Pixel Envy

Written by Nick Heer.

Archive for October, 2018

Google Exposed Data of Half a Million Users Until March but Didn’t Disclose It Because They Feared ‘Regulatory Interest’

Douglas MacMillan and Robert MacMillan, Wall Street Journal:

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.

As part of its response to the incident, the Alphabet Inc. unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. and is widely seen as one of Google’s biggest failures.

A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.

Chief Executive Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, the people said.

That this disclosure wasn’t made until today — seven months after this breach was noticed — is unconscionable. But it is outrageous that the reason for not disclosing it in the first place was because they wanted to hide it from the law and that Pichai knew about it.

By the way, because Google tried so hard to make Google Plus work, it’s possible that your Google account — if you have one — is a Google Plus profile. You can disconnect it; Google calls it “downgrading”.

This is a fitting end to a bad product managed by people who were almost explicit in their intention for it to collect boatloads more information for advertisers.

Update: Brian McCullough:

Has anyone made this point yet? Pichai refused to testify to congress because he couldn’t. He would have either had to perjure himself or reveal this bug in real time before the committee.

I thought it was just strategic brilliance to let Facebook take all the heat. No, it was next level cowardice. One wonders if they really though they could whistle past the graveyard on this. In which case, also next level hubris.

Pichai is now scheduled to testify before Congress in November.

Update: Jack Wellborn:

I can’t help but think that by taking 7 months to publically disclose this breach, this incident makes Google seem somewhat hypocritical given their strict Project Zero policy to disclose vulnerabilities 90-days when patches aren’t released.

After a Year of Stories Confirming the Logical Consequences of Collecting All of Your Personal Information, Facebook Introduces an Always-Listening Assistant With a Video Camera

Nicole Nguyen, Buzzfeed:

Today, Facebook — which is still reeling from the fallout of the Cambridge Analytica data scandal and last month’s massive security breach — announced a voice-activated gadget with a screen, always-listening microphone, and camera designed for video chat called Facebook Portal. It’s like an Amazon Echo Show for Facebook Messenger.

There are two models: a small 10-inch Portal ($199) and a larger 15-inch Portal+ ($349), which can rotate to portrait or landscape orientations.

Saying a simple command, “Hey Portal,” and then the name of the person you’d like to call, starts a video chat. The camera has the ability to track people when they enter the room, and it can pan, widen, and zoom automatically. The devices also include the always-listening Alexa, Amazon’s voice assistant, and can be used to control smart home devices and offer weather information.

Nobody should buy this product. Moreover, it’s absurd that Facebook would think that now would be a terrific time to introduce an always-listening box with a camera — no matter how many reassuring bullet points they slap on a marketing webpage.

Apple Insiders Say Nobody Internally or at the FBI Knows What’s Going on With Bloomberg’s Story

John Paczkowski and Charlie Warzel, Buzzfeed:

Reached by BuzzFeed News multiple Apple sources — three of them very senior executives who work on the security and legal teams — said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them.

[…]

Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation — Bloomberg wrote that Apple “reported the incident to the FBI.” A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA or any government agency in regards to the incidents described in the Bloomberg report. This person’s purview and responsibilities are of such a high level that it’s unlikely they would not have been aware of government outreach.

Guy Faulconbridge and Joseph Menn, Reuters:

Apple’s recently retired general counsel, Bruce Sewell, told Reuters he called the FBI’s then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer Inc , a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips.

“I got on the phone with him personally and said, ‘Do you know anything about this?,” Sewell said of his conversation with Baker. “He said, ‘I’ve never heard of this, but give me 24 hours to make sure.’ He called me back 24 hours later and said ‘Nobody here knows what this story is about.’”

Reuters also reports that a division of GCHQ, Britain’s signals intelligence agency, does not presently doubt Apple and Amazon’s denials. Here’s the score so far:

  • Bloomberg is sticking by its reporting that modified circuit boards with potentially devastating security concerns were found by Apple and Amazon in servers of theirs supplied by and made for Supermicro. They also stand by the existence of cooperation between the tech companies and the FBI in an investigation that has been going on for years.

  • Apple and Amazon have both denied specific allegations in Bloomberg’s story, and have refuted its overall premise. Amazon’s chief information security officer and, now, Apple’s former senior-most legal counsel have put their names behind categorical denials of finding manipulated hardware in their data centres and having any knowledge of an FBI investigation, respectively.

  • Apple’s former legal representative has also said that a senior contact at the FBI told him that they didn’t know anything about this story.

  • British intelligence says that they believe Apple and Amazon’s statements at this time.

  • The U.S. administration has seized upon Bloomberg’s report to continue their campaign of criticism of the Chinese government.

That’s a lot of reputable organisations — and the American government — who have staked their credibility on widely varying accounts of the veracity of this story.

Update: Now the U.S. Department of Homeland Security is echoing the British viewpoint in support of the ostensibly affected companies’ statements, even while the Vice President is using Bloomberg’s report for political purposes.

Thinking About Bloomberg’s Report on Hardware Vulnerabilities in Servers Made in China

Jordan Robertson and Michael Riley of Bloomberg today published a startling report alleging that servers made in China for Supermicro and used by — amongst others — Apple, Amazon, and U.S. federal government agencies have been found to surreptitiously carry tiny chips, likely for backdoor access by the Chinese government, and installed without the knowledge of the companies through deep infiltration into the electronics supply chain. The report also states that individuals at Apple and Amazon discovered this several years ago, did not immediately make changes to their infrastructure, and are working with law enforcement and intelligence agencies, but none of this has been previously disclosed.

If these allegations are true, this would represent one of the most significant national security breaches in decades. Its effects could extend beyond current U.S. sanctions in place on Chinese-made electronic components to the entire electronics supply chain, the vast majority of which is based in China. It would also imply that massive amounts of Apple and Amazon customer data may have been at risk without public acknowledgement, though the report states that “[no] consumer data is known to have been stolen”.

Robertson and Riley:

As recently as 2016, according to DigiTimes, a news site specializing in supply chain research, Supermicro had three primary manufacturers constructing its motherboards, two headquartered in Taiwan and one in Shanghai. When such suppliers are choked with big orders, they sometimes parcel out work to subcontractors. In order to get further down the trail, U.S. spy agencies drew on the prodigious tools at their disposal. They sifted through communications intercepts, tapped informants in Taiwan and China, even tracked key individuals through their phones, according to the person briefed on evidence gathered during the probe. Eventually, that person says, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.

As the agents monitored interactions among Chinese officials, motherboard manufacturers, and middlemen, they glimpsed how the seeding process worked. In some cases, plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.

The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks, according to two people briefed on its activities. The existence of this group has never been revealed before, but one official says, “We’ve been tracking these guys for longer than we’d like to admit.” The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

These allegations are precise, comprehensive, and are clearly based on tremendous investigative reporting. However, the comments issued by Apple and Amazon have been uncharacteristically detailed as well.

Apple published their un-bylined responses to Bloomberg’s questions at various times throughout the reporting process:

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips.

This response unequivocally refutes specific allegations made in the Bloomberg report. This isn’t one of those stories where Apple’s PR team is being cagey or not commenting; they’re calling the story flat-out false. And the same is true for Amazon’s statement:

The article also claims that after learning of hardware modifications and malicious chips in Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This claim is similarly untrue. The first and most obvious reason is that we never found modified hardware or malicious chips in Elemental servers. Aside from that, we never found modified hardware or malicious chips in servers in any of our data centers. And, this notion that we sold off the hardware and datacenter in China to our partner Sinnet because we wanted to rid ourselves of SuperMicro servers is absurd. Sinnet had been running these data centers since we launched in China, they owned these data centers from the start, and the hardware we “sold” to them was a transfer-of-assets agreement mandated by new China regulations for non-Chinese cloud providers to continue to operate in China.

This statement was attributed to Steve Schmidt, Amazon’s chief information security officer and a former FBI section chief.

Supermicro and the Chinese government also issued denials of Bloomberg’s report. The cynical response is something like: of course these companies are denying an extremely sensitive report, whether because it’s embarrassing or due to a law enforcement requirement. But neither situation appears to be the case here. Apple confirmed in their statement that they are not under any sort of gag order that would prevent them from being able to comment on this.

Furthermore, Apple and Amazon are publicly-traded companies and, as a result, lying in public statements such as these would be an SEC violation. These aren’t the typical if-you-squint-it-could-be-seen-as-accurate statements that big companies’ PR teams typically release as damage control. They are wholesale rejections of key arguments in Bloomberg’s reporting: Bloomberg says that hardware modifications and malicious chips were found by Amazon and Apple in their servers; Amazon and Apple say that no hardware modifications or malicious chips were found in their servers. There’s not a lot of room for ambiguity.

This story has been rattling around my head all day today. My early thought was that perhaps the Bloomberg reporters did a Judith Miller. Maybe their government sources had a specific angle they wished to present to create a political case against China or in favour of further sanctions — or actions far more serious — and needed a credible third-party, like a news organization, to create a story like this. But Robertson and Riley’s seventeen sources include several individuals at Amazon and Apple with intimate knowledge of the apparent discovery of unauthorized hardware modifications, something they later confirmed in a statement to Alex Cranz of Gizmodo. This doesn’t seem likely.

Zack Whittaker in TechCrunch points to a couple of ways that these statements may technically be accurate, and how the reporting may be true as well:

Naturally, people are skeptical of this “spy chip” story. On one side you have Bloomberg’s decades-long stellar reputation and reporting acumen, a thoroughly researched story citing more than a dozen sources — some inside the government and out — and presenting enough evidence to present a convincing case.

On the other, the sources are anonymous — likely because the information they shared wasn’t theirs to share or it was classified, putting sources in risk of legal jeopardy. But that makes accountability difficult. No reporter wants to say “a source familiar with the matter” because it weakens the story. It’s the reason reporters will tag names to spokespeople or officials so that it holds the powers accountable for their words. And, the denials from the companies themselves — though transparently published in full by Bloomberg — are not bulletproof in outright rejection of the story’s claims. These statements go through legal counsel and are subject to government regulation. These statements become a counterbalance — turning the story from an evidence-based report into a “he said, she said” situation.

Indeed, Kieren McCarthy of the Register did a fine job parsing each company’s statements, albeit with his usual unique flair. But, though there is absolutely some wiggle-room in each denial, there are remarks made by each company that, were they found to be wrong, would be simple lies.

There are aspects of Robertson and Riley’s reporting that are consistent with previously-acknowledged problems and security concerns with Supermicro’s servers. Early last year, Amir Efrati of the Information reported that Apple was removing Supermicro’s servers from its data centres after a compromised firmware update the previous year. Robertson and Riley are reporting tonight that a Supermicro software update server was infiltrated in 2015; the same report also reiterates that Apple found hardware vulnerabilities on their servers.

This is a complicated story and apparently just the first in a series. My hope is that we’ll know more details soon, and a clearer picture of the truth will emerge. Right now, however, the credibility of a news organization and two trillion-dollar companies is on the line. But the nugget of this story — that outsourced and complex supply chains are prone to abuse due to bad actors and lack of oversight — is a known problem that isn’t taken anywhere near as seriously as it should be. In the garment industry, it’s at least partially responsible for deadly yet preventable incidents. In electronics, the prospect of compromised parts was once science fiction; it may now be reality.

Jason Koelber and Joseph Cox, Vice:

In 2005, the Pentagon warned in a report that outsourcing electronics manufacturing to China could become a problem for America, because of the risk of hardware “tampering.” America has largely lost the ability to create many of the electronics we use everyday — Donald Trump famously asked Apple CEO Tim Cook why the iPhone isn’t made in America, but it’s not clear that the United States is even capable of making iPhones in America at any sort of scale.

China’s cheap, skilled labor, manufacturing infrastructure, and vast rare Earth mineral-mining operations around the world have secured its spot as the high-tech manufacturing hub of the world. This of course has had many benefits for the United States and American companies, but it’s also a great risk.

There is a clear theoretical lesson in all of this, which is that monopolization of anything is extraordinarily risky and often self-destructive. Witness, for example, the ongoing debate over how much moderation power should be exerted by Facebook over posts made on the platform — it’s a difficult question to answer with any certainty in large part because it’s a decision that affects billions of users and a large chunk of worldwide communications. In the case of an apparently-compromised electronics supply chain with decades of highly-specialized knowledge and located in a country governed by an oppressive regime, any resolution is going to be painfully difficult. Outsourcing has deep flaws; even Bloomberg’s website is witness to that. Either manufacturing of these components becomes increasingly diversified or, more likely, far greater control and oversight is required by companies and end-client governments alike.

Mainstream Advertising is Still Showing Up on Conspiracy and Extremist Websites

Craig Timberg, Elizabeth Dwoskin and Andrew Ba Tran, Washington Post:

Jihadi rapists. Muslim invaders. Faked mass shootings. Pizzagate.

Somebody browsing highly partisan websites in recent weeks could have seen articles about all of these subjects — and on the same pages seen cheerful green ads for the Girl Scouts, bearing the slogan “Helping Girls Change the World!”

Such juxtapositions, documented by a Washington Post review of advertising on hundreds of websites, are more than simply jarring. They are products of online advertising systems that regularly put mainstream ads alongside content from the political fringes — and dollars in the pockets of those producing polarizing and politically charged headlines.

Because this is the Post, they use a rather mild description of the kind of horseshit they found mainstream advertisers implicitly supporting. Jeep, Hertz, and the Girl Scouts wouldn’t sponsor a Ku Klux Klan rally; if an ad agency supporting them put their banners up at an extremist’s event, they would be fired. Yet Google somehow has poor control over which websites may use AdSense, especially at the scale at which they operate:

Google says it does not serve ads on sites that feature hate speech, including bullying, harassment or content deemed derogatory or dangerous, and it prohibits publishers that misrepresent their identities. Last year, Google removed 320,000 publishers from the ad network for policy violations and blacklisted nearly 90,000 websites and 700,000 mobile apps, it said.

Those are huge numbers, but so are the numbers in their quarterly earnings report (PDF). I’m not suggesting that Google should be a non-profit, but they certainly can afford more moderators to review what websites are allowed to be in the AdSense program.

As it stands now, advertisers must manually blacklist websites and categories of sites that they don’t wish to see their ads on. If Steven Black’s hosts file is any guidance, that’s a lot of properties that must be blacklisted. Surely it would be more efficient for Google, instead, to quarantine every domain on that list that’s part of their AdSense program.

Update: The unwillingness for ad networks to be more judicious about where their ads may be used might have something to do with how hard it is for them to be held accountable by non-technical users. Think about how hard it is to know — without looking at a site’s markup — which ad network is supporting a website.

I imagine if every placement were required to have visible attribution, ad networks would be a lot more careful about which sites would be allowed. The first time “Powered by Google” appeared on some freelance propagandist’s website or a crank doctor’s bad advice on vaccinations, you know that users would notice.

MacOS Mojave Archaeology

“Uluroo” collected a series of examples of oddities and legacy support in MacOS. My favourite — other than the continued availability of a degauss function in Mojave — is their commentary on Dashboard:

Dashboard is still skeuomorphic. This surprises Uluroo a lot, given that iOS 7 killed skeuomorphism completely on the iPhone five years ago.

Many of Dashboard’s built-in widgets have a refreshingly retro, though inconsistent, aesthetic: Stocks, Dictionary, Weather, Calculator, Calendar, and more all look like they’ve gone untouched since the days of Scott Forstall. The World Clock widget’s second hand moves in the same way as a real clock, rather than moving in a smooth, uninterrupted motion like in iOS and watchOS. Apple still has a built-in “Tile Game” widget. Uluroo wonders if Dashboard will ever be updated to behave more like the Mac’s version of Control Center, or if Apple just doesn’t care much about it anymore.

The surprising thing, for me, about Dashboard is not that it continues to be skeuomorphic; it’s that it exists at all without a single update for years. What was once a top-line feature of Tiger has become abandonware.

(Via Michael Tsai.)

Increased Exclusivity Arrangements Correlates With the Reversal of a Downward Trend of File Sharing

Cam Cullen of Sandvine, a network management and analytics company:

In the first Global Internet Phenomena Report in 2011, file sharing was huge on fixed networks and tiny on mobile. In the Americas, for example, 52.01% of upstream traffic on fixed networks and 3.83% of all upstream mobile traffic was BitTorrent. In Europe, it was even more, with 59.68% of upstream on fixed and 17.03% on mobile. By 2015, those numbers had fallen significantly, with Americas being 26.83% on the upstream and Europe being 21.08% on just fixed networks. During the intervening year, traffic volume has grown drastically on the upstream, with more social sharing, video streaming, OTT messaging, and even gaming on it.

That trend appears to be reversing, especially outside of the Americas. In this edition of the Phenomena report, we will reveal how file sharing is back.

From the report (PDF):

We will talk quite a bit about video in this report, but it is important to highlight the diversity of video streaming traffic around the world. Although Netflix and YouTube are still the largest names in streaming (as you will see in the reports) there is an ever growing number of other streaming providers capturing consumer screen time.

This video diversity trend has led directly to the continued relevance of file sharing, which is still a major source of internet traffic. Consumers that cannot afford to subscribe to all of the different services turn to file sharing to get the latest content, even as governments attempt to shut down sharing sites.

At about $10 per month — give or take — per subscription, those costs begin to add up quickly, especially if users are only choosing a service or channel for one or two shows. This doesn’t seem realistic or sustainable as a long-term industry plan.

Vice News’ Interview With Tim Cook

Elle Reeve of Vice sat down with Tim Cook at Apple’s Grand Central Terminal store to discuss privacy, regulation, and the company’s decision to kick Alex Jones’ extremist fact-free fairy tales off its platforms. There’s one exchange I’d like to highlight, regarding Apple in China:

Reeve: In terms of privacy as a human right, does that apply to how you do business in China?

Cook: It absolutely does. Encryption, for us, is the same in every country in the world. We don’t design encryption […] for the U.S., and do it differently everywhere else. It’s the same. [So] if you send a message in China, it’s encrypted, [and] I can’t produce the content. I can’t produce it in the United States either. If you lock your phone in China, I can’t open it.

The thing in China that some people have confused is certain countries — and China is one of them — has a requirement that data from local citizens has to be kept in China. We worked with a Chinese company to provide iCloud. But the keys, which is the “key”, so to speak — pardon the pun — are ours.

Reeve: But haven’t they moved to China? Meaning: it’s much easier for the Chinese government to get to them.

Cook: Now, I wouldn’t get caught up in where’s the location of it?. I mean, we have servers located in many different countries in the world. They’re not easier to get data from being in one country versus the next. The key question is [sic]: how does the encryption process work? and who owns the keys, if anyone?. In most cases, for us, you and the receiver own the keys.

Apple’s executives are generally plainspoken and direct. Cook injects more corporate speak into his interview responses than, for example, Steve Jobs or Phil Schiller, but he still generally says what he means and avoids obfuscating. So it’s noticeable — and notable — when any Apple executive is cagey, as is the case here.

Cook’s response to Reeve’s second question sidesteps the comparative ease with which Chinese authorities can now demand access to users’ data because they no longer have to go through the stricter legal system of the United States. That appears to be a pretty significant concern to simply gloss over. Of similar concern is that the Chinese company that Apple partnered with to offer iCloud in the country is owned and operated by the Guizhou provincial government.

I don’t think it’s fair to say that Chinese users’ privacy is not subject to compromise. The actual method of encryption may not be any different or weaker than in other countries, but the requirement to store keys in the country behind weaker legal protections for users makes it, in practice, less strong. It is not a product of Apple’s own doing, and the only way they would be able to wipe their hands clean is to entirely discontinue iCloud and other internet services in China. I don’t know that it would be right — it’s likely that the replacement services chosen by users would be far worse for privacy — but it would mean that the company has no implicit connection to complying with a regime that has a piss-poor track record on human rights.

U.S. Justice Department Sues Hours After California Signs Strong Net Neutrality Law

Jazmine Ulloa, Los Angeles Times:

News that the governor signed the ambitious new law was swiftly met with an aggressive response from Justice Department officials, who announced soon afterward that they were suing California to block the regulations. The state law prohibits broadband and wireless companies from blocking, throttling or otherwise hindering access to internet content, and from favoring some websites over others by charging for faster speeds.

[…]

The bill’s August passage in the Legislature capped months of feuding between tech advocates and telecom industry lobbyists. Telecom giants such as AT&T and Verizon Communications poured millions into killing the legislation, while grass-roots activists fought back with crowdsourced funding and social media campaigns.

After Comcast and Verizon asked, the FCC was only too happy to prevent states from enacting their own net neutrality legislation. As far as I can tell, the DoJ hasn’t tried to block Washington’s similar law yet.

See Also: Jerri-Lynn Scofield’s summary and overview; Cecilia Kang’s reporting.

And Also: Karl Bode at TechDirt.

New Zealand Customs Authorities Can Now Demand Device Passwords, and May Copy and Review Data

Asha McLean, ZDNet:

The New Zealand Customs Service this week received new powers at the country’s borders, including the ability demand a password off a passenger to search their “electronic device”.

Customs officers have always been able to search a passenger’s laptop or phone, but the changes to the Customs and Excise Act 2018 now specifies that passengers must hand over their password.

[…]

Customs now also has the right to copy, in addition to review, the data stored on the device, and can also confiscate it to conduct a further search.

New Zealand isn’t the first place I’d think of as becoming a draconian country for visitors, but I was clearly myopic. If you’re travelling these days, it’s advisable — if you have the means — to travel with devices containing nothing more than their operating systems, and use a well-secured cloud service to store any files you might need while in transit, including your keychain. While New Zealand’s revised customs act does not permit them to download remote data, they could obtain a copy of your keychain which is typically encrypted with the same user account password you would have provided.

You can change your keychain password to be different if you wish, but you will likely need to reenter its password frequently, and it likely won’t protect you against legislation like this — but, alas, I am not a lawyer.

A Deep Exploration of the iPhone XS Camera System

Sebastiaan de With, writing on the Halide blog:

An iPhone XS will over- and underexpose the shot, get fast shots to freeze motion and retain sharpness across the frame and grab every best part of all these frames to create one image. That’s what you get out of the iPhone XS camera, and that’s what makes it so powerful at taking photos in situations where you usually lose details because of mixed light or strong contrast.

This isn’t the slight adjustment of Auto HDR on the iPhone X. This is a whole new look, a drastic departure from the “look” of every iPhone before it. In a sense, a whole new camera.

I don’t think this different look is a regression by any means — in fact, all of the photos I’ve seen from the iPhone XS indicate that this is a massive upgrade — but it is different. The rear cameras have large enough sensors and lenses that they are able to compensate for the higher noise created by faster shutter speeds through more intense noise reduction while preserving detail. When it comes to the front-facing camera’s much smaller sensor, though, it appears that the noise reduction is tuned to be a little more aggressive than expected, and it sounds like Apple is tweaking it.

One tip for RAW shooters:

To add insult to injury, iPhone XS sensor’s noise is just a bit stronger and more colorful than that of the iPhone X.

This isn’t the kind of noise we can easily remove in post-processing. This isn’t the gentle, film-like grain we previously saw in iPhone X and iPhone 8 RAW files.

As it stands today, if you shoot RAW with an iPhone XS, you need to go manual and under-expose. Otherwise you’ll end up with RAWs worse than Smart HDR JPEGs. All third-party camera apps are affected. Bizarrely, RAW files from the iPhone X are better than those from the iPhone XS.

With its bigger sensor, you should be able to get more detail out of an iPhone XS RAW image. But because this camera system is tuned to merge multiple exposures, it’s not quite as straightforward. This is a great piece for iPhone photographers.