Month: May 2020

New York Times to Stop Using Third-Party User Data for Advertising by 2021 axios.com

Sara Fischer, Axios:

The New York Times will no longer use 3rd-party data to target ads come 2021, executives tell Axios, and it is building out a proprietary first-party data platform.

[…]

Beginning in July, The Times will begin to offer clients 45 new proprietary first-party audience segments to target ads.

Those segments are broken up into 6 categories: age (age ranges, generation), income (HHI, investable assets, etc.), business (level, industry, retirement, etc.), demo (gender, education, marital status, etc.) and interest (fashion, etc.)

By the second half of the year, The Times plans to introduce at least 30 more interest segments.

I don’t fully understand why Times executives anonymously break news like this, and a similar story last year, through Axios rather than through their own newspaper or a corporate press release.

Zack Kanter:

Wow. Adtech giant NYT ($800m ARR, $6B valuation) to begin selling user data directly to advertisers. Scary, anticompetitive trend led by corporate journalism – local news outlets just can’t compete with closed tech platforms like this.

Amee Vanderpool:

The New York Times will no longer use 3rd-party data to target ads come 2021 and it is building out a proprietary first-party data platform that will force them to rely on data that they collect directly from their users. YOUR DATA.

Antonio García Martínez:

Due to GDPR penalizing third-party data, and due to the advantages granted thereby to large first-party repositories of data, the NYT is *precisely* emulating FB and becoming a data collector (but with worse privacy probably).

These simplistic interpretations of privacy arguments are, at best, unhelpful, and are obnoxious in their laziness at worst.

The personalized advertising model of the last decade or so is toxic to the web. It incentivizes surveillance of users to create highly granular categories of behaviour and interests because there is the assumption that more data points lead to better targeting which, I guess, is supposed to mean a greater likelihood of conversion into ad clicks. In return, users are supposed to be comfortable with their every click and scroll being tracked from website to website — all for only about 4% greater ad revenue than non-tracking ads with relevant context.

In short: selling ads based on where they will be shown is just about as effective as selling ads based on who they will be shown to. That is how print advertising has been sold for ages. Recall, for example, the subscription cards that come with magazines: in addition to the bare minimum contact and billing details required to deliver each issue, there is often a demographic survey asking about age, household income, and so on. None of these fields are required, but many people fill them in anyway. The publisher uses this information to set rates and give advertisers a broad idea of the magazine’s readership.

Today’s Times announcement is almost a hybrid of those two worlds. It uses the proprietary data of the paper’s readership to build profiles without the use of third parties, and none of that data leaves the Times’ properties. I do not understand what Kanter is referring to when he describes this arrangement as “selling user data directly to advertisers” — either that is an accidentally wild misreading, or a deceptive statement.

This is a far more honest way of targeting advertising. It isn’t at all like the hundreds of ad tech companies that receive much of a typical user’s browsing history without their knowledge. If you visit the Times’ website, it will collect some information about you; if you don’t want it to, you don’t have to visit the Times’ website. It won’t be collecting behavioural data about you if you don’t.

I would vastly prefer to revert to a pre-personalized ad world, but I still see this move as a step in the right direction. It may still collect data for targeting, but at least it does not involve the near-universal surveillance of companies like Facebook and Google. Reducing their ability to conduct broad and intrusive behavioural data collection is an important step towards a more private web.

Spotify Pays Good Money to Stop Seeing Joe Rogan’s Face Everywhere theverge.com

For several years now, visiting the YouTube homepage or opening the directory in just about any podcast client was an exercise in Spot Joe Rogan’s Face. His podcast is wildly popular for reasons that escape me; all fourteen hundred episodes are on YouTube, too, where they rack up millions of views.

Anyway, Spotify must have gotten as tired of seeing Rogan’s face on every platform because it has bought exclusive rights to his podcast. Ashley Carman, the Verge:

The show will become available on Spotify globally starting on September 1st, and it’ll become an exclusive sometime after that point. Listeners won’t have to pay to access the episodes, but they will have to become Spotify users. Spotify said in a press release that Rogan retains creative control over his show. It didn’t disclose how much it spent on the deal. The company will also work with an ad agency to jointly sell ads against the program. Rogan said last year his show reached about 190 million downloads a month.

[…]

This is a massive get for Spotify, which has made podcasting a core focus. It acquired Gimlet Media, Anchor, and Parcast last year, to start, and then signed more Spotify-exclusive deals. It’s working with the Obamas’ production company exclusively and committed to deals with other big names, like Joe Budden and Amy Schumer, and acquired The Ringer.

Exclusivity plays by podcast platforms — Apple reportedly included — are a predictable but concerning development. I don’t think it is necessary for podcasts to be free, but it is important that they do not become part of a siloed system. As much as websites should be browser agnostic and purchased music should be able to be played anywhere,1 podcasts should also work with any client.

  1. Purchased movies and TV shows should work the same way, but executives in charge of those industries would rather spend millions of dollars annually on lobbying for increasingly outrageous copyright laws↥︎

MusicSmart Puts the Spotlight on Music Credits macstories.net

Federico Viticci:

Here’s the amazing part — the “aha” moment that brought back the same feelings I had as a kid when reading through liner notes: in the Tracks section, you can tap any of the listed songs to view detailed credits for the selected song. These go beyond the standard “written by” credits you see in Apple Music: MusicSmart lists engineers (including mixing, mastering, and assistant engineers), producers, and even the name of the label and studio where the song was mastered. But there’s more: MusicSmart can show you the names of all the artists credited for the creation of a song even if they’re not core members of a band, including backing vocalists, percussionists, keyboard players, saxophonists – you name it. If a music video has been released for the selected track, the video director’s name will be listed by MusicSmart too.

This amount of detail is incredible in its own right, and, personally speaking, it makes me happy to see that someone else still cares about credits and wanted to write an app for them. The ability to learn the names of people who played an important role in the making of my favorite songs has already led to fascinating discoveries I wouldn’t have made with Apple Music alone. […]

I’ve been aching for something like this for years. Just two bucks in the United States — or whatever the equivalent is where you live.

Apple’s Statement Regarding the FBI’s Successful Unlocking of the Pensacola Shooter’s iPhone theverge.com

From Apple’s statement, as posted by Chris Welch of the Verge:

On this and many thousands of other cases, we continue to work around-the-clock with the FBI and other investigators who keep Americans safe and bring criminals to justice. As a proud American company, we consider supporting law enforcement’s important work our responsibility. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.

This rebuke appears to be targeted at the many criticisms of Apple’s conduct made today by Attorney General William Barr and FBI Director Christopher Wray:

Both officials say that encryption on the gunman’s devices severely hampered the investigation. “Thanks to the great work of the FBI — and no thanks to Apple — we were able to unlock Alshamrani’s phones,” said Barr, who lamented the months and “large sums of tax-payer dollars” it took to get into devices of Mohammed Saeed Alshamrani, who killed three US sailors and injured eight other people on December 6th.

Apple says that it provided everything it had related to Alshamrani’s iPhones, including iCloud backups.

Thomas Brewster, Forbes:

[Barr] even laid into Apple for working with China and Russia to relocate data centers to help those countries carry out surveillance. “If tech companies are willing to oblige the demands of authoritarian regimes they have no excuse to cooperate with rule of law nations with… privacy rights.”

Apple’s compliance with the demands of Russia and China has been disheartening and it has robbed the company of some of its credibility on privacy. But it is a mystery to me why Barr would see obsequious behaviour to these countries as something to be admired and emulated. If it is reasonable to criticize Apple for complying in authoritarian states, then surely what is so upsetting is that it amounts to a loss of personal privacy and security for users in those countries.

U.S. Department of Justice Once Again Able to Extract iPhone Data Without Compromising Security of All Users wsj.com

Earlier this year, the U.S. Department of Justice attempted to shame Apple for being unwilling to compromise the security of all users for the FBI’s convenience. This echoed a 2015 case where the FBI barely tried to extract data from the iPhone of a criminal suspect before trying to guilt trip Apple into weakening encryption.

Once again, it turns out that the FBI didn’t need Apple to compromise all users’ security and privacy. Sadie Gurman and Dustin Volz, Wall Street Journal:

A Saudi aviation student who killed three people on a Florida Navy base last year had extensive ties to al Qaeda, details that investigators were able to learn by accessing the gunman’s iPhones after months of delays, top U.S. law-enforcement officials said Monday, accusing Apple Inc. of providing virtually no help in the investigation.

The gunman, Second Lt. Mohammed Alshamrani, had been communicating with a number of operatives of al Qaeda in the Arabian Peninsula for years, even before he began training with the U.S. military, officials said, a discovery that was made based on information recovered from his two locked iPhones.

I am glad that the FBI was able to make progress on this case without escalating an unnecessary public battle with Apple, specifically, over the use of encryption. I think we would all like a way to have both very strong encryption and a means for investigators to access device data when warranted, but no such method exists.

The only choice is whether it is better for everyone to have insecure devices that store credit cards, passwords, health information, and business data or having investigations delayed and some evidence effectively destroyed — the same as with countless other types of potential evidence. There are tradeoffs with both, but I know which I prefer.

On Doing More Harm Than Good washingtonpost.com

Reed Albergotti and Drew Harwell, Washington Post:

Apple and Google’s announcement last month of a joint effort to track the coronavirus by smartphone sparked a wave of excitement among public health officials hoping the technology would help alert them to potential new infections and map the pandemic’s spread.

But as the tech giants have revealed more details, officials now say the software will be of little use. Due to strict rules imposed by the companies, the system will notify smartphone users if they’ve potentially come into contact with an infected person, but it won’t share any data with health officials or reveal where those meetings took place.

Local health authorities in states like North Dakota, as well as in countries such as Canada and the United Kingdom, say they’ve pleaded with the companies to give them more control over the kinds of information their apps can collect. Without the companies’ help, some worry their contact tracing systems will remain dangerously strained.

These are the opening paragraphs of an article that, careful readers will note, is fundamentally wrong. Let’s start with this statement:

Due to strict rules imposed by the companies, the system will notify smartphone users if they’ve potentially come into contact with an infected person, but it won’t share any data with health officials or reveal where those meetings took place.

It may not track specific locations, but that’s not necessary for what this API is trying to help accomplish. Furthermore, public health officials absolutely will be involved in the collection and use of this data: apps using this API must be from health authorities.

Sara Morrison explains at Vox Recode:

As previously reported, the first phase of the rollout will be an API that will allow iOS and Android devices to exchange anonymized proximity keys using Bluetooth. Apple and Google have now revealed that the Bluetooth metadata from the devices will be encrypted, so it can’t be used to try to identify a device. Public health authorities will then be able to build their own contact tracing apps using this API, and they will set the exposure length, the amount of time the two devices need to be near each other in order to exchange keys. The maximum allowed exposure time will now be 30 minutes. Again, this will make it harder to link a rotating key to a specific user.

And how about this statement? Again quoting from those first three paragraphs:

Without the companies’ help, some worry their contact tracing systems will remain dangerously strained.

Again, from Morrison:

Oh, and about that terminology. Apple and Google have replaced the “contact tracing” label with “exposure notification.” The companies said they believe it better describes what the tool does, and that it’s only part of a public health authority’s contact tracing program. This seems a bit trivial, but it’s actually a good reminder that these apps and their deployment are run through public health authorities, and it’s up to those authorities to make sure positive test cases are properly vetted. Meanwhile, it’s essential that populations that may not have access to iOS and Android devices are included in their contact tracing programs. Apple and Google aren’t doing this alone.

Of course this must be used in conjunction with human contact tracing efforts. It is a way to more efficiently and more privately implement existing electronic contact tracing apps.

This is sloppy work. It’s articles like these that do make me worry about the efficacy of contact tracing with the assistance of smartphones, but only because of how poorly it explains how the system works, what it is intended to do, and how it differs from existing smartphone contact tracing efforts. This article is so poor as to misinform the reader into thinking that Apple and Google are taking advantage of a pandemic to collect a bunch of user data while keeping it secret from public health authorities — which is almost the opposite of what this effort does.

I worry that this kind of bad information will cause people to entirely reject contact tracing apps — even those that are built in a privacy-friendly, energy-efficient manner. Then it really will be ineffective, but not for the reasons in this Post piece.

Security Theatre in Safari Download Permissions

You know how Safari now requires you to confirm that you want to allow file downloads per domain? It’s not just irritating; it is also sometimes mere theatre.

Consider this tweet from Craig Hockenberry:

If you view the Twitter website in Safari on Mojave and/or Catalina, you’ll probably enjoy this extension app I wrote:

https://files.iconfactory.net/software/Fixerrific-1.0+5.zip

It makes the navigation scroll and hides “Trends” & “Who to follow”. Two lines of code that improve things immensely. Enjoy!

If you click the link to download the file, Safari will ask you if you want to allow downloads on “t.co” — Twitter’s URL shortener — which is a problem for two obvious reasons:

  1. The file is not being downloaded from t.co, but from files.iconfactory.net, so the prompt is lying.

  2. Confirming that you do want to allow downloads from t.co does, apparently, allow you to download any and all files from links posted on Twitter without further confirmation. I tried downloading another archive and I was not asked if I want to allow downloads.

Twitter’s URL shortener works by creating 301 redirects, but Safari apparently doesn’t follow those to their destination URL. In some cases, that probably makes sense — large file downloads are often hosted on CDNs with inscrutable addresses. It does, however, mean that whatever way this is supposed to benefit security or privacy is easily defeated if downloads are redirected through common URL shorteners.

With Acquisition of Giphy, Facebook Buys Tracking in Unexpected Places axios.com

Dan Primack, Kia Kokalitcheva, and Sara Fischer, Axios:

Facebook has agreed to buy Giphy, the popular platform of sharable animated images, Axios has learned from multiple sources. The total deal value is around $400 million.

Vishal Shah of Facebook:

We’ve used GIPHY’s API for years, not just in Instagram, but in the Facebook app, Messenger and WhatsApp. GIPHY will continue to operate its library (including its global content collection), and we’re looking forward to investing further in its technology and relationships with content and API partners. People will still be able to upload GIFs; developers and API partners will continue to have the same access to GIPHY’s APIs; and GIPHY’s creative community will still be able to create great content.

Isn’t it nice how Facebook will continue to allow current API users access to Giphy? Sure is a sly way of admitting why they bought the company, isn’t it?

Vivek Karuturi:

Giphy extends FB’s visibility into 3rd party applications across the internet (a capability they’ve been building out through various acquisitions like Onavo VPN, etc)

With Onavo, FB saw WhatsApp’s message rates climbing at 2x Messenger’s rate. They acquired soon after.

With this type of tech, FB can keep a watchful eye on what’s picking up buzz and gives them ample time to react / understand what’s going on at the ecosystem level.

Bonus perk that this activity looks completely innocuous from the outside (politically, to regulators, etc).

“React or understand” is a great euphemism for “acquire or copy”.

Steve Kovach:

Does anyone know if Apple uses Giphy for iMessage GIFs? Unclear where Apple sources that library from.

Kovach appears to be referring to Apple’s stock “#images” app. It sources GIFs from multiple sources — Gfycat, Gif Keyboard, and Giphy as well.

William Turton:

My first thought: there is now a Facebook product built into Signal.

Moxie Marlinspike, creator of Signal:

Signal already uses a privacy preserving approach to prevent gif search providers from receiving user data.

Giphy has integrations with Slack, Microsoft Teams, Zendesk — nothing says “customer support” like replying to a bug report with a tepid GIF — Mailchimp, Twitter, Bumble, Tinder, Snapchat, and TikTok. Just imagine the fountain of usage data they will be able to glean from all of those competitors.

The old axiom of consumer protest is to “vote with your wallet”, but that snappy advice doesn’t work for infrastructural companies — and Facebook is rapidly becoming one of those. Even if you don’t use any of its products and have deleted Giphy after today’s acquisition, it’s still gathering tracking data on you. Also, many people you know have probably uploaded your contact details to their services.

All of this — the vast trove of data collected by a surveillance dragnet ensnaring virtually every internet-connected person on Earth, and the software processing it written by brilliant engineers — is to make advertising slightly more relevant and, therefore, maybe enrich Facebook’s investors. Facebook truly is changing the world.

VR in Our Virus-Altered Reality axios.com

Ina Fried, Axios:

Virtual reality can bring faraway people together and take us places we can’t physically go. That should make it the perfect breakout technology for both personal and professional life in the stay-at-home era — yet it remains a niche product.

[…] Virtual reality remains in its infancy, despite decades of on-and-off development, billions of dollars in investment and a ton of anticipation. Sales of VR headsets have repeatedly failed to live up to expectations. IDC reported 1.4 million units sold globally in Q4, down 23% from the prior year.

Matt Birchler:

VR is, you guessed it, not having a moment. In fact, while a stay-at-home-and-isolate-yourself pandemic has been going on that is prime time to have people lose themselves in other worlds for longer than normal, VR seems just as niche as it’s ever been. The only major push the medium has had in recent memory is the release of Half Life: Alyx, which moved a ton of headsets, but that’s really it.

Benedict Evans:

To put this another way, it’s quite common to say that the iPhone, or PCs, or aircraft also looked primitive and useless once, but they got better, and the same will happen here. The problem with this is that the iPhone or the Wright Flier were indeed primitive and impractical, but they were breakthroughs of concept with clear paths for radical improvement. The iPhone had a bad camera, no apps and no 3G, but there was no reason why those couldn’t quickly be added. Blériot flew across the Channel just six years after the Wrights’ first powered flight. What’s the equivalent forward path here? There was an obvious roadmap for getting from a duct-taped mock-up to the Oculus Quest, and today for making the Quest even smaller and lighter, but what is the roadmap for breaking into a completely different model of consumer behaviour or consumer application? What specifically do you have to believe will change to take VR beyond games?

Zac Hall, 9to5Mac:

It’s no secret that Apple has ambitious plans for augmented reality and a future AR-focused headset. Apple is practically building the platform for its future headset out in the open with ARKit. What’s new is that Apple is believed to be in the process of acquiring a California-based virtual reality company called NextVR, 9to5Mac has learned.

[…]

The icing on the cake may not be expertise in virtual reality, however, as NextVR also has holds patented technology that upscales video streams. NextVR uses this technology to support high quality video streams of music and sporting events to VR headsets. NextVR holds over 40 technology patents in total.

It is interesting to me that Apple confirmed this acquisition the very same week as the publication of two high-profile articles, from Fried and Evans, about VR’s failure to gain traction. I don’t mean to imply that there’s any connection, nor that Apple is either making a mistake or will be a kick in the pants for VR — just that it’s an interesting coincidence.

I am curious about what any company can bring to this space beyond games. As Evans says, it’s easy to envision a roadmap for VR that makes it somewhat smaller and more elegant, but what does that actually change for its real-world use? The rumours of an augmented reality headset from Apple are equally intriguing; the Apple Watch is designed to be worn all day, and a pair of AirPods can be worn for hours while walking anywhere or doing anything. From what exists right now, it’s hard to envision a headset that is anything other than a specialized gadget — and Apple doesn’t really do specialized gadgets.

The Problem of Third-Party SDK Creep rambo.codes

Brian Barrett, Wired:

According to widespread reports and the web monitoring service Down Detector, prominent iOS apps like TikTok, Spotify, Pinterest, Venmo, and more experienced issues on Wednesday. Many users found that they crashed whenever they tried to open the apps, whether or not they used Facebook to log in. “Please move slower and break fewer things,” wrote one GitHub commenter. “Thank you.”

“Yesterday, a new release of Facebook included a change that triggered crashes in some apps using the Facebook iOS SDK for some users. We identified the issue quickly and resolved it,” Facebook said in a statement.

That change was quite small, given its outsized impact. “It was something like a server value — which was supposed to provide a dictionary of things — was changed to providing a simple YES/NO instead, without warning,” says iOS developer Steven Troughton-Smith. “A change that simple can break an app that isn’t prepared for it.”

This isn’t even close the first time something like this has happened. A few years ago, a developer pulled their code from the NPM package manager; a small utility of theirs was widely used and other developers’ dependence on it broke lots of popular software. This isn’t even the first time this has happened with Facebook’s SDK.

Guilherme Rambo:

Many people rush to blame engineers for these types of problems. “Of course it’s the engineers’ fault: they included the SDK after all, didn’t they?”.

Even though it was technically an engineer who programmed the SDK into their company’s app, those types of decisions are usually top-down. Someone over at marketing decides they want better analytics on their Facebook campaigns, they talk to the product people and the product people just order that from the engineers.

I’m sure there’s a Facebook engineer who was furious with themselves for shipping something that broke a bunch of big apps, but this incident shows how dependent many ostensibly independent apps are on the infrastructure of a few giants. It’s kind of like when a bunch of websites go down because someone kicked the plug out at an Amazon Web Services server farm. It is a reminder that an extraordinary amount of responsibility for modern life is held by very few.

The Pandemic Is Launching the Era of Online Platform Regulation mattstoller.substack.com

Matt Stoller:

High prices are pervasive across the delivery app world, from Grubhub to Uber Eats to DoorDash. As one industry consultant told the Guardian, “The delivery fees and service charges from these websites are murder. They’re incredibly high rates… It’s almost impossible to profit at all.”

And yet, the the food delivery network business paradoxically isn’t doing very well. Uber and Grubhub are considering merging because prices they charge to restaurants are too low to support their overhead. These apps should probably be a modestly profitable regional services, connecting local eateries to local eaters, like taxicab stands or co-working spaces before WeWork. But our global monopoly-centric public policy framework has flooded capital into the space, leading to money-losing attempts to build global empires. It’s a variant of counterfeit capitalism, where investors hoping for monopoly rents are subsidizing an artificial and predatory business model.

The pandemic has put this dynamic into stark relief. Food apps are seeing a flood of new business. At the same time, the disease has changed the food service business. Most restaurants focus on takeout and delivery, because they are otherwise shut down. The restaurant industry always lived on thin margins, and these apps charge up to 30% of the total order amount. When delivery was a side business for most restaurants, high delivery app fees were manageable. But since restaurants have gone to a mostly takeout/delivery business during the pandemic, they have become dependent on this new sales and distribution channel.

Uber should not exist. It lost over eight billion dollars last year and has never turned a profit, even though it only has to pay for wages and not any of the physical infrastructure of its core businesses. Its food delivery service is wildly expensive for restaurants and the company, and its ride sharing business is a predatory version of actual taxicabs. There are many companies that have benefitted from lax regulations and bottomless capital, but Uber stands out as a particularly toxic example.

Mitch McConnell Moves to Explicitly Permit Warrantless Collection of Americans’ Web Browsing Activities thedailybeast.com

Spencer Ackerman, the Daily Beast:

Under cover of redressing what President Donald Trump and his allies call the FBI’s “witch hunt” over collusion with the Kremlin, McConnell, via an amendment to the PATRIOT Act, will expressly permit the FBI to warrantlessly collect records on Americans’ web browsing and search histories. In a different amendment, McConnell also proposes giving the attorney general visibility into the “accuracy and completeness” of FBI surveillance submissions to the secret Foreign Intelligence Surveillance Act (FISA) Court. Versions of the amendments circulating Monday were shared with The Daily Beast.

Taken together, privacy advocates consider McConnell’s moves an alarming expansion of Attorney General Bill Barr’s powers under FISA, a four-decade-old process that already places the attorney general at the center of national-security surveillance. It also doesn’t escape their notice that McConnell is increasing Barr’s oversight of surveillance on political candidates while expanding surveillance authorities on every other American. One privacy activist called McConnell’s efforts “two of the most cynical attempts to undermine surveillance reform I’ve ever seen.”

Martin Matishak, Politico:

The Senate on Wednesday blocked a bipartisan effort to shield Americans’ internet browsing and search histories from warrantless surveillance.

Lawmakers voted 59-37 on an amendment by Sens. Steve Daines (R-Mont) and Ron Wyden (D-Ore.) to a House-approved bill that would reauthorize domestic surveillance authorities. It was the first in a series of at least three amendment votes that senators agreed to in March.

Jeremy Scahill:

Great job to the 10 Democrats who voted *against* the Wyden-Daines amendment that would have prohibited FBI warrantless surveillance of web browser history. Special shout out to Bernie Sanders who didn’t show up to vote. It was defeated by *one* vote.

To be clear, McConnell’s amendment would expressly permit the warrantless collection of browsing and search history; the Wyden-Daines amendment that did not pass today would prohibit that.

Eight Years in, Messages on MacOS Still Sucks at Search annoying.technology

Manuel Grabowski (via Michael Tsai):

iMessage is eight years old. Never once in its entire existence has search on macOS (it’s such a long time that it wasn’t even called macOS back then!) worked properly. It is so ridiculously bad, there’s actually a third-party app that provides a functioning search. This total embarrassment of a situation is so old that said third-party app has been around long enough that I was still a student and too broke to buy the app back when I first heard of it. Instead, I built a poor man’s version myself – it’s just a simple SQLite database after all, nothing a few shell aliases couldn’t query quickly and efficiently. But apparently it’s still a problem too hard to solve for the almighty Apple.

There used to be a time where logs from what was then iChat were sensibly stored in ~/Documents/. I don’t remember whether iChat’s search was any good — the mere presence of Logorrhea suggests otherwise — but you could use Spotlight to search the folder and even preview chats with Quick Look.

In today’s MacOS, you can still search for message transcripts using Spotlight, but with several caveats. First, the transcripts are no longer in a user-friendly place like ~/Documents/, but are instead a couple of levels deep within ~/Library/. Second, while transcripts are named and categorized as you might expect — by chat participants and chronologically — attachments have an opaque organizational system. Third, SMS transcripts are not stored here; they only exist locally within a SQLite database. Fourth, you cannot use Quick Look to preview a transcript; and, fifth, when you open the transcript in Messages, it may be comprised of many days of discussion and will default to the most recent message, leaving you to scroll back and manually hunt for the chat in question. And, no, you cannot use ⌘-F in a chat preview window.

The search function within Messages itself is even worse. It is inaccurate, hard to use, and somehow incomplete.

Searching within iOS’ Messages app was a similar disaster for years, but it was radically overhauled in iOS 13. It’s not just better — it’s so great that it is hard to believe that both apps were created by the same company.

RSS Readers and App Store Requirements take.surf

Jesper, who you may remember from Waffle but is now writing at Take, has some thoughts on the bizarre new App Store requirements for default feeds in RSS readers that Brent Simmons is experiencing:

It would take an incredible balancing act to actually run an app store well. Apple has done the best job of it so far, but it’s still a tire fire that inhibits applications legitimate developers want to write. These events are not representative of every app review process ever, but they are representative of what happens when you have an app review process and you live in the real world. It doesn’t have to happen in most of the cases to be a disgrace and an impediment.

It has been said before but I will say it again: the biggest problem that the App Store faces is in the communication of shifting expectations. If, for whatever reason, Apple wants to interpret default feeds in a feed reader as a potential copyright issue, they ought to notify developers of the change and give them a chance to make adjustments.

Right now, developers do not find out about a change in App Store rules or the interpretation of existing rules until they submit an app for review. It’s a similar frustration that users face when launching an app only for it to demand an update: it’s a horrible experience to surprise users with a barrier between the action they took and the expected outcome. App updates should be silent, or offer an option to install when the app is next quit. Developers should be notified in advance of changes to the interpretation of rules in the App Store.

It is ludicrous that the App Store turns twelve years old in July and this fundamental problem remains unaddressed.

The Streaming Model for Music Doesn’t Work for Artists When They Do Not Earn Live Performance Income musicindustryblog.wordpress.com

Mark Mulligan is a music industry analyst:

Streaming has been the change agent that turned around 15 years of decline. But it also completely reframed artist income from recorded music. In the old sales model artists would get a large sum of money in a relatively short period of time. Streaming income is more like an annuity, a longer-term return where the music keeps paying long after release. In the old model artists had smaller but high-spending audiences. With streaming they have larger but lower-value audiences.

[…]

This model worked fine when live and merch were booming because more than three times as many monetised fans meant three times more opportunity for selling tickets and t-shirts. This of course is the ‘exposure’ argument streaming services are fond of, which works until it does not. Now that live and merch have collapsed, as the trope goes ‘exposure does not pay the rent’. The previously interconnected, interdependent model has become decoupled.

It is somewhat quaint to consider now that a record or CD that you played a hundred times cost more-or-less the same as one that you listened to once or twice. Both likely paid the artists approximately similar amounts, too.

Even in a streaming music economy, it’s not like your individual payment to your platform of choice is getting split along the ratio of the artists you listen to each month. That would be far too much effort. Instead, as I understand it, the subscription fees all go into one big pot which is divvied up amongst all rights holders relative to the total distribution of streams. Did you listen to nothing but your friend’s album last month? Unless your friend is Megan Thee Stallion or Travis Scott, they probably aren’t getting your $10 subscription fee.

There has never been a better time to support musicians directly. The next Bandcamp fee waiver day is June 5, and many artists sell merch and records on the web. You can still buy albums on iTunes, too, in the way your great aunt told you stories about.

The Ideal First-Run Experience for an iPhone App Is None at All inessential.com

Brent Simmons:

Isn’t there some quote, maybe even from Steve Jobs, about apps early in the day of the App Store, that went something like this? “iPhone apps should be so easy to use that they don’t need Help.”

I’ve always thought to myself, since then, that if I see a first-run tutorial, they blew it. Apps should be designed so that you can figure out the basics quickly, and then find, through progressive disclosure, more advanced features.

A complex iPhone app, even at its most ideal, may not truly reach the point where users must not need help, but they ought to be designed with that goal in mind. I’ve been stumped by even my favourite apps — I once accidentally switched off smart quotes in Tweetbot and it took longer than I am willing to publicly admit to figure out how to turn them back on.1 The best apps are those that require no instruction because they are designed and built with familiar components used in consistent ways.

If an app developer feels like they must include a tutorial, it ought to demonstrate more than it tells. The use of demo data are preferable. Incidentally, demo data, of a sort, recently created a little unfair App Review trouble for Simmons’ NetNewsWire. Demo data can be combined with a tutorial, if the app developer deems it necessary or useful, so long as the demo data can be automatically removed afterward. The best example that I’ve seen is Cultured Code’s Things to-do app, which does not need a tutorial, but has one for some of the app’s little shortcuts and gestures.

And, of course, all tutorials should be skippable.

Update: Brent Simmons writes more on the App Review issue:

The issue really is about the default feeds. They’re added by default on the first run of the app.

[…]

If a site provides a public feed, it’s reasonable to assume that RSS readers might include that feed in some kind of discovery mechanism — they might even include it as a default. This is the public, open web, after all.

Now, if NetNewsWire were presenting itself as the official app version of Daring Fireball, for instance, then that would be dishonest. But it’s not, and that’s quite clear.

I see very little difference between NetNewsWire’s default feeds and web browsers that include default bookmarks. Maybe popular web browsers like Firefox and Brave really have struck agreements with YouTube, Amazon, and Wikipedia to include their sites as bookmarks, but I doubt that, and I don’t think that ought to be a requirement. Likewise for feed readers.

If there is a good, non-arbitrary reason for this, Apple is apparently horrible at communicating it.

  1. For my future self: tap in the tweet compose box as though you were trying to copy or paste something. ↥︎

The Ethics and Questionable Efficacy of Contact Tracing Apps wsj.com

Joanna Stern, Wall Street Journal:

Sign me up! But, well… lots of buts. After speaking to health authorities, app makers, privacy experts and the teams at Apple and Google working to integrate contact tracing into smartphones — not to mention testing some available apps myself — all I can say is, “What a mess!”

Unlike other countries that have a national public health system, here in the U.S., each state or public health system will be deciding on its own apps. That could mean one app per state (if we’re lucky). It likely means incompatible apps using different technologies.

Some of the first apps — like one in Utah — ask for lots of personal information and don’t instill confidence about their privacy-protection practices. Tools in the works now from Apple, Google and others are much more privacy focused.

Stern’s piece includes a top-notch video, of course.

In order for these apps to have a hope of being effective for human contact tracers, they need wide adoption. Unfortunately, while mainstream reporting for the past few years has exposed the privacy failures of many big tech companies, very few policy changes have been made, so people are understandably untrusting of tech companies.

It will not be easy to persuade people that apps based on the Apple and Google APIs are safe. It is difficult to communicate what the difference is between apps and APIs, and it is hard to get people to trust something made by Apple and Google — even though the spec is open for others to verify its privacy bonafides.

Michelle M. Mello and C. Jason Wang, in a new paper published in Science:

A key question is how to ensure that companies and governments conducting and using epidemiologic analyses of new data sources are accountable for what they do. Democratic processes ordinarily help ensure that policy-making is reasonably transparent, the public has opportunities for input, and irresponsible officials can be removed. But many initiatives during COVID-19 have been undertaken by countries without strong democratic traditions and free-speech protections. Even in the United States, technological solutions are being pursued by small groups of officials and tech company leaders working outside ordinary channels and public view. The need to make decisions quickly may justify such processes but increases concerns about responsible practices.

The potential for misappropriation of data collected and methods developed for disease surveillance looms large. After all, the same approaches that can be used for case identification and contact tracing can be used to identify and track a government’s political opponents. Such fears undercut trust in what public health officials are trying to do, and without public trust and participation, many key strategies for fighting infectious disease cannot succeed.

My optimism for the efficacy of smartphone-assisted contact tracing has waned.

Update: The MIT Technology Review has a report on Iceland’s adoption of their own app — it’s at 38%, which is the highest of any app anywhere, but it is viewed only as supplementary to manual contact tracing efforts.

Designing the World’s First Home Computers edition.cnn.com

Oscar Holland, CNN:

The invention of the microprocessor — Intel’s 4004 was the first to be made commercially available in 1971 — changed all that. Manufacturers were finally able to produce machines small enough to fit into customers’ homes.

Yet, the question was: Could firms persuade people to actually want one there?

The story of how computers infiltrated our homes is not one of technology, but one of marketing and design, according to writer and journalist Alex Wiltshire, whose new book, “Home Computers: 100 Icons that Defined a Digital Generation,” tells the industry’s early history through its most influential models.

I dispute what I assume is Holland’s blanket reframing of the home computer revolution as a matter of design over technology — the web created a compelling technological argument for many, but not all. It took both to make the home computer a commonplace item: the technology provided a foundation, but it needed people with an eye to design, ease-of-use, and contextualization to give it purpose.

Nitpicks aside, I adore the idea behind this book, and the photography commissioned for it. You can see a few more examples on the publisher’s website.

Reading Between the Lines of Apple’s Latest Releases macworld.com

Dan Moren, Macworld:

Apple chooses its public actions very carefully, so often trying to suss out what it’s up to is a matter of reading between the lines. Because the actions that the company doesn’t take are almost as significant as the ones that it does.

While it hasn’t been an uneventful spring for Apple watchers so far, it’s been informative to see which products the company has been shipping, because they start to point the way towards the areas where Apple may instead be marshaling its forces ahead of some more significant moves.

Apple is usually pretty quiet between autumn and WWDC in the late spring, but not this year. It has launched a few new products and refreshed others, and I could not be happier to see spec bumps and moderate improvements across the board. For a while, Apple seemed interested only in major updates, leaving products to sit unchanged for several years, but that thankfully appears to no longer be the case.

But Moren points to a few products that remain untouched. We can safely guess that flagship iPhone and Apple Watch refreshes are on the table for September, but there are a few other products that could use some attention:

  • The iPad Air and iPad Mini were updated in March last year. The sans-suffix iPad was given a bigger display in September and support for the Apple Pencil and Smart Connector accessories, which brings it uncomfortably close to the iPad Air in capability. The iPad Air may have a True Tone display, better front-facing camera, and newer processor, but I find it confusing to decide between them.

  • The iMac was updated in March last year, but it seems to be on a nearly two-year cycle. The iMac Pro, though, is screaming for a major update, as Moren notes. It’s positioned nicely between the highest-end iMac and Mac Pro and, given that the latter has moved upmarket, I think it’s worth keeping in the lineup.

  • The Mac Mini hasn’t been meaningfully updated since 2018.

  • Neither has the HomePod.

  • The current Apple TV hardware lineup will turn three years old in September. If no changes are made before September 15, it will be the longest gap in the product’s history.

There was a time when every Mac model was updated roughly once a year. That pattern collapsed in the mid-2010s, but it shows signs of recovering. Most of the stuff Apple sells right now is as recent as you would expect it to be.

NSO Group Did Not Protect the Server It Used to Demonstrate Location-Based Centralized Contact Tracing in Israel techcrunch.com

Zack Whittaker, TechCrunch:

While most governments lean toward privacy-focused apps that use Bluetooth signals to create an anonymous profile of a person’s whereabouts, others, like Israel, use location and cell phone data to track the spread of the virus.

[…]

Security researcher Bob Diachenko discovered one of NSO’s contact-tracing systems on the internet, unprotected and without a password, for anyone to access. After he contacted the company, NSO pulled the unprotected database offline. Diachenko said he believes the database contains dummy data.

NSO told TechCrunch that the system was only for demonstrating its technology and denied it was exposed because of a security lapse. NSO is still waiting for the Israeli government’s approval to feed cell records into the system. But experts say the system should not have been open to begin with, and that centralized databases of citizens’ location data pose a security and privacy risk.

This is one of the inherent risks of a centralized system. The other, of course, is that there is a lazy but not incorrect slippery slope argument to be made that this system could be expanded or repurposed for direct tracking of individuals, but that would not be possible with an anonymous and decentralized system.

Also, I know NSO Group is Israeli and, so, it makes sense for them to be developing Israel’s contact tracing system, but their involvement is somewhere between suspicious and icky.