Pixel Envy

Written by Nick Heer.

Archive for May, 2021

The Albergotti Spin

On the whole, I have been impressed with the way media coverage of tech companies has swung in a more critical direction over the past several years. Technocratic cheerleading produced waves of undeserved hype for companies that barely had a product or were committing outright fraud. When Mark Zuckerberg spoke about “connecting the world”, the press used to fawn. In particular, increased mainstream coverage of tech companies makes it possible to have more attention paid to stories about once-niche topics like online privacy.

At an extreme end, though, there is a cynical streak that runs through some reporters’ coverage of the industry that I find squashes nuance and creates inaccuracies. There is one reporter in particular who has embodied this quality as of late: Reed Albergotti of the Washington Post. Previously at the Information and the Wall Street Journal before that, Albergotti has broken great stories about blood doping in cycling and the corrosive culture inside Nest.

But ever since Albergotti landed at the Post, his coverage has seemed increasingly pessimistic — not merely skeptical or journalistically suspicious, just outright negative. That is not to say Albergotti’s reporting is not worth reading — terrific articles about acquisitions in tech and drivers suing Uber spring to mind — but there is a decided lean towards the sensational. When Apple released the first developer preview of the Find My network specification last year, Albergotti mischaracterized it as an especially secretive document and strained to link it to the ultimately fraught Apple–Google joint exposure notification API. A few months later, he said that Apple was trying to “weaken” and “water down” a bill intended to combat forced labour by Uyghurs in China, but the New York Times’ more comprehensive coverage seemed to refute that summary. Then, last month, an article by Albergotti and Ellen Nakashima made it sound like security vulnerabilities in software are mostly fixed because not doing so would be bad P.R.

Which brings us to the latest example. Let’s start with Nick Statt, of Protocol, who has been covering the Epic v. Apple trial. Craig Federighi took the stand today:

When asked about the difference between iOS and macOS security, Federighi said, “Today, we have a level of malware on the Mac that we don’t find acceptable.” Federighi went on to say that malware hidden in apps downloaded from the internet is a “regularly exploited” vulnerability on desktop and that “iOS has established a dramatically higher bar for customer protection,” adding that “the Mac is not meeting that bar today.”

While it is unusual to hear Federighi kind of dis the security of one of Apple’s platforms to defend another, it is also an uncontroversial statement. Of course the Mac is less secure than iPhones and iPads. The Mac is also more capable; those two things kind of go hand in hand — for now, at least. And of course Apple wants to do more to fight malware on the Mac; why would it not want to improve security for its users and, according to Albergotti last month, burnish its reputation?

But check out how Albergotti interpreted this testimony in a couple of tweets:

Craig Federighi, Apple’s own senior vice president of software engineering, just swore under oath that security on Mac computers is unacceptably poor and regularly exploited by malware. Quite surprising to hear coming from one of Apple’s own top officials.

Obviously, this is an attempt to explain why iOS should not be “opened up.” But still there was a time when a key marketing point for Macs was that they are safe and viruses are exceedingly rare. Now, we hear their security is “unacceptable” to the company that makes them.

At no point did Federighi say that MacOS’ security is “poor”, nor did he say that Macs are unsafe. Even in alarmist articles about Mac malware, most reporters are careful to acknowledge that Windows systems are targeted to a degree several orders of magnitude greater. Albergotti’s summary of this part of Federighi’s testimony gives a completely wrong impression, as we can see in the full context posted by Chris Welch of the Verge:

[…] iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today. And that’s despite the fact that Mac users inherently download less software and are subject to a way less economically motivated attacker base. If you took Mac security techniques and applied them to the iOS ecosystem, with all those devices, all that value, it would get run over to a degree dramatically worse than is already happening on the Mac. And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS. Put that same situation in place for iOS and it would be a very bad situation for our customers.

A completely acceptable, succinct explanation of how iOS is more secure, and the trade-offs of security and capability.

But it is in the third and final tweet in Albergotti’s thread where things really kick off:

Of course, Apple is making Macs more like iOS, so Apple knocking its own security on Macs could be an attempt to further “lock down” Macs, pushing out competition.

He links this theory — both literally and figuratively — to his coverage from last year of Apple’s WWDC announcement that it would be transitioning Macs to run on processors of its own design:

Mac users have long been accustomed to downloading software directly from developer websites. By contrast, the iPhone has never allowed that level of freedom. Apps in iOS have to be downloaded through the App Store.

With the same processor base across its devices, Apple seems to be moving in the direction of iOS, where things are more tightly controlled by Apple, said Patrick Wardle, a long time developer of Mac software and principal security researcher for Minneapolis-based software maker Jamf.

“It does kind of just unify their computing platform and does make the transition for this more lockdown model easier to comprehend on Mac,” he said. “Unfortunately, we’re just moving down this path where Apple has complete control.”

I have never understood this line of thinking. Mac developers know they are writing software for an operating system that is only sold as part of Apple’s own hardware sales; MacOS is not available separately. I cannot think of a reason why developer freedom depends on MacOS continuing to run on the x86 instruction set or a commodity processor. To the contrary, MacOS’ security model has been edging closer to one informed by the iOS model for a decade now — entirely on Intel’s processors. For what it’s worth, malware runs natively on M1 Macs running the latest version of MacOS as Wardle found earlier this year. These things do not appear to be inherently tied together.

Which brings me back to Albergotti’s theory from his short Twitter thread. His seems to think that Apple is transitioning to its own processors because it will allow the company to make the MacOS application and security model more like iOS, when those things are entirely independent and Apple has repeatedly stated that it will continue to treat the Mac as a separate family of products. The most obvious proof of that is Apple itself. The company runs on MacOS: it writes software for all of its devices on Macs, so it relies on having at least one platform that prioritizes capability and flexibility over a tighter security model. I do not doubt that Apple will also go to greater lengths to fight malware since any malware in the wild is a problem. But these things do not stack to create the narrative that Albergotti is pushing of absolute control and anticompetitive power across all of Apple’s platforms.

Albergotti is far from the only journalist writing articles and tweets like these. I want to see more critical coverage of the tech industry, just as I would for any large industry. But there is critical and there is cynical, and the latter is just as empty as insufficiently skeptical coverage, or basic “both sides” stories. As tech companies become more valuable and influential, we have never needed higher-quality journalism in this area. I just don’t see that here.

Apple Previews New Accessibility Features Coming Later This Year to iOS, iPadOS, and WatchOS

Apple newsroom:

To support users with limited mobility, Apple is introducing a revolutionary new accessibility feature for Apple Watch. AssistiveTouch for watchOS allows users with upper body limb differences to enjoy the benefits of Apple Watch without ever having to touch the display or controls. Using built-in motion sensors like the gyroscope and accelerometer, along with the optical heart rate sensor and on-device machine learning, Apple Watch can detect subtle differences in muscle movement and tendon activity, which lets users navigate a cursor on the display through a series of hand gestures, like a pinch or a clench. AssistiveTouch on Apple Watch enables customers who have limb differences to more easily answer incoming calls, control an onscreen motion pointer, and access Notification Center, Control Center, and more.

There is a minute-long video demo in this press release that I urge you to see. I have watched it ten times and it never looks like anything less than magic. If it works even half as well in person, it is going to be astonishing for all kinds of use cases. If you the timer on your Apple Watch goes off while you’re cooking, for example, you can stop or adjust it without touching the screen. If you get a call while you are on your bike, just double clench your fist to answer it. Incredible.

By the way, if this is what Apple is showing before WWDC in press releases, imagine what the keynote is going to be like.

Federico Viticci’s Review of the M1 iPad Pro

If you want to know everything about a new iPad, you ask Federico Vittici:

The new 12.9” iPad Pro hits all the right notes as a modular computer that can be a tablet with an amazing display, a powerful laptop, and an extensible workstation; its hardware is a remarkable blend of tablet-first features and technologies first seen on Apple’s line of desktop computers. It’s hard to believe the company was able to deliver all of it in a device that is only 6.4mm thin. However, the new iPad Pro’s more powerful nature doesn’t fundamentally change my daily workflow. At least not with its current version of iPadOS that will (likely) be obsolete in two weeks.

You should read this review, especially for the effort the MacStories team put into testing the new Centre Stage feature.

Viticci had nothing but great things to say about the iPad Pro’s physical hardware and, in particular, its amazing new display. I cannot wait to try one of these things in person.

The thing I keep coming back to, ever since this iteration of the iPad Pro was introduced last month, is that M1 disambiguates the iPad more than you might expect. If these iPad Pro models had exactly the same processor with different branding, there would be all sorts of theories about why the iPad is unable to take advantage of those capabilities in software. But by using the same chip as in all of the M1 Macs — the exact same chip, as Viticci’s benchmarks show — the only possibility for why the iPad is more constrained in software than its Mac cousins is because it is designed that way. There is no other reason.

As another example of this, Viticci praised the Thunderbolt port in concept, but found it somewhat limited in practice. Dieter Bohn of the Verge ran into problems, too:

Another consequence of the M1 is that the USB-C port now supports Thunderbolt accessories. In theory, that’s great. I plugged my iPad into my very fancy CalDigit TS3 Plus Thunderbolt dock and was gratified to see my monitor light up right away. From there, though, I ran into the same old iPad problems.

I have a USB microphone interface hooked into the dock, and for whatever reason I was unable to get any audio out of it on the iPad, just silence. I also tested out some admittedly old LaCie Thunderbolt 2 drives with an adapter and couldn’t get them to show up in the Files app. Oh and just to remind you: the monitor still can only mirror the iPad Pro — it can’t serve as a second display.

This all feels like hardware for an operating system that does not yet exist. But that is, frankly, a little bit what the iPad has felt like for many years, as Viticci points out at the top of his review. We are all waiting and hoping for a version of iPadOS that feels like it can take advantage of the amazing hardware it runs on. But will we get that this year? That is the question we have been asking at least since the first iPad Pro was released in 2015.

Google ‘Experiments’ With Bringing RSS Capabilities Back to Chrome

Google Chrome product manager Janice Wong:

In the coming weeks, some Android users in the US on Chrome Canary may see an experimental Follow feature designed to help people get the latest content from sites they follow. Our goal for this feature is to allow people to follow the websites they care about, from the large publishers to the small neighborhood blogs, by tapping a Follow button in Chrome. When websites publish content, users can see updates from sites they have followed in a new Following section on the New Tab page.

Keeping a site’s RSS up-to-date will ensure Chrome can provide the latest content to users with this experiment. We will provide more guidance to web publishers as we learn and evaluate whether this feature will graduate from an experiment to a broader rollout in Chrome.

This looks like a bare-bones RSS reader baked into Chrome on Android — and that sounds great. I think this improves RSS’ discoverability problem by simplifying the standard to an unambiguous “follow” button. There’s no icon that looks like present-day Wi-Fi symbols, there’s no mention of “RSS” or “XML” or any of that stuff in the interface. That said, it is buried at the bottom of a long menu; you can’t win every battle.

It is, however, utterly hilarious to me that this is being billed as an “experiment”, as though following websites through RSS feeds is somehow novel. TechCrunch went a step further in its coverage and proclaimed that “Google revives RSS”, saying only “diehard news junkies kept holding on to their Feedly accounts and old copies of NetNewsWire” after Google killed Reader in 2013. That link points to the Wikipedia article for NetNewsWire, as though it is some forgotten relic of a medieval Slavic population and not perfectly modern software. What else can we do but worship Google for its undying commitment to the latest and greatest open web standards?

A Few Video Reviews of the M1 iMac

For most new Apple hardware, I look forward to written reviews, but for these new M1 iMacs, I was especially excited for videos. These anodized aluminum colours are going to look different depending on lighting and motion, so they will look best in person, and video gets closest to that experience.

Apple shipped one of each colour iMac to Justine Ezarik, and I think she shows off the depth of colour coordination really well. Marques Brownlee received a blue review unit, and pointed out that the white bezel keeps it looking friendly and is less distracting in actual use.

I really liked Tyler Stalman’s review as well, where he takes the iMac through some of his typical photo and video editing processes. Like all M1 Macs, it seems almost impossibly capable for being an ostensibly entry level Mac.

It is still hard to believe that you can buy Macs today that range from $699 to over $2,600 — if you max out an iMac — and they all feature the exact same processor with maybe one GPU core missing. And, oh, you can buy an iPad with the same SoC too. This radically simplifies the computer buying experience to one based almost entirely on form factor. There is virtually no performance compromise you need to make in choosing between a desktop and a laptop — not like the Intel era.

So, now that the consumer side of the Mac product line has been transitioned to Apple’s own processors, it will soon be time to see what is in store for its more professionally-oriented computers. Exciting times.

Amazon’s Ring Is the Largest Civilian Surveillance Network the U.S. Has Ever Seen

Lauren Bridges, in an editorial for the Guardian:

Data I’ve collected from Ring’s quarterly reported numbers shows that in the past year through the end of April 2021, law enforcement have placed more than 22,000 individual requests to access content captured and recorded on Ring cameras. Ring’s cloud-based infrastructure (supported by Amazon Web Services) makes it convenient for law enforcement agencies to place mass requests for access to recordings without a warrant. Because Ring cameras are owned by civilians, law enforcement are given a backdoor entry into private video recordings of people in residential and public space that would otherwise be protected under the fourth amendment. By partnering with Amazon, law enforcement circumvents these constitutional and statutory protections, as noted by the attorney Yesenia Flores. In doing so, Ring blurs the line between police work and civilian surveillance and turns your neighbor’s home security system into an informant. Except, unlike an informant, it’s always watching.

This is what I meant when I wrote yesterday that there is little meaningful difference between a surveillance system that police can access and one that they outright control.

In tangentially related news, Amazon has indefinitely delayed selling its facial recognition software to police departments. But what difference does it make when Amazon’s client list for Rekognition includes, for example, Utility? It’s a company that sells body cameras to police departments, and its CTO gave this testimonial to Amazon:

Amazon Rekognition video enables us to run proximity ​search within our AVaiLWEB application ​for persons of interest (including missing persons) from a live stream video as well as previously recorded incidents.

What functional difference is there between a private company contracted by a police department to run facial recognition searches using Amazon’s software, and the police department running that search themselves? The line begins to blur.

Apple Is in a Uniquely Delicate Position as It Observes Laws of Escalating Interference in China

Jack Nicas, Raymond Zhong, and Daisuke Wakabayashi, New York Times:

Internal Apple documents reviewed by The New York Times, interviews with 17 current and former Apple employees and four security experts, and new filings made in a court case in the United States last week provide rare insight into the compromises Mr. Cook has made to do business in China. They offer an extensive inside look — many aspects of which have never been reported before — at how Apple has given in to escalating demands from the Chinese authorities.

[…]

Mr. Cook often talks about Apple’s commitment to civil liberties and privacy. But to stay on the right side of Chinese regulators, his company has put the data of its Chinese customers at risk and has aided government censorship in the Chinese version of its App Store. After Chinese employees complained, it even dropped the “Designed by Apple in California” slogan from the backs of iPhones.

This report is pretty damning of the Chinese government’s policies, but its specific highlighting of Apple is on shakier ground. All companies operating in China face the same requirements and must observe the same laws. While Apple is powerful enough to delay and bargain for exceptions, it had to eventually comply, and June is apparently its agreed-upon deadline for storing Chinese users’ data in a government-run data centre.

But, while it is not the only company that is following these rules, it is the only company in such a unique predicament: no company is quite as large, no company of a similar scale has the same outspoken stance on privacy, and no other company relies so much on a supply chain centred in China. If Apple were not involved in hardware and software and services, it would have less complicity but, also, less potential influence. It looks like that balance is tipping in the direction of this combination being a liability in the country.

The Times:

The Chinese government regularly demands data from Chinese companies, often for law-enforcement investigations. Chinese law requires the companies to comply.

U.S. law has long prohibited American companies from turning over data to Chinese law enforcement. But Apple and the Chinese government have made an unusual arrangement to get around American laws.

[…]

Under the new setup, Chinese authorities ask GCBD — not Apple — for Apple customers’ data, Apple said. Apple believes that gives it a legal shield from American law, according to a person who helped create the arrangement. GCBD declined to answer questions about its Apple partnership.

This arrangement has been reported before; what wasn’t clear is why it was structured this way. Now we know. iCloud in China is operated less like an Apple service that occasionally provides access to government demands, and more like a government service for which Apple creates front-end features. Apple even had to use a different kind of encryption in China:

The digital keys that can decrypt iCloud data are usually stored on specialized devices, called hardware security modules, that are made by Thales, a French technology company. But China would not approve the use of the Thales devices, according to two employees. So Apple created new devices to store the keys in China.

According to the Times, Apple says that the encryption technology it uses in China is “more advanced” than used anywhere else. The extent to which that may be true is unclear. It appears to be proprietary, and security researchers interviewed by the Times raised concerns about its design and implementation.

Matthew Green, one of the researchers quoted by the Times, expanded on this in a Twitter thread:

It’s really hard to know what to make of this. There are two good theories:

  1. China does not trust western HSM hardware to keep them safe.

  2. China felt the Thales HSMs were *too* safe, ie they would be difficult to for China to access.

Or, perhaps, both.

I find that much of the reporting on China in the Canadian and U.S. press, in particular, tends to simplify our understanding of the country as “evil” with little nuance. Laws like the local storage requirement are entirely sensible; it is wildly myopic to think that all of our stuff should be stored on U.S. servers. And, as we have seen, the U.S. also surveils its citizens.

But it would be a mistake to equate the two countries’ policies. For a start, only one country’s government is currently committing genocide. I may find it okay that iCloud data is stored in the same country as users, but that is because I live in a country that ranks similarly to the U.S. on freedom indices, if not better. There are many reasons why someone may prefer for their profile to be U.S.-hosted. I certainly find it worrisome that authorities in China have effectively taken control over iCloud data — but that is not unique to iCloud nor Apple in China. It is kind of the same story with the App Store: I do not think regulations that prohibit some kinds of apps are inherently wrong, but while those laws are onerous in China, Apple is not the only company that must abide by them.

I think it is reasonable to argue that Apple ought to pull out of the market instead of complying with these onerous laws that make it complicit in the surveillance and potential persecution of its users in China. That would allow it to maintain its stance that privacy is a fundamental human right, even though it does nothing to change the minds of the Chinese government. But if it were to stop operating in China, it risks the operation of its supply chain — and that is no small compromise. As a former liaison for Apple in China said, there is no real Plan B there — or, perhaps, there was no Plan B. One imagines the situation has shifted enough that there are many contingency plans.

Pentagon Surveilling Americans Without a Warrant, Senator Reveals

Joseph Cox, Vice:

The Pentagon is carrying out warrantless surveillance of Americans, according to a new letter written by Senator Ron Wyden and obtained by Motherboard.

Senator Wyden’s office asked the Department of Defense (DoD), which includes various military and intelligence agencies such as the National Security Agency (NSA) and the Defense Intelligence Agency (DIA), for detailed information about its data purchasing practices after Motherboard revealed special forces were buying location data. The responses also touched on military or intelligence use of internet browsing and other types of data, and prompted Wyden to demand more answers specifically about warrantless spying on American citizens.

This covers a line of thinking that I have never quite wrapped my head around. There would be a mass revolt in the United States — and in many countries, sure, but this is about the U.S. — if people were strongly encouraged to carry around a literal surveillance device that reported the user’s actions directly to the military. What I do not understand is how it is somehow more okay among certain schools of thought if that device is made by a private company, the entire surveillance apparatus is privately owned, and any of those private companies can share or resell the data they collect to any interested party — including the military.

I am not saying I would rather live in a world of constant government surveillance. But, in some twisted sense, it may be preferable: at least there are laws stating what is and what is not permissible. Those laws may frequently be broken, but they at least exist. What laws govern the collection and sale of behavioural data by an ad network? In the U.S., there are very few, and none at the national level.

Spatial and Lossless Audio Coming to Apple Music Next Month at No Extra Cost

Apple’s newsroom:

Apple today announced Apple Music is bringing industry-leading sound quality to subscribers with the addition of Spatial Audio with support for Dolby Atmos. Spatial Audio gives artists the opportunity to create immersive audio experiences for their fans with true multidimensional sound and clarity. Apple Music subscribers will also be able to listen to more than 75 million songs in Lossless Audio — the way the artists created them in the studio. These new features will be available for Apple Music subscribers starting next month at no additional cost.

If you’ve been paying attention to the rumour mill, you might have expected that Apple would add lossless and spatial audio. The surprise is that it will be included with subscriptions at no extra cost, and that is a bold move. Spotify has not announced pricing yet for its lossless tier, but it costs $5 more per month to add lossless audio to a Deezer subscription, and it is a $10 per month add-on with Tidal, which is oddly now owned by Square. Tidal’s high-end subscription also offers Dolby Atmos tracks and spatial audio through Sony’s 360 Reality Audio format.

According to Apple’s FAQ on these new features, Dolby Atmos tracks will play automatically when you’re connected with compatible hardware, including all models of AirPods. The Apple TV is a little more complicated: if you’re using your AirPods, Dolby Atmos will work fine, but Atmos is only available through speakers with the Apple TV 4K with Atmos-compatible hardware.

Apple:

To start listening to Lossless Audio, subscribers using the latest version of Apple Music can turn it on in Settings > Music > Audio Quality. Here, they can choose different resolutions for different connections such as cellular, Wi-Fi, or for download. Apple Music’s Lossless tier starts at CD quality, which is 16 bit at 44.1 kHz (kilohertz), and goes up to 24 bit at 48 kHz and is playable natively on Apple devices. For the true audiophile, Apple Music also offers Hi-Resolution Lossless all the way up to 24 bit at 192 kHz.

Apple says that listening to tracks at 24/192 requires an external USB DAC, which you would probably expect. I still have not seen any evidence that people can actually hear the difference in these extremely high-resolution tracks, probably because their advantages are entirely out of the human range of hearing. It’s a bit like if there were a new display that outputs the full range of the electromagnetic spectrum, not just visible light. At least you won’t be killed by radiation exposure from high-res audio tracks.

Matthew Bolton, T3:

Apple has confirmed to T3 that this equipment, sadly, does not include AirPods Pro or AirPods Max. Both of Apple’s elite headphone models only use the Bluetooth AAC codec when connected to an iPhone, which means they can’t receive the full quality of the Apple Music ‘Lossless’ files, which will be encoded as ALAC (Apple Lossless Audio Codec) files.

[…]

We had hoped that Apple could enable some kind of Bluetooth secret sauce to allow for higher-quality audio over Bluetooth to its top-tier headphones, since the iPhone 12 and AirPods Max all support Bluetooth 5.0, which is theoretically capable of CD-quality audio transmission. But alas, it proved to be wishful thinking. And we presume the forthcoming AirPods 3 will be the same story.

Billboard’s Micah Singleton on Twitter:

AirPods Max also won’t support lossless over the lightning cable, the company tells me. No Sonos support for lossless streaming just yet either.

It appears this is true for all lossless formats on the iPhone over Bluetooth, not just the 24/192 spec and not just the files from Apple Music. (Update: An Apple spokesperson confirmed to me that this is the case.) As best as I understand the Bluetooth audio spec and the codecs in play here, it makes sense, but it is frustrating and looks incredibly silly that Apple’s highest-end headphones are not compatible with Apple’s lossless audio specifications from the Apple Music service.

Focusing on Excellence

Jack Forster of Hodinkee interviewed Thierry Stern, CEO of Patek Philippe:

Some brands have experimented with connected watches. Patek has not. Why?

It’s not our field. Can you imagine? Am I going to fight against Apple, which has nearly the same budget as I do in R&D, except they have five more zeros at the end of it? I can’t compete with that. It’s another way to fabricate watches. We have always been dedicated to mechanical watches, this is what we know and what we enjoy. Working on something electronic may be fun, but it’s not my business. You have to give it to the pro, and I’m not a pro in this type of technology.

Via Om Malik, who writes:

[…] I like that he knows the reason why they are who they are. That understanding has allowed them to grow and be able to create value and desire for their products. I really wish more companies were as focused on their own excellence rather than chasing growth for the sake of growth.

The tech world is full of examples of companies experimenting and trying new things — and that is certainly one way to run a business. But I think there is something more interesting about companies that have a single product or service that they are relentlessly attempting to improve. Patek is an extreme example, but I wish there were more of those.

‘Music Is About to Change Forever’

Eric Slivka, MacRumors:

The Browse tab in the Music app across Apple’s platforms has started displaying a prominent teaser hinting at an upcoming major announcement for Apple Music. Under the heading “Coming soon,” the headline says “Get ready – music is about to change forever.” An accompanying “Tune-In Video” simply shows an animated Apple Music logo.

The animation of the logo certainly suggests 3D space, hinting at something more than the new lossless audio tiers. Intriguing.

It Took Buzzfeed News Just Ten Minutes to Map Out Joe Biden’s Venmo Network

Ryan Mac, Katie Notopoulos, Ryan Brooks, and Logan McDonald, Buzzfeed News:

On Friday, following a passing mention in the New York Times that the president has sent his grandchildren money on Venmo, BuzzFeed News searched for the president’s account using only a combination of the app’s built-in search tool and public friends feature. In the process, BuzzFeed News found nearly a dozen Biden family members and mapped out a social web that encompasses not only the first family, but a wide network of people around them, including the president’s children, grandchildren, senior White House officials, and all of their contacts on Venmo.

[…]

While many critics have focused on how the app makes all transactions public by default, Venmo’s friends lists are arguably a larger privacy issue. Even if a Venmo account is set to make payments private, its friends list remains exposed. There is no setting to make this information private, which means it can provide a window into someone’s personal life that could be exploited by anyone — including trolls, stalkers, police, and spies.

I would love to know why Venmo continues to believe that its financial services app demands a poorer degree of privacy protection than a protected Twitter account. Buzzfeed documents an extraordinary list of proven privacy vulnerabilities that I am sure most people do not think of when they send someone a few bucks. This is not new information; this is basic stuff. And it isn’t like Venmo is some startup that just doesn’t know better — it is owned by PayPal.

The Verge’s Review of Starlink

Nilay Patel, the Verge:

Starlink is a truly remarkable feat of engineering, and the sheer force of will required to make it work as a simple consumer product shines through. It is, however, in everyone’s best interest to consider the trade-offs of having done all this work and putting all these satellites in orbit simply to get internet access. Astronomers and scientists are very mad about this. Starlink should talk to them more.

Second, all the people dreaming of Starlink upsetting cable monopolies and reinventing broadband need to seriously reset their expectations. At best, Starlink currently offers reasonably fast access with inconsistent connectivity, huge latency swings, and a significant uptick in time spent considering whether you can just get out the chainsaw and solve the tree problem yourself.

[…]

And lastly, if you are a telecom executive or regulator in the United States, you have no choice but to see Starlink, its execution, and the unrestrained excitement and hype around it as a direct indictment of your rhetoric and efforts to properly connect this country to the internet over the past two decades. Dishy McDishface is a sign that reads YOU FUCKED UP AND EVERYONE HATES YOU. Read the sign. This is your fault.

My hope is that Starlink reflects a problem that can be resolved with better policy. A big, orbiting, last-ditch, and unscalable response to telecom monopolies that can be fixed if policymakers actually try. In this world, Starlink-like satellite clusters would only be used in very remote areas, like northern Canada.

If this becomes more popular than that — either through American companies like Amazon and Starlink itself reflecting some sort of neocolonial force of space-based internet access, or through regional efforts like those from Russian and Chinese firms, and those are not mutual options — I worry that we will blanket our sky with tens of thousands more satellites to barely make a dent in a problem with many terrestrial solutions. There are billions of people around the world for whom internet access is slow, expensive, and unreliable, or entirely nonexistent. That is not to say that all of the problems of satellite clusters are inherently insurmountable, but they are significant. For example, while Starlink is attempting to solve reflectivity problems, that only works so long as the sky is not densely packed with satellites. Overall, it would be a long-term mistake to privatize internet policy for something that is, realistically, an inadequate solution for the billions of people who are unserved or poorly served by existing ISPs.

Thinking of Advertising as an Apple Service

Benedict Evans:

There’s an old line that everyone in tech is trying to give someone else’s business away for free, and to turn it into a feature of their own product and their own business model. Google gives away a free smartphone operating system to support its ad business, and Amazon gives away free TV shows to support its ecommerce business. Apple’s business model is to sell hardware to around a billion people, bringing in about $200 per user at a 30% gross margin in 2020, then to give away, or sell, a lot of other services on top, both for incremental revenue (about $50 per user at 65% gross margin) and to drive retention.

What kind of services? Well, Apple looks for businesses it can transform with simplicity and control, and take a cut, without owning anything itself, and where it can use that to leverage hardware sales. That worked for music, failed for TV, succeeded massively in smartphone apps and especially games, and has done OK in payments. How about advertising?

I think Evans’ piece is a great assessment of what Apple could be trying to do with its own advertising products and how that correlates with its privacy efforts. But I am sort of stuck on how much of a reversal the advertising market is compared to Apple’s other services.

The billion-or-so iOS users out there want music, apps, and games. They want to buy or use all of those things, creators want to sell all of those things, and Apple wants to take a cut of all of those transactions. Everybody wins or, at least, gets 70% of a win. Also, most payment mechanisms suck — you have to type in your credit card details, maybe verify something, then manage all of the different places where those cards are stored — so it was ripe for the kind of solution Apple can provide.

But ads? People mostly hate ads.

There is always going to be tension between Apple’s premium brand position and its display advertising spots. Different entities work better as ad-supported businesses than alternatives, plenty of companies want to promote their stuff so they want to buy ads, and Apple would surely love to take a cut of each ad placement. But they are all going to be fighting users who, at best, have become numb to advertising. Digital advertising, in particular, has built a reputation of being disrespectful to people: it is abusive to individual privacy, it is rife with fraud, and it has become increasingly obnoxious in its desperate attempts to fight market fatigue.

If Evans is correct and this is the strategy Apple is pursuing, I see the company making a difference on all fronts but still necessarily fighting its users.

Bill C-10 Doesn’t Rein in Web Giants, It Doubles Down on Them

Matthew Hatfield, the Star:

Although Bill C-10 was tabled back in the fall, it only stoked widespread public controversy a few weeks ago when the government astonished observers by removing a crucial exemption for user-generated audiovisual content. This means all of the pictures, video and audio we upload to internet platforms would now be subject to regulation by the CRTC.

Note for my American readers: in most English-speaking places, “tabled” means to propose for discussion, not to delay it.

The government is now backtracking with further amendments to the bill, narrowing the CRTC’s jurisdiction over our user-generated content to only treating it like broadcasting if we’re lucky enough our content’s popular and focusing on “discoverability” — hiding content our feeds would otherwise display to showcase CRTC-defined “Canadian” content.

But the core problem with Bill C-10 hasn’t changed: user audiovisual speech on platforms remains subject to CRTC regulation, a huge leap in government authority over an increasingly central area of our online expression.

None of this takes on web giants, as Guilbeault claims. It’s simply giving the government, CRTC, and big tech even more power over what we can do and see online. And such strict regulations and requirements ensure only the largest platforms can afford to comply — guaranteeing their continued dominance.

Hatfield is not some blanket anti-regulation libertarian advocate. The organization he works for, OpenMedia, works to support regulations that incentivize a privacy-friendly and open web. But Bill C-10 is bad news and desperately needs to be scrapped — or, as my American readers may refer to it, “tabled”.

Canada Still Won’t Commit to Supporting a Coronavirus Vaccine Patent Waiver

Leigh Beadon, Techdirt:

Canada is the biggest hoarder of vaccine pre-orders, having secured enough to vaccinate the population five times over. Despite this, it has constantly run into supply problems and lagged behind comparable countries when it comes to administering the vaccines on a per capita basis. In response to criticism of its hoarding, the government continues to focus on its plans to donate all surplus doses to the COVAX vaccine sharing program — but these promises were somewhat more convincing before Canada became the only G7 country to withdraw doses from COVAX. Despite all this, and despite pressure from experts who explain how vaccine hoarding will prolong the pandemic for everyone, the country has continually refused to voice its support for a TRIPS patent waiver at the WTO.

I cannot imagine what is holding back Canadian support of a waiver on these patents — maybe it is concern over upsetting vaccine suppliers while we are still waiting for deliveries — but it would be inhumane if we remain a holdout when our peers are all vowing to waive intellectual property protections, at least temporarily.