Month: April 2023

U.S. Government Officials Obtained NSO Group Spyware Despite Contrary Policies nytimes.com

Speaking of NSO Group and spyware, Mark Mazzetti and Ronen Bergman, New York Times:

On Nov. 3, 2021, the Biden administration publicly announced its decision to put NSO on the Commerce Department blacklist, in effect trying to put it out of business and putting the United States on record as seeking to rein in the proliferation of commercial spyware.

Days later came a well-disguised step in the other direction: Gideon, the U.S. affiliate of NSO, entered into the contract with “Cleopatra Holdings” — Riva Networks — specifying that the U.S. government would get access to NSO’s premier geolocation tool, what the company calls Landmark.

Landmark turns phones into a kind of homing beacon that allows government operatives to track their targets. In 2017, a senior adviser to Saudi Arabia’s crown prince, the same person accused of orchestrating the killing of Mr. Khashoggi, used Landmark to track Saudi dissidents.

Can you believe intelligence agencies would so brazenly disregard laws like these? Dumbfounding, I tell you.

A Look at QuaDream’s Exploits, Victims, and Customers citizenlab.ca

Amy Hogan-Burney of Microsoft:

We are also acutely aware that to have real impact, we must pair our commitment with action. Microsoft has disrupted the operations of Knotweed and Sourgum, two cyber mercenary groups targeting victims around the world. Today, we are taking further action. In partnership with security researchers from The Citizen Lab of the University of Toronto’s Munk School, we have tracked the malware used by an Israeli cyber mercenary we refer to as DEV-0196. The malware has been used to target communities including journalists, NGO workers, and politicians. Microsoft is sharing information about DEV-0196 with our customers, industry partners, and the public to improve collective knowledge of how cyber mercenaries operate and raise awareness about how cyber mercenaries facilitate the targeting and exploitation of civil society. Technical information for customers and the security community is available here.

The iOS spyware package described by Microsoft is similar to NSO Group’s Pegasus, albeit with far less publicity so far. This one is called Reign; it was developed by QuaDream which, like NSO Group, is an Israeli firm with unsavoury customers around the world. The targets are familiar, too — not terrorists or mob bosses, but “journalists, political opposition figures, and a non-government organisation (NGO) worker”.

Researchers at Citizen Lab analyzed the spyware and one capability stood out to me:

Sample 2 appears to have functionality for:

[…]

  • Hijacking the phone’s Anisette framework and hooking the gettimeofday syscall to generate iCloud time-based one-time password (TOTP) login codes for arbitrary dates. We suspect that this is used to generate two-factor authentication codes valid for future dates, in order to facilitate persistent exfiltration of the user’s data directly from iCloud

I could not find whether similar spyware from other companies can also do this; unsurprisingly, spyware companies are very secretive. It is a notable inclusion in this list.

Lorenzo Franceschi-Bicchierai, who now writes for TechCrunch:

Apple’s spokesperson Scott Radcliffe said that there’s no evidence showing the exploit discovered by Microsoft and Citizen Lab has been used after March 2021, when the company released an update.

Microsoft suggests enabling the recently introduced Lockdown Mode on your devices if you feel you may be a target.

Go Indie

Here are three relatively recent interactions I have had with independent software developers:

  • In November 2020,1 I suggested a separate display of the optional external_url property for JSON Feeds in NetNewsWire. I was not sure how to program this, but I thought it was a reasonable idea and, fortunately, Maurice Parker and Brent Simmons agreed. Within a week, it was part of the application. (Because this is open source software, I feel comfortable being precise.)

  • A reader emailed me with questions about iPhone photography. That gave me an idea, which I sent off to a developer, who responded positively to the suggestion.

  • I encountered a strange bug in a Safari extension. I emailed the developer with specific conditions and a screenshot, and received a reply mere hours later asking for more information. A busy week got in the way of my reply, so the developer emailed again several days later to follow up. I was no longer able to reproduce the bug but it was nice to be reminded.

These are just a few of the numerous pleasant experiences I have had with independent software developers. I cannot say the same is true of big corporate developers — not even close.

Of course, to expect otherwise would only be lying to oneself. The biggest companies in the world do not have the time or staff to handle the feedback from millions — billions — of customers on a personalized basis, so they need to triage. Common questions are handled by a voluminous collection of help desk articles. Bug reports are filed in some database to be compared against known problems. Feature suggestions are evaluated in the context of their effect which, on the scale of millions of users, will always be significant.

All of that is understandable. You all know that. And you also know I am totally preaching to the choir when I say that the more you experience that, the more it sucks the joy out of using a computer. When I buy and use software from an independent developer, it feels like I am establishing a relationship with the person or small team that built it; it feels like we both have a stake in the success of the product. But when I use software made by a massive company, I can feel the power imbalance in the pit of my stomach.

It seems unlikely that we can eschew software made by industry giants, and it may be unwise to try. There are advantages to using the same product as millions of other people for collaboration, common understanding, a common ecosystem, and security. While someone may be able to breach a Gmail account, the chances of them hacking into Gmail are vanishingly small. But just as these products may give us a sense of stability, the best of the independents indulge in the fun, the spirit, and the experimental side of software. They are the soul. The time I spend using any of my computers and devices would be so much worse without the indies.

  1. Okay, so only two “recent” interactions. ↥︎

The Advertising Industry Is Running Itself Into the Ground hellgatenyc.com

Pretend for a moment you are an advertising industry executive. You own a bunch of real estate in the form of billboards and poster frames, and you are getting the feeling that people are not paying as much attention to ads as they used to. One reason for this is COVID; another could be how greedy your industry has become. Not only are ads present on every physical surface you can imagine, they are also on every digital surface. Websites have ads, the most popular apps in the world are made by advertising companies, and many of the accounts people follow are walking billboards. You could find ways of convincing your advertiser clients to produce things which are aesthetically pleasing, or funny, or clever, or original. But what if people refuse to look up?

What if — and hear me out here — you just tricked them?

Willa Glickman, Hell Gate:

If you’ve taken the subway recently, you may have noticed there’s a new food trend in town: clickbait cuisine. Recipe videos for “brieghetti pie,” an engorged egg-in-a-hole “baked brunch boat,” and an omelet cooked in a plastic bag are just some of the offerings being beamed out to the MTA’s millions of daily subway riders on nearly 10,000 digital advertising screens throughout the system.

[…]

The recipe videos aren’t ads, per se, but are “engaging content” designed to drive “eyeballs,” as Outfront charmingly likes to refer to us humans, so that when we are served advertisements for things that are actually being sold, we can’t look away. Outfront sources these videos from a company called First Media, which creates them as part of a cooking brand called So Yummy. (First Media did not respond to our requests for comment.) First Media also owns Blossom, a DIY craft and “life hack” channel, whose videos also play on Outfront’s screens. For anyone who has ever wondered if you might be able to glue pistachio shells together into a small flower to liven up a terrarium or chop up pool noodles to protect your picture frames — you can!

Everybody is so creative!

Kudos to Glickman for pointing to Ann Reardon’s long-running series of debunking these kinds of ridiculous how-to videos.

See Also: Ryan Broderick yesterday on outrage bait short-form videos.

‘Make Something Wonderful’ stevejobsarchive.com

From the Steve Jobs Archive, Make Something Wonderful is a remarkable collection of Jobs’ public and private speeches, email exchanges, notes, and other records of note. There are hidden gems in here, like an email exchange with Andy Grove and an engineer at Intel — “I have changed my position 180 degrees” — in addition to things you might expect, like notes and drafts of his 2005 Stanford Commencement address. And it is free as either an EPUB file, on Apple Books, or on the web.

Complaining About the Weather Apps theatlantic.com

Charlie Warzel, the Atlantic:

Technologically speaking, we live in a time of plenty. Today, I can ask a chatbot to render The Canterbury Tales as if written by Taylor Swift or to help me write a factually inaccurate autobiography. With three swipes, I can summon almost everyone listed in my phone and see their confused faces via an impromptu video chat. My life is a gluttonous smorgasbord of information, and I am on the all-you-can-eat plan. But there is one specific corner where technological advances haven’t kept up: weather apps.

This is a bizarre article. It seems like it was intended as a timely response to the recent problems with Apple’s Weather app, but I am not sure what point it is making.

The paragraph which follows this opener is a recitation of common problems with weather apps, plus complaints about the accuracy of weather forecasts. Those are completely different things. The forecasts shown in apps from Weather Underground or the Weather Channel are the same as the forecasts shown on the web, and have nothing to do with the app itself. This distinction is not trivial — later in the piece, Warzel acknowledges weather forecasting has become more accurate.

Warzel then explains why weather apps differ:

Traditional meteorologists interpret these models based on their training as well as their gut instinct and past regional weather patterns, and different weather apps and services tend to use their own secret sauce of algorithms to divine their predictions. On an average day, you’re probably going to see a similar forecast from app to app and on television. But when it comes to how people feel about weather apps, these edge cases — which usually take place during severe weather events — are what stick in a person’s mind. “Eighty percent of the year, a weather app is going to work fine,” Matt Lanza, a forecaster who runs Houston’s Space City Weather, told me. “But it’s that 20 percent where people get burned that’s a problem.”

So it seems like an accurate portrayal of unlikely weather events is a key reason why someone would prefer one app over another. If an app saved you from rapidly developing downpour or blizzard conditions by alerting you first, that might increase loyalty. If an app is overzealous, it might make you frustrated.1 All of this is about the accuracy of widely-referenced models which are getting better, so all apps and services benefit.

If we set aside problems with forecast accuracy, Warzel’s complaints about the apps themselves begin to look less compelling. Apps which present an oversimplified summary of current and forecasted conditions can leave the user with false confidence. Conversely, apps which offer more detail are overwhelming and leave it up to inexperienced users’ own interpretation, concluding:

[…] Although many people need reliable forecasting, true loyalty comes from a weather app that makes people feel good when they open it.

That is not what Warzel wrote earlier. Yes, Carrot is very fun. But if it used backend services which were wrong all the time, it would not matter how many different reactions it had for each time you poked its ocular sensor.

It sure sounds like Warzel is just complaining about the weather, more than anything. Forecasts are sometimes wrong. It sure sucks that some apps do not strike a great balance between clear summaries and information overload. But maybe part of this is how people are often pretty bad at interpreting probability.

  1. During last year’s heat waves, I had to turn off extreme weather alerts for the then-beta version of Apple’s Weather app because it was constantly telling me it was very hot outside. That is useful perhaps once per day, and much less so once every couple of hours. ↥︎

Bill Gates Tries to Install Movie Maker techemails.com

For a zestier take on executives using their own company’s products, here is a 2003 email from Bill Gates [sic]:

I tried scoping to Media stuff. Still no moviemaker. I typed in moviemaker. Nothing. I typed in movie maker. Nothing.

So I gave up and sent mail to Amir saying – where is this Moviemaker download? Does it exist?

So they told me that using the download page to download something was not something they anticipated

Gates’ email is a solid summary of how I remember Windows was around this time. Then there is an excruciating back-and-forth between different teams at Microsoft as they try to figure out who to talk to about making it possible to click a button and download Windows Movie Maker from a web browser.

Uber Executives Addressed Driver Complaints Only After Using Their Own Product wsj.com

Preetika Rana, the Wall Street Journal:

The CEO pinged Uber’s head of driver operations, Carrol Chang, on Slack minutes later. “Getting a lot of questions,” he wrote, Ms. Chang said. “But I stand by the driver investments and fully believe it’s going to pay off.”

[…]

In June that year, she held a four-hour Zoom meeting with company executives and asked them to ferry passengers and food for the app so they would understand drivers’ grievances.

[…]

The following weekend, [Dara] Khosrowshahi hopped on an electric bike and began delivering food in San Francisco. Posing as a gig worker for the first time was a wake-up call, he said.

According to the Journal, Khosrowshahi was not the only executive to agree to Chang’s suggestion and having meaningful suggestions. And, sure, I should acknowledge how good it is for these executives to put themselves in the shoes of their workers to discover what using the product is really like. But another way to read this soft focus piece is Uber’s CEO of nearly six years has not used the company’s product until recently, nor has he taken seriously the repeated and longstanding complaints of workers. As PR-friendly as this piece is, it also looks more than a little embarrassing for Uber’s executive team.

Apple Passwords Deserve an App cabel.com

Cabel Sasser:

In my dumble opinion, Apple should:

  • Break Passwords out into a standalone app, with an actual fully resizable window (!!), and full, proper UI for most of its features

  • Make Passwords a toolbar item in Safari for easy access and to be top-of-mind for the user

  • Stick to a basic feature set, but do that well

After spending some time yesterday changing a bunch of passwords through Apple’s existing system, all I can say is “yes, please”.

iCloud Keychain works great for my needs, but its existing implementations leave much to be desired. As of MacOS Ventura, the preferred way to do password-related things is through the Passwords pane in System Settings. But its performance flags with the number of passwords I have. That is not a weird flex; it is the only benchmark against which I can judge it.

The more performative option on MacOS is Keychain Access, but that app does not really do the same thing as a dedicated Passwords app. For one, it is for all of your keychains; it is not a password manager. For another, it does not have the “Detect Leaked Passwords” feature. So, yes to this idea, and yes to application windows which can be resized in both directions.

Changelog, 2023–04

Posts announcing a redesign are often boring and more than a little redundant. Here are four things I think you should know about this new iteration of Pixel Envy:

  1. I have joined this century and now use web fonts — specifically, I am using the excellent IBM Plex family. I am wary of its corporate-specific connection, but I like its legibility, its support for oldstyle figures, and its vintage-modern look.

    I am aware some people are not big fans of web fonts, whether for privacy reasons, bandwidth, or preference. I get it. For what it is worth, I serve these files myself instead of offloading that task on some third party I know nothing about. But if you would prefer to use system fonts instead, I have updated my opt out page.

  2. There is now, at long last, full support for dark mode.

  3. Speaking of things which feel completely outdated, I looked high and low for a current way of making a multi-resource favicon and these decade-old instructions are still the gold standard.

  4. I miss the way old record players and other bits of stereo equipment used specific applications of orange on otherwise near-white or grey objects. Orange is a good colour.

Let me know if anything is catastrophically broken. I am expecting problems with the odd article which uses images, but because there are so few, I am not too bothered, and will update as needed.

‘Journalists Should Leave Twitter’ techdirt.com

For a smart counterpoint to Twitter’s hangers-on, look to a January article in Techdirt by Dan Gillmor:

Elon Musk has demonstrated contempt for free speech in general, and journalism in particular, with his behavior at Twitter. He is also demonstrating why it is foolhardy for anyone to rely on centralized platforms to create and distribute vital information. Journalists — among many information providers and users — should move to decentralized systems where they have control of what they say and how they distribute it. And philanthropic organizations have a major role to play. Here is a way forward.

As if Twitter’s new management needed to underscore Gillmor’s arguments, it appears Substack users — some of whom are journalists — are having problems with embedding tweets. And, look, it is fully possible to quote tweets as text — I do it all the time because I think Twitter’s embeds are gross — but this reeks of retaliation or, at the very least, little care for how these features are actually used.

The good news, for me, is that it appears my write-only Twitter bot is still working, for now.

One Foot in Twitter and One in Mastodon andy-bell.co.uk

Casey Newton:

By some measures, Twitter usage is down from previous highs. But among the 900 or so tech and media professionals I follow, usage is basically steady. The timeline may scroll a little more slowly than it used to, but everyone is still showing up for their daily dose of sparring for retweets. And I think it’s worth taking a moment to reflect on why.

Andy Bell:

I honestly think Mastodon — or some other decentralised platform — is the long term future, but I also think unless Twitter literally disappears, it’s going to take a long time. That’s fine, in my opinion. It gives Mastodon time to evolve into something more people friendly, which will be great!

Twitter does not need to lose for Mastodon to become a successful network; it already is successful for many people, despite — or perhaps because of — its size. But I do see where both these writers are coming from. Twitter is still a more vibrant place for many users, and I share many of Bell’s gripes about a particularly zealous sort of early adopter.

I am more optimistic about online social networks today than I was, say, just a couple of years ago. The long-quiet Mastodon has been invigorated. The launch of Glass was well timed against Instagram’s erosion. The demise of incumbent platforms has been overstated, but their stagnation and lack of focus has catalyzed interest around these smaller entrants.

The Bitcoin Whitepaper Is Hidden in MacOS waxy.org

Andy Baio:

While trying to fix my printer today, I discovered that a PDF copy of Satoshi Nakamoto’s Bitcoin whitepaper apparently ships with every copy of macOS, since at least the release of macOS Catalina (version 10.15) in 2019. I’ve asked over a dozen Mac-using friends to confirm, and it was there for every one of them.

[…]

One other oddity: there’s a file called cover.jpg in the Resources folder used for testing the Photo media type, a 2,634×3,916 JPEG of a sign taken on Treasure Island in the San Francisco Bay. There’s no EXIF metadata in the photo, but photographer Thomas Hawk identified it as the location of a nearly identical photo he shot in 2008.

I can see the use of the Bitcoin whitepaper as a sort of universal PDF unencumbered by intellectual property concerns. The photograph is more interesting to me, if only because it is a 3.7 megabyte image with seemingly no user-facing rationale.

Update: Baio:

A little bird tells me that someone internally filed it as an issue nearly a year ago, assigned to the same engineer who put the PDF there in the first place, and that person hasn’t taken action or commented on the issue since. […]

Nice to see internal bug reports get the same kind of attention as external ones.

iPhone Voice Isolation Comes to Regular Phone Calls With iOS 16.4 9to5mac.com

Filipe Espósito, 9to5Mac:

iOS 15 introduced new Voice Isolation and Wide Spectrum modes to change audio capture using the iPhone’s built-in microphone. However, these modes were only available for FaceTime calls and some third-party apps. But with iOS 16.4, Apple is bringing Voice Isolation to cellular calls as well.

These voice modes and the video effects which were introduced at the same time are really hard to find. They are not surfaced in apps; instead, they are in Control Centre. So you start a phone call, then swipe down to reveal Control Centre, then tap on the newly-revealed Mic Mode cell, then select the mode you want to use. There is no way to set a mic mode as a universal default but, happily, the app from which the mic mode was triggered seems to remember which mode you prefer, at least for a while.

Apple Music Classical After One Week tidbits.com

Kirk McElhearn, TidBits:

Apple Music Classical is a free app for Apple Music subscribers to access this new, enhanced collection of music. Inexplicably, it is only available for the iPhone. One would expect Apple Music Classical to be available for desktop computers, especially since many people listen to classical music from a Mac, or a PC running iTunes, connected to a stereo. Since Apple Music has added a lot of high-resolution music, which requires an external DAC (digital-analog converter) to play at its full quality, it is quite difficult to play that sort of music from an iPhone. You can stream music to an AirPlay 2-compatible receiver with a DAC attached, but most people don’t have that hardware. You can, of course, stream Apple Music Classical from an iPhone to a HomePod — the second generation of which also supports Dolby Atmos, or what Apple calls spatial audio — but overall, this focus on the iPhone limits playback options considerably.

As McElhearn points out, this is a catalogue of music already in Apple Music, though interpreted and structured differently for the unique needs of classical listening. Adding it to the already confused Music app for MacOS makes as much sense as using the Music app for iOS — that is, it is limited by design and necessitated the creation of an entirely separate app for a better experience.

It seems Apple Music Classical is merely a version of the Primephonic app Apple acquired, skinned to resemble the standard Music app. After a week, I find this similar-but-different quality creates a muddled experience as a user. The Classical app does not support context menus, transitions between some screens see the title animate from one direction while the rest of the screen animates from the other, and the Now Playing view does not respond to dragging up or down as it does in Music. The Library view is uniquely confusing and buggy. It feels more like a third-party app in the style of something Apple could make more than it does than Apple’s own app.

That is a shame because, as McElhearn writes, this is not just an app for people who already listen to classical music:

Two types of people will want to use Apple Music Classical. Those who don’t know much about classical music but want to explore it, and those who are already classical music fans and want to find their favorite artists and recordings and discover new ones.

Spotlighting classical music with an app which interprets its unique metadata structure will surely help more people see and discover it. The app gets a lot of stuff right, especially in terms of search. I just wish it matched the quality of the iOS Music app.

By the way, the more I think about this app, the more I came to realize Apple’s interpretation of ID3 audio metadata is limited — and not just for classical music. The most recent spec was published in 2000, and contains fields for entries like remix artists, source medium, and live recordings, by way of descriptive text, but Music does not support any of these fields. It never has, even when it was called “iTunes”. Instead of using this comprehensive structure, songs in a local music library, in the iTunes Store, and in Apple Music resort to a series of parentheses for featured artists, live recording venues, and the album version or master — “How the West Was Won (Live) [Remastered]”, for example, or “Momma Sed (Alive at Club Nokia) [Live]”. There may be good reasons for these limitations. But it would be better if all the songs and albums in Apple’s catalogue contained more fulsome and better-structured metadata. The spec is already there and it needs mass adoption.

Update: Alex Cranz, the Verge:

This is all to say, I’m in love with Apple Music Classical, and I just keep wondering why the regular app isn’t more like it. While classical music certainly has a need for a vast array of metadata, I like to think most other music does, too. People like to listen to the works of a single producer, and when they search for Stephen Sondheim, they should be able to just see all the musicals he composed as neatly as I can see all the works of Antonín Dvořák in Music Classical.

It is not even possible to search for music released in a specific year in Apple Music. Maybe I am missing something, but every piece of metadata should be searchable. Artificial limits like these are bothersome.

HP Goes to the Greatest Lengths to Make Owning One of Its Printers Among the Worst Decisions Anyone Can Make, Including by Region-Locking Its Ink theverge.com

Try to get halfway through Nathan Edwards’ retelling, for the Verge, of the time he brought an HP printer with HP ink from the Netherlands to the United States and discovering its ink was region-locked, without becoming infuriated by the destruction of a Silicon Valley institution which used to make computers and printers and things that worked just fine but now makes its money by abusing its customers.

Worldwide PC Market Contracts After Two Years of Significant Growth gartner.com

Gartner:

Worldwide PC shipments totaled 65.3 million units in the fourth quarter of 2022, a 28.5% decrease from the fourth quarter of 2021, according to preliminary results by Gartner, Inc. This marks the largest quarterly shipment decline since Gartner began tracking the PC market in the mid-1990s. For the year, PC shipments reached 286.2 million units in 2022, a 16.2% decrease from 2021.

This year-over-year decline comes after growing by nearly 5% in 2020 compared to the year before, and then 10% in 2021. While PC sales in 2022 were down compared to the year before, they were still higher than in 2020.

That context is notable in light of a report that Apple paused production of its M2 chips in January and February. Even so, Gartner estimates Apple grew its Mac sales in 2022 compared to the year prior — the only brand to do so.

Update: IDC reports Mac sales declined by 40% in January through March 2023 compared to the same period in 2022. For comparison, IDC said Apple’s sales declined by 2% in the final months of 2022 compared to the year previous; Gartner said they dropped by 10% in the same comparison.

Rogers Closes Shaw Takeover theglobeandmail.com

Rogers:

Rogers Communications Inc. announced today it has completed its historic merger with Shaw Communications Inc.

Alexandra Posadzki, the Globe and Mail:

Rogers has made a number of commitments to the federal government in connection with the deal, encoding them in written undertakings that impose penalties if the promises are not met.

Those commitments include a previously announced promise that it will spend $1-billion within five years to expand high-speed internet and 5G in areas where that connectivity is not currently available. The telecom has also pledged to create 3,000 new jobs in Western Canada within five years, to maintain a Calgary headquarters for at least 10 years, and to invest $2.5-billion to expand 5G coverage in Western Canada and $3-billion in other network service expansion projects. Rogers has agreed to pay $100-million for every year in which it fails to meet any of its commitments, up to $1-billion.

Am I supposed to be impressed by a $5.5 billion commitment to investing in expanding 5G service? In 2022, Rogers reported over $3 billion (PDF) in capital expenditures, and Shaw said it spent over $1 billion (PDF). Is this $5.5 billion above and beyond what it would have otherwise spent to grow its networks in the most obvious and logical way? Meanwhile, the CEO of Globalive — which created WIND Mobile, later sold to Shaw and rebranded Freedom Mobile, and as of today sold to Videotron as a condition of this merger — is predicting significant layoffs, contrary to the optimistic employment commitment from Rogers.

Sadly, it appears regulators did not have much choice but to approve this merger. Freedom Mobile was the only meaningful competition between the two companies, so its sale sealed the deal. That is too bad. Canadians deserve better choices than these thuggish companies, Bell and Telus inclusive. If that $5.5 billion investment commitment really is in addition to the amount both companies would already be spending, it indicates the Canadian telecom landscape is nowhere near strong enough as neither company is working its hardest to provide the best service or lowest prices.

And if it is impractical to expect more competitive offerings across the vast landscape that is our country, nationalize these businesses. That is the kind of thing Crown corporations are for.

Google Rolls Out Surprise File Limits in Drive arstechnica.com

Ron Amadeo, Ars Technica:

[…] From what we can tell in the various comments on Reddit and the issue tracker, both consumer and business account types are subject to this hidden 5 million file limit.

It might be understandable to limit a data hog abusing a free account, but that’s not what’s happening here. Google is selling this storage to users, via both the Google Workspace business accounts and the consumer-grade Google One storage plans. Google One tops out at 30TB of storage, which costs an incredible $150 a month to use. Google Workspace’s formal plans cap out at 5TB, but an “Enterprise” plan promises “As much storage as you need.” From what we can tell in the various comments on Reddit and the issue tracker, both consumer and business account types are subject to this hidden 5 million file limit.

You know what enterprise I.T. departments love? Surprises.

Microsoft also has limitations for OneDrive and SharePoint, which are known because they are documented. Even so, and while I am sure there are good reasons for these things, limitations like these feels like a regression. A maximum number of files, and maximum path lengths? Even stranger, Microsoft says performance will be degraded if you sync more than 300,000 files in SharePoint, even though it supports storing up to thirty million files.

Update: Google says it is rolling back this change.