Pixel Envy

Written by Nick Heer.

Archive for May, 2021

Street-Level Imagery in a Pandemic

Earlier today, I passed a Google Street View vehicle,1 and it got me thinking about the time capsule that this imagery is creating.

Google has already updated many areas with Street View photos collected in 2020. It is going to be noteworthy to look back at, for example, this sidewalk in Seine-Saint-Denis, France compared to just a couple of years prior. Most are wearing masks and standing far apart. This is a view of our world that many of us will remember, but it has been captured in a uniquely contemporary way.

Apple recently updated the image collection disclosure on its website to acknowledge that it will be collecting more Canadian imagery this summer in all provinces but, sadly, no territories.2 It rolled out Canadian availability of Look Around in December using imagery collected in summer 2019. It could have a similarly jarring before-and-after effect, except for the fact that Apple Maps does not have a comparable feature to move through different collections. As Apple begins to re-photograph regions that already exist in Look Around, I would like to see this feature come to Apple Maps.

There is a uniquely twenty-first century storytelling quality in being able to drive through the scenes of a pandemic. I do not wish to put any sort of positive spin on a globally devastating catastrophe. In thirty or forty years, though, I think comparing these images with those from other years will help communicate this reality those who are now very young or who have not yet been born. They are evidence that many of us cooperated to reduce the spread of disease. They show shops shuttered because it is a sacrifice required to minimize infection. Perhaps it is because we are still very much living through these hardships, but I find these images compelling and disturbing. Perhaps future generations will feel the same.


  1. A Honda HR-V, I think, not the usual Subaru Impreza. It had a flatter UFO-like camera array on its roof. I would love to read an article about why certain specific cars are chosen by Apple and Google, and why Apple stopped using vans↩︎

  2. In Canada, Apple also collected imagery in 2020. I added this footnote on June 8. ↩︎

Flashcard Apps Used by Military Accidentally Revealed Nuclear Secrets

Foeke Postma, Bellingcat:

Like their analogue namesakes, flashcard learning apps are popular digital learning tools that show questions on one side and answers on the other. By simply searching online for terms publicly known to be associated with nuclear weapons, Bellingcat was able to discover cards used by military personnel serving at all six European military bases reported to store nuclear devices. 

Experts approached by Bellingcat said that these findings represented serious breaches of security protocols and raised renewed questions about US nuclear weapons deployment in Europe.

[…]

Some flashcards uncovered during the course of this investigation had been publicly visible online as far back as 2013. Other sets detailed processes that were being learned by users until at least April 2021. It is not known whether secret phrases, protocols or other security practices have been altered since then.

It seems many flashcard websites default to public access and search engine indexing — which, while a fair growth strategy, is something users may not expect. I was able to find some of the flashcards in this article, and other presumably sensitive sets that were not. Several sets of cards could easily be traced back to individuals working on different bases because they had their full name as their user name.

Doc Searls: ‘Apple Is Not Fully Serious About Privacy’

This Doc Searls piece about App Tracking Transparency certainly is provocative. Here’s the core of his complaint about the systemwide preference to “Allow Apps to Request to Track”:

Key fact: it is defaulted to on. Meaning Apple is not fully serious about privacy. If Apple was fully serious, your iPhone would be set to not allow tracking in the first place. All those trackers would come pre-vaporized. […]

There is something to this argument but, also, it is completely bananas. Can you imagine the antitrust implications or the shitstorm from advertisers if Apple unilaterally disabled all app-based tracking after upgrading? I also think doing this on a per-app basis may have greater impact as it reveals to users what is going on in their favourite apps, instead of the operating system acting silently.

An interesting compromise would be to ask users to configure this setting at first boot.

Here’s the rest of the above paragraph:

[…] And Apple never would have given every iPhone an IDFA — ID For Advertisers — in the first place. (And never mind that they created IDFA back in 2013 partly to wean advertisers from tracking and targeting phones’ UDIDs (unique device IDs).

This is where I think things go off the rails. There are countless ways that devices can be fingerprinted, and the mandated use of IDFA instead of those surreptitious methods makes it harder for ad tech companies to be sneaky. It has long been possible to turn off IDFA or reset the identifier. If it did not exist, ad tech companies would find other ways of individual tracking without users’ knowledge, consent, or control.

And why “ask” an app not to track? Why not “tell”? Or, better yet, “Prevent Tracking By This App”? Does asking an app not to track mean it won’t?

History has an answer for those questions.

Remember Do Not Track? Invented in the dawn of tracking, back in the late ’00s, it’s still a setting in every one of our browsers. But it too is just an ask — and ignored by nearly every website on Earth.

Much like Do Not Track, App Tracking Transparency is a request — verified as much as Apple can by App Review — to avoid false certainty. Tracking is a pernicious reality of every internet-connected technology. It is ludicrous to think that any company could singlehandedly find and disable all forms of fingerprinting in all apps, or to guarantee that users will not be tracked.

The thing that bugs me is that Searls knows all of this. He’s Doc Searls; he has an extraordinary thirteen year history of writing about this stuff. So I am not entirely sure why he is making arguments like the ones above that, with knowledge of his understanding of this space, begin to feel disingenuous. I have been thinking about this since I read this article last night and I have not come to a satisfactory realistic conclusion.

Apple is a big, giant, powerful company — but it is only one company that operates within the realities of legal and technical domains. We cannot engineer our way out of the anti-privacy ad tech mess. The only solution is regulatory. That will not guarantee that bad actors do not exist, but it could create penalties for, say, Google when it ignores users’ choices or Dr. B when it warehouses medical data for unspecified future purposes.

Update: Searls has posted a followup article clarifying a few things and graciously responding to feedback from several people including yours truly. I am not as pessimistic as Searls is about regulation, but I understand better where he is coming from and I appreciate this thorough response.

Jony Ive Was Involved in the Design of the New iMac

Jeremy White, Wired UK:

When Apple first revealed the new iMac’s styling in April, it was immediately apparent it had a design hit on its hands. Apple also knew what it was doing with the launch video. Multiple dancing 11.5mm-thin iMacs in green, yellow, orange, pink, purple, blue and silver pirouetted across the screen in a far from subtle reference to the original “Colours” ad for the old G3 iMac.

This, of course, was the iMac that made Jony Ive a household name. The friendly, accessible design and simplicity of use made this the Mac you actually wanted in your home. As the mission for the new iMac is pretty much the same, why not copy that ad?

But Apple has another reason to reference this old campaign. Jony Ive was involved in the design of this new iMac, despite having left Apple back in 2019. Hardware design is a long process, so perhaps it’s not surprising that Ive’s fingerprints are all over this new desktop. But, interestingly, Apple would not confirm or deny if he worked on the 2021 iMac after he left the company – just that he had worked on it.

Ever since Jony Ive stepped away from Apple two years ago, that vacuum has served as a sort of ink blot test into which many people can project their optimism or fears about the company. What does it mean that there is no longer an executive-level design person at Apple? Is the more colourful direction of recent products a result of Ive’s departure? Was the MacBook keyboard saved because Ive left? Now that Ive no longer works at Apple, will it regain a sense of whimsy and fewer compromises?

The sober reality is that Ive was not the only industrial designer at Apple, that the company’s products have always depended on the contributions of lots of people, and that the influence of Ive’s specific tendencies is more complicated than it may have appeared. That goes for this iMac, too — we do not know what Ive contributed and whether he was aware of the colours, but individual feelings about that will likely be based on individual views of Ive’s legacy. When the new MacBook Pro debuts with more than just a handful of USB-4 ports, there will be those who ascribe this to a lack of Ive influence, and that will be a mistake.

I still think it is dispiriting that there is not anyone on Apple’s leadership page directly responsible for design, but Apple shipped plenty of well-designed and iconic products before that position was added in 2006. I do not think it implies anything about the state of the company but, rather, an acknowledgement that Ive is, at least temporarily, irreplaceable.

Documents in Arizona Lawsuit Detail Efforts by Google to Collect User Location

Tyler Sonnemaker, Insider:

Google uses a variety of avenues to collect user location data, according to the documents, including WiFi and even third-party apps not affiliated with Google, forcing users to share their data in order to use those apps or, in some cases, even connect their phones to WiFi.

“So there is no way to give a third party app your location and not Google?” one employee said, according to the documents, adding: “This doesn’t sound like something we would want on the front page of the [New York Times].”

When Google tested versions of its Android operating system that made privacy settings easier to find, users took advantage of them, which Google viewed as a “problem,” according to the documents. To solve that problem, Google then sought to bury those settings deeper within the settings menu.

If you give users choices on privacy, they will respond in force. This is terrible news for companies that rely on users’ inability to make changes, or because they do not know they have options. If a company’s business model only exists because of deception, ignorance, and a lack of regulation, it is not legitimate. It is creepy.

I am reminded of Facebook’s funding of a recent paper in which a couple of researchers whined about App Tracking Transparency on that company’s behalf.

Every company should have to play by far stricter privacy standards. It is clearly what people want.

‘Extremely Isolated and Never Alone’

For his excellent Galaxy Brain newsletter, Charlie Warzel interviewed epidemiologist Julia Marcus about what feels like the end of this pandemic. I thought this response to a question about emerging from our cocoons was thoughtful:

This is an awkward moment. People have had vastly different experiences of the past year — from minor inconvenience to full blown trauma, and there are a lot of stressed out people in between. In some ways, nothing’s changed. People are continuing to judge each other’s behavior: they’re either moving on too quickly or not quickly enough. Compassion on all fronts would probably go a long way.

I think, though, that it’s important to differentiate between peoples’ individual behaviors and what policies need to be in place. As a public health person I think about both. The online and media discourse has been so focused on individual behavior — for example, the whole, ‘why are you still wearing [or not wearing] a mask outside?!’ debate. It’s often questions about what individuals are doing. But policy is so different and subject to its own distractions. Take outdoor mask mandates, which have had an outsized focus. There’s this visibility bias, I think. We focus on things we can see and control, while the real risks — in workplaces and households — remain out of sight and largely unaddressed.

This interview comes a day after the Alberta government announced its reopening plan. After a few weeks of having the highest rate of novel coronavirus cases in North America and, consequently, living with the strictest restrictions we have faced since last spring, the province announced that we would revert to our moderate April restrictions on June 1. If hospitalizations are still declining and vaccinations reach a threshold, those guidelines will be expanded slightly just a couple weeks later. And then, just a couple of weeks after that, the plan is to eliminate all restrictions. It feels bizarre; it is hard to believe.

Automakers to Domestically Store Vehicle Data of Drivers in China

Trefor Moss, Wall Street Journal:

Tesla Inc. said all data generated from cars it sold in China will be stored in a new data center there.

[…]

In recent weeks, China has released a flurry of draft rules related to automotive data. Among them were the Cyberspace Administration of China’s draft rules that said auto makers should obtain their customers’ permission to collect personal data.

The rules, released this month, also said that data could only be sent overseas if the auto maker had passed a security assessment conducted by cybersecurity regulators.

Yilei Sun and Tony Munroe, Reuters:

BMW, Daimler and Ford have set up facilities in China to store data generated by their cars locally, they told Reuters, as automakers come under growing pressure in the world’s biggest car market over how they handle information from vehicles.

[…]

Nissan Motor and Stellantis said they would comply with rules in China but gave no further details.

Reuters contacted other major automakers and got a mixed response; only the ones listed above confirmed that they would comply. Stellantis owns Alfa Romeo, Fiat, Lancia, Maserati, the entire Chrysler family of brands, and Citroen/Peugeot.

I am surprised more countries are not following in these footsteps. You don’t have to assume nefarious intent in order to believe user data should be stored on servers located in the same country and under the same legal jurisdiction. But the countries where these policies are taking effect — China and Russia being the most notable — are largely governed by authoritarian regimes. Meanwhile, in many democratic countries, we seem to have an unwavering trust in American authorities.

Annotated Photo Edits

I have spent this afternoon looking through a bunch of edited photos compared to the annotated original. You may be familiar with this concept, but it is new to me and I love it. It is motivating and instructional to see how great photographers edit in post to get the image in their head.

Here are a handful that I stumbled across:

I love these process examples; I could do this all day long. I feel inspired.

Farhad Manjoo on Apple’s App Store Commission

Farhad Manjoo, New York Times:

But for how many years should Apple get to milk billions of dollars of almost pure profit from an invention first released back when George W. Bush was president? What justification is there any longer for Apple’s severe restrictions on how users and software makers can do business with each other, other than that it has the market power to impose them? Isn’t it time we were all given a break from the Apple tax?

Apple’s tax is a great boon to its bottom line. It is a costly drag for the users who spend enormous sums on its products and for developers looking to create apps to add tricks to your iPhone. And it can no longer be defended with a straight face.

It is hard not to see the rules around App Store commissions and payment mechanisms as opportunistic avenues of nearly pure profit. Yet, I have to wonder if those who support looser rules are prepared for Apple’s response should it lose to Epic Games, and if antitrust regulators step in. Does anyone imagine that Apple will just kiss a chunk of its App Store profits goodbye?

While we’re in that news dead zone between the trial ending, WWDC beginning, and the verdict of the trial, here’s a dumb little thought exercise: what responses can you imagine if the iOS app marketplace is radically changed by this ruling and further antitrust action?

Let’s imagine that anti-steering rules are dropped, alternative payment mechanisms are allowed, and — as Manjoo wishes — the 30% commission is either drastically reduced or eliminated altogether. I imagine users will be able to subscribe to Netflix and Spotify from within their apps, buy Kindle books directly through the app, and purchase Fortnite skins from within the game. But I would bet against companies with iPhone apps passing along their commission savings by significantly dropping prices to consumers.

Apple’s response is what I am most curious about. It would have to keep its payment mechanism more competitive, perhaps through more features or lower costs to developers. But I also imagine that Apple will want to recoup some of its lost revenues. It could raise its developer program fee. It could begin charging users for software again. It could charge developers for all sorts of App Store features, like per-app costs or hosting fees.1

I am not for one minute arguing that the status quo is acceptable. I do not think these speculative repercussions should dissuade regulators and lawmakers from taking a closer look at restrictions like those in the App Store and the Google Play Store. I understand why many commentators are focused on the exciting opportunities an Epic Games win may mean for the App Store. But let’s not pretend that these big changes will come for free, nor without many adaptations by users, developers, and platform owners.


  1. The only way any of these consequences are mitigated is if the App Store-only model of iOS and iPadOS is prohibited so they must be treated as general computer platforms. ↩︎

Apple Considered Buying Time Warner in 2015

In 2016, the Financial Times reported that Apple’s Eddy Cue wanted to bid for Time Warner. Now that Discovery is merging with WarnerMedia, Time Warner’s successor, Alex Sherman of CNBC wrote about that proposal spurred from a smaller exclusive offering idea:

During the talks, Bewkes and Cook broached the subject of Apple acquiring Time Warner to deal with one of the biggest hurdles of the $19-per-month concept: What if Apple or Time Warner eventually wanted to back out? Once the companies went live with the offer, they’d need to stay aligned. Walking away from the deal could be disastrous to both companies’ external relationships.

Cue expressed interest in a full acquisition, but Cook ultimately wasn’t ready to pull the trigger on what likely would have been a nearly $100 billion deal, two of the people said. Neither Bewkes nor Cook had initially expected the talks to lead to thoughts of an acquisition, said the people. Time Warner had successfully fought off a hostile takeover offer from Fox a year earlier.

Sherman speculates that Apple could make an offer for a major studio, or perhaps even the combined WarnerMedia-Discovery, to accelerate its Apple TV Plus efforts:

If Apple wants to stay in the streaming video world, Cook may need to buck the company’s history of avoiding big-money M&A. The WarnerMedia-Discovery deal isn’t expected to close until mid-2022. That gives Cook a year to do some serious thinking about his company’s future.

I am skeptical of this make-or-break narrative. Apple’s long history of small but meaningful acquisitions has paid off, though often not quickly. I admit that I still don’t fully get why Apple is making TV, but it does not seem like it is adopting the throw-everything-at-the-wall tactics of Netflix. That’s not to say everything has been quality so far, but the bar seems a lot higher than Netflix’s, and that might take longer to pay off.

Put another way: Apple can afford to acquire a big studio or four, but it can also afford to play the long game. Apple TV Plus is comfortably protected by the rest of the company’s growing services business. It has time and space to slowly build.

Amazon Is Buying MGM for Over $8 Billion

Peter Kafka, Recode:

Big tech companies have been eyeing big media companies for years — but they’ve never gotten together before. Now it’s finally, probably happening: Amazon is getting ready to pay $9 billion for MGM Holdings, the Hollywood studio that brings you James Bond and a smattering of other stuff, like the Pink Panther movies and The Handmaid’s Tale TV show.

Which leads to some questions. Why now? Why Amazon? Why MGM? And, just as important: Will regulators let it happen?

Short answers here: The media world is consolidating and there aren’t many targets left for a would-be acquirer. Amazon has spent many billions on video without much to show for it, and thinks owning a studio — and, crucially, the rights to the intellectual property the studio owns — could help it create Really Big Movies and TV Shows You Really Want To Watch. Not so much because it wants to own streaming, but because it wants you to keep coming to Amazon. MGM, meanwhile, has been trying to sell itself for years.

That last sentence seems key. MGM Studios has been shuffled around for pretty much its entire existence, and has been on shaky financial ground for decades. Its strongest asset is the entire catalogue of James Bond movies; it also controls the Rocky, Legally Blonde, and Pink Panther franchises. Not a whole lot going on there.

The question is what Amazon is going to make of its $8.45 billion purchase — Kafka’s analysis was written before the final purchase price was confirmed — assuming regulators permit it. Does it provide the catalyst for Amazon’s streaming platform to emerge from the shadows of being a Prime perk? Or is this more of a long-tail marketing push to get you to buy a Prime subscription and, ultimately, purchase loads of pillows and bar carts and musical instruments and cases of snacks you don’t need? It looks like James Bond films are not just for product placement any more; they are now long-form advertisements for the world’s largest counterfeiters’ paradise.

Vaccine Waitlist Service ‘Dr. B’ Is Not Legally Obligated to Protect the Health Information It Collected From Over Two Million People

Mia Sato, MIT Technology Review:

I searched for people who had used Dr. B to actually receive a vaccination. I made phone calls to and exchanged messages with people who had signed up. I scoured online forums and neighborhood groups across the country. But after weeks of looking, I was unable to identify a single individual who successfully got a shot through the service. Instead, I heard from dozens of people all over the country who signed up but only received notice of available vaccines long after they had already been vaccinated elsewhere, as well as many others who say they were never contacted by the company after initial registration.

[…]

To find out more, I asked Dr. B itself how many people it had gotten vaccinated. But after a series of verbal and written requests, and in an interview with its founder, Dr. B refused to say how many vaccines it had helped deliver, or to offer any other measure of success.

So I was left wondering: Did Dr. B achieve what it set out to do? And what is the company doing with its huge list of people’s names, locations, contact information, and health conditions?

I do not love doubt sown by an absence of information. But one comes away from this investigation with the distinct impression that Dr. B is a temporary entity that is taking advantage of a global pandemic to collect information for later use. That, or it is a legitimate company that exists solely to connect people to vaccine doses, yet has no record of success and its founder becomes evasive when asked even basic questions.

Update: For those who signed up for Dr. B and would like to remove their data, the Markup’s Julia Angwin posted the relevant section of the company’s privacy policy on Twitter.

Arguments Wrap in Epic v. Apple

Elizabeth Lopatto, the Verge:

Throughout the trial, Epic’s general strategy appears to have been to stuff the record as full of evidence as possible — just in case it’s needed on the inevitable appeal. To do that, Epic sacrificed telling a coherent story.

Apple, on the other hand, was on brand. It had a clear story and it spent the entire trial hammering it home: Apple controls the App Store because the alternative would be a security and privacy nightmare. Whether it was Swanson, Moye, or Doren at the podium, this story didn’t waver, just as it mostly didn’t waver throughout the rest of the trial. (Tim Cook biffed this by citing a business model and not mentioning security.) Phil Schiller, Apple’s marketing guru, sat at the table with the lawyers throughout the trial; from time to time, I found myself wondering how involved he was in crafting the lawyers’ messaging.

Both parties agreed that the top two issues of the day were market definition and remedies. Who you will agree with in the end is going to depend on how the market is defined, I suspect.

Juli Clover, MacRumors:

At the conclusion of the trial, Judge Rogers said that she expects that her verdict will take quite some time, but she did not provide a concrete date. It could be several weeks before we hear about the Epic Games v. Apple trial again, and it’s quite likely that any decision will be appealed, so this is a lawsuit that could carry on for months to come.

Like last year, the days leading up to WWDC are complicated by antitrust questions and developer dissatisfaction. Judge Rogers will not have a verdict until the conference has long passed. But it comes in the aftermath of days of testimony in which Apple’s executive team stubbornly stuck to a business case that confirmed developers’ longstanding frustrations.

I am not sure if I wrote this publicly, but in discussions with friends, I have long maintained that Epic is a bad plaintiff in this case. It is hard to sympathize with a developer that is suing over a single-digit percentage of its revenues because of a contract dispute that it initiated in bad faith, and where it is clear that it hopes to develop its own platform that will have similarly stringent rules. But this trial has surely put a big dent in Apple’s reputation. If you thought before that Apple was an overly controlling corporate giant that squeezed money at every possible opportunity, its executives’ testimony reinforced that. Even if you are comfortable with Apple’s business case, Tim Cook’s cold remarks must have shaken some of that confidence.

In a little under two weeks, WWDC will begin. Like last year, I am sure Cook and Federighi are relieved they will not have to face developers in person. That would be awkward.

The New York Times Takes the Bait

Remember that Florida state bill I told you about last month that seeks to prevent social media companies from moderating the speech of politicians and candidates on their platforms? Well, Gov. Ron DeSantis signed it into law today, wildly specific carve-outs and all:

A late amendment to the bill exempts companies from the law if they own a theme park or an entertainment venue larger than 25 acres. That means the law is unlikely to apply to websites owned by Disney, which operates the Walt Disney World Resort, and Comcast, which owns Universal Studios Florida.

This exemption was pitched by State Sen. Ray Rodrigues and State Rep. Blaise Ingoglia. Both of those fine individuals were quoted in the press release that omitted any mention of the carve-out, even though Ingoglia admitted a couple of weeks ago that it was inserted because he was worried about Disney Plus getting “caught up in this”. Disney gave $35,000 to Free Markets for Florida, a PAC associated (PDF) with Rodrigues, and was the third-largest donor to Ingoglia’s 2018 campaign. It’s not corruption; it’s lobbying.

Anyway, I am getting sidetracked. The real reason I wanted to cover this today is because the New York Times took the bad faith framing established by the people behind this bill and ran with it. For example, here is the reaction attributed to Florida Lieutenant Governor Jeanette Nuñez in the press release issued by DeSantis’ office:

What we’ve been seeing across the U.S. is an effort to silence, intimidate, and wipe out dissenting voices by the leftist media and big corporations [Except Disney! — ed.]. Today, by signing SB 7072 into law, Florida is taking back the virtual public square as a place where information and ideas can flow freely. Many of our constituents know the dangers of being silenced or have been silenced themselves under communist rule. Thankfully in Florida we have a Governor that fights against big tech oligarchs that contrive, manipulate, and censor if you voice views that run contrary to their radical leftist narrative.

In one paragraph, Nuñez aligns platform moderation with literal communist censorship, and ascribes the same motivations to both. Now, let’s look at how David McCabe of the Times describes this bill:

In Florida, as in dozens of other states, the Republican lawmakers’ push to punish social media companies follows the party’s other efforts to feed the demands of a conservative base that remains loyal to Mr. Trump.

[…]

But Democrats, libertarian groups and tech companies all say the law violates the tech companies’ First Amendment rights to decide how to handle content on their own platforms. It also may prove impossible to bring complaints under the law because of Section 230, the legal protections for web platforms that Mr. Trump has attacked.

Did you catch that? In this framing, the goals of this bill are purely partisan issues that align Democrats and tech companies against Republicans. In fairness, it was passed almost along party lines, with just two Democrats (Bush III and Learned) voting in favour, and one Republican (Plasencia) voting against. Republican state representatives in Florida are nearly united in their support for this bill; Democratic state representatives are largely opposed.

Linking the opposition by Democrats and libertarians with the opposition by tech companies extends the partisan divide of the vote into the interpretation of its qualities. It removes this bill from the context in which it was created: as a direct response to the feeling that tech companies are uniquely biased against American conservatives. That is simply untrue, as found by studies from NYU’s Stern Center for Business and Human Rights and the CATO Institute, the latter of which directly addressed the reframing of social media platforms as “public forums”:

Complaining about being ejected from the most popular party in town doesn’t entitle you to demand that cops show up to force the host to let you in. Hosts of less popular parties are free to open their doors to you.

I have issues with many aspects of the CATO Institute’s report; unlike them, I have a bias in favour of regulation. But they are right on this point: just because a post or a user is subject to moderating activity on Twitter or Facebook, it does not mean their rights or their speech was infringed upon. That is particularly true in the case of politicians or political candidates, any one of whom can be given plenty of airtime on any television network.

This bill effectively requires companies with interactive platforms to extend a different standard to politicians than they do to any other user, unless the company is Disney or Comcast. It is something Republicans in Florida have agreed to despite its many constitutional problems, and which Democrats in the state and tech companies oppose.

For the sake of argument, it does not matter exactly why Floridian Democrats oppose this bill, whether on party-line grounds, or for moral or legal reasons. It is more relevant to ask why the companies that run these platforms are also opposed. For them, it is a question of their control over their platforms and what rights platform owners are able to exercise. This bill, as signed into law, is an infringement on their First Amendment rights to run their platform as they see fit. Contrary to the Times’ narrow argument, it is not the case that it is simply “Democrats, libertarian groups and tech companies all say” that these rights are at stake. The analysis statement (PDF) prepared by Florida Senate staff acknowledged that this bill might have First Amendment implications, too.

Republicans in Florida have managed to successfully frame this as a battle over whether American conservatives are discriminated against, despite no supporting evidence, and the Times took that bait:

Mr. DeSantis said signing the bill, which is likely to face a constitutional challenge, meant that Floridians would be “guaranteed protection against the Silicon Valley elites.”

“If Big Tech censors enforce rules inconsistently, to discriminate in favor of the dominant Silicon Valley ideology, they will now be held accountable,” he said in a statement.

None of these statements are supported in fact. While it is fair to quote DeSantis, he does not deserve a treatment that is credulous until the final few paragraphs when he is speaking in bad faith. The summary of the coverage of this bill should be identical in all reputable news outlets: it is an unconstitutional response to a problem invented by Republicans. Support for the bill may be nearly perfectly partisan, but that does not mean opposition is similarly so for equally political reasons.

Vulnerability Patched in MacOS 11.4 Allowed Bypass of Consent and Control Permissions

Apple describing one of the security patches in MacOS Big Sur 11.4:

TCC

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.

Description: A permissions issue was addressed with improved validation.

CVE-2021-30713: an anonymous researcher

Stuart Ashenbrenner, Jaron Bradley, and Ferdous Saljooki of Jamf, the organization that reported this vulnerability:

For example, if the virtual meeting application zoom.us.app is found on the system, the malware will place itself like so:

/Applications/zoom.us.app/Contents/MacOS/avatarde.app

If the victim computer is running macOS 11 or greater, it will then sign the avatarde application with an ad-hoc signature, or one that is signed by the computer itself.

Once all files are in place, the custom application will piggyback off of the parent application, which in the example above is Zoom. This means that the malicious application can take screenshots or record the screen without needing explicit consent from the user. It inherits those TCC permissions outright from the Zoom parent app. This represents a considerable privacy concern for end-users.

During Jamf’s testing, it was determined that this vulnerability is not limited to screen recording permissions either. Multiple different permissions that have already been provided to the donor application can be transferred to the maliciously created app.

A clever violation of inherited permissions. As this is an actively-exploited vulnerability, you should probably update as soon as you can. I do not see the same CVE in today’s Catalina or Mojave updates, so it appears this is entirely a Big Sur problem.

It Is Time for iPadOS to Have Its Mac OS X Moment

Daryl Baxter, TechRadar (so you are aware, the TechRadar website is among the worst I have used recently, as it loads some WebP images several times every second in the background; after having it open for just a few minutes, this page was already 30 MB. Just keep that in mind as you open this quite good column within a trash heap of a website):

Once Steve Jobs returned to the company in 1998, it was decided to use most of the codebase from the company that Apple had bought to bring him and his team back in – NeXT.

Rhapsody was the codename for what would become Mac OS X, which was made available as a public beta in 2000.

There was a dock, an easier method of searching for your apps, a new UI, and true multitasking support.

Sound familiar?

I like this comparison.1

Even though iOS was based off the full-featured Mac OS X, Apple still rebuilt much of its functionality in a way that was true and specific to the iPhone and, then, the iPad. Multitasking, for example, took years to come to iOS, only to arrive in limited but since-expanded capacity. It still does not replicate the multitasking experience of MacOS. That can be okay on an iPhone where every app is a full-screen app and everything feels more like a single-purpose widget, but the iPad is a different product that needs a different approach.

I would love to see what a Mac OS X moment looks like for the iPad. It could feel familiar while being radically rethought as an iPad-first operating system. Something that sheds the baggage of both the desktop operating system paradigm and its smartphone roots. I fear that is too ambitious for a platform now used by tens (or hundreds) of millions of people.


  1. This is an absurdly nitpicky point, but this is where I pick nits:

    We currently have an engine of a Reliant Robin inside a Ferrari – the iPad is capable of so much, but the operating system hinders the whole product line.

    This is, if anything, completely backwards. The iPad is a masterpiece of engineering that simply is not capable of being harnessed. If you don’t understand analogies, just don’t use them. ↩︎

Lossless Audio Will Be Supported on the HomePod and HomePod Mini With a Software Update

An Apple support document published today contains answers to a bunch of questions you may have about lossless audio. Two things of note:

  1. Both the HomePod and HomePod Mini will support lossless playback in a future software update.

  2. While the Lightning-to-headphone-jack adapter uses a DAC that supports 24 bit, 48 kHz audio, the opposite analog-to-digital converter in the 3.5mm-to-Lightning cable that works with the AirPods Max does not convert audio at fully lossless quality.

Neighbourhood Crime Reporting App Citizen Is Testing On-Demand Security Force

Joseph Cox, Vice:

Crime and neighborhood watch app Citizen has ambitions to deploy private security workers to the scene of disturbances at the request of app users, according to leaked internal Citizen documents and Citizen sources.

The plans mark a dramatic expansion of Citizen’s purview. It is currently an app where users report “incidents” in their neighborhoods and, based on those reports and police scanner transcriptions, the app sends “real-time safety alerts” to users about crime and other incidents happening near where a user is located. It is essentially a mapping app that allows users to both report and learn about crime (or what users of the app perceive to be crime) in their neighborhood. The introduction of in-person, private security forces drastically alters the service, and potential impact, that Citizen may offer in the future, and provides more context as to why a Citizen-branded vehicle has been spotted driving around Los Angeles. The news comes after Citizen offered a $30,000 bounty against a person it falsely accused of starting a wildfire.

Citizen is pitching this as a way to have a private security escort in sketchy situations — Uber but for bodyguards — but you can bet that it will not be taking responsibility for the actions of the security forces it contracts with. Like Uber has for many years, Citizen will surely emphasize that it is a platform and that these private police forces are third-party companies. You can see this as entirely my own speculation, but you know this is how things work.

There is something cartoonishly dangerous about this whole project. This is some police officer cosplay for the rich, with private security forces driving around in a blacked-out Ford Explorer covered in Citizen branding and a slogan — “Making Your World a Safer Place” — that sounds like it was ripped off from a sci-fi quasi-military force. It would be funny if it were not so alarming.

Inside the 2011 RSA Breach

Andy Greenberg, Wired:

For those with a longer memory, though, the RSA breach was the original massive supply chain attack. State cyberspies—who were later revealed to be working in the service of China’s People’s Liberation Army—penetrated infrastructure relied on across the globe to protect the internet. And in doing so, they pulled the rug out from under the entire world’s model of digital security. “It opened my eyes to supply chain attacks,” says Mikko Hypponen, chief research officer at F-Secure, who worked with Hirvonen on the company’s analysis of the RSA breach. “It changed my view of the world: the fact that, if you can’t break into your target, you find the technology that they use and break in there instead.”

In the decade that followed, many key RSA executives involved in the company’s breach have held their silence, bound by 10-year nondisclosure agreements. Now those agreements have expired, allowing them to tell me their stories in new detail. Their accounts capture the experience of being targeted by sophisticated state hackers who patiently and persistently take on their most high-value networked targets on a global scale, where an adversary sometimes understands the interdependencies of its victims’ systems better than victims do themselves, and is willing to exploit those hidden relationships.

There are two things this article illustrated for me. The first is that it was relatively easy for RSA to trace the attack as it happened on its own network, no doubt due to some excellent design decisions.

The second is how difficult it can be to accurately attribute security breaches. Greenberg relays the story of how the NSA and Lockheed Martin claimed that RSA’s stolen seeds were used by Chinese intelligence agencies to infiltrate U.S. defence contractors. At the time, RSA acknowledged that this breach may have been responsible, but former RSA executives now dispute that, pointing to a lack of evidence. While it is easy to assume that people closely associated with RSA are going to defend the company, we should also be cautious in assuming that U.S. intelligence and these contractors are telling the truth. Unfortunately, there is still little public evidence either way. That is not to say that there are two equally-valid theories; we just do not yet know what the truth is.