Pixel Envy

Written by Nick Heer.

Archive for July, 2018

The Bullshit Web

My home computer in 1998 had a 56K modem connected to our telephone line; we were allowed a maximum of thirty minutes of computer usage a day, because my parents — quite reasonably — did not want to have their telephone shut off for an evening at a time. I remember webpages loading slowly: ten to twenty seconds for a basic news article.

At the time, a few of my friends were getting cable internet. It was remarkable seeing the same pages load in just a few seconds, and I remember thinking about the kinds of the possibilities that would open up as the web kept getting faster.

And faster it got, of course. When I moved into my own apartment several years ago, I got to pick my plan and chose a massive fifty megabit per second broadband connection, which I have since upgraded.

So, with an internet connection faster than I could have thought possible in the late 1990s, what’s the score now? A story at the Hill took over nine seconds to load; at Politico, seventeen seconds; at CNN, over thirty seconds. This is the bullshit web.

But first, a short parenthetical: I’ve been writing posts in both long- and short-form about this stuff for a while, but I wanted to bring many threads together into a single document that may pretentiously be described as a theory of or, more practically, a guide to the bullshit web.

A second parenthetical: when I use the word “bullshit” in this article, it isn’t in a profane sense. It is much closer to Harry Frankfurt’s definition in “On Bullshit”:

It is just this lack of connection to a concern with truth — this indifference to how things really are — that I regard as of the essence of bullshit.

I also intend it to be used in much the same sense as the way it is used in David Graeber’s “On the Phenomenon of Bullshit Jobs”:

In the year 1930, John Maynard Keynes predicted that, by century’s end, technology would have advanced sufficiently that countries like Great Britain or the United States would have achieved a 15-hour work week. There’s every reason to believe he was right. In technological terms, we are quite capable of this. And yet it didn’t happen. Instead, technology has been marshaled, if anything, to figure out ways to make us all work more. In order to achieve this, jobs have had to be created that are, effectively, pointless. Huge swathes of people, in Europe and North America in particular, spend their entire working lives performing tasks they secretly believe do not really need to be performed. The moral and spiritual damage that comes from this situation is profound. It is a scar across our collective soul. Yet virtually no one talks about it.

[…]

These are what I propose to call ‘bullshit jobs’.

What is the equivalent on the web, then?

1

The average internet connection in the United States is about six times as fast as it was just ten years ago, but instead of making it faster to browse the same types of websites, we’re simply occupying that extra bandwidth with more stuff. Some of this stuff is amazing: in 2006, Apple added movies to the iTunes Store that were 640 × 480 pixels, but you can now stream movies in HD resolution and (pretend) 4K. These much higher speeds also allow us to see more detailed photos, and that’s very nice.

But a lot of the stuff we’re seeing is a pile-up of garbage on seemingly every major website that does nothing to make visitors happier — if anything, much of this stuff is deeply irritating and morally indefensible.

Take that CNN article, for example. Here’s what it contained when I loaded it:

  • Eleven web fonts, totalling 414 KB

  • Four stylesheets, totalling 315 KB

  • Twenty frames

  • Twenty-nine XML HTTP requests, totalling about 500 KB

  • Approximately one hundred scripts, totalling several megabytes — though it’s hard to pin down the number and actual size because some of the scripts are “beacons” that load after the page is technically finished downloading.

The vast majority of these resources are not directly related to the information on the page, and I’m including advertising. Many of the scripts that were loaded are purely for surveillance purposes: self-hosted analytics, of which there are several examples; various third-party analytics firms like Salesforce, Chartbeat, and Optimizely; and social network sharing widgets. They churn through CPU cycles and cause my six-year-old computer to cry out in pain and fury. I’m not asking much of it; I have opened a text-based document on the web.

In addition, pretty much any CNN article page includes an autoplaying video, a tactic which has allowed them to brag about having the highest number of video starts in their category. I have no access to ComScore’s Media Metrix statistics, so I don’t know exactly how many of those millions of video starts were stopped instantly by either the visitor frantically pressing every button in the player until it goes away or just closing the tab in desperation, but I suspect it’s approximately every single one of them. People really hate autoplaying video.

Also, have you noticed just how many websites desperately want you to sign up for their newsletter? While this is prevalent on so many news and blog websites, I’ve dragged them enough in this piece so far, so I’ll mix it up a bit: this is also super popular with retailers. From Barnes & Noble to Aritzia, Fluevog to Linus Bicycles, these things are seemingly everywhere. Get a nominal coupon in exchange for being sent an email you won’t read every day until forever — I don’t think so.

Finally, there are a bunch of elements that have become something of a standard with modern website design that, while not offensively intrusive, are often unnecessary. I appreciate great typography, but web fonts still load pretty slowly and cause the text to reflow midway through reading the first paragraph. And then there are those gigantic full-width header images that dominate the top of every page, as though every two-hundred-word article on a news site was the equivalent of a magazine feature.

So that’s the tip of the bullshit web. You know how building wider roads doesn’t improve commute times, as it simply encourages people to drive more? It’s that, but with bytes and bandwidth instead of cars and lanes.

2

As Graeber observed in his essay and book, bullshit jobs tend to spawn other bullshit jobs for which the sole function is a dependence on the existence of more senior bullshit jobs:

And these numbers do not even reflect on all those people whose job is to provide administrative, technical, or security support for these industries, or for that matter the whole host of ancillary industries (dog-washers, all-night pizza delivery) that only exist because everyone else is spending so much of their time working in all the other ones.

So, too, is the case with the bullshit web. The combination of huge images that serve little additional purpose than decoration, several scripts that track how far you scroll on a page, and dozens of scripts that are advertising related means that text-based webpages are now obese and torpid and excreting a casual contempt for visitors.

Given the assumption that any additional bandwidth offered to web developers will immediately be consumed, there seems to be just one possible solution, which is to reduce the amount of bytes that are transmitted. For some bizarre reason, this hasn’t happened on the main web, because it somehow makes more sense to create an exact copy of every page on their site that is expressly designed for speed. Welcome back, WAP — except, for some reason, this mobile-centric copy is entirely dependent on yet more bytes. This is the dumbfoundingly dumb premise of AMP.

Launched in February 2016, AMP is a collection of standard HTML elements and AMP-specific elements on a special ostensibly-lightweight page that needs an 80 kilobyte JavaScript file to load correctly. Let me explain: HTML5 allows custom elements like AMP’s <amp-img>, but will render them as <span> elements without any additional direction — provided, in AMP’s case, by its mandatory JavaScript file. This large script is also required by the AMP spec to be hotlinked from cdn.amp-project.org, which is a Google-owned domain. That makes an AMP website dependent on Google to display its basic markup, which is super weird for a platform as open as the web.

That belies the reason AMP has taken off. It isn’t necessarily because AMP pages are better for users, though that’s absolutely a consideration, but because Google wants it to be popular. When you search Google for anything remotely related to current events, you’ll see only AMP pages in the news carousel that sits above typical search results. You’ll also see AMP links crowding the first results page, too. Google has openly admitted that they promote AMP pages in their results and that the carousel is restricted to only AMP links on their mobile results page. They insist that this is because AMP pages are faster and, therefore, better for users, but that’s not a complete explanation for three reasons: AMP pages aren’t inherently faster than non-AMP pages, high-performing non-AMP pages are not mixed with AMP versions, and Google has a conflict of interest in promoting the format.

It seems ridiculous to argue that AMP pages aren’t actually faster than their plain HTML counterparts because it’s so easy to see these pages are actually very fast. And there’s a good reason for that. It isn’t that there’s some sort of special sauce that is being done with the AMP format, or some brilliant piece of programmatic rearchitecting. No, it’s just because AMP restricts the kinds of elements that can be used on a page and severely limits the scripts that can be used. That means that webpages can’t be littered with arbitrary and numerous tracking and advertiser scripts, and that, of course, leads to a dramatically faster page. A series of experiments by Tim Kadlec showed the effect of these limitations:

AMP’s biggest advantage isn’t the library — you can beat that on your own. It isn’t the AMP cache — you can get many of those optimizations through a good build script, and all of them through a decent CDN provider. That’s not to say there aren’t some really smart things happening in the AMP JS library or the cache — there are. It’s just not what makes the biggest difference from a performance perspective.

AMP’s biggest advantage is the restrictions it draws on how much stuff you can cram into a single page.

[…]

AMP’s restrictions mean less stuff. It’s a concession publishers are willing to make in exchange for the enhanced distribution Google provides, but that they hesitate to make for their canonical versions.

So: if you have a reasonably fast host and don’t litter your page with scripts, you, too, can have AMP-like results without creating a copy of your site dependent on Google and their slow crawl to gain control over the infrastructure of the web. But you can’t get into Google’s special promoted slots for AMP websites for reasons that are almost certainly driven by self-interest.

3

There is a cumulative effect of bullshit; its depth and breadth is especially profound. In isolation, the few seconds that it takes to load some extra piece of surveillance JavaScript isn’t much. Neither is the time it takes for a user to hide an email subscription box, or pause an autoplaying video. But these actions compound on a single webpage, and then again across multiple websites, and those seemingly-small time increments become a swirling miasma of frustration and pain.

It’s key to recognize, though, that this is a choice, a responsibility, and — ultimately — a matter of respect. Let us return to Graeber’s explanation of bullshit jobs, and his observation that we often experience fifteen-hour work weeks while at the office for forty. Much of the same is true on the web: there is the capability for pages to load in a second or two, but it has instead been used to spy on users’ browsing habits, make them miserable, and inundate them on other websites and in their inbox.

As for Frankfurt’s definition — that the essence of bullshit is an indifference to the way things really are — that’s manifested in the hand-wavey treatment of the actual problems of the web in favour of dishonest pseudo-solutions like AMP.

An actual solution recognizes that this bullshit is inexcusable. It is making the web a cumulatively awful place to be. Behind closed doors, those in the advertising and marketing industry can be pretty lucid about how much they also hate surveillance scripts and how awful they find these methods, while simultaneously encouraging their use. Meanwhile, users are increasingly taking matters into their own hands — the use of ad blockers is rising across the board, many of which also block tracking scripts and other disrespectful behaviours. Users are making that choice.

They shouldn’t have to. Better choices should be made by web developers to not ship this bullshit in the first place. We wouldn’t tolerate such intrusive behaviour more generally; why are we expected to find it acceptable on the web?

An honest web is one in which the overwhelming majority of the code and assets downloaded to a user’s computer are used in a page’s visual presentation, with nearly all the remainder used to define the semantic structure and associated metadata on the page. Bullshit — in the form of CPU-sucking surveillance, unnecessarily-interruptive elements, and behaviours that nobody responsible for a website would themselves find appealing as a visitor — is unwelcome and intolerable.

Death to the bullshit web.

When a Stranger Decides to Destroy Your Life

Kashmir Hill, Gizmodo:

But in September 2015, she was suddenly plunged into an American nightmare. She got a call at 6 a.m. one morning from a colleague at Re/Max telling her something terrible had been posted about her on the Re/Max Facebook page. [Monika Glennon] thought at first she meant that a client had left her a bad review, but it turned out to be much worse than that.

It was a link to a story about Glennon on She’s A Homewrecker, a site that exists for the sole purpose of shaming the alleged “other woman.” The author of the Homewrecker post claimed that she and her husband had used Glennon as their realtor and that everything was going great until one evening when she walked in on Glennon having sex with her husband on the floor of a home the couple had been scheduled to see. The unnamed woman went into graphic detail about the sex act and claimed she’d taken photos that she used to get everything from her husband in a divorce. The only photo she posted though was Glennon’s professional headshot, taken from her bio page on Re/Max’s site.

Glennon was horrified. The story was completely fabricated and she had no idea why someone would have written it. Someone on Facebook named Ryan Baxter had posted it to the Re/Max page; Baxter also went through Glennon’s Facebook friend list and sent it to her husband, family members, and many of her professional contacts.

This story comes in cyclical waves of fury and heartbreak.

iOS 12 Performance

Benjamin Mayo:

It’s sad that we ever got to a point where the keyboard can be shown 50% faster, but I’m thrilled to see these pain points addressed. It translates into meaningful, real-world, improvements. The overall reception to iOS 12 is going to be very positive because of it. It speaks volumes that performance is the first section on Apple’s iOS 12 features page.

When something in the UI is slow, even subtly, we notice it; when a lot of things are even a tiny bit slow, it can make using the OS feel tedious. Speed improvements like these go a long way to making iOS feel like a joy to use. I hope this continues to be a priority for every iOS release.

See Also: Designing Fluid Interfaces.

YouTube’s Poorer Performance in Non-Chrome Browsers

If you follow me on Twitter, you may have caught wind of my frustration a couple of weeks ago with YouTube’s universally slow pages and my inability to find a Safari extension to put me out of my misery. Well, turns out I’m not alone. Chris Peterson of Mozilla:

YouTube page load is 5x slower in Firefox and Edge than in Chrome because YouTube’s Polymer redesign relies on the deprecated Shadow DOM v0 API only implemented in Chrome. […]

YouTube serves a Shadow DOM polyfill to Firefox and Edge that is, unsurprisingly, slower than Chrome’s native implementation. On my laptop, initial page load takes 5 seconds with the polyfill vs 1 without. Subsequent page navigation perf is comparable.

This is hugely frustrating because there really is no alternative to YouTube. Peterson points to a Firefox extension which restores the older YouTube layout that does not require polyfills to work; but, for other browsers, the easiest method is to manually add a cookie.

Tom Warren of the Verge:

It’s the latest case of Google building and tuning its web services so they work better or only work in the company’s Chrome browser. Google Meet, Allo, YouTube TV, Google Earth, and YouTube Studio Beta have all blocked Microsoft Edge in the past, and Google Meet, Google Earth, and YouTube TV have all also been blocked if you use Firefox. Google even blocked its Google Maps service on Windows Phone years ago in a passive-aggressive move that it eventually reversed. It’s an ongoing problem that means Chrome is slowly turning into the next Internet Explorer 6.

The implication here seems to be that Google has built YouTube to run well specifically in Chrome because they want more people using their own browser, and that it’s somewhat anticompetitive in the vein of their blocking of other products on competing platforms. I get that angle, but I think it’s misapplied here. It seems more likely to me that Google just didn’t adequately test YouTube in non-Chrome browsers, probably because they’re less popular and maybe because they don’t care. It’s not malicious; it’s laziness bordering on incompetence.

Apple Releases Software Update to Address Throttling Bug on 2018 MacBook Pro Models

Owen Williams, writing for Vice:

Over the last few days we’ve seen outcry about Apple’s new MacBook Pro, which offers an optional top-end i9 processor, and how its performance is throttled to the point of parody as the laptop heats up over time.

Sparked by a video from YouTuber Dave Lee, who demonstrates that the only way to get Apple’s quoted performance from the MacBook Pro is by keeping it in a refrigerator, the outcry has been brutal.

I elected to take a wait-and-see approach to this apparent scandal, especially after word spread that Apple was investigating this with Lee. But some, like Williams this morning, decided that it would be easier to conclude that — as always — Apple’s obsession with thin and light products was largely to blame:

Apple’s insatiable thirst for thinner, which we can see across the iPhone and Mac, appears to have finally caught up with the company. Its new hardware is the most powerful yet, but the form factor betrays that on-paper performance, because the laptop’s form factor means it’s thermally constrained.

[…]

Outside of making the MacBook thicker — which is unheard of, for Apple — there’s little the company can do to solve this. This isn’t the only thermally constrained machine Apple builds, either. After years of silence, Apple admitted in 2017 that the top-end Mac Pro was stagnant because “[…] we designed ourselves into a bit of a thermal corner, if you will.”

For what it’s worth, each new iPhone has become thicker than its predecessor since the iPhone 6S; so, no, it would not be unheard-of for Apple. Especially egregious, though, is Williams’ assertion that there’s little that Apple can do to fix it.

Jason Snell, Six Colors:

After a week of controversy following the posting of a video that claimed the new 15-inch MacBook Pro could experience massive slowdowns, Apple on Tuesday acknowledged that the slowdowns exist — and that they’re caused by a bug in the thermal management software of all the 2018 MacBook Pro models. That bug has been fixed in a software update that Apple says it’s pushing out to all 2018 MacBook Pro users as of Tuesday morning.

This is the kind of thing you would expect Apple to catch before they shipped an expensive flagship product, but a week from identifying the bug to shipping a software fix seems fairly reasonable.

Williams’ article also — as usual for this kind of piece — blames Apple for the industry’s broader woes:

The pursuit of thinner, lighter laptops, a trend driven by Apple, coinciding with laptops replacing desktops as our primary devices means we have screwed ourselves out of performance — and it’s not going to get better anytime soon.

Apple may prioritize thin and light in their portable products, but that doesn’t make a trend. The industry following their lead does make a trend, but that’s the fault of those companies. If they thought that they would be constrained by the thermal envelope of thinner notebooks or that Apple was making a mistake in their priorities, they could have released different products. You can, of course, buy gaming laptops that are thicker and allow high-performance processors to run at their fullest potential, if that is your objective. But how many of those do you actually see people using in the real world, compared to those using MacBook Pro-like notebooks? In my experience, the latter dominates.

The Decline of the Declarative Online Status Indicator

I like this simple but profound observation from Casey Johnston, of the Outline, regarding Instagram’s online status indicator in its messaging section:

When status indicators were originally introduced — the listing of screen names and opening- and slamming-of-door sounds by people signing on and off and posting of away messages on AOL Instant Messenger, may it rest — and continued to proliferate on services like Gchat and Facebook’s chat feature, we were all still using computers. Sometimes we were on those computers; sometimes, we were living our lives and not on computers.

Smartphones do not, and have never, faced this dichotomy of existence. Anyone who has Instagram, by definition, has a smartphone. If you have a smartphone, you are online no matter where you are or what you are doing.

Johnston indicates that the online status indicator is dead, but I think that’s an exaggeration. Perhaps the declarative online status indicator is on the wane, but I think the inferred status indicator is on the rise. I grew up with IRC, AIM, and MSN Messenger, and explicitly declaring your online status — and, often, your mood and chat readiness — was a hallmark of those platforms and protocols. Facebook retained that format even before the site had chat functionality. And declarative status indicators still exist, to an extent — Slack has several defaults to choose from, like “out sick”, “in a meeting”, or “commuting”.1

These kinds of statuses have largely been replaced by a more inferred or suggested status, by way of things like read receipts. This isn’t entirely new; answering machines and voicemail have long played the role of a passive status indicator. Read receipts are a subtle indicator to the sender that the recipient is or has been online. But they aren’t perceived in the same way — users often report feeling ignored if they see that a message they’ve sent has been read, but not responded to, even if it’s likely that the recipient is simply busy.


  1. Statuses like these are how you know Slack is a serious business tool, not some goofy IRC-like chat room. ↩︎

Facebook Suspends Crimson Hexagon’s Access to User Data

Hannah Kuchler, Financial Times (this article may be behind a paywall):

Facebook has suspended Crimson Hexagon, as it investigates if the analytics firm violated any of the social network’s policies, including whether it harvested user data to build surveillance tools.

The social network said it does not yet have any evidence that the Boston-based company obtained Facebook or Instagram data improperly. Crimson Hexagon could not be reached for comment.

[…]

Crimson Hexagon describes itself as an artificial intelligence-powered consumer insights company for brand managers, marketers and executives. The company says it has the world’s largest library of public social data, including over one trillion posts.

Even though these are entirely public posts, it’s disconcerting to think that our offhand remarks and pictures of meals are seen as widgets to be collected by a creepy company to be resold as fodder for advertisers and marketers. Facebook users are already granting permission for Facebook to mine their online life in service of advertisers, of course, but this is a third-party company with whom data is not explicitly being shared for this purpose. I completely understand that public is public, and this information can be used this way legally and ethically. It’s still gross to think that the entire web is seen by companies like these solely as material to target ads.

DuckDuckGoogle

DuckDuckGo aired several anti-competitive grievances they had with Google in the wake of the latter’s record-setting E.U. antitrust decision. Among them was this nugget:

Google also owns http://duck.com and points it directly at Google search, which consistently confuses DuckDuckGo users.

DuckDuckGo was founded in 2008. According to a Security Trails domain record search, duck.com was transferred from Level 3 Communications/On2 Technologies to Google in November 2010, about a year after On2 was acquired by Google. I’m having a hard time understanding why Google would use this domain for this purpose for any reason other than to bully confused DuckDuckGo searchers, as it appears to have redirected to google.com ever since unlike, say, on2.com.

Update: Google is now showing an intermediate page that offers to redirect visitors to DuckDuckGo and provides some context about why they own the domain.

Allowing Customization of Default Apps on iOS

Dan Moren, Macworld:

For users, the benefits of choosing default apps is obvious. Right now if you tap a web link in most apps you get taken to Safari, regardless of whether you’d rather use Chrome or Firefox. The same for mail links: if you’d rather compose your messages in Outlook or Gmail, you have to jump through some hoops to make it happen.

Not everybody is going to switch to a third-party app if this happens. Most people probably are probably happy enough with the defaults. But for those folks who want a feature that Apple’s apps don’t currently have — like snoozing mail message alerts or sync between Chrome on iOS and your PC — the choice to use that app as the default should be available.

Since you can now remove Mail, in particular, from iOS, this seems like it should be a natural next step. If you tap on a mailto: link without Mail being installed any more, you get an error message telling you that no apps are installed that can handle that type of link. But that’s awkward, confusing, and only partially true — no apps are available because no other apps are allowed to register themselves as capable of handling mailto: links.

The amazing thing about iOS is that most system apps can easily be replaced without the need for setting a third-party app as the default. I never touch Apple’s weather app, and the only time I don’t use Fantastical to create appointments is when I tap on a data detector and Apple’s default sheet appears. But iOS would be a little better if Mail and Safari — and perhaps Maps and Camera, too — could be swapped out for third-party apps as the defaults for their data types.

Bringing Common UI Controls Nearer to the Bottom of the Screen

Theo Strauss (via Michael Tsai):

In most apps, it’s common to see a search bar up at the top of the screen. On social media platforms, such as Facebook, Instagram, LinkedIn, and even Snapchat, the search bar is at the top of almost every main screen. In transportation apps, that style is almost ubiquitous.

Why is this? Apple doesn’t suggest that a search bar sit towards the top of an app’s UI, nor does the HIG suggest that it should be persistent.

[…]

Lyft took a different approach with their search bar. Instead of a floating field up top, they added it to an overlay towards the bottom-mid section of the screen. This simple change made it more accessible for almost 100% of users.

This is also one of the reasons why I prefer using Apple’s Maps app over Google’s, despite better data in the latter.

Contra Strauss’ point that the HIG doesn’t say that the search bar should be at the top of the app, Apple does indicate that, by default, it’s often part of the navigation bar at the top, and so designers may feel that it’s more consistent across the system to place it there. But, as Lyft and Apple Maps demonstrate, it’s completely possible to place it wherever it ought to be.

I think there’s a deeper argument here for a more comprehensive adjustment to the way iOS, in particular, is designed. The layout of a typical app hasn’t really changed much since the first iPhone — from top to bottom: status bar, then navigation bar, then the main view, then a tab bar at the bottom. While that worked great on a 3.5-inch screen with an iPhone that easily fit in your hand, I don’t think that’s the case with today’s iPhones — and, if the rumour mill is correct, the smallest of this year’s models will be the size of the iPhone X.

Third-party app designers and Apple, alike, seem to understand this in the examples above, but too many of the default apps that set the standard are still designed for smaller displays. Worse still is a gesture like the one to invoke Control Centre on the iPhone X, which — in my right-handed use — requires shuffling the phone slightly downwards with my palm and fingers to allow my thumb to extend enough into the top-right corner of the display.

That Control Centre gesture feels like it’s from the past; Lyft and Maps feel like they’re bang up to date.

Apple Confirms 2018 MacBook Pro Keyboard’s Silicone Membrane is Designed to Protect the Mechanism From Debris

Joe Rossignol, MacRumors:

In an internal document distributed to Apple Authorized Service Providers, obtained by MacRumors from multiple reliable sources, Apple has confirmed that the third-generation keyboard on 2018 MacBook Pro models is equipped with a “membrane” to “prevent debris from entering the butterfly mechanism.”

John Gruber also heard separately from his sources that durability was part of the reason for this redesign.

Sam Lionheart of iFixit tested the new keyboard against debris:

Okay, now to the nitty-gritty testing. We pumped this keyboard full of particulates to test our ingress-proofing theory. We started with a fine, powdered paint additive to add a bit of color and enable finer tracking (thanks for the tip, Dan!). Lo and behold, the dust is safely sequestered at the edges of the membrane, leaving the mechanism fairly sheltered. The holes in the membrane allow the keycap clips to pass through, but are covered by the cap itself, blocking dust ingress. The previous-gen butterfly keys are far less protected, and are almost immediately flooded with our glowing granules. On the 2018 keyboard, with the addition of more particulate and some aggressive typing, the dust eventually penetrates under the sheltered clips, and gets on top of the switch — so the ingress-proofing isn’t foolproof just yet.

It sounds like it’s better than its predecessor, but I’d be more interested to know how this new keyboard compares to a pre-butterfly design in durability and reliability.

TechCrunch’s Report on Control Over iCloud Data in China

Jon Russell, TechCrunch:

The operator’s Tianyi cloud storage business unit has taken the reins for iCloud China, according to a WeChat post from China Telecom. The company agreed to a deal with Guizhou-Cloud Big Data (GCBD), the original partner that Apple signed on with when it first migrated the data earlier this year.

Apple’s transition of the data from its own U.S.-based servers to local servers on Chinese soil has raised significant concern among observers who worry that the change will grant the Chinese government easier access to sensitive information. Before a switch announced in January, all encryption keys for Chinese users were stored in the U.S., which meant authorities needed to go through the U.S. legal system to request access to information. Now the situation is based on Chinese courts and a gatekeeper that’s owned by the government.

Apple itself has said it was compelled to make the move in order to comply with Chinese authorities, and that hardly eases the mind.

GCBD is a provincially-owned company; Chinese iCloud users have, since earlier this year, had effectively a contract between themselves, Apple, and the Guizhou provincial government. Now, the federal government is taking over. See update below. Because there’s no due process or legal recourse in China that’s comparable to that of most other countries, it seems that the only way for Apple to protest this would be to turn off any of their user data services in the country.

Russell:

It’s ironic that the U.S. government has pursued Chinese telecom equipment maker ZTE on account of national security and suspected links to Chinese authorities, and yet one of America’s largest corporates is entrusting user data to a state-owned company in China.

Without debating the meaning of irony itself, I don’t think these situations are comparable. Without minimizing how bad this is for Chinese iCloud users, it is solely their data that is affected by this deal, not users from any other country. That is not to say that their data is worth any less or ought to be protected to a reduced degree, should it be legally permitted. The entirely different worry about ZTE’s devices and equipment is that they could perhaps pilfer data from users outside China and give it to the Chinese government.

Update: Russell’s post is based on a misunderstanding. Ben Lovejoy, 9to5Mac:

However, we understand this to be essentially nothing new. Apple has always stored encrypted blocks of data on third-party servers like Amazon Web Services, and in China Tianyi Cloud has long been one of these.

I have updated the headline to this piece to reflect this. My apologies for the mix-up. My criticism of the statement comparing iCloud in China to ZTE still stands, however.

Venmo Transactions Are Public By Default

Olivia Solon, the Guardian:

Anyone can track a Venmo user’s purchase history and glean a detailed profile – including their drug deals, eating habits and arguments – because the payment app lacks default privacy protections.

[…]

By accessing the data through a public application programming interface, Do Thi Duc was able to see the names of every user who hadn’t changed their settings to private, along with the dates of every transaction and the message sent with the payment. This allowed her to explore the lives of unsuspecting Venmo users and learn “an alarming amount about them”.

The default state for transactions when a user signs up to the app is “public”, which means they can be seen by anyone on the internet. Users can change this to “private” by navigating to the app’s settings, but it’s not clearly highlighted during sign-up.

Hang Do Thi Duc’s resulting work, Public By Default, is extraordinary. She has extrapolated fairly rich narratives from payment data alone. It’s worth checking out in full.

But let’s not waffle here: why was — and is — Venmo’s transaction data public? Sure, it doesn’t show the amounts, but who would have designed any payments system with a totally unauthenticated method to view anyone’s payment history? Isn’t that a base expectation of any finance-related system? Am I missing something here, or is this just unbelievably stupid of Venmo?

Triangulating and De-Anonymization

Olivia Solon, the Guardian:

Nameless New York taxi logs were compared with paparazzi shots at locations around the city to reveal that Bradley Cooper and Jessica Alba were bad tippers. In 2017 German researchers were able to identify people based on their “anonymous” web browsing patterns. This week University College London researchers showed how they could identify an individual Twitter user based on the metadata associated with their tweets, while the fitness tracking app Polar revealed the homes and in some cases names of soldiers and spies.

“It’s convenient to pretend it’s hard to re-identify people, but it’s easy. The kinds of things we did are the kinds of things that any first-year data science student could do,” said Vanessa Teague, one of the University of Melbourne researchers to reveal the flaws in the open health data.

[…]

“One of the failings of privacy law is it pushes too much responsibility on to the consumer in an environment where they are not well-equipped to understand the risks,” said [Anna Johnston, a director of consultancy Salinger Privacy]. “Much more legal responsibility should be pushed on to the custodians [of data, such as governments, researchers and companies].”

While we ought to try to inform ourselves about the privacy implications of the entirety of our online behaviour, I don’t think it’s possible for the vast majority of users to understand the depth of knowledge that advertising, analytics, and data brokerage companies have on each of us. We’ve often never heard of these companies, and we certainly haven’t explicitly consented to giving them any of our information.

It’s easy to say that users should be better educated, particularly for those with a vested interest in users’ ignorance. It absolves data collectors of the responsibility to get explicit permission, which users almost certainly won’t give. The incentives for data collectors are aligned with implied consent wherever possible, and then vague explanations beyond that point. Data collectors have insisted for decades that they can be trusted to self-regulate, but their behaviour in that time has repeatedly shown that they cannot — largely, it seems, because regulations are diametrically opposite to growth incentives.

Apple’s App Store Continues to Generate More Revenue for Developers Than Google Play

Sarah Perez, TechCrunch:

Apple’s App Store continues to outpace Google Play on revenue. In the first half of the year, the App Store generated nearly double the revenue of Google Play on half the downloads, according to a new report from Sensor Tower out today. In terms of dollars and cents, that’s $22.6 billion in worldwide gross app revenue on the App Store versus $11.8 billion for Google Play – or, 1.9 times more spent on the App Store compared with what was spent on Google Play.

[…]

The growth in spending can be partly attributed to subscription apps like Netflix, Tencent Video, and even Tinder, as has been previously reported.

[…]

Consumer spending on games grew 19.1 percent in the first half of 2018 to $26.6 billion across both stores, representing roughly 78 percent of the total spent ($16.3 billion on the App Store and $10.3 billion on Google Play). Honor of Kings from Tencent, Monster Strike from Mixi, and Fate/Grand Order from Sony Aniplex were the top grossing games across both stores.

This is a remarkable trend, especially when you consider that Sensor Tower has estimated that around 15 billion app downloads came from Apple’s App Store, compared to 36 billion from Google Play. On average, App Store downloads are worth about four-and-a-half times as much as Google Play downloads. That’s astounding.

Instapaper Has a New Owner, Same As the Last Owner, Kind Of

The Instapaper team:

Today, we’re announcing that Pinterest has entered into an agreement to transfer ownership of Instapaper to Instant Paper, Inc., a new company owned and operated by the same people who’ve been working on Instapaper since it was sold to betaworks by Marco Arment in 2013. The ownership transfer will occur after a 21 day waiting period designed to give our users fair notice about the change of control with respect to their personal information.

We want to emphasize that not much is changing for the Instapaper product outside the new ownership. The product will continue to be built and maintained by the same people who’ve been working on Instapaper for the past five years. We plan to continue offering a robust service that focuses on readers and the reading experience for the foreseeable future.

Alex Heath:

Some clarification from a Pinterest spokesperson: The two employees Pinterest brought on from the Instapaper acquisition will continue working at Pinterest and run Instapaper independently on the side. So sounds like Instapaper wasn’t really working out inside of Pinterest.

I don’t think it’s a great sign when a product is transferred from an official offering to something akin to a hobby.

iFixit Found a New Silicone Membrane in the Mid-2018 Macbook Pro’s Keyboard

Sam Lionheart of iFixit:

Here’s an inflammatory take for you: Apple’s new quieter keyboard is actually a silent scheme to fix their keyboard reliability issues. We’re in the middle of tearing down the newest MacBook Pro, but we’re too excited to hold this particular bit of news back:

Apple has cocooned their butterfly switches in a thin, silicone barrier.

This is a promising discovery.

The biggest lingering question for me is whether this keyboard is being swapped into repaired 2016 and 2017 MacBook Pros. If you get your MacBook Pro keyboard repaired over the next couple of months and notice any changes, let me know.

Update: Joe Rossingol, MacRumors:

When asked if Apple Stores and Apple Authorized Service Providers will be permitted to replace second-generation keyboards on 2016 and 2017 MacBook Pro models with the new third-generation keyboards, if necessary, Apple said, no, the third-generation keyboards are exclusive to the 2018 MacBook Pro.

I hope there’s a purely technical reason for this decision.

Apple Discontinues Photo Printing Service

In the giveth corner today are the new MacBook Pro models; in the taketh away corner is this news from Benjamin Mayo at 9to5Mac:

Apple is discontinuing its Photo Print Products service, which has been integrated into iPhoto since its launch in 2002. The service expanded from simple prints, to albums, photo books, and calendars. It stayed around on the Mac when iPhoto was replaced with the Photos app a couple of years ago, but the service never made the leap to iOS.

Later this year, Apple will stop offering the service altogether. A new message in macOS 10.13.6 Photos app says that final orders for Apple’s built-in service must be placed by September 30, 2018.

Via Michael Tsai, who linked to the Wirecutter’s roundup of the best photo book printing services:

If you have a Mac, don’t bother with Shutterfly. Apple’s own Photo Books service makes a better photo book with brighter images and more handsome layouts. If you’ve ever used the Photos app before, you’ll find the software familiar and easy to use — Apple also offers a detailed tutorial if you need help. Plus, unlike any of the other services, the colors will print on the page how they looked on your screen, including the cover. A master printer and Wirecutter’s photo and design editors all fawned over the Apple photo book for its spot-on colors, gorgeous layouts, and small design elements, such as page numbers, panoramic spreads, and a dust jacket that matches the cover.

Damn; this sucks.

For the past several years, I’ve created a book of photos for my parents to show them where I’ve travelled and what I’ve been up to. The books I’ve received have always been perfect and of the highest quality. I’ve ordered from other services in the past, and I’ve never found anything that was quite as good as Apple’s.