Month: August 2021

Federico Viticci on Twitter:

Safari in iOS 15 beta 6 features a new address bar at the bottom that sits below page content. A toolbar with buttons is back.

And we can put the address bar back at the top again

These are incremental changes to a big redesign, and I think they create the most successful iteration yet. Bringing the toolbar to the bottom is undeniably a muscle memory breaker, but I think it is worth the cost because it keeps a user’s hands in the same position more often. You can go from scrolling through a webpage to entering a URL without once shuffling the device in your hands.

This new version still has some rough edges. The huge drop shadow around the address bar is a nonstandard effect that confuses me. I guess it is supposed to indicate that the element is floating and interactive, but it creates a kind of blurry grey mess. The drop shadow also visually disconnects the address bar from the page or tab it represents.

The tab organizer is relatively unchanged from past builds, so accessing and using Tab Groups remains a learning curve. There is no obligation to use it, however. If you are a casual web browser, not a lot will change.

I would not be upset if this version shipped tomorrow. If Apple’s goals were to make Safari more thumb-friendly while still feeling familiar, I think this approach is a success. I still think the version of Safari 15 on the iPad and Mac needs to be improved, but this is a welcome set of changes.

Lucas Shaw, Bloomberg:

The most common question customers ask Tim Stokely, the chief executive officer of OnlyFans, is why he doesn’t have an app. Some 130 million people use his service every month to follow fitness instructors, get cooking tips or access nude pictures. But they have to access the service using its website because Apple and Google won’t allow OnlyFans in their app stores.

That’s all about to change. OnlyFans has created an app, called OFTV, that offers videos featuring many of OnlyFans biggest stars. There is a catch, however. There’s no nudity.

For the past couple of months, I have noticed that OnlyFans is attempting to shake its not-safe-for-work image. Cooking videos on YouTube now occasionally have an OnlyFans preroll ad promoting the platform’s food-related creators, and it seems similar ads are on Facebook.

But — and this is just a small thing, but also imagine I am doing a great Columbo impression for something so petty — is this really OnlyFans’ first app? Shaw seems to be under that impression and Bloomberg’s fact checkers seemingly could not dispute that. Shaw’s framing has been picked up by Tubefilter and TechSpot. Mashable apparently spoke independently with OnlyFans and it, too, says that the company “couldn’t launch an app” before now, and the Verge used similar language in its report.

However, it seems that OnlyFans used to have iOS and Android apps, which it promoted on Twitter and linked to on its website. If OnlyFans has been telling the press that this is its first app, that is not true and should have been caught by fact checkers. But if all of these publications have come to that conclusion because there has not been an iOS or Android app for years, that is sloppy work all around.

Maria Bustillos, the Nation (annotation mine):

The very role and meaning of libraries relies on their right to own books, because books that can expire are books that can disappear permanently — books that can be taken away. There is a cultural, a political, even a civilizational danger in this vulnerability that can’t be overestimated.

Sourcing is the glue that holds humanity’s knowledge together,” as Jonathan Zittrain wrote last year [Correction: earlier this year.] in The Atlantic in an article about the Internet’s weaknesses as a cultural archive. When a link disappears, when an online publisher goes out of business, readers, researchers, and scholars will hit a dead end—unless digital libraries are given the same power to archive that traditional libraries have had for centuries. Digital media is recklessly burning its own record to ash behind it, so we need institutions and systems to affirmatively protect and preserve 21st-century knowledge.

So much of the consumer’s digital world seems designed to be a temporary state. DRM attempts to restrict media to a single copy verified every time it is opened. Software licenses make it clear that we only own the hardware and rent everything that makes it valuable. The promise of something like digital copies of books or movies is that they are only ghosts of their physical versions. But so much of what we now create exists solely as bits, and it is all stored in a semi-ephemeral state within the controlled architecture of software and services. I do not think we have come to terms with this, in Bustillos’ words, “cultural […] vulnerability”.

I completely agree with Philip Michaels at Tom’s Guide: Photos in iOS 15 is a great upgrade in lots of little ways. The information card that reveals EXIF data is way better, and I appreciate the better Memories features.

Best of all, for me, is the Photos widget. I cannot remember what it was like in iOS 14, so it might not have changed that much. I added the iOS 15 one to a home screen stack when I installed the first beta and it makes me smile all the time. It somehow manages to surface photos I have not seen in ages but are absolute gems. Not always, but with more consistency than I expected from a robot.

That is the best tip I can leave you with: add the Photos widget somewhere on your home screen. Maybe it will light up your days as often as it has mine.

John Voorhees, MacStories:

Silvio Rizzi, the developer of RSS client Reeder, has released a brand new recipe and cooking app called Mela for the iPhone, iPad, and Mac, which has immediately become my favorite apps for planning and preparing meals. For me, the two essential aspects of an app like this are how it handles adding new recipes and whether it is easy to use while you’re cooking. Mela excels at both.

I have been using Mela for a few days and I could not agree more with Voorhees: it is fantastic. Recipes are laid out beautifully — including in print — there are several ways to import new recipes, and the cooking mode is simply excellent.

Because it is related to Reeder, it also has a feed reader built in. It will intelligently show only the posts that contain recipes. It is very clever, but it also reveals that many popular food websites do not have RSS feeds. For example, Serious Eats used to have one, but it was removed after the site’s redesign. According to a May tweet from Daniel Gritzer, its deactivation was only temporary, but it has not returned since.

Many food websites run on Squarespace. Even if they do not surface an RSS feed, you can try to URL hack your way into getting one by appending ?format=rss to the address. This does not always work. If you run a food blog on any platform and happen to be reading this, please make sure that you enable an RSS feed on your website. It is often something the CMS will generate for you, and it means that great apps like Mela will get even more useful.

Michael Fey of 1Password:

We could support as many versions of macOS as we wanted using Apple’s AppKit framework, but that meant adding another frontend toolkit to the mix. We could go all in on SwiftUI, but that meant reducing the number of operating system versions we could support. We could go all in on the same approach we were using for Linux and Windows, but that made it very difficult to create an app that looked and felt at home on macOS.

Ultimately we decided for a two-prong approach. We would build two Mac apps. One written in SwiftUI that targeted the latest operating systems and another using web UI that allowed us to cover older OSes.


Ultimately we made the painful decision to stop work on the SwiftUI Mac app and focus our SwiftUI efforts on iOS, allowing the Electron app to cover all of our supported Mac operating systems. We could have started over with AppKit as the UI toolkit for our Mac app, but this would have put us significantly behind schedule and also would have added another frontend toolkit to maintain over the long term. This decision came with a big challenge, however, as we knew we still needed to deliver a top-tier user experience on macOS.

Even as someone who does not currently use 1Password, I first found myself irked by the rationale laid out in Fey’s post. As much as possible, customers should not see the impact of financial decisions on a business. When a restaurant is impacted by rising food and labour costs, it can make choices about how to compensate: it can raise prices, reduce the ingredients that go into each dish, or eliminate items. But when I sit down to my meal, I should not feel like something is incomplete or missing.

As I thought more, I realized that being annoyed at Fey’s arguments was only scratching the surface. Yet another Electron app in the lives of many Mac users should be seen as a reflection of the great demand placed on developers by cross-platform availability, and the poor quality of tools to make that happen. 1Password is not a small company — it has nearly 500 employees — and the history of its product indicates that it cares deeply about a great Mac experience. Years ago, when I was a 1Password user, I remember it being among my favourite apps to use. Who knew that something as boring as a password manager could be fun and beautiful? If a company like 1Password feels like the Mac can share an Electron app with Windows and Linux, that seems like a concerning state of affairs.

Jason Snell, Six Colors:

I have to read this as a (gently stated) indictment of the current state of SwiftUI. AgileBits was willing to put in the extra work for iOS, because it’s an important platform and SwiftUI is clearly the future there. But implementing it on the Mac required a lot of duplicate work — and what’s worse, SwiftUI apps aren’t compatible with older versions of macOS. AgileBits was planning on covering the older versions with an Electron version, but once it decided the SwiftUI implementation for the Mac was too much work, it pulled the plug — and now plans to ship an Electron version to all Mac users.

Rich Siegel, in a lengthy Twitter thread about cross-platform frameworks and app efficiency (I have merged several successive tweets and, with editorial discretion, converted these thoughts into paragraphs to make everything easier to read):

Electron is an *extremely* effective way for developers to rapidly bring up an application. It’s a fully functional application framework. It’s as close an expression of the original ideal of “write once, run anywhere” as I can think of. (That term first came out of Sun’s marketing for Java. A lot of us made fun of it back then, mostly because it wasn’t true at the time.) And of course with Electron, you get a common UI/UX for all of your target platforms, deploy everywhere make use of existing Web design and development resources, etc, etc.

But. All of those upsides come at the cost of everything I’ve just finished laying out. And things start to get really sticky, because if you take a survey of the Electron products that have become entrenched in our daily lives, they almost all come from companies that have specific BUSINESS goals for developing them that way.

Siegel’s thread is not specifically about 1Password and, if anything, Snell’s post uses 1Password’s announcement to frame some of the issues facing developers on MacOS. 1Password is merely a symptom of a greater set of issues; Electron is a weak patch on a leaking tire.

I know that Electron has its defenders who might write to me and tell me that I have always been wrong in disliking it and that I should try using better apps like Microsoft’s Visual Studio Code. But I have tried VS Code, and if this is the best that Electron can offer, I do not see why I should retract my criticisms. It is this decade’s Java.

The fact of the matter is that there has never been a good cross-platform framework — not when developers only had to worry about Windows and Mac OS X, and not now when they are trying to cover at least twice as many operating systems. Apple’s attempts — SwiftUI and Catalyst, the latter of which 1Password’s Fey does not mention — have not corrected that problem, and they only cover half of the platforms developers commonly support. When even premiere Mac developers think Electron is the best option they have, it makes me worried.

Eric J. Savitz, Barron’s:

Most of Apple’s ad business consists of App Store search ads. Apple also gets modest revenue — likely under $500 million a year — from ads in the Apple News and Stocks apps. He estimates that Google pulls in about $4 billion in ad revenue a year from Maps, with a user base four times as large as Apple Maps’, suggesting $1 billion a year in potential revenue for Apple. Roku, he says, offers “a helpful precedent” for how Apple can get perhaps another billion from Apple TV. However, dropping ads in Apple Mail, Apple TV+, or Apple’s home screens would likely “irk consumers and undermine Apple’s strongly avowed stance on privacy.”

Ben Thompson in the August 10 episode of Dithering, which I cannot think of a great way to link to, so you will just have to take my word for it:

There’s lots of ways to define privacy, right? Apple’s definition is not the only definition. It’s one that happens to suit them, unsurprisingly. But in Apple’s view: first-party is fine — you don’t share with third parties, right? That’s why they feel justified in doing their own ad service but Facebook’s, for example, is privacy violating. But, also, Apple even there is moving more towards on-device as opposed to in the cloud.

I think these allusions to how Apple’s ad network affects user privacy are a bit of a red herring. Those run by Facebook and Google are happy to vacuum up your specific activities on the web and in apps that include their SDKs, tie it back to your identity, and then sell ads against whatever interests they infer you express. I do not think Apple’s efforts are nearly as intrusive.

Savitz’s analyst source is right about one thing, though: Apple is leaving a lot of money on the table by not placing ads everywhere it could, and I hope it stays that way. Ads in the App Store are fine, I guess, but I would loathe to see ads in Maps or, heaven forbid, the home screen. I could not think of a quicker way to cheapen the Apple brand and destroy product satisfaction. Even speculating on the possibility is the kind of analyst-grade thinking that creates short-term financial gains at the cost of long-term customer debts.

Tobin Richardson, CEO of Matter, the smart home connectivity standards group:

In May of this year, we saw a development path with first devices through certification by the end of the year in 2021. With the completion of several test events and forecasting, our members have updated the schedule to reflect a commitment to ensuring that the SDK, and related tools, are ready to meet the expectations of the market when launched and enable a large ecosystem of interoperable Matter products. Our refined plans include ongoing SDK and certification program development in 2H 2021, targeting a “pre-ballot” version of the technical spec available to members at year’s end. In the first half of 2022, we expect to see the SDK released, the first devices through certification, and our formal certification program opening.

Feels like more of the same story. Who knows? Maybe 2022 really will be when this stuff is adequate for the average person. But that was supposed to be the case for several years now, so I have my doubts.

Joanna Stern of the Wall Street Journal interviewed Craig Federighi about the two new child safety features Apple announced last week. You can watch the interview on YouTube.

Stern and Tim Higgins, Wall Street Journal:

Craig Federighi, Apple’s senior vice president of software engineering, in an interview emphasized that the new system will be auditable. He conceded that the tech giant stumbled in last week’s unveiling of two new tools. One is aimed at identifying known sexually explicit images of children stored in the company’s cloud storage service and the second will allow parents to better monitor what images are being shared with and by their children through text messages.

“It’s really clear a lot of messages got jumbled pretty badly in terms of how things were understood,” Mr. Federighi said. “We wish that this would’ve come out a little more clearly for everyone because we feel very positive and strongly about what we’re doing.”

I am not sure how much Federighi’s explanations are clarifying for those who conflate these features or do not understand their limitations. For example, in the context of saying that Apple distributes the same version of iOS everywhere so there would not be region-specific targeting — more on that later — he said (at 7:25 in the interview) “it’s a single image across all countries”. I understand what a disk image is, but I think it is muddling for a general audience who are trying to understand how this CSAM technology scans picture images.

It is also striking how difficult it is for even a media-trained executive to clearly articulate these features. In Stern’s interview, there are several moments when she has to pause the interview to explain, in layperson terms, what is happening with the assistance of some effective graphics. I appreciate Stern’s clarifications and I understand them to be accurate, but I wish those words came from Apple’s own representative without needing interpretation. I think Apple’s representatives are still using too much jargon.

I am reassured by one of Federighi’s explanations, however. For background, here’s an interview with Apple’s privacy head Erik Neuenschwander by Matthew Panzarino of TechCrunch earlier this week:

One of the bigger queries about this system is that Apple has said that it will just refuse action if it is asked by a government or other agency to compromise by adding things that are not CSAM to the database to check for them on-device. There are some examples where Apple has had to comply with local law at the highest levels if it wants to operate there, China being an example. So how do we trust that Apple is going to hew to this rejection of interference if pressured or asked by a government to compromise the system?

Well first, that is launching only for U.S., iCloud accounts, and so the hypotheticals seem to bring up generic countries or other countries that aren’t the U.S. when they speak in that way, and the therefore it seems to be the case that people agree U.S. law doesn’t offer these kinds of capabilities to our government.

But even in the case where we’re talking about some attempt to change the system, it has a number of protections built in that make it not very useful for trying to identify individuals holding specifically objectionable images. The hash list is built into the operating system, we have one global operating system and don’t have the ability to target updates to individual users and so hash lists will be shared by all users when the system is enabled. […]

I doubt that a singular global operating system means there cannot be country-specific hashes. Even excluding iOS’ spotty international feature availability, there are region-specific concessions made for political reasons. Many countries in the Middle East have blocked VoIP services, though some of those bans were eased in March last year. Russia requires that Apple prompt users to install locally-developed apps and, when I linked to that, I noted several other regional adjustments in China and elsewhere.

But even if it were impossible to target a hash list by country, a singular global operating system would still be concerning. If this feature were rolled out to more oppressive countries that required Apple to include hashes of non-CSAM images in its global database, that would mean accounts could be flagged in any region for including them. Yes, I know there is a human review step as well, but it is still unclear what that looks like and whether there is a possibility of coercion.

Anyway, background of my worries aside, here’s what Federighi explained in the Journal’s interview that reassured me:

Critics have said the database of images could be corrupted, such as political material being inserted. Apple has pushed back against that idea. During the interview, Mr. Federighi said the database of images is constructed through the intersection of images from multiple child-safety organizations — not just the National Center for Missing and Exploited Children. He added that at least two “are in distinct jurisdictions.” Such groups and an independent auditor will be able to verify that the database consists only of images provided by those entities, he said.

It really does seem like Apple is doing all it can to keep this system’s scope narrowed. I appreciate the risks inherent to the capability of local file scanning — even if it is only active on files being uploaded to iCloud — but I feel more assured these databases really will only contain CSAM and nothing more.

These concerns could apply to all cloud storage providers since all of the major ones check for CSAM-matching images, but it is interesting to me how much concern Apple’s approach has generated because of its on-device aspects. If this were an entirely cloud-based feature, I do not think it would be nearly as much anxiety, even though the systems are identical in their results. But because Apple is so focused on using on-device features for privacy reasons, it is requiring iCloud Photos users in the U.S. to sacrifice some control. I do not think it anticipated so much skepticism:

“It’s really clear a lot of messages got jumbled pretty badly in terms of how things were understood,” Mr. Federighi said. “We wish that this would’ve come out a little more clearly for everyone because we feel very positive and strongly about what we’re doing.”


Thomas Claburn, the Register:

Apple has agreed to settle its copyright lawsuit against Corellium, a Florida-based provider of iOS virtual machines and other developer-oriented services.

The iBiz sued Corellium two years ago, after abandoning an attempt to acquire the firm, claiming its virtual iPhones – used for security research and mobile development – infringe its copyrights and violate the anti-circumvention provision (section 1201) of the US Digital Millennium Copyright Act.

I am not kidding when I say that I stopped reading at the second word of the second paragraph as I realized that Claburn had referred to Apple as “iBiz”. It jolted me so much in its early blogging era throwback qualities that I had to go look it up. The Register has only used it once before in a story about MacBook Pro batteries, and the only other prominent Apple-related mentions I could find were in a 2011 CNet April Fools’ Day article — hilarious — and in a ZDNet editorial as a suggested name for a business-focused iPad. The “iBiz Pad” is something Apple is yet to make. I wonder why.

Anyway, it was also one of those words that triggered a foggy memory and, after a bit of digging, I figured out why. In 2005, when Apple’s iWork suite was just a rumour, IGG Software changed the name of its iWork software to iBiz, presumably at Apple’s urging.

I still do not understand why the Register occasionally likes to call Apple “iBiz”. It’s weird.

Distractions aside, this is good news if it does not affect the availability of Corellium’s services. Apple’s abuse of the DMCA to go after this firm was a poor move, and it looked especially bad coming after Apple had attempted to acquire Corellium.

Update: As of August 17, this lawsuit is unsettled.

Sarah Perez, TechCrunch:

Chirp was first introduced in January as Twitter’s first proprietary typeface. In the past, the company had relied on fonts like SF Pro, Roboto and Helvetica Neue for its brand. The goal with Chirp — beyond giving Twitter its own form of visual expression — was to offer a typeface that’s sharp and legible for everyday use, but also one that would allow for more personality, including when put into motion or used for brand advertising.

At the time of its debut, however, Twitter had not yet committed to making Chirp the typeface for its wider product, though the creative director for Twitter’s global brand, Derrit DeRouen, said it was his “personal desire” to do so.

Derrit DeRouen, commenting on Chirp in a January thread:

[…] Grilli Type then brought us a beautiful balance between American Gothics and European Grotesques. Research into early hand cut examples gave us the quirkiness that amplified the display set.

Rounded tittles and punctuation introduce a humanist character. The result is a versatile, contemporary family (82 styles across Standard and Display!) with international sensibilities. It accomplishes exactly what we need and it has made itself the hero of our refresh.

After spending a some time in the official Twitter app today, I think I like Chirp in use. It reminds me of Franklin Gothic — a good version — and, at the weight and size I have set it to, engenders a feeling of precision and clarity that Twitter frankly does not deserve.

If you want a lesson in how to update software, look no farther than Things from the fine people at Cultured Code. They ship big updates more slowly than many other developers, and Things is better for it. This new version adds just a few welcome features.

John Voorhees, MacStories:

Instead of injecting tasks into notes, Things brings a full-featured note-taking solution into version 3.14 of Things. Adding a note to a task isn’t new to Things, but the latest update expands the feature significantly. Using Markdown syntax, you can now create headings, make text bold or italic, and add bulleted and numbered lists, links, code blocks, and highlight text. The formatting is rendered inline, providing a sense of structure and style to notes. For anyone unfamiliar with Markdown syntax, Cultured Code has also created a handy guide.

You can also search within items’ notes, and there’s a better syncing engine on the back-end.

I have been testing this update for a few weeks and it is excellent. I have loads of uses for Things — it is my daily todo list, but it is also where I remember gift ideas, keep track of the kinds of film I have used in my camera, set up a listening list for new albums, and so much more. I also keep loose notes for this website in a Pixel Envy project. Markdown formatting and full item search improve that more complex use case, but adding daily to-dos is as easy and reliable as ever.

Considered updates like these are why I have trusted Things for well over ten years. I know that UI elements will not be moving around and that I will not have to re-learn the app. Cultured Code keeps making improvements without upending my workflow. I appreciate that.

Tim Bray:

Why does this happen? It’s obvious. Every high-tech company has people called “Product Managers” (PMs) whose job it is to work with customers and management and engineers to define what products should do. No PM in history has ever said “This seems to be working pretty well, let’s leave it the way it is.” Because that’s not bold. That’s not visionary. That doesn’t get you promoted


The evidence suggests that for mass-market products used by on the order of 10⁷ people, it’s really difficult to predict which changes will be experienced as stupid, broken, and insulting.

Harsh — but, as someone on the receiving end of these kinds of changes, it often feels true. These changes can sometimes be well-intentioned and constructive, but they are delivered at a rapid-fire pace that is disorientating. Users do not want to learn and re-learn software; they — we — want to edit photos, or browse the web, or send an email. By making workflow-breaking UI changes, software vendors are effectively punishing users for their loyalty.

That is not to imply that things cannot change. The beauty of software is that it can be updated and iterated-upon, and high-speed internet connections mean that updates can be installed without shipping a whole new disk. But the prevalence of automatic updates and the software-as-a-service model means that users have lost information about what will change before they update, and have little control over when a new version is installed. Some vendors have adjusted to this by adding first-run tutorials, but that is not a substitute for making fewer and more careful changes.

Jared Newman, Fast Company:

Those kinds of misfires are common in the smart home world. I’ve had Google Assistant refuse to set alarms or read upcoming calendar events for several days in a row, only to fix itself without explanation. My Ecobee thermostat occasionally gets stuck on a single temperature, requiring a reboot. I’ve had light bulbs inexplicably fail to connect to their hub device. And I’m pretty confident that every Echo speaker owner has experienced Alexa playing the wrong music at least once.

The problem, says Creative Strategies analyst Carolina Milanesi, is that smart home devices haven’t gotten much better at avoiding these problems even as the market edges toward mainstream users. Instead, a proliferation of new devices and use cases has multiplied the ways in which things to go wrong.

I still have no smart home devices. After reading articles like these and Troy Hunt’s adventure in trying to make a HomeKit-connected garage door opener work, I cannot see myself buying one any time soon.

One of the things I think about far too often for my own health is whether software is actually buggier these days, or if I just use more of it in more situations more of the time. I think that there are fewer catastrophic bugs, but there seem to be way more of these smaller problems that often fail silently. They add up, too: I have long felt that the stress of bugs accumulates exponentially, not linearly.

I cannot tell you how little I want to run software updates on my blinds or find that one burner on my stovetop will not turn on because of some Daylight Saving Time bug. This stuff all seems like a burden right now — a failed promise of increased ease and a more automated world, brought to you by Agile-developed software and technologies like Bluetooth. Is it surprising that it sucks so much?

The promises of this world are certainly compelling. Automated blinds, heat, and lighting can help optimize their use for better efficiency. It can make lives better for people with disabilities. These products can solve real problems. But they need to be treated with the respect and care they deserve, not as funny gadgets for people with enough time and technical capability to debug their kettle’s Wi-Fi connection.

I completely agree with Matt Birchler’s list of genuine improvements made to the new version of Safari in iOS 15. I will even add to it: on some websites — like Defector and Wikipedia — the way that the theme-color status bar blends into the page header looks fantastic on the iPhone, and Tab Groups are a welcome addition. I also appreciate that some of the most glaring complaints about the first build, such as the “⋯” button, have been corrected. But there is still so far to go, particularly for the iPad and Mac versions.

In my commentary about Apple’s recently announced child safety initiatives, I have repeatedly stated that the company was already checking hashes of images uploaded to iCloud Photos against NCMEC hashes of known CSAM. I was not the only one who thought this — the same idea was referenced by many others, like in the TidBits FAQ and by Jason Aten, who writes for Inc — but most of us were referencing sources that relied upon reporting from the Telegraph. That article carries this correction:

This story originally said Apple screens photos when they are uploaded to iCloud, Apple’s cloud storage service. Ms Horvath and Apple’s disclaimer did not mention iCloud, and the company has not specified how it screens material, saying this information could help criminals.

This note was appended one day after the Telegraph published its original report — that is, one day after it was cited by numerous other outlets. Unfortunately, none of those reports reflected the Telegraph’s correction and, because the Telegraph has a soft paywall and the title of the article remained “Apple scans photos to check for child abuse”, it is not obvious that there were any material changes to correct. Robinson’s Law strikes again.

Still, that is no excuse. I should have checked the claims of these reports against that original Telegraph article before relaying the same error. I regret not doing that. Please consider this a correction.

Via Michael Tsai who adds:

In any case, this changes how I interpret Apple’s FAQ, as well as speculation for the future. If photo library scanning is new, Apple is not reimplementing a previously working system in a way that is potentially less private (since it could be easily tweaked to scan non-cloud photos). It also seems less likely to imply a switch to making iCloud Photos E2EE. It could simply be that Apple wanted to implement the fingerprinting in a way that took advantage of distributed CPU power. Or that it wanted to avoid having a server scanner that it could be compelled to use. This also explains why Apple only made 265 reports in 2020.

This certainly changes how I read this entire situation.

Om Malik:

Let’s face it: everything Facebook touches eventually turns into an engagement honeypot behind which lies an algorithmic whirlpool designed to suck attention that can be packaged and eventually sold to advertisers. And that is why I am not surprised that Instagram is moving on from its photography roots. And why not: it had to keep up the likes of TikTok, who are sucking attention away from Instagram. Not surprisingly, many photographers feel a little double-crossed. Hey, welcome to Zuck’s Planet.

However, for two big tech refugees, Tom Watson and Stefan Borsje, this is an opportunity: they have created Glass, a photographer-focused community and photosharing service whose primary focus in photos and a community-focused on the art of photography. (For now, it is available only on Apple’s iOS.)

I have only been using Glass for a few hours, but I think it is a wonderful place. It is very much what you make of it: you post the photos you want to show others — with some exceptions — you follow who you want to follow, and your feed is just that combination. You see the most recent images without stuff being algorithmically injected into your feed, and everything feels very carefully considered.

Malik interviewed the two founders. I appreciate this response, from Watson, to a question about what makes Glass different:

But how we are going about implementing features. For example, currently, we don’t have likes. If and when we launch a feature in that vein, it’ll be private. We’ve intentionally avoided any public counts. We don’t want Glass ever to become a popularity contest. We’re not home for influencers. We are a home for photographers.

So, we have focused on comments in Glass, and there’s a big reason for that. We want to spur discussion about the photograph. For example, we highlight EXIF data in our app. That leads to conversations about lenses, for example. We’ve seen some amazing threads happen in our early testing by making comments the primary way to interact with a photo.

Glass really does feel different. It feels like a more creative, slower, and more laid-back kind of place. Instagram was the closest thing there was to a great photo sharing experience for phones. But its evolution into a marketing and video platform has robbed it of that initial charm. Glass does not feel like it aspires to boast a billion users, and it is better for it.

Glenn Fleishman and Rich Mogull wrote an unofficial FAQ for TidBits about Apple’s message filtering and CSAM detecting efforts:

It’s always laudable to find and prosecute those who possess and distribute known CSAM. But Apple will, without question, experience tremendous pressure from governments to expand the scope of on-device scanning. Since Apple has already been forced to compromise its privacy stance by oppressive regimes, and even US law enforcement continues to press for backdoor access to iPhones, this is a very real concern.

On the other hand, there is also the chance this targeted scanning could appease and reduce the pressure for full-encryption backdoors, at least for a time. We don’t know how much negotiation behind the scenes with US authorities took place for Apple to come up with this solution, and no current government officials are quoted in any of Apple’s materials—only previous ones, like former U.S. Attorney General Eric Holder. Apple has opened a door, and no one can know for sure how it will play out over time.

Public arguments about encryption have tended to make the same oversimplification: that encryption and compliance with law enforcement will always be in opposition to each other and, because Apple is in favour of strong encryption, it is on the side of criminal behaviour. Chicago’s former head of detectives John J. Escalante said, in response to Apple’s decision to enable encryption by default, that the “average pedophile at this point is probably thinking, I’ve got to get an Apple phone”, and Escalante was not alone. As it joined the castigation chorus, the editorial board of the Washington Post invented a mythical golden key that would be unavailable to anyone but law enforcement. Unsurprisingly, such a key has failed to materialize.

Apple’s rationale for encrypting devices has nothing to do with protecting lawbreakers and everything to do with protecting customers. It has consistently said that it attempts to prevent unauthorized access to the vast amount of personal information on our smartphones. That means encrypting information in transit to prevent man-in-the-middle attacks, and encrypting at rest to prevent copying files in the case of device loss or theft. But Apple’s use of encryption by default is also a risk as it may mean a legal request cannot be comprehensively fulfilled. The more times that happens, the more often governments will demand that it curtails encryption on its devices.

Apple has since published its own FAQ guide (PDF), given that its initial messaging was confusing and incomplete:

Could governments force Apple to add non-CSAM images to the hash list?

Apple will refuse any such demands. Apple’s CSAM detection capability is built solely to detect known CSAM images stored in iCloud Photos that have been identified by experts at NCMEC and other child safety groups. We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future. Let us be clear, this technology is limited to detecting CSAM stored in iCloud and we will not accede to any government’s request to expand it. Furthermore, Apple conducts human review before making a report to NCMEC. In a case where the system flags photos that do not match known CSAM images, the account would not be disabled and no report would be filed to NCMEC.

Ben Thompson:

The fundamental issue — and the first reason why I think Apple made a mistake here — is that there is a meaningful difference between capability and policy. One of the most powerful arguments in Apple’s favor in the 2016 San Bernardino case is that the company didn’t even have the means to break into the iPhone in question, and that to build the capability would open the company up to a multitude of requests that were far less pressing in nature, and weaken the company’s ability to stand up to foreign governments. In this case, though, Apple is building the capability, and the only thing holding the company back is policy.


[…] instead of adding CSAM-scanning to iCloud Photos in the cloud that they own-and-operate, Apple is compromising the phone that you and I own-and-operate, without any of us having a say in the matter. Yes, you can turn off iCloud Photos to disable Apple’s scanning, but that is a policy decision; the capability to reach into a user’s phone now exists, and there is nothing an iPhone user can do to get rid of it.

Reading Apple’s FAQ underscores the difference between capability and policy as Thompson has written. There is nothing that will prevent this feature from being abused other than Apple’s assurances that human reviewers will verify that the only reason an account has been flagged is because of CSAM — and its reputation is the only thing that backs this promise. Whether you believe it or not probably depends on how much damage to its reputation you think it can sustain. After all, people are buying Apple’s products and services in record numbers even as the company has received criticism for, among other things, having suppliers that use the forced labour of political prisoners. If this system were repurposed for compelled censorship of users in some far-away country, would the damage to Apple’s reputation be sufficient to cause them to change it, or would most of us still buy iPhones?

Some people believe that the mere possibility of this abuse means that this system should not exist, and I think that is a fair argument. But we already know that many governments around the world — from the democratic to the authoritarian — have lined up behind the argument that encryption is too easily abused and needs to be curtailed. I worry that the pressure will eventually build to the point where weakened encryption will be required, and that would destroy the safety of these devices. I would not feel comfortable keeping my credit card details, health records, photographs, or contacts on a smartphone with fundamentally compromised security.

These products and services have become so integral to our lives that there is no perfect solution to address their abuses. The way I see it, Apple’s forthcoming efforts are a reasonable compromise if there were greater third-party oversight. And there is no universally trusted third party. Apple almost has to stake its reputation on the success and reliability of this system, and to not extend it beyond the most heinous of crimes. If these systems get repurposed to fuel something like political censorship or flag copyright infringement in unshared files, I hope the ensuing backlash would be enough to cause real damage at the company and real change, but I hope it never gets to that point. It seems that the mere announcement that Apple will launch these capabilities has bruised its reputation, and its promises to use them solely for good have fallen flat because it so badly flopped its communication.

Andy Greenberg, Wired:

But critics like Johns Hopkins University cryptographer Matt Green suspect more complex motives in Apple’s approach. He points out that the great technical lengths Apple has gone to to check images on a user’s device, despite that process’s privacy protections, only really make sense in cases where the images are encrypted before they leave a user’s phone or computer and server-side detection becomes impossible. And he fears that this means Apple will extend the detection system to photos on users’ devices that aren’t ever uploaded to iCloud — a kind of on-device image scanning that would represent a new form of invasion into users’ offline storage.

Or, in a more optimistic scenario for privacy advocates, he speculates Apple may be planning to add end-to-end encryption for iCloud, and has created its new CSAM detection system as a way to appease child safety advocates and law enforcement while encrypting its cloud storage such that it can’t otherwise access users’ photos. “What Apple is doing here is a technology demonstration,” Green says. “It’s not something they need to scan unencrypted iCloud photos. It’s something you need if the photos you’re scanning are going to be encrypted in the future.”

Greenberg’s article contains the best reporting I have seen on these announcements. It seems that a fair explanation of how Apple’s new approach differs from that used in other CSAM detection efforts is that it happens on the device before the file is ever uploaded. If, as Green speculates, this is to be used to scan files locally that are not destined for iCloud, that is clearly troublesome. But if it is to enable end-to-end iCloud encryption and it is not applied to purely local files, that seems like an overall privacy benefit.

If we follow that line of speculation further, it makes me wonder why Apple would create so much confusion in its communication of this change. Why drop this news at the beginning of August, disconnected from any other product or service launch? Why not announce it and end-to-end iCloud encryption at the same time, perhaps later this year? Perhaps it is because these features have garnered the approval of the NCMEC in statements to Greenberg and internally at Apple despite loudly protested encryption. If that is the case, Apple may demonstrate that it can control the spread of CSAM with its products and services while improving user privacy — if you trust it.

Have you ever looked at your MacOS Big Sur or Monterey desktop and thought this is lovely, but I wish it reminded me more of Windows XP? Well, the pseudonymous Basic Apple Guy has you covered — and with four variants to choose from. The “Evening” style is my favourite, but I think the time-based dynamic option is the way to go. Just drop the HEIC file in /Library/Desktop Pictures/ and pick it from System Preferences.