Pixel Envy

Written by Nick Heer.

Archive for January, 2019

An Experiment in Blocking Use of Amazon, Apple, Facebook, Google, and Microsoft

Kashmir Hill, Gizmodo:

Maybe you’re in the camp of people who worry that these companies have too much access to our purchases, our movements, our social networks — and perhaps even our thoughts. Maybe you’re disturbed by the concentration of so much economic power in a handful of companies built on the West Coast’s [fault lines][fl]. Or maybe you want them to have less insight into your life so they have less sway over our society. But how? How do you reduce their power? Is it even possible?

The common retort to these concerns is that you should “just stop using their services.” So I decided to try.

In the first week, she tried blocking Amazon:

Amazon is not just an online store — that’s not even the hardest thing to cut out of my life. Its global empire also includes Amazon Web Services (AWS), the vast server network that provides the backbone for much of the internet, as well as Twitch.tv, the broadcasting behemoth that is the backbone of the online gaming industry, and Whole Foods, the organic backbone of the yuppie diet.

Keeping myself from walking into a Whole Foods is easy enough, but I also want to stop using any of Amazon’s digital services, from Amazon.com (and its damn app) to any other websites or apps that use AWS to host their content. To do that, I enlist the help of a technologist, Dhruv Mehrotra, who built me a custom VPN through which to route my internet requests. The VPN blocks any traffic to or from an IP address controlled by Amazon. I connect my computers and my phone to the VPN at all times, as well as all the connected devices in my home; it’s supposed to weed out every single digital thing that Amazon touches.

Ultimately, though, we found Amazon was too huge to conquer.

I think this is a fascinating project. I could give up Amazon’s online store for the rest of my life with little difficulty, but because the company’s long reach has gone largely unchecked, it’s now such an integral part of the internet that I don’t think it would be possible for me to forego everything that is dependent on their services. I find that pretty alarming.

How ‘Smart’ Technology Gets You to Continue Paying Long After Point of Sale

Matthew Braga, CBC News:

For consumers who are rightfully skeptical of how tech companies big and small are collecting, analyzing, and making money off their data — even in anonymized form — the sudden proliferation of these always-connected smart devices is concerning. But there’s a reason that everything from televisions to cars are suddenly getting smarter.

For consumers wondering why it might feel increasingly harder to buy something dumb or disconnected, the reason is partly technical. Some of the products users enjoy today wouldn’t be possible — or, as good — without a connection to the internet.

But it’s also about money. With product margins thinner than ever, more companies are either re-building their old hardware businesses around online subscriptions, or monetizing data from people who are using their products for free.

This makes complete sense to me as a justification for why Bluetooth and NFC chips are appearing in seemingly every household object. However, I feel like Braga’s article is less effective than it could be primarily because of its lede:

A common criticism of virtual assistants like Siri, Alexa, and Google Assistant is that they are always on, always listening, and always connected to the internet. It’s the only way they work.

This is what I meant when I linked to an excellent Axios piece about how it’s inaccurate to discuss “tech giants” in a monolithic way. Braga writes about Siri in the same breath as Alexa and Google’s Assistant, but doesn’t mention it at all throughout the rest of the piece, nor how Apple’s approach is different than the others. As suggested by the large quote above, Apple’s subscription-based products are becoming an increasingly important part of its business, but the concerns about privacy and data selling do not apply to the same degree that they do for Amazon, Google, or Facebook. I’m not defending Apple because they’re Apple and I am either being paid, or am on a favourable PR list or something — I am neither. I just think it’s important to be clear about how these tech companies are different. This article would have been so much more effective if it pointed out that Siri and Alexa appear to do similar things in similar ways, but are vastly different behind the scenes, but that discussion just isn’t there.

Comcast’s NBCUniversal to Launch Streaming Service

Kenneth Li and Sonam Rai, Reuters:

Comcast’s NBCUniversal will launch a streaming media service in early 2020 under a pricing model that seeks to mollify traditional pay TV providers while going after a market dominated by Netflix Inc and Amazon.com Inc.

The advertising-supported service, announced on Monday, will be available at no cost to NBCUniversal’s pay TV subscribers in the United States and eventually across the globe.

Who could have seen that, without net neutrality laws, Comcast would seek to use its dominant position in the low-competition internet service provider market to unfairly prioritize media assets it acquired in a way that other streaming services cannot because they are not owned by a major broadband provider?

Oh, right:

Consider that Comcast is working on a Netflix competitor, and that they also own NBCUniversal. It’s not hard to imagine an environment in which Comcast charges Netflix an extremely high rate to carry NBCUniversal TV shows and movies while also requiring Netflix to pay to be in their “fast lane” of internet service.

Comcast could also conceivably offer their streaming service at a reduced rate, or not count it against monthly bandwidth caps. In 2014, Kate Cox of the Consumerist reported that there were plenty of well-populated regions in the United States where Comcast had no broadband competition. As of last year, around 78% of Americans had a choice of zero or one provider for broadband of 25 Mbps or higher. In regions where Comcast is the only option, they could choose to offer NBC and MSNBC at a reduced rate on the web, but charge higher prices to view CNN or Fox News. If you didn’t like this, you could lodge an FTC complaint; but, as long as your ISP were being transparent about these practices, it wouldn’t be deceptive and may not even necessarily be predatory.

I’m not so deluded to think that I was the only one to foresee this, of course; a move like this one was clear to anyone who watched Comcast’s takeover of NBC Universal. The FCC required Comcast to abide by dozens of unique rules as a condition of their acquisition of NBC Universal, but those rules expired last year. To be clear: there is no evidence that Comcast is charging Netflix a newly-increased rate to carry its service at the same speed as, say, Hulu, but they will implicitly charge subscribers more to use Netflix than their own service.

Google Fined For GDPR Violation by French Data Protection Watchdog

Alex Hern, the Guardian:

The French data protection watchdog CNIL has fined Google a record €50m (£44m) for failing to provide users with transparent and understandable information on its data use policies.

For the first time, the company was fined using new terms laid out in the pan-European general data protection regulation. The maximum fine for large companies under the new law is 4% of annual turnover, meaning the theoretical maximum fine for Google is almost €4bn.

The fine was levied, CNIL said, because Google made it too difficult for users to find essential information, “such as the data-processing purposes, the data storage periods or the categories of personal data used for the ads personalisation”, by splitting them across multiple documents, help pages and settings screens.

That lack of clarity meant that users were effectively unable to exercise their right to opt out of data-processing for personalisation of ads.

Laws like these are no good without enforcement, so this fine is important if for no other reason than to reiterate that the E.U. intends to follow through. But, much like the fines being considered for Facebook in the United States, this is a relatively small fine for a company like Google. I’m not necessarily saying that this fine should have been larger; it is a first offence under this law, after all.

Also, I sincerely hope CNIL next goes after Criteo, a major French adtech firm. Navigating its website past the homepage automatically opts users into receiving cookies for highly-relevant retargeting purposes, which is prohibited under GDPR, and opt-out settings are buried in the website’s privacy policy.

FTC Close to Ending Its Facebook Investigation

Cecilia Kang, New York Times:

The Federal Trade Commission is in the advanced stages of its investigation into whether Facebook violated privacy rules and is expected to seek large fines from the company, according to two people familiar with the inquiry.

[…]

The highest financial penalty imposed on a tech company was Google’s $22 million settlement in 2012 for privacy violations. In the December meeting, the commissioners discussed a higher fine for Facebook, the people said.

John D. McKinnon, Wall Street Journal:

The FTC has been probing whether Facebook violated terms of an earlier consent decree when data of tens of millions of its users was transferred to Cambridge Analytica, a data firm that did work for the campaign of President Trump.

News of the investigation’s status was first reported by Tony Romm and Elizabeth Dwoskin for the Washington Post.

So far in its current fiscal year, Facebook has made over $17 billion in profit before taxes. The company will announce its fourth quarter results at the end of the month; typically, that’s its biggest quarter. A fine of approximately the same size as was paid by Google is simply a business expense for a company with a bank account like Facebook’s. Hitting them hard in the pocketbook with a fine in the hundreds of millions of dollars might produce long-lasting change, but I’m not optimistic. There’s just too much money to be made when every data point collected on individuals has value, and there are few restrictions on how it may be acquired or used. This industry needs to be regulated.

How Secrecy Fuels Tech Paranoia

John Herrman, New York Times:

The biggest internet platforms are businesses built on asymmetric information. They know far more about their advertising, labor and commerce marketplaces than do any of the parties participating in them. We can guess, but can’t know, why we were shown a friend’s Facebook post about a divorce, instead of another’s about a child’s birth. We can theorize, but won’t be told, why YouTube thinks we want to see a right-wing polemic about Islam in Europe after watching a video about travel destinations in France. Everything that takes place within the platform kingdoms is enabled by systems we’re told must be kept private in order to function. We’re living in worlds governed by trade secrets. No wonder they’re making us all paranoid.

This was published a day after an op-ed in Wired theorized that the “2009 vs 2019” comparison really exists to teach artificial intelligence how human ageing works. I think that piece is utter nonsense, but I get where that sentiment comes from.

Jack Dorsey Has No Clue What He Wants

Ashley Feinberg of the Huffington Post interviewed Jack Dorsey recently, and came away with the titular conclusion:

In other words, the most the CEO of Twitter was able to tell me about specific steps being taken to solve the rampant, site-wide harassment problem that’s plagued the platform for years is that they’re looking into maybe making the report button a little bigger, eventually.

Or consider later, when I asked whether Trump tweeting an explicit call for murder would be grounds for removal. Just as he seemed about to answer what seemed like an easy question, he caught himself. “That would be a violent threat,” he started. “We’d definitely … You know we’re in constant communication with all governments around the world. So we’d certainly talk about it.”

They would certainly talk about it.

Feinberg’s question is, of course, questioning Twitter’s rules at their limits. But it’s baffling that something so clearly beyond the realm of what Twitter should support prompts such an uncertain and confused answer from Dorsey.

The rest of this interview is more of the same.

Pew: 74% of Facebook Users Have No Idea How Its Ads Work

Natasha Lomas, TechCrunch:

Pew found three-quarters (74%) of Facebook users did not know the social networking behemoth maintains a list of their interests and traits to target them with ads, only discovering this when researchers directed them to view their Facebook ad preferences page.

A majority (51%) of Facebook users also told Pew they were uncomfortable with Facebook compiling the information.

While more than a quarter (27%) said the ad preference listing Facebook had generated did not very or at all accurately represent them.

This is one reason why I think a legislative approach is critical to protecting user privacy. Users don’t know how these things work because Facebook buries the truth and its handful of privacy controls in abstruse language beneath layers of menus and controls. They have reached the size where there simply isn’t any incentive for them to be more transparent, and existing regulatory agencies are either unwilling or unable to take action.

Tim Cook’s Time Magazine Editorial on Privacy

Tim Cook in Time:

Meaningful, comprehensive federal privacy legislation should not only aim to put consumers in control of their data, it should also shine a light on actors trafficking in your data behind the scenes. Some state laws are looking to accomplish just that, but right now there is no federal standard protecting Americans from these practices. That’s why we believe the Federal Trade Commission should establish a data-broker clearinghouse, requiring all data brokers to register, enabling consumers to track the transactions that have bundled and sold their data from place to place, and giving users the power to delete their data on demand, freely, easily and online, once and for all.

Setting aside the actual point of this essay — which, by the way, is an excellent summary of why privacy legislation for user data is sorely needed — something that’s kind of interesting is how it reads in a very Tim Cook kind of way. Much as Steve Jobs had a unique voice in both his speaking and writing, so, too, does Cook. It doesn’t feel like it’s an essay produced by some copywriter to which Cook’s name is later affixed; it’s clear to me that this is something that truly matters to him, and which he probably wrote himself.

Nilay Patel linked to the essay on Twitter and attached a screenshot of the top apps in the App Store, clarifying in a reply:

The iPhone’s value is built on these services. Pushing for a law is great, but it is telling that they won’t use their own platform dominance to forbid these practices.

“These services” refers to apps like Gmail and Instagram, both of which are run by companies that show virtually no respect for users’ privacy. This seems to come up frequently in conversations about Apple, and it’s something lots of people mention, so I don’t mean to single out Patel here. But I think it’s a horribly lazy take.

Can you imagine the scale of the shit fit that would be thrown if Apple completely prohibited apps from Google and Facebook in the App Store? Not just from users, either: tech publications, mainstream newspapers, and regulators would be apoplectic, given the obvious antitrust questions that would likely be provoked by this kind of power move.

For what it’s worth, Apple has strict guidelines on the collection and use of users’ data. These rules require that developers collect opt-in permission, prohibit apps from requiring personal data unless it’s necessary for the app’s core functionality, and encourage minimization of data collection overall. That’s not to say the company is perfect. For example, you cannot post photos to an Instagram story if you’ve denied microphone access to Instagram, despite Apple’s developer guidelines using basically this scenario as a prohibited example. I wish Apple were stricter in enforcing the rules they already have, but their reluctance to create a PR and antitrust catastrophe is understandable.

In general, however, enforcement of online privacy should not be Apple’s job. Cook is right in stating that this should be dealt with in policy, not on individual companies’ terms. Frankly, Apple’s ability to use privacy as a differentiating characteristic is embarrassing for the tech industry and its regulators. Users should not have to be wary of compromising their privacy or worried that they will lose control over their personal details every time they use a tech product, an app, or a website.

Website Subscriptions Are Not Dead

Colin Devroe (via Brent Simmons):

This isn’t the first nor the last article to cover the creation of the RSS standard, its rise to relative popularity with Google Reader, and its subsequent fall from popularity.

But the big point that many of these articles dismiss lightly or directly omit is that RSS is still used as the underpinnings of so many widely popular services today. Apple News, Google News, Flipboard (each with likely tens of millions of users or more) and many others use RSS it is just that people do not know it.

We should likely stop talking about RSS. We need to simply start calling RSS “Subscribing”. “Subscribe to my blog” is the only thing we need to say.

Most users don’t care about the underlying technology; Devroe is right in that sense. However, while RSS may be succeeding in developers’ terms, subscription options should be more visible for users — ideally at the system level. The kind of users who aren’t necessarily aware of the format aren’t going to poke around for software to read feeds with.

In regions where Apple News is available — the U.S., U.K., and Australia — iOS and MacOS will handle RSS subscriptions more-or-less gracefully. Elsewhere, however, the system just doesn’t know what to do with the feed URL if you do not have an RSS reader installed, and will offer to send you to the App Store to download a feed reader using a link that, as far as I can tell, doesn’t work.

Signal v. Noise Leaves Medium

David Heinemeier Hansson:

When we moved over, Medium was all about attracting big blogs and other publishers. This was going to be a new space for a new time where publishers could find a home. And it was. For a while.

These days Medium is focused on their membership offering, though. Trying to aggregate writing from many sources and sell a broad subscription on top of that. And it’s a neat model, and it’s wonderful to see Medium try something different. But it’s not for us, and it’s not for Signal v Noise.

[…]

That doesn’t mean we regret our time at Medium. Being on Medium helped propel some of our best writing to a whole new audience. But these days there’s less of a “what Medium is doing for us”, and a whole lot more of “what we’re doing for Medium”. It was a good time while it lasted, but good times are gone.

It was just a few years ago that a bunch of publications were enticed by Medium to migrate their websites; now, nearly all of them have left the platform. I say good riddance; if you take your writing seriously, you should have as much control over it as possible.1

Update: Manton Reece:

Medium.com was swinging in the wrong direction, especially with the change last year to no longer allow custom domain names. I think 2019 is going to be a great year for blogging.

I think so, too.


  1. This, by the way, is exactly why I have misgivings about video on the web. Any cheap hosting is good enough for a blog, and even moderately-priced hosting could work for a podcast. But hosting video files requires far more robust hosting and bandwidth; that’s why there’s basically only one hugely-popular video platform on the web. YouTube’s monopoly is not healthy for creators or the open web. ↩︎

In Europe, the New York Times Switched From Ad Exchanges to Direct Selling, and Grew Revenue

Jessica Davies, Digiday:

When the General Data Protection Regulation arrived last year, The New York Times didn’t take any chances.

The publisher blocked all open-exchange ad buying on its European pages, followed swiftly by behavioral targeting. Instead, NYT International focused on contextual and geographical targeting for programmatic guaranteed and private marketplace deals and has not seen ad revenues drop as a result, according to Jean-Christophe Demarta, svp for global advertising at New York Times International.

[…]

The New York Times has 2.9 million paying digital subscribers globally, and 15 percent of the publisher’s digital news subscribers are from Europe. Digital advertising in Europe also remains an important revenue stream for the publisher. The publisher’s reader-revenue business model means it fiercely guards its readers’ user experience. Rather than bombard readers with consent notices or risk a clunky consent user experience, it decided to drop behavioral advertising entirely.

It’s worth noting that there are few web properties with the brand clout of the New York Times. Direct selling may not be a realistic solution for all websites — including, I should say, this one. There should be a more direct relationship between the publisher and the advertiser, while still preserving editorial independence. Where direct selling is not viable, ad exchanges should exist that carefully vet ads and are not dependent on behavioural targeting; the Deck was ahead of its time.

But this report demonstrates that third parties are still interested in buying advertising, even when they can’t have their adtech toys. That’s great news. Let’s have more of this.

Ajit Pai Refuses to Brief Lawmakers Over Phone-Tracking Scandal, Dubiously Blames Shutdown

Dell Cameron, Gizmodo:

In a letter to the FCC chairman last week, [Rep. Frank Pallone, Jr.] said it was paramount his committee investigate the matter at once and that it could not wait “until President Trump decides to reopen the government.” However, committee members said on Monday that Pai had declined to brief them citing the shutdown, while asserting (in Pallone’s words) that the matter was “not a threat to the safety of human life or property.”

Neither Pai nor his chief of staff, Matthew Berry, placed the call notifying Pallone’s office of his refusal, according to a senior Democratic aide, who said the news came instead from a lower-level staffer.

Pallone responded to Pai’s decision in a statement, saying, “There’s nothing in the law that should stop the Chairman personally from meeting about this serious threat that could allow criminals to track the location of police officers on patrol, victims of domestic abuse, or foreign adversaries to track military personnel on American soil.”

American telecom companies must be thrilled to have a key regulator who has no sense of urgency to do his job, nor any compulsion to hold their feet to the fire.

Apple Releases Smart Battery Cases for iPhone XS, XS Max, and XR

Last time Apple did a battery case, it only worked with the 4.7-inch iPhone 7. The battery life claims for this one on the two larger iPhone models, in particular, are ridiculous. Juli Clover, MacRumors:

Each case provides a varying amount of battery life depending on device. The iPhone XS Battery Case, when paired with the iPhone XS, offers up to 33 hours of talk time, up to 21 hours of internet use, and up to 25 hours of video playback.

The iPhone XS Max with the XS Max Smart Battery Case offers up to 37 hours of talk time, up to 20 hours of internet use, and up to 25 hours of video playback.

The iPhone XR with the XR Battery Case offers up to 39 hours of talk time, up to 22 hours of internet use, and up to 27 hours of video playback.

If you travel a lot, this might just be the quickest purchase you make. Curiously, the iPhone X is not officially supported by the iPhone XS case; I wonder if it’s just a slight difference in the size of the camera cutout — which, I bet, would be trivial to work around — or if there’s some other compatibility roadblock.

Update: Rene Ritchie says that the iPhone X fits in the XS case, more or less, but there are mixed reports about its functionality.

DuckDuckGo Integrates Apple’s MapKit for Location Searches

DuckDuckGo’s press release:

We’re excited to announce that map and address-related searches on DuckDuckGo for mobile and desktop are now powered by Apple’s MapKit JS framework, giving you a valuable combination of mapping and privacy. As one of the first global companies using Apple MapKit JS, we can now offer users improved address searches, additional visual features, enhanced satellite imagery, and continually updated maps already in use on billions of Apple devices worldwide.

With this updated integration, Apple Maps are now available both embedded within our private search results for relevant queries, as well as available from the “Maps” tab on any search result page.

For years, the default choice for developers embedding a map on a website was to use one of Google’s. There have been a couple of alternatives — OpenStreetMap isn’t bad — but none seem like they could shake Google’s dominance quite like Apple’s MapKit JavaScript framework. It’s early days; Apple does not yet have a Maps website where users can easily create custom map embeds, for example. But, for developers, the MapKit framework is a viable choice. It looks great, the data quality really is getting better — albeit very slowly — and it respects users’ privacy.

It’s very cool to see DuckDuckGo as the first major implementation of this framework. I search the web almost exclusively with DuckDuckGo, but one area where it struggled for me was for business searches around me. Because I often forget that I even have a Maps app on my Mac, I would habitually load Google Maps. I should have to do that far less often now.

One thing I noticed is that, while DuckDuckGo’s integration makes use of MapKit everywhere, Apple Maps directions are only available when searching on iOS. I’m not sure if there’s a technical limitation involved; it appears that MapKit’s route API would work fine to return driving directions on the web. Perhaps it’s simply a case of DuckDuckGo not wishing to ask users for their precise location as a privacy measure. I get that, but offloading the task to Bing Maps, by default, for non-iOS users is kind of a clunky workaround.

Bear with me, but, speaking of Google Maps, what the hell happened to that website? At some point, basically everything became a click target, from businesses to neighbourhood names. But Google Maps has also retained the double-click-to-zoom gesture, so every time I try to zoom in, I invariably click on something, which causes that information panel I hid seconds prior to reappear with the hours for a business I don’t care about. In particularly dense cities, using Google Maps requires finding a ten-by-ten pixel square that miraculously does not contain a clickable object.

The only thing I use Google Maps for on a frequent basis is Street View, and they’ve even managed to make that worse. There are so many Photo Sphere images and indoor tours that overlap with Google’s own Street View. It’s a usability nightmare. I can’t imagine a typical Street View user wants to stumble into a grainy immobile snow globe submitted by someone with half their finger on the camera lens.

Update: I got two things wrong on this. The first is that the Directions button connects to Apple Maps on both iOS and MacOS; when I tried it this morning on my Mac, it only displayed the dropdown with options for Bing and other providers. Also, apparently, DuckDuckGo will prompt for a precise location for some queries — though I haven’t been able to trigger the location request dialog — so a reluctance to ask for location can’t be the reason they haven’t implemented the route API.

iTunes Movies and TV Shows Kremlinology

Call it whatever you like — good logic, Kremlinology, or wishful thinking — but this theory from MG Siegler, about the clumsily-named “iTunes Movies and TV Shows” feature coming to Samsung TVs, makes a whole lot of sense to me.

A quick, related thought: imagine Apple does introduce a Netflix-competitive streaming video subscription; and, perhaps, a news subscription, too. A user may well subscribe to both, plus Apple Music, iCloud, and — perhaps — be on the iPhone upgrade plan, too. That’s a lot of discrete monthly payments. A universal subscription that covers, at the very least, all of Apple’s services would be far more elegant; I’d love to see that.

Talking About Big Tech Monolithically Is Missing the Big, More Complex Picture

David McCabe and Scott Rosenberg, Axios:

For several years it has made sense, in some quarters, to lump together the tech giants — chiefly Google, Facebook, Apple, and Amazon, sometimes also including Netflix or Microsoft. But talking about “big tech” is beginning to offer diminishing returns.

[…]

As different pressures come to bear on each of these companies, they are likely to end up taking roads that differentiate them from their competitors — and make “big tech” less useful as an idea or a category.

A suspicion I’ve long harboured is that the bad actors in the tech industry make it much harder to trust any company. I know a few people who refuse to use Touch ID or Face ID on their devices because they’re convinced that their fingerprints and faces are being sent to Apple. The company is also increasingly focused on health, which makes some people skittish. And there’s a fair reason for that; users should be cautious about which companies they’re sharing their most personal details with.

Yet sales of in-home devices from Amazon and Google — with microphones and, in many cases, cameras — are up every year. User tracking is becoming more pervasive and difficult to avoid, and huge data brokers aggregate even more information but are not household names. In a survey last year, more people believe Amazon and Google care about user privacy than Apple. This situation is getting worse, not better, and it is eroding confidence that any part of the tech industry can be good.

The last time the tech industry was the subject of widespread worries about trust was in the wake of Edward Snowden’s NSA disclosures. This isn’t external; it can’t be smoothed over by denials or press releases bragging about how secure the databases are. This is internal, and it has effects throughout the industry on good actors and bad. But this discussion needs a greater level of specificity and nuance.

Sources Say Amazon Ring Home Security Videos Were Stored Unencrypted and Were Widely-Accessible Internally

Matt Drange and Reed Albergotti, reporting last month for the Information:

But former employees said that wasn’t always the case, and that when the Kiev office was launched, customer videos were widely shared there. It couldn’t be learned when Ring began to restrict this access. Ring’s terms of service don’t inform customers who opt in to the community watch feature that their videos are used for image-recognition research. Mr. Siminoff said he believed Ring’s disclosures to customers were sufficient.

Ring has had other issues with security. As The Information reported earlier this year, a software flaw allowed former users of shared accounts to continue to view doorbell video.

Ring has added additional security measures since being acquired by Amazon in April. Employees in Ukraine are no longer allowed to download and store videos on their computers, for example. An Amazon spokeswoman didn’t respond to questions about security measures, or what due diligence the company conducted prior to acquiring Ring.

Sam Biddle, reporting today for the Intercept:

At the time the Ukrainian access was provided, the video files were left unencrypted, the source said, because of Ring leadership’s “sense that encryption would make the company less valuable,” owing to the expense of implementing encryption and lost revenue opportunities due to restricted access. The Ukraine team was also provided with a corresponding database that linked each specific video file to corresponding specific Ring customers.

At the same time, the source said, Ring unnecessarily provided executives and engineers in the U.S. with highly privileged access to the company’s technical support video portal, allowing unfiltered, round-the-clock live feeds from some customer cameras, regardless of whether they needed access to this extremely sensitive data to do their jobs. For someone who’d been given this top-level access — comparable to Uber’s infamous “God mode” map that revealed the movements of all passengers — only a Ring customer’s email address was required to watch cameras from that person’s home. Although the source said they never personally witnessed any egregious abuses, they told The Intercept “if [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.” The source also recounted instances of Ring engineers “teasing each other about who they brought home” after romantic dates. Although the engineers in question were aware that they were being surveilled by their co-workers in real time, the source questioned whether their companions were similarly informed.

Davey Alba, of Buzzfeed, on Twitter:

We reported on Orlando PD’s use of Amazon Rekognition in October & discovered Orlando had made a deal with Ring to crowdsource footage from the app. When we asked, Amazon would not commit to keep the data generated by Ring and by Rekognition separate.

Let’s be charitable here: Amazon, at the very least, acquired a company with poor security practices that sells cameras for use inside customers’ homes.

I don’t have any “internet of things” devices — partly because I’m not really able to replace the thermostat or electrical outlets in my rented apartment, and partly because I don’t want to deal with more software updates. But the security and privacy concerns with these kinds of devices are very real, and should not be underestimated. Consumers should have the confidence that buying one of these products will not make their homes less secure or private in exchange for a marginal gain in efficiency.

After Vice Report, AT&T, T-Mobile, and Verizon Say Again They Will Stop Selling Location Data

Two days after Joseph Cox reported that the real-time location of virtually every phone in the United States could be bought with few restrictions, Hamza Shaban and Brian Fung are reporting for the Washington Post that three providers have said that they would stop selling customers’ location data to third parties:

AT&T had already suspended its data sharing agreements with a number of so-called “location aggregators” last year in light of a congressional probe finding that some of Verizon’s location data was being misused by prison officials to spy on innocent Americans. AT&T also said at the time it would be maintaining those of its agreements that provided clear consumer benefits, such as location sharing for roadside assistance services.

But AT&T’s announcement Thursday goes much further, pledging to terminate all of the remaining deals it had — even the ones that it said were actively helpful.

[…]

In characteristic fashion, T-Mobile chief executive John Legere tweeted Tuesday that his firm would be “completely ending location aggregator work” in March. Verizon said in a statement Thursday that it, too, was winding down its four remaining location-sharing agreements, which are all with roadside assistance services — after that, customers would have to give the company permission to share their data with roadside assistance firms. A Sprint spokeswoman didn’t immediately respond to a request for comment.

Legere said last year that T-Mobile would “not sell customer location data to shady middlemen” and promised to “wind down” agreements to share location data. In communications to U.S. Senator Ron Wyden, AT&T and Verizon also promised to stop selling location data last year. Without legislation and enforcement, I doubt shady practices like these will stop.