Month: July 2023

The Fix Is In

Kevin Purdy, Ars Technica:

Ricky Panesar, CEO of UK repair firm iCorrect, told Forbes that screens replaced on newer iPad Pros (fifth and sixth-generation 12.9-inch and third and fourth-generation 11-inch models) do not deliver straight lines when an Apple Pencil is used to draw at an angle. “They have a memory chip that sits on the screen that’s programmed to only allow the Pencil functionality to work if the screen is connected to the original logic board,” Panesar told Forbes.

A Reddit post from May 23 from a user reporting “jittery” diagonal lines from an Apple Pencil on a newly replaced iPad mini screen suggests the issue may affect more than just the Pro line of iPads.

Usually I would point you to the original source — in this case, Forbes — rather than a rewrite, but I made an exception for the author of this Ars piece. If you recognize the name “Kevin Purdy”, it could be because he used to work for iFixit, which is acknowledged in this article.

At iFixit, Purdy was responsible for repeatedly claiming Apple was sabotaging device repairs, citing as evidence the inability to swap the camera between iPhone 12 units and the Face ID system between iPhone 13s. Unofficial iPhone 11 display swaps showed a message saying the display was not genuine and, importantly, True Tone also could not be enabled. And now we have this iPad and Apple Pencil issue to add to the list.

One thing all of these features — synchronicity between the Pencil and iPad screen, Face ID, cameras, and True Tone — have in common is that they are features which require precise coordination between hardware and software. Different parts perform differently, even if they were made by the same company in the same factory at the same time. Apple achieves a level of uniform behaviour on its devices through a proprietary calibration process.

I find Purdy’s analysis of these issues to be frustratingly shallow and lacking. Every time one of these parts calibration problems arises, Purdy immediately ascribes it to a deliberate repair lockout strategy, even though software updates have ensured these parts remain functional and have even fixed some problems spotted by iFixit. iOS 14.4 corrected camera problems for iPhone 12 models with swapped modules and iOS 15.2 re-enabled Face ID for screen-swapped iPhone 13s. In general, I feel that a warning in Settings that a screen or camera is not an official part is a fair way to notify users about what is going on in the mystery box of electronic wizardry they are holding, especially since the iPhone resale market is stronger than phones from any other company by a huge margin, and some of the components for which Apple requires calibration are for security features like Touch ID and Face ID.

The problem I have with a Machiavellian explanation for Apple’s repair idiosyncrasies is that it does not address the actual problems created by its decisions about device construction and maintenance. Hector Martin put it well:

You need to stop pushing these ridiculous conspiracy theories and instead focus on reality: these machines are complex, their production is complex, their repair is complex, and just swapping parts around willy nilly may not result in a quality result, and that is *normal*. Advocate for Apple to provide access to their calibration re-provisioning processes instead, so you can actually get things set up properly and working as intended by the manufacturer. Them not providing those tools sucks and is anti-repair. The product engineering that requires those tools for a proper outcome is not.

From the perspective of users, it does not matter whether Apple is actively making it harder to repair devices or if that is a side effect of other priorities. And, from the perspective of activists and policymakers, I am not sure it makes much difference either. If hardware and software need to go through some process to become better acquainted with one another and work properly, that is fine by me. If it is all a ruse, that sucks, but ultimately is not relevant.

People should be able to swap screens and batteries — at the very least — without having to find a specifically authorized technician with provisioned access to some internal Apple tool. Not every Apple device owner lives in a big city in a rich country, where Apple’s network of technicians is concentrated. The software should be part of the toolkit available to anyone repairing their device outside the Apple Authorized Service Provider channels.

In fact, that is not too far off from what Apple has been doing. In addition to making parts and tools available and improving device repairability, it recently announced it would be making the System Configuration step entirely self-guided. This is progress. Even so, I see room for improvement. The self-service program is currently offered through a website that looks barely legitimate, let alone connected to Apple, is something the company only offers in a handful of countries which does not currently include Canada, and can alter or stop providing it at any time. Good public policy could ensure most common repairs can be done by anyone who is inclined, with quality parts and tools made available.

Barring evidence proving otherwise, I am not convinced Apple’s final software calibration step is some kind of evil manoeuvre to subvert repairs and kneecap its products. Framing it in those terms is a distraction from effective right-to-repair activism. I am not someone who believes Apple cannot do bad things; any regular reader is well aware of that. But I do believe these kinds of motivations demand proof beyond typical and fair suspicion of big corporations.

Twitter’s ‘X’ Becomes the First App With a Single-Letter App Store Title arstechnica.com

Ashley Belanger, Ars Technica:

Apple has granted a rare exception to its strict App Store rules, allowing Twitter to rebrand as X and become the first one-character iPhone app.

A “rare exception”? I guess in the vastness of the App Store, any atypical behaviour could be considered “rare”. Apps that have been granted most entitlements, like those which support CarPlay, are rare amongst the 1.8 million iOS apps out there. But bigger, well-known developers are granted exceptions to both App Store rules and punishments for breaking them.

Anyway, X Corporation is threatening to sue the Center for Countering Digital Hate over research the latter published into what it found was a rise in hate speech on Twitter after Elon Musk’s acquisition.

Update: X Corp has now filed that lawsuit (PDF).

Turner Classic Movies Airs a Film With ‘Pirated’ Subtitles torrentfreak.com

Ernesto Van der Sar, TorrentFreak:

The subtitles that appeared on Turner Classic Movies were made for a Karagarga release, too but weren’t necessarily sourced through the site. The fansubs may be available through other subtitle repositories as well.

TorrentFreak contacted TCM to find out if the company has any idea how the subtitles ended up on the official broadcast, but the company didn’t immediately reply (see update below). The problem may lie with a third party, as the Criterion streaming service reportedly shows the same subtitles.

If I were betting on the accuracy of subtitles, I would put all my money on the communities of enthusiasts over official channels.

Kashmir Hill Profiles Mike Masnick of Techdirt nytimes.com

Kashmir Hill, New York Times:

It hasn’t paid very well, but what [Mike] Masnick doesn’t have in wealth he makes up for in influence. Lawmakers, activists and executives consider him an essential guide for what’s happening in the technology world and what to do next.

“Whenever tech policy news breaks I always want to see what Mike’s take is going to be,” said Senator Ron Wyden, Democrat of Oregon, in a statement. Mark Zuckerberg, the head of Meta, has called him “insightful and reasonable.” The tech entrepreneur Anil Dash said he “shows up and ships every day” and has been “filing constantly for decades on a beat that is thankless.”

Great profile, and deservedly so. When there is news about tech policy or overarching trends, Masnick’s voice is one of sanity and trust. When I disagree, I still find his opinion a valuable gut-check.

All Long-Term Tenants at a Montreal Apartment Building Were Replaced With an Airbnb Ghost Hotel ricochet.media

Zachary Kamel, Ricochet:

As part of our ongoing national investigation into platforms like Airbnb and their role in the housing crisis, we’ve been tracking and identifying the largest players in some of Canada’s hottest rental markets. These property owners and entrepreneurs operate vast networks of unlicensed, and often illegal, ghost hotels.

[…]

Until this week Firmin was the second largest host in Montreal, offering 76 listings spread across the metropolis. Considering the data only accounts for one of many accounts connected to him, it’s possible that he was the largest host in Montreal at the time.

The “ghost hotel” nomenclature refers to an entire apartment building which is functionally a hotel because most or all units are short-term rentals instead of tenant-occupied.

Huge chunks of cities with ongoing housing affordability crises are dominated by Airbnbs; in Canada, Vancouver and Toronto are standouts. According to the data on Inside Airbnb, nearly 40% of those in Vancouver are unlicensed, and over 70% are in Toronto. We can all pretend these are mostly people who rent out a spare room, or maybe they are away and can offer their entire place, but I think we all know that is not true. There are over twenty-five thousand homes in Toronto which are Airbnbs, and over fifteen thousand of them — as of writing — have not been booked in the past year. The vast majority of these are rentals of twenty-eight days or longer because Toronto law only permits short-term rentals of someone’s primary residence. Airbnb sits between tenants and landlords in an all-too-perfect definition of rent-seeking.

Teslas’ Estimated Range Does Not Reflect Driving Conditions reuters.com

Steve Stecklow and Norihiko Shirouzu, Reuters:

Tesla years ago began exaggerating its vehicles’ potential driving distance – by rigging their range-estimating software. The company decided about a decade ago, for marketing purposes, to write algorithms for its range meter that would show drivers “rosy” projections for the distance it could travel on a full battery, according to a person familiar with an early design of the software for its in-dash readouts.

[…]

Tesla supervisors told some virtual team members to steer customers away from bringing their cars into service whenever possible. One current Tesla “Virtual Service Advisor” described part of his job in his LinkedIn profile: “Divert customers who do not require in person service.”

Such advisors handled a variety of issues, including range complaints. But last summer, Tesla created the Las Vegas “Diversion Team” to handle only range cases, according to the people familiar with the matter.

[…]

Tesla also updated its phone app so that any customer who complained about range could no longer book service appointments, one of the sources said. Instead, they could request that someone from Tesla contact them. It often took several days before owners were contacted because of the large backlog of range complaints, the source said.

A large portion of this report conveys Tesla’s internal decision-making based on the word of a single source. I am a little surprised Reuters decided to publish it.

Scott Case, of Recurrent, which is a service that monitors electric vehicle batteries and provides information to current owners and buyers of used vehicles:

The reality is that the laws of physics apply to Tesla, too – Tesla is not much different than other automakers. When you need to heat and cool your car – and your battery – in hot and cold weather conditions, you can’t drive as far. That impact is substantially lessened when a car is equipped with a heat pump and advanced thermal management, which many newer Teslas (and other cars) are.

It’s also worth noting that it’s not like other manufacturers have perfected accurate range estimates either. Actual range varies according to all kinds of different factors, like speed, temperature or use of climate control. Every other automaker has a different approach to sharing those estimates, but it often tends to be closer to reality than Tesla’s approach.

All electric cars are affected by temperature because people turn on the heater or air conditioner. So, too, are cars with internal combustion engines — the Canadian government estimates fuel consumption is increased by up to 20% because of air conditioners.

But there are chemistry changes which are specific to electric vehicles, and the combined impact on range is notable. Recurrent’s data indicates the Chevrolet Bolt and Ford Mustang Mach-E both get around 65% of their EPA-estimated range in sub-freezing temperatures, while Tesla models get less than half their estimated range. Even at more temperate spring or autumn temperatures, Teslas only give around 60% of the range estimated by the EPA, while it is between 90% and a little over 100% for the Bolt and Mustang. What is unique about the Tesla models is how they consistently display a range of around 90% of the EPA sticker, no matter the conditions.

The Reuters report portrays the range estimate as deliberately misleading in the sense that it is intelligently giving drivers an optimistic number: it uses “algorithms for its range meter that […] show drivers ‘rosy’ projections”. But I think the reality is even worse — it is actually a very dumb estimate which is not adjusted based on any real-world factors. These cars are supposed to be so smart they nearly drive themselves, but they use a range calculation that is the definition of ‘ignorance is bliss’? Choosing to use this misleading estimate is obviously beneficial to Tesla because it is not affected by actual driving. Even in a best-case scenario, the data collected by Recurrent suggests a Tesla’s displayed range is not actually achievable.

Recurrent’s data also shows why so many electric cars seem to be overbuilt, and please forgive me for this slow-to-realize lightbulb moment. There are plenty of people for whom a car with a 100 kilometre range would be acceptable, and it would make electric cars more affordable.1 But if it gets closer to 50 or 60 kilometres on one charge for several months a year when it is brand new and at its best, that is a severe compromise in the ugly sprawling car-centric cities of Canada and the United States.

Reuters’ source also told the reporters that customers complaining about range problems would be denied an appointment for service. That makes sense: Tesla allegedly knew its range estimates were not a reflection of reality, so there really was nothing wrong with the cars themselves. But it is horrible for customer trust. Just two days ago, Tesla settled a class-action lawsuit which claimed the company would sign a contract for installing solar panels on customers’ homes, then argue their roofs had too many angular bits and increase the cost. This does not appear to be a company that prides itself on service or communication.

  1. Whether there is a buying market for these cars is another matter entirely. Most buyers of pickup trucks and SUVs do not need a large vehicle with those capabilities. But they are routinely the best-selling vehicles in Canada and the U.S. because people buy what they want, not what actually fits their life or their garage↥︎

Bad U.S. Internet Bills badinternetbills.com

Readers from the United States, allow me to direct you to Fight for the Future’s current initiative about Bad Internet Bills. They are profiling crappy bills — many of which appear to promise great things — that will erode security and privacy. You may recognize the Cooper Davis bill from this website last week, and there are five others worth your attention.

This initiative is running for a couple more days, and there are resources indicating what you can do about it. There is a prefilled form letter but, if you are able, a phone call or a personalized message work better.

A 3D-Printed AirPods Pro Case That Enables Easier Battery Replacements theverge.com

Jon Porter, the Verge:

“I am taking on a significant project to demonstrate how one of the most popular gadgets today — Apple’s AirPods Pro — could have been easily made repairable with minimal effort,” [Ken] Pillonel says in a press release. “My primary objective is to encourage consumers to be more mindful of their choices and to motivate manufacturers to prioritize sustainability.”

With his project, Pillonel attempted to recreate each component of the AirPods Pro charging case before modifying them to be held together with nuts and screws rather than glue. The modifications make it easier to get inside the charging case without breaking it in order to swap out the battery — no soldering required.

Pillonel’s making-of video is extraordinary. It is still hard for me to believe that there exists a range of headphones priced from $130 up to $549 that need to be thrown away after just a few years, even if all the components are still good, because the battery can no longer hold a charge. Pillonel has not yet demonstrated a way to replace the batteries in the headphones themselves, but this is an impressive DIY effort that solves half the problem.

Google’s Nightmare ‘Web Integrity API’ arstechnica.com

Ben Wiser, et al., of Google, proposing a new Web Integrity standard:

The trust relationship between websites and clients is frequently established through the collection and interpretation of highly re-identifiable information. However, the signals that are considered essential for these safety use cases can also serve as a near-unique fingerprint that can be used to track users across sites without their knowledge or control.

We would like to explore whether a lower-entropy mechanism – Web Environment Integrity – could help address these use cases with better privacy respecting properties.

The goals of this project are laudable. Between this and features like PassKeys, you can imagine browsing a web where you are less frequently challenged to prove your identity and, when that happens, it is less interruptive.

Unfortunately, the likely reality is more worrisome. Since awareness of this API began bubbling up early last week, I have read and re-read Google’s proposal trying to make sense of it. I could not quite hit on an explanation that resonated with me.

Then I read Ron Amadeo’s summary, for Ars Technica, and it made complete sense — it is DRM for the web:

Google’s plan is that, during a webpage transaction, the web server could require you to pass an “environment attestation” test before you get any data. At this point your browser would contact a “third-party” attestation server, and you would need to pass some kind of test. If you passed, you would get a signed “IntegrityToken” that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.

If this comes to pass and becomes popular, it will be a sad day for the open web. Unfortunately, Google has both the incentive to release it, and the position to standardize it. To wit, the first argument Wiser, et al., makes for why user integrity is important:

Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they’re human, sometimes through tasks like challenges or logins.

It goes without saying — so I will anyway — that publishers and advertisers want to ensure humans look at ads. Google does as well. As the world’s largest online ad company — perhaps criminally so — Google has to toe a fine line between doing right by its advertising customers and doing right by the users of its web browser, which just so happens to be the world’s most popular. I am not calling conspiracy here, but I do think the objective alignment is noteworthy.

Besides, there are plenty of other reasons to differentiate legitimate human traffic from illegitimate and automated traffic. That is why the CAPTCHA exists. And Wiser does say write that, should this standard be adopted, users ought to be able to view pages even if they do not pass the Web Integrity check.

But what that could look like in practice is for unauthenticated users to be aggressively challenged by login prompts and CAPTCHAs. If website operators can be confident the vast majority of their user base can be validated by Web Integrity attestation, they could adjust the threshold for robot detection to present more CAPTCHAs more of the time. As the purveyor of the world’s most popular search engine, video streaming site, email provider, and maps product, Google is positioned perfectly to force adoption, similar to how it strong-armed publishers into using AMP.1

More worrisome is what this means for the open web. While native app marketplaces have rules about what is permissible for some platforms, the web is entirely free on those same devices. Google’s proposal makes the web less open and less free.

Update: Tim Perry:

Of course, Google isn’t the first to think of this, but in fact they’re not even the first to ship it. Apple already developed & deployed an extremely similar system last year, now integrated into MacOS 13, iOS 16 & Safari, called “Private Access Tokens”: […]

[…]

That said, it’s not as dangerous as the Google proposal, simply because Safari isn’t the dominant browser. Right now, Safari has around 20% market share in browsers (25% on mobile, and 15% on desktop), while Chrome is comfortably above 60% everywhere, with Chromium more generally (Brave, Edge, Opera, Samsung Internet, etc) about 10% above that.

Apple’s lower market share could explain why I see so many more CAPTCHAs and have more trouble accessing pages when using iCloud Private Relay and Safari. It is a little crummy preview of what the web looks like if this technology becomes an expectation.

  1. When I use Google to search the web instead of DuckDuckGo, it is usually because I am combing through its more extensive results for something specific. I often use advanced search operators. This is something Google is especially sensitive about — if I repeatedly search a website by using the site: or inurl: operators, I will see a CAPTCHA for just about each page of search results. I am picturing that, but for every few YouTube videos I watch. ↥︎

CarPlay’s Road Ahead

At WWDC 2022, Apple previewed a new version of CarPlay. It promised deeper integration, taking over for things like ventilation controls, seat position, and dashboard dials. Such an update will basically require expansive screen space, and it will also permit CarPlay to span multiple screens.

A list of supported models is not expected until much later this year, but it appears we are beginning to see glimpses already in a raft of automaker announcements. Some manufacturers — mostly luxurious brands like Porsche — were already toying with all-screen dashboards. That style is becoming increasingly standard and moving downrange. New models from BMW, Chevrolet, Ford, Hyundai, and Lincoln each have a big, long screen stretching from at least the driver’s side across the centre console with digital dials replacing analogue gauges. While none of the mockups show the new version of CarPlay, this layout seems to be designed with it in mind. The mockup Lincoln showed was so similar to CarPlay that, when iMore asked about it, a spokesperson acknowledged it was “uncanny”.

To be clear, none of these mockups seem to show CarPlay, but they do show a new all-digital interface projected across the entire dashboard — exactly how CarPlay will be presented. Stay tuned for the inevitable acknowledgements by Apple and automakers later this year.

Whether people will like these changes is a different matter altogether. A recent JD Power survey indicates people are increasingly dissatisfied with manufacturer-created digital controls, and prefer integration with their phone, which suggests further development might be well-received. But people also prefer physical controls for common functions like turning on seat heaters or adjusting the air conditioning. Volkswagen is dropping the touch controls it added to its steering wheel in favour of real buttons, for example, while Hyundai says it will keep using buttons even as huge screens sweep across the dashboard of its newest models — see above, for example. Porsche may have been an early adopter of an all-screen dashboard with its Taycan, but the new Cayenne manages to retain tactile controls while also embracing digital ones.1

And I still have not acknowledged the potential for increased screens to become more dangerous. We already know that offloading common controls to screen-based interfaces is more distracting. Some of Apple’s mockups show a series of widgets spread across the dashboard with information about the weather, calendar appointments, smart home devices, music, and world clocks. All this while the vehicle is apparently travelling at around 44 miles per hour (70 kilometres per hour) approaching a crosswalk on a street which is signposted for 30 (50). Yes, I know it is a mockup, but it feels realistic: people really do check their calendar while speeding through intersections. Distractions like these are dangerous to everyone on or near a roadway, including cyclists and pedestrians. In the United States, pedestrian fatalities soared, reaching levels not seen in forty years.

But the story seems more complex than the one these U.S. statistics appear to tell. The Canadian auto market mimics the U.S. one, with a similar proportion of different body styles sold, and distracted driving being responsible for fatal collisions at a similar rate. Even so, fatal collisions in Canada have been declining for the same period where they have been rising south of the border. Crucially, this has been true for the 2019–2021 timeframe for pedestrians as a share of fatalities after rising in 2018, and pedestrian injuries have also been on a declining trend. It is not true for cyclists; however, there is no clear pattern either way.

I am most frequently in those latter two categories of road user: I am usually a pedestrian, and often a cyclist. Despite the wide availability of smartphone integration for many years, I still see people in newer cars holding and looking at their phones while driving erratically. Windscreen mounts remain popular, often immediately in front of the driver.

After digging into what is to come in newer cars and recent statistics, I am left with concern and confusion. It seems that something is different in the United States compared to Canada, though the NHTSA recently announced a turnaround for the first part of 2023. But screen-based controls create increased risk, and I find it hard to believe that will be mitigated by bigger screens and more distractions. I worry that drivers five years from now will be sitting in a massive boxy SUV with a dashboard full of touch-activated widgets, and they will still be staring at the phone in their hand.

After years of different answers for ways to avoid touching phones while behind the wheel — CarPlay and its Android counterpart, voice controls, Bluetooth — it seems that is something some drivers will never be able to give up.

  1. In fact, it looks to me like some functionality is duplicated: there appears to be a seat heater icon in both the centre console and onscreen, suggesting the tactile switches could be stateless. ↥︎

Grab and GoTo Pare Back ‘Superapp’ Approach ft.com

Mercedes Ruehl, Financial Times:

Grab and GoTo, south-east Asia’s biggest start-ups before their listings, took inspiration from the grandfather of superapps, Tencent’s WeChat. The Chinese app is the world’s most popular, with more than a billion users, and combines messaging, online payments, ecommerce, video conferencing, video games, photo sharing and a host of other functions.

[…]

Now the model — which relied on enticing customers with expensive subsidised perks such as free delivery, discounts and gifts to dominate markets from Thailand to the Philippines — faces a reckoning. In addition to laying off 11 per cent of its workforce, or more than 1,000 people, last month, Grab also cut its cloud-kitchen business, rolled back subsidies in areas such as food delivery and is spending less time on expansion into units such as entertainment.

This article was published less than one week ago, and it was the second thing I thought of after Twitter announced it was rebranding. The first was “what is X.com CEO Linda Yaccarino talking about?”, and I think the answer to that question might be found in that Tronc employee video from 2016.

‘Get Well Soon’ getwellsoon.labr.io

I have a special appreciation for artworks and projects which rely on themed web scraping; I have worked on several myself. But this one, in particular, is quite distressing.

Sam Lavigne and Tega Brain introducing their project:

The comments posted on gofundme.com’s medical fundraisers form a revealing archive. These messages express care, well wishes, sympathy and generosity in the face of personal adversity and systemic failure. This is an archive of mutual aid in response to a ruthless for-profit health system.

It is an archive that should not exist.

There is power in simplicity. (Via Web Curios.)

Apple Says It Will End FaceTime and iMessage Access in the U.K. If It Is Required to Weaken Security applemust.com

Zoe Kleinman, BBC News:

Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon.

The government is seeking to update the Investigatory Powers Act (IPA) 2016.

It wants messaging services to clear security features with the Home Office before releasing them to customers.

The act lets the Home Office demand security features are disabled, without telling the public. Under the update, this would have to be immediate.

While Kleinman broke this news, it was Jonny Evans at Apple Must who obtained and posted the full letter:

The threat was presented to the UK within Apple’s response to the government in relation to these proposals. You can read the nine-page criticism here (PDF).

Great scoop.

I was waiting to see this letter before linking to the BBC story, since I think it is necessary to see the fullest context of these kinds of arguments. The policy proposed gives the Home Office extraordinary power to approve or deny security and privacy features, and to disable them without acknowledgement, which is a wildly dangerous overreach. Alas, these proposals are also in line with the dreams of other countries. Combined with permanent records storage — also getting closer to reality — policies like these would make the U.K. a test bed for truly authoritarian domestic surveillance.

Researchers Find App Tracking Transparency Reduces Financial Fraud (PDF) conference.nber.org

In digging around the website of the National Bureau of Economic Research for that last post, I stumbled across a working paper entitled “Consumer Surveillance and Financial Fraud” (PDF) by Bo Bian, Michaela Pagel, and Huan Tang. These researchers used Apple’s App Tracking Transparency feature — and the lack of a similar feature on Android phones — to calculate its potential effect on fraud in the United States:

[…] Our results demonstrate that limiting the tracking and sharing of personal information has a significant impact on reducing financial fraud. Specifically, our analysis of CFPB complaints shows that a 10% increase in the share of Apple users in a zip code leads to a 2.63% reduction in the number of financial fraud complaints. Accounting for the 82% opt-out rate of ATT, this translates to a 3.21% reduction in financial fraud complaints. We also establish that areas with high and low iOS share experience similar pre-treatment trends in the likelihood and number of financial fraud complaints.

[…]

[…] We estimate that the reduction in tracking reduces money lost in all complaints by 4.7% and money lost reported in internet and data security complaints by 40.1%.

A 3% reduction in fraud complaints may not sound like much, but an estimated 40% cut in internet-based losses is quite something. The math in this paper is way beyond me, so I cannot vouch for the accuracy of its findings. Still, I think it is an interesting approach.

Obfuscated IP Addresses of ‘Anonymous’ Economics Forum Posts Found to Be Crackable insidehighered.com

Ryan Quinn, Inside Higher Ed:

Researchers looking into online toxicity found a way to connect supposedly anonymous posts on the site Economics Job Market Rumors (EJMR) to IP addresses over the past dozen years, according to a draft paper leaked early online.

While EJMR is an academic jobs forum, it “also includes much content that is abusive, defamatory, racist, misogynistic or otherwise ‘toxic,’” the paper says.

The paper does not simply say that. The posts on the site represent a vile and cruel internal culture with surface-level moderation — one which is so arrogant that its administrator promised a million-dollar reward for anyone who could figure out their IP address from a post. Yet the mechanism for anonymizing posters was weak, without any basic security enhancements. I do not think this paper’s authors are expecting a payout.

Quinn links to a draft copy (PDF) of the paper. Slides (PDF) were posted today at a conference website, as was a revised version of the paper. The paper is not publicly linked, is stamped “confidential” on every page, and the first page contains a plea to “not cite or circulate”; however, in an ironic twist, it is trivial to guess its URL based on the address for the slides. The paper’s lead author has been notified in case this was unintentional.

Kevin Mitnick Dies Aged 59 dignitymemorial.com

Devastating news:

Kevin David Mitnick, 59, died peacefully on Sunday, July 16, 2023, after valiantly battling pancreatic cancer for more than a year. Kevin is survived by his beloved wife, Kimberley Mitnick, who remained by his side throughout their 14-month ordeal. Kimberley is pregnant with their first child. Kevin was ecstatic about this new chapter in his and Kimberley’s life together, which has now been sadly cut short.

Mitnick’s exploits are legendary, and his first book remains an essential read for anyone curious about security, hacking, manipulation, or human behaviour. (Via Boing Boing.)

Beats Studio Pro Headphones Support Lossless Playback Over a USB-C Connection engadget.com

Billy Steele, Engadget:

For the first time, Beats has enabled USB-C wired audio on the Studio Pro. In addition to listening to high-resolution and lossless tunes, you can also take calls while the headphones are actively charging. The Studio Pro has a built-in digital-to-analog converter (DAC) that can accommodate sample rates up to 24-bit/48kHz. That’s enough to handle the high-res streaming from Apple Music, Amazon Music HD and Tidal. Beats has also included three USB-C sounds profiles for wired listening: Signature, Entertainment and Conversation. As the names suggest, each one is tailored to music, movies/TV shows and calls, adjusting the frequency curve for what the company thinks is the best in each scenario. And yes, there’s still 3.5mm playback, which can be used with ANC and Transparency Mode as needed.

Curious to see wired lossless audio support land in a set of Beats headphones first when Apple has its own brand of headphones which are getting closer to their third birthday, and were originally marketed for their audio quality despite being incompatible with the lossless audio library added to Apple Music just a few months later.

Scammers Are Still Changing Phone Numbers in Google Maps twitter.com

Shmuli Evers in a Twitter thread, which was summarized by Monica Humphries at Insider:

“My @delta flight got canceled from JFK. The customer service line was huge, so I google a Delta JFK phone number. The number was 1888-571-4869 Thinking I reached Delta, I started telling them about getting me on a new flight,” he tweeted Sunday.

But that phone call led him to a scam, he said. And, after more digging, Evers said he discovered at least six other airlines with what he suspected were scam numbers listed on Google.

In 2014, Nitasha Tiku reported for Valleywag that a network engineer was able to suggest new phone numbers for law enforcement offices’ listings in Google Maps. Nine years later, it seems people are still able to exploit the same kinds of vulnerabilities. Remember how I wrote I trust Google Maps more often? I should not be so confident.

Update: In local news, directions from Google Maps are guiding people through impassable bus-only access routes.

WSJ: ‘People Have Begun to Love’ Apple Maps wsj.com

Ann-Marie Alcántara, Wall Street Journal:

While Apple might not need the app to sell any more iPhones, the company’s lofty ambitions with cars and augmented-reality headsets depend on maps people actually like using.

“Maps has come a long way, and people have noticed,” Craig Federighi, Apple’s head of software, said during the company’s 2020 Worldwide Developers Conference.

About a year ago, Randall Munroe published a comic in which Apple Maps was referred to as “kind of good now”. I wrote about my then-recent experiences with Apple Maps which were, in short: pretty good directions, pretty bad place listings.

A year and a bit later, and the story remains basically the same where I live. A place listing in Google Maps will almost always give me accurate hours, and will often show when they were last confirmed by the business. In Apple Maps, I still see occasional listings for businesses which permanently closed a decade or more ago. Petroleum companies located on the ninth floor of some skyscraper are still marked as gas stations. These things are not confidence boosting, and it is no surprise to me that business hours are often inaccurate.

Then there are missing features like cycling directions, announced with iOS 14. Three years later, only three cities in Canada have been updated with support — none of them Calgary — which, I suppose, beats Spain where they are only available in Barcelona.

Apple Maps is eleven years old but it does not feel nearly as capable or reliable as Google Maps did at the same age in 2016. I prefer it for directions but, for everything else, it is still catching up.