Month: November 2022

Everdeen Mason, New York Times:

Now we can shift our work to editing the puzzle. Tracy Bennett, who joined The Times as an associate puzzle editor in 2020, will be the editor of Wordle. The game will have a Times-curated word list and will be programmed and tested like the Spelling Bee and the Crossword.

This includes themed answers, like last week’s DRIVE and FEAST which were chosen for American Thanksgiving. If there is one thing Wordle players wanted, it is for the Times to strip away the randomized fun and inject a serious sense of predictability.

Johana Bhuiyan, the Guardian:

The tech advocacy group Accountable Tech conducted an experiment in August and October to test Google’s pledge. Using a brand new Android device, researchers with the group analyzed their Google activity timeline, where the company shows what information is logged about an account holder’s actions. This activity helps make Google’s services “more useful” to users, according to the company – for instance, by “helping you rediscover the things that you’ve searched for, read and watched”. However, any information collected by Google is potentially subject to law enforcement requests, including the data logged in “My Activity”.

The group found that searches for directions to abortion clinics on Google Maps, as well as the routes taken to visit two Planned Parenthood locations, were stored in their Google activity timeline for weeks after it occurred. At the time of this article’s publication, the information was still stored and available at

Not exactly surprising but still worrisome. In a narrower scope, it points to Google’s confusing mess of privacy settings, in which it treats location privacy as separate from searches and directions in Google Maps. The best thing you can do right now, regardless of who you are or what you think you will search for in the future, is to turn off Web and App Activity.

If you widen the scope, though, it is obvious such controls should not be left up to individual users to figure out, nor should it the decision of specific data brokers whether to retain or flush sensitive information. This is a systemic issue that requires a systemic legislative response.

Andrea Mills, of Internet Archive Canada:

With the passing of Bill C-19 this past June, the Copyright Act was amended to extend the term of copyright for literary, dramatic or musical works and engravings to life of the author plus a period of 70 years following the end of the calendar year in which that author dies. What was unclear at the time of royal assent was WHEN exactly this would come into force — if on or after January 1, 2023, one more year of works would enter the public domain. Unfortunately, we now know that this date has been fixed as December 30, 2022, meaning that no new works will enter the Canadian public domain for the next 20 years.

At the time, the Minister of Justice prepared a customary statement summarizing the likely effects of the bill, and blamed these changes on the 2018 revisions to NAFTA:

This legislation implements one of Canada’s obligations under the Canada–United States–Mexico Agreement, is consistent with that of many other nations, and may support Canadian creators in the international marketplace.

Timothy Vollmer of Creative Commons pointed out how much this kneecaps the public domain and threatens new creative works. A disappointing development, to be sure.

According to a filing today in the “butterfly” keyboard lawsuit, the class action settlement has been approved. If you are part of the class — that is, a U.S. buyer of a 2015–2019 MacBook, MacBook Air, or MacBook Pro model, and you had the keyboard repaired or a keycap replaced — you will receive your notice beginning December 12.

I am writing this in part to once again express my dismay that this suit was settled before substantial information was made public about this keyboard’s development and failure rate. I am sure there is an interesting story here. This specific era of Mac hardware made for a frustrating time to be an Apple customer, and it would be cathartic to understand it more deeply. I hope someone will tell it.

We are officially one month into Elon Musk’s ownership of Twitter. One month of needlessly cruel layoffs, of cozying up to far right goons, of uncertainty about the direction my favourite bar is taking. It is under new management which thinks few people are unwelcome to stay regardless of their behaviour, and fired most of the bouncers so there are fewer people keeping an eye out for things that drive others away. At best, he is spineless. At worst, he is enabling and even welcoming terrible people; that is certainly how they read it.

Is it any wonder advertisers are reportedly spooked?

Now he has decided to take on what used to be his biggest advertiser after they, in the words of Musk, “threatened to withhold Twitter” from the App Store, apparently without explanation. But it does not take a close Apple watcher to speculate on why it would be newly concerned about the Twitter app: it requires all apps which permit user submissions to have functional filtering, blocking, and reporting mechanisms. This is not a mystery. Apple is probably — understandably — worried about Musk’s statements and the laying off of thousands of moderators. In fairness, Twitter does not have a spectacular track record of ridding its platform of even the most heinous material but, also in fairness, eliminating all but one person tasked with removing CSAM in the world’s most populous region will make it harder to solve this problem, despite claims to the contrary.

Musk framed Apple’s reduced advertising spend as an attack on free speech. That is a wild accusation to throw at a company that, as Jason Koebler at Vice pointed out, twice challenged the FBI when the Bureau attempted to compromise encryption. Apple’s control of native app distribution on iOS devices means it is uniquely positioned to influence acceptable limits of speech and, as Musk also complained about today, it extracts fees from digital businesses. Those are also concerning factors — ones which I have repeatedly writen about. But Musk has no credibility in framing its ad spending as a free speech issue.

Of note, Twitter has also been a staunch defender of free speech. This bar I love has long been home to anonymous users and a crack legal team pushing back against worldwide interference. It has also established internal boundaries to try to improve the comfort of its guests. Many of the people making those decisions have been pushed out, replaced by people more obedient to the whims of an owner who believes none of that is necessary. He says he will comply with regulators while laying off staff responsible for that. This bar is filling up with assholes who are making many of us uncomfortable and driving some away. Hopefully, the new spot can fill the void. Even so, it still feels like a loss.

Samuel Wigley of the British Film Institute:

An HD cam filming driver-passenger conversations from the dashboard – an impossible space to fit one of your old-school movie cameras (Abbas Kiarostami’s 10). An unbroken 90-minute take gliding through St Petersburg’s Hermitage Museum – an impossible length of time to capture in one go on 35mm (Aleksandr Sokurov’s Russian Ark). A nine-hour documentary that embeds us in the slow decline of a Shenyang industrial district, all shot by a crew of one (Wang Bing’s West of the Tracks). In the spring of 2002, Attack of the Clones wasn’t the only world premiere using digital cameras to recalibrate our expectations of what a film could be.

I was glad to see a brief mention of Michael Mann’s “Miami Vice”. It was shot almost entirely digitally, and its visuals now feel grainy and blocky, yet retain that Mann-specific cinematic feel.

Rebecca Bellan, TechCrunch:

Despite concerns, any driver who has already paid the steep price for Tesla’s FSD will be able to access the software in North America. Tesla had previously extended FSD access to 160,000 owners in the U.S. and Canada in September, and today’s widespread rollout makes good on previous promises from Musk to get FSD in every Tesla by the end of 2022.

If it is only available in North America, it does not fulfill the promise to have Full Self Driving in every Tesla this year — thankfully. Tesla owners, lured by the perennially broken promise of fully autonomous transportation and who paid up to $15,000 USD for that possibility, can now enable it even though Tesla’s autonomous systems are such a public safety hazard they are likely facing a criminal investigation.

Earlier this week, Facebook released its most recent Widely Viewed Content Report, for which it still does not create unique permalinks. There is a copy on the Internet Archive for, you know, archival purposes. The Widely Viewed Links section of the report is notable for being full of celebrity gossip but, unlike previous reports, none of them were associated with scams or were removed for violating the company’s policies.

Jeff Horwitz, Wall Street Journal:

Over several months, members of Meta’s product, user-experience and integrity teams hammered out better definitions for low-quality content and agreed on ways the company could avoid amplifying it, according to the documents and people.


As part of its efforts in the new “Content Quality War Room,” the company sought to better identify what made users feel a post was trashy. The effort homed in on finding ways to measure “un-aesthetic attributes, unoriginality, low integrity, and ‘low-calorie’ content,” as one director later wrote.

While the headline on Horwitz’s article is “Facebook’s Most Popular Posts Were Trash. Here Is How It Cleaned Up.”, I would avoid drawing any specific conclusions from this single report. This is a three-month slice of, according to Facebook, 0.05% of U.S. News Feed posts. And the most viewed posts on the website are still pretty lightweight, too. This is not a collection of the finest investigative reporting or original video projects. But it is noticeably better than it used to be.

Also, please stop calling parts of your office the “war room” unless you are actually at war. The teams responsible for this are trying to make sure their platform is not amplifying Minion memes, not sending people into battle. Relax.

David Pierce, the Verge:

Smartphones may be boring now, but that’s only because they’ve been so good for so long. As they’ve become so entrenched and ubiquitous in our lives, they’ve become even harder to disrupt. How do you beat the device that can do everything and is always with you? Battery life, I suppose. But good luck with that on your AR glasses.

The iPhone was, as Brian Mccullough put it on the tenth anniversary of the device’s announcement, “conceptually perfect”. Just about every post-iPhone smartphone has been a clear evolution of that first model in almost every single way: a device small enough to fit in your pocket but with a display for immersive applications, with a wide range of connectivity options, and a battery that lasts for about a day. It is an immersive device that does not require total immersion, unlike many of the products pitched for our future. The single biggest conceptual difference between the original iPhone and today’s smartphones is the shift of the camera as an afterthought to one of any smartphone’s key features.

None of us can predict the future. But it is difficult to imagine improving upon it with anywhere near the smartphone’s mass adoption.

Only one main issue with Pierce’s piece I see:

Amazon’s big idea about Alexa wasn’t wrong, exactly. In fact, most of the tech industry shares the ambient computing vision: a seamless network of gadgets that know you and can act on your behalf to accomplish all kinds of goals. And there are lots of Alexa devices out there in people’s homes, playing music and setting timers. But nobody’s figured out how to make ambient computing profitable.

I am not sure this is right. The two most recognizable entrants into the ambient computing space — if by “ambient computing” you mean a creepy egg — are Amazon and Google, which sell their devices at a loss — but that is their choice. They could, theoretically, price these gadgets with healthier margins. But that would likely price them out of impulse buys, into the realm of things that need more fulsome justification. And that is the real problem. The hard part of ambient computing is not making it profitable, it is making it good and compelling.

Something with no visual interface sounds amazing until you realize it is impossible to know its boundaries. You can ask for a translation to one language and it will work perfectly, but a different language is not translatable. A command that activates some smart home gadget may not work the same way for a different device. If all an egg is reliably good for is setting timers and reminding you of chores, it is no surprise that few people are likely to pay hundreds of dollars for one.

Eugene Kim, Insider:

Insider spoke with over a dozen current and former employees on the company’s hardware team to get a better picture of its current condition. They described a division in crisis. While Alexa was once one of the company’s most rapidly growing projects, the mounting losses and massive job cuts underscore the swift downfall of the voice-assistant and Amazon’s larger hardware division.


Meanwhile, the first cracks in the products business model began to show. Internally, the team worried about the quality of user engagements. By then Alexa was getting a billion interactions per week, but most of those conversations were trivial, commands to play music or ask about the weather. That meant less opportunities to monetize. Amazon can’t make money from Alexa telling you the weather — and playing music through the Echo only gives Amazon a small piece of the proceeds.

I cannot put it much better than Todd in the Shadows did:

Amazon sold the Alexa as a loss leader that didn’t actually lead to anything.

We are often told technology companies are reinventing the way many of us will purchase products, but I do not buy that narrative. Before voice assistants — which would apparently result in us shopping by verbal commands — Amazon released Dash buttons. Various direct-to-consumer brands originally operated as online-only retailers, only to realize many people do not want to buy a mattress or eyeglasses without trying them in person. The COVID-19 pandemic brought with it another wave of how different the world will operate on a fundamental level.

It seems none of these predictions has fully panned out. There are many people who will continue ordering groceries with curb-side pickup, buy everything online with the understanding anything unwanted can simply be sent back, and maybe some people will yell at their speaker to send them a new box of Dutch Blitz after a particularly aggressive board game night. Most people probably will not. We will mostly continue to click “Add to Cart” and shop in stores near where we live. We should make cities more accessible and less car-centric because that helps our communities far more than pressing a button near your laundry machine to have more detergent shipped to you.

I am curious about how in-app shopping will fare in places like TikTok and Instagram. In five years, will people be buying clothes and home furnishings from the people they follow? There is no way to know, but it seems like a story we have all heard before. on Twitter:

It’s our 20th birthday today . A huge thank you to everyone who supported us and scrobbled with us throughout that time. You make possible. Bring on the next 20.

Via Jacob Kastrenakes at the Verge:

I was a little surprised to see that was still around when I first started writing this story, let alone that it had new communities flourishing around its data. (The company didn’t respond to a request for an interview.) But I suppose in a world where most services close off and hide your data, there’ll always be people looking for a way to track it and analyze it themselves. And in exchange, they get the joy of arguing about music stats every day — and not just once a year when Wrapped comes out.

It is not just about the stats and the tracking — it is about what those things can do. When I re-activated my scrobbling last spring, my goal was to pair Apple Music’s massive library with’s more compelling listening suggestions. Keeping those things separate also makes it more portable. If I ever decide to switch to Spotify or drop my Apple Music subscription and rely only on local files again, my history and recommendations will be preserved elsewhere.

Here is a short and curious Twitter thread from app developers and security researchers Tommy Mysk and Talal Haj Bakry:

Apple’s analytics data include an ID called “dsId”. We were able to verify that “dsId” is the “Directory Services Identifier”, an ID that uniquely identifies an iCloud account. Meaning, Apple’s analytics can personally identify you.

Apple states in their Device Analytics & Privacy statement that the collected data does not identify you personally. This is inaccurate. We also showed earlier that the #AppStore keeps sending detailed analytics to Apple even when sharing analytics is switched off.

Apple also refers to the DSID by other names, such as the “Apple User Account Identifier”, “Apple ID Number”, “Apple ID Reference Number”, and “Original Unique Identifier”. Based on my 2021 data request it is, as described, a proxy for a specific Apple ID. It identifies you with Apple’s services, including for things like marketing and communications efforts. I have a spreadsheet of the nearly nine hundred times me and my DSID ignored Apple’s attempts to upsell me on Apple One, a service which launched just thirteen months before I made this data request. I also have a list of all the times I contacted AppleCare and the same identifier is attached. In most, but not all, instances, this numeric identifier is the only personal identification entirely without redaction. In my records from Apple, my name, email address, Apple ID and aliases, and phone number are only shown in part.

I am not surprised Apple assigns a personal identifier for its services; Mysk and Bakry say they found the same identifier in analytics logs for the App Store, Apple Music, and other company services.1 The researchers point to Apple’s Device Analytics & Privacy document where it says in the iOS Device Analytics section that “[n]one of the collected information identifies you personally”. But this does not pertain to Apple’s services which are covered by entirely different policies. Both the App Store and Apple Music say usage information is collected. These are not device analytics, they are services analytics. How else are recommendations or search features supposed to work? If anything, I wish Apple used this information in even smarter ways: up until recently, a search for “Low” in Apple Music would always return several results related to the Flo Rida song first, which does not see any playback from me, instead of the band I often listen to. I wish those results were more tailored to my use of the service.

In fairness, perhaps the Device Analytics toggle in Settings should be worded more clearly to indicate that turning it off will not opt out of store and services activity. I am also shocked by the granularity of information in these storefront analytics. It is relevant to Apple’s recommendation engine if I listened to an album or song and whether I finished it, but it is hard to see what value it has in knowing my track playback to the millisecond. I also think the identifier used by Apple’s services should be different than the Apple ID that is correlated with your device purchase history and support requests.

Where I think things take a more concerning turn are in the logs Apple collects alongside bug reports and crashes. If I am reading the Device Analytics policy correctly, these would fall under a category of logged personal data which “is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple”. However, I am not sure that is strictly true. I downloaded the copy hosted by Apple of a sysdiagnose package sent by my MacBook Pro — which does not have a beta profile installed and is running a public non-beta version of MacOS — and found my identifier in three files. If these are in the copy I downloaded from Feedback Assistant, Apple has copies of these three files, all of which are associated with iCloud features. Because that identifier is also used in some iCloud API requests, I also spotted the same value in activity logs for third-party applications using things in my iCloud account, as well as in metadata for local copies of documents I downloaded from my drive at However, I did not see this identifier in any other diagnostic report, usage logs, or other analytics on my Mac.2

I may be getting something wildly wrong here, but I am not sure I see the presence of this Apple ID proxy in Apple’s services logs to be a violation of either its own policies or users’ expectations for using internet services in general. Its highly granular analytics are more comprehensive than I think many people would believe is necessary, to an extent they violate the spirit of what Apple professes to stand for, and it would be better if this identifier were sandboxed to avoid any association with real-world activity like service requests. I do not think it is news that device analytics are not the same as services analytics, certainly not to the extent that it justifies a lawsuit.

But there is a quirk that interests me: does Apple continue to view the iPhone as a device with a unified and interconnected set of hardware, software, and services it controls at a platform level? While it is possible to use an iPhone without an Apple ID, it is not possible to use the App Store without one, and installing software outside of the App Store is officially not possible. Because of DRM, it is also not possible to sign into the App Store for the purpose of downloading a third-party app, then sign out of an Apple ID and be able to use that app. Apple may not strictly be associating someone’s use of an iPhone with a personal identifier, but it is extremely limiting to avoid using an iPhone’s features without associating with that identifier. A wall between these aspects may be overprotective, but overprotective is how Apple markets itself.

A good question is whether Apple violated privacy laws like GDPR with the use of this identifier combined with the description of the device analytics opt-out. An answer to that question is well outside my expertise.

  1. As an aside, and I do not intend this to be mean, I think it is a little funny how Gizmodo described the way Mysk and Bakry gathered information on the analytics Apple collects: “they used a jail broken iPhone running iOS 14.6, which allowed them to decrypt the traffic and examine exactly what data was being sent”, and they “also examined a regular iPhone running iOS 16”. It makes it sound like this is information impossible to be found without some laborious and technical work.

    But this same information appears to be available if you just ask for it. I have some giant spreadsheets here containing all sorts of analytics about my activity in the App Store, Apple Music, Apple Books, and other Apple services. Maybe I am missing something, but this does not strike me as a massive secret if it is something Apple will hand over if you simply ask.

    Collecting this information at the device or network level may not be telling the whole story. Apple says it adds layers of randomization upon receipt of the data, before it or its products are made available internally. ↥︎

  2. My iPhone is running the latest beta seed of iOS so I assumed it would collect more information. A spot check of a few analytics and usage files did not contain my identifier, but I would not draw general conclusions about iOS from beta builds. ↥︎

Jeff Butts, the Mac Observer:

Beginning in iOS 16, Apple has added the ability to push out security fixes without requiring a full iOS update. This can be much faster to install, since the patches are generally much smaller. Wednesday, Apple released one of these updates, called a Rapid Security Response, to testers running iOS 16.2 beta 3. After some time, we learned this update was only for testing purposes.

When I saw this update on my iPhone earlier this week, I assumed it was fixing some kind of critical vulnerability. Alas, it seems it contains no material changes, even though it was over 70 MB for me. I wish this was better documented as a test, but it is good to know this capability exists and, as far as I can tell, appears to work as intended.

Elizabeth Lopatto, writing at the Verge in April:

Now, if Musk buys Twitter, I feel like we all have a vague idea of how this goes. First, a lot of Twitter employees quit because Musk’s companies are notoriously miserable places to work. Second, Musk tweets about a bunch of shit and then does some of it — which may or may not include reinstating Donald Trump on Twitter, getting rid of all the spam bots, and adding a fart button. Third: uh, maybe profit?

As of tonight, this train is right on schedule with slim chances of reaching its most optimistic destination.

I looked between the couch cushions and found some news for you that is not related to Twitter. A pre-emptive caveat that fixed generational boundaries are not my favourite way of grouping people, but I thought the results of this survey were interesting enough to share.

Jordan Marlatt, Morning Consult:

Although complicated, Gen Z’s relationship with data privacy should be a consideration for brands when strategizing their data privacy policies and messaging for the future. Expectations around data privacy are shifting from something that sets companies apart in consumers’ minds to something that people expect the same way one might expect a service or product to work as advertised. For Gen Zers, this takes the form of skepticism that companies will keep their data safe, and their reluctance to give companies credit for getting it right means that good data privacy practices will increasingly be more about maintaining trust than building it.

A shift from privacy as a plus to privacy as an expectation is long overdue, but entirely welcome. It may also explain the bizarre chart that shows younger respondents who were more favourable to companies that engage in a set of anti-privacy practices, like collecting user data without disclosing what purpose it serves or sharing collected information with other companies. If younger respondents believe changing company behaviour and regulations can establish a baseline for privacy, it might result in less concern.

Then again, maybe it is just naïvety. A 2013 survey found Millennials were, at the time, more likely to care less about privacy online, leading the Center for the Digital Future to ask “is online privacy over?” and a Pew survey found much the same. The oldest memebers of Gen Z are in their mid-twenties. Perhaps privacy is something people, in general, begin to worry more about as they become older.

My thanks to Due for sponsoring Pixel Envy this week. Due’s developer asked me to remind you of what makes the app different.

“Annoying” is probably not a word a developer would like his app to be associated with.

I certainly don’t mind.

Thankfully, users have also thought of my app as “indispensable” and a “game changer”.

It has helped people living with ADHD and early dementia. It has saved marriages. And it seems to have even saved lives. I’d love to say I had these noble goals in mind when I made Due in 2010.

The truth is, I created Due for myself.

The first version tackled just one thing — quickly capture what needs to be done, and when it needs to be done.

When I realized it was easy to miss notifications, I added Auto Snooze. It repeatedly notifies me of overdue reminders until I act on them.

Then, I found myself needing to reschedule reminders frequently. So I made it easy to postpone a reminder — even without launching the app.

Someone who had used Due for the past 9 years said the person who created Due knows his stuff.

I guess that’s because there isn’t a day that goes by where I don’t use Due myself.

Learn more about what Due can do for you. Perhaps you’d find Due as useful as my customers1 and I do.

  1. Links to App Store reviews used in post. ↥︎

Max Read:

[…] Put another way, the rest of Twitter will go like the whole verification episode did: it’ll be stupid and annoying for a while, then chaotic, then pretty funny, and then, at the end of the process, basically the same as before, but slightly worse.

Or, that’s how it will go if Musk works hard at rehiring a workforce and repairing the site infrastructure. The problem is that arresting and reversing the decline in functionality is going to take a lot of money and a lot of time. […]

The first question Read poses — how long can the public experience of Twitter continue to work in the midst of chaos and layoffs? — is, I think, less knowable and predictable than the second: how much money is Musk willing to sink into this thing? I would love to believe we win in any circumstance, but I do not think Twitter shutting down is a good thing individually or for the world; it is okay to like Twitter.

Besides, there is a very obvious third direction for the site to take: Musk’s policies could make Twitter worse. He has already promised shadow banning as a policy, which I think is less kind than reminding users of platform rules. It is possible a year or two of speed running website moderation will enable a bunch of awful people and spam while the site maintains comparable influence. If Musk has deep enough pockets, even a decline in advertising dollars may not dent his enthusiasm of owning a big social media platform. That would be an obviously worse outcome.

Christine Dobby, writing for the Globe and Mail in 2018:

Less than three weeks ago, Shaw gave 6,500 non-unionized employees the option to take voluntary severance packages, but said it expected just 10 per cent, or 650 people, to accept the buyouts; on Thursday, it said 3,300 employees had taken the offer – one-quarter of the company’s workforce.

I think about this story more often than you might imagine. For one, it demonstrates the effectiveness of unionization. For another, it also indicates a high level of staff dissatisfaction of management. At the time, annual layoffs were routine at Shaw, but these buyouts were offered to more employees than usual — nearly half the company’s staff at the time. Over half of offered staff accepted the buyouts. That was a lot of people who chose to walk away from an assumed stable job and income, and did not reflect well on Shaw.

Steven M. Bellovin on Twitter:

Sad news from @unccs — Fred P. Brooks, the founder and long-time chair of the department (and a major influence on my professional outlook) passed away a few hours ago.

Brooks, of course, was responsible for Brooks’ Law as described in the Mythical Man-Month: “adding manpower to a late software project makes it later”. An icon and one of the great thinkers in computing.

Mia Sato, the Verge:

NewsWhip data shows that BuzzFeed’s footprint on Facebook has withered away for years as a result of these changes. In 2016, BuzzFeed stories posted on the platform had 329 million engagements; by 2018, that number had fallen to less than half. Last year, BuzzFeed posts received 29 million engagements, and this year is shaping up to be even worse.

[…] now has around 30 staffers, says Jess Probus, senior vice president of editorial, with the classic viral content produced by full-time employees, freelancers, and volunteer community writers. For the full-time staff, nobody’s entire job is curating internet content for BuzzFeed — everyone is expected to be able to do it.

As Sato writes, the Buzzfeed homepage reads like a time capsule of a different era: big “LOL” and “win” badges in the upper-right, clickbait headlines, and collections of posts from other websites. Instead of collections of Tumblr posts or tweets, though, the articles are full of Reddit reposts and TikToks.