Pixel Envy

Written by Nick Heer.

Archive for December, 2018

Apple Will Build a New Campus in Austin

Earlier this year, Apple said that it would build a new campus somewhere in the United States. Axios reported at the time that it would not be in California or Texas. However, today, Apple has announced a billion-dollar campus to be built in Austin, along with new or expanded operations across the U.S.:

Apple’s newest Austin campus will be located less than a mile from its existing facilities. The 133-acre campus will initially accommodate 5,000 additional employees, with the capacity to grow to 15,000, and is expected to make Apple the largest private employer in Austin.

[…]

Apple plans to grow its employee base in regions across the United States over the next three years, expanding to over 1,000 employees in Seattle, San Diego and Culver City each, and adding hundreds of new jobs in Pittsburgh, New York, Boulder, Boston and Portland, Oregon. The company recently opened its newest office in Nashville, Tennessee and Apple’s Miami office is projected to double in size.

Ina Fried, Axios:

Apple is getting some incentives for the Austin expansion in the form of a $25 million grant from the state of Texas and what’s likely to be tens of millions of dollars in local property tax abatements. However, that’s a tiny fraction of what Amazon sought and got for its HQ2 moves in Virginia and New York. And Apple will still be providing fresh property tax revenue to the county.

This is a stark contrast to Amazon’s public request-for-proposal stunt, which resulted in cities across Canada and the United States grovelling to one of the world’s most valuable companies, with New York and Virginia ultimately giving it billions of tax dollars in the form of unearned incentives. It’s still not right — I mean, of course a company would try to build near its existing facilities — but it didn’t involve the same sort of nationwide adulation and, effectively, open bribery.

Google and Congress Botch an Opportunity

Casey Newton:

From time to time the entire technology press corps gets together on Twitter, spends several hours live-tweeting the same event, and then writes a series of blog posts about how nothing important happened. This event is known as a Congressional hearing, and today we witnessed our final one of the year.

After months of polite deferrals, Sundar Pichai finally went before Congress on Tuesday, and over the course of three and a half hours, said as little as possible. The hearing before the House Judiciary Committee was defined, as had been the Facebook hearings before it, by the widespread befuddlement of our lawmakers.

Shira Ovide, Bloomberg:

It would be helpful to start from the premise that Google (and Facebook) siphon more than enough information on people’s online actions and habits in the real world. Ask Google to commit to collecting data only if people explicitly agree. (The default is often the opposite; user information like people’s searches, their physical location over time and websites they visit are collected by Google unless people explicitly tell Google to stop.) Ask Google (and Apple) to commit to auditing the data collection of all the apps people download on Android phones and iPhones and demand to know whether they sell location information. Let’s change the conversation from what tech companies do to what they need to stop or start doing about personal information.

[…]

To be clear, I don’t want to repeat the false idea that members of Congress are old luddites who aren’t able or willing to understand how tech companies work. Some members of Congress asked great questions on Tuesday. Some of them did not. This format, however, does not feel like a good way to decide public policy. The thorny topic of the power of big technology companies deserves much better than this from all sides.

Charlie Warzel, Buzzfeed:

Google CEO Sundar Pichai’s three and a half hour testimony before the House Judiciary Committee today — and the problem with congressional tech executive hearings — is perhaps best encapsulated by his brief exchange with Texas Rep. Ted Poe.

“I have an iPhone,” Poe said, brandishing the device for all to see. “If I go and sit with my Democratic friends over there, does Google track my movement?”

Pichai began to reply, explaining that the answer to Poe’s question really depends on a bunch of smartphone minutiae — location services, app settings, privacy configurations, etc. But before he could finish, Poe cut him off. “It’s a ‘yes’ or ‘no’ question,” he bellowed. (It wasn’t.)

The exchange is an exemplar of the disconnect, the frustrations, and the pointlessness of the past year’s parade of tech executive hearings. Congress calls for Silicon Valley to have its day in the DC hot seat; then the day comes, and instead we find it’s a booster seat. Or an opportunity for congressional yelling. Or executive evasiveness. And in any case, nothing much is accomplished.

Take Poe’s question. Its topic — data privacy and location tracking — is important, but the wording was unartful, and it revealed, immediately, a poor understanding of the workings of the technology to which it referred. Conversely, Pichai’s answer seemed to purposefully ignore the spirit of the question, focusing on semantics instead of a reasonable answer. (For example: “While I don’t know the particulars of your device, yes, many Google apps track granular location information.”) The end result? Nothing worthwhile.

As usual for public performances like these, the most telling moments of Pichai’s testimony came in the form of what he did not say. For example, he didn’t give an explicit indicator of the status of the company’s work on a search engine specifically for users in China, only stating that it was “exploratory”. Virtually the entire running time of the hearing was characterized by members of Congress grandstanding on their issues of choice, rather than using their time to ask thoughtful questions.

A Touch of Touch

Included in the recently-released iOS 12.1.1 update are enhancements specifically for iPhone XR users. They can now change how long they must tap and hold on something for the Haptic Touch gesture to be invoked; and, iPhone XR users can now display the detailed view of a notification by touching and holding on one from the lock screen or Notification Centre.

Benjamin Mayo, 9to5Mac:

Prior to this release, a third-party developer could perfectly copy the Haptic Touch experience in their own apps by setting up a long press gesture recognizer, that concludes with a haptic vibration. However, now that users can adjust the duration in this new Haptic Touch menu, a third-party app will not be able to stay in sync with the user’s preferences.

The supported API for 3D Touch allows apps to inherit the exact same behavior (including changes to 3D Touch Sensitivity) as Apple’s 3D Touch implementations, but an analogous system for Haptic Touch does not currently exist. We’ll be on the lookout to see if Apple adds a formal Haptic Touch developer API in the future.

I get why the iPhone XR has an LCD display, a single camera, and uses aluminum instead of stainless steel — all of these attributes seem like reasonable differences compared to the X and the XS line. But withholding 3D Touch is a confusing compromise.

3D Touch is far from ideal. It is horribly inconsistent and undiscoverable. Even Apple can’t seem to decide what it should do uniquely, per the iOS HIG:

Don’t make peek the only way to perform item actions. Not every device supports peek and pop, and some people may turn off 3D Touch. Your app should provide other ways to trigger item actions in situations like these. For example, your app could mirror a peek’s quick actions in a view that appears while touching and holding an item.

It is worth asking: if the same action is invoked by using 3D Touch as it is when the user simply taps and holds, then what is the clear and direct intent of 3D Touch?

However, I think it’s a feature that is made worse by its exclusion on the iPhone XR, where it is sort of replaced with Haptic Touch. Haptic Touch is like 3D Touch, except for all of the ways in which it is not. It works for the flashlight and camera buttons on the lock screen, invokes a trackpad from the onscreen keyboard’s space bar, and, as mentioned earlier, on notification bubbles. But it does not work in every place 3D Touch does: an app’s icon on the home screen does not display a menu when the user touches and holds on it, and the peek and pop gestures are unseen. It also does not have a specific developer API, meaning that there’s no way to target it specifically.

Stranger still, Haptic Touch is a feature that Apple is uncharacteristically shy about. It is mentioned only once in the iPhone XR press release, and not at all in the iPhone user guide, iPhone XR marketing pages, or in its tech specs. Maybe that’s because it feels less clever, and more like a half-baked imitation. It’s the La Croix of 3D Touch.

All of this means that Haptic Touch is perhaps even less discoverable than 3D Touch, and has very little in common with it.

For whatever reason 3D Touch was eliminated from the iPhone XR, the current lineup of iPhone products is quite strange: it is obviously present on the flagship XS and XS Max models, but even the 7 and 8 models that Apple is still selling sport 3D Touch displays. And it’s not just the iPhone that has suffered from poor uptake of depth-sensing features: recent versions of WatchOS have scaled back its use of Force Touch, and the iPad has never received anything like 3D Touch, despite having some touch-and-hold features without haptic feedback.

I’ve long been a staunch defender of 3D Touch — I use its features all the time, and it now feels strange to me when an iPhone does not have it. I would rather see continued investment on that front to establish consist guidelines for its use, and make it a more obvious part of the system. But if 3D Touch is truly on its way out, it should be a clean kill across the board. A piecemeal approach with a similar-but-not-quite-the-same feature on just one product is a confusing distraction.

Super Micro Says Third-Party Review Found No Malicious Chips in Motherboards

Joseph Menn, Reuters:

Computer hardware maker Super Micro Computer Inc told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards.

In a letter to customers, the San Jose, California, company said it was not surprised by the result of the review it commissioned in October after a Bloomberg article reported that spies for the Chinese government had tainted Super Micro equipment to eavesdrop on its clients.

I am desperate for Bloomberg to address, in detail, how its “Big Hack” story came to be, why it was published after comprehensive denials by all parties involved, and how the resulting backlash was investigated. Of course, I don’t expect that story to ever be released. It seems much more likely to me that they’ll attempt a quiet correction or retraction, perhaps over the holidays.

The Equifax Breach Was Just as Infuriating and Dumb as You Thought

Dell Cameron, Gizmodo:

House Republicans spent 14 months investigating the 2017 Equifax breach only to reach the same conclusions that virtually everyone else with a brain did in the immediate aftermath of the company’s disclosure. The breach was “entirely preventable,” lawmakers found, and the credit reporting agency’s shit management did absolutely nothing to shield consumers from this mess.

Luckily for Equifax, the same lawmakers who helped produce a new report have managed to pass precisely zero laws that would deter future acts of negligence on this scale. The only recompense consumers have been offered is free credit freezes forever — a useful tool for the next time 147 million people minding their own business get screwed with their pants on.

Not only has there been little regulatory action taken against Equifax, its share price nearly recovered to its pre-breach level within a year. The company has few competitors, and even those companies aren’t true competitors so much as similarly-interested maintainers of the credit market.

A remaining avenue of compensation for victims would be to sue the company. So far, however, victories have been seen mostly in small claims courts, while Equifax’s lawyer argued that class action suits should be dismissed because they’re based on speculative identity theft arguments.

Amazon’s Sneaky Ads

Rolfe Winkler and Laura Stevens, Wall Street Journal (Twitter workaround):

Kima Nieves recently received two Aveeno bath-time sets and a box of Huggies diapers through her baby registry on Amazon. The only problem? The new mother didn’t ask for the products, or even want them.

Instead, Johnson & Johnson and Kimberly-Clark Corp. each paid Amazon.com Inc. hefty sums to place those sponsored products onto Ms. Nieves’s and other consumers’ baby registries. The ads look identical to the rest of the listed products in the registry, except for a small gray “Sponsored” tag. Unsuspecting friends and family clicked on the ads and purchased the items, assuming Ms. Nieves had chosen them.

[…]

The Federal Trade Commission requires that native ads be labeled clearly and prominently—such as in easy-to-read fonts, distinguishable colors and contrasting shades—to avoid deceiving consumers. The agency has pressed search engines to more clearly highlight the ads in their search results with brighter colors.

Ads like these appearing in someone else’s list are undeniably deceptive, but even the ads that appear in an Amazon search query are similarly sneaky. I’ve uploaded a full-sized screenshot of a search I did for “board games”, and you can see just how easily the ad listings blend in with regular search listings.

I’m totally fine with Amazon displaying ads, even in search listings or in registries, so long as they are clearly and visibly advertisements. Like asking for location data, advertising should be blatant and transparent. It shouldn’t be a shameful attribute of a website.

Third-Party Apps on iOS and Android Share Granular Location Data With Advertisers and Hedge Funds

Jennifer Valentino-DeVries, Natasha Singer, Michael H. Keller and Aaron Krolik of the New York Times analyzed dozens of apps and their privacy policies, as well as a location database of a million phones solely in the New York area:

At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found. Several of those businesses claim to track up to 200 million mobile devices in the United States — about half those in use last year. The database reviewed by The Times — a sample of information gathered in 2017 and held by one company — reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.

[…]

Businesses say their interest is in the patterns, not the identities, that the data reveals about consumers. They note that the information apps collect is tied not to someone’s name or phone number but to a unique ID. But those with access to the raw data — including employees or clients — could still identify a person without consent. They could follow someone they knew, by pinpointing a phone that regularly spent time at that person’s home address. Or, working in reverse, they could attach a name to an anonymous dot, by seeing where the device spent nights and using public records to figure out who lived there.

Many location companies say that when phone users enable location services, their data is fair game. But, The Times found, the explanations people see when prompted to give permission are often incomplete or misleading. An app may tell users that granting access to their location will help them get traffic information, but not mention that the data will be shared and sold. That disclosure is often buried in a vague privacy policy.

Nicole Nguyen of Buzzfeed in May:

Apple and Google’s policies prohibit sharing or selling user data with third parties unrelated to improving the app experience or displaying ads in the app.

In emailed statements to BuzzFeed News, an Apple spokesperson wrote that “immediate action” is taken on policy violators, while a Google representative said, “We have policies that disallow apps in Google Play that are deceptive or misuse personal data, and we remove apps that violate our policies.”

But it’s easy for developers to evade detection. Trackers are tucked away in the app’s codebase, and developers can share user data outside of their apps by uploading it to a server.

This is the kind of thing I would expect Apple and Google to actively police in their app marketplaces, but there is a very difficult line to draw primarily because of companies like Google. My dream would be for developers to be outright banned from using location data other than for direct user tasks: checking the weather, looking at a map, location-based reminders, and so on. Perhaps Apple could implement something similar to Safari’s intelligent tracking prevention at the system level.

App developers should, at the very least, be required to be completely forthright in their permissions request dialogs. If a developer is scooping and selling user data, they should be able to defend that practice to users in language that they can understand; if they cannot, then perhaps that’s a practice they should cease.

A completely understandable yet indefensible reason for developers engaging in this is because users generally refuse to pay for apps. Good developers need to be financially supported with business models that we can understand and which do not compromise our fundamental privacy rights in such a callous and needless way.

Microsoft Building New Browser Based on Chromium

Brad Sams, Petri:

With the launch of Windows 10, Microsoft tried to build a new browser that was based on their Trident rendering engine that we now know as Edge. But the browser has failed at its objective, to create a Microsoft-built browser that could compete with the likes of Chrome and Firefox.

Because of their lack of momentum since the release of Windows 10, the company is announcing a significant change today, they are building a new browser that is based on Chromium. And the company is bringing the new browser to every platform: Windows 7, 8, 10 and even MacOS.

While the company is not commenting on any timeline for availability aside from a preview build in early 2019, the basics are this: it’s building a new version of Edge, based on Chromium, that will be updated at a cadence that is not tied to Windows updates. Further, this app will not be in the Microsoft Store and will be serviced outside of that platform.

Chromium is already the most popular rendering engine in terms of worldwide browser share on any platform. This decision only builds upon that dominance, and it could lead to more websites built just for Chromium.

It’s funny, though, that the new Internet Explorer really is going to be the new Internet Explorer.

Ron Johnson Interviewed on ‘Without Fail’

I listened to this episode of Alex Blumberg’s “Without Fail” podcast last night and it is an absolutely terrific interview with Ron Johnson, the former head of Apple’s retail division and the guy who effectively brought the concept of the Apple Store to life. Johnson is such an easy conversationalist and a good storyteller.

One thing I thought about while listening to it is just how successful these stores are. To date, Apple has closed only two without a logical replacement. They are often packed with people, and Apple still has one of the best buying and support experiences in the consumer technology space. I still believe that there are elements of the store that have suffered, but they’re still leaps and bounds better than what you get anywhere else.

Google Is Discontinuing Allo, One of Its Messaging Apps, in March

Matt Klainer of Google:

We want every single Android device to have a great default messaging experience. We’ve been working closely with the mobile industry to upgrade SMS so that people around the world can more easily enjoy group chats, share high-res photos, and get read receipts on any Android device. Thanks to partnerships with over 40 carriers and device makers, over 175 million of you are now using Messages, our messaging app for Android phones, every month.

[…]

Allo will continue to work through March 2019 and until then, you’ll be able to export all of your existing conversation history from the app — here are instructions on how to do so. We’ve learned a lot from Allo, particularly what’s possible when you incorporate machine learning features, like the Google Assistant, into messaging.

Google’s desire for a great default messaging experience on every Android device has seen them launch and kill several apps with no clear argument, definable strategy, or even a sense of which one they think users should actually use.

Facebook Bought WhatsApp After Seeing Its Growth Through Onavo VPN

Charlie Warzel and Ryan Mac, Buzzfeed:

In February 2014, Facebook purchased the messaging service WhatsApp for $19 billion. The acquisition price was staggering for an app that made little money and was largely popular outside the United States.

Now, newly published confidential Facebook emails and charts show exactly why CEO Mark Zuckerberg spent a small fortune for the messaging app. For months, the company had been tracking WhatsApp obsessively using Onavo, a VPN and data analytics app, whose data showed that the messaging app was not just a rising competitor, but a potential Facebook killer.

The overall unrestricted growth of Facebook — and, in particular, its purchases of Onavo, WhatsApp, and Instagram — should be regarded as one of the greatest failures to apply antitrust regulations in decades.

Facebook Knew Android Call-Scraping Would Be ‘High-Risk’

Russell Brandom, the Verge:

In March, many Android users were shocked to discover that Facebook had been collecting a record of their call and SMS history, as revealed by the company’s data download tool. Now, internal emails released by the UK Parliament show how the decision was made internally. According to the emails, developers knew the data was sensitive, but they still pushed to collect it as a way of expanding Facebook’s reach.

The emails show Facebook’s growth team looking to call log data as a way to improve Facebook’s algorithms as well as to locate new contacts through the “People You May Know” feature. Notably, the project manager recognized it as “a pretty high-risk thing to do from a PR perspective,” but that risk seems to have been overwhelmed by the potential user growth.

The key message here is that Facebook is only concerned about how it looks publicly — not the reasons why it would be negatively received. They don’t care that asking Android users for permission to read and upload logs of their phone calls and text messages is a profoundly creepy thing to do. They care that, when it is reported, there are talking points ready to go.

Furthermore, according to these emails, Facebook’s developers worked to remove the part where the app has to ask for users’ permission to read their call logs. They figured out a way to simply take it.

Facebook has made a series of disturbing choices unparalleled by any of its competitors. When they’re not mining individual users’ phones for details they can use to feed their advertising and user retention figures, they mislead users to download VPN software that helps Facebook know which apps are popular so that they can either buy or copy them. They also track web browsing activity, retain non-users’ contact details, and unfairly monopolize the web in developing nations. Oh, and they’ve been a contributing force in escalating violence and even genocide in Myanmar, Sri Lanka, the Philippines, and India.

To blame one company with a few websites and apps for so many of the world’s woes seems out of scale; however, it is not inaccurate — and perhaps that level of control and dominance is the most terrifying aspect of all. I can’t make the argument that Facebook ought to be shut down. But what would we really lose if that happened?

The Enormous Life of Anthony Bourdain

Anthony Bourdain died six months ago Saturday, but it is, for me, one of those deaths that will always feel fresh. GQ has headlined this piece “The Last Curious Man” — I hope that isn’t the case. If anything, his death should, at the absolute least, inspire more people to do what he did. Explore. Eat. Learn. However you can, within whatever budget you have.

Kuo: AirPods Are Apple’s Most Successful Accessory Ever

Todd Haselton, CNBC:

[Ming-Chi Kuo], who has a track record of accurately predicting Apple product launches, said AirPods are Apple’s most popular accessory ever.

In the note, Kuo said Apple AirPods have the fastest growth momentum of any Apple product. Kuo estimates Apple will ship 26 million to 28 million AirPod units this year, up from 14 million to 16 million in 2017. Kuo also expects Apple to release a new version of AirPods next year with wireless charging that will help propel shipments to 50 million to 55 million units next year, 70 million to 80 million units in 2020 and 100 million to 110 million units in 2021.

On a purely anecdotal basis, this doesn’t surprise me in the slightest. I’ve seen AirPods in increasing ears, especially in the past year. I’ve been in New York for much of the past week and it seems like a third of each subway car at rush hour is wearing their AirPods.

Oddly, even though Kuo’s sources indicate an early 2019 AirPods update — meaning April or before, if Kuo is using Apple’s definition of “early” — he does not mention the AirPower. Those products seemed to go hand-in-glove, and releasing the case without the charging mat would not be a good sign for the announced AirPower product.

By the way, I’m thrilled that the AirPods seem like such a fantastic product. Would it be too much to ask for a version that fits my ears, too?

Update: Victoria Song of Gizmodo points to a patent filing that suggests my wishes may eventually come true:

The patent drawings showcase a design that can be “symmetric so the earbud can be worn interchangeably in either a left or right ear.” The biometric sensors would then be used to tell which earbud was in what ear and automatically adjust sound accordingly. There’s also mention of using foam to provide “constant force independent of ear size”—a departure from the all-plastic design of current AirPods. […]

Hallelujah.

Data for 100 Million Quora Users Compromised

Adam D’Angelo of Quora:

For approximately 100 million Quora users, the following information may have been compromised:

  • Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users

  • Public content and actions, e.g. questions, answers, comments, upvotes

  • Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)

A security breach is never a good thing, and the compromise of a hundred million users’ account details puts this up there with some of the biggest breaches.

However, I want to give kudos to Quora on three fronts. First, the response speed: they discovered this on Friday and we’re learning about it on Monday, shortly after they believe they fixed the flaw. Quick response times are rare in cases like this one, and they handled that well.

Second:

While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.

It is never a great thing then passwords are leaked in any form. But Quora did password security right by uniquely-salting and hashing them.

And third:

Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.

This is fantastic. Lazy programmers would simply replace user-identifying attributes on the frontend with anonymized versions and call it a day. Sincere kudos to their engineering team for doing anonymous posting the correct way.