Month: March 2020

The Changing Nature of Apple’s Product Announcements macworld.com

Dan Moren, Macworld:

Most of us love Apple events. There’s an excitement and a theater to them that is rare in corporate presentations, and is surprisingly hard to replicate. (We’ve all probably seen events from rival companies that have tried to pull off an Apple-esque vibe with less than successful results.)

This week’s updates, however, arrived by press release. Apple’s no stranger to that methodology: the company has dropped plenty of products like this in its history, especially when it clearly considers the products in question to be more minor releases, such as updates to existing devices that don’t really require spinning a story.

[…]

In addition to the usual press materials and images distributed with this week’s announcements came something more unusual: a video featuring Apple senior vice president of software engineering, Craig Federighi, demoing the new trackpad features. While it was reminiscent of the slick product videos that Apple frequently shows off during its events, look closer and you start to see that it’s not quite as smooth. It’s shot at Apple Park, with nobody else onscreen but Federighi, though there may be someone else using the iPad at some points. It’s hard to tell.

This video has fascinated me since it was first posted by Dieter Bohn at the Verge. Partly, that’s because it was posted with no attribution, but also because the fine print does not say “Magic Keyboard coming in May” but, rather, “R1x coming in May”. It does not appear on Apple’s YouTube channel, nor is it included in the iPad Pro’s press release — not even in the package of images at the bottom. Eventually, Six Colors posted the video to YouTube, where it noted in the description that it was “supplied to journalists by Apple”.

That’s odd. Apple’s PR strategy has been so consistent that any changes are inherently interesting, if you’re the kind of person who cares about the foibles of the company.

Apple has done one-to-one briefings before, both in person and remotely. It has held small-scale press-only events, it has announced products through press releases, and it gives reference materials to journalists supplied with review units. But I can’t think of an instance where it has given promotional videos to the press for them to publish.

A Status Update on the Toaster-Refrigerator Project

Daniel Rubino wrote a decent piece over at Windows Central about how the new iPad Pro — and, in particular, the Magic Keyboard — steps on Microsoft’s Surface turf. But I do not buy his argument that it represents an about-face for Apple:

Putting aside how wrong Apple was about the 2-in-1 form factor, which it is now ironically fully embracing, this move by Apple is likely to harm sales of the Surface Pro line. Apple’s iPad has long bucked the trend of the failing tablet market because it has the best hardware and an OS that people relish.

I’d argue – and many of you would too – that Windows 10 is still a more “serious” OS built for doing “real” work. But for many, those lines are blurring. For the last few years there have been many attempts by people trying to make do with just an iPad, and today’s announcement will only make that easier.

Tim Cook’s 2012 comments about convergence devices were again unearthed in myriad commentaries as a counterpoint to the company’s announcements yesterday, especially given the growing similarities between iPad and Microsoft’s Surface hardware. I think that’s noteworthy, but not indicative that Apple’s long-term strategy for the iPad has been wrong.

I’m going to irritatingly self-quote here from a piece I wrote a couple of years ago:

If there is a smartphone-to-desktop continuum, with the tablet somewhere in the middle, Microsoft has long approached it as skinning Windows with touch drivers and bigger buttons, while Apple chose to start by making a touchscreen phone and build up from there.

The addition of real mouse and trackpad support to the iPad is not just a slapped-on version of the MacOS cursor, but a clearly considered rethinking of what that should be on a system that is still primarily used by touch. I expect to see plenty more changes like this as Apple continues to add more advanced features to iPadOS — features that will probably be similar to aspects of MacOS, but reconsidered for a touch-based operating system.

Cook’s “toaster and refrigerator” remarks were made around the time that Microsoft released Windows 8, which took the standard version of Windows and slapped a touch-friendly tile interface on top — no matter what device you installed it on. Have a big-ass desktop display? Doesn’t matter; you still got that tile interface by default. That problem existed in the reverse, too: many Windows settings were not able to be changed through the default touch-based interface, no matter which device you were on, so you would often need to muck around in the historic anachronism that is the Control Panel, even on a tablet.

The iPad and its iPadOS is decidedly not this experience. If anything, its biggest drawbacks are in the ways that it is still attached to a small-screen smartphone experience. But those ties are still inherently touch-based, and are slowly loosening as every part of the personal computer experience is rethought for an interface that is expected to be used primarily — though not entirely — by a user’s fingers. Some of those things will be successful; some, like the stubborn effort to go without a file browser, will not.

This strategy is not, from my very outsider perspective, a radical departure from what I expected for the iPad. Since day one, it has supported Bluetooth keyboards for text entry and limited per-app shortcuts. There was even a weird keyboard dock. I am only surprised and, admittedly, disappointed that advancements like these did not happen sooner.

I anticipate that we will see more desktop-grade features brought to the iPad in the coming years, but interpreted with a style all their own. The iPad of a few years from now might increasingly resemble a far nicer version of those two-in-one laptop and tablet hybrids, but it will not behave like any of them. It will not be a desktop operating system with some bigger buttons; it will be fully imagined as a touch-based operating system.

If that wasn’t the strategy all along, what could it possibly have been? Does anyone seriously think that the iPad would have forever remained something on which you could read email while you used the bathroom?

By the way, there’s a funny postscript to Cook’s toaster-refrigerator remark. Todd Bishop, reporting for the Seattle Pi in 2005:

Before this week’s unveiling of the new video-enabled iPod, Apple Computer’s Steve Jobs was renowned in technology circles for his skepticism about video on portable devices.

Just how ridiculous did he consider the concept? Jobs joked in a conference call with reporters last year that if Apple were to add video to the iPod, it might as well turn the device into a toaster, too.

“I want it to brown my bagels when I’m listening to my music,” he said at the time. “And we’re toying with refrigeration, too.”

Two years after Jobs said this, Microsoft released the Zune. It played audio and video, and came in a shade of brown that would look alright on a toasted bagel.

Apple Updates the MacBook Air apple.com

Speaking of our favourite Mac models, the MacBook Air generation that launched in 2010 and was only discontinued a few years ago would easily be in my top five. I still remember how wild it seemed to have a solid state drive in a really thin notebook for a reasonable price. I know a lot of people loved the 11-inch model, but the 13-inch was the one I ultimately bought a couple of years later, and it’s still going strong.

That original 13-inch model, with 2 GB of RAM and a 128 GB SSD, started at $1,299. By the time Apple issued its last update to the non-Retina MacBook Air, the price of entry had dropped to $999. For its entire lifespan, it was the default Mac — the one you would tell people to buy unless there was a good reason for them to get something else.

When the Retina MacBook Air dropped in 2018, it had nearly everything people loved about the model it replaced, with two exceptions: a new crappy keyboard, and a $200 higher price tag. Both of those things, but especially the keyboard, made it just a little harder to recommend to your friends.

Those caveats no longer apply. The MacBook Air was just updated with the same Magic Keyboard as the 16-inch MacBook Pro, twice the standard storage, better performance, and a $999 price. It’s pretty much the perfect notebook again.

Mac Madness 2020 512pixels.net

March Madness may be cancelled, but Stephen Hackett has put together the next best thing: a tournament to determine the community’s all-time favourite Mac. Matchups were chosen at random, begetting what I believe to be the most difficult possible bracket right out of the gate.

Voting for this first round lasts until Friday.

New iPad Pro Models Announced, iPadOS 13.4 Features Trackpad and Mouse Support apple.com

Federico Viticci:

With a press release published earlier today, Apple officially announced the fourth generation of its iPad Pro line. The new iPad Pro models – available, as with the current generation, in 11-inch and 12.9-inch flavors – feature the all-new A12Z Bionic chip, a new camera system that includes an ultra-wide camera and LiDAR scanner for augmented reality, and integration with a long-awaited accessory, which will become available starting in May: the new Magic Keyboard with trackpad.

These new iPads look pretty remarkable, but my attention was immediately drawn to that new Magic Keyboard accessory. Not only does it have a sweet floating design and an integrated USB-C port for charging, the keyboard is now backlit and, yes, it has a trackpad.

Apple:

With iPadOS 13.4, Apple brings trackpad support to iPad, giving customers an all-new way to interact with their iPad. Rather than copying the experience from macOS, trackpad support has been completely reimagined for iPad. As users move their finger across the trackpad, the pointer elegantly transforms to highlight user interface elements. Multi-Touch gestures on the trackpad make it fast and easy to navigate the entire system without users ever lifting their hand.

Because this enhanced trackpad and mouse support is an iPadOS feature, I was able to try it out with my current iPad. I don’t have a spare trackpad laying around, but I do have an unused Magic Mouse. So I connected my mouse to my iPad — that is a very weird phrase to write. And you know what? It works very well.

Apple’s description of how the cursor works is a bit of an exaggeration; I don’t necessarily buy that this is a “complete reimagining”, but it is a thoughtful interpretation. The cursor — normally round, like a finger’s touch area — transforms a lot more smoothly than in MacOS, and the animation for highlighting UI elements is extremely nice. Using a mouse means less capability than a trackpad, but there are very few shortcomings. Gestures are now widely supported, so you can swipe with a finger to archive a message in Mail, for example. The main one I’ve spotted is that there doesn’t appear to be a way to dismiss a Slide Over app. By design, using the app switcher to go to a different app will allow the Slide Over app to remain floating overtop with its massive shadow obscuring anything underneath and giving the impression that it is still the focused app. But you can always lift your hand off the mouse and swipe it away. There also doesn’t appear to be a way to map a secondary Magic Mouse click but, as with MacOS, you can control-click to reveal a contextual menu. Update: It turns out it’s under General settings, Trackpad and Mouse, and then Secondary Click. My mistake.

This sort of stuff makes the iPad ridiculously flexible. It doesn’t mean that all of the system’s awkward limitations and multitasking weirdness — see above, with regards to the Slide Over app — have suddenly been remedied. But it allows for more powerful uses of the iPad more of the time, and I like it a lot.

Apple says that iPadOS 13.4 with trackpad and mouse support will ship on Tuesday, and the new iPad Pro models will be available in stores next Friday. Given the current pandemic, I expect availability will be pretty limited, but you can be certain Apple’s own stores will have lots of stock. Be sure to check it out at your nearest open location.

Popular iPhone and iPad Apps Appear to Snoop on the System Pasteboard mysk.blog

Talal Haj Bakry and Tommy Mysk:

This article provides an investigation of some popular apps that frequently access the pasteboard without user consent. These apps range from popular games and social networking apps, to news apps of major news organizations. We found that many apps quietly read any text found in the pasteboard every time the app is opened. Text left in the pasteboard could be as simple as a shopping list, or could be something more sensitive: passwords, account numbers, etc.

The clipboard is a well-known security risk on all popular platforms — including the web. Not only is it available across the system, it is expected to be in every app with reading and writing capabilities.

Most apps do not breach user trust in this manner, so it is surprising to see the breadth of very popular apps that are doing so in this case — many of which have no practical reason for reading pasteboard data in the first place. It’s the kind of thing that makes me wonder if they are all, perhaps, using a shared development framework or analytics bundle.

One way to resolve this may be to require consent from the user before the app can access the pasteboard. That consent can be provided in the form of the user tapping the paste button, upon which point the app is authorized.

The Bungled Launch of Verily’s Coronavirus Screening Website theverge.com

Lauren Hepler, Levi Sumagaysay, and JP Mangalindan, reporting for Protocol on Friday:

With financial markets tanking, the nation’s most valuable companies going remote and medical concerns mounting about inadequate COVID-19 testing,Trump announced that Google has been tapped to build a website to help determine if and where people should get tested for the virus. The endeavor was announced at a Friday Rose Garden news conference, during which Trump declared a national state of emergency and said he was enlisting Walmart, Roche, CVS and other corporations to help respond to the virus and public anxiety.

“I want to thank Google. Google is helping to develop a website,” the president said. Then, in an apparent swipe at the disastrous launch of healthcare.gov under former President Barack Obama, Trump said, “It’s gonna be very quickly done, unlike websites of the past.” He said the website would serve to “determine whether a test is warranted and to facilitate testing at a nearby convenient location.”

Dieter Bohn, reporting for the Verge hours later:

Google is not working with the US government in building a nationwide website to help people determine whether and how to get a novel coronavirus test, despite what President Donald Trump said in the course of issuing an emergency declaration for the coronavirus pandemic. Instead, a much smaller trial website made by another division of Alphabet, Google’s parent company, is going up. It will only be able to direct people to testing facilities in the Bay Area.

[…]

Carolyn Wang, communications lead for Verily, told The Verge that the “triage website” was initially only going to be made available to health care workers instead of the general public. Now that it has been announced the way it was, however, anybody will be able to visit it, she said. But the tool will only be able to direct people to “pilot sites” for testing in the Bay Area, though Wang says Verily hopes to expand it beyond California “over time.”

I never thought I’d say this — but, in fairness to the vulgar talking yam, nobody really understands the difference between Alphabet and Google. Why did Google acquire itself by creating an obscure holding company that bought its most prestigious name? Nobody knows.

In fairness to everyone else, though, the difference between what the President described and what Verily was planning on delivering is a vast gaping chasm. This is a pandemic situation; the President said this at the same press conference as he declared a national state of emergency. The least we can ask from public officials is careful and precise wording so that we get the best information available.

Jennifer Elias, CNBC:

Alphabet’s Verily on Sunday night launched a pilot of a COVID-19 screening and testing website in the San Francisco Bay Area, a day earlier than it said it would.

[…]

In order to be eligible, users must be at least 18 years of age, a U.S. resident, able to speak and read English, located in one of the available counties, and willing to sign the COVID-19 Public Health “authorization form.”

Before the user can find out if they qualify for testing, they have to create or use a Google account to login and sign an authorization waiver. During the registration process, Verily informs users that it will be collecting personal information like name, address, email, phone number and health information, which can all be used by various government and health authorities and for “public health purposes.”

This information is also not being collected and stored under HIPAA rules. Alphabet later clarified that the bulk data would be used in conjunction with other tools, but would not be associated with users’ individual Google account data. That they needed to issue such a clarification speaks to the rushed launch of this site, and the selection of a privacy compromised provider.

I don’t think this was malicious; I think Alphabet used an existing framework to try to get this thing up and running as quickly as possible, and that framework just happened to have a user scheme built on Google accounts. None of this would be worrying if there were adequate privacy protections in place for all users. But, because there aren’t, it is inherently suspicious that an advertising company is building healthcare software.

Matthew Wille, Input:

Say you do live in one of these two counties. You’re coughing, have a fever, and are generally very scared that you’ve contracted COVID-19. You log onto Project Baseline seeking assistance in finding a testing facility nearby. The site prompts you with an opening question about your symptoms: “Are you currently experiencing severe cough, shortness of breath, fever, or other concerning symptoms?”

You click yes. Project Baseline provides you with an answer: “We suggest that you seek medical attention.” There’s also a link to the CDC’s website.

That’s the entire screener. No links to testing facilities, even within Project Baseline’s supposed coverage area.

Lauren Goode, this morning:

Verily’s Project Baseline is already at capacity.

Goode tweeted this about twelve hours after the thing launched.

Ina Fried and Kyle Daly, writing for Axios on Sunday before this screening tool launched:

Google was blindsided by Trump’s Friday announcement of such a project. The company is now working on two different tracks: ramping up a small pilot project that partially resembles what Trump spoke of Friday but had much more modest scope, while also scrambling to launch an entirely new, less personalized nationwide information portal about the virus.

The personalized service Trump spoke about Friday will be based on a tool in development by Google’s sister company Verily and initially will serve only the San Francisco Bay area.

This was the website that launched shortly after Axios published this piece.

Only after Trump’s claim Friday that the tool would be rolling out nationally “very quickly” did Google begin working on the separate national website project, Axios has learned.

An incredible effort all around.

I understand that a crisis often involves miscommunication and rapidly changing circumstances. Nobody was going to be perfect here, and mistakes happen. But it is not often that such egregious errors are made during press conferences that, by their very nature, are supposed to clarify what is known and defuse misinformation.

Alphabet, for its part, rushed this half-baked survey to the public, and it is not at all as helpful as was promised. It’s not even close to something that people should be directed towards.

I am positive that there are many factors that I am not taking into consideration, including political dealings. But I am also certain that this was not anyone’s best effort. It goes without saying that the expectations of the President were low and he still failed. That is just the kind of guy he is. But the screening tool that Alphabet ultimately delivered appears rushed, of little help, and with privacy concerns to seal the deal.

After all of this, the good news is that people are, generally, stepping up and taking this seriously. I am working from home for the foreseeable future as, I am sure, are many of you. Economically painful measures are being taken — events are being cancelled and stores are being shut — so that this virus spreads less quickly and gives healthcare systems around the world a chance. Doctors, nurses, and researchers are doing their damndest, and we owe them patience and gratitude. Government agencies and professionals, including those in the United States, are trying to provide accurate information clearly and rapidly. We are doing our collective best to slow this thing down, because our shared responsibilities demand a shared response.

That message, sadly, has not reached the highest levels of the U.S. Executive Branch.

The Story Behind the Coronavirus ‘Flatten the Curve’ Chart fastcompany.com

Mark Wilson, Fast Company:

The first instance of Flatten the Curve can be found in a paper called Interim pre-pandemic planning guidance: community strategy for pandemic influenza mitigation in the United States: early, targeted, layered use of nonpharmaceutical interventions, and no, it doesn’t exactly roll off the tongue. Published in 2007 by the CDC, the paper was a preview to a pandemic like COVID-19, and it suggested simple interventions like social distancing and keeping kids home from school in order to slow the spread of a disease so that the healthcare system could keep up.

On page 18, a graphic appears called Goals of Community Mitigation. No one I’ve talked to at the CDC can remember who made it, but the image is the root of Flatten the Curve as it appears today. Rendered in purple, it presents those two familiar curves with three numbered goals: 1. Delay outbreak peak 2. Decompress peak burden on hospitals/infrastructure 3. Diminish overall cases and health impacts. These curves don’t appear to be rooted in hard, literal data. Rather, they are illustrative of the exponential spread of pandemics, and how we might impact their speed of growth. In 2017, when the paper was updated, the graphic lost its 1, 2, 3 numbering scheme. In 2020, the graph’s colors were changed from purple to blue and orange. Otherwise, it remained mostly unchanged.

“I thought it was a beautifully clear and simple illustration of an important concept, but I had no idea that it would end up causing such a stir on Twitter and elsewhere,” says Rosamund Pearce, a data visualization journalist at The Economist. Pearce first heard about the graphic from her colleague Slavea Chankova, and she decided to rebuild it for a piece the pair was working on about COVID-19 for The Economist.

I first saw this illustration in that Economist article that popularized the term, but much deserved credit goes to the CDC for creating such a brilliant piece of design.

Major U.S. ISPs Agree to Relax Bill Payments and Late Penalties for Next Sixty Days vice.com

Karl Bode, writing Thursday for Vice:

For years, US broadband providers have taken advantage of a lack of US competition by imposing arbitrary and expensive broadband usage caps and “overage fees.” With the country facing a massive surge in videoconferencing and home learning thanks to the coronavirus epidemic, experts say it’s time for broadband providers to suspend these costly, unnecessary restrictions.

AT&T was the first major U.S. ISP to commit to suspending data caps, with Comcast following on Friday. The FCC also launched an initiative Friday, spearheaded by Chairman Ajit Pai, to “keep Americans connected”. Tony Romm, Washington Post:

As part of the so-called “Keep Americans Connected Pledge,” nationwide providers including CenturyLink and T-Mobile and more regional telecom companies across the country agreed for the next 60 days that they would not terminate service or assess late fees on customers and businesses that fall behind on their bills. They also agreed to open wi-fi hot spots to any American who needs them.

Jon Brodkin, Ars Technica:

Led by Pai, the Republican-majority Federal Communications Commission gave up its authority to restrict data caps and other anti-consumer practices in late 2017 when it repealed net neutrality rules and deregulated the broadband industry. That vote also eliminated requirements for ISPs to be more transparent with customers about hidden fees and the consequences of exceeding data caps, and it lifted a ban on “unjust or unreasonable discrimination” in broadband rates, practices, and services. Stripping away these regulations made it harder for the FCC to guarantee affordable broadband.

Concerns like these apply to no other utility, and they are entirely valid. In 2018, Verizon throttled firefighters’ ostensibly unlimited plans. It’s good that ISPs are not taking advantage of this crisis, too, but the very possibility that they could is surely an indication that broadband infrastructure is broken.

Here in Canada, Telus is waiving overage fees; Shaw has lifted data caps and opened its WiFi hotspot system to non-subscribers. However, Shaw previously announced that its bullshit biannual rate increase would take effect on June 1, and there’s no word yet on whether it has been postponed.

Update: Margaret Harding McGill, Axios:

The virus crisis is offering vivid case studies of real-world, everyday harms that result from inequality between those who have access to and can afford high-speed internet, and those who cannot.

[…]

The FCC estimates 21 million Americans don’t have access to high-speed broadband, though that number could be higher due to problems with data collection.

That’s a huge number of people — roughly equivalent to the entire population of Australia — who lack broadband. Working from home isn’t always an option even with broadband, due to different employment requirements, but those without broadband may find it harder to access support and information.

MacRumors Source: New MacBook Air Models Coming Next Week macrumors.com

Joe Rossignol, MacRumors:

Now, the same anonymous tipster has informed MacRumors that Apple plans to announce new MacBook Air models next week. We have yet to confirm this information, but given the tipster now has an established track record, we have elected to share this rumor. The tipster did not provide any further details at this time.

A few days ago, analyst Ming-Chi Kuo said Apple plans to launch updated MacBook Air and MacBook Pro models with scissor keyboards in the second quarter of 2020, following in the footsteps of the 16-inch MacBook Pro.

While the second quarter does not begin until April, an announcement next week would be just a few weeks earlier. Apple has announced new or refreshed products in March for the last five consecutive years, so there is precedence. In terms of covering all bases, however, we cannot rule out the possibility that the tipster received wrong information.

This is one of the products that was going to be announced at a planned March media event; the event’s cancellation, which occurred before any invitations were sent, was first reported by Jon Prosser.

Apple Cancels In-Person WWDC, Will Be Offering Online-Only Version apple.com

Apple Newsroom:

Apple today announced it will host its annual Worldwide Developers Conference in June. Now in its 31st year, WWDC 2020 will take on an entirely new online format packed with content for consumers, press and developers alike. The online event will be an opportunity for millions of creative and innovative developers to get early access to the future of iOS, iPadOS, macOS, watchOS and tvOS, and engage with Apple engineers as they work to build app experiences that enrich the lives of Apple customers around the globe.

[…]

Apple also announced it will commit $1 million to local San Jose organizations to offset associated revenue loss as a result of WWDC 2020’s new online format.

Unsurprising, even in the framing of this announcement. Nothing has yet been disclosed about the cost of WWDC this year, or even the date beyond “June”. Apple says that more details are to come.

The Creative Use of Disparate Tools Makes It Easier Than Ever to Find Hidden Details in Photos themarkup.org

Jon Keegan, the Markup:

Stripping out the metadata in your photos is not too difficult. Here is a handy guide, but a simple trick is just to take a screenshot of your photo before posting it. The screenshot will contain metadata only about the time and location of the screenshot, not the time the photo was originally taken.

But metadata is not all you should be thinking about. Tools and techniques that were once available only to intelligence agencies to collect “open source intelligence” (known as OSINT in national security parlance) are now available to amateur sleuths. These techniques can be used to reveal personal identifying information in your photos, even if you have taken care to lock down your metadata.

For most people, most of the time, there probably isn’t a great reason to be quite this paranoid about what may be revealed in a photo. What is news here, I think, is not that the incidental features of a photo may be revealing, but that it is easier than ever to use those details. This concept is likely familiar to long-time players of GeoGuessr.

Financial Times: Recent Apple Music Contracts With Record Labels Do Not Yet Include a Bundling Agreement ft.com

Anna Niclaou, Financial Times:

Apple has struck fresh deals for songs from the world’s largest record labels, as the technology giant strives to increase its media presence and siphon more people towards iPhones. 

In recent months, the iPhone maker sealed multiyear licensing deals with Universal Music, Sony Music and Warner Music, said four people familiar with the matter, allowing for hits from artists spanning Taylor Swift, Lizzo and Adele to continue to be streamed on Apple Music.

Apple’s new contracts do not, however, include an economic agreement to bundle Apple Music with the company’s television service, these people said, indicating that a widely anticipated super-bundle of Apple’s media content may be months away.

The good news is that Niclaou also reports that service bundling is something Apple continues to pursue.

There’s no news about whether there are any price increases for the foreseeable future. Perhaps everyone is happy at ten bucks a month in perpetuity.

Assessing the Goals and Consequences of the Proposed EARN IT Act cyberlaw.stanford.edu

Alfred Ng, CNet:

Google, Facebook, Microsoft, Twitter, Snap and Roblox have agreed to adopt 11 voluntary principles to prevent online child sexual exploitation, government officials said Thursday. But the effort also hints at the potential to undercut encryption, an essential element of online security.

[…]

The federal government has argued that it doesn’t want to end encryption that protects the average person, and instead wants “lawful access.” The concept would mean creating a technical opening, or backdoor, that only law enforcement could use in investigations — something cryptography experts have long argued is impossible.

Tech companies like Apple, Facebook, Google and Microsoft agree with those experts and have refused to create backdoors to their encryption protocols. They’ve warned that if they’re forced to create such openings, it would essentially weaken security for everyone by creating an unlock tool that could fall into the wrong hands.

Additional reporting from Ng:

Depending on who you ask, the EARN IT Act could either destroy the fundamental values of an open internet or protect children from being sexually exploited online. The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, which requires tech companies to meet safety requirements for children online before obtaining immunity from lawsuits, will have its first public hearing on Wednesday.

Unlucky for me, I have a severe allergy to strained backronyms and I have broken out into hives. Please send help.

A bipartisan group of US lawmakers introduced the bill Thursday, saying that the legislation would enforce standards to protect children from sexual exploitation online. The announcement came at the same time the Justice Department hosted a press event to argue that end-to-end encryption protects online predators.

While few would question the importance of ensuring child safety, technology experts warn that the bill is really just the government’s latest attempt to uproot both free speech and security protections online.

A copy of the current draft of the Act can be found on the Senate website (PDF).

Elliot Harmon of the Electronic Frontier Foundation:

The EARN IT Act would create a “National Commission on Online Child Sexual Exploitation Prevention” tasked with developing “best practices” for owners of Internet platforms to “prevent, reduce, and respond” to child exploitation online. But far from mere recommendations, those “best practices” would essentially become legal requirements: if a platform failed to adhere to them, it would lose essential legal protections for free speech.

[…]

As we mentioned when we wrote about the prior version of EARN IT, Section 230 does not exempt online intermediaries from liability for a violation of federal criminal law. If a platform knowingly distributes child exploitation imagery, then the Department of Justice can and must enforce the law. What’s more, if an Internet company finds sexual abuse material on its platform, the law requires it to provide that information to the National Center for Missing and Exploited Children and to cooperate with law enforcement investigations.

Riana Pfefferkorn of the Center for Internet and Society:

The bill would, in effect, allow unaccountable commissioners to set best practices making it illegal for online service providers (for chat, email, cloud storage, etc.) to provide end-to-end encryption — something it is currently 100% legal for them to do under existing federal law, specifically CALEA. That is, the bill would make providers liable under one law for exercising their legal rights under a different law. Why isn’t this conflict with CALEA acknowledged anywhere in the bill? (We saw the exact same problem with the ill-fated Burr/Feinstein attempt to indirectly ban smartphone encryption.)

In a tangentially-related report, Vice created a data set of five hundred iPhone search warrants to give some context to this discussion.

Joseph Cox:

One of the top level findings of Motherboard’s dataset is that many law enforcement agencies and officials can not reliably access data stored on iPhones. Whether that’s due to a device having too strong a passcode, the phone being damaged, an unlocking capability not being available at that specific point in time, or a particular agency not having access to advanced forensic technology itself, Motherboard found many cases where investigators were not able to extract data from iPhones, at least according to the search warrants.

But in some cases officials were able to obtain data from a variety of devices, including some of the latest models of iPhones offered at the time. Multiple federal agencies and local police departments have access to tools from companies such as Grayshift and Cellebrite, which can, depending on a variety of factors, unlock and obtain data from iPhones.

[…]

Most of all, the records compiled by Motherboard show that the capability to unlock iPhones is a fluid issue, with an ebb and flow of law enforcement sometimes being able to access devices and others not. The data solidifies that some law enforcement officials do have trouble accessing data stored on iPhones. But ultimately, our findings lead experts to circle back to the fundamental policy question: should law enforcement have guaranteed access to iPhones, with the trade-offs in iPhone security that come with that?

This piece focuses on the iPhone because it has a consistent and known security policy, but this question applies similarly to every device and mode of communication.

I don’t think anyone would doubt the inherent good in creating laws to ensure the safety of children and assisting in the capture and prosecution of those who abuse them. I entirely support the idea of an encryption standard that preserves the security and privacy of legal activities, yet still allows law enforcement to surveil and capture those abuse its protections to commit serious crimes. Nothing like that currently exists, however, and it is unlikely that it will — at least for the foreseeable future. We should not choose to become less safe because of the limitations of math, nor should we punish technologists for being unable to comply with impossible requests.

Update: Lauren Feiner, CNBC:

Senators disputed the tech industry’s claims that a bipartisan bill targeting tech’s long-standing legal shield would prohibit encryption by necessity.

“This bill says nothing about encryption,” Sen. Richard Blumenthal, D-Conn., said at a hearing Wednesday to discuss the legislation. Blumenthal introduced the EARN IT Act last week with Senate Judiciary Committee Chairman Lindsey Graham, R-S.C., ranking member Dianne Feinstein, D-Calif., and Sen. Josh Hawley, R-Mo.

Issie Laopwsky, Protocol:

[…]The EARN IT Act still opens up the possibility that an administration interested in weakening encryption — as the last several have been — could make Section 230 immunity dependent upon building a backdoor for law enforcement. If that weren’t at least part of the goal of the bill, Mayer said, its authors could easily write in language to allay those concerns. But they haven’t.

It’s worth asking why that is the case.

In Separate Cases, iOS and Android Apps Did Not Disclose Their Sketchy Data Farming Affiliations buzzfeednews.com

Craig Silverman, BuzzFeed News:

Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS, a BuzzFeed News investigation has found. These apps, which don’t disclose their connection to the company or reveal that they feed user data to Sensor Tower’s products, have more than 35 million downloads.

Since 2015, Sensor Tower has owned at least 20 Android and iOS apps. Four of these — Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus — were recently available in the Google Play store. Adblock Focus and Luna VPN were in Apple’s App Store. Apple removed Adblock Focus and Google removed Mobile Data after being contacted by BuzzFeed News. The companies said they continue to investigate.

Once installed, Sensor Tower’s apps prompt users to install a root certificate, a small file that lets its issuer access all traffic and data passing through a phone. The company told BuzzFeed News it only collects anonymized usage and analytics data, which is integrated into its products. Sensor Tower’s app intelligence platform is used by developers, venture capitalists, publishers, and others to track the popularity, usage trends, and revenue of apps.

This is comparable to Facebook’s use of its Onavo VPN to spy on users’ app activity.

Joseph Cox and Jason Koebler, Vice:

Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media, Motherboard has learned.

[…]

Banjo did not have that sort of data access. So it created Pink Unicorn Labs, which one former employee described as a “shadow company,” that developed apps to harvest social media data.

[…]

But once users logged into the innocent looking apps via a social network OAuth provider, Banjo saved the login credentials, according to two former employees and an expert analysis of the apps performed by Kasra Rahjerdi, who has been an Android developer since the original Android project was launched. Banjo then scraped social media content, those two former employees added. The app also contained nonstandard code written by Pink Unicorn Labs: “The biggest red flag for me is that all the code related to grabbing Facebook friends, photos, location history, etc. is directly from their own codebase,” Rahjerdi said.

These are entirely separate events and companies, but the reports overlap in their descriptions of what can only be described as a worrying indifference to ethical norms. If the people running these companies have to cauterize their soul before work each day, perhaps they should treat that as a yelping klaxon that something is wildly wrong.

I expect to see more reports like these in the coming years as the country where similar companies are headquartered — and, consequently, where users’ rights are often contractually obligated — has yet to enact and enforce meaningful privacy rights.

Ranchero Releases NetNewsWire for iOS macobserver.com

I’ve been using NetNewsWire on my iPhone and iPad for months now and I adore its simplicity, clarity, and speed. It has feature parity with its Mac counterpart, with one exception: NetNewsWire for iOS supports Feedly — in addition to Feedbin and the local feed library — which has yet to be added to the Mac app.

Leak Deja Vu macrumors.com

Stop me if you’ve heard this before: 9to5Mac and MacRumors have, apparently, obtained part of a prerelease build of a forthcoming version of iOS and have reverse-engineered it to reveal unannounced features and products. Spoilers follow, obviously.

Over the weekend, Steven Troughton-Smith tweeted:

Sure sounds like that iOS 14 filesystem from those recently-pictured devices is floating around; last I heard, it was a December 2019 build, so information coming out of it may be a little less concrete and less reliable than something more recent. I have not seen it myself, tho

After it stopped “floating around”, it seems to have landed at the same two websites that also got a copy of the iOS 11 and HomePod OS builds that, famously, revealed the iPhone X. This year, MacRumors has so far published stories about iMessage, OCR capabilities, voice synthesizers, new fitness features, and the much leaked AirTag. 9to5Mac has published its own series of pieces: new headphones, WatchOS features, Apple Watch hardware, and new iPad Smart Keyboard capabilities.

As an aside, I immensely dislike both sites’ tendency of wrapping each feature in its own article and slowly dripping these pieces over what will ultimately be several weeks.

Nevertheless, a curious thing about the reporting from both of these sites is that neither one acknowledges how they obtained details from an apparently months-old iOS 14 build. When the iOS 11 golden master build was leaked in 2017, MacRumors openly admitted that they were sent the download link, but skirted the obvious next step of describing who provided it. This year, there’s even less detail: all either site is saying is that they have “leaked iOS 14 code”. No source; no details about whether that constitutes a full build.

It’s common for new features to be described in whole or in part; it’s uncommon to see leaked screenshots, but it happens every so often. Leaks of non-public code are extraordinarily rare, and it’s understandable why both sites would want to protect what is presumably an Apple internal source. For that to go entirely unacknowledged, however, is bizarre.

Jason Snell Charts the Number and Type of Ports in Mac Laptops Since 2001 sixcolors.com

I’m nitpicking here, but I disagree with Snell’s choice to merge FireWire and Thunderbolt numbers on this chart, since it gives the impression that they are equally comparable, and that recent Mac laptops do not contain display or power ports.

Still, the decline in ports on Apple’s flagship notebook model is striking. It demonstrates the replacement of cabled peripherals with wireless equivalents, but it also indicates shifting priorities for what Apple thinks a typical notebook ought to include. While neither an ExpressCard or SD Card slot are ports, per se, I think the removal of those connection options is also noteworthy.

Is It Cancelled Yet? isitcanceledyet.com

Of the big tech events later this year, Google I/O, GDC, Facebook F8, Adobe Summit, and IBM’s Think conference have all been cancelled; SXSW was cancelled today, just a week before it was supposed to begin. But Microsoft Build is so far proceeding in May as scheduled, and WWDC hasn’t yet been announced.