Written by Nick Heer.

Archive for July, 2022

Apple Adding Ads to App Store Today View and Individual App Listings

Sami Fathi, MacRumors:

As part of those efforts, the first new ad opportunity will be within the Today tab – the front page of the App Store. With Today App Store ads, developers will be able to promote their apps right alongside the daily editorial content by the App Store team. Ads are clearly marked as ads and are distinguishable from the normal editorial App Store stories. The Today tab is the first tab that’s pre-loaded when the App Store app is opened and was introduced as part of the App Store redesign in 2017.

The second new ad placement for developers in the App Store will be directly within app product pages. Ads will appear under the “You Might Also Like” section towards the bottom of the page and will also be clearly marked as ads.

This coverage sounds a little too fluffy to me — too much like it came directly from Apple. It is hard to know for sure because, while this news was reported by several Apple-focused publications including 9to5Mac and Apple Insider, not one of them acknowledged its sourcing. As of writing, this news has not landed on Apple’s Newsroom, or in the news feeds of its Developer or Search Ads sections, nor does it appear on the App Store advertising info page. All three Apple-focused publications also cite in their coverage a corporate presentation to advertisers each says it “obtained” in May claiming 78% of App Store search volume came from devices with ad personalization disabled. Curious.

I wish I were able to provide more context but there is little to add because Apple appears to have used these sites to soften this Friday-grade announcement. I still think it looks really bad for Apple to step up its advertising business while taking reasonable steps to improve users’ privacy against marketing technology companies. I also think advertising in the only venue for native iOS apps is tacky and unbecoming. As a user, I feel like my attention is being squeezed by the company that made my expensive phone, that I pay monthly fees to for additional features, and that takes a cut of the subscriptions I pay developers. I get why there are ads in the App Store and I am sure some developers find them useful. As a user, though, it feels gross.

Instagram Walks Back Its Changes for Now

Casey Newton with the scoop:

Instagram will walk back some recent changes to the product following a week of mounting criticism, the company said today. A test version of the app that opened to full-screen photos and videos will be phased out over the next one to two weeks, and Instagram will also reduce the number of recommended posts in the app as it works to improve its algorithms.

[…]

“For the new feed designs, people are frustrated and the usage data isn’t great,” [Adam Mosseri] said. “So there I think that we need to take a big step back, regroup, and figure out how we want to move forward.”

[…]

But Instagram will temporarily reduce the amount of recommended posts and accounts as it works to improve its personalization tools. (Mosseri wouldn’t say by how much, exactly.)

My own Instagram use went to near-zero after I received these changes. I am surely not representative of the wider Instagram user base, but it does not surprise me that enough people found it revolting to affect the company’s metrics. What I do find notable is the intensity of the backlash: people hated this sudden shift of how the platform looked and worked.

Ashley Belanger, Ars Technica:

Despite all the negative feedback, Meta revealed on an earnings call that it plans to more than double the number of AI-recommended Reels that users see. The company estimates that in 2023, about a third of Instagram and Facebook feeds will be recommended content.

Meta’s earnings call was yesterday, and Instagram announced today that it was reverting the most recent round of changes, so the timing on this may be inaccurate. I would not bet on seeing fewer posts in your feed over the long term from accounts you do not follow; these changes are still coming, just later.

But look at the past few weeks of Meta news and it seems like the company has zero idea of what to do or why people use its products. It made drastic unlikable changes to Instagram; its leadership is panicking over TikTok; its latest public demonstration of its metaverse future is embarrassing and its educational value is less justified than the VR headset in a thirty year old Simpsons clip. Do these decisions look like the product of a focused company that has near-term goals for its future and innovative ideas beyond that? I am not saying Meta is dead in the water, but it sure looks like it is struggling to define what its future looks like for the next few years.

Unplugged Mysteries

Seth Hettena, of Rolling Stone, on Twitter:

Erik Prince’s latest venture is the Unplugged phone, an $850 standalone mobile device with its own app suite that’s being developed in Israel and will allow “patriots to communicate securely.”

Unplugged says it is based in Cyprus.

Prince is best known for founding the mercenary force and training firm Blackwater, now part of Triple Canopy. Blackwater staff murdered fourteen Iraqi civilians in Baghdad in 2007 and wounded another twenty. Those contractors were outrageously pardoned in 2020 drawing condemnation from, among many people, Glenn Greenwald.

It should have raised red flags when Greenwald, according to an emailed invitation from a PR firm, will “be at DEF CON with Unplugged”. The firm says it is offering private meetings with Greenwald at a hotel, according to a screenshot of the message from the PR firm that I am not posting because its recipient deleted its public record. But it was accurately summarized in a tweet from MIT Technology Review reporter Patrick Howell O’Neill:

A PR firm is pitching a DEF CON meeting with Glenn Greenwald who is going to the con “with” privacy phone maker http://unplugged.com. Been a minute since we’ve had a new “government-grade” privacy phone, this one is due to launch Nov 22. Anyone have any thoughts on the phone?

Greenwald responded:

This is all a lie. I have nothing to do with this product. I was asked to speak at DEF CON but haven’t agreed to do that.

But look at all the corporate journalists spreading this lie. This is what they do: once they see you as an ideological enemy, they spread lies with abandon.

Is it a lie? It is not, at least, O’Neill’s lie. I have a copy of the invitation which, unless forged, is offering exactly what O’Neill describes. There could be several ways this proves untrue — Greenwald may not be at DEF CON, for example, or he might be at the conference but not at Unplugged’s behest. Similarly, Greenwald may not be associated with the product, but his tweet does not necessarily preclude involvement with the company.

When I reached out to the PR contact on the invitation, they declined to comment, even about whether they are working for Unplugged. But in an emailed comment, Greenwald told me he has “no fucking idea why the PR firm is claiming this”, further elaborating that he has “not agreed to speak at DEF CON, nor have I scheduled any meeting with these phone people, nor have I been paid anything nor entered into any contract with anyone about any of this.” He acknowledges the “phone people asked if I’d be willing to meet with them to hear about this phone” and was offered a speaking gig by the company, but denies any further involvement with Unplugged or its products.

It seems pretty clear to me that Greenwald is not involved. Why this PR firm says it is facilitating meetings with him or treating him as an affiliate of Unplugged is a mystery to me, too. The best explanation I can think of — and this is entirely speculative — is they hoped Greenwald would agree to such a contract. At present, he says he has not.

But I got this far, so I thought it would be worth exploring the phone a bit. Zach Edwards said it looked like a Vivo phone, but as I started to dig through GSM Arena’s database, it looks more like it resembles a blend of the Xiaomi 11T and the Realme GT Neo.

Most of all, though, the phone resembles the Liberty Ghost Phone, announced in May in a since-deleted tweet — and the relationship does not appear to stop there. Liberty is promoting the Unplugged suite on its own website, and both phones run the Android fork LibertOS which sports “government-grade” security, whatever that means. The specs of the Ghost Phone are nearly identical to those of the Unplugged; the sole difference I can see is the resolution of the main rear camera. Indeed, if you try to pre-order the Liberty Ghost Phone, a notice appears on the shopping cart page advising you to read the full pre-order terms on Unplugged’s website. It is almost enough to make you think these are the same company.

But there is one more thing: Liberty explicitly claims its “phones are never made in China”, and all of the similar phones I can find are made by Chinese firms. To be clear, I cannot find the same claim on Unplugged’s website or marketing materials. But it is odd, right? I just cannot help but wonder what the chances are that two companies make nearly identical phones that seem to be based on devices from Chinese companies, but one of them says theirs is not made in China. I sent a list of questions to Unplugged, but my email went unanswered; I will update this article if I hear back.

If I were in the market for this kind of phone, I would listen to Matt Blaze and not place my trust in either of these companies, regardless of the security audit (PDF) on Unplugged’s website. Liberty and Unplugged may say they offer highly secured devices “[i]ndependent from Google and Apple”, but they are still Android phones with unclear origins and questionable futures. Will Unplugged offer regular updates? Will it even be around in five years? PwC may have audited the device and found few security concerns, but those involved in Unplugged also have close connections with private intelligence firms. I have concerns about that.

One thing this phone has going for it is that it is, at its core, an Android phone. There is a chance the device itself may not be unusable after just a few years even if the company disappears. That is not the case for a comparable product like the Purism Librem 5. (Update: Hacker News user kop316 flagged this as incorrect, as alternative Linux distros like PostmarketOS support the Librem 5. I regret the error.)

And that is all without getting into the issue of whether anyone should support a company that has a working relationship with Erik Prince. I cannot imagine a circumstance where that is even remotely ethical. The massacring of civilians in Nisour Square is just the tip of an iceberg. Prince and his firms have a long and deeply troubling history; Jeremy Scahill’s book about Blackwater is worth reading.

As far as I can tell, Liberty and Unplugged are selling different versions of the same white label phone that run the same fork of Android. Both say they are liberating users from “Big Tech”, both say they offer higher degrees of security and privacy — whether that is true is to be determined — and neither has made any commitments to long-term support. Unplugged is not affiliated with Glenn Greenwald, and the claims of PR people should be tested. Oh, and Erik Prince is just the worst.

Class dismissed.

Update: On August 3, Unplugged responded, kind of.

Changes to iMessage Undo Send and Message Editing in Latest Beta

Federico Viticci:

Some interesting changes to iMessage in iOS 16 beta 4:

  • You can now unsend a message for up to 2 minutes after sending it

  • You can still edit for up to 15 minutes

  • You can make up to 5 edits to a message

  • Recipients can see a log of all edits to a message

After these features were announced at WWDC, many — including domestic violence survivors — expressed concerns about how they be misused. The changes in this latest beta appear to ensure there is a record of previous messages, and stricter limits on both undoing a send and the number of edits that may be made.

It is good to see Apple is taking concerns seriously and making changes as a result of feedback. A lingering vector for abuse is the unsend feature — two minutes is certainly a tight time limit, but many people will see messages as they are received if they have notifications with previews enabled. I hope there is a way to preserve evidence of abuse where it is needed while still allowing users to undo the sending of a message containing a password or intended for a different recipient.

Try Glass

Ben McCarthy:

I should add, I’m a big fan of what the team at @tryglass is doing; a social network that puts photos first, no ads, no algorithms, no competition.

Every time I open it I’m delighted by what I see. That’s more than worth the price of admission.

I am a fan too.

The timing of these Instagram changes is funny — it has been about a year since Glass launched, and I received my reminder from Apple about the annual subscription renewal just a few days ago.

I doubt anyone at Instagram really thinks about Glass, but it has been a reminder to me of why I appreciate the latter platform so much. I post pictures — I am particularly happy with this recent image — and people who follow me see them in their feed. I open the app and I get to see a scrolling gallery of stunning photography from people I follow. Sometimes, I tap on the button beside the main feed view to see non-pushy examples of other users I can follow.

It all sounds so simple — and that is because it does not need to be so complicated.

Update: This is not a sponsored message. Glass is offering a 30% discount for the first year of your subscription to the first ten thousand people who sign up with the cheeky code PIVOT2VIDEO.

Meta Will Be ‘Operating With Increased Intensity’

Two articles today, published within three hours of each other, cover much of the same ground and can be summarized in the same way: Meta is struggling in what it hopes is a transition from several social network businesses to defining the “metaverse”.

First, Alex Heath and David Pierce, the Verge:

[…] As the all-hands escalated, it became clear that Zuckerberg saw that fixing his company’s culture was critical to surviving the tough times ahead. Two years into the pandemic, his company was in a very different, more vulnerable place. It even had a new name.

The days of coddling employees would be over.

“Realistically, there are probably a bunch of people at the company who shouldn’t be here,” Zuckerberg said on the June 30th call, according to a recording obtained by The Verge. “And part of my hope by raising expectations and having more aggressive goals, and just kind of turning up the heat a little bit, is that I think some of you might just say that this place isn’t for you. And that self-selection is okay with me.”

Zuckerberg’s message to employees: sacrifice yourself to Meta or perish. What a choice.

Even if you have little interest in this topic, skim this article for the time lapses made from some fantastic custom ice sculptures. It is worth it.

Mike Isaac, New York Times:

Mr. Zuckerberg, 38, is trying to push his company away from its roots in social networking and center it on the immersive — and so far theoretical — world of the so-called metaverse. Across Silicon Valley, he and other executives who built what many refer to as Web 2.0 — a more social, app-focused version of the internet — are rethinking and upending their original vision after their platforms were plagued by privacy stumbles, toxic content and misinformation.

The moment is reminiscent of other bet-the-company gambles, such as when Netflix killed off its DVD-mailing business last decade to focus on streaming. But Mr. Zuckerberg is making these moves as Meta’s back is against the wall. The company is staring into the barrel of a global recession. Competitors like TikTok, YouTube and Apple are bearing down.

The difference between this and other bet-the-company initiatives — the iPhone also comes to mind — is the completely untested viability of augmented reality. By the time Netflix spun off its DVD rentals business in 2011 — it still offers rentals in the U.S. — the streaming movie market was clearly on an ascendency. Streaming was more popular on Netflix than DVD rentals two years prior, and Netflix was far from the only player: Amazon, Apple, Crunchyroll, and Hulu were all just a few of the established competitors at the time. Apple had a different model — it only offered digital rentals — and Crunchyroll operates in a niche market, but it is not like Netflix was stepping into unprecedented territory by focusing on streaming.

The iPhone, meanwhile, redefined a healthy and growing appetite for more capable smartphones. It was risky because Apple was a much smaller, more fragile company at the time, and its development was expensive. Had it failed, it would have seriously jeopardized the otherwise successful lines of business Apple was in. But it was not risky to bet on the smartphone market generally; Apple considered the product successful if it hit one percent of the market for all cellphones in its first full year, and it did so in a growing market.

Put another way: you saw people fiddling with smartphones in public in 2006, and you may have been using a streaming video service in 2010. But how many of us have really spent time in any kind of metaverse? IDC estimates sales of fewer than eleven million augmented and virtual reality devices last year, and growth to about fourteen million this year. Can Meta or any of the companies developing in this space — including, apparently, Apple — demonstrate why tens of millions more people should add a headset to their growing collection of devices? These are early days, but I have not yet seen a reason or even a compelling concept.

The Consequences of Silence

A powerful piece from Ed Zitron:

Despite growing out of the 2008 financial crisis, Bitcoin has led to the creation of a faster, leaner and crueler crisis of its own, an unregulated hellscape where the elites have found yet another way to get rich off of the backs of regular people’s money. Whatever “noble” goals Bitcoin and cryptocurrency allegedly has or had are irrelevant — cryptocurrency does not generate freedom, it does not democratize finance, it does not create wealth for the majority of people that interact with it, and it has — this is not a “might” — led to billions of dollars of regular people’s money getting burned so that wealthy people can extract liquidity from them.

Zitron cites several of the letters Celsius clients wrote to the court following the company’s bankruptcy filing, and they are heartbreaking. As with so many victims of confidence schemes, many of them can spot warning signs in hindsight. These are smart people who have been lured by the quiet transformation of cryptocurrency from a niche Silicon Valley obsession into a mainstream scam masquerading as a financial instrument. And the most troubling thing of all is recognizing this will happen again because these companies keep getting legitimised by sports sponsorships and casual curiously press coverage.

Update: Molly White:

It’s apparently easy for some people to castigate those who’ve just lost everything by repeating this refrain, in the same way it seems to be easy for some people to only start pointing out the “obvious Ponzi” or “clear scam” projects only after everything crumbles. And it’s tempting, to those steeped in crypto, because it serves to place the blame with the individual, rather than with the platform, the particular segment of crypto that failed, or—God forbid—with crypto and its culture as a whole.

Well said.

China’s Surveillance State Is Causing a Problem With Data Leaks

Karen Hao, Wall Street Journal:

Tens of thousands more databases in China remain exposed on the internet with no security, totaling over 700 terabytes of data, the largest volume of any country, according to LeakIX, a service which tracks such databases.

[…]

All countries struggle to keep their data protected. The U.S. is second to China with nearly 540 terabytes of data left open on the public internet, LeakIX’s analysis shows. China is unique, however, for the comprehensive and sensitive nature of its exposed data — a consequence of the way it centralizes multiple streams of information from government and corporate sources on state-run surveillance platforms.

This is a well-reported story that is absolutely worth your time. Like most Journal articles, I believe it may be paywalled, but I hope you can find a way to read it.

In April, Aric Toler of Bellingcat observed how data Yandex Food was legally obligated to retain, leaked to the web, could be combined with other information to depersonalize it and reveal the names of GRU agents. But the LeakIX chart published by the Journal indicates that Russia, somehow, has fewer leaky servers than China, the U.S., or even Finland.1

It is astonishing to see how much leakier China and the U.S. are compared to anywhere else LeakIX is monitoring. But there are differences: Chinese companies are required by law to store massive amounts information, while American companies often do so based on — please forgive the trite terminology — surveillance capitalist initiatives. Another difference? Given its semi-isolation from much of the rest of the world, the data stored on leaky servers in China is likely domestic, but I would be surprised if that is the case for American servers.

This shows how important data minimization is. If user information is not being stockpiled — for ad targeting or universal surveillance — and unnecessary information is regularly being flushed, there is little to leak. Organizations in authoritarian states do not get to make that decision. Elsewhere, though, it is a choice.


  1. That is not to say it does not have a security problem. Bellingcat has occasionally relied upon Russia’s underground data market. ↩︎

Does Meta Really Want People to Make Things for Its Platforms?

Ryan Broderick:

At best Meta seems embarrassed of the people who make the content that keeps users on their apps. Or, at worst, they seem to hate them. There’s really no other explanation. Creators I’ve spoken to have described a deeply precarious existence in which they have to constantly adjust how they create content by trying to divine what each new algorithmic tweak might mean for how their posts show up in other people’s feeds. They live in constant fear of their pages being “disappeared” for some weird infraction. It sounds like a nightmare. The women eating out of toilets on Facebook aren’t eating out toilets because they like doing it. They’re eating out of toilets because Facebook’s insanely aggressive recommendation engine has pushed their content to ludicrous extremes because it’s constantly over-optimizing its own users. And because TikTok has redefined how social media works and left Meta completely unprepared for a future that’s quickly approaching, they want you eating out of toilets, but, now, it has to be in a Reel.

I imagine part of the reason for Meta’s reluctance to proudly showcase its most popular posts is because they are often junk, spam, or reposted TikToks. Imagine having one of the world’s largest audiences and being embarrassed by what they are seeing, in part because of technical decisions made to maximize user metrics.

‘The Gray Man’ Is a $200 Million Homework Assignment

Movies like “The Gray Man”trailer here — and the truly awful “Red Notice” make me wonder about the tight spot Netflix finds itself in.

Most of Netflix’s competitors are owned by studios with deep libraries of intellectual property and no incentive to license the most valuable examples. The remainder are a grab-bag: because Apple is reliant on original material, it has been selectively developing programming of a higher calibre; Amazon, meanwhile, bundles its video streaming with free shipping on Amazon purchases, and it is hard to tell how serious it is about its long-term interest. (Update: Alex reminded me that Amazon bought MGM Studios, which I completely forgot about. So, to correct: yes, Amazon is very serious about video.)

Netflix, meanwhile, looks like it is often throwing money at the wall and seeing what sticks. That is not a phenomenon unique to Netflix, for sure, and it has plenty of good shows too. Serial productions like “Stranger Things” and “Sex Education” have been well received, and it has released films like “Tick, Tick, Boom!” and “Uncut Gems”. But these are all over the place. What does a “Netflix movie” look like? Actually, that seems unfair — a lot of stuff on Netflix looks like it has been put through the exact same team of cinematographers, colourists, editors, and visual effects producers. Here is a better version of that question: who is Netflix making movies for?

It seems like many of its highest-profile movie releases are expensive attempts to justify the monthly subscription price. Not necessarily why it is worth paying twenty dollars every month, just something to keep your eyes busy so you do not unsubscribe until the next season of “The Crown” is released. It is all just content at its most empty definition. Much of Netflix’s original library feels like a much more expensive version of 1990s direct-to-video dreck. Maybe the nonstop drumbeat of action movie franchises, including those of comic book characters, have just sapped me of the energy to enjoy yet another hero-endures-explosions plot, but it is wild that many of these wildly expensive movies are so perfunctory.

The American Data Privacy and Protection Act

Gilad Edelman, Wired:

Now comes an even bigger surprise: A new version of the ADPPA has taken shape, and privacy advocates are mostly jazzed about it. It just might have enough bipartisan support to become law — meaning that, after decades of inaction, the United States could soon have a real federal privacy statute.

Perhaps the most distinctive feature of the new bill is that it focuses on what’s known as data minimization. Generally, companies would only be allowed to collect and make use of user data if it’s necessary for one of 17 permitted purposes spelled out in the bill — things like authenticating users, preventing fraud, and completing transactions. Everything else is simply prohibited. Contrast this with the type of online privacy regime most people are familiar with, which is all based on consent: an endless stream of annoying privacy pop-ups that most people click “yes” on because it’s easier than going to the trouble of turning off cookies. That’s pretty much how the European Union’s privacy law, the GDPR, has played out.

If this law is as described and passes more-or-less intact, it could fundamentally reshape the economy of the web and be a model for the rest of the world.

The Electronic Frontier Foundation is “disappointed”:

We have three initial objections to the version that the committee passed this week. Before a floor vote, we urge the House to fix the bill and use this historic opportunity to strengthen — not diminish — the country’s privacy landscape now and for years to come.

The Foundation is concerned about rollbacks of FCC authority, poor individual right to action reform, and the preemption of state laws by this national law. The latter is a particularly fraught matter: a federal regulation simplifies compliance, reduces reliance on weak state-level laws lobbied for by tech companies, and improves international competitiveness, but it could mean privacy rollbacks for those in states with more stringent laws. The Foundation points to a few examples, undermining Edelman’s claim that “it goes further than any of the state laws it would preempt — even California’s”.

Look out for reactions to this bill from technology company front groups like the Competitiveness Coalition and American Edge. Both have been focused on the American Innovation and Choice Online Act — perhaps an indication of tech companies’ priorities — but keep an eye out. The Interactive Advertising Bureau unsurprisingly opposes the law, saying it would “impose heavier regulations than any state currently does” — a demonstrably untrue claim.

Alberta Legislator Who Tested Security of Provincial Vaccine Website Facing Possible Fine

Janice Johnston, CBC News:

[Edmonton-South West MLA Thomas] Dang has said that last September, a computer-savvy constituent contacted him with concerns about potential vulnerabilities on the newly launched Alberta Health vaccine portal.

According to a court document, Dang told RCMP in a January interview that as an MLA with experience in cybersecurity it was his duty to ensure the system was secure. But an Edmonton cybersecurity expert disagrees.

[…]

Between Sept. 19 and 23, Dang’s computer program made 1.78 million queries using [Alberta Premier Jason] Kenney’s personal information. Dang admitted to RCMP and later during a news conference that the queries were randomly generated guesses aimed at revealing the premier’s health-care number.

This is clearly an unethical, unsanctioned security test for which Dang is lucky to not be facing criminal charges. But it is utterly shameful it was possible to test 1.7 million queries against the vaccine portal in four days, which works out to about five or six guesses every second.

I tweeted in support of Dang but I can also see how bad this looks for the security industry. The Government of Alberta does not run a bug bounty program, so there is no presumptive authorization for testing the security of its public systems. Dang, even if well-intentioned, had no permission to try this.

Even so, preventing brute force attacks is a bare minimum level of security anyone should expect. In attempting to build a proof-of-vaccination system, the Alberta Government created an automatic health number and identity validator. It is impossible to say how long this would have remained a problem had Dang not raised the issue as early as he could, but it is worrisome it was released this way in the first place.

Dang says he will not run for re-election; his term in office ends in May 2023.

MacOS Monterey 12.5 Still Does Not Let Users Check Charging Bluetooth Device Status From the Menu Bar

Howard Oakley:

I have also tested 12.5 for two bugs that I have been tracking. I regret to report that it doesn’t fix either:

[…]

Recharging Apple wireless input devices blocks their charge being reported in the Bluetooth menu, so the only way to tell when they’re fully charged is to stop recharging.

The best explanation I have seen for this behaviour is found in the comments of Oakley’s post: because the device is communicating over USB and not Bluetooth, it would be incorrect to show its charge status in the Bluetooth menu. But — and apologies to the author of that comment — that still does not make sense because the charge status is shown in System Preferences under the Bluetooth preference pane.

Because I only charge my Magic Trackpad every few weeks, it is the kind of thing I forget about until I want to check the charge status, and then remember I have to dive into System Preferences. I remain surprised this has not bothered one of Apple’s engineers so much that they committed a patch for it themselves, consequences be damned. If you are running MacOS Ventura, please let me know if this has been fixed.

Deadline Passes for Tech Companies to Register With Indonesian Ministry of Communication and Information

Oliver Telling and Cristina Criddle, Financial Times:

The world’s biggest tech groups have signed up to a law in Indonesia that campaigners warn threatens freedom of expression in south-east Asia’s largest economy, in the latest compromise by the sector to retain access to an important market.

Social media companies including Meta, TikTok and Twitter have registered for a licence at the Indonesian communications ministry under which they might have to censor content and hand over users’ data. Some registered only hours before a deadline at midnight on Wednesday.

Apple, Microsoft, Google, Amazon, Netflix and Spotify have also signed up.

In a press release, Indonesian authorities say tech companies which fail to register by July 27 will be blocked in the country. The statement was issued before Amazon and Microsoft signed up; it lists them alongside several other major entities like Alibaba and Opera, game developers like Epic Games and Steam, and also Yahoo.

This is certainly a law to keep an eye on. Requiring internet companies to comply with police requests is a thorny issue, but not unexpected. The more concerning demand is that authorities will be able to request the removal — in Indonesia, at least — of materials deemed illegal in the country or unfit for public consumption. Authorities in the country are particularly worried about extremism.

In a statement, the Aliansi Jurnalis Independen criticized the vague descriptions in the law as being too open to interpretation, leading to decisions that are arbitrary at best and censorship at worst. Its concern is understandable: this policy supersedes two 2014 laws intended to filter pornography and illegal acts, but which sometimes overstepped their intentions. For example, Reddit and Tumblr have been unavailable at times in their entirety because of their permissive — or, in the case of Tumblr, formerly permissive — attitude toward porn.

This new law is similarly broad, which you can probably imagine given how online game providers are encouraged to register or be blocked. While these steps have been taken by about two hundred international tech companies, over eight thousand local Indonesian websites of all types and kinds are listed in its database. These are not just “tech companies” in the typical sense. Like I said: it is broad.

The Digital Services Act, recently passed by European Parliament, similarly requires removal of materials deemed illegal. These laws reflect a growing trend, but though I do not think it is universally negative, I have concerns. The world should be watching.

Instagram Cannot Beat Them, Joins Them

Instagram introduced some changes to the way its Reels and Remix features work. Among them:

Remix for photos: Photos are core to the Instagram experience. In the coming weeks, you will be able to remix public photos. This gives you limitless inspiration to create your own unique reel.

[…]

Since reels offer a more immersive and entertaining way to watch and create videos on Instagram, we’re bringing these creative tools and the full-screen experience to your video posts, too. In the coming weeks, new video posts shorter than 15 minutes will be shared as reels. Videos posted prior to this change will remain as videos and won’t become reels.

I am sure this is market-tested, and I probably have no idea what I am talking about. But it truly feels like Instagram is Gromit laying tracks just ahead of a fast-moving train. Can anyone articulate the company’s plan a few years out? Is lobbying to rid the United States of TikTok its big creative product strategy?

So many of the creative people I know who use Instagram just want the people who follow them to be able to see their work. But their work is increasingly invisible unless it is a video, despite Adam Mosseri’s promise that “photos are so important” and to “[do] right by photos long-term”. Even if it is a video — excuse me, Reel — Instagram’s machinery may deem it unworthy of viewing by your followers.

My account received these updates today, including an always-on dark mode TikTok-like timeline view, and it is discouraging. It feels like Instagram is actively trying to destroy any simplicity it once had by kind of doing a bit of everything — badly. Again, I am certain there are metrics-based reasons for these decisions and I am just out of touch. But it seems like Instagram is constantly playing catch-up to whatever is new and trendy at the expense of anything definitively Instagram’s own.

Placer.ai Admits Users Accessed Data for Planned Parenthood Clinics

While we are on the subject of data marketplaces, here is Joseph Cox, of Vice:

Placer.ai, a location data firm that Motherboard previously revealed was providing heatmaps of approximately where abortion clinic visitors live, has admitted that people have obtained data related to these visits in the past.

A different location data company, INRIX, offers census block-level aggregate statistics of Planned Parenthood visitors. But it is kind of irrelevant what individual data brokers are offering and the limitations they place on themselves because the value of this stuff is in the aggregate and users have little individual control. As an example, one data platform, Narrative, boasts connections to seventeen different location providers claiming two billion mobile identifiers. “Always present” in this data set are the latitude and longitude, timestamp, and device identifier. In May, it removed data on its platform collected from some health-related apps, but it relies on platform users following its terms and conditions.

Narrative is just one example of a massive and insidious industry relying on a lack of knowledge among users and failure to regulate.

TikTok Suspicions

Alex Hern, the Guardian:

So I was interested to read a report that attempts to look at the general suspicion of the service. Published on Monday by the Australian-US cybersecurity firm Internet 2.0, it is based on a teardown of TikTok’s Android and iOS apps.

And all you have to do to read a copy of this report about TikTok’s mysterious data collection and tracking practices is enter your name, email address, and phone number into an embedded form on Internet 2.0’s website. The form is provided by Salesforce’s Pardot marketing automation product, which might share the personal identifiers you provide to augment it with information available from any of these third-party databases, depending on Internet 2.0’s settings.

But go on.

The most alarming finding in the report is that unexplained connection to a server that Perkins locates in mainland China, run by Guizhou BaishanCloud Technology Co Ltd.

When the Guardian asked TikTok about the findings, it dismissed the report. The server connection it specifically rejected, with a spokesman saying that the IP address listed “is in Singapore, the network traffic does not leave the region, and it is categorically untrue to imply there is communication with China.“

Specifically, its authors claim a subdomain referenced in the app was resolving to an IP address with a location that kept changing but sometimes reported it was in China. The report says this server connection is only present in the iOS version of TikTok, but not the Android version. The Android app is home a whole world of other privacy concerns because it permits a more permissive “culture of ‘grab what you can’ in data harvesting”, in the words of this report. That is, as has been repeatedly pointed out, not unique to TikTok.

I again feel compelled to point out that focusing on TikTok’s data practices is the wrong approach when this trove of personal information is available elsewhere. Eradicating TikTok does not solve this fundamental problem, nor does it meaningfully impede data collection efforts by unscrupulous actors. The reason this keeps making headlines is because it is easy to figure out TikTok’s anti-privacy data collection practices — or, at least, easier than coming up with a coherent narrative of its political influence.

Hern:

It’s possible to draw up totally wild, action movie-style plot where TikTok’s data could pose a geopolitical risk to the west. What if, say, the prime minister’s son takes to posting private videos of his parents’ movements that can then be analysed by the People’s Liberation Army to set up a perfect cyberattack? In practice, though, the value of data harvesting to TikTok is the same as the value to Facebook, Google and all the other tech giants that it sits alongside: it makes the company money.

Others have suggested the real concern over TikTok is its hypothetical ability to sway public opinion in ways favourable to China. Evidence for this is more limited; a paper by Joanne E. Gray explored, in part, differences between moderation practices on TikTok and Douyin. The rhetoric around these concerns sometimes reminds me of American anti-communist propaganda during the Cold War. It may be as trite as it is true: history should not be forgotten or buried, and we should avoid repeating our worst instincts.

The Future of Cars as Computers

James Vincent, the Verge:

BMW is now selling subscriptions for heated seats in a number of countries — the latest example of the company’s adoption of microtransactions for high-end car features.

A monthly subscription to heat your BMW’s front seats costs roughly $18, with options to subscribe for a year ($180), three years ($300), or pay for “unlimited” access for $415.

For comparison, BMW UK charges £600, or about $710 USD, to equip a 1-Series with heated seats as part of a larger package of comfort options.

Now that seemingly everything is a connected device, anything can be turned into a subscription. This is one bizarre example. Maybe an owner in a usually warm climate wakes up one frosty winter morning and, so, is happy subscribing to heated seats for a month or two, thereby saving money by not paying the flat rate price BMW charges to add the equipment to the car. Except heated seats have to be equipped from the factory. The hardware must be there; it is gated solely by software.

Joseph Cox and Aaron Gordon, Vice:

Historically, cars come with various features offered as part of packages, or “trims,” which the buyer decides when they purchase the car. Originally, these were nearly all physical or hardware upgrades like leather seats, more horsepower, or a sunroof. But, increasingly, they are software-enabled features like automatic headlights and wiper activation and driver assist features like adaptive cruise control. The creation of software-locked features means all versions of a car can have the feature, but only if the customer pays to unlock them. Some coders are helping customers do this off-the-books.

If BMW is going to entrust its software to be the gatekeeper deciding whether installed hardware can be used, I say “good luck”. Do you think owners who elect to not subscribe to heated seats are not actually paying for them? They must be built into the bill of materials. Behaviours like BMW’s are normalizing the ability for companies to skim revenue off the top for no reason other than because they can.

This is what we can expect going forward in contexts we had never previously imagined, enabled partly by laws like the DMCA’s anti-circumvention rules. Businesses love predictable monthly recurring revenue streams. Do you believe we are already being squeezed for every dollar we can give? Of course not; BMW’s strategy proves there is plenty more room for nickel-and-diming, customer experience be damned.

Apple Reaches Settlement in U.S. Over Butterfly Keyboards

Jonathan Stempel, Reuters:

Apple Inc. agreed to pay $50 million to settle a class-action lawsuit by customers who claimed it knew and concealed that the “butterfly” keyboards on its MacBook laptop computers were prone to failure.

The proposed preliminary settlement was filed late Monday night in the federal court in San Jose, California, and requires a judge’s approval.

I skimmed this settlement last night immediately after its publication and it appears it will be open to anyone in the United States who bought a MacBook with a butterfly keyboard. Payout levels will be determined by the scale of repair required, up to a possible $395.

One of the particularly frustrating aspects of this lawsuit is the degree of redaction in documents and transcripts. There are filings where entire pages are effectively eliminated. That is not unusual, of course, but it is irritating for those of us who want to understand what happened with these keyboards. When the components that were changed between different models are treated as a corporate secret, it is unlikely we may ever know when Apple first found problems and why it took so long to fix them. Some documents offer tantalizing glimpses of this timeline, suggesting Apple found issues beginning early in the keyboard’s development, but there was no chance for the truth of that claim — or any other — to be proven in court.

A similar class action suit in Canada is ongoing.