Month: January 2022

Lawmakers Propose Legislation to ‘Ban Surveillance Advertising’ vice.com

Joseph Cox, Vice:

“The Banning Surveillance Advertising Act does what its title suggests. The legislation prohibits advertising facilitators (e.g., Facebook, Google DoubleClick, data brokers) from targeting ads with the exception of broad location targeting to a recognized place (e.g., municipality),” a press release announcing the proposed legislation reads. “The bill also prohibits advertisers from targeting ads based on protected class information and any information they purchase. Violations can be enforced by the Federal Trade Commission, state attorneys general, or private lawsuits,” it adds. The legislation would also prohibit targeted advertisements based on protected class attributes such as race, gender, and religion.

Reps. Anna G. Eshoo of California and Jan Schakowsky of Illinois, and Sen. Cory Booker of New Jersey are the Democratic lawmakers behind the proposed legislation.

Can Duruk:

My hope is that we will look back at the current state of the internet, funded solely by adtech, like when we used asbestos for insulation, lead for toys, and land mines for defense.

There is no chance that this bill becomes law in the U.S., thereby causing the world’s ad tech market to adjust to a better model, but a simple Canadian boy can dream.

U.K. Home Office Launches Anti-Encryption ‘No Place to Hide’ Ad Campaign rollingstone.com

James Ball, Rolling Stone:

The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. One key objective: mobilizing public opinion against Facebook’s decision to encrypt its Messenger app.

The Home Office has hired the M&C Saatchi advertising agency — a spin-off of Saatchi and Saatchi, which made the “Labour Isn’t Working” election posters, among the most famous in UK political history — to plan the campaign, using public funds.

According to documents reviewed by Rolling Stone, one the activities considered as part of the publicity offensive is a striking stunt — placing an adult and child (both actors) in a glass box, with the adult looking “knowingly” at the child as the glass fades to black. Multiple sources confirmed the campaign was due to start this month, with privacy groups already planning a counter-campaign.

Hannah Bowler of the Drum — a publication I had not heard of until I began researching this story specifically, and which does not seem like the most trustworthy source for original information given that it claims to be the “third-biggest marketing website in the world” but does not have a Wikipedia page — speculates that this could also be intended to counter WhatsApp’s “Message Privately” ads. That seems entirely plausible to me. Whatever the case, it launched today.

The Home Office claims that 14 million fewer reports of possible abuse may be filed every year if unspecified social media companies, which clearly refers to Facebook, enable end-to-end encryption. It cites data from NCMEC in making this assertion. But I looked through that organization’s releases and could not figure out from where the Home Office drew its conclusions. The NCMEC says that, in 2020, it received 21.4 million reports (PDF) from platforms like Facebook and Google. Facebook’s platforms provided 20.3 million of those reports; NCMEC does not publish more granular data for Facebook. Perhaps 14 million of those reports were from Facebook and Instagram direct messages — WhatsApp messages are already encrypted — and the remaining six million came from other sources on Facebook’s platforms, like posts and Facebook Groups. But it is entirely unclear, and the “14 million” number appears nowhere I can find on NCMEC’s website. This may be nitpicking, but I think it is important that if we are using numbers to illustrate the scope of a problem, that they should be right.

Everyone who is reading this with some knowledge of end-to-end encryption is surely thinking the same thing: it is awful to know that encrypted messaging can be used for heinous purposes, but it comes with tremendous security and privacy benefits for the rest of us. But this campaign is clearly not for well-informed people, as Ball reports:

One key slide notes that “most of the public have never heard” of end-to-end encryption – adding that this means “people can be easily swayed” on the issue. The same slide notes that the campaign “must not start a privacy vs safety debate.”

What a cynical viewpoint the Home Office and M&C Saatchi must have. Privacy is absolutely a factor, and the Home Office agrees:

[…] End-to-end encryption is valuable technology designed to keep our data and conversations safe. We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy. […]

Unfortunately, the Home Office goes on to ask for an untenable compromise position. The closest we have seen to a middle ground is Apple’s on-device detection of child abuse materials destined for iCloud — and the backlash was so striking that those plans have been indefinitely delayed.

This is a hard problem to contend with, but the solution cannot be to ban anything that does not leave a trail of evidence, as though such an effort would be possible. The rest of us do not want the GCHQ spying on our messages. Besides, it is not as though law enforcement is actually as “in the dark” as they like to claim.

Safari 15 Does Not Respect Same-Origin Policy for IndexedDB, Permitting Extraordinary Cross-Site Tracking fingerprintjs.com

Martin Bajanik, of FingerprintJS:

In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy. Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session. Windows and tabs usually share the same session, unless you switch to a different profile, in Chrome for example, or open a private window. For clarity, we will refer to the newly created databases as “cross-origin-duplicated databases” for the remainder of the article.

I know I just wrote it in the headline, but this is an extraordinary bug. Michael Tsai points to a November 2021 WebKit bug report that has since been access-restricted.

You know what is most wild about this for me? I came across this bug when working on some web development last autumn, but I assumed I must be misinterpreting what I was seeing because there was no way such a critical vulnerability would be so transparently visible. Alas.

According to Bajanik, some patches were committed to WebKit this weekend that should fix this bug. That is the good news. The bad news is that this same bug is present in every implementation of Safari 15’s engine, including every iOS browser since they all use the same engine, and no software updates have been issued to fix this vulnerability.

Update: The updates to MacOS, iOS, and iPadOS that will be released shortly contain a fix for this bug.

Custom 3D Landmarks in Apple Maps justinobeirne.com

Justin O’Beirne:

As part of its 2021 cartographic redesign, Apple replaced 213 of its existing 3D models of landmarks and other venues with new, artist-created models.

[…]

These new custom landmark models are currently available in seven areas: the San Francisco Bay Area, Greater Los Angeles, New York City, London, Washington, San Diego, and Philadelphia.

The San Francisco Bay Area has the most models (60 models total), while the San Diego area has the least (11 models total).

Compare this list against two of O’Beirne’s other catalogues: feature availability in top metro areas and priority countries. I am especially interested in countries with large metro areas and many iOS users, yet with few Apple Maps features. Seoul is located within a country of, according to O’Beirne’s calculations, at least ten million iOS users, but only has a city guide and some landmark icons, and not even the 3D landmarks of London or Washington. It is a similar story in Moscow — Russia has at least 29 million iOS users — and São Paulo — Brazil has an estimated 16 million.

In New York or London, Apple Maps probably feels pretty feature-rich. But elsewhere it is patchier, even in cities like Calgary which are comparatively well-covered. There are surely different teams working on 3D landmarks and more fundamental features but, from a distance, it can feel like Apple is lavishing attention solely on U.S. population centres — and London — and filling in fine details in those cities at the expense of some basic functionality elsewhere. I would love cycling directions, or even some more consistent labelling — a selection of Calgary streets in the same area are referred to as “15 ST SW”, “16TH ST SW”, “EIGHTH ST SW”, and “8 ST SW”. It is eye-opening to know this is considered good coverage for Apple Maps; major commercial areas are not marked on the streets of Paris, not even the Champs-Élysées.

I often wonder if it makes sense that there are basically two major efforts in digitizing the world’s cartography for commercial purposes, and both are fronted by companies based in the same part of the United States. The expense of such a wide-reaching project is surely a hurdle, but it would be great if others could offer a more local solution. Perhaps one reason there is not as much competition in this space is, in part, because iOS users cannot change their default maps app. I am not sure it makes sense to modernize the in-car GPS systems that required a different disc for each region, but I also have to wonder if Apple or Google can deliver worldwide cartography that is accurate and not encumbered by their myriad other business interests.

User-Friendly Diagnostics Should Be a Core Part of Any System eclecticlight.co

Howard Oakley:

Software engineers are hopeless optimists when they design and code only for success. There’s much more to handling errors than displaying a couple of phrases of in-house jargon and fobbing the user off with a magic number. It’s high time that designing error-handling to help the user became a central tenet of macOS.

My only quibble with Oakley’s conclusion here is that it should not be limited to MacOS; I expect better diagnostics across all of Apple’s operating systems. Otherwise, this is spot on.

It is bananas that the best error messages users will encounter are those with an inscrutable code — “the best” because it is at least something which can begin a web search for answers. But a Mac is not a microwave; it has a very large display and can display more information than an error code of a few characters. Worse still are errors which have no information — Oakley’s example is a MacOS installer with the error “This copy of the Install macOS Big Sur.app application is damaged, and can’t be used to install macOS.” has only an “OK” button, as though that is an acceptable response1 — or silent failure where no message is displayed to the user at all.

There is no way this is the best that can be done, nor is it what we should expect out of our ostensibly modern families of operating systems.

  1. Since this is a MacOS installer, a better error message would have an option to fix the application, or at least re-download it in full. ↥︎

‘Modern’ Browsers blog.jim-nielsen.com

Jim Nielsen’s mom could not access a website from her computer or iPad to register for volunteering:

So I looked at the version of Chrome on my parent’s computer. Version 76! I knew we were at ninety-something in 2022, so I figured that was the culprit. “I’ll just update Chrome,” I thought.

Turns out, you can’t. From what I could gather, the version of Chrome was tied to ChromeOS which couldn’t be updated because of the hardware. No new ChromeOS meant no new Chrome which meant stuck at version 76.

But what about the iPad? I discovered that my Mom’s iPad was a 1st generation iPad Air. Apple stopped supporting that device in iOS 12, which means it was stuck with whatever version of Safari last shipped with iOS 12.

So I had two older browsers that couldn’t be updated. It was device obsolescence because you couldn’t install the latest browser.

I ran into a similar issue when I tried booting into Mac OS X Lion — the version that shipped with my 2012 MacBook Air — and found that many websites, including my own, refuse to load because of incompatibilities with modern SSL certificates or HTTPS standards, I think. This laptop is officially obsolete in Apple’s terms; it can only be upgraded to Catalina. It will stop working eventually, but I wonder if the hardware will give out first or if it is more likely that I will sooner be unable to use it for day-to-day tasks.

Even on the most basic of document-based websites, there are technical hurdles that prove the web is little without the right web browser. I like a lot of the work done by the Electronic Frontier Foundation, but one of the quieter drawbacks of its leadership in encrypting the web is that many websites can only be accessed through newer browsers.

Faking an iPhone Reboot blog.zecops.com

ZecOps, a security research company (via Bruce Schneier):

We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown. The user cannot feel a difference between a real shutdown and a “fake shutdown”. There is no user-interface or any button feedback until the user turns the phone back “on”.

To demonstrate this technique, we’ll show a remote microphone & camera accessed after “turning off” the phone, and “persisting” when the phone will get back to a “powered on” state.

This is one of those things that is as clever as it is worrying. Imagine if you thought your iPhone was the target of a spyware attack, so you try turning it off and back on — except your phone never switched off and all of that behaviour was faked. Extraordinary.

More Details Revealed in States’ Antitrust Suit Against Google theverge.com

Russell Brandom, the Verge:

On Friday, a coalition of state attorneys general led by Texas Attorney General Ken Paxton released a new antitrust complaint (PDF) against Google, giving more details into the company’s alleged collusion with Facebook in programmatic ad markets. The filing was first reported by Politico.

… which put the public document behind its paywall, is how that sentence should end. The full docket is on Court Listener, and that would also be an acceptable link. Making people hunt for court filings — or pay Politico, for some reason — is inexcusable.

At least Brandom posted it, and reports:

In one particularly uncomfortable passage, the complaint quotes a 2015 email in which “Google employees expressed fear that Google’s exchange might ‘actually have to compete’ with other exchanges at some point in the future.

Much of the case rests on the concessions Google allegedly made to Facebook in the wake of the Jedi Blue arrangement, including lower fees and longer timeout limits in exchange bidding. One newly unredacted portion of the complaint claims that the concessions gave Facebook a clear advantage in winning auctions.

Tripp Mickle and Keach Hagey, of the Wall Street Journal, document an offence a little more grievous than their refusal to link to the updated filing anywhere in this article:

Google misled publishers and advertisers for years about the pricing and processes of its ad auctions, creating secret programs that deflated sales for some companies while increasing prices for buyers, according to newly unredacted allegations and details in a lawsuit by state attorneys general.

Meanwhile, Google pocketed the difference between what it told publishers and advertisers that an ad cost and used the pool of money to manipulate future auctions to expand its digital monopoly, the newly unredacted complaint alleges. The documents cite internal correspondence in which Google employees said some of these practices amounted to growing its business through “insider information.”

The allegations as presented by the attorneys general make my eyes glaze over a little because of the many acronyms and technologies involved. I should also note they have not yet been tested in court. But if they are true, it means the online advertising duopoly is rigged to the detriment of advertisers, the web, and our privacy. Remember: both Facebook and Google claim they need to build behavioural profiles on each of us for targeting purposes. But they are allegedly exploiting their position to configure the market for their benefit and nobody else’s.

I tried checking for differences between this filing and the last, but no tool I used did a great job because there are so many changes. One little thing I noticed is that Missouri’s Attorney General is a guy named Eric Schmitt. Nice touch.

Update: Leah Nylen put together a good — and mercifully short — Twitter thread about the allegations in that Journal article.

New U.S. ‘TLDR’ Bill Would Require Simplified Versions of Service and Privacy Agreements theverge.com

Makena Kelly, the Verge:

The Terms-of-service Labeling, Design and Readability Act – or TLDR for short – would require websites to provide a “summary statement” for users before they opt in to a terms of service agreement. The statement would summarize the legal jargon into something more easily understood by the average user, along with disclosing any recent data breaches (from the three years) and the types of sensitive data the site may collect. The summary would also explain “whether a consumer can delete their data, and if so, provide instructions on how.”

Cute name. It seems like a generally good thing to provide users with a more digestible version of the painful legal contracts we are expected to read and understand before agreeing to use, well, just about anything.

For the past couple of years, the Verge has tried to help readers see how many terms and conditions are required of devices by including an “Agree to Continue” section in its reviews:

Every smart device now requires you to agree to a series of terms and conditions before you can use it — contracts that no one actually reads. It’s impossible for us to read and analyze every single one of these agreements. But we started counting exactly how many times you have to hit “agree” to use devices when we review them since these are agreements most people don’t read and definitely can’t negotiate.

That is all fine and wonderful. But I am not really sure what meaningful changes will be accomplished by these ideas given what many of us already know about our lack of privacy online. Google, for example, already has a simplified privacy policy. I appreciate the effort, but do most users actually read it? Even if someone does, can they understand the long-term implications of allowing Google to amass a record of your online interactions? Can they change settings before Google begins collecting usage information?

People already have a sense of how much is collected; what they lack is control. Very few people are going to behave differently because they read more privacy policies. It would be a different story if there were restrictions covering the collection and retention of user information and users were allowed to change settings before using a company’s products.

German Company’s Use of Google Analytics ‘Breached GDPR’ theregister.com

Lindsay Clark, the Register:

Datenschutzbehörde, or DSB, has found that a German publisher, not named in the case, was in breach of Article 44 of the General Data Protection Regulation (GDPR) in the use and operation of Google Analytics – commonly used throughout web publishing and ecommerce – because of its movement of personal data to the United States.

In 2020, the EU Court of Justice struck down the so-called Privacy Shield data protection arrangements between the bloc and the US in what is now known as the Schrems II ruling, which has ramifications for US cloud providers, social media sites, and providers of online tools.

Datenschutzbehörde, Austria’s data protection authority, specifically cited the risk of espionage by U.S. intelligence agencies as a reason why this publisher’s use of Google Analytics violates GDPR rules. That is not an unreasonable concern. While users in some countries may benefit from having the protections of the U.S. legal system to avoid domestic overreaches, it is detrimental for users in Canada and many European countries.

An Early Look at Leica’s New M11 dpreview.com

A new Leica flagship means there is a lot to be dreaming of if you are the kind of person who, like me, are charmed by the particular blend of new and classic that only Leica really delivers. And it would not be an “M” camera without some quirks.

Barney Britton and Richard Butler, DPReview:

This USB-C socket can be used for charging the camera and for rapid offload of data, from a memory card or the 64Gb of internal storage built into the camera. The camera comes with an Apple certified USB-C to Lightning lead for connection to iPhones and iPads.

It is a little funny to me that it comes with a USB-C to Lightning cable, even though the Apple device you would probably want to use for editing these massive files is the iPad Pro, which has a USB-C/Thunderbolt port at the bottom. Standards are great, that is why we have so many of them.

Calgary’s own Chris Niccolls and Jordan Drake, also of DPReview, have a lovely video overview, too.

Responsible

I cannot remember controversy over one of Apple’s products like that which it is experiencing from AirTags. Apple is no stranger to controversy, of course — how many “–gate”s have bubbled up over product quality shortcomings, real and exaggerated? — but this is different. It is the first time I can think of where the fundamental function of the product is seen to be causing real harm.

To paraphrase one of the better lines from a mediocre series, Apple has a public relations problem because its product has an actual problem, and its product has an actual problem because the world has a problem. Apple has control over perhaps two of those problem strata; it cannot fix the objectification of women in society. But it should not be releasing products that directly exacerbate those known issues.

You could perhaps make a similar argument about a product like the iPhone: the camera could be used for surreptitious photography, for example. But that is not the sole purpose of the iPhone. It is not like Apple is selling some super tiny camera accessory.

It is also true that this is not specific to AirTags. In addition to the well-known Tile tracker, there are plenty of cheap tiny location beacons on the market, not to mention the ultra-precise GPS trackers available on Amazon and at your local spy and surveillance shop.1

But there is something different when the world’s most valuable company introduces a miniaturized beacon that uses others’ devices as a pinpointing mechanism. I am not sure what it is, but I do not think the specifics matter. I do not think there is much point in getting bogged down in exactly why there is concern about AirTags specifically because the effects are right there: women are finding these things being used to track their location. We can quarrel over specifics and wonder why Tile trackers rarely received this kind of negative press.

But maybe all of this is actually very simple: maybe this just is not something Apple needs to be offering. I know I am a mere observer and that a multi-trillion-dollar — holy shit — company can figure this stuff out but, as a layperson, it really does seem this straightforward. Perhaps there need to be greater protections before Apple could offer these kinds of products once again, but I do not see why it should ever be gambling its reputation on a cheap accessory similar to those already available while providing assistance to terrible people.

There are advantages to the vast Find My network, and perhaps Apple should explore ways to make it more appealing to third-parties. Clearly, Apple thought it could do something different and better here. But I see shades of the live audio chat room in the concerns over AirTags: just because something can be done, that does not necessarily mean it ought to be. In both cases, there are societal-level concerns these products will exacerbate or, at the very least, be an accessory to.

Perhaps the responsible thing is to not launch them at all.

  1. I am not sure how common these are where you live, but there are a couple in Calgary. I get an involuntary neck tilt every time I drive by one of them because it has a big banner outside that reads, simply, Spy Store. Good luck to our local Bonds, Bournes, Hunts, Salts, and Archers. ↥︎

Consistency Sin furbo.org

Craig Hockenberry:

My answer is something I call “consistency sin”. Understanding the cause lets us avoid similar situations in the future.

Your first reaction to this nomenclature may be, “Isn’t consistency a good thing in user interfaces?”

Absolutely! Colors, fonts, and other assets should be similar within an app. Combined they help give the user a sense of place and act as a guide through an interface. And in many, cases these similarities should be maintained across platforms. There’s no sin there.

But you can get into trouble when this consistency starts to affect the user experience.

There is an article about consistency I have been putting together for months and have not figured out a great angle. I think Hockenberry’s piece is what I was trying to write.

Consistency exists on so many levels: within a particular window or area of an application, within the application, between applications from the same company, between applications on the same platform, within the platform, and between platforms — and then, consistency between how elements look and how they work. MacOS would be worse if every button looked completely different, and it would also be worse if everything looked and worked the same as it does in iPadOS. I feel like the era of MacOS we are in now has strayed over that line. Dialog boxes are harder to read; notifications are worse; translucency makes things harder to read. I have not heard a satisfactory justification for any of these changes, but all of the excuses I have seen boil down to consistency. All of these elements have been updated to be more like the way things look and work on iOS and iPadOS, but I do not think that is a laudable goal unto itself.

Facebook Loses Second Attempt to Dismiss FTC Antitrust Case ft.com

Hannah Murphy and Kiran Stacey, Financial Times:

A US judge has denied Facebook’s attempt to dismiss for a second time the antitrust lawsuit brought by the US Federal Trade Commission seeking to force the social media company to unwind its acquisitions of Instagram and WhatsApp.

“Second time lucky?” began the opinion on Tuesday from Judge James Boasberg in Washington, who concluded that the lawsuit, which accuses Facebook of conducting a “course of anti-competitive conduct”, could proceed.

The rejection of Facebook’s motion is a victory for the FTC after its original lawsuit was dismissed by Boasberg last year.

[…]

However, the judge said he would not let the FTC pursue allegations that the company changed its platform policies to cut off services to rivals, because the conduct was too far in the past.

The first version of this suit — the one that was dismissed — was filed in December 2020 under the previous FTC administration. There are many remaining questions about the amended complaint, created under Lina Khan’s leadership, but at least the FTC now has the opportunity to fully vet its concerns.

U.S. Federal Spending on Facial Recognition Tech Expands cyberscoop.com

Tonya Riley, CyberScoop:

In fact, CyberScoop identified more than 20 federal law enforcement contracts with a total overall ceiling of over $7 million that included facial recognition in the award description or to companies whose primary product is facial recognition technology since June, when a government watchdog released a report warning about the unmitigated technology. Even that number, which was compiled from a database of government contracts created by transparency nonprofit Tech Inquiry and confirmed with federal contracting records, is likely incomplete. Procurement awards often use imprecise descriptions and sometimes the true beneficiary of the award is obscured by subcontractor status.

Among the contracts CyberScoop cites is one between the FBI and Clearview AI. Quite a stark contrast compared to countries like Canada and France that have banned the company from operating within their borders or using any citizens’ data.

AirTags Are a Classic Story of a New Technology With Benefits That Are Also Concerns techcrunch.com

Lucas Matney, TechCrunch:

Apple has arranged so much of their wearable product marketing over the last few years on how their devices function in edge use cases. The Apple Watch’s last several generations have focused on health tracking features that could help identify rare conditions or help users in a life-threatening situation. TV commercials have documented the individual stories of users who have found the Apple Watch to be a life-saving tool. With AirTags, there’s potential for some of that same good, but there’s also much more downside. In the next year, we’re undoubtedly going to see examples of AirTags being used in nefarious ways that bundled together serve as the antithesis of one of these Apple Watch commercials. It may end up being a product defined by its gross shortcomings.

AirTags are not a complex product. They are small location beacons — everything that makes them effective for finding lost keys or a stolen bicycle makes them pretty effective for tracking someone’s whereabouts. How does any company correct the course of a product like that? An optional app is insufficient.

The United States’ Most Prestigious Business Publication Addresses ‘Green Bubbles’ wsj.com

Tim Higgins, Wall Street Journal:

That pressure to be a part of the blue text group is the product of decisions by Apple executives starting years ago that have, with little fanfare, built iMessage into one of the world’s most widely used social networks and helped to cement the iPhone’s dominance among young smartphone users in the U.S.

[…]

Apple and other tech giants have long worked hard to get traction with young users, hoping to build brand habits that will extend into adulthood as they battle each other for control of everything from videogames to extended reality glasses to the metaverse. Globally, Alphabet Inc.’s Android operating system is the dominant player among smartphone users, with a loyal following of people who are vocal about their support. Among U.S. consumers, 40% use iPhones, but among those aged 18 to 24, more than 70% are iPhone users, according to Consumer Intelligence Research Partners’s most recent survey of consumers.

Is it 2019 again? That was the last time we had a spate of stories examining the plight of Android users texting friends with iPhones. There was the Fast Company exposé of teenagers’ “distaste” for green bubbles, that thorough investigation by the New York Post into the problem — featuring interviews with exactly one iPhone user who refused to date Android users, and one Android user who felt slighted — and there was Samsung’s ridiculous comeback attempt.

Pause for outrage.

In 2015, Paul Ford wrote a much better version of this argument — in no small part because Ford is an excellent writer:

This spontaneous anti-green-bubble brigade is an interesting example of how sometimes very subtle product decisions in technology influence the way culture works. Apple uses a soothing, on-brand blue for messages in its own texting platform, and a green akin to that of the Android robot logo for people texting from outside its ecosystem (as people have pointed out on Twitter, iPhone texts were default green in days before iMessage — but it was shaded and more pleasant to the eye; somewhere along the line things got flat and mean).

As Ford documents, there have been times when Apple took advantage of this cultural phenomenon. But there are plenty of caveats, one of which Higgins describes in this Journal article:

Apple is not the first tech company to come up with a must-have chat tool among young people, and such services sometimes struggle to stay relevant. BlackBerry and America Online were among the popular online communication forums of past decades that eventually lost ground to newer entrants.

Is something different about today’s messaging services that would make them stickier than their ’90s and ’00s predecessors? AOL is a less fitting comparison; BlackBerry Messenger is the most accurate predecessor to iMessage: for a long time, a BlackBerry device was required to use BBM, and you currently need an Apple device to use iMessage.

Messaging services come and go. Overall, I find it hard to see any specific correlation between device user base and messenger choice. Sure, iOS devices and iMessage are popular in the United States, but it is not the case that both are similarly popular around the world. In Japan, for instance, iOS devices have a higher market share than they do in the U.S., but the dominant messaging service is LINE, the “do-everything platform”. In most other countries, WhatsApp is the messaging app everyone uses regardless of smartphone operating system. In Indonesia, BBM was wildly popular until it was shuttered globally in 2019, even though sales of BlackBerry devices dried up long before. It also depends on which part of a country’s population you are measuring: in Canada, where iOS’ market share is neck-and-neck with Android’s, WhatsApp is not very popular except with new Canadians, 84% of whom use it daily.

I have written before about how iMessage is a platform differentiator for Apple, but I do not think it is as bulletproof as either its biggest fans or extreme antitrust detractors believe. More to the point, I do not know anybody who uses just one messaging service.

Articles like these read mostly as an avenue to show that some young people are sometimes shallow, as most of us probably were at that age. I remember when zipper binders were the trendy item among my peers, or when the popular kids wore Abercrombie and Fitch. If a person refuses to go on a date with someone solely because of the phone they use, that seems more like a red flag that should be avoided.

These sorts of trend pieces seem to mix up cause and effect. I would not read too much into it. Most iPhone users will probably pick another iPhone as their next phone, just as most Android users will probably pick another Android phone. If having a sorted-out messaging platform was such a compelling selling point, you would expect Android users to be leaving the platform in droves. As it turns out, it is probably a small piece of a much larger reason why most people stick with the same platform when they buy a new phone.

On Twitter, the Block Button Is Right There jwz.org

Jamie Zawinski (via Jesper):

Basically, I block someone if they have said something stupid enough to make me want to hit reply and frustratedly explain it to them. We all know that there is no future in sending that reply, but as I said, the struggle is real. So instead I block them, because the chance that this person will ever say something I want to hear is… not large.

But, maybe some day Mr. Firstname Bunchanumbers dot Eth and I woulda been pals. My loss!

And those blocks happen not just for people who have replied to me. If I see your comment, and you’re a dumbass, you get a block. This sometimes leads to perplexed people saying “but he blocked me and we’ve never spoken!” So if that’s you, and it made you sad, my sympathies. But this is a matter of self-defense and one does what one must.

Over the last, say, five years, I have found myself using Twitter’s “block” button more liberally. I have qualms about the default-to-public quality of a Twitter profile, but I also sometimes converse with people who do not follow me, and I often tweet unfinished thoughts which I later reference here. So: public is fine. I also like to hear criticism or disputes with something I have written, and Twitter is a good medium for that.

However, sometimes I will see tweets from people who I simply do not wish to hear from. It does not matter whether they are likely to interact with me in the future; what matters is that I can partly control whether they have the option. So I will block them. It is nothing personal and not necessarily very effective: they can still email me, but at least it requires a little more effort.

This post also introduced me to the excellent MegaBlock service. You connect your Twitter account and then paste a link to a tweet. It will block the author of the tweet and everyone who liked it. Nice.

Some Antivirus Software Now Includes Cryptocurrency Mining krebsonsecurity.com

Brian Krebs:

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Founded in 2006, Avira Operations GmbH & Co. KG is a German multinational software company best known for their Avira Free Security (a.k.a. Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Ariz.-based NortonLifeLock Inc., the same company that now owns Norton 360.

The catch is the software vendor gets a cut of mined cryptocurrency. Now you can build upon the legendary performance characteristics of antivirus software with another background process that helps Avira make some extra money. At least it is opt-in rather than opt-out.