Pixel Envy

Written by Nick Heer.

Archive for May, 2022

Instagram Prioritizes Reels Above All Else in an Attempt to Catch Up to TikTok

Sarah Frier and Brad Stone, Bloomberg:

A company as big as Meta, with 3.6 billion users across Instagram, Facebook, and WhatsApp, has lots of ways to push features on people. Reels now appear in every Instagram user’s feed. Once someone clicks on a Reel, they’re suddenly in a full-screen mode where swiping up or down only gets you to more Reels. This design tweak can be jarring, like turning a corner in a quiet art gallery and finding yourself in the middle of a dance party.

Instagram is planning to take it further, testing a redesign that starts users in full-screen, TikTok-style video mode when they open the app. For Facebook’s lifeline to the youth demographic, this is a major departure. Instagram became a generation’s go-to social app on the strength of its filtered, aspirational lifestyle photography. Now the company is actively killing that identity in the name of beating TikTok, and it might not even work.

I know a couple of people who have been opted into this redesigned feed and it has been a negative experience all around. For anyone posting anything other than Reels, the gradient overlay gets in the way.

Facebook seems to treat Instagram as a hollow shell into which they can jam any app idea they would like to duplicate. That makes it unlike any other social network. Facebook itself, YouTube, Twitter — all of these properties have each retained their core idea while adding new features. But Instagram is jettisoning the way people actually use it in favour of jamming through this embarrassing identity crisis.

Frier and Stone:

TikTok, owned by China’s ByteDance Ltd., is the most-downloaded app in the world. Starting in 2020, Americans spent more time on TikTok than they did on Facebook or Instagram. This year, the app is expected to overtake YouTube. TikTok, which declined to comment on its competition with Reels, instead sent details on its own creator payment program.

TikTok’s growth has been nothing short of extraordinary, with some blame or credit given to existing tech company dominance. TikTok saturated YouTube and Facebook’s platforms with advertising just a couple of years ago, and changing behaviour during the pandemic accelerated its growth path.

If you are someone who is worried about the world’s biggest social media sensation reporting back to an authoritarian surveillance state, you should know that virtually nothing has changed. Every ad network has involvement by shady characters and they have all been privacy hellscapes in their own way. Better polices on privacy and data protection would help. Lawmakers should have been quicker to take action many years ago, but whether numbed by access or the assumption that dominant tech companies would always be American, it is only now being seen as a concern. The best time to take action was years ago; the next best time is now, but any policies enacted will probably be for the wrong reasons.

Google Deja Vu at I/O 2022

Ron Amadeo, Ars Technica:

Google held its I/O conference earlier this month, and for longtime Google watchers, the event felt like a seance. Google CEO Sundar Pichai stepped on stage for his keynote address and channeled the spirits of long-dead Google products. “I’m hearing… something about an Android tablet? And a smartwatch?” he seemed to say.

[…]

Like most Google products in the Sundar Pichai era, what will really matter for all of these resurrections is if Google continues to care about them for several years. Way too many Google products seem to have a one-year roadmap. The company pins 100 percent of its hopes on a project’s initial launch, and the product is canceled if it isn’t an overnight success. Google rarely allows products enough runway to adapt to feedback or convince the “wait and see” crowd. The problem is that Google has burned so many of its early adopters over the years that there are not many of them left.

I wonder whether it is true that Google has few remaining enthusiasts. Who else is buying its Pixel phones, if not for users committed to the company’s specific vision for Android devices? Google’s problem is getting everybody else to care about these products beyond its early adopters, and all of those people need time and evidence of ongoing commitment to buy into that vision too.

FTC Fines Twitter $150 Million for Using Security Features for Targeted Advertising

The U.S. Federal Trade Commission:

The Federal Trade Commission is taking action against Twitter, Inc. for deceptively using account security data for targeted advertising. Twitter asked users to give their phone numbers and email addresses to protect their accounts. The firm then profited by allowing advertisers to use this data to target specific users. Twitter’s deception violates a 2011 FTC order that explicitly prohibited the company from misrepresenting its privacy and security practices. Under the proposed order, Twitter must pay a $150 million penalty and is banned from profiting from its deceptively collected data.

This issue was disclosed by Twitter in 2019, the same year Facebook acknowledged doing basically the same thing.

What It is Like Here

Sometimes, when it seems like there are no words left, a writer finds the last few hundred that feel relevant and right. This post deals with some pretty heavy subject matter, for obvious and painful reasons.

Albert Burneko, Defector:

Those 19 little kids will never get to learn anything else about the world after what this country showed them in the violent, incomprehensible last moments of their lives, when the people who loved them could not protect them or be with them or help them make sense of it. What they learned then, whatever they learned, is the verdict. Watch America decide that this is the only way things can be. Watch it sentence more little kids to abbreviated lives and lonely, terrified, violent deaths. Watch the grownups squabble and roll the dice on every small new person who greets the world with eager curiosity, who doesn’t know better than to just assume that life can be gentle and guided by care. Watch them negotiate each little life against what they want to pretend to believe about some garbled shit written on a piece of parchment 200 years ago by no one who could imagine what happened in that school on Tuesday. This is what it’s like here. […]

It is unsurprising to see many people my age reporting a loss of confidence in lawmakers and political systems that never fail to fail. It is governance being dismantled from the inside, with predictable and devastating results.

Creating Borders Around Data

David McCabe and Adam Satariano, New York Times:

The core idea of “digital sovereignty” is that the digital exhaust created by a person, business or government should be stored inside the country where it originated, or at least handled in accordance with privacy and other standards set by a government. In cases where information is more sensitive, some authorities want it to be controlled by a local company, too.

That’s a shift from today. Most files were initially stored locally on personal computers and company mainframes. But as internet speeds increased and telecommunications infrastructure advanced over the past two decades, cloud computing services allowed someone in Germany to store photos on a Google server in California, or a business in Italy to run a website off Amazon Web Services operated from Seattle.

In authoritarian states, governments use this theory to exercise greater control and surveillance over people. But their behaviour should not be conflated with data sovereignty overall. It is entirely reasonable for individuals to believe their national rights are upheld when it comes to their data, but that has often not been the case. Instead, people individually contract jurisdiction of their photos and location and web history and financial records to companies almost always based in the United States. For many of us, this is a rights regression. This is an unsurprising tidal shift given the U.S.’ notoriously absent personal privacy laws and its exploitative data economy.

Contrary to the Times’ reporting above, a user in Germany is more likely now to have their Google photos stored somewhere closer than a Californian server. Google operates several data centres in Europe. This is not a consequence of GDPR; many of them are older than GDPR’s introduction. Even though internet speeds are faster, latency is still a concern and geographic distance is a significant factor. It would be interesting — albeit niche — if individual users could choose where their data is domiciled, much like corporate users often can.

Apple’s Jane Horvath on Privacy

Jane Horvath, Apple’s chief privacy officer, as quoted by Claire Stern in Elle:

[…] So every day you hear or read about different incursions … advertising is big right now, and I think people would be quite surprised by the amount of data that exists out there in the B2B world about them. That’s something that we’re very much trying to bring to the attention of our customers, not because we want them to make a choice one way or the other, but because we actually want them to be aware of it.

Apple executives are media trained and it is rare for them to stray off-message; this interview with Horvath is not an exception. But I thought this segment was notable for its shift in perspective. Much has been written about the effects of Apple’s recent privacy efforts, such as App Tracking Transparency, from the effects they have on advertisers.

But perhaps not enough attention has been directed toward the insidious data enrichment industry powering business-to-business (B2B) tools. Plenty of software packages for businesses can automatically extrapolate an entire persona from nothing more than an email address or a phone number. Many of them can associate personal and professional identities, therefore erasing any line between the two, and establish a more comprehensive picture of a business’ internal matters. It sounds invasive to normal people, but all of this has been normalized in the business-to-business software world.

Horvath and Apple may be worried about how their devices and software feed this industry, but this is not something that can be restrained by a single company, no matter how large it is. Careful regulation is the only viable path for curtailing these ridiculous privacy abuses.

Elon Musk’s Crash Course

Eric Deggans, NPR:

Like a few other TV projects these days, the documentary zeroes in on the strategy employed by many Silicon Valley leaders to talk up the possibilities of their companies’ products before their achievements are fully realized. It’s a “fake it until you make it” style that allows companies to harness enthusiasm and capital to push toward goals which might otherwise seem impossible to reach.

But Elon Musk’s Crash Course is a straightforward look at the dangers of such an approach when the product involved controls a speeding automobile.

I watched this documentary tonight. Even somewhat passive followers of Tesla’s announcements — myself included — will likely be familiar with much of its contents. But seeing it laid out in a single hour-and-change record is an arresting experience.

One Tesla “Full Self Driving” beta participant was interviewed for the film, and something she said toward the end stuck with me:

There are definitely people who do not agree with Tesla’s approach. I don’t feel that it’s risky. I have never felt endangered, okay?

Setting aside the possibility of some creative editing — I have no way of knowing whether she said these three sentences in this exact order — this made me realize the biggest flaw in this film: it is solely focused on the risks to Tesla drivers. There are certainly several examples of drivers being killed because they were, in the words of several interview subjects, lulled to “complacency” in their cars, perhaps in part by Tesla’s overconfident marketing. But it is the risk to surrounding people that is barely considered in this documentary aside from some video clips at the end.

I would also not feel endangered to be in the driver’s seat of a Tesla on a highway if I treated its automation features as slightly more advanced cruise control. But if I am a cyclist riding in a crappy painted bicycle lane, I certainly hope the Tesla driver I am riding beside does not think their car can drive itself. It is one thing for a driver to be texting behind the wheel of any car knowing full well they are doing something dangerous. It is an entirely different thing if they believe their inattentiveness is compensated for by the car’s cameras and software.

In the U.S., this film can be seen on Hulu; in Canada, it is on Crave.

A Guide For Tech Journalism

Nirit Weiss-Blatt, Techdirt:

Tech journalism is evolving, including how it reports on and critiques tech companies. At the same time, tech journalists should still serve as bullshit detectors and hype slayers. The following tips are intended to help navigate the terrain.

As a general rule, beware of overconfident techies bragging about their innovation capabilities [and] overconfident critics accusing that innovation of atrocities. If featured in your article, provide evidence and diverse perspectives to balance their quotes.

I thought this article and the linked piece by Lee Vinsel, from February 2021, are fair analyses of technology hype and scaremongering. The most headline-grabbing worries are probably inaccurate as they are often based on marketing that is equally wrong. The concerns we ought to be paying attention can be less conspicuous. Similarly, the promises made by tech companies are often hopelessly unrealistic. It does not matter whether they are showing off a new product on a stage or responding to a legal body — they are marketing and spinning, and their claims should be treated skeptically.

The Apple Services Experience Is Not Good Enough

Benjamin Mayo:

They are built to a passing grade, but nothing more. Basic features found in services from rival companies are either lacking altogether in Apple’s apps, or implemented half-heartedly and performance is sluggish. Browsing in Music and TV is painful, with an over-reliance on the infinite scroll. New content is just tacked on the bottom of already long lists. Meanwhile, the navigation bars are blank when they could include simple shortcut buttons and filters to help users navigate and explore. Moreover, these apps feature too many loading states and too much waiting around. They are akin to janky web apps, rather than richly-compelling responsive experiences.

There is more commentary over at Michael Tsai’s site.

This is something I think about a lot, especially as Apple grows Services revenue and competes in more of these markets. Apple’s native apps on these devices simply are not good enough, and that is bananas. The company’s whole thing is that it makes the entire widget, so hardware, software, and services can work seamlessly together. But they do not. They feel brittle, like I am using prototypes where any deviation from a golden path is a risky endeavour.

There are plenty of engineers working hard on all of these products, and there are evidently people who care. The Music app on MacOS is better than it used to be. Alas, it remains a far cry from how it ought to be, and only managers and executives have the power to set quality as a priority.

Every year for the past few, my main hope for WWDC is a renewed emphasis on stability and higher standards. The growth of this segment of Apple’s revenue is impressive, and its web capabilities are way better than they used to be — remember MobileMe? But there is still so far before Apple’s software and, particularly, services reflect the qualities of its thoughtful and elegant hardware.

What a High-Quality Social Platform Looks Like

Josh Kramer, writing at New Public:

What separates a forum like MetaFilter from Quora, Reddit, or even 8chan? The answer is culture — rules and expectations, developed over a long time. To be clear: MetaFilter isn’t good because it has a lot of old rules, it’s good because it has the right old rules. Below, I lay out some unique, interesting qualities that have developed at MetaFilter over the years and how they’ve contributed to a culture that is still thriving after two decades.

Not only does MetaFilter have many rules, its moderators earnestly enforce them; but they do not always get it right and are subject to their own biases. While I generally favour the idea of larger social networks moving their moderation policies closer to those offered by MeFi, the sorts of stories linked to by a commenter on Kramer’s article paint a picture of moderators who sometimes struggle to identify bigoted conversations when it is not immediately obvious.

Going through some of those older threads, another thing becomes clear: complaints about the sensitivity of moderators are as commonplace then as they are now. There are plenty of complaints from users who feel moderators are oversensitive; there are also plenty from people who feel they are not taking an active-enough role. Even the places on the web where conversations are pretty good have a hard time keeping them that way, as a wander through the etiquette and policy feedback area makes clear.

MetaFilter occupies an increasingly niche part of the web — last year, it was forced to cut back on moderation — and I wonder if its approach can be replicated or improved upon elsewhere. It sounds like Twitter’s Birdwatch is an attempt to do something similar.

Grubhub’s ‘Free’ Lunch Program Was a Disaster for Restaurant Workers

Amanda Silberling, TechCrunch:

Between 11 a.m. and 2 p.m. [on May 17], New Yorkers could use a Grubhub promo code to get a $15 discount on lunch. Naturally, restaurants got flooded with an unexpected deluge of orders. According to Buzzfeed, a worker at a Mexican restaurant in Harlem hand-delivered orders herself via Uber, since their in-house delivery driver was too overloaded. An employee at Greenberg’s Bagels in Brooklyn also told Buzzfeed that they received 50 orders in an hour, whereas they typically receive about 10 orders from Grubhub per day.

Across New York City, Grubhub said that it received about 6,000 orders per minute. Within an hour, some users tweeted that the promo code was no longer working, or that restaurants had marked themselves closed to avoid receiving any more orders. All in all, many orders got delayed and/or cancelled, but restaurant workers and delivery drivers were most adversely impacted, struggling to fulfill orders at an impossible rate.

Grubhub says it told restaurant owners about this promotion, but some said they had no idea. Local blogs promoted the deal last week and indicated it was a limited-time and limited-quantity order. But that does not mean restaurants were prepared for this scale — and neither was Grubhub.

Luke Fortney, Eater:

“Between 11 a.m. and 2 p.m., all hell broke loose,” says Max Zumwalt, chef of Hana House, a forthcoming Korean food hall at Borough Hall. The two-story operation, which is currently open for takeout and delivery ahead of its full opening this year, typically receives between 40 and 50 lunch orders on a normal Tuesday afternoon. Yesterday, it received more than 100 in the first 20 minutes of the promotion.

[…]

For some restaurants, more orders didn’t necessarily mean more money. “Even though it was our busiest day ever, we made less money,” Zumwalt says. The Hana House chef says the restaurant’s average order size dropped by about $10, with most people placing orders of $15 or less to make use of the promotion, while he had to refund roughly 15 customers for orders he had already prepared due to technical difficulties on the delivery app.

The tense relationship between delivery app companies and restaurants, where a portion of an order’s value is taken by the company in exchange for providing delivery services, only makes sense for the restaurant if the delivery app upholds its end of the deal. That is, like, Grubhub’s one job and is still unprofitable. On Tuesday, it flunked hard when it ran this promotion. Restaurants scrambled to prepare food for it to sit in the window without a driver to pick it up.

Grubhub surely knew this promotion was causing chaos as it unfolded. It could have restricted orders using the promo code; it already said this was a limited-quantity offer. It could have better-prepared restaurant owners. But Gruhub let this thing unfold in a way that treats restaurants as interchangeable and disposable components of its business instead of the only reason anyone uses the company’s apps. And let us not forget the people who struggled most on Tuesday: underpaid restaurant staff and drivers blamed for late or undelivered food.

Reporting Live From This Glass House

If an advocacy organization is going to report on an astroturfing front group, should it not be more transparent in its own donors? That is a stance I have maintained since I reported a truncated history of donations to the Tech Transparency Project’s parent organization, the Campaign for Accountability. Surely that should be a low bar to clear — acknowledge all significant funders and donors so there is no question about what interests they represent.

In 2020, Tony Romm of the Washington Post reported on Facebook’s involvement in a newly-formed advocacy group called American Edge. Facebook spokesperson Andy Stone said it was one of many funders. But according to new reporting today, that claim does not appear to hold water.

Cat Zakrzewski and Elizabeth Dwoskin, the Post:

[…] But tax records show the organization was founded entirely by Facebook, with a single donation of $4 million between December 2019 and October 2020.

Facebook’s Stone once again replied to the Post’s request for comment, this time saying Facebook provided a “seed grant” to American Edge which now, he says, has many more financial supporters. That is plausible, but it is not yet possible to check since this filing is for its 2019 tax year and it is too new for it to appear in tax documents from other nonprofits.

Of note, the Post did not obtain these tax filings itself. They were provided by the Tech Transparency Project, which is dismayed by this astroturf group advocating for Facebook’s interests and hiding its funders. But there is one little thing that is bugging me, which the Post’s reporters asked the organization about:

“As a nonprofit that solicits donations from the public, we don’t release a comprehensive list of our donors,” said Michelle Kuppersmith, executive director of Campaign for Accountability, who oversees the Tech Transparency Project. “It would be incredibly rare to find a public-facing nonprofit that does so.” Kuppersmith added that they go beyond disclosure requirements for the Tech Transparency Project “because we are acutely aware that tech companies with resort to bad faith ad hominem attacks.”

In its original form, TTP was the Google Transparency Project and received a sizeable donation from legal rival Oracle. Could that be considered a “seed grant”? As I wrote before, I truly do not think the TTP is a front group for rivals of Amazon, Apple, Facebook, and Google, but the Campaign for Accountability steadfastly refuses to release a list of its major funders aside from what it lists on the TTP’s website. It is not a bad faith attack to question the sources of funding relied upon by organizations like the Campaign for Accountability or American Edge; it is a worthwhile cause, especially after their respective histories. As an advocacy group, the Campaign for Accountability should be much more transparent in its funding. It should be better than the organizations it calls out for astroturfing.

Aside from questions about funding, American Edge is an organization that runs ads promoting the advantages for the United States of a tech industry centred in the country. They lean heavily on a national security angle, dragging out former CIA officials and military leadership to warn that regulating American tech companies would permit Russia or China to “win the tech race”. It is not clear where the finish line is.

This fear-mongering and arguably xenophobic argument is a cynical attempt at averting any policy that interferes with the agenda of companies like Facebook. It is a zero-sum game that seeks to avoid new regulation by pointing to countries without similar rules and claiming they will have advantages. But many policy proposals are beneficial for Americans regardless of which company is providing services or where they are located. Better privacy rules, for example, would mean users would share less data with third parties and have less chance of it being exploited. A new report from the Irish Council for Civil Liberties found European internet users had their privacy and web activity exposed to advertisers about half as often as American users.

These ads also nearly make explicit the implicit advantage of an American tech industry unencumbered by stricter privacy rules or antitrust regulations: it makes its own intelligence gathering that much easier. The NSA continues to ingest unimaginable amounts of data produced by people around the world through its wiretapping arrangements. It is not supposed to access anything between Americans, but data generated by foreigners is fair game.

The NSA’s general counsel, Glenn S. Gerstell, used similar language — warning about “los[ing] the digital revolution” to Russia and China — in a 2019 editorial for the New York Times. His concern was the ongoing development of quantum computers and their ability to crack encryption standards. NIST is currently running competitions to develop new standards — standards which, the NSA says, it cannot crack nor do they have any back doors this time. I feel like I have seen this movie before.

It is unsurprising to me that big business has teamed up with influential figures to astroturf their way into minimizing oversight and regulation. These same cynical arguments are heard all the time. I am thankful the Tech Transparency Project was able to document such strong connections between Facebook and American Edge so there is a record of who, exactly, is bankrolling this ad campaign. But I wish we also knew more about the TTP and its parent organization, the Campaign for Accountability. This is an unlikeable story at every turn. At least one of these organizations should be doing a better job than it is now.

Linktree Is Integrating NFTs

Aisha Malik, TechCrunch:

Link-in-bio platform Linktree is the latest company that is looking to integrate NFTs into its service, as the company has revealed a set of new features that will allow creators to showcase their NFTs and “build a community around ownership.” The company says that with this new launch, creators will have new ways to monetize their craft and curate a digital identity. The new features were developed in partnership with NFT marketplace OpenSea.

Surely this explains why it is a billion-dollar company.

Developers on Apple’s Platforms Are Now Able to Increase Subscription Prices Without User Confirmation Once Per Year

Last month, Apple confirmed to Sarah Perez it was testing with Disney a new way for developers to increase the price of subscriptions without requiring user confirmation. Today, Apple launched that capability.

Apple developer news:

With this update, under certain specific conditions and with advance user notice, developers may also offer an auto-renewable subscription price increase, without the user needing to take action and without interrupting the service. The specific conditions for this feature are that the price increase doesn’t occur more than once per year, doesn’t exceed US$5 and 50% of the subscription price, or US$50 and 50% for an annual subscription price, and is permissible by local law. In these situations, Apple always notifies users of an increase in advance, including via email, push notification, and a message within the app. Apple will also notify users of how to view, manage, and cancel subscriptions if preferred.

With all those notifications, it sounds like this is a fair change with reasonable safeguards. But in the paragraph immediately prior, Apple gives the impression that opting back into a cancelled subscription is some kind of arduous process:

Currently, when an auto-renewable subscription price is increased, subscribers must opt in before the price increase is applied. The subscription doesn’t renew at the next billing period for subscribers who didn’t opt in to the new price. This has led to some services being unintentionally interrupted for users and they must take steps to resubscribe within the app, from Settings on iPhone and iPad, or in the App Store on Mac.

If this experience is not so great for someone having to re-subscribe after failing to confirm they are okay with a new price, does it not also mean it is not ideal for someone unsubscribing from an app when they want to reject a price increase?

This is going to make a lot of people upset when their $10-per-month subscription can double within two years without their approval. People are going to remember how they feel when they figure that out. I know exactly how I reacted when my internet provider did that to me.

Scrupulous developers will avoid doing anything too extraordinary, but there are a whole lot of App Store developers abusing subscription pricing today. I think I understand the intent, but I do not like the sound of this.

Google Thanks Procrastinators With Free G Suite Accounts for Non-Commercial Use

Earlier this year, Google announced it would be transitioning “legacy” free G Suite users to paid Google Workspace plans. To its credit, Google’s plans are reasonably priced and it offered a further discount. Unfortunately, the way it handled this transition was a mess.

Ron Amadeo, Ars Technica:

Users being hit by the shutdown faced two options: either suddenly start paying for their accounts, which had been free for years, or lose access to core Workspace apps like Gmail. Users who didn’t want to pay could only export data with Google Takeout, which would download some account data that would become a bunch of cumbersome, local files. Takeout was a terrible option because it makes it difficult to get your data back in the cloud, and you can’t export things like purchased content from Google Play or YouTube.

Google added options to help users transition purchased materials to a standard Google account. But many users of the legacy G Suite offering are individuals and families who just wanted to connect a personal domain to an email provider. There are now many options open to these users at similar price points — Fastmail, ProtonMail, and even Apple have custom domain options — but this sort of thing is just enough of an irritation that it would be nice to avoid it.

I am one of those people. I have had this on my Things “Today” list for months now because I do not understand the concept of today and I do not want to deal with my DNS. I should move things off Google entirely, but its G Suite offerings generally have better privacy protections than its consumer accounts. Plus, I do not want to lose access to Mimestream, a Gmail client I think is the best email app for MacOS.

It turns out my procrastination has been rewarded. Google has updated its transition document to say users like me can retain our free accounts if they are for personal use (via Steve Whitcher):

If you’re using the G Suite legacy free edition for non-commercial purposes, you can opt out of the transition to Google Workspace by clicking here (requires a super administrator account) or going to the Google Admin console. You can continue using your custom domain with Gmail, retain access to no-cost Google services such as Google Drive and Google Meet, and keep your purchases and data.

You will need to take these steps by August 1. Google advises contacting its support team if you are not a procrastinator and already paid to upgrade.

I suppose this is a good reminder that we should move things away from providers like Google who offered free services for a long time, since they are able to take that away at any time. It is unfortunate because Mimestream really is my favourite email application for the Mac, so I am probably going to forget about my own advice and forget about migrating until the next time Google pulls the rug out from under me.

Apple Updated Its Platform Security Guide

Howard Oakley:

Don’t be put off by its title: Apple Platform Security Guide is mandatory reading for all advanced Mac Users, and the only way we get to learn about important details of macOS, iCloud, and much else.

If you prefer this document with a little more gravitas, Apple also provides it in PDF format. Max Zinkus tweeted a thread of notable new sections and updates, like this one:

First interesting deletion in the Messages for Business Chat (those grey iMessage conversations with Apple or a supported business support text line).

May 21: “The Business Chat service never stores conversation history.”

And then May 22: *gone*

This is part of a broader question about whether Apple could switch any iMessage discussion to Messages for Business Chat, which has looser security and privacy standards than peer-to-peer iMessage.

iMessage itself retains a misleading description of its security architecture:

[…] Apple doesn’t log the contents of messages or attachments, which are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple can’t decrypt the data.

This remains true of iMessage in isolation. But Apple’s law enforcement guidelines (PDF) continue to indicate iMessages may be provided by subpoena if iCloud Backups or Messages in the Cloud are enabled.

Farewell to the iPod

Tom Gatti wrote a rather lovely eulogy for the iPod for the New Statesman. I was nodding along until I got to the last sentence of this excerpt, where I think my brain played a subliminal record scratch:

Crucially, the music was yours – made up of albums you owned, whether you’d spent many evenings patiently “ripping” your CD collection to your iTunes (it was lucky I already had a girlfriend by my early twenties otherwise I might have struggled to find one) or spent your disposable income in the infinite aisles of Apple’s digital music store. Of course, there were the illegal downloaders, too – peer-to-peer file-sharing continued long after Napster was shut down in July 2001. But I suspect the music fans who dumped enormous quantities of material onto their iPod for free ultimately regretted it – stuck in an endless scroll of the entire Bob Dylan and Jay-Z back catalogues, they lost sight of what they actually liked.

“Regret”? What is Gatti talking about? Anyone who has immersed themselves in an artist’s catalogue has used that as a jumping-off point and a way to develop their musical taste. If you spend enough time with a single artist, you will go through their highs and lows, their “new sound” album, their “return to form”, their masterpieces, their throwaway tracks. And then you will discover the artists they inspired and drew inspiration from. Piracy, for all its ills, is one reason why any music fan’s library these days has breadth and depth that would be unheard-of in the days of milk crates full of records.

Gatti:

Which is, of course, where we find ourselves today: a digital landscape dominated by Spotify and other streaming platforms, in which music is not exactly free, but not owned either. Instead of a collection that has been expanded and cultivated over years, we have a bottomless pool of recorded music. You can “like” an album and “follow” the artist, but the transaction is so low-stakes that it feels meaningless, and your “library” is not really yours at all.

A low-stakes transaction is a recipe for discovery.

But I do sympathize with Gatti’s other argument: these music libraries do not belong to anyone. For all music customers won by encouraging record labels to drop DRM, the labels clawed their way back with a reverse bargain: anyone can listen to all the music they want for $10 per month. But there is no way for that to be a sustainable business model if all that music could simply be walked off with, so we are back to having DRM-encumbered libraries.

Riccardo Mori:

As I said at the beginning, a device like the iPod touch is rather redundant for the way we consume music nowadays. However, I think a device like the iPod shuffle still makes a lot of sense. Its main characteristics, what made it an ingenious and very successful device back then, still make it an interesting and appealing device today: […]

Tyler Hall:

With all the shit in the world in the last few years, listening to music has become even more of a refuge and safe space for me than it ever was before.

But, for me at least, the incredible technological convergence of every single use-case into a deck of cards-sized pocket super-computer means that when I do want to only listen to music – there are a million beeps, boops, and badges fighting for my attention.

An underappreciated feature of the iPod (because it wasn’t a feature you could market during its heyday) was that it was only an iPod. Not also a mobile phone and internet communicator.

For all the new things added to Apple Music in the past couple years — animated covers, Spatial Audio, a dedicated section for songs that friends have texted me — all I really want most of the time is to put on a record and listen to it uninterrupted. I do not care what device that is on.

Hall bought an Android-based Sony Walkman. I know Sony has a few of these players and I am sort of intrigued by them. Not enough to buy one, though; that is what my turntable is for. Sometimes, I just want to escape and, for me, music provides that venue. I wish the experience on my existing devices were better suited to that. Unfortunately, the incentives for streaming services are not always aligned with these modest goals.

But this does not have to mark the end of the personal music library. The iPod was a signifier of that, but its death — which really happened several years ago; the iPod Touch is more like a stripped-down iPhone than an iPod, but never mind — does not mean personal libraries have to go away. You can still buy music on iTunes, Bandcamp, and elsewhere. Vinyl records often come with download codes. And, yes, there are still plenty of places to acquire music illegitimately. I will keep building my personal music library in a way unencumbered by DRM, without rights negotiation issues, and free of dependence on third-party services. If you care about the music you listen to, I encourage you to do the same.

Email and Password Exfiltration Before Form Submission

Leaky Forms is a new study by Asuman Senol, Gunes Acar, Mathias Humbert, and Frederik Zuiderveen Borgesius (emphasis theirs):

Email addresses — or identifiers derived from them — are known to be used by data brokers and advertisers for cross-site, cross-platform, and persistent identification of potentially unsuspecting individuals. In order to find out whether access to online forms are misused by online trackers, we present a measurement of email and password collection that occur before form submission on the top 100K websites.

These researchers received marketing emails from some of the leaky sites where, I will repeat, they never submitted a form. Their typed email address was captured and whisked into the ad tech and data broker machinery without their explicit consent. When using a U.S.-based crawler to assess these forms, researchers found a greater proportion of incidents (PDF, section 4.3) of email address collection than when they used an E.U.-based crawler, “perhaps due to stricter data protection regulations”.

The worst offenders were, according to researchers, fashion and beauty websites, with shopping and general news sites in second and third places. Notably more private: porn sites, the only category for which not a single one was found to have leaky forms.

Competition Bureau Wants to Block Rogers–Shaw Merger on Wireless Basis Alone

The Competition Bureau earlier this week released a statement objecting to the merger of Rogers and Shaw, to which the providers preemptively responded. Unfortunately, it is entirely focused on the wireless space, which makes sense given the two companies’ firewall avoiding competing in cable TV or internet:

The Bureau’s investigation concluded that the proposed merger would substantially prevent or lessen competition in wireless services.

The Bureau is challenging the merger to shield Canadians from higher prices, poorer service quality and fewer choices which are likely to occur as a result of the merger.

The two providers say they are prepared to jettison Shaw’s wireless division, thereby resolving the Bureau’s concerns.

It is too bad the Bureau cannot seem to nullify the longstanding non-competition agreement between Rogers and Shaw. It cannot force them to compete in the same markets, but it should not permit such a blatant divvying up of the country.

E.U.’s Online CSAM Proposal Compromises Privacy and Is Overbroad

Natasha Lomas, TechCrunch:

The European Union has formally presented its proposal to move from a situation in which some tech platforms voluntarily scan for child sexual abuse material (CSAM) to something more systematic — publishing draft legislation that will create a framework which could obligate digital services to use automated technologies to detect and report existing or new CSAM, and also identify and report grooming activity targeting kids on their platforms.

Lomas reports this is an attempt to unify a splintered set of policies that apply to individual countries within the E.U. but, as written, it appears to require the ability for providers to locally scan the contents of messages and even detect the possibility of minors being coerced, if ordered.

The European Commission has published a guide in question-and-answer format. While it assures there are multiple safeguards, that is not comforting to European Digital Rights, an advocacy group:

The proposal may appear superficially to contain a balanced and proportionate approach. In particular, providers can only be forced to scan on their platform or service if required to do so by a judicial authority, and are subject to a series of safeguards. According to Contexte, many of these safeguards have only been introduced in the last few days, which shows that pressure from the EDRi network and our supporters has had a positive effect.

However, there are several provisions which would indicate that these protections are mainly cosmetic, and that we may in fact be facing the worst-case scenario for private digital communications. For example, providers of services and platforms have to take actions to mitigate the risk of abuse being facilitated by their platform. But they will still be liable to be issued with a detection order forcing them to introduce additional measures unless they have demonstrated in their risk assessment that there is no remaining risk of abuse at all.

Even German child protection advocates are worried this is overbroad. This proposal is one to keep an eye on for its potentially far-reaching consequences.