if it were not so objectionable.

Former Google engineer Yonatan Zunger, in a section of a Medium post addressed directly to the author of the manifesto:

You talked about a need for discussion about ideas; you need to learn the difference between “I think we should adopt Go as our primary language” and “I think one-third of my colleagues are either biologically unsuited to do their jobs, or if not are exceptions and should be suspected of such until they can prove otherwise to each and every person’s satisfaction.” Not all ideas are the same, and not all conversations about ideas even have basic legitimacy.

Some opinions and arguments are simply and plainly wrong. We need to stop pretending that there is validity to every opinion. What this Googler wrote is wrong, and those defending him for writing it are complicit in spreading a falsely-equivalent argument.

HomePod Firmware Reveals Scene Detection Features macrumors.com

Juli Clover, MacRumors:

The HomePod firmware Apple released early continues to offer up insight into future software and hardware capabilities for the HomePod, iPhone 8, and other devices, with the newest discovery coming today developer from Guilherme Rambo.

[…]

The firmware suggests the camera app will be able to detect different types of scenes, photo conditions, and photography subjects like pets and children. Several scenes are referenced, including Fireworks, Foliage, Pet, BrightStage, Sport, Sky, Snow, and Sunset/Sunrise, indicating the iPhone’s camera may be able to detect a scene and then set the ideal exposure, shutter speed, and other factors to take the best photograph.

I return to one of the questions that I asked earlier this week: how could something like this be exposed by the HomePod firmware? The HomePod doesn’t have a camera; in fact, the firmware suggests that these features are specifically for an as-yet unannounced iPhone to be released this year.1 Even though I understand that the HomePod is still being developed and that the firmware is a nowhere-near-final fork of iOS, I don’t necessarily see why code for completely unrelated features — especially features that seem to be specific to a different product — would be in there.

Also of note: this firmware leak is right up there with the lost or stolen iPhone 4 in terms of what it is revealing well ahead of when Apple intended. However, it’s fascinating to me that it has received little mainstream press coverage. The iPhone 4 leak was in major newspapers and on television; this leak seems like it is basically confined to the tech press. Maybe it’s because there’s no physical hardware to show or because leaks like this aren’t as interesting as stories about an iPhone being left in a bar, but I’m surprised by the relative lack of coverage outside of the tech sphere.

  1. The “Pearl” codename that was discovered in the firmware was rumoured to refer to the new face-based unlocking feature. However, there are references to Pearl with regard to the back camera in the firmware as well — a context which makes no sense to me for unlocking a device. My bet is that “Pearl” refers to new object and scene recognition features generally, of which facial unlocking is one part. While I’m aimlessly speculating, I’d also like to point out that “Iris Engine” was trademarked by Apple last year. At the time, I thought this might refer to some new camera tech for the iPhone 7; now, I think it might be the marketing name for Pearl features. But, hey, I’m just throwing stuff at the proverbial wall. ↥︎

The Notch blog.maxrudberg.com

Max Rudberg has been playing around with different ideas on how an iPhone with a “notched” screen and virtual home button might work in practice. They’re intriguing mockups — you should check them out and, for what it’s worth, I’m partial to his third option — and they give me an opportunity to pose a question I’ve been thinking about for months: will third-party apps be able to customize what gets displayed in the home button area and in the display segments on either side of the notch? My hunch is that apps will be able to select whether they run in full screen — hiding the onscreen home button — or normal mode, but nothing beyond that.

The Matter of High-End iPad Growth nigelwarren.com

Nigel Warren (via Michael Tsai):

The iPad’s average selling price can be seen as an indication of whether the iPad has the potential to continue evolving into a more capable tool. If sales of the Pro line are weak, it’s a sign that Apple hasn’t succeeded in creating useful functionality that takes advantage of improved hardware. And if users don’t need improved hardware, Apple’s business model can’t justify continued iPad software development long term.

It has been remarkable over the past several years to watch the iPad’s skyrocketing performance potential, but it has been infuriating to see a lack of comparable software improvements. iOS 11 will help turn that corner, but I feel a lot of work remains to make the power of the iPad feel like it’s being put to use.

Decrypting Amber Rudd ar.al

Aran Balkan (via Toob Design):

What Amber Rudd wants will not make you safer. It will not protect you from terrorists. What it will do is make it easier for governments to spy on activists and on minority groups. What it will do is make all of less safe and lead to chilling effects that will destroy what little democracy we have left. It will result in a surveillance state and a global panopticon the likes of which humanity has never seen.

As for the companies that are part of the Global Internet Forum to Counter Terrorism – Facebook, Microsoft, Twitter and YouTube (Google/Alphabet, Inc.) – only a fool would trust a single word that comes out of their mouths about end-to-end encryption on their platforms or about the privacy features of their apps. Given what Rudd has said, consider that any end-to-end encryption they say they have today may be disabled and compromised, without your knowledge, during any app update at any time in the future.

I doubt many people really trust what Facebook and Google say about privacy anyway, but their participation in these confidential talks is not confidence-inspiring. Of note, Snap and Justpaste.it are now participants in the Global Internet Forum as well.

The iPad’s Comeback Tour leancrew.com

Dr. Drang points to two key figures in Apple’s latest earnings, with regard to the iPad: its 15% increase in unit sales, and its 2% growth in revenue,1 both compared to last year’s third quarter:

A real, live, honest-to-goodness, actual rise of 15% in year-over-year unit sales led to an upturn in the four-quarter moving average, the first since the end of 2013. No one needs to root for Apple to make more money, but this is the kind of news that might encourage developers to support the iPad and make it a better product for all of us.

More new iPads being sold combined with this autumn’s iOS update — which, unlike last year, actually has features for the iPad — should mean a healthier ecosystem. But the 2% revenue growth implies that the vast majority of growth in the iPads sold this quarter occurred because of the new entry-level model, which doesn’t have the power, features, or price of the recently-updated Pro models. Drang says that this might indicate that developers of higher-end apps might not find this price-conscious shopping very encouraging, but I think there might be a longer-term halo effect created by the entry-level model. It doesn’t have the performance or features of the Pro models, but I think its refinement together with the features in iOS 11 might drive people to exploring higher-end options.

  1. For comparison (PDF), the iPhone grew 2% in units but 3% in revenue compared to this time last year, and the Mac grew just 1% in units, but 7% in revenue. ↥︎

Amber Rudd’s Ruddy Dumb Case Against Encryption

The Telegraph on Monday published an op-ed by Amber Rudd, the U.K.’s present Home Secretary, making the case for a way for investigators to be able to see encrypted data without somehow breaking the fundamental principles of encrypted data. It’s behind a paywall, but I’ll quote the salient paragraphs. And, after setting the stage with a couple-hundred words about terrorism, we get to the titular topic:

Encryption plays a fundamental role in protecting us all online. It is key to growing the digital economy, and delivering public services online. But, like many powerful technologies, encrypted services are used and abused by a small minority of people. The particular challenge is around so called “end-to-end” encryption, where even the service provider cannot see the content of a communication.

Rudd admits that it’s a very small minority who lean upon encryption to mask their criminal deeds. But that’s the case for lots of different technologies: a small minority of people use a telephone to plan a crime and, even though GCHQ was able to record all phone traffic, their overbearing surveillance was found to be illegal. A small minority of people burn physical evidence of a crime, but fire isn’t outlawed.

To be very clear – Government supports strong encryption and has no intention of banning end-to-end encryption.

That isn’t what Rudd has been threatening for months.

But the inability to gain access to encrypted data in specific and targeted instances – even with a warrant signed by a Secretary of State and a senior judge – is right now severely limiting our agencies’ ability to stop terrorist attacks and bring criminals to justice.

Again, there have always been ways for enterprising criminals to get around the interception of their communications: they can meet in person, or use coded phrases.

I know some will argue that it’s impossible to have both – that if a system is end-to-end encrypted then it’s impossible ever to access the communication. That might be true in theory.

No, that’s true in fact.

This is where things really start to break down for Rudd. She’s arguing here that providers of encrypted communications software can, somehow, intercept communications in a human-readable way without compromising the security of the system overall. Quite simply, that’s completely bunk.

But the reality is different. Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.

Why not have both? User experience and platform security are completely different fields and, generally, do not compete, so much as work together.

So this is not about asking the companies to break encryption or create so called “back doors”.

Yes it is. That’s exactly what Rudd is asking for — a way for authorized users to eavesdrop on encrypted communications without creating a security vulnerability:

So, there are options. But they rely on mature conversations between the tech companies and Government 
– and they must be confidential. The key point is that this is not about compromising wider security. It is about working together so we can find a way for our intelligence services, in very specific circumstances, to get more information on what serious criminals and terrorists are doing online.

Rudd, like so many others in similar positions, is going up against math and physics with hopes and dreams of back doors in encryption. It isn’t going to happen.

The responsibility for tackling this threat at every level lies with both governments and with industry. And we have a shared interest: we want to protect our citizens and we don’t want platforms being used to plan ways to do them harm.

But Rudd is okay with introducing vulnerabilities in different software packages used by billions of people around the world, including users in authoritarian regimes with leaders who are more interested in controlling the citizens they rule instead of protecting them. Creating a still-mythical way for a government to peer into a WhatsApp or iMessage conversation is inviting harm upon billions of people who rely upon reliably secured and encrypted communications — including Britons.

Ostensibly Anonymous Browsing Data Can Be Easily Exposed theguardian.com

Alex Hern, the Guardian (via Dave Pell):

“What would you think,” asked Svea Eckert, “if somebody showed up at your door saying: ‘Hey, I have your complete browsing history – every day, every hour, every minute, every click you did on the web for the last month’? How would you think we got it: some shady hacker? No. It was much easier: you can just buy it.”

Eckert, a journalist, paired up with data scientist Andreas Dewes to acquire personal user data and see what they could glean from it.

Presenting their findings at the Def Con hacking conference in Las Vegas, the pair revealed how they secured a database containing 3bn URLs from three million German users, spread over 9m different sites. Some were sparse users, with just a couple of dozen of sites visited in the 30-day period they examined, while others had tens of thousands of data points: the full record of their online lives.

While many have been worried about intrusive government surveillance — and rightfully so — private companies have also been sweeping up and sharing browsing data and purchasing history, with little practical oversight. The scale of the so-called “marketing technology landscape” has quietly but dramatically grown over the past seven years; I worry about how little most people outside the tech bubble seem to know about its growing tracking capabilities, and how hard it is to opt out of it.

Fact Checking Snopes on Its Own Claims of Being ‘Held Hostage’ by ‘A Vendor’ techdirt.com

Mike Masnick, Techdirt:

Last week, I (like probably many of you) saw the news that the famous (or infamous, depending on your viewpoint) fact checking website “Snopes” was crowdfunding on GoFundMe, saying that it needed to raise money as soon as possible, because “a vendor” refused to recognize that Snopes had terminated a contract and was holding the site “hostage.”

We had previously contracted with an outside vendor to provide certain services for Snopes.com. That contractual relationship ended earlier this year, but the vendor will not acknowledge the change in contractual status and continues to essentially hold the Snopes.com web site hostage. Although we maintain editorial control (for now), the vendor will not relinquish the site’s hosting to our control, so we cannot modify the site, develop it, or — most crucially — place advertising on it. The vendor continues to insert their own ads and has been withholding the advertising revenue from us.

[…]

The reality is that the story is hellishly complicated. Like, really, really complicated and messy. The paragraph above that Snopes used to describe the situation leaves out an awful lot of details necessary to understand what’s actually happening.

This is a fascinating and well-researched document of what, exactly, is going on with Snopes. One day, this saga will make for a terrific made-for-Netflix B-movie.

Apple in China

Bloomberg, last month:

Apple Inc. will establish its first data center in China to speed up services such as iCloud for local users and abide by laws that require global companies to store information within the country.

The new facility, which will be entirely driven by renewable energy, will be built and run in partnership with Guizhou on the Cloud Big Data, Apple said in a messaged statement. Apple aims to migrate Chinese users’ information, now stored elsewhere, to the new facility in coming months. The data center is part of a $1 billion investment by the iPhone maker in the province.

The data center was partly driven by new measures that bolster control over the collection and movement of Chinese users’ data, and can also grant the government unprecedented access to foreign companies’ technology. Forcing companies to store information within the country has already led some to tap cloud computing providers with more local server capacity.

Paul Mozur, New York Times:

China appears to have received help on Saturday from an unlikely source in its fight against tools that help users evade its Great Firewall of internet censorship: Apple.

Software made by foreign companies to help users skirt the country’s system of internet filters has vanished from Apple’s app store on the mainland.

For what it’s worth, VPN software assists users in maintaining security and privacy for all kinds of reasons, not just evade the Great Firewall. But, yes, VPNs do that as well and, for the purposes of this article, that’s a fair description.

In a statement, Apple noted that the Chinese government announced this year that all developers offering VPNs needed to obtain a government license. “We have been required to remove some VPN apps in China that do not meet the new regulations,” the company said. “These apps remain available in all other markets where they do business.”

John Gruber:

If Apple tugged on the “We refuse to remove these VPN apps from the App Store” thread, it would inextricably lead to their leaving the entire Chinese market. It’s easy to say “Apple shouldn’t have removed these apps.” It’s not so easy to say “Apple should pull out of China.” This is of course further complicated, politically, by the fact that the vast majority of Apple’s supply chain is in China.

Adam Jourdan and Pei Li, Reuters:

Some said the recent moves jarred with Apple’s stance in the United States last year, when it opposed an FBI court order to break into an iPhone of a gunman who fatally shot 14 people in San Bernardino in December 2015, with Cook saying it would be “bad for America”.

The U.S. firm’s gamble here is clear: making moves to appease Chinese censors may prompt criticism outside China, but the firm will hope that local consumers are rather less fazed.

Again, in the parlance of general news reporting, this is a fair summary. But the actual circumstances of the San Bernardino case were far more complex, with the FBI demanding Apple build and load onto that iPhone a version of iOS that would allow unlimited passcode guesses to facilitate decrypting the device. Doing so would set a precedent that Apple could write software on command to reduce users’ security, and create the possibility that the insecure software could be leaked.

Of course, that’s in the United States. In China, with a far more oppressive government to placate, Apple ought to have the same principled stance. By putting their infrastructure in China for Chinese users and acknowledging local legislation — however antithetical to their values it may be — Apple sets an impression that is positive towards the government there.

But where is Apple’s line? If China were to require all messaging services to be unencrypted,1 or prevent cloud data services from being encrypted, or implement an even stricter version of their already-aggressive cyber “sovereignty” law — would any of these situations encourage Apple begin to fight back? I would hope so, as all are damaging to users’ privacy, and run afoul of Apple’s principles. At some level of regulatory zeal, the security value of an iOS device must deteriorate to the point for Apple to see that users simply aren’t as protected as they ought to be. I hope that’s something that can be caught before it happens.

  1. WhatsApp, which encrypts all messages, was blocked last month, but the unencrypted WeChat app continues to function while being monitored. ↥︎