24 — May — 2021 — Pixel Envy

Archive for May 24th, 2021

The New York Times Takes the Bait

Remember that Florida state bill I told you about last month that seeks to prevent social media companies from moderating the speech of politicians and candidates on their platforms? Well, Gov. Ron DeSantis signed it into law today, wildly specific carve-outs and all:

A late amendment to the bill exempts companies from the law if they own a theme park or an entertainment venue larger than 25 acres. That means the law is unlikely to apply to websites owned by Disney, which operates the Walt Disney World Resort, and Comcast, which owns Universal Studios Florida.

This exemption was pitched by State Sen. Ray Rodrigues and State Rep. Blaise Ingoglia. Both of those fine individuals were quoted in the press release that omitted any mention of the carve-out, even though Ingoglia admitted a couple of weeks ago that it was inserted because he was worried about Disney Plus getting “caught up in this”. Disney gave $35,000 to Free Markets for Florida, a PAC associated (PDF) with Rodrigues, and was the third-largest donor to Ingoglia’s 2018 campaign. It’s not corruption; it’s lobbying.

Anyway, I am getting sidetracked. The real reason I wanted to cover this today is because the New York Times took the bad faith framing established by the people behind this bill and ran with it. For example, here is the reaction attributed to Florida Lieutenant Governor Jeanette Nuñez in the press release issued by DeSantis’ office:

What we’ve been seeing across the U.S. is an effort to silence, intimidate, and wipe out dissenting voices by the leftist media and big corporations [Except Disney! — ed.]. Today, by signing SB 7072 into law, Florida is taking back the virtual public square as a place where information and ideas can flow freely. Many of our constituents know the dangers of being silenced or have been silenced themselves under communist rule. Thankfully in Florida we have a Governor that fights against big tech oligarchs that contrive, manipulate, and censor if you voice views that run contrary to their radical leftist narrative.

In one paragraph, Nuñez aligns platform moderation with literal communist censorship, and ascribes the same motivations to both. Now, let’s look at how David McCabe of the Times describes this bill:

In Florida, as in dozens of other states, the Republican lawmakers’ push to punish social media companies follows the party’s other efforts to feed the demands of a conservative base that remains loyal to Mr. Trump.

[…]

But Democrats, libertarian groups and tech companies all say the law violates the tech companies’ First Amendment rights to decide how to handle content on their own platforms. It also may prove impossible to bring complaints under the law because of Section 230, the legal protections for web platforms that Mr. Trump has attacked.

Did you catch that? In this framing, the goals of this bill are purely partisan issues that align Democrats and tech companies against Republicans. In fairness, it was passed almost along party lines, with just two Democrats (Bush III and Learned) voting in favour, and one Republican (Plasencia) voting against. Republican state representatives in Florida are nearly united in their support for this bill; Democratic state representatives are largely opposed.

Linking the opposition by Democrats and libertarians with the opposition by tech companies extends the partisan divide of the vote into the interpretation of its qualities. It removes this bill from the context in which it was created: as a direct response to the feeling that tech companies are uniquely biased against American conservatives. That is simply untrue, as found by studies from NYU’s Stern Center for Business and Human Rights and the CATO Institute, the latter of which directly addressed the reframing of social media platforms as “public forums”:

Complaining about being ejected from the most popular party in town doesn’t entitle you to demand that cops show up to force the host to let you in. Hosts of less popular parties are free to open their doors to you.

I have issues with many aspects of the CATO Institute’s report; unlike them, I have a bias in favour of regulation. But they are right on this point: just because a post or a user is subject to moderating activity on Twitter or Facebook, it does not mean their rights or their speech was infringed upon. That is particularly true in the case of politicians or political candidates, any one of whom can be given plenty of airtime on any television network.

This bill effectively requires companies with interactive platforms to extend a different standard to politicians than they do to any other user, unless the company is Disney or Comcast. It is something Republicans in Florida have agreed to despite its many constitutional problems, and which Democrats in the state and tech companies oppose.

For the sake of argument, it does not matter exactly why Floridian Democrats oppose this bill, whether on party-line grounds, or for moral or legal reasons. It is more relevant to ask why the companies that run these platforms are also opposed. For them, it is a question of their control over their platforms and what rights platform owners are able to exercise. This bill, as signed into law, is an infringement on their First Amendment rights to run their platform as they see fit. Contrary to the Times’ narrow argument, it is not the case that it is simply “Democrats, libertarian groups and tech companies all say” that these rights are at stake. The analysis statement (PDF) prepared by Florida Senate staff acknowledged that this bill might have First Amendment implications, too.

Republicans in Florida have managed to successfully frame this as a battle over whether American conservatives are discriminated against, despite no supporting evidence, and the Times took that bait:

Mr. DeSantis said signing the bill, which is likely to face a constitutional challenge, meant that Floridians would be “guaranteed protection against the Silicon Valley elites.”

“If Big Tech censors enforce rules inconsistently, to discriminate in favor of the dominant Silicon Valley ideology, they will now be held accountable,” he said in a statement.

None of these statements are supported in fact. While it is fair to quote DeSantis, he does not deserve a treatment that is credulous until the final few paragraphs when he is speaking in bad faith. The summary of the coverage of this bill should be identical in all reputable news outlets: it is an unconstitutional response to a problem invented by Republicans. Support for the bill may be nearly perfectly partisan, but that does not mean opposition is similarly so for equally political reasons.

⌥ May 24, 2021

Vulnerability Patched in MacOS 11.4 Allowed Bypass of Consent and Control Permissions

Apple describing one of the security patches in MacOS Big Sur 11.4:

TCC

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.

Description: A permissions issue was addressed with improved validation.

CVE-2021-30713: an anonymous researcher

Stuart Ashenbrenner, Jaron Bradley, and Ferdous Saljooki of Jamf, the organization that reported this vulnerability:

For example, if the virtual meeting application zoom.us.app is found on the system, the malware will place itself like so:

/Applications/zoom.us.app/Contents/MacOS/avatarde.app

If the victim computer is running macOS 11 or greater, it will then sign the avatarde application with an ad-hoc signature, or one that is signed by the computer itself.

Once all files are in place, the custom application will piggyback off of the parent application, which in the example above is Zoom. This means that the malicious application can take screenshots or record the screen without needing explicit consent from the user. It inherits those TCC permissions outright from the Zoom parent app. This represents a considerable privacy concern for end-users.

During Jamf’s testing, it was determined that this vulnerability is not limited to screen recording permissions either. Multiple different permissions that have already been provided to the donor application can be transferred to the maliciously created app.

A clever violation of inherited permissions. As this is an actively-exploited vulnerability, you should probably update as soon as you can. I do not see the same CVE in today’s Catalina or Mojave updates, so it appears this is entirely a Big Sur problem.

⌥ May 24, 2021

It Is Time for iPadOS to Have Its Mac OS X Moment

Daryl Baxter, TechRadar (so you are aware, the TechRadar website is among the worst I have used recently, as it loads some WebP images several times every second in the background; after having it open for just a few minutes, this page was already 30 MB. Just keep that in mind as you open this quite good column within a trash heap of a website):

Once Steve Jobs returned to the company in 1998, it was decided to use most of the codebase from the company that Apple had bought to bring him and his team back in – NeXT.

Rhapsody was the codename for what would become Mac OS X, which was made available as a public beta in 2000.

There was a dock, an easier method of searching for your apps, a new UI, and true multitasking support.

Sound familiar?

I like this comparison.¹

Even though iOS was based off the full-featured Mac OS X, Apple still rebuilt much of its functionality in a way that was true and specific to the iPhone and, then, the iPad. Multitasking, for example, took years to come to iOS, only to arrive in limited but since-expanded capacity. It still does not replicate the multitasking experience of MacOS. That can be okay on an iPhone where every app is a full-screen app and everything feels more like a single-purpose widget, but the iPad is a different product that needs a different approach.

I would love to see what a Mac OS X moment looks like for the iPad. It could feel familiar while being radically rethought as an iPad-first operating system. Something that sheds the baggage of both the desktop operating system paradigm and its smartphone roots. I fear that is too ambitious for a platform now used by tens (or hundreds) of millions of people.

This is an absurdly nitpicky point, but this is where I pick nits:

We currently have an engine of a Reliant Robin inside a Ferrari – the iPad is capable of so much, but the operating system hinders the whole product line.

This is, if anything, completely backwards. The iPad is a masterpiece of engineering that simply is not capable of being harnessed. If you don’t understand analogies, just don’t use them. ↩︎

⌥ May 24, 2021