Written by Nick Heer.

Archive for April, 2021

James Hoffman’s AeroPress Technique

Tony Konecny, formerly of Tonx and now at Yes Plz, in a lengthy and entertaining thread about coffee brewing techniques [sic]:

And I of course love the Chemex. The heavier filters are very forgiving of grind size/quality. It’s hard to fuck up.

It’s an elegant brewer when you’re serving multiple people and one of the few pieces of coffee gear that looks good left on the countertop.

and an Aeropress looks like a something you keep hidden in the nightstand.

I brew a cup or two of Chemex when I am feeling fancy and want something to clean afterwards, but I make most of my coffee with an AeroPress despite its looks. It is a resoundingly utilitarian brewer with seemingly a many variables and, depending on how fussy you want to be, a challenge to use consistently. But it has many passionate fans for two good reasons: it is very simple, and it requires very little effort to make good coffee.

James Hoffman made three videos about the AeroPress that are worth checking out:

If you’re short on time, you can just watch the last video, but I highly recommend all three. The intro on the first one is a lovely piece of filmmaking, and Hoffman’s dedication to trying different techniques in the second is admirable.

These three videos got me to try a different technique than my go-to recipe. For years, I have used a cheap kitchen scale and the AeroPress Timer app — which is, simultaneously, the best-designed and least-beautiful app I use regularly — to brew 18 grams of coffee with 200 millilitres of water in about a minute and a half, which is the Blue Bottle recipe. It is a little anal retentive, but it sure produces more reliable results than my previous technique of guesswork.

But Hoffman’s recipe uses just 11 grams of coffee and takes two and a half minutes, with a finer grind than I typically use. It is a noticeably different cup and I cannot work out if I like it more or less, but it is worth exploring. If you have an AeroPress, I think Hoffman’s video series is an entertaining and informative way to spend about an hour, and I think the AeroPress Timer app is also worth giving a shot.

Assorted Other ‘Spring Loaded’ Announcements

Michael E. Cohen, TidBits:

With Apple Card Family, a service available starting in May 2021, two people can co-own one Apple Card, sharing and merging their credit lines and benefiting equally from the shared credit history. In addition, Apple Card Family lets parents share an Apple Card with their children — including setting spending limits and controls — using an updated Family Sharing service.

This sounds like it will be helpful for, say, a couple where one person has major student loan debt or does not have a great credit history; but, now that their finances are shared, that person can benefit from the better collective credit rating.

Alex Guyot, MacStories:

During today’s keynote event, Apple announced their new Apple Podcasts Subscriptions service. Launching in May in over 170 countries, the service will allow users to subscribe to premium podcasts directly from the Apple Podcasts app. Premium shows will offer access to various perks for users, such as removing ads, releasing shows early, or providing exclusive content.

Ashley Carman, the Verge:

Initial partners include Pushkin Industries, QCODE, and NPR. It appears that content creators will have to pay Apple $19.99 per year in order to offer subscriptions, and Apple will take 30 percent of revenue for the first year of a subscriber’s lifetime and 15 percent for the years following. This means that if a subscriber only subscribes for one year, a podcaster will have given Apple 30 percent of that revenue. Podcasters are incentivized to keep subscribers around longer.

Podcasters will have to upload their subscription content through Apple’s backend, not through RSS and their hosting provider. Their regular feed, however, can still operate through RSS. Because the subscription content goes through Apple, podcasters also won’t receive specific data about their paying listeners, like their email, names, or contact information. Apple essentially owns the relationship.

The Podcaster Program Agreement appears to have a some requirements worth paying attention to if you are interested in joining. One thing I did not see in there is an exclusivity requirement. That means you can have a Patreon and a paid Apple Podcasts tier, and upload the same paid-only materials to both.

Apple’s Letter to Artists About Streaming Music Payouts

Anne Steele, Wall Street Journal:

Apple Music told artists it pays a penny per stream, according to a letter viewed by The Wall Street Journal.


Artists aren’t paid directly by streaming services, so a single play of a song doesn’t result in a penny going into that artist’s account. Instead, streaming services pay royalties to rights holders — a group that includes labels, publishers and other distributors — which in turn pay artists based on their recording, publishing and distribution agreements. Both Apple and Spotify pay rights holders based on the share of total streams their artists garner on each service.

Yet artists cite the per-stream pay rate as an indicator of their earnings. Major labels say the average monthly streams per user is a better measure of the streaming economy, and growing numbers of streams mean more money coming in for artists. Both Spotify and Apple, they say, are at or near the 1,000-streams-per-listener monthly benchmark that is seen as a success.

Jem Aswad, Variety:

However, nuances were lost in some of the wording: The first sentence of the WSJ article reads: “Apple Music told artists it pays a penny per stream” — which does not specify who it pays a penny per stream — and while the main headline on the article reads, “Apple Music Reveals How Much It Pays When You Stream a Song,” a secondary headline reads, “Apple Music pays artists twice as much as Spotify per stream.”

It is not hard to see how the inaccuracies, which were not stated but may have been inferred from the letter and the article, could lead some artists to think that they’ll be getting a penny from Apple every time their music is streamed, or even that the company has increased its rates to pay artists a penny per stream, even though the letter specifically states that “royalties from streaming services are calculated on a stream share basis” (i.e. a song’s percentage of the service’s total number of streams, which means Apple Music does not pay royalties on a per stream basis). Ultimately, the variables make apples-to-apples comparisons (sorry) nearly impossible, but multiple sources say the two companies’ rates are actually much closer than Friday’s headlines would imply.

The penny-per-stream average is clearly an inaccurate way to measure artists’ earnings, but it does lend itself to a trivia game of estimation with your favourite songs and albums. Mike Rockwell:

My most played artist in Plex has 627 plays. Based on Apple’s average payout of $0.01 per stream, that would have resulted in $6.27. But I’ve purchased four albums for a total of about $40.

This inspired me to look in my library at some high play-count records I have to see how much they would have cost if they were streamed instead. For example, my total play count of all of the songs on “The Fragile” is 1,392. If I had streamed all of those plays, Apple apparently would have paid Trent Reznor and company about $13.92. But I added this rip of the album to my library in June 2009 — which is when I bought a CD copy for probably about $25 — and, if I had to pay $10 per month for Apple Music, it would have cost me over $1,400 to maintain my library over that time.

Of course, that’s not a per-album rate. I get millions of songs for my $10 per month. In about the same timeframe in 2009, I also added Burial’s “Untrue” to my library. I have played the thirteen songs on that album 684 times in total, leading to an estimated payout of $6.84. My CD copy of that album probably cost $15, of which William Bevan probably earned just a few pennies. Apple Music obviously has not existed since 2009 but, if it had, I cannot work out how much less artists would have made if I had streamed all of my music instead of buying physical copies.

Somehow, we are still paying just $10 per month for music in an era where streaming must be paired with live performance to have any hope of generating an income for an artist, all the while fighting the paradox of streaming music, and artists are still getting screwed in the middle of all of it. There would not be a music industry without music, but the industry gets all of the money while musicians still have to fight for scraps.

Facebook’s Media Strategy, Unwittingly Emailed to a Journalist, Seeks to Treat Large-Scale Leaks as ‘Normal’

Pieterjan Van Leemputten, on the Belgian DataNews website and translated by Google:

Facebook has a communication strategy ready to dismiss the data breach in which 533 million accounts, including three million Belgians , were leaked as affecting the entire sector. At the same time, the company expects this to happen and wants to use blog posts on the subject in the future to ensure that it no longer has to respond to every incident.

That is a short summary of an internal communication email that ended up in the Data News mailbox. The email itself dates from April 8 and comes from a communications officer at Facebook, and is addressed to the company’s PR staff in EMEA (Europe, Middle East and Africa).

Kind of funny how Facebook’s communications person was feeling pretty confident about the declining media attention the leak of half a billion users’ personal details was getting in an email accidentally sent to a reporter. Scraping is a fairly common practice but let’s not forget that Facebook allowed more than one to copy the records of hundreds of millions of people each without raising red flags.

The New M1-Powered iPad Pro


The breakthrough M1 chip takes the industry-leading performance of iPad Pro to an entirely new level. The 8-core CPU design features the world’s fastest CPU cores in low-power silicon — delivering up to 50 percent faster CPU performance than A12Z Bionic. The 8-core GPU is in a class of its own, delivering up to 40 percent faster GPU performance. This combination of CPU and graphics performance on iPad Pro widens its lead as the fastest device of its kind. Powerful custom technologies, including a next-generation 16-core Apple Neural Engine, an advanced image signal processor (ISP), a unified, high-bandwidth memory architecture with up to 16GB of memory, 2x faster storage, and up to 2TB capacity, make iPad Pro more capable than ever. The industry-leading power efficiency of M1 enables all of that amazing performance along with all-day battery life in the thin and light design of iPad Pro.1 Because M1 shares the same fundamental architecture of A-series chips, iPadOS is already optimized to take full advantage of the powerful technologies in M1 to easily handle everything from simple navigation to the most demanding workflows.

An iPad uses what is ostensibly the same processor as half of Apple’s Mac lineup. Impressive. This is the first time Apple has openly acknowledged the iPad’s memory instead of treating it as secret sauce and, perhaps unsurprisingly, it is offered in similar configurations as its Mac cousins. Unlike a Mac, you cannot customize the RAM independent of its storage; if you do not want a terabyte of disk space, you will get 8 GB of RAM.

There is a lot to love about these new iPad models, and I am excited to see the display in the 12.9-inch model, even though it increases the price considerably. But this is the part of covering new iPad hardware where I am legally obligated to express that my frustrations remain in its software. I am excited for what WWDC may bring on that front because, much as I want one of these new iPad Pro models, nearly all of the things I wish to change about my base-model years-old iPad are in its operating system.

The Redesigned iMac Comes With an M1 Chip and Is Available in Seven Colours

Let’s start with what we can see, shall we? Not since the iMac G3 of the late 1990s has Apple used such vibrant colours on any Mac, and they look beautiful. The product photography makes the green one look like the original “Bondi Blue” iMac. If I were buying one of these iMacs, that’s the one I’d have. I wish the MacBook Air came in these same colour choices.

The new model has a slimmed-down bezel in white, which is an odd choice. I am curious about what that will look like in person, though I have not been a fan of any of the devices I have used with white bezels. There isn’t a logo anywhere on the front, but it still has a chin because that’s where the computer is.

That chin features a pastel version of the iMac’s colour that is matched in the stand; around the sides and back, it is a richer and more vibrant hue. Don’t worry — there is still a silver model available if you are boring.

I am so happy to see colourful computers again — can you tell?

It is around the back of this iMac where things take a bit of a dive. For a start, it has just two USB 4/Thunderbolt ports; on the higher-end models, there are an extra two USB 3 ports. But that and a headphone jack is all the I/O that you get. That means no USB-A ports, of course, but also not SD card reader, which I use every few days on my own iMac. At least all currently-sold iPhones ship with Lightning cables that have a USB-C connector.

This iMac also has a curious new port around back for power and connectivity. It supports WiFi, of course, but if you want to use a wired connection, the higher-end models include a power brick with a gigabit ethernet port. That means the power supply is no longer built in, which creates some floor clutter, and — most curiously — this connects to the iMac via a single braided cable that attaches magnetically. So all current Apple notebooks have cables that are firmly seated and can cause the computer to go flying if they are tripped over, but one desktop model has a magnetic cable.

Apple is pitching this 24-inch iMac as a replacement for the 21.5-inch model; it has discontinued all but the lowest-end 21.5-inch Intel models, but it has retained the 27-inch models for now. This sets up the possibility for a greater differentiation between Apple’s more consumer-oriented products — the MacBook Air, 13-inch MacBook Pro, Mac Mini, and this iMac — and its higher-end products. This iMac uses ostensibly the same chip as its other own-silicon Mac models — and the new iPad Pro — and is limited to the same storage and memory options. The M1 products that have been released so far have proved to be extraordinarily powerful, but there are plenty of use cases that would benefit from more RAM and more power. That is what we can expect from the big iMac, and the 15-inch and higher-end 13-inch MacBook Pro models.

The New Apple TV 4K and New Siri Remote

After many years, Apple has updated the Apple TV 4K and the accompanying remote control. From the newsroom (U.S. link because none of the announcements from today, aside from podcast subscriptions, have Canadian press releases yet):

Apple today announced the next generation of Apple TV 4K, delivering high frame rate HDR with Dolby Vision and connecting customers to their favorite content with the highest quality. At the heart of the new Apple TV 4K is the A12 Bionic chip that provides a significant boost in graphics performance, video decoding, and audio processing. And with an all-new design, the Siri Remote makes it even easier to watch shows and movies on Apple TV with intuitive navigation controls. Together with tvOS — the most powerful TV operating system — Apple TV 4K works seamlessly with Apple devices and services to magically transform the living room in ways that everyone in the family will love.


Through an innovative color balance process, Apple TV works with iPhone and its advanced sensors to improve a television’s picture quality. Apple TV uses the light sensor in iPhone to compare the color balance to the industry-standard specifications used by cinematographers worldwide. Using this data, Apple TV automatically tailors its video output to deliver much more accurate colors and improved contrast — without customers ever having to adjust their television settings.

This is a fairly modest spec bump. The star of the show is the new Siri remote, which looks like a hybrid of the aluminum stick from several years ago and the iPhone 12. It still has few buttons and some touch-sensitive controls, but it appears to be less fiddly than the current version and is certainly easier to tell by feel which way is upright. It is also going to be shipping with the still-available Apple TV HD — but it is only $30 less than the $179 4K.

The colour balancing feature is not exclusive to this new model. It works with any Apple TV that supports tvOS 14.5 and any iPhone with a Face ID array. I will not be able to try it until the tvOS update is released next week, but I am curious about what changes it will make to my cheap and old television.

Notably absent in this Apple TV update is spatial audio. Perhaps it is the kind of thing that will need a camera capable of tracking multiple people.

Remember Netbooks?

Nilay Patel, the Verge:

Windows getting shown up by Linux was not allowed, so Microsoft did some Microsoft maneuvering, and by January 2008 the Eee PC was running Windows XP instead. It was also part of a larger category called “netbooks,” and we were all made to know what netbooks were.


The netbook explosion was all the more odd because every netbook had the same basic specs, as Microsoft charged more for a standard non-Starter Windows license if a computer had anything more than a 1.6GHz Intel Atom processor, 1GB of RAM, and a 160GB hard drive. So it was all colors and screen sizes, really. All to run a deeply-annoying version of Windows, on a computer that no one was even remotely claiming could replace a primary PC. By the end of it all, as the chips inevitably got more powerful, enough laptop vendors were telling Joanna that their new netbook-like computers weren’t netbooks that she started calling them “notbooks.”

The thing I remember most about the netbook era were the constant cries of technology analysts demanding that Apple make a netbook.

Jason Snell of Macworld reported on Apple’s 2008 fourth-quarter earnings:

At Apple’s event launching the company’s new laptops last week, Jobs was asked about the emerging category of “netbooks,” low-cost and low-feature laptops. Last week, Jobs made skeptical noises about the category, saying it was just too early to tell what would happen. On Tuesday Jobs went a little further, dangling some suggestion that Apple is watching the category closely: “It’s a nascent category and we’ll watch while it evolves,” Jobs said. “And we’ve got some pretty good ideas if it does evolve.”

Gregg Keizer of Computerworld in December 2008:

Apple Inc. will introduce two netbooks at the MacWorld Conference and Expo next month that will be tied to the company’s App Store, as is its iPhone, an analyst said today.

“I don’t have any inside information,” said Ezra Gottheil of Technology Business Research Inc., as he spelled out his take on Apple’s next hardware move. “This is just by triangulation.”

The computer Apple actually introduced at Macworld in January 2009 was the 17-inch MacBook Pro which only resembled a netbook from really far away.

David Carnoy of CNet could not have been more blunt in this 2009 editorial, which ran with the headline “Why Apple must do a Netbook now” and this dek:

With news that users are hacking Windows and Linux Netbooks to run OS X — and run it pretty well — Apple needs to release a Netbook of its own before it loses ground in the highest-growth laptop category.

I am sure Apple’s executives are just kicking themselves all the way to the bank.

Anyway, shortly after the iPad came out, the “netbook” name became toxic and, as Patel writes, the companies making them avoided that marketing. Patel and Joanna Stern argue that iPads are their spiritual successor, but I think Chromebooks are far more netbook-like. If anything is to be a “netbook”, it should be a laptop that is effectively just for web apps — and nothing is more like that than a kind of notebook named after the world’s most popular web browser.

The North Korean Government’s Many Digital Heists

Ed Caesar, the New Yorker:

North Korea’s cybercrime program is hydra-headed, with tactics ranging from bank heists to the deployment of ransomware and the theft of cryptocurrency from online exchanges. It is difficult to quantify how successful Pyongyang’s hackers have been. Unlike terrorist groups, North Korea’s cybercriminals do not claim responsibility when they strike, and the government issues reflexive denials. As a result, even seasoned observers sometimes disagree when attributing individual attacks to North Korea. Nevertheless, in 2019, a United Nations panel of experts on sanctions against North Korea issued a report estimating that the country had raised two billion dollars through cybercrime. Since the report was written, there has been bountiful evidence to indicate that the pace and the ingenuity of North Korea’s online threat have accelerated.

According to the U.N., many of the funds stolen by North Korean hackers are spent on the Korean People’s Army’s weapons program, including its development of nuclear missiles. The cybercrime spree has also been a cheap and effective way of circumventing the harsh sanctions that have long been imposed on the country. In February, John C. Demers, the Assistant Attorney General for the National Security Division of the Justice Department, declared that North Korea, “using keyboards rather than guns,” had become a “criminal syndicate with a flag.”

There are elements of this report that I do not love,1 but it is an extraordinary look at the effects of an advanced persistent threat actor whose motivation is almost solely financial gain. American and Israeli governments collaborated on malware for espionage and hardware destruction in Iran; the Russian government unleashed Petya and NotPetya to attack Ukraine in an act of war; “Five Eyes” governments share the Warriorpride espionage framework (PDF) for smartphones. But none of these countries’ governments seem interested in siphoning cash just because they can. North Korea, sanctioned internationally and with limited resources, needs money and has invested in a world-class digital subterfuge team to get it.

  1. For example, Priscilla Moriuchi, who is now at Harvard and was previously at the NSA, said in an interview quoted here that “North Koreans understand criminality”. It sounds like Moriuchi means the North Korean government and its agencies, not North Korean people generally, but this imprecision frustrates me because it implies that an entire country’s population is criminally-minded. ↩︎

Apple Will Let Parler Back Into the App Store

In January, Parler’s iOS app was booted from the App Store because the social network was a deliberately under-moderated platform without demonstrable community standards. Along with Facebook, Parler was one of the platforms used by those involved in the January 6 attack on the U.S. Capitol. It had a more concentrated favourability with pro-violence and anti-democratic users than Facebook, however, because of its weak moderation policies. Apple said that Parler’s app would be allowed back into the App Store if it could show a plan to control hate speech and targeted attacks.

In March, Nicolás Rivero of Quartz reported that Parler was reworking its policies so that Apple would permit the app in its store, but was rejected for not going far enough:

In a statement the next day, Parler’s chief policy officer, Amy Peikoff, stressed the lengths to which the platform has gone in recent months to implement new moderation practices to appease Apple. “We worked tirelessly to adopt enhanced protocols for identifying and removing this type of content,” Peikoff wrote. “We have since engaged Apple to show them how we’ve incorporated a combination of algorithmic filters and human review to detect and remove content that threatens or incites violence.”

Peikoff also wrote that Parler has rolled out all-new moderation features that weed out “personal attacks based on immutable and irrelevant characteristics such as race, sex, sexual orientation, or religion.” Mainstream social platforms like Facebook and Twitter have long since adopted algorithms to block exactly these forms of hate speech (although they tend to use language like “protected categories” rather than “immutable and irrelevant characteristics”). The main difference is that Parler gives its users the ability to opt out of its hate speech filter so they can “curate their own feeds as they choose.”

None of that was enough to win Apple over. But Peikoff seemed to indicate that Parler would make more changes to placate the tech giant. “Parler expects and hopes to keep working with Apple to return to the App Store,” she wrote.

After months of discussion, it appears that Apple is satisfied with the changes Parler is proposing. Brian Fung, CNN:

Apple has approved Parler’s return to the iOS app store following improvements the social media company made to better detect and moderate hate speech and incitement, according to a letter the iPhone maker sent to Congress on Monday.

The decision clears the way for Parler, an app popular with conservatives including some members of the far right, to be downloaded once again on Apple devices.

The letter — addressed to Sen. Mike Lee and Rep. Ken Buck and obtained by CNN — explained that since the app was removed from Apple’s platform in January for violations of its policies, Parler “has proposed updates to its app and the app’s content moderation practices.”

CNN did not share Apple’s letter, but Sen. Lee’s office has published its copy (PDF) if you would like to read it in full. Here’s a key paragraph:

In response, Parler did not communicate a sufficient plan to improve its moderation of user-generated content in the app. Thereafter, and consistent with standard app review processes, Apple’s app review team, ARB, and ERB decided to remove the Parler app from the App Store for non-compliance with the Guidelines. Customers who had already downloaded the Parler app prior to its removal from the App Store could still access the app, and Apple understands that Parler’s website is accessible on the Internet, including through a web browser on an Apple device.

There are no iOS clients for 4chan or OnlyFans, but Parler seems to think its growth will be more straightforward by making its Twitter clone more like better-moderated platforms than to stick to its pretend principles. I think that is preferable. Anonymity and pseudonymity is not why social networks are often vile, nor does it explain why 4chan, Gab, and Parler are generally worse. It is a lack of community standards and effective moderation.

Parler is trying to improve; I think that is welcome. But I do not think it will make Parler a welcoming community for many; if you are looking for a steady supply of vaccine scaremongering and mask misinformation, you’ll love it there. The effects of Parler’s new rules are a mystery for now as they are not yet in place.

There Is No Way to Report App Store Scams

You remember Kosta Eleftheriou, right? He tweeted about clones of his app FlickType, and has since found a bunch of App Store scams that he has tweeted about. Here are a couple of recent examples, starting with X-Gate VPN:

Another typo in the title, but this time it’s not even a title – it’s PLACEHOLDER TEXT!

How the heck does this app have a 4-star rating? Or passed review twice??

Anyway, let’s continue to see what this “7 day” trial is all about.

On the next screen the trial is now for 3 days instead of 7, and we can “Incredibly increase speed” for a mere $12/week.

You’re telling me people are signing up for $624/year for *this*? And are giving it 4 stars?

And here’s a game for kids:

This @AppStore app pretends to be a silly platformer game for children 4+, but if I set my VPN to Turkey and relaunch it becomes an online casino that doesn’t even use Apple’s IAP.

Both of these apps were available for hours after Eleftheriou tweeted about them, but have now been removed from the store. On one hand, you could argue that this indicates the need for a centralized and policed app marketplace: since Eleftheriou finds scummy apps like these in Apple’s controlled marketplace, it is possible that many more would be available if not for the controls in place. Apple is also able to disable apps like these when they are found.

But the fact that these apps are found in “a place you can trust” also indicates that Apple’s review process is not as stringent as it needs to be. It is possible that there would be more nefarious apps available for iOS if the App Store were not the sole distribution platform, but Apple’s App Store could still be the best marketplace if there were competitors. It could be safer and more controlled than it already is. It is also true that Apple could disable worrisome apps’ certificates, which are unconnected to the App Store’s monopoly on native app distribution for iOS.

One more thing that I think is critical is that it is, right now, impossible to flag an app as a rule-breaker or a scam. Say you download an app and it is, in some way, worth reported to Apple. Let’s start in the App Store, where there is no button to report an app, not even in the app listing’s share menu. If you go to Apple’s Report a Problem website, you will see all of your purchases and downloads from your Apple ID, and you will be be asked a question, “What can we help you with?” for a dropdown menu containing these options:

  • Request a refund

  • Report a quality issue

  • Find my content

  • Report suspicious activity

If you pick the last one, you’ll be sent to a screen where you will be told to contact Apple Support if you think your Apple ID has been compromised; it has nothing to do with the items you purchased or downloaded.

The second item on the list, which is my next best guess for a relevant answer, is limited to Apple subscriptions and in-app purchases. It is the answer you choose when, say, a movie you rented has playback problems, or an app subscription is not working properly. It is one option you could use if an app is abusing in-app purchases and you have fallen for the scam but, if you are alert enough to avoid subscribing, this choice won’t help. It is the same story for requesting a refund, and “find my content” is irrelevant.

So you visit Apple’s contact page where, under the “Product and Services Support” section, you are redirected to Apple’s support page. And, long story short, there is nothing in this support site about App Store scams or reporting a problem with a third-party app. If I am wrong about this, please get in touch and tell me — I will update this post. But it appears that, if a scam makes its way into the App Store, Apple is entirely dependent on users posting on social media or contacting Apple through another channel to be alerted to problems.

Online Proctoring Programs Try to Detect Cheating Through Machine Learning, So You Can Imagine What They Get Wrong

Katie Deighton, Wall Street Journal:

Millions of college students facing final exams, professionals pursuing new qualifications and others were asked to take important tests at home using programs such as ProctorExam, Proctorio and ProctorU—software designed to fight cheating by getting a human or machine to remotely watch for suspicious behavior in test takers’ faces, rooms and audio levels.


One criticism leveled at Proctorio, which uses machine-learning technology to monitor a student’s behavior during a test, is that its system sometimes fails to detect the faces of users with darker skin tones, prompting concerns that these students may be unable to begin an exam. Mr. Olsen said the software occasionally fails to pick up students’ faces if they are in badly lighted spaces, but a human member of Proctorio’s support team can assist and admit test takers into an exam if the software has issues detecting their face in the pre-check process.


Some users reported trouble getting digital proctoring software to install or function properly on their devices, often because of technical issues such as an unstable internet connection.

Via D’Arcy Norman, who was interviewed by Deighton and whose full response is worth reading:

There is a fundamental problem with how online exam proctoring software is designed. This problem involves issues of power, control, consent, and agency. The concept itself puts students and instructors into an adversarial relationship, with students framed as assumed cheaters, and instructors as police or security analysts trying to catch the students. This can’t be resolved through interface tweaks or streamlined installation processes – the problem is the nature of the software, not the design of the interface or user experience.

This reminds me of the surveillance applications some employers require staff to install while working from home. People are sometimes going to do things while on the clock or at school that they should not be doing, but it is not solved by assuming people are unworthy of trust.

Update: Via a reader, another story about Proctorio. Joe Mullin of the Electronic Frontier Foundation:

Given these invasions, it’s no surprise that students and educators are fighting back against these apps. Last fall, Ian Linkletter, a remote learning specialist at the University of British Columbia, became part of a chorus of critics concerned with this industry.

Now, he’s been sued for speaking out. The outrageous lawsuit — which relies on a bizarre legal theory that linking to publicly viewable videos is copyright infringement — will become an important test of a 2019 British Columbia law passed to defend free speech, the Protection of Public Participation Act, or PPPA.


Users of the iOS Discord App Will Be Unable to Access NSFW Channels

Kyle Orland, Ars Technica:

Discord users who access the Discord app through iOS will now face restrictions on adult content that go beyond those for other platforms. The gaming-focused social networking app — which lets users create public or private servers to chat via text, image, voice, and video livestreaming — announced this week that “all users on the iOS platform (including those aged 18+) will be blocked from joining and accessing NSFW servers. iOS users aged 18+ will still be able to join and access NSFW communities on the desktop and web versions of Discord.”

That NSFW designation can be set by the server owner or by Discord itself, in keeping with community guidelines requiring the label on “adult content.” Individual channels within a server can be designated as NSFW without imposing limits on the full server, but an entire server may be labeled as NSFW “if the community is organized around NSFW themes or if the majority of the server’s content is 18+,” the company said.

Matthew Bischoff on Twitter:

When we dealt with this at Tumblr, it became my full time jobs for weeks to find incredibly complex ways to appease Apple’s censors. This happened every time they found a sexy blog they didn’t like. It’s absurd.

Speaking of Twitter, that company expressly permits “graphic violence and consensually produced adult content” within users’ tweets “provided that [users] mark this media as sensitive”. Reddit permits NSFW text and media so long as it is marked. Discord has a similar policy of allowing NSFW media in channels so long as those channels are marked. What makes it different? Is Apple going to demand that Reddit and Twitter also prohibit accessing NSFW media from within those companies’ iOS apps?

This is nothing like the Parler situation. Parler and Gab have little to no moderation of their platforms, so they are not compliant with the App Store rules. That is understandable to me; you may disagree with that policy, but it is at least a written policy. But Discord, Reddit, and Twitter all attempt to moderate their platforms to varying degrees of success. What makes Discord different?

Update: As of April 19, Discord has loosened these policies. It has now gated channels marked NSFW, and expressly prohibited only dedicated pornographic channels. This remains far more cautious than the official apps from Reddit or Twitter. Discord blamed Apple’s guidelines for why it had to make these changes, so I remain confused why it needs to be treated differently.

The Trust Gap Between Journalists and Companies Is Widening, as Is the Reporter-Public Relations Gap

Jim Prosser of Edelman:

As I see it, there are three distinct structural shifts happening that both explain and give merit to a shift in emphasis toward businesses using their direct channels instead of relying on media coverage. Collectively, they have some profound implications for companies, communicators, and journalists.


Put simply, Americans on the whole trust business as an institution more than the press as an institution. That’s not conjecture. It’s backed by data.


There are far more stories businesses want to tell than there are reporters to tell them. How do we know that? Let’s look at U.S. Bureau of Labor Statistics data. In 2000, there were about two people working in public relations for every one working reporter in America. By 2019, that spread more than doubled to over five, driven by both an increase in PR jobs and a decrease in reporter jobs. By 2029, BLS projects the spread will keep expanding to over six.

I found this post illuminating and alarming. A collective trust in business marketing — or “storytelling”, as Prosser puts it — over good journalism means that more credence is given to media that has an inherent conflict of interest over that which, ostensibly, does not.

A common retort to this is that media outlets have, for years, degraded their own trust. CNN spends hours a day broadcasting talking head shouting matches; entire books have been dedicated to the inadequacies of the New York Times; Fox News is Fox News. This is not a U.S.-exclusive phenomenon: trust in the media, scientists, and academics has fallen in Canada, too.

But this trust gap is almost inherently unfair. When companies screw up, they barely flinch. Consider that, as of last year, 71% of Americans surveyed have a favourable opinion of Facebook. This is after years of behaviour that should have destroyed its reputation.

Media, on the other hand, operates within far tighter margins of trust. Brooke Gladstone, writing for the New York Times in 2015:

Americans say they want accuracy and impartiality, but the polls suggest that, actually, most of us are seeking affirmation. Americans want the news to be patriotic, which explains the big drop in 2004 when stories abounded about Abu Ghraib, the 9/11 commission’s slam on the government’s handling of terrorism, and the Senate Intelligence Committee finding that the White House “overstated” the threat of weapons of mass destruction. Plus, it was an election year. Trust in news media always dips in election years.

We tend to trust media that reflects our own views, and inherently distrust outlets that do not. Companies are perceived to be more neutral; the view that they are only interested in the bottom line is both cynical and perceived as more trustworthy than journalism. I think this is false, but it is what surveys suggest. Prosser makes several suggestions in this article about how media can improve reader trust — many of which have been made before — but I do not think they will be effective. For example, here’s one idea:

While the means of news distribution have changed starkly over the previous decade, news presentation online remains largely the same: text with occasional links and photos, sometimes video, presented in a format that basically tracks the print experience. There’s a meaningful opportunity here to look at means of presenting stories that reinforce trust: presenting primary source documents in line instead of just writing in reference to them, detailing how a piece was sourced in ways people understand […]

“Present primary sources” sounds like a slam-dunk, right? If a publication has documentation of something and shows it, the story should speak for itself. But this has mixed results. In 2004, records supposedly denigrating George W. Bush’s military service were shown to be created in Microsoft Word because those documents were available. On the other hand, even after a full summary was released by the White House of a call between then-U.S. president Donald Trump and Ukraine president Volodymyr Zelensky, less than half of Republicans believed news reports about the substance of the call. I am sure you can find plenty of similar examples from different political parties and orientations; these are my own biases.

One positive note that I found while researching for this: Canadians are more trusting of local media, as are Americans (PDF).

Spotify Continues to Remove Episodes of Joe Rogan’s Podcast

Paul Resnikoff, Digital Media News:

Just last week, Digital Music News first reported that 40 different Joe Rogan Experience podcast episodes were found missing from Spotify, now the exclusive platform for the show. Now, that number has quickly grown to 42, with potentially more shows quietly getting removed from the catalog.

Among the newly-missing is an episode (#411) with Bulletproof Coffee founder Dave Asprey, a frequent guest on The Joe Rogan Experience. Strangely, Spotify has deleted three total episodes with Asprey for reasons that aren’t entirely clear.

You may remember Asprey from his many years of bullshit.

It is worth reading this article alongside something like Ben Thompson’s piece about sovereign writers, and considering the balance of editorial control and independence against guaranteed income.

I am not a fan of Rogan’s podcast; I think it sounds like if you grafted a mouth onto a lifted Dodge Ram covered in Punisher decals. I also think that it is probably a good thing for the world that Spotify can exercise some control over a popular but obsequious host. But I have to wonder how comfortable Rogan is with sharing his fame with Spotify while letting it meddle with his show. Spotify surely benefits from the exclusivity of his show and being associated with one of the world’s most popular podcasts; Rogan benefits because he is a hundred million dollars richer, which is a galling amount of money for Joe Rogan’s HGH and PCP power hour. Spotify apparently has little editorial control, but it now has control and responsibility over distributing an exclusive show that it paid, again, a hundred million dollars for. Rogan’s name may be on the show, but it is Spotify’s reputation that is on the line.

Private Exploit Marketplaces May Have Broad Security Benefits

Hey, remember that iPhone 5C that the U.S. government barely tried to crack before demanding Apple give them a back door, only to find a way in just one day before a related court hearing was to begin? It turns out that the company that they paid to crack it was not one of the usual suspects like Cellebrite or Grayshift.

Ellen Nakashima and Reed Albergotti, Washington Post:

The iPhone used by a terrorist in the San Bernardino shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple.

Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead.


Apple has a tense relationship with security research firms. Wilder said the company believes researchers should disclose all vulnerabilities to Apple so that the company can more quickly fix them. Doing so would help preserve its reputation as having secure devices.

What a bizarre turn of phrase. It would help it “preserve its reputation as having secure devices” because it really would help improve the security of its devices for all users, in much the same way that telling a fire department that there is a fire nearby would help a building’s reputation as a fire-free zone.

Thanks to this report, we now know some of the backstory of how the 5C came to be cracked without Apple’s intervention, and Nakashima and Albergotti confirm why the FBI was so eager to take Apple to court for this specific case:

Months of effort to find a way to unlock the phone were unsuccessful. But Justice Department and FBI leaders, including Director James B. Comey, believed Apple could help and should be legally compelled to try. And Justice Department officials felt this case — in which a dead terrorist’s phone might have clues to prevent another attack — provided the most compelling grounds to date to win a favorable court precedent.

It was not “months of effort”; according to a Department of Justice report, the FBI spent a few hours actively trying to figure out how to crack the device. But if it was not perfectly clear before, it is now: this was the model case for getting a law enforcement back door in encryption because it involved a terrorist. The next time the FBI brought this up, it was because of another terrorist attack. In both cases, the iPhones were able to be cracked without Apple’s intervention.

Most of all, this report adds one more data point to the debate over the ethics of the zero-day market. If Azimuth had reported the vulnerabilities it exploited in cracking this iPhone — including a critical one reportedly found well before this terrorist attack occurred — Apple could have patched it and improved the security of its devices. However, if third parties were unable to find an adequate exploit, a court may have compelled Apple to write a version of iOS that would give law enforcement an easier time breaking into this iPhone. Once that precedent is set, it cannot be un-set.

Katie Moussouris of Luta Security on Twitter:

Selling exploits to law enforcement removes their plausible cause to petition courts to order Apple & others to self-sabotage security of all customers.

Azimuth’s exploit sale saved us all from a mandated back door then, & the court precedent that would force backdoors elsewhere.

I’m midway through Kim Zetter’s excellent “Countdown to Zero Day”. One of the chapters is dedicated to exactly this question in the context of Stuxnet: how much responsibility do security researchers have to report critical security problems to vendors? An auxiliary question some specific vendors, like Microsoft, may face is what their obligation is for patching vulnerabilities that may be currently exploited by friendly governments in their intelligence efforts. That is something Google’s Project Zero wrestled with recently.

In the case of this iPhone, it seems like the private exploit marketplace helped avoid a difficult trial that may have, in effect, resulted in weakened encryption. But it is a marketplace that creates clear risks: platform vendors cannot patch software they do not know is vulnerable; there is little control over the ultimate recipient of a purchased exploit, despite what companies like Azimuth say about their due diligence; and these marketplaces operate with little oversight.

It does seem likely that this market perhaps provides some security benefit to us all. So long as bug bounty programs continue to pay well and there are true white hat researchers, vulnerabilities will continue to be found, responsibly disclosed, and patched. If it manages to avert mandatory back doors or other weakening that at least seven countries’ governments are demanding, it may be to our benefit.

I do not like that idea, but I like the apparent alternatives — anything requiring deliberate flaws in encryption — a whole lot less. In a better world, I would rather these exploits be reported immediately to platform vendors. But the lid for this particular Pandora’s Box has long been lost.

End Trends

Charlie Warzel, in the first edition of his new newsletter Galaxy Brain:

The entire phenomenon of “Twitter’s Main Character” functions as a master class in context collapse. Many Very Online Users approach this daily ritual as something between high school cafeteria gossip time and one of those Rage Rooms where you pay money to break things with a hammer. But what’s really happening is thousands of strong individual online identities colliding against each other. In Hunt’s case, it was horror and sci-fi fans and film buffs who felt it was important to weigh in as a way to maintain their particular identities.


Twitter’s Trending Topics only seem only to exacerbate the site’s worst tendencies, often by highlighting the day’s (frequently trollish or bigoted) main character and increasing the opportunities for context collapse. And of course, none of this is new. For years, Twitter let Trending Topics devolve into a cesspool of misinformation. Conspiracy theorists and trolls have hijacked hashtags and manipulated trending topics to sow confusion and inject dangerous ideas into mainstream discourse.

You cannot escape the cloud of radioactive waste emanating from Twitter’s trending list even if you try. For one, the structure of Twitter’s website makes it difficult to hide the list of trends.1 It is far easier, not to mention much nicer, to use a Twitter client like Tweetbot or Twitterrific, where the list of trending topics is buried in some part of the app you never have to touch.

But everybody else is seeing those trends and piling on. Most people use Twitter through its website or official apps, all of which push trending topics to the foreground, so they all get a full menu of today’s main characters from which they can choose which outrage to weigh in on. You know those rules of thumb about breaking news stories? Trending topics on Twitter are like the pure concentrated version of what happens when those rules are ignored.

  1. I had some luck by adding div[data-testid="sidebarColumn"] section[aria-labelledby^="accessible-list"] div[role="link"] { display: none !important; } to my Safari.css file, but it seems fragile and likely to break. Nothing in Twitter’s website is named semantically. The markup looks like it was written by people who do not care. I bet they do, though, and have no say in how this thing is built. ↩︎

Apple’s ‘Spring Loaded’ Event Is April 20

Apple’s spring events have been interesting as of late. On the surface, they seem to be a bit of a grab-bag. With WWDC creating the perfect venue for operating system updates and Mac hardware, and the autumn events used to introduce flagship iPhone and Apple Watch hardware, the spring event often feels like an appetizer round to the year’s main courses.

But last year’s springtime products, announced by press release, included the iPhone SE, iPad Pro and Magic Keyboard, and a MacBook Air bump; the year before, it was the services event, a couple of iPad models, an iMac bump, and the second-generation AirPods. These product categories are not on the margins of Apple’s business, but they are also not the headliners, so these product launches are not seen by some in the tech press has having the gravitas as others throughout the year.

Anyway, Tuesday, usual time. Expect iPad Pros.

Spotify Announces Car Thing

Ashley Carman, the Verge:

Spotify’s first gadget has landed. Car Thing, a Spotify-only, voice-controlled device for the car, is launching today in limited quantities to invited users. It’s a dedicated, Bluetooth-connected device for controlling Spotify without the need for a phone screen, which seems to be meant for people who drive older cars without built-in infotainment systems or phone connections.

It is called “Car Thing”. How terrific is that? I don’t even care that it is, according to Carman, not a particularly great product. It is called “Car Thing”. That is a slam-dunk.

Bloomberg: Apple Is Working on a New TV Product With HomePod and Videoconferencing Capabilities

Mark Gurman, Bloomberg:

The company is working on a product that would combine an Apple TV set-top box with a HomePod speaker and include a camera for video conferencing through a connected TV and other smart-home functions, according to people familiar with the matter, who asked not to be identified discussing internal matters.

Gurman says that this product is “still in the early stages” which, if you want to be a bit cynical, gives this report enough wiggle room to never pan out.

But it is intriguing, isn’t it? I know that it is something I would have loved to own this past year. Over Christmastime, I used AirPlay to place a FaceTime window onto the television and set my MacBook Air on the coffee table so that we could spend time with family in a more immersive way. It was a pretty nice, albeit janky, setup.

The obvious question about something like this is where a camera would be mounted, given that some people probably do not put their Apple TV out in the open or adjacent to their television screen. The other question is whether we can expect a new remote, something that for years I have been hearing is in the works, yet somehow never arrives. The Apple TV appears to be on the development cycle usually reserved for new kinds of water.