Month: April 2019

Bloomberg Seemingly Botches a Report on Backdoors in Chinese-Made Equipment. This Is Not a Repeat From October 2018 theregister.co.uk

Daniele Lepido, Bloomberg:

Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone’s security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.

Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, the people said. The people asked not to be identified because the matter was confidential.

Tim Culpan doubled down on this in an editorial for Bloomberg, calling it a “smoking gun”:

Having Huawei, or its compatriot ZTE Corp., taken off the tender list reduces operators’ bargaining power even if they lean toward a Western option. That’s among the reasons we’ve seen telecom executives play down the risks and even defend Huawei. Money is a powerful incentive, and a penny saved is a penny earned.

Expect Huawei proponents and telecom operators to dismiss this revelation as an aberration that proves nothing. Huawei’s newly invigorated PR machine will whip into overdrive, and Chinese authorities will spin the report as propaganda. Meanwhile, Western politicians will crow “I told you so.”

However, on a purely technical level, this report may have grossly overstated the apparent “backdoor”. Gareth Corfield, the Register:

Unfortunately for Bloomberg, Vodafone had a far less alarming explanation for the “backdoor”.

“The ‘backdoor’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet,” said the telco in a statement to The Register, adding: “Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy’.”

It added: “The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei.”

Bloomberg owns Businessweek, which in October published that deeply problematic story about unauthorized chips apparently being found implanted on Supermicro servers made in China for Amazon and Apple. So far, that story has not stood up to scrutiny and has remained a permanent exclusive.

Maybe that was just a one-off. After all, today’s piece is from a different writer and Vodafone’s denial is not as comprehensive as the affected companies’ responses to the Businessweek story. But Bloomberg’s history of spurious allegations of Chinese espionage has poisoned the well. I’m not naïve; I know that China, like all big nations, is probably trying to spy on communications in any way it can, and its position as the “workshop of the world” gives it unique leverage. Even so, I simply don’t know how to trust Bloomberg’s reporting on such matters.

Yet Another Entry in the Canon of Wishful Pieces About Microsoft’s Design Team theverge.com

Tom Warren, the Verge:

These days, Microsoft is all about looking at the big picture — not just where one product needs to go, but how an entire ecosystem of products needs to ship, evolve, and work together over the coming years. While products in the past might have been developed in secret by separate teams, and ended up looking and feeling disparate because of it, Microsoft has scrapped that approach recently. It’s now adopted a philosophy called “open design” that’s about sharing ideas across the company, integrating products, and failing faster. The hope is that it will lead to a better combination of hardware and software that looks like it came from one company and is better for it, too.

Microsoft is a big fan of inviting journalists to chronicle their design team’s pursuit to unify the company’s notoriously disparate product lineups. Four years ago, Panos Panay made design consistency a big bullet point of the Surface strategy; two years ago, Microsoft gave a name to the design system that replaces the system formerly known as Metro. Metro itself, publicly branded Modern Design, was an attempt to unify Microsoft’s approach to design nearly ten years ago.

Yet, through all of these attempts at redesigning everything they make, Microsoft has somehow retained Settings panels in Windows 10 that, two levels deep, are basically the same as the panels in Windows 7; at three levels deep, they look exactly the same as the design language they used for Windows NT in the mid-to-late nineties. There seem to be few rules internally, and I think that reflects on third-party developers that seem to use whatever design language they feel like.

Every platform has cruft, and every redesign requires time to percolate — particularly when it’s applied across a software portfolio as gigantic as Microsoft’s. Articles like this one are a platform to show that the company’s teams are working, but it’s hard to believe that this time they’ll somehow make everything feel like it’s shipping from the same company. We’ve seen this movie before.

Overcast Adds Podcast Clip Sharing marco.org

Marco Arment:

With today’s 2019.4 update, you can now share audio or video clips, up to a minute each, from any public podcast. Simply tap the share button in the upper-right corner.

You can generate an audio clip, or portrait, landscape, or square video, using your current Overcast theme setting.

This is going to open up worlds for people. Many podcasts are an hour or two — or three — and that can be far too much investment for new listeners. Sharing just a clip is the audio equivalent of a blockquote. And because these things are generated as video clips by default, they work with Instagram and Twitter and all the other typical destinations for sharing. Brilliant.

Third-Party Parental Control Apps for iOS Devices Are Being Restricted nytimes.com

Jack Nicas, New York Times:

They all tell a similar story: They ran apps that helped people limit the time they and their children spent on iPhones. Then Apple created its own screen-time tracker. And then Apple made staying in business very, very difficult.

Over the past year, Apple has removed or restricted at least 11 of the 17 most downloaded screen-time and parental-control apps, according to an analysis by The New York Times and Sensor Tower, an app-data firm. Apple has also clamped down on a number of lesser-known apps.

In some cases, Apple forced companies to remove features that allowed parents to control their children’s devices or that blocked children’s access to certain apps and adult content. In other cases, it simply pulled the apps from its App Store.

The Times is eager to suggest anticompetitive behaviour by Apple, but I’m not so sure. Apps on iOS are sandboxed, which means that they’re highly restricted in how they may interact with other third-party apps on the system.

Sarah Perez first reported on Apple’s restrictions of parental control apps for TechCrunch in December:1

The impacted developers have been using a variety of methods to track screen time, as there has not been any official means of tracking this data. This included the use of background location, VPNs and MDM-based solutions, and sometimes a combination of methods.

[…]

Some of the developers, we understand, were told they were in violation of App Store developer guideline 2.5.4, which specifies when multitasking apps are allowed to use background location. Specifically, developers were told they were “misusing background location mode for purposes other than location-related features.”

Others were told their app violated developer guideline 2.5.1, which references using public APIs in an unapproved manner.

Combine this with a statement given by an Apple spokesperson to the Times that these apps are potential privacy violators, and I’m not surprised that they’re being restricted or even removed from the App Store.

What this reporting illustrates most of all is just how poor Apple’s communication with developers often continues to be. Case in point, from Nicas:

On Jan. 19, Mr. Ramasubbu received a message from Apple that said he had 30 days to change the Mobicip app or it would be removed from the App Store. “If you have any questions about this information, please reply to this message to let us know,” the note said. “Best regards, App Store Review.”

Over the next 27 days, Mr. Ramasubbu responded four times seeking more information. He eventually resubmitted the app with changes he hoped would satisfy Apple’s demands.

Then, with Mobicip’s deadline just a few days away, Apple responded three times to his earlier detailed questions — with virtually the same message: “Your app uses public A.P.I.s in an unapproved manner, which does not comply with guideline 2.5.1 of the App Store Review Guidelines.”

App Review should, at the very least, prevent rule breakers from getting into the App Store in the first place. They failed to do that by allowing high-profile parental control apps into the store that cannot work without violating their rules. But they should at least be very clear about the circumstances of rule violation, particularly when an app has already been approved.

It’s also clear that there is a demand for these apps. I think it would be great if there were APIs for Screen Time data, perhaps tied into HealthKit. Of course, it’s worth worrying about what Facebook is likely to do with that kind of information.

Update: In an email republished by MacRumors, Phil Schiller confirms that the company told developers to stop using MDM profiles as a way to monitor or limit device use in non-enterprise contexts. Also, it is notable that the Times did not publish the statement they received from Apple in full.

  1. Notably, Nicas does not cite Perez’s story in his piece, continuing the Times’ long and let’s-say-proud history of failing to credit others’ original reporting. ↥︎

Intuit and H&R Block Prevented Search Engines From Displaying Their Free Tax Filing Products propublica.org

Larissa Williams:

TurboTax is setting the “free” filing page to “noindex” in the web code, making it much harder for people trying to find the page. Without a direct link, it would be VERY hard to find that page searching the internet. Shady.

Justin Elliott, ProPublica:

We found that Intuit’s smaller competitor in the market, H&R Block, also hid its H&R Block Free File product from Google using the same sort of code. An H&R Block spokeswoman said: “We are proud that we have helped millions of Americans file their returns under the Free File Alliance program. … Our Free File Alliance offering, like all other alliance partners, is presented in the IRS site and easily reachable through the IRS, on HRBlock.com, and also by googling ‘FFA H&R Block.’”

But the Google results for that search do not directly link to H&R Block’s Free File landing page.

TaxSlayer, 1040.com, and Free Tax USA also request that search engines do not index their free filing webpages.

There are other ways to access all of these companies’ free filing options; the IRS provides a list of links. But it’s not unreasonable to expect people to search “free tax filing software”, and I cannot think of a non-sleazy reason why these pages would be hidden from search engines.

Today in ‘Things Apple Must Do’: Offer a Lossless Streaming Service 9to5mac.com

Tim Ingham of Music Business Worldwide broke the news today that Amazon is preparing to offer a high-quality streaming music service:

MBW has heard this whisper from several high-placed music industry sources, who say the price of Amazon’s new tier will likely be in the region of $15 per month. It’s expected to launch before the end of 2019.

“It’s a better bit rate, better than CD quality,” said one source. “Amazon is working on it as we speak: they’re currently scoping out how much catalog they can get from everyone and how they’ll ingest it.”

Ben Lovejoy, 9to5Mac:

I argued a couple of years ago that Apple should, at the very least, offer lossless music downloads on iTunes. But now that so many of us have switched from downloads to streaming for much of our music listening, it’s really time for Apple to offer hi-res streaming music too.

There are challenges to this, of course. Hi-res music streams use more data, and as the music labels charge more for licensing, then Apple Music would have to charge more for a lossless tier.

But consumers would be able to choose their bit-rate, and the existing services have proven there’s demand at $20/month. All I’m asking is for Apple to give us the choice.

But have they, though? Tidal has claimed to have three million subscribers, but an investigation by a Norwegian newspaper found that the true number was less than half that number — and that counts every subscriber, including those at the $10 per month lossy format tier. Deezer has seven million subscribers but, again, there’s no indication of how many of those subscribe to their higher-priced lossless tier.

For comparison, Apple Music has over 50 million paying subscribers worldwide, and Spotify has 96 million. Neither one offers a lossless subscription tier. The idea that Apple “needs to” offer a higher-quality option — to summarize Lovejoy’s headline — is very silly, indeed.

Apple itself frequently makes reference to the importance of music to the company. For example, when acquiring Beats, Apple said ‘music has always held a special place in our hearts’ and Phil Schiller said ‘music is in our DNA.’ So why not give it the respect it deserves, and let us listen to it at the quality the artists intended?

I would love desperately for Apple to use its influence to help improve music quality, but allowing users to stream or purchase lossless audio — especially this idea of “better than CD quality”, which is, pragmatically, bullshit — is not the best way to do that. The most important thing is for more pressure to be put on music labels, producers, and mastering engineers to deliver well-mixed tracks with wide dynamic range. That, alone, will make music sound noticeably better than moving from 256 kbps AAC to a CD-quality file format.

Privacy Commissioner of Canada Finds Facebook Broke the Law, But Regulators Are Powerless to Act Immediately priv.gc.ca

From the OPC’s press release:

Facebook committed serious contraventions of Canadian privacy laws and failed to take responsibility for protecting the personal information of Canadians, an investigation has found.

Despite its public acknowledgement of a “major breach of trust” in the Cambridge Analytica scandal, Facebook disputes the investigation findings of the Privacy Commissioner of Canada and the Information and Privacy Commissioner for British Columbia. The company also refuses to implement recommendations to address deficiencies.

“Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company,” says Privacy Commissioner of Canada Daniel Therrien. “Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.

“The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we’ve identified – or even acknowledge that it broke the law – is extremely concerning.”

David Carroll:

Report details use of [Facebook] Custom Audiences. This is crucial. It means illegal data models harvested from Facebook data were used to build user lists that were uploaded back into Facebook.

Michael Geist:

Facebook rejects Privacy commissioner findings it violated Canadian privacy law. Without order making power, Commissioner now has to go to the federal court to enforce the law.

The Commissioner has published its entire report, and it’s worth reading. It’s probably right for the court to decide what, if any, punishment Facebook should accept, but it’s shocking that they’re simply able to dismiss the findings of the report with no consequence.

The Information: Apple’s AWS Bill Is Falling, Not Rising theinformation.com

Contrary to CNBC’s story earlier this week, Amir Efrati and Kevin McLaughlin of the Information are reporting that their sources say that Apple cut spending with Amazon in 2018 compared to the previous year. And then there’s this:

In recent years, Apple has also expanded its use of Google Cloud, which the company has used, along with AWS, to power its iCloud service. But the increases in Apple’s spending with Google were slowed by the previously unreported incident involving the Google data center, according to two people briefed about the issue at Apple.

In that incident, which occurred about three years ago, a Google data center failed due to a fire, making some iCloud user data, including photos, inaccessible to users for a time, according to two people briefed about the issue at Apple. The event led to Apple discovering that Google was, in some cases, storing copies of Apple data within a single data center rather spreading them out to different locations, as Apple had expected, the two people said.

Fortunately, Apple identified the problem quickly, allowing it to recover the data, these people said. Some of the unavailable data had to be retrieved from data stored on customers’ devices, which were unaffected by the outage, one of these people said.

I’ve long been conflicted about the wisdom of storing my files with cloud services. It means losing a great deal of control over those files, for example, but it also means easier access from different devices. I’m not sure about those trade-offs. But one argument I’ve been swayed by is the assumption that data centres have better backup strategies than most of us. Efrati and McLaughlin’s report deeply undermines that assumption.

Facebook Expects to Resolve FTC Privacy Investigation for $3–5 Billion buzzfeednews.com

Alex Kantrowitz and Ryan Mac, Buzzfeed News:

Facebook is setting aside $3 billion to cover the expected costs, including an anticipated fine, related to an ongoing investigation with the Federal Trade Commission over its privacy practices, the company said today. The expenses could go as high as $5 billion, Facebook said.

[…]

After announcing the anticipated settlement, Facebook’s market capitalization climbed by approximately $40 billion in just over an hour of after-hours trading.

Elizabeth Dwoskin and Tony Romm, Washington Post:

The FTC’s probe has sought to determine if Facebook’s entanglement with Cambridge Analytica violated a 2011 agreement, known as a consent decree, with the U.S. government to improve its privacy practices. Since then, the social network has acknowledged additional data mishaps, prompting federal officials to expand their inquiry, according to two people familiar with the matter who spoke on the condition of anonymity because the probe is confidential under law. The probe could also target CEO Mark Zuckerberg personally, perhaps subjecting him to new oversight of his leadership, The Post first reported.

The low value of the fine relative to Facebook’s annual income is disappointing, but not quite as disappointing as recognizing that it’s a fine for breaking a 2011 agreement between the company and the FTC — not for breaking any particular law. That agreement established no financial penalties at the time, but would subject Facebook to fines for failing to agree to it.

That is to say that Facebook may not have faced penalties for its flagrant and wilful violation of basic privacy expectations over the past eight years had they not been previously caught doing so.

Court Says Using Chalk on Tires for Parking Enforcement Is an Unlawful Search npr.org

Matthew Schwartz, NPR:

The case was brought by Alison Taylor, a Michigan woman whom the court describes as a “frequent recipient of parking tickets.” The city of Saginaw, Mich., like countless other cities around the country, uses chalk to mark the tires of cars to enforce time limits on parking.

By the time Taylor received her 15th citation in just a few years, she decided to go after the city — and specifically after parking enforcement officer Tabitha Hoskins.

Hoskins, Taylor alleged in her lawsuit, was a “prolific” chalker. Every single one of Taylor’s 15 tickets was issued by Hoskins after she marked a tire with chalk, and then circled back to see if Taylor’s car had moved. That chalking, Taylor argued, was unconstitutional.

“Trespassing upon a privately-owned vehicle parked on a public street to place a chalk mark to begin gathering information to ultimately impose a government sanction is unconstitutional under the Fourth Amendment,” Taylor’s lawyer, Philip Ellison, wrote in a court filing.

A three-judge panel of the U.S. Court of Appeals for the 6th Circuit unanimously agreed. Chalking tires is a kind of trespass, Judge Bernice Donald wrote for the panel, and it requires a warrant. The decision affects the 6th Circuit, which includes Michigan, Ohio, Kentucky and Tennessee.

Via Maciej Cegłowski:

It’s interesting to watch the surveillance ratchet in action. This court decision means that a simple, privacy-preserving method of parking enforcement will be replaced nationwide with photographic databases of parked cars.

This is one of those cases where the legal interpretation baffles the common sense understanding — in this case, of what constitutes a “search” or, indeed, “trespassing”. With enough time, Cegłowski’s imagined outcome seems entirely likely.

The Apple Watch Turns Four: Some Thoughts

Four years ago today, the Apple Watch went on sale. Like many of Apple’s biggest hits, it wasn’t immediately well-understood. I think that was partly because of the distraction of the solid gold Edition model, and also partly because of the way the company pitched it. Like the iPhone’s infamous iPod, phone, and internet communicator setup, the Apple Watch was three things: a precise and customizable timepiece, an intimate communications device, and a health and fitness companion. It debuted in two sizes, classified by case material into three collections, all with a bunch of different band options, and with feature-rich software and third-party app availability. In hindsight, I think the rollout of the Apple Watch was unnecessarily complicated for a first-generation product.

But several generations of Apple Watch models and WatchOS versions later, that almost doesn’t matter. The watch has been, it is safe to say, a resounding success for the company. Apple has never broken out sales figures for it, but it’s likely one of the best-selling device families they’ve ever done. From a convoluted and much-mocked start, it has grown to become an invaluable accessory for millions. One more reason it was so often misunderstood: it’s truly the kind of product that you need to use to understand it.

I bought my first shortly after Apple started shipping them in 2015; I liked my Apple Watch so much that I replaced it with a Series 1 model the same day I shattered my Sport’s display in December 2016. But despite the allure of recent models’ GPS capabilities and far nicer industrial design, I have not had the itch to upgrade.

The Apple Watch is, for me, a highly polarizing product within my own head. That is: the things I like about it I really like about it; the things that I do not are deeply frustrating. I think its small size and more limited nature concentrate and amplify its high points as much as its flaws.

I adore the activity and fitness tracking, for example. In an office job, it’s far too easy to remain seated for hours at a time, standing up only to refill a coffee cup or water bottle, or to use the restroom. Similarly, it’s not uncommon for many people to spend a majority of their day barely moving their limbs: you get in the car, you stand in an elevator, you sit at your desk, and then you get back in the elevator and get in your car to go home — and this is likely even more sedentary for those who work from home. I don’t necessarily have the most extreme version of this as I have a walking commute, but reminders to get some physical activity are welcomed, particularly on the weekend and in the winter. Because of the Apple Watch, I walk through Calgary’s excellent indoor walkway system during the winter instead of taking the train to and from work.

I also like some of the smart watch face features. It feels completely natural for me to glance at my watch to check the weather or to see what appointments or reminders I have that day. Having Siri on my wrist is also a revelation. These features combine to help create the kind of passive technology future many of us have dreamed of. If only I could tilt my wrist and see when the next bus or train is due to arrive — that would nearly complete a feeling of immersion.

And then there are some of the finer things that are made possible because the watch is persistently authenticated throughout the day. Paying with my wrist doesn’t always feel natural, but virtually every transit pass I’ve bought since Apple Pay became available in Canada was purchased from my Apple Watch. I also think the ability to automatically unlock my iMac is sublime.

But then there are the things that I feel more negative about, and which have not meaningfully changed over the past four years — the worst of which is the third-party app ecosystem on the device. Even though I have a Series 1 Apple Watch, this has little to do with speed and everything to do with functionality. It feels like third-party developers either cannot figure out what they want to do with their WatchOS apps, or they’re not able to do what they want because of API limitations.

While the fit and finish of the hardware is nice and getting nicer — and the rectangular shape is apt for the many list-based functions of the device — it’s still a little strange to see so many people wearing the exact same watch every day. Band customization only gets you so far, no matter how good the bands are — and they are very good, indeed — and how fantastic the band changing system is; it’s still the same easily-identifiable watch everyone else is wearing. And it’s a little frustrating that it has to be a watch; in the morning, it’s a choice between wearing a traditional watch or wearing my Apple Watch. Rather than augmenting what I already wear, it replaces something.

I’m also not wholly convinced that pushing notifications to my wrist is somehow beneficial for either my phone use or my attentiveness. The notifications that go to my watch are limited to messages, custom Slack notifications,1 phone calls, and activity stuff, but I still have to use my iPhone to act upon virtually all of these. Also, looking at my phone during a meeting or while talking with a friend is considered rude, and I’m not sure looking at my watch is much better. I like that I can look at my watch and make a judgement right away whether it’s something that needs my attention now, or if it’s something I can deal with later; but, because notifications are generally irritating, I’ve already limited them to things that I generally act upon immediately. In general, I still think that devices need to do a better job of managing notifications.

Finally, there’s something about wearing an Apple Watch with my AirPods in my ears while looking at an iPhone that makes me feel, well, a little bit dorky. I don’t want to make a big deal out of this; I’m sure it’s just elevated levels of self-consciousness that are more indicative of who I am than of the device. This is almost certainly a me problem. But, still.

The Apple Watch has been on my mind lately for a couple of reasons, but one main one: my Series 1 is rapidly giving up the ghost. The first release of WatchOS 5.2 made its battery drain by early afternoon every day. And, even though recent beta seeds have restored its all-day battery life, I haven’t stopped thinking about what I would replace it with. Apple still offers the Series 3 which would give me plenty of new features at an affordable price, yet it’s in the same chunky case as the watch I have now. Spending over $500 in Canada would get me the Series 4 with its far nicer industrial design, and I’m just not sure it’s worth the cost for how I use it.

So, I dug out my old Boccia that I haven’t worn much since I got my first Apple Watch. It doesn’t have the same fit and finish as my Apple Watch; its band is not as easily swapped. It does not display the weather. It does not tell me when I should get some exercise. But it feels nice. It’s coincidental that the battery I needed for it arrived yesterday, but I’ve been wearing it all day, and I really like it. And this is not an expensive watch; if I were to spend $500 on a new watch, that would buy a pretty nice timepiece. It’s not Tudor or Omega money, but it would get me a decent Seiko or Citizen. Or I can leave it in the bank and add to it for a watch that’s far more like a piece of jewellery than it is a wrist computer. Even the nicest stainless steel Apple Watch is still identifiable primarily as a device.

Like I said, it’s a complete coincidence that all of this discovery happened around the fourth anniversary of the Apple Watch’s launch; but, this fortuitous timing gives me the opportunity to assess how it has built upon the first-generation product’s three pillars:

  • A precise and customizable timepiece: All computer clocks are precise; nobody expected the Apple Watch to struggle to keep time. This seemed like a silly and hyperbolic factor against which the Apple Watch should be judged. As far as customizability is concerned, case colours and different bands only get you so far; its hardware still screams “Apple Watch”.2 However, WatchOS updates have made it far more personalized with features like the Siri watch face and better third-party app integration.

  • An intimate communications device: I now know a lot of people with an Apple Watch, but I don’t know anyone who uses Digital Touch, shares their heartbeat, or even responds to texts with their watch. These features have not changed much over time, and the device’s size dictates its often awkward interaction mechanisms. Perhaps you frequently take calls on your watch or respond to texts with your voice, and that’s fine; it’s just not something I’ve seen a lot of people doing, even while they’re working out.

  • A health and fitness companion: This is, by far, the area where I think the Apple Watch has succeeded the most, and Apple has demonstrated this year after year by adding health features. The Workout app has come a long way since its launch, with new categories of workouts, workout detection, and a far simpler design. Newer generations of Apple Watch have added fall notification and an ECG, which I still think is wildly impressive. This is where I see myself continuing to use my Apple Watch in a more limited capacity, as it’s what I’ve been using it primarily for every day since I got it: taking my Apple Watch off broke my 379 day streak of closing all my rings. I’m a little bummed about that.

The Apple Watch seems to be excelling in one of its three pillars, doing fine in another, and totally missing the mark on the third. Apple is clearly learning what people use their Apple Watch for and adjusting accordingly, investing most heavily in its fitness and health features.

I have also learned something over the last four years that I’ve used an Apple Watch: I learned that my hesitance to upgrade is not from a lack of new features — there are plenty of those — but almost the opposite. I don’t know that I want more of anything happening on my wrist; I guess I just want less.

  1. I have a Slack workspace all for myself with some custom news alerts and push notifications set up. It’s kind of like a roll-your-own notification service for stuff that I care about. It’s quite silly, granted, but it works for me. ↥︎

  2. The Apple Watch’s hardware is notable for introducing three interaction mechanisms: Force Touch, the Taptic Engine, and the Digital Crown.

    Force Touch has been applied across Apple’s product line: it’s used for trackpads on the Mac, and its general principles were brought to the iPhone with 3D Touch. But its role on the Apple Watch has been scaled back since the first release of WatchOS, and 3D Touch is a mixed bag. Maybe the best current implementation of Force Touch is with the nearly solid-state trackpads in Apple’s current notebook lineup and in the second-generation Magic Trackpad, but I don’t use any of the Force Touch stuff in MacOS.

    The Digital Crown continues to baffle me. It’s a smart way to use the language of a knob that’s present on pretty much all watches. But so much of the interaction in WatchOS remains screen-dependent, which means that I often see people touching their Apple Watch screens instead of using the Digital Crown.

    The Taptic Engine has been a resounding success, as far as I’m concerned. It is among the finest physical interaction methods I’ve used on any device, particularly in its iPhone implementation. The vibration motors in most phones suck; some phones still ship with shitty buzzy vibrator mechanisms in 2019. The Taptic Engine in the Apple Watch is equally great; its strong pulses on the wrist feel sophisticated, not obtrusive. ↥︎

Regarding Animoji in Messages and FaceTime, Again patentlyapple.com

Earlier today, Jack Purcher of Patently Apple published this piece where he claims to have discovered Apple’s “next generation” Animoji software in a patent filing:

The U.S. Patent and Trademark Office officially published a series of 54 newly granted patents for Apple Inc. today. In this particular report we briefly cover a single granted patent that takes Animojis to the next level by allowing a user to replace their head and face with an Animoji character while the user’s body and movements are naturally from the user. Who says you can’t stay young forever?

[…]

In Patent FIG. 6F below the user chooses the robot Animoji head and in 6H the TrueDepth camera (the creative camera) will advise the user to keep their head within a frame. Next-Gen Animojis will allow the user to keep their own bodies while presenting an Animoji face.

Far from a “next-gen” system, this, to me, looks and sounds exactly like the camera effects in Messages and FaceTime introduced in iOS 12. This is not the first time Patently Apple has misread patent drawings or misinterpreted intellectual property filings.

But I also don’t entirely blame them. As I’ve written before, these effects are difficult to find and use, and I think this mistaken report is another indication of its flawed UI. It’s not the most pressing issue, but I hope it’s something Apple will reconsider and improve upon in iOS 13 or 14.

Who Run the World? Recommendation Algorithms wired.com

Zeynep Tufekci, writing for Wired:

What should you watch? What should you read? What’s news? What’s trending? Wherever you go online, companies have come up with very particular, imperfect ways of answering these questions. Everywhere you look, recommendation engines offer striking examples of how values and judgments become embedded in algorithms and how algorithms can be gamed by strategic actors.

Consider a common, seemingly straightforward method of making suggestions: a recommendation based on what people “like you” have read, watched, or shopped for. What exactly is a person like me? Which dimension of me? Is it someone of the same age, gender, race, or location? Do they share my interests? My eye color? My height? Or is their resemblance to me determined by a whole mess of “big data” (aka surveillance) crunched by a machine-learning algorithm?

Last year, Chris Hayes showed how quickly a YouTube search for information about the Federal Reserve turns into antisemitic conspiracy theories in just a few clicks. The exact path he cited no longer exists, but I just tried it: the first search result for “Federal Reserve” on YouTube is a video from CNN, but many of its recommendations are dubious and conspiracy-minded.

YouTube’s recommendations have long been problematic and, like all recommendation engines, they seem designed to encourage users to consume more, with profoundly differing results depending on their context. Music recommendations, for example, seem relatively benign: software can probably make some good guesses about what someone who listens to Fugazi and Bad Brains would also want to hear, even if it knows nothing else about them. But Amazon knows a lot more about its users than simply their music choices; YouTube’s metrics, meanwhile, encouraged complicity in its flaws in the pursuit of growth.

The Markup Loses Editor-in-Chief Julia Angwin, and Key Staff Follow niemanlab.org

Laura Hazard Owen, Nieman Lab:

The Markup — the highly anticipated nonprofit news site that planned to explore the societal impacts of big tech and algorithms — has fired Julia Angwin, its much-respected cofounder and editor-in-chief. The Markup’s editorial team published a letter of “unequivocal support” for Angwin, who says that she was let go over email Monday night. The move baffled journalists on Tuesday, but Angwin said her ouster was the result of tension over the editorial mission of the site — specifically, whether it should take an “advocacy approach” or an “evidence- and data-driven approach.”

Angwin, a Pulitzer Prize winner and two-time Pulitzer Prize finalist, left ProPublica about a year ago to launch the site. At ProPublica, she’d been an investigative reporter who’d built a team pairing programmers and journalists that specialized in investigating the opaque algorithms that influence our lives. ProPublica data scientist Jeff Larson went with her, and, as my colleague Christine Schmidt reported last year, Sue Gardner, formerly of the Wikimedia Foundation and the CBC, was their third cofounder and executive director.

Gardner and Larson dispute that there has been any shift in editorial direction, but a raft of great reporters resigned today — not usually a sign associated with stable executive direction and organizational mission. Competing publications with a solid investigative mission should be fighting to hire everyone who left the Markup today.

Also, they fired a co-founder over email? Dick move.

Apple Instructs Stores to Prioritize MacBook Keyboard Repairs macrumors.com

Joe Rossignol, MacRumors:

Apple’s memo, titled “How to support Mac customers with keyboard-related repairs in store,” advises Genius Bar technicians that these keyboard repairs should be “prioritized to provide next-day turnaround time”:

Most keyboard-related repairs will be required to be completed in store until further notice. Additional service parts have been shipped to stores to support the increased volume.

These repairs should be prioritized to provide next-day turnaround time. When completing the repair, have the appropriate service guide open and carefully follow all repair steps.

Apple did not provide a reason for the in-store shift for most keyboard repairs, but the company is highly regarded for its customer satisfaction, so it could be trying to speed up the process a bit to alleviate frustration.

This is a good policy adjustment, albeit a somewhat late one for a years-old problem. But it’s also an acknowledgement that these problems are well-known and need to be rectified in a permanent way with a different keyboard design. I’m just guessing here, but I bet that customers do not want easier fixes for their devices as much as they want devices that do not break as a result of a flawed design.

Apple’s Monthly AWS Bill is Over $30 Million cnbc.com

Jordan Novet, CNBC:

As Apple and Amazon compete for a greater share of consumer dollars and attention, they also have a particularly intimate business relationship: Apple is spending more than $30 million a month on Amazon’s cloud, according to people familiar with the arrangement.

Apple’s cloud expenditure reflects the company’s determination to deliver online services like iCloud quickly and reliably, even if it must depend on a rival to do so.

Three years ago, word on the street was that Apple was accelerating its plans to run its services entirely on its own infrastructure. In the same report, Apple’s annual AWS bill was about a billion dollars. So perhaps the bigger news here is that Apple’s dependence on AWS has lessened by about 60%, despite an increase in spending recently.

Update: Amir Efrati and Kevin McLaughlin of the Information are reporting that Apple’s 2018 AWS spending is actually a 50% cut of its 2017 bill, and it’s dropping, not climbing. My title has been updated accordingly.

First Reviews of the Samsung Galaxy Fold theverge.com

Dieter Bohn, the Verge:

Samsung isn’t canceling or delaying the launch of this $1,980 folding smartphone from its April 26th launch date. So I feel a sense of responsibility to get this review out before people buy it. I’ll just say it right out front: I cannot recommend that anybody buy this thing until we know what’s up with these broken screens. The whole situation isn’t quite the fiasco of exploding Note 7 smartphones, as nobody’s safety is threatened, but it is, well, weird.

So here’s what I’m going to do: review the Galaxy Fold as if this whole terrible screen breaking thing will get resolved. Don’t take that to mean that I think it absolutely will be or that I think you should dismiss these problems. Entirely the opposite: you should not buy this phone until we get more information — and even then, it’s not a great purchase.

Joanna Stern, Wall Street Journal:

Even then, I have to ask: Why in the world is a $2,000 glamour phone held together by a flimsy piece of plastic? The feeling of cheapness is as great a sin. Why didn’t Samsung integrate this apparently necessary protective layer better into the body of the phone? (The company’s answer: It makes the phone easier to service. There’s a vote of confidence!)

[…]

At a time when smartphone innovation seems to have stalled and companies are looking to sell us the Next Big Thing, the coming years will be about new and exciting experiments like this. Some early adopters will gleefully raise their hands and pay to test drive the future. But we are not all willing beta testers.

Reading these two reviews has helped me understand the potential of the Galaxy Fold in a way that Samsung’s own product launch keynote did not. It’s not a phone that unfolds into a bigger screen; it’s a small and simplified tablet that can fold in half. If the idea of a tablet as just a bigger smartphone is appealing to you, a device like this might also be.

But not this product. Even if we totally ignore the unignorable display problems and questionable reliability, there are so many basic software implementation problems that it’s hard to see this as anything more than a prototype that is years away from being ready to ship to consumers.

Except it isn’t shipping years from now; I still can’t believe Samsung will deliver these things to customers next week. But they will, and those customers will pay $2,000 for an experiment that might break at any time, all so Samsung can say that they were first.

Update: Timothy Martin of the Wall Street Journal is reporting that Samsung is delaying the Fold’s launch for at least a few weeks while the company tries to sort out these quality issues. That seems wildly optimistic to me.

Facebook Acknowledges Millions More Passwords Stored in Plain Text, and Contacts Uploaded Without Consent recode.net

Kurt Wagner, Recode:

Facebook first announced late last month that it had stored hundreds of millions of user passwords unencrypted on its servers, a massive security problem. At the time, it said that “tens of thousands” of Instagram passwords were also stored in this way.

On Thursday morning, Facebook updated its blog to say that, actually, “millions” of Instagram users, not “tens of thousands,” were impacted.

That’s real bad, but that’s not all, because it never is with Facebook. Remember how they were asking some users for their email account passwords just two weeks ago?

Rob Price, Business Insider:

Since May 2016, the social-networking company has collected the contact lists of 1.5 million users new to the social network, Business Insider can reveal. The Silicon Valley company said the contact data was “unintentionally uploaded to Facebook,” and it is now deleting them.

The revelation comes after pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities, a move widely condemned by security experts. Business Insider then discovered that if you entered your email password, a message popped up saying it was “importing” your contacts without asking for permission first.

At the time, it wasn’t clear what was happening — but on Wednesday, Facebook disclosed to Business Insider that 1.5 million people’s contacts were collected this way and fed into Facebook’s systems, where they were used to improve Facebook’s ad targeting, build Facebook’s web of social connections, and recommend friends to add.

Are they evil? Is their internal culture and sense of corporate ethics corrupt? Are they merely criminally inept?

Whatever the case, it doesn’t seem to have spooked Facebook’s shareholders. The company’s stock has climbed pretty steadily since the beginning of the year, and it’s at about the same price as this time last year. And, even though Facebook — the website and app — has been losing users, Facebook — the company — has insulated themselves by acquiring apparent alternatives. There are simply few automatic consequences for their repeated, brazen, and systemic breaches of trust.

Samsung Galaxy Fold Reviewers Are Noticing Screen Problems After Days of Use theverge.com

Dieter Bohn, the Verge:

Look closely at the picture above, and you can see a small bulge right on the crease of my Galaxy Fold review unit. It’s just enough to slightly distort the screen, and I can feel it under my finger. There’s something pressing up against the screen at the hinge, right there in the crease. My best guess is that it’s a piece of debris, something harder than lint for sure. It’s possible that it’s something else, though, like the hinge itself on a defective unit pressing up on the screen.

It’s a distressing thing to discover just two days after receiving my review unit. More distressing is that the bulge eventually pressed sharply enough into the screen to break it. You can see the telltale lines of a broken OLED converging on the spot where the bulge is.

Bohn isn’t the only one with problems: Steve Kovach of CNBC, Mark Gurman, and Marques Brownlee all report broken screens on their review units, which they were provided with earlier this week. It appears that Gurman and Brownlee peeled off a protective layer. It looks kind of like that plastic film that all new devices ship with to protect them in transit, but this one is apparently supposed to stay on the screen.

Samsung said a couple of weeks ago that they tested the Galaxy Fold extensively, but this is not a problem that should occur with a two thousand dollar smartphone that will, apparently, be shipping to customers next week. The Galaxy Fold is still a prototype.

Update: Samsung has given a statement to the Verge emphasizing that users should not remove the film that looks like it can and should be removed from the screen. Some people have said that there’s a note that comes with the device indicating that this film should not be peeled off, but Mark Gurman says that some review devices did not have this notice. Also, according to Joanna Stern, Samsung is not delaying the device’s launch despite the issues reported with devices in the first few days of use. I do not think this will go well.

Apple Music’s Improved ‘For You’ Tab macrumors.com

The “For You” tab in Apple Music received a huge update yesterday, and I’m pretty sure I was the first to notice it, for whatever that’s worth. Juli Clover, MacRumors:

Apple Music is now recommending content based on specific bands you’ve listened to before, and there are categories such as “Case of the Mondays,” “Start Your Week Right,” and “To Make You Smile.” There are also category recommendations for music genres you’ve listened to in the past.

Recommendations can be shifted using the Love and Dislike features in Apple Music, and going forward, Apple plans to provide more regular updates to the “For You” section so you’ll have fresh content and recommendations more frequently.

This is far better than the old version of the tab, which prioritized adding new friends and listening to their music over finding more stuff based on your own tastes. The tab seems to keep up with your day a lot better — for example, I was listening to the National’s “Alligator” for a while today and several albums were suggested soon after in “For You”. That makes more sense than having those suggestions offered hours-to-days later.

I’m still baffled by the “New Releases” section at the bottom. Surely it should suggest, well, new releases, but the second-through-fifth suggestions are all over two weeks old. In that time, new albums have been released from artists I’ve listened to and have “loved” on Apple Music that simply don’t show up, not to mention releases from artists that are closely related to my listening history.

However, the first suggestion in “New Releases” is for an album released Monday, so things are looking up.