Month: April 2019

Firefox Nightlies Begin Requiring User Action to Trigger Push Notification Requests blog.nightly.mozilla.org

Johann Hofmann of Mozilla:

Permission prompts are a common sight on the web today. They allow websites to prompt for access to powerful features when needed, giving users granular and contextual choice about what to allow. The permission model has allowed browsers to ship features that would have presented risks to privacy and security otherwise.

However, over the last few years the ecosystem has seen a rise in unsolicited, out-of-context permission prompts being put in front of users, particularly ones that ask for permission to send push notifications.

[…]

According to our telemetry data, the notifications prompt is by far the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta in the month from Dec 25 2018 to Jan 24 2019. Not even 3% of these prompts got accepted by users. Most prompts are dismissed, while almost 19% of prompts caused users to leave the site immediately after being confronted with them. This is in stark contrast to the camera/microphone prompt, which has an acceptance rate of about 85%!

This is a great move, and I hope all browsers copy Mozilla’s initiative. This will not, however, block those irritating One Signal prompts; for that, you’ll want to block onesignal.com and cdn.onesignal.com in your favourite ad or script blocker.

All software ought to more carefully consider the ways a new feature can be exploited, but web browsers should be especially vigilant due to the open nature of the web. It’s frustrating how jackass marketers and “growth” teams can’t resist abusing a feature as simple as allowing users to get notified when they have a new message.

Facebook Demands Passwords to Some New Users’ Email Accounts for ‘Verification’ thedailybeast.com

Kevin Poulsen, the Daily Beast:

Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. “To continue using Facebook, you’ll need to confirm your email,” the message demands. “Since you signed up with [email address], you can do that automatically…”

A form below the message asked for the users’ “email password.”

“That’s beyond sketchy,” security consultant Jake Williams told the Daily Beast. “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook”

It was just two weeks ago that Facebook admitted to storing the passwords of 600 million users in plain text logs.

Even setting aside that critical story and Facebook’s appalling track record on privacy — generally, but also when it comes to account security features — this is teaching users that entering the password to their email account is okay as long as they see some recognizable brand name on the page, regardless of whether it matches their email provider.

A reminder that it was just a year and a half ago that Facebook asked for users’ nude photos, too. I’m trying to think of what else they could possibly want from users that they don’t already have. A blood sample, perhaps?

Update: Facebook says that they will stop doing this.

The Effect of Product Shutdowns on Google’s Reputation arstechnica.com

Ron Amadeo, Ars Technica:

We are 91 days into the year, and so far, Google is racking up an unprecedented body count. If we just take the official shutdown dates that have already occurred in 2019, a Google-branded product, feature, or service has died, on average, about every nine days.

Some of these product shutdowns have transition plans, and some of them (like Google+) represent Google completely abandoning a user base. The specifics aren’t crucial, though. What matters is that every single one of these actions has a negative consequence for Google’s brand, and the near-constant stream of shutdown announcements makes Google seem more unstable and untrustworthy than it has ever been. Yes, there was the one time Google killed Google Wave nine years ago or when it took Google Reader away six years ago, but things were never this bad.

For a while there has been a subset of people concerned about Google’s privacy and antitrust issues, but now Google is eroding trust that its existing customers have in the company. That’s a huge problem. Google has significantly harmed its brand over the last few months, and I’m not even sure the company realizes it.

I get where Amadeo is coming from because I, too, have virtually no trust in Google’s ability to maintain projects long-term. I wonder how much this realistically impacts their reputation, though — mostly because technology companies are barely trusted at all. Reading a comments section on the internet is scarcely recommended, but I found plenty of educational feedback on Matt Blaze’s recent editorial on software updates for the New York Times. If you’re in the tech industry at all, I think it’s worth reading.

An optimistic take is that Google is cleaning house and focusing on a set of core products and services from which it can collect data to sell advertising against. But that’s unlikely. There’s a greater chance that they’ll introduce another chat app by the end of the year.

Regarding That Ostensibly ‘Small Number of Customers’ Reporting Problems With Their MacBook Keyboards m.signalvnoise.com

David Heinemeier Hansson, writing on Basecamp’s Signal v. Noise blog:

Apple keep insisting that only a “small number of customers have problems” with the MacBook keyboards. That’s bollocks. This is a huge issue, it’s getting worse not better, and Apple is missing the forest for the trees.

The fact is that many people simply do not contact Apple when their MacBook keyboards fail. They just live with an S key that stutters or a spacebar that intermittently gives double. Or they just start using an external keyboard. Apple never sees these cases, so it never counts in their statistics.

It isn’t news that the butterfly keyboard switches in the post-2015 MacBook line are unreliable to the degree that it has breached a technically-focused audience, recently featuring in a Wall Street Journal article and in commentary from well-known individuals. There’s also plenty of statistical evidence, in the form of Genius Bar repair figures sourced by Apple Insider, to support the widespread understanding that these keyboards suck.

But what’s missing from the numbers Apple Insider published and the general malaise about these keyboards is any understanding of the impact they’re having on otherwise-silent users. Hansson’s piece sheds some light on this, plus a poll he posted on Twitter. As of writing, over 4,600 people have responded: 38% say that their keyboard is perfect, 11% say that they had problems with the keyboard but Apple fixed it, and 51% say that they’re living with their keyboard problems.1 I’m not surprised by that — people who use their laptop a lot, especially for work, cannot just be without their computer for a week or two. It is enormously disruptive.

The thing I keep getting back to in my head is that this is a problem that should not exist. The highlight feature of the next MacBook model should be something like Face ID or being powered by one of Apple’s own kick-ass processors, not a keyboard that hasn’t regressed and now functions correctly. And I understand completely that all tech companies experiment with new and different things. In Yosemite, Apple tried to replace the fine-but-old mDNSResponder with the new-but-flaky discoveryd; that decision was reverted after a year. Apple has now been shipping MacBooks with crappy butterfly keyboards for four years.

The Apple-related story I want to read most of all right now is about how these keyboards came to be, what happened after problems began to show up, and how they kept shipping regardless. My inbox is always open.

  1. Twitter does not publish results until the poll is completed, but you can see the poll’s current state in the page’s source. ↥︎

Low-Light Photography With the Huawei P30 Pro theverge.com

Vlad Savov, the Verge:

I know what date it is, but let me assure you that this is no April Fools’ gag: Huawei’s P30 Pro has the best low-light camera, better even than Google’s Pixel Night Sight, and it sets a new benchmark for night photography. It’s so good that it will make iPhone and Samsung Galaxy phone owners question their fealty. Huawei has taken the most challenging situation for any photographer and made it as easy and casual as snapping a shot in broad daylight.

I don’t much like how bright these photos are — I feel that night should look like, well, night — but the P30 Pro demonstrates a remarkable advancement in low-light capabilities, particularly in its ability to remove noise while preserving detail. Better low-light performance remains my wish for pretty much any digital camera. The exposure can be set so that it still looks dark, but this level of improvement to noise reduction is something I’d like to see the rest of the industry copy.