Written by Nick Heer.

The iPad’s Middle Child Syndrome

Dan Moren, Macworld:

The iPad shouldn’t be a big iPhone and it shouldn’t just become a Mac. So what’s left? The trickiest needle to thread of them all: making the iPad truly its own device. A good start would be to question the assumptions that the tablet inherited from iOS. For example, is a simple screen full of application icons the best use of the device’s most valuable real estate? There’s no reason to be beholden to decisions made for an entirely different device.

Twelve-and-a-bit years since the iPad’s launch seems like as good a time as any to think more about why this product is the way it is today, and where it can go from here. Moren hits on at least a couple of those questions in this piece: why is the widgets experience on the iPad more limited than either the iPhone or the Mac, for example? The question I most want answered is whether the new memory swap system in iPadOS 16 will finally make it more of a multitasking-friendly system. This is something I have been wishing for since I got my first iPad in 2011, and the inability for multiple apps to remain in memory is a significant deterrent for my use.

Would You Like to Buy an Ad?

Earlier this year, the fine people at Rogue Amoeba asked if it would be possible to pay for some sponsored posts on Pixel Envy. How does one say no to Rogue Amoeba? Anyway, you probably saw the results of that ask for the company’s twentieth anniversary.

I want to publicly thank Rogue Amoeba for taking the plunge and working on the specifics with me.

If you want to sponsor the site, I have drafted my standards for how paid posts will be presented. I have zero expectations of how this will go.

And, to my readers: I endeavour to not meaningfully change the tone or purpose of this site. I have no intention of turning this into a mechanism for promoting other stuff, and I am cognizant of the risks of so-called “native” advertising. If things start to get weird, I have no problem with stopping this. Thank you for reading.

Advertising to Bots

Morgan Meaker, Wired:

Advertising didn’t always used to be like this. Augustine Fou, who has been a digital marketer for 25 years, says that in the past decade there’s been an explosion in fake traffic. Fou believes the industry was corrupted around a decade ago, when a series of opaque middlemen entered the scene. “Prior to that, advertisers would buy ads from publishers like The New York Times,” he says. But now it’s typical for brands to approach a digital ad exchange—which facilitates the buying and selling of advertising from different ad networks—to place their adverts on huge numbers of websites and apps. And it is this part of the system that has become vulnerable to bots, claims Fou.

“The exchanges have deliberately looked the other way when there are fraudulent sites and mobile apps that become part of that exchange,” he claims. Google and Facebook are among the companies that run these exchanges alongside other listed US companies such as Pubmatic and Magnite. “The ad exchanges don’t want to solve fraud because fraud generates so much volume,” Fou claims. “And the exchanges essentially make more money when more volume passes through their platforms.” None of the exchanges responded to requests for comment.

App Tracking Transparency and Safari’s anti-tracking protections have undeniably had an effect on advertisers, but I feel like behavioural advertising has bigger concerns than the stuff Apple does — which, by the way, many of these companies have been able to work around. Regulators are increasingly wary of tracking, users do not like their privacy being violated, currency fluctuations are a risk for this U.S.-centric business model, and the industry is rife with fraud. Maybe some of that is a higher priority.

The Climate Impact of ‘Freight Sprawl’

Ximena González, the Sprawl:

Last year, Vanessa Acevedo worked part time as a driver for Amazon. Using her personal vehicle, a 2014 Ford Fiesta, five times per week she drove the 26 km of Stoney Trail (a.k.a. the ring road) between her home in Redstone, in Calgary’s far northeast, and Amazon’s distribution centre, DCG4, in the southeast.

[…]

Occasionally, it would take her up to an hour to arrive at the address to drop off her first delivery. Over the six months she drove for Amazon, Acevedo delivered parcels as far as Chestermere, Airdrie and acreages in the deep south, beyond Calgary’s city limits.

Driving her Fiesta through the sprawling infrastructure that helps satisfy consumer wants in Calgary, Acevedo got to experience what for most Calgarians remains hidden in plain sight.

Some of this is surely an effect of the way cities are designed, especially suburb-heavy cities like Calgary. But it seems more layered than that. The lure of same- or next-day delivery is obvious, but its incentives are more questionable. From safety problems to questions about the climate impact of the transportation system and the goods themselves, it seems worth rethinking.

Fatal Flaws in a Defunct CIA Covert Communications System

Citizen Lab:

Using only a single website, as well as publicly available material such as historical internet scanning results and the Internet Archive’s Wayback Machine, we identified a network of 885 websites and have high confidence that the United States (US) Central Intelligence Agency (CIA) used these sites for covert communication.

The websites included similar Java, JavaScript, Adobe Flash, and CGI artifacts that implemented or apparently loaded covert communications apps. In addition, blocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites. All of these flaws would have facilitated discovery by hostile parties.

I am an idiot and I was able to find several archived websites that appeared to be part of this scheme using only the information disclosed by Citizen Lab. If I could find part of this network, imagine what a more determined adversary would have been able to do. This is a shocking betrayal by the CIA of informants’ trust in its capabilities and security.

Joel Schectman and Bozorgmehr Sharafedin of Reuters published a full investigation based on Citizen Lab’s findings.

Sponsor: Rogue Amoeba’s 20th Anniversary Sale Ends Soon

20 Years of Rogue Amoeba

Rogue Amoeba’s 20th anniversary sale ends very soon! Their next sale probably won’t be for another 5 years, so buy now to save 20%.

Since 2002, Rogue Amoeba has been making amazing audio apps for the Mac. Whether you’re a podcaster, musician, or just someone who listens to audio on their Mac, Rogue Amoeba can make your life better. Whatever your audio needs, it’s a good bet they have a tool to help you. And right now, for a very limited time, you can save 20% off any purchase.

Rogue Amoeba’s product line-up includes:

  • Audio Hijack: Record any audio you hear on your Mac, and so much more.

  • Loopback: Get ridiculously powerful audio routing to pass audio from one application to another, without needing cables or mixers.

  • SoundSource: It’s the sound control that should be built into MacOS, with per-app volume and output control, audio effects on any audio, and fast audio device switching.

There’s also Airfoil (home audio streaming), Farrago (the Mac’s best soundboard app), Fission (fast and lossless audio editing), and Piezo (charmingly simple audio recording).

Free fully-featured trials are available for all these products, right from MacAudio.com. Better still, in celebration of 20 years in business, Rogue Amoeba is offering a very rare sale. If you buy before October, you’ll save 20% off every purchase from Rogue Amoeba.

You don’t need any coupon codes or special URLs, but act fast. Visit MacAudio.com now to save. You’ll be glad you did.

Recently-Launched Instagram Clone Removed From the App Store

Ivan Mehta, TechCrunch:

Last week, a startup called Un1feed launched an Instagram client called The OG App, which promised an ad-free and suggestion-free home feed along with features like creating custom feeds like Twitter lists. The app raked up almost 10,000 downloads in a few days, but Apple removed the app from the App Store for violating its rules earlier this week.

Separately, Un1feed said that Meta disabled all team members’ personal Instagram and Facebook accounts.

Meta didn’t specify if they asked Apple to remove the app from the App Store, but it said that the app breached its rules.

Thereby illustrating the difference between what some users value about Instagram and what Meta values. Users want to view friends’ photos and videos on their own terms; Meta wants them to watch suggested Reels and shop.

Perhaps most interesting is that Un1feed’s founders told TechCrunch earlier this week that an Instagram clone was only the first step, and the company has raised early funding. This may be a sketchy looking reverse-engineered effort, but Un1feed is establishing itself as more legitimate than it may seem at first glance.

Google Is Giving Up on Stadia, Permitting Games to Be Played Until January 18

Phil Harrison, Google’s vice president in charge of Stadia:

A few years ago, we also launched a consumer gaming service, Stadia. And while Stadia’s approach to streaming games for consumers was built on a strong technology foundation, it hasn’t gained the traction with users that we expected so we’ve made the difficult decision to begin winding down our Stadia streaming service.

In early 2020, Insider’s Ben Gilbert spoke with developers about Stadia as Google struggled to get enough traction. They offered a few explanations — a lack of financial incentives and questionable audience size — but Gilbert says a repeated concern was this exact scenario:

“If you could see yourself getting into a long term relationship with Google?” one developer said. “But with Google’s history, I don’t even know if they’re working on Stadia in a year. That wouldn’t be something crazy that Google does. It’s within their track record.”

This concern — that Google might just give up on Stadia at some point and kill the service, as it has done with so many other services over the years — was repeatedly brought up, unprompted, by every person we spoke with for this piece.

Google may have kept it going for a couple of years longer than the quoted developer speculated, but everything else about this rings true.

I feel bad for those working on the products unceremoniously canned by Google — or, indeed, any company. It sucks to see your hard work evaporate. But part of Google’s problem is its perpetual cycle of introducing new products, letting them linger as users and sometimes developers wonder whether they should commit, and then killing them when there is little uptake — see step two in the cycle.

Forty Years of the CD

Daryl Worthington, the Quietus:

Just as much as cassettes or LPs, CD’s have qualities and quirks. And they also have affordances that make them ideal for certain kinds of music. But, despite being 40 years old, and gradually being replaced by downloads and streaming, they don’t seem to trigger the same nostalgia and whimsy.

What a great dive into the unique properties of the CD, and the ways different artists have experimented with what, on its face, seems like a cold and inflexible medium.

Tech YouTubers Are Finding Expanded Batteries in Their Libraries of Samsung Smartphones

Arun Maini, known on YouTube as “Mrwhosetheboss”, has a library of dozens of devices he has tested, from all manufacturers. But he noticed the batteries in his Samsung phones — and only his Samsung phones — were dangerously expanding, sometimes in phones he received less than two years ago. In discussions with other YouTube personalities, he discovered he was not the only one seeing problems with Samsung devices specifically or, at least, disproportionately.

While he is still waiting for results from Samsung’s internal investigation — the company confiscated some of his affected devices — his video on the topic is worth watching.

Alberta Government Caves to Lyft

In August, CBC News reported that Lyft was lobbying the Alberta government to remove commercial license requirements for ride hailing drivers. In comments made today about forthcoming changes to the province’s licensing system, it appears the government partly caved to its demands.

Bill Graveland, of the Canadian Press:

An additional road test will also no longer be mandatory to obtain a Class 4 driver’s licence, which is required to transport passengers in taxis, ride-share vehicles, limousines, small buses and ambulances.

To translate, while a commercial license will still be required, a driver’s skill will no longer be evaluated, though a knowledge test is still required. Disappointing, made doubly so by framing this as mere red tape.

Stage Manager Coming to A12 iPad Pro Models, External Display Support Coming to M1 iPad Pros in a Future Software Update

Matthew Panzarino of TechCrunch interviewed Craig Federighi after WWDC this year, and asked why Stage Manager was limited to M1 iPads:

“It’s only the M1 iPads that combined the high DRAM capacity with very high capacity, high performance NAND that allows our virtual memory swap to be super fast,” Federighi says. “Now that we’re letting you have up to four apps on a panel plus another four — up to eight apps to be instantaneously responsive and have plenty of memory, we just don’t have that ability on the other systems.”

It was not purely the availability of memory that led Apple to limit Stage Manager to M1 iPads though.

“We also view Stage Manager as a total experience that involves external display connectivity. And the IO on the M1 supports connectivity that our previous iPads don’t, it can drive 4K, 5K, 6K displays, it can drive them at scaled resolutions. We can’t do that on other iPads.”

It turns out Apple was able to find some of those capabilities in older iPad Pro models after all.

Nathan Ingraham, Engadget:

That changes with the latest iPadOS 16 developer beta, which was just released. Now, Apple is making Stage Manager work with a number of older devices: it’ll work on the 11-inch iPad Pro (first generation and later) and the 12.9-inch iPad Pro (third generation and later). Specifically, it’ll be available on the 2018 and 2020 models that use the A12X and A12Z chips rather than just the M1. However, there is one notable missing feature for the older iPad Pro models — Stage Manager will only work on the iPad’s build-in display. You won’t be able to extend your display to an external monitor.

Stage Manager has been decoupled from external display support, which will be coming to M1 iPads in a separate software update. In some ways, this more closely mirrors Apple’s history of soft limitations in Macs. For example, recent MacBook Air models — like old iBooks — only officially support a single external display, even though they can drive more.

Unfortunately, Stage Manager has been among the buggiest new features in this year’s round of new operating system versions and it remains troubled in the latest beta.

Update: Steve Troughton-Smith:

What’s really telling to me is that if Stage Manager were taken apart & rebuilt from scratch properly, there is not one aspect of the current version that I would preserve (other than floating windows that can be resized/overlapped). Not one bit of how any of this works is right.

This is just one perspective, but it is worrisome.

NYT: Biden Administration and TikTok May Reach Deal on Continued Operations

The main thing I am left wondering after reading this New York Times story about a forthcoming deal to resolve U.S. national security concerns is whether anything will be enough to satisfy the biggest TikTok hawks. I can already see the complaints of any agreement not being enough, speculation of the existence of a back door, and general distrust of TikTok. I still think a focus on TikTok as a specific point of vulnerability is a distraction from much more pressing privacy and security concerns.

Outdated vs. Complete Apps

Vivian Qu:

And still, I was surprised to receive an App Review message. I hadn’t submitted a new update for WorldAnimals. The app was still working well, with zero crashes and a handful of new downloads every month. My boss had even shown me last week that he had downloaded my app on his phone for his daughter – we played the game together during a work meeting and laughed at the silly animal sounds. In my mind, there was no reason I should be receiving a vaguely threatening message from Apple’s App Review system.

Well, it turns out, Apple’s problem with my app was the fact that I wasn’t updating it.

Via Michael Tsai:

The undocumented “minimum download threshold” seems to be saying that you can buy lots of App Store search ads to be exempt from the requirement to have an updated app — then you’re welcome to inflict it on lots of users.

Users of Apple’s products would probably benefit more from a crackdown on scams and brand name apps that flout App Store rules than removing perfectly fine apps just because they do not get enough monthly downloads or have not been updated in a while.

Live Activity Guidelines

Apple (via Benjamin Mayo):

Avoid using a Live Activity to display ads or promotions. Live Activities help people stay informed about ongoing events and tasks, so it’s important to display only information that’s related to those events and tasks.

Apple once prohibited the use of Push Notifications to deliver ads, but developers abused it anyway. Notification ads are now permitted so long as users are allowed to opt out but, in practice, this rule does not seem to be enforced. Doordash is among the worst abusers of this, pushing ads to users’ devices daily, and sometimes more frequently than that.

A Live Activity would be the perfect way for an app like Doordash to update users’ on a delivery’s progress. Based on the company’s abuse of push notifications, I could not see myself enabling it. The Live Activity format is such a great enhancement to notifications and the iOS experience. It is unfortunate to see Apple shooting itself in the foot by allowing the worst developers’ behaviour instead of holding them to a basic standard of respect.

How Parking Applications Affect Your Privacy

Speaking of parking and privacy, Not My Plate is a way for European citizens to generate GDPR requests for removal from parking networks that rely on automated plate recognition. Researchers devised some ingenious ways of tracking plates and, by extension, vehicles and possibly people. From the whitepaper:

One discovered methodology involved (re-)registering the license plates into parking and toll road applications that start- and stop sessions based on automatic license plate recognition. Out of the 120 license plates monitored, we were able to track down the live location of slightly over 29% of vehicles during a 100-day window (26.5% of which using methodology #1, and additional 2.5% using methodology #2 which was tested on a smaller scale).

Another technique was proven to work in areas without cameras, such as on-street parking in cities and residential neighborhoods. A proof-of-concept stalkerware application was developed to routinely create one-second parking sessions for a multitude of parking zones across the country, intercepting any errors that would indicate the vehicle is already parked there. When used in areas that offer limited free parking time, the scan would only have to run once a day and would not incur any charges for the attacker.

In the U.S. and Canada, vehicle plates are typically assigned to the owner. But in other places, plates are attached to a specific vehicle for its entire life.

Calgary Parking Authority Confirms Data Breach Impacted 12,000 Times More Customers Than It First Admitted

Some local news followup. Joel Dryden, CBC News:

An investigation conducted by the Calgary Parking Authority, the city-operated agency that manages municipal parking services in the city, has revealed that the personal information of 145,895 customers was exposed for at least two months last year.

[…]

The CPA initially said only 12 customers had their data compromised. But on Monday, it confirmed that figure was well over 100,000.

Funny how these estimates almost never get revised downward.

Sponsor: Rogue Amoeba’s 20th Anniversary Sale

20 Years of Rogue Amoeba

Since 2002, Rogue Amoeba has been making amazing audio apps for the Mac. Whether you’re a podcaster, musician, or just someone who listens to audio on their Mac, Rogue Amoeba can make your life better. Whatever your audio needs, it’s a good bet they have a tool to help you. And right now, for a very limited time, you can save 20% off any purchase.

Rogue Amoeba’s product line-up includes:

  • Audio Hijack: Record any audio you hear on your Mac, and so much more.

  • Loopback: Get ridiculously powerful audio routing to pass audio from one application to another,, without needing cables or mixers.

  • SoundSource: It’s the sound control that should be built into MacOS, with per-app volume and output control, audio effects on any audio, and fast audio device switching.

There’s also Airfoil (home audio streaming), Farrago (the Mac’s best soundboard app), Fission (fast and lossless audio editing), and Piezo (charmingly simple audio recording).

Free fully-featured trials are available for all these products, right from MacAudio.com. Better still, in celebration of 20 years in business, Rogue Amoeba is offering a very rare sale. If you buy before October, you’ll save 20% off every purchase from Rogue Amoeba.

You don’t need any coupon codes or special URLs, but act fast. Visit MacAudio.com before the end of September to save. You’ll be glad you did.

Prompt Injection Attacks Against GPT-3

A fascinating series of posts from Simon Willison about attacks with malicious prompts for automated responses based on machine learning — the second and third parts are linked in the sidebar.

Fascinating and troubling to consider this as a parallel to social engineering attacks on real, living people. It is not a stretch to imagine more call centre tasks being offloaded to automated systems — regrettably.1 Agents are trained to avoid divulging information like the customer’s address or partial credit card number, but too heavy reliance on prompt-based tasks might result in an uptick of these kinds of attacks.


  1. The loss of employment for millions is an obvious concern. On the other side of the phone line, there is a satisfaction difference. I have spent the past couple of weeks on the phone with various call centres, and there is a vast gulf in my level of happiness between speaking with a real person and speaking with a robot for even part of it. ↩︎

The Apple Watch Ultra Is a Good Start, but Falls Short in More Intensive Testing

I have read many reviews of the Apple Watch Ultra and seen a few videos, but I do not think anyone gets as close to testing its capabilities as Ray Maker:

Whether or not the Apple Watch Ultra is for you, depends largely on what you plan to use it for. If you had or wanted an Apple Watch, but were held back by battery life, and perhaps button usability – then the Ultra largely solves that. Similarly, if you wanted more advanced running/workout metrics, then WatchOS 9 on the Apple Watch Ultra also solves that too. And, if you never knew you wanted an emergency siren on your wrist for when you fall off an embankment, then the Ultra is for you too (but seriously, that feature is surprisingly well executed).

However, as good as Ultra is for most existing Apple Watch users (or more mainstream prospective users), it falls short when it comes to features that you would need to complete an actual ‘ultra’ – that is, a long distance running race, or trek, or really any adventure in the backcountry. These gaps fall into a couple of different camps. Sure, there’s the bugs like the openwater swim one, or the disappearing compass backtrack one. I’m less concerned about those at the moment. Instead, it’s the navigational feature gaps, and sensor pairing/broadcasting gaps that are more key for Apple.

I am not in the target market for the Apple Watch Ultra; my most backcountry hikes are still within a couple hours’ drive of a decent espresso. But I have a few friends who do more extreme sports and they have expressed similar questions as Maker about its endurance and navigation capabilities. Its marketing may have oversold it somewhat. I look forward to learning more from real-world users about what it is actually like in the most hardcore circumstances.

Team Cymru’s Mass Surveillance Products Are Like the NSA With Even Fewer Warrants

Do you remember having the capacity for shock?

To be fair, it may have been muted by years of relentless news stories exploring an entire industry of privacy invasions. Some of these articles might involve subjects familiar to you; perhaps you were an early worrier about how Facebook apps could harvest data on users’ friends, a capability which the company later found was happening at shocking scale. Unfortunately, most of the general-audience press began paying attention to these concerns after the 2016 U.S. election, when that Facebook scandal was disproportionately blamed for a particularly idiotic presidency. But, at last, mainstream newsrooms did cover these problems, and they brought the budget, sources, and access to uncover some truly horrifying news items, with such regularity that my ability to be shocked has been blunted.

This made my jaw drop.

Joseph Cox, Vice:

Multiple branches of the U.S. military have bought access to a powerful internet monitoring tool that claims to cover over 90 percent of the world’s internet traffic, and which in some cases provides access to people’s email data, browsing history, and other information such as their sensitive internet cookies, according to contracting data and other documents reviewed by Motherboard.

[…]

“The network data includes data from over 550 collection points worldwide, to include collection points in Europe, the Middle East, North/South America, Africa and Asia, and is updated with at least 100 billion new records each day,” a description of the Augury platform in a U.S. government procurement record reviewed by Motherboard reads. It adds that Augury provides access to “petabytes” of current and historical data.

The NSA and GCHQ have, for years, intercepted and ingested data as it flows from server farms through fibre optic cables and across the internet. These programs built upon previous general surveillance efforts like the FBI’s Carnivore software.

These wildly intrusive and untargeted capabilities, once the domain of government intelligence gathering efforts, now appear to be offered to anyone who can afford whatever Team Cymru is charging. Regardless of your opinion of the programs operated by the NSA and GCHQ, at least they had the appearance of formal controls and specific goals. As Cox reports, now that the monitoring is done by a private business, it eliminates the need for pesky roadblocks like warrants.

This is wild, too:

Beyond his day job as CEO of Team Cymru, Rabbi Rob Thomas also sits on the board of the Tor Project, a privacy focused non-profit that maintains the Tor software. That software is what underpins the Tor anonymity network, a collection of thousands of volunteer-run servers that allow anyone to anonymously browse the internet.

I am not sure if the dissidents and drug seekers who rely on Tor should be worried, but I do not know what to make of this conflict. The Tor Project says there is no conflict of interest, though, so I feel silly.

On ‘Good’ Coffee

Jason Diamond, the Melt:

That was always my problem with the rise of the coffee snob. And, again, I’m not saying you, the person with all your gadgets at home to make your perfect French press or espresso on your machine. The real-life versions of Ari Spyros from Billions, the compliance officer obsessed with his office setup is, honestly, goals. I wish that I took that much interest in the coffee I make. But I don’t. I do buy certain beans and I researched my grinder and coffee maker, but the truth is that I live in a city with countless options to just walk outside my door and get a coffee from and the idea is that since they all charge the same price that they should all serve good coffee.

And yet, that’s never the case. This is a very arbitrary assessment, but of the six (yes, six (I do live in Brooklyn, remember) places I could count that are all within eight minutes of my home (I timed these and rounded down to eight, I swear I didn’t just pick a number at random) that serve “specialty” coffee from roasters like Sey or Counter Culture, Partners or Intelligentsia, where the average price of a small coffee is four dollars, I’d say that four of those places just aren’t worth the cost. The coffee just isn’t that good. The two-dollar cup I get at the bodega does the trick.

I have a similar number of “good” coffee places within a short walk of my house. As with Diamond’s experience, only a few of these are actually decent. There are many places which have good beans from roasters I trust, made on all the “right” equipment by people who appear to care — and it just comes out all wrong. The atmosphere is wrong, too: one of the places near me has Edison bulbs and reclaimed wood everywhere, and it feels like it came from a kit; another place is a mix of a coffee shop, coworking space, and retail for clothing and knick-knacks. You do not need to be a snob to recognize that beneath the pastiche of specialty coffee is a seeming lack of care from the top down.

The iPhone 14 Is Easier to Repair

Matthew Panzarino, TechCrunch:

Apple says that all of the iPhone 14 models have a new internal structure that allows for better thermals and heat dissipation. It’s next to impossible to determine if there is any real benefit here in my testing, though I’m sure that a teardown will display whatever architectural changes Apple has made. Whatever has changed, it is significant, because the iPhone 14’s back glass can now be replaced without having to disassemble the phone, something that was not possible before.

Kyle Wiens, iFixit:

The best feature of the iPhone 14 is one that Apple didn’t tell you about. Forget satellite SOS and the larger camera, the headline is this: Apple has completely redesigned the internals of the iPhone 14 to make it easier to repair. It is not at all visible from the outside, but this is a big deal. It’s the most significant design change to the iPhone in a long time. The iPhone 14 Pro and Pro Max models still have the old architecture, so if you’re thinking about buying a new phone, and you want an iPhone that really lasts, you should keep reading.

Rare praise from iFixit for Apple’s assembly choices. It is not all good news; Wiens speculates Apple will require software pairing of the back glass to the phone’s chassis, for some reason. But changes like these and Apple’s self-service repair program go a long way to permit more people to avoid long lines at an Apple Store they may live far away from.

It also means device owners get more say in what parts can be replaced and when. I sure would love to have Apple repair my deeply scratched iPhone 12 Pro display — especially since I have AppleCare Plus — but the company has so far refused because it may reduce the phone’s water resistance. Apple has not launched self-repair in Canada, so I must either be comfortable with components of unknown provenance or delude myself into not seeing the gash in my screen.

Indie Anniversaries

Michael Tsai put together a great collection of notable indie developer anniversaries, including one from Ken Case of the Omni Group:

Speaking of time flying, today marks the 30-year anniversary of the day we started doing business together as “the Omni Group.” We registered the omnigroup.com domain on September 8, 1992 — thirty (30) years ago — back when having an Internet domain had nothing to do with having a website.

And here is one more — Rogue Amoeba is celebrating its twentieth birthday. Paul Kafasis:

20 years ago this month, Rogue Amoeba unveiled Audio Hijack 1.0.0, the very first version of what has become our flagship product. To celebrate that anniversary, we’ve got a great deal to share with you. But first, take a gander at what things looked like way back on September 30, 2002: […]

I am trying to decide whether I prefer the early Aqua stripes in the Audio Hijack screenshot, or the marble-textured Omni logo in Case’s post. Both have their appeal.

There is something very special about using products made by independent developers like these. It is software with personality, driven by a level of care and passion that is understandably lost in larger organizations. When I am having trouble or want to request a feature enhancement, I can send an email from somewhere in the application and receive a response from a real person who has the power to make things happen. Institutional developers have their place, but I feel an level of individual care from the indie software projects I use on a daily basis. Congratulations to the Omni Group, Rogue Amoeba, and the many other indie developers who make the software many of us rely on.

‘The Most Angrily Incoherent First Amendment Decision’

I try to stay away from writing about American laws and policies; there are enough American journalists doing that, and a Canadian’s voice is probably unhelpful. But I carve out an exception for myself when the law is particularly heinous or when it might have an impact outside the country. Today’s legal decision, from Fifth Circuit Court of Appeals Judge Andy Oldham, unfortunately satisfies both criteria.

First, a little history: about a year ago, the Texas House of Representatives voted to pass H.B. 20, a law which would effectively prevent online platforms from moderating users’ posts except as legally required — for example, against CSAM — or for imminent threats of violence. It also required platforms to not geofence Texan users or stop operating in the state. In effect, it is a Texan law that would impact users at least across the U.S., if not the world. In May, after much legal back-and-forth, the Fifth Circuit decided that Texas H.B. 20 was enforceable — even though a similar but less authoritarian law in Florida was ruled mostly unconstitutional — but did not provide a legal rationale for why platforms should be compelled to act as though they are common carriers, even though they are not.

Today, after about four months of waiting, the Court dropped its ruling (PDF) with all the subtlety of Wile E. Coyote pushing an anvil off a cliff.

Mike Masnick, Techdirt:

It is difficult to state how completely disconnected from reality this ruling is, and how dangerously incoherent it is. It effectively says that companies no longer have a 1st Amendment right to their own editorial policies. Under this ruling, any state in the 5th Circuit could, in theory, mandate that news organizations must cover certain politicians or certain other content. It could, in theory, allow a state to mandate that any news organization must publish opinion pieces by politicians. It completely flies in the face of the 1st Amendment’s association rights and the right to editorial discretion.

There’s going to be plenty to say about this ruling, which will go down in the annals of history as a complete embarrassment to the judiciary, but let’s hit the lowest points.

Ken “Popehat” White:

It really is the most angrily incoherent First Amendment decision I think I’ve ever read.

This ruling treats internet platforms — not internet service providers, which it explicitly excludes, but individual websites — as though they are a common carrier, like a phone company. If you are worried about a 4chan-like future for every platform you like today, you are painfully optimistic. 4chan would be exempt from this law because it falls below the monthly user threshold, but a version of its scant rules (safe for work) would be difficult to enforce by Twitter or Facebook or Instagram for fear of lawsuits. A scorned user or the Texas Attorney General could make the case their post was removed or demoted from the website because of that user’s viewpoint. It sounds ridiculous because it is.

This seems like the kind of law that, barring action from the U.S. Supreme Court, will fundamentally change the way the internet works for the worse.

Update: More from Masnick on September 23:

Anyway, it’s possible this means that Wikipedia can no longer stop people from adding more and more content (true or not) to Judge Andy Oldham’s profile, because having users take it down would potentially violate the law (but don’t do that: vandalizing Wikipedia is always bad, even if you’re trying to make a point).

The entire law is based on the idea that all moderation takes place by the company itself, and not by users.

Masnick also sees potential issues with Reddit and the job board Indeed.

The Follower

Dries Depoorter:

How does this work?

  • Recorded a selection of open cameras for weeks.

  • Scraped all Instagram photos tagged with the locations of the open cameras.

  • Software compares the Instagram with the recorded footage.

Smart surveillance art. The video of this project was removed from YouTube because of a nonsense copyright claim by EarthCam, even though Depoorter’s work is derivative and clearly of artistic merit.

The discussion on Twitter is unfortunately focused on the risks that Depoorter’s work would somehow be duplicated by governments or is more intrusive than the existing surveillance state. I disagree. It sure seems creepier than its elements suggest. The webcams are all public and in public places, and the Instagram photos are all public and location tagged. Tying these things together is a good illustration of how individual pieces of data are irrelevant, but collectively powerful.

Like Kyle McDonald reflected on the ten-year anniversary of his “People Staring at Computers” project, I think the time for shocking people with privacy-violations-as-art is drawing to a close. Merely showing the invasions we are routinely subjected to is no longer enough. It must be framed more carefully and respectfully. I think Depoorter’s work generally considers these factors, but I wish there were another layer to explore.

Because Design Professionals Need Fewer Software Choices and Less Competition, Adobe Will Acquire Figma

Adobe:

Today, Adobe announced it has entered into a definitive merger agreement to acquire Figma, a leading web-first collaborative design platform, for approximately $20 billion in cash and stock. The combination of Adobe and Figma will usher in a new era of collaborative creativity.

Why am I reminded of Adobe’s 2005 acquisition of Macromedia? In the decade after, Adobe shored up its dominance in the creative software industry. There have been some apparent benefits, like a more comprehensive and integrated suite, but I question whether a company is required to become a monolith to achieve that.

Enter Figma. I do not love the software; I much prefer a fully native Mac app like Sketch to Figma’s slower and multitasking-unfriendly web app. But everyone has different preferences and I get its appeal, especially since it is cross-platform. Its growth created real competition to Adobe’s products for the first time in a while because it is focused on vector editing tools for digital applications. Web and application designers loved it. It was certainly a better option than trying to design user interfaces in Photoshop or Illustrator, and it pushed Adobe to try to compete by building XD.

That was a good thing, too. If you just look at feature checklists, you could argue Adobe still innovated in its post-Macromedia years. But most any user of the company’s products can tell you the reality: Adobe Creative Cloud is a suite of bug-infested, unreliable, bloated, and slow software that makes being a designer uniquely frustrating, and it is downright embarrassing how few choices we have for tools in this industry. While I have already mentioned most of the big vector editor and UI builder choices, there are a couple of non-Adobe options for raster editing, like Acorn and Pixelmator; Affinity makes a comprehensive suite of tools, too.

This industry still, by and large, relies on Adobe’s products. Now that it has eliminated a distracting competitor, it can get back to doing what it is best at: making its customers’ jobs harder through less dependable software.

What Is in a Name?

The headline of Alison Johnson’s otherwise informative review of the iPhone 14, for the Verge, caught my eye this morning:

Apple iPhone 14 review: meet the iPhone 13S

Johnson nearly repeated that line in the video version of the review, asking why Apple would even “call it a 14 when you could just call it a 13S?”

This sentence illustrates a marketing and branding conundrum Apple faced since the third-ever iPhone: how does it communicate a new iPhone where everything except its physical design has been upgraded? Apple’s solution was to add an “S” suffix, resulting in the iPhone 3GS, and beginning a pattern that would carry it through 2017. The iPhone model of one year, sporting a new industrial design and usually modest technical updates, would be followed by an iPhone the next year sporting significant changes to its SoC and camera, and maybe a handful of other goodies. The iPhone 5S was the first with TouchID; the iPhone 6S was the first with 3D Touch, may it rest in peace; the iPhone XS was the first iPhone — though certainly not the first phone — to feature dual SIM support.

But the S-model phones have always received a pretty lukewarm reception by the tech press, perhaps because their updates are solely about what is inside the phone. There is little to nothing for a reviewer to write about how the phone looks or feels; it looks and feels the same. It also has the same name but for the suffix which can make it seem like a more subtle update than it really is.

Apple knew this ever since it began that naming scheme, but stuck with it. After a brief flirtation with dropping its use in the iPhone 8, the iPhone XS was the last of the S-model flagship phones. Apple simply increments the number for each successive model, and puts on any number of its new favourite descriptors — “Plus”, “Pro”, “Max” — to describe its size and class.

The reason I wanted to write about this is because the iPhone 14 does not follow this pattern at all. Its branding is actually quite strange. Like an S-model, it lacks a new industrial design; unlike an S-model, it also lacks the technical upgrades that line was known for. As Johnson writes in her review, it carries basically the same SoC, the same display, and most of the same internals. Its camera upgrades are more substantial for a non-Pro iPhone model but, like the iPhone 13, are really hand-me-downs from the previous year’s Pro line. The biggest changes are the edge-case technologies it shares with the iPhone 14 Pro and newest Apple Watch models: car crash detection and emergency satellite connectivity. Are those things worthy of the “S” nomenclature?

The whole iPhone lineup clearly has more delineation now than it used to. Where Apple once sold a flagship model — and later in two different sizes — and then those from the two previous years at lower price points, it has since added to that at the bottom end with the iPhone SE and at the top end with the Pro line. That means the plain “iPhone” released every year is not packed full of the latest ideas and technology. Some of those things — increasingly more of those things — are only done on the Pro line.

All of this is to say that the iPhone line has become a little more complicated and Apple’s strategy is less straightforward than it used to be. When the iPhone 12 and 12 Pro brought back the slab-sided industrial design language last seen on the iPhone 5S, they were common in every way except their material and camera system — and, even then, only the Pro Max actually received notably different cameras. The 13 and 13 Pro mostly carried that physical design but updated the internals — more like an S-year iPhone. This year’s models are not like that at all. They are both named “iPhone 14”, but are radically different from each other. Their displays are different, their camera systems are different, their SoCs are different, and the enhancements to each are very different. Neither set of phones really fits into the historic mould of either an S-model or an all-new product number. You could make a case for the cutout display of the Pro to be either of those things, I think, but the regular iPhone 14 is just a new iPhone.

That is totally okay with me. This is not a “good” or “bad” thing; it is barely even newsworthy. But these branding choices and the way Apple positions its iPhone lineup are a curiosity. Apple is often very deliberate in the way it names stuff, often choosing to give something an Apple-y name to call specific attention to it. The cutout display of the iPhone 14 Pro is called the “Dynamic Island” because it is part of the phone’s user interface. Apple can sometimes stray into innovation speak that disguises rather than illuminates a choice it made. You could make a case for that with the iPhone 14 which, on paper, has fewer differences from its predecessor than it has similarities. I do not think this is bad, per se; most people do not get a new phone every year, and that is likely even more true for those shopping the non-Pro line.

What is in a name? The iPhone 14 is not a radically new device on the outside, and it is not that different on the inside either. The iPhone 14 Pro is more obviously differentiated from its predecessor. Neither one advertises its newness as loudly as new number iPhones were several years ago, nor as quietly radical as the S-year products were. Apple has simplified its naming, but the iPhone lineup is more complicated than ever in its details.

What3Words Is a Mess

The promise of What3Words is appealing. Sometimes, you need to reference a location, but you might not know the address or it may not have one. GPS coordinates are precise, but long strings of numbers are cumbersome to read aloud. Would it not be great if you could just read three English-language words to someone, like an emergency operator? I thought so.

But I stumbled across this amazing catalogue of how What3Words is insufficient for emergency use. This comes by way of a Twitter thread where the queue to see Queen Elizabeth’s coffin has apparently stretched as far away as North Carolina and California.

The website documents the kind of problems which, in hindsight, are pretty obvious for a location service built around English-language words. There are homophones that point to wildly different locations — a big problem if you are reading a location over a phone or radio. There are issues with text-based modes, too, like a subtle spelling change in a text message, perhaps a result of an automatic correction, pointing emergency services to a different place. Plurals are a problem in either application.

Google Pays ‘Enormous’ Sums to Maintain Its Search Engine Dominance

Leah Nylen, Bloomberg:

DOJ attorney Kenneth Dintzer didn’t disclose how much Google spends to be the default search engine on most browsers and all US mobile phones, but described the payments as “enormous numbers.” 

“Google invests billions in defaults, knowing people won’t change them,” Dintzer told Judge Amit Mehta during a hearing in Washington that marked the first major face-off in the case and drew top DOJ antitrust officials and Nebraska’s attorney general among the spectators. “They are buying default exclusivity because defaults matter a lot.”

Google is rumoured to pay Apple $15 billion per year to be the default search engine across its devices, including in Siri, representing over thirty percent of the profit Apple books as “Services”. I am not one to doubt Google’s research — it must get a decent return to keep paying that sum — but, anecdotally, even though I switched my browsers to use DuckDuckGo, I still find myself using Google for at least a third of my web searches. No matter how the quality of Google’s results seems to have declined, I find its results are often more relevant, closer to the source, and more complete than those from DuckDuckGo.

Nylen on Twitter:

The other one: you may recall how in 2012 Apple (infamously) changed the default on its map from Google Maps to Apple Maps. There was resulting outrage, Apple CEO Tim Cook apologized etc. but Apple never changed it back.

DOJ said that the majority of iPhone users may have grumbled but didn’t switch their map default back to Google.

Fast forward to 2016, Google did an internal analysis: if Apple were to switch away from Google as the default search engine on iPhone, how much revenue would that cost Google? According to DOJ, a significant amount (presented to the judge but redacted for the rest of us)

I am just guessing here, but one reason users may not have switched their iPhone’s default maps app to Google is because they cannot — as in, it is not possible to force all location and wayfinding behaviours to use Google Maps instead of Apple Maps. If given the option, I imagine many users would prefer Google Maps. Apple began allowing users to change their default web browser and email app with iOS 14 in 2020; two years later, Apple has not extended that capability to new categories of apps.

Again, I am sure Google has done the research and found its search engine would find declining use from the apparently valuable iPhone demographic. Still, I have to imagine the internet would be littered with tutorials for changing Safari’s search engine back to Google if Apple severed its agreement and made Yahoo or Bing the default. This case is interesting because Google really does seem to maintain dominance through exclusivity agreements like these, but it is also still the best general knowledge search engine for most people.

Apple Releases iOS 16

Apple is, I think, rightly proud of the new Lock Screen options, which is a little funny because the best part of this update is how much it permits users to customize for themselves.

Federico Viticci in his usual longform review:

To be fair, we’ve always been able to customize the Lock Screen, even in the very early days of the iPhone and iPhone OS 1.0.

The customization we have in iOS 16 includes wallpapers – and in fact goes above and beyond anything Apple ever offered for wallpapers on iOS – but that’s only one component of a larger system. A good way to think about it is the following: customizing the Lock Screen is now very similar to customizing your watch face on the Apple Watch.

Apple insists on calling different Lock Screen variants a “Wallpaper Pair”. If you add a widget to your current Lock Screen, it will ask whether you want to “set [it] as a Wallpaper Pair”, which never feels normal no matter how often I have seen it the past few months.

Speaking of widgets, there are some baffling limitations. The widget row below the clock can best be thought of as four cells, and widgets for it can be one or two cells wide. But a widget two cells wide must live in the first two cells; a user cannot place a one-cell widget to the left of a two-cell widget.

That said, this is a phenomenal update. My iPhone feels more like my own iPhone, not just any one of a billion. I can finally launch the camera app I actually use from the Lock Screen. There are many smaller changes in iOS 16 that are worth this update — and many that I find questionable, like the new scrubber bars, and the many widths of Lock Screen elements — but these customization options are an impressive achievement. They allow more individual personality without losing a sense of iOS-iness.

At Code, TikTok Unites Primarily American Tech Factions Against It

Ina Fried, Axios:

While TikTok had no official presence at the Code Conference, the Chinese-owned firm was the talk of the annual gathering of tech world notables this week — serving as the foil of choice for a parade of tech executives, pundits and even some government officials.

[…]

[Scott] Galloway, who took every chance to call out the dangers of TikTok, was the sharpest critic in calling for it to be banned, but others were happy to join in.

Galloway repeated that demand on “Real Time with Bill Maher”. In fairness to Galloway, his disagreement with TikTok’s practices is not unique. He has repeatedly treated Facebook with disdain and dislikes surveillance advertising. But his claims about the control impressed by TikTok is on another level.

Taylor Lorenz on Twitter [sic]:

“Tiktok is flooding our children with Chinese propaganda all day” mf have u been on tiktok like once ever please stop. And before ppl come and twist my words, I’m not saying tiktok is “good” just that there’s no evidence of what he’s constantly alleging

Karl Bode, Techdirt:

As we’ve noted several times, you could ban TikTok tomorrow with a giant patriotic hammer and the Chinese government could nab all the same U.S. consumer data from just an absolute parade of companies and dodgy data brokers. And they can do that because U.S. privacy and security standards have been a trash fire for decades, especially when it comes to things like sensitive user location data.

And they’ve been a trash fire for decades because most of the same folks crying about TikTok prioritized making money over consumer privacy standards. None of these folks, nor the operators of conferences like Code, seem particularly keyed in to any of this.

I am certain some people are truly concerned about an internet where an autocratic state has an increased presence. I get it. I do not think everyone with these worries is xenophobic. I also do not believe an American-dominated internet is a universally acceptable variant. But it is the status quo, and a lot of the world’s private data is held by U.S. companies with few regulations and little oversight.

It would be worrisome for TikTok fears to be used as an excuse against U.S. privacy regulations on competition grounds. Unfortunately, that is the case being made by advocacy firms working on behalf of big American technology companies.

Instagram Users Are Avoiding Reels

Salvador Rodriguez, Meghan Bobrowsky, and Jeff Horwitz, Wall Street Journal:

Instagram users cumulatively are spending 17.6 million hours a day watching Reels, less than one-tenth of the 197.8 million hours TikTok users spend each day on that platform, according to a document reviewed by The Wall Street Journal that summarizes internal Meta research.

The document, titled “Creators x Reels State of the Union 2022,” was published internally in August. It said that Reels engagement had been falling — down 13.6% over the previous four weeks — and that “most Reels users have no engagement whatsoever.”

This is particularly impressive as Reels are being pushed into all parts of Instagram, making them almost impossible to ignore. Brutal.

Meta is a scatter-brained company. Its few near-term ideas are alienating users, and the long-term prospects of its virtual reality projects are not compelling. Maybe I am wrong. Maybe Instagram simply looks like it is frantically chasing TikTok’s clout, and its parent company actually has really great plans for a virtual world which even the most Facebook averse person will want to explore. Maybe what looks like its blunder years will actually prove to be a decade of growth and reinvention.

Or maybe all of this is just as it seems: Meta’s best products are the things it can easily duplicate or acquire, and the well is dry.

Wikipedia’s Secret Sauce

Dan Lewis, Now I Know:

A few minutes after my son made this observation, I noticed this thread on Twitter (from the fantastic “Depths of Wikipedia” account) that also marveled about how quickly Wikipedia’s editors updated the page. But unlike my son, the author of that thread also detailed how it happened. It’s a really interesting read in its own right, and you should probably spend a few minutes going through it. But I want to point out one thing she said, because it resonated with me: “A six-membered task force called WikiProject London Bridge cropped up to maintain the following articles. [A] reminder that everyone is doing this for free. They just think it’s fun and important.”

“They just think it’s fun and important.”

This “secret sauce”, as Lewis puts it, is Wikipedia’s blessing and curse. There are the half-dozen significant contributors who volunteered to make all these changes as quickly as possible because they just decided to. But the editors on Wikipedia do not reflect a generalized and fulsome view of the world. Its articles about computer science and mathematics are comprehensive, but articles about Indigenous communities in Canada, for example, are often not. Wikipedia is the sum of the biases of its user base. As impressive as it is for so many pages to be updated so quickly following Queen Elizabeth’s death — and it is very impressive — is is also reflective of editors’ interests and geography.

Queen Elizabeth’s Death

Elamin Abdelmahmoud, Buzzfeed News:

But what the sarcastic posters miss is mourners’ heartfelt connection to a figure who has managed to remain relevant and central to public life for seven decades. The Queen was a continuously visible figure during many major world events, and people’s relationship to her was personal. She transcended the royal family and even transcended the monarchy itselfshe became the fixation. It’s why, perhaps, she was more popular than ever this year, even as the institution was in turmoil. The rifts in the family have become the primary story of the royals, especially in the wake of Prince Harry and Meghan, Duchess of Sussex, publicly breaking from the monarchy. The Queen was the last vestige of royal stability, and the future of the firm now seems unknown.

This rather terrific piece of writing is the closest representation I have found for my own feelings.

Modular Smartphone Dreams and Practical Compromises

Brian X. Chen, New York Times:

What would a smartphone look like if it could last for 10 years?

It’s a question that most of us have not had the luxury of pondering. That’s because many smartphones are designed to be replaced every two or three years. And Apple, Samsung and other handset makers unveil new models — along with big marketing campaigns — each year, encouraging us to upgrade.

It has become something of a September tradition for Chen to publish an article, tied to the launch of new iPhones, questioning whether people should really buy the latest smartphone models. “You can always just use flash”, the “most incremental update ever”, and so on.

But this seems like a genuinely good question worth pondering — what if smartphones were designed in a more modular fashion?

If a smartphone were designed to last a decade, it would probably be made so that we could simply open it up to replace a part like a depleted battery or a cracked screen. Many of its components would be able to be upgraded — if you wanted a better camera, you could just swap out the old one for a newer, more powerful one. You could also download software updates from the phone’s maker indefinitely.

Chen acknowledges smartphone makers get partway to this imagined decade lifespan by providing software updates for several years — five, in the case of an iPhone. But he was not impressed by how difficult he found his iPhone self-repair process:

When I took the Apple device apart during a previous test, it involved removing the proprietary screws with a special screwdriver and melting the glue that held the case together. To remove the battery, I had to use tweezers to yank on the tiny strips of glue underneath it. Even though I eventually succeeded in replacing the battery, I broke the iPhone’s screen in the process — and a replacement display cost about $300.

What Chen does not say here is that he broke the display because he did not follow the repair instructions by failing to remove screws securing the display to the case. His complaint about the adhesive on the edges of the display also rings hollow because it creates a seal against water and dust, rated to IP-68.

For contrast, Chen holds up the Fairphone 4, which comes with a screwdriver to encourage self-repair. The Fairphone company also sells spare parts. This is where the article begins to fall apart.

Remember how Chen fantasized about a way to upgrade just the camera module, for example, to a newer and better component without having to change the entire phone? Even the Fairphone does not support such an arrangement. A rear camera assembly for the Fairphone 4 is incompatible with the company’s previous three models. It is the same story for the front-facing camera, display, and all the rest of the parts the company sells.

Fairphone did release an updated Fairphone 2 camera module permitting owners of that device to get a better camera without changing their entire device. But that was shipped less than two years after the Fairphone 2’s release and I cannot find a more recent example of the company doing something similar.

That makes sense. Technology products are increasingly designed as singular units instead of collections of discrete components. Apple has arguably been a trendsetter, but most others have followed. And I am not a knee-jerk defender of this practice; I like my AirPods but I think it is ridiculous to trash perfectly good speakers and audio components because the battery no longer holds a charge. I care about this stuff too.

But the idea of making a shell into which a mix-and-match arrangement of components can be placed is a throwback to an era of tower PCs and driver incompatibilities. The apparent delight of this modular fantasy is belied by the multiple failed attempts at making it reality: remember Phonebloks, Project Ara, the Essential, and Moto Mods?

I would not go so far as to predict there will never be a successful modular phone. But there are real compromises to that approach. Remember how the gasket on Chen’s iPhone 12 was rated to IP-68, which means it can be fullly immersion in water? The Fairphone 4 is only rated to IP-54, allowing it to be splashed by water but not immersed in it. The easier repairability of the Fairphone seems to come at a cost to durability. I think that is a fine trade-off to make, but I do not think it is fair to directly compare the repair experience for each without mentioning this compromise. These measures seemingly necessary for waterproofing are not evidence of a deliberate effort to create products that, in Chen’s words, “become harder to repair and adding features that hasten obsolescence”.

I do not think Chen truly answered the kinds of questions he posed at the beginning of this Times story. What if smartphones lasted a decade? What if, indeed. I think most of us would love if we could just swap out the parts that failed, get ourselves a better camera every year without changing anything else, and hang onto the same well-weathered shell for ten full years. But it is worth pondering why this has not yet been done with a meaningful level of success, and I do not think it can be blamed solely on capitalist incentives.

The Steve Jobs Archive

Alex Heath, in the Verge’s liveblog coverage of Code yesterday, where Tim Cook, Laurene Powell Jobs, and Jony Ive were interviewed by Kara Swisher:

Here is some news: Laurene says that they’ve been working with an archivist to establish the Steve Jobs Archive, a collection of artifacts about him. Says it’s “really rooted in ideas” and human-centered design.

Laurene says a “very brilliant,” unnamed documentarian has been interviewing hundreds of people who knew Steve for what sounds like a documentary that is coming out.

John Voorhees, MacStories:

The simple, chronologically organized website features quotes and other materials from Jobs’ life, including some that have never been published before. There are written materials, like an email message Jobs sent to himself reflecting on his respect for humanity, along with audio and video clips.

On the website, an email from Jobs to himself:

I did not invent the transistor, the microprocessor, object oriented programming, or most of the technology I work with.

I love and admire my species, living and dead, and am totally dependent on them for my life and well being.

It appears Ive’s LoveFrom agency is working with the Jobs family on this archive. The serif typeface used for the logo and some of the body text is “LoveFromSJA”.

You Can Get an OLED iPhone for $600

Juli Clover, MacRumors:

With the launch of the iPhone 14 and iPhone 14 Pro, Apple has discontinued some older iPhones that were available as low-cost options. Apple is no longer selling the iPhone 11, and the iPhone 12 mini has also been discontinued. The iPhone 13 mini remains in the lineup for those who want a smaller iPhone.

For people who do not demand the latest and greatest, this may be the best news from today’s announcements. The iPhone 12 is just $600, and so is the iPhone 13 Mini. The Mini is an even better deal than you might think because it includes 128 GB of storage at that price compared to the iPhone 12’s 64 GB.

If you are hoping for the next iPhone SE to be a Mini-sized iPhone, the relatively modest $120 price difference between a 128 GB third-generation iPhone SE and equivalent-capacity iPhone 13 Mini makes that idea more credible. But I still think it is more likely the next iPhone SE is, more-or-less, an iPhone 11.

Second-Generation AirPods Pro

Certainly not the biggest announcement today next to the flagship products, but the second-generation AirPods Pro do look like a solid update. Contrary to rumours, it does not appear they will support lossless playback, though perhaps the new H2 chip is hiding some secrets to be revealed later.

The headphones also do not have replaceable batteries. I get it, but it is still a bummer that a $250 set of headphones has a more-or-less fixed lifespan based on its most consumable component.

Apple’s Dynamic Island

Amanda Silberling, TechCrunch:

That awkward cutout is a still-awkward, pill-shaped cut-out at the top of the iPhone 14 Pro screen. But now, the notch actually serves a dual purpose. In this new design, Apple dubs the cut-out/notch a “dynamic island.”

As Gavin Nelson says, this is a great example of working with a constraint rather than ignoring it. It is a smart, effective way to use the area around and between the cutouts.

Interestingly, until just before WWDC, the Human Interface Guidelines read:

Don’t mask or call special attention to key display features. Don’t attempt to hide a device’s rounded corners, sensor housing, or indicator for accessing the Home screen by placing black bars at the top and bottom of the screen. Don’t use visual adornments like brackets, bezels, shapes, or instructional text to call special attention to these areas, either.

Apple’s advice to developers was to, in effect, simply ignore the notch and pretend it does not exist. But then WWDC this year brought a brand new HIG and, while we were all distracted by its redesign, Apple subtly updated its layout guidance to remove restrictions on how to deal with sensor housings. Now, Apple simply advises designers and developers to “[r]espect key display and system features in each platform” by following its recommended safe areas.

Most Pantone Libraries Are Being Removed from Adobe Creative Cloud Apps

Adobe last month:

Standardized pre-loaded Color libraries, also known as Pantone Color books, will be phased out of Illustrator, InDesign, and Photoshop in software updates released after August 16, 2022.

After November 2022, the only Pantone Color books that will remain are:

  • Pantone + CYMK Coated

  • Pantone + CYMK Uncoated

  • Pantone + Metallic Coated

This change was supposed to happen in March, but I only saw the notice when I opened Illustrator today. Existing files will apparently be unaffected unless spot channels are used. Designers who rely on Pantone will be required to purchase a separate license at $60 per year. No word on whether Adobe will drop its subscriptions by an equivalent amount to compensate.

A classy move, completely in character for both companies, to reach into users’ machines and remove stuff they had paid for and may rely on because of some licensing spat.

Cloudflare Denies Business to Organized Griefing and Targeted Harrassment Website Kiwi Farms

The topics of this story unfortunately but necessarily include targeted harassment and suicide.

Ben Collins and Kat Tenbarge, reporting for NBC News on Friday this week:

Kiwi Farms is an internet message board known for being an epicenter of vicious, anti-trans harassment campaigns. It has operated for nearly a decade with the backing of some tech companies that refuse to drop services for it. But now, as the site’s users launch a wave of anti-trans attacks, a trans Twitch streamer targeted by Kiwi Farms is spearheading an unprecedented campaign to take down the fringe website.

Clara Sorrenti and those supporting her are hoping to open up Kiwi Farms to debilitating virtual attacks by demanding Cloudflare, one of its internet security service vendors, drop the site. Cloudflare has so far refused to budge.

Matthew Prince and Alissa Starzak of Cloudflare on Wednesday:

Some argue that we should terminate these services to content we find reprehensible so that others can launch attacks to knock it offline. That is the equivalent argument in the physical world that the fire department shouldn’t respond to fires in the homes of people who do not possess sufficient moral character. Both in the physical world and online, that is a dangerous precedent, and one that is over the long term most likely to disproportionately harm vulnerable and marginalized communities.

Today, more than 20 percent of the web uses Cloudflare’s security services. When considering our policies we need to be mindful of the impact we have and precedent we set for the Internet as a whole. Terminating security services for content that our team personally feels is disgusting and immoral would be the popular choice. But, in the long term, such choices make it more difficult to protect content that supports oppressed and marginalized voices against attacks.

Alex Stamos in a Twitter thread posted early Saturday critical of Cloudflare’s stance:

Cloudflare is not just a shield standing in front of KF, stopping attacks. Cloudflare reaches out to the KF origin host, likely* at a RU bulletproof hosting provider, and makes thousands of copies of the site that are then stored physically (in RAM) very close to end users.

*Another benefit Cloudflare provides KF is anonymization of the origin host, so while the blog post talks about hosting as the appropriate place to enforce more aggressive content moderation the practical impact is that CF makes hosting in non-responsive providers practical.

Prince announced the discontinuation of Cloudflare’s provision of security services to Kiwi Farms later on Saturday:

This is an extraordinary decision for us to make and, given Cloudflare’s role as an Internet infrastructure provider, a dangerous one that we are not comfortable with. However, the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before.

It is unclear to me what threats, specifically, prompted Cloudflare to reverse its de facto support of Kiwi Farms’ worldwide availability. As usual for forums, there are many discussion areas, but its user base has long treated it as a platform for organizing targeted attacks, often focusing on marginalized and vulnerable people. Campaigns on the website have been a factor in the suicides of three people.

I do not understand why Cloudflare is making this out to be more complicated than it actually is. The question has always been pretty simple: does Cloudflare want to have a business relationship with Kiwi Farms? That is it. It is not a slippery slope. The demands for Cloudflare to act are not coming from a government; it is a public campaign focusing on those most affected by large-scale harassment organized on Kiwi Farms. But Prince is spinning this into a debate about free speech and whether it is right for the company to be making a decision about what to defend online.

The idea that Cloudflare is being the good guy and taking the heat of DDoS attacks against legitimate if abhorrent speech is, frankly, hogwash. The justification Prince laid out in the Wednesday Cloudflare post is, I think, an elaborate framework that disguises simpler questions.

Cloudflare should absolutely be standing up for oppressed people the world over — and it frequently does. If a civil rights activist is relying on its services for preventing an attack by those in greater positions of power, I celebrate Cloudflare’s efforts. But Kiwi Farms is objectively not that. It is a small but committed gathering of people who are dedicated to making the lives worse of already marginalized people. That Prince would rather people discuss their differences rather than DDoS websites like Kiwi Farms is a red herring — and, frankly, an offensive one at that. Without Cloudflare’s protection, Kiwi Farms may become more susceptible to electronic attacks, though there are several service providers Kiwi Farms could choose from. With Cloudflare’s protection, Kiwi Farms’ targets face real-life targeted attacks on their person.

It is painfully difficult to keep anything truly disconnected from the internet. Even if every commercial hosting provider has denied someone service, they could still build their own server and be their own host. Cloudflare’s decision does not mean the end of Kiwi Farms just as — as Prince points out — hate sites like the Daily Stormer and 8kun still exist after Cloudflare’s discontinuation of service to each of them. But there is no reason to legitimize these sites by treating a business relationship as a civil rights issue. Maybe you think the continued availability of these websites really is an issue of free speech; I disagree, but I see where that argument comes from. But Cloudflare does not have to help these websites succeed. Nobody has that obligation.

Moderation Standards on Google Play and Apple’s App Store

Helen Costner, Reuters:

Former U.S. President Donald Trump’s social media platform Truth Social has not yet been approved for distribution on Alphabet Inc’s Google Play Store due to insufficient content moderation, according to a Google spokesperson on Tuesday.

Sara Fischer, Axios:

A year and a half after it was removed from Google’s Play Store, Parler, a Twitter alternative that attracts conservatives, has returned to the showcase for Android apps.

[…]

The app is being reinstated in response to a slew of measures Parler has taken to moderate the content on its app, including allowing users to block and report other users and actively monitoring content for things like violent speech.

Truth Social has been available on the App Store in the U.S. since at least February which, according to the version history log, was its first release. It is not available in any other country. As Fischer reports, Apple removed Parler following the insurrection on January 6 2021, but it was allowed to return to the store in April the same year. It is curious to me that both of these apps have faced a harder time getting into Google’s marketplace than Apple’s, given the reputation of both companies. I doubt Google is really holding these apps to a higher standard; its policies for social networks are similar to Apple’s.

Portrait Mode Past, Present, and Foreground

Nate Pfeiffer:

On the iPhone 8 Plus, bokeh took on a dull appearance, with softer edges and a uniform shape across the frame. The effect was pleasing yet unconvincing. (To be clear, Portrait mode has always performed a blur effect much more complex than a simple gaussian blur since the beginning, contrary to popular belief.) The iPhone 13 Pro comes out swinging with bright and sharp bokeh, even distorting its shape near the frame’s edges in a realistic manner. Simulating bokeh in this complex manner on a smartphone, nearly in real-time, is incomprehensible to me. Once iOS 16’s public beta was unleashed upon my device, the new foreground blur left me floored. Portrait mode finally runs what I’d consider a full simulation of photographic depth of field, where it felt incomplete before.

Portrait Mode has come a long way since its first iterations. The earliest photos from my iPhone X look more like a simplistic separation of a foreground object and a blurrier background; Portrait photos taken on my iPhone 12 are far more convincing, to the point where I use Portrait Mode more often than I ever used to. My eyes may be screwing with me, but it even appears to handle the glow from backlit elements in a natural way.

That said, I still have not found Portrait Lighting very useful. It does not seem to have benefitted nearly as much from the significant investments in Portrait Mode.

An Investigation of Fog Data Science, Which Provides Device Locating Services to U.S. Police

Bennett Cyphers, Electronic Frontier Foundation:

The company, Fog Data Science, has claimed in marketing materials that it has “billions” of data points about “over 250 million” devices and that its data can be used to learn about where its subjects work, live, and associate. Fog sells access to this data via a web application, called Fog Reveal, that lets customers point and click to access detailed histories of regular people’s lives. This panoptic surveillance apparatus is offered to state highway patrols, local police departments, and county sheriffs across the country for less than $10,000 per year.

The records received by EFF indicate that Fog has past or ongoing contractual relationships with at least 18 local, state, and federal law enforcement clients; several other agencies took advantage of free trials of Fog’s service. EFF learned about Fog after filing more than 100 public records requests over several months for documents pertaining to government relationships with location data brokers. EFF also shared these records with The Associated Press.

Cyphers found several connections between Fog Data Science and a data broker called Venntel. While Fog Data focuses on smaller police departments, Venntel works mostly with national agencies and, according to Cypher’s reporting, also provides data to other law enforcement-connected location companies like Babel Street and X-Mode. Venntel is well-connected in Washington. The Department of Homeland Security is a current user of its software; in the past, it has also held contracts with the FBI, DEA, ICE, and IRS, according to a search of USAspending.gov.

Cyphers:

Together, the “area search” and the “device search” functions allow surveillance that is both broad and specific. An area search can be used to gather device IDs for everyone in an area, and device searches can be used to learn where those people live and work. As a result, using Fog Reveal, police can execute searches that are functionally equivalent to the geofence warrants that are commonly served to Google.

The EFF says Fog Reveal will display a proprietary hash of the advertiser ID for devices within a geofence instead of the actual ID. But that may not be the case for all users.

Will Greenberg, EFF:

Federal users have access to an interface for converting between Fog’s internal device IDs (“FOG IDs”) and the device’s actual Advertiser ID:

This is eyebrow raising for a couple reasons. First, if this feature is operational, it would contradict assurances made in a sample State search warrant Fog sends to customers that FOG IDs can’t be converted back into Advertiser IDs. Second, if users could retrieve the Advertiser IDs of all devices in a query’s results, it would make Reveal far more capable of unmasking the identities of those device’s owners. This is due to the fact that if you have access to a device, you can read its Advertiser ID, and thus law enforcement would be able to verify if a specific person’s device was part of a query’s results.

To be clear, the EFF does not know if this extra level of federal functionality is available to end users. The U.S. Marshals had a two-year contract with Fog Data, which ended in 2020. It is the only national-level contract the EFF could find, and there is no evidence the Marshals or any Fog Data customer has access to unhashed advertiser IDs.

Even so, the presence of this functionality is worrisome. Last year, Joseph Cox of Vice explained how “identity resolution” companies like BIGDBM and FullContact brag about their ability to tie advertising identifiers to individual profiles of people: their names, physical addresses, IP addresses, property records, and more. If a law enforcement agency has contracts with a device location aggregator like Fog Data and an identity resolution company, and has access to this feature, officers could create full named profiles of people’s movements without a warrant.

Even if an agency does not have access to an unhashed device identifier, the repeated presence of a device at an address is a strong indicator that its owner lives there. It is hard to overstate how easy it is to link an address back to a name and phone number with free and publicly accessible web tools. That is, even though Fog Data may not collect what it deems is personally identifiable information — which, somehow, does not include device advertising identifiers — it is trivial to tie what it does show back to a specific person. And, again, police somehow do not need a warrant for this because the location data is bought from data brokers which harvest it from apps instead of cell towers.

Bill Stipulating an ‘Age Appropriate Design Code’ Begins Its World Tour

Mike Masnick, Techdirt:

Yesterday I wrote about California’s AB 2273 bill and how it is impossible to comply with, censorial, and dangerous. From what I’ve heard it’s likely to pass today, and Governor Newsom may sign it soon. The bill seems to have taken many people by surprise, and at this late moment they’re asking how the hell such a bill could have come about. I’ve been wondering the same thing myself, and started digging — and am really confused. Because, as far as I can tell, THE BILL CAME FROM A UK BARONESS, and California politicians were like “ok, yeah, cool, we’ll just take your bill and make it law here.”

This is just one of three worrisome bills passed recently in California, all of which will likely be signed into law. But I wanted to focus on it for two reasons:

  1. the origins of this bill are pretty wild, and

  2. according to an interview, linked to by Masnick, with the Baroness in question, a copy of the bill is coming soon to Canadian lawmakers’ desks.

The bill seems painful for website operators to implement. To comply with its mandates, website operators whose services may be accessed by a minor must consider the health and well-being of children in administrating their website. That all sounds fine. But the terms of the bill are so vague as to potentially snare any website into creating child-friendly policies or require some verification of age.

And that is where Canada comes in. You might not have heard of MindGeek, but you have probably heard of Pornhub, one of its brands. The Montreal-based company runs several popular porn websites and also owns an age verification solution called AgeID which, in 2019, was tapped to work with adult websites in the U.K. when the British government began its quest to mandate age verification online.

It is plausible to me that Canadian regulators will see both the child protective promises of the bill and a likely Canadian beneficiary as compelling reasons to at least seriously consider it. I hope that is not the case but, unfortunately, policymakers here have not had a good track record when it comes to internet regulation.

Apple Prepares to Leverage Displaced Meta Advertisers

Shoshana Wodinsky, Marketwatch:

In the year since Apple CEO Tim Cook denounced ad-based business models as a source of real-world violence, Apple has ramped up plans to pop more ads into people’s iPhones and beef up the tech used to target those ads. And now, it looks like Apple’s looking to poach the small businesses that have relied almost entirely on Facebook’s ad platform for more than a decade. 

Marketwatch found two recent job postings from Apple that suggest the company is looking to build out its burgeoning adtech team with folks who specialize in working with small businesses. Specifically, the company says it’s looking for two product managers who are “inspired to make a difference in how digital advertising will work in a privacy-centric world,” who want to “design and build consumer advertising experiences.” The ideal candidate, Apple said, won’t only have savvy around advertising, mobile tech, and advertising on mobile tech, but will also have experience with “performance marketing, local ads or enabling small businesses.”

Apple has spent years marketing itself as a privacy-focused business making its money the old fashioned way, when its users are happiest with the products and services they buy. These as-yet unannounced ad slots may be more respectful of users’ information. Even so, I firmly believe an expansion of ads across its platforms concurrent with its efforts to rein in others’ tracking behaviour — and, by extension, impacting small business advertisers — will damage Apple’s credibility and users’ satisfaction. Nobody is going to not buy an iPhone because there are ads in Maps, for example, but plenty of people who use Maps are going to feel a little cheated.

The maxim “if you are not paying for the product, you are the product” is as inaccurate as it is a cliché. If Apple really is planning to put more ads in its products, it shows that you can pay thousands of dollars and still be the product — because the line on each chart must go up.

Couple that with what feels like ambulance chasing as a knock-on effect of what I am sure many believe is a legitimate expression of privacy ideals and it reflects poorly on the company. One great reason strong privacy protections should be legislated by countries is to prevent businesses from twisting for their benefit something many, including Apple, consider a “fundamental human right”. Meta has spent years trying to redefine “privacy” for its own benefit. Apple’s definition may be closer to what you and I may think is truly private, but it should not get to make that decision.

Inside a Million-Dollar Instagram Verification Scheme

Reader Rob D. sent me this extraordinary article by Craig Silverman and Bianca Fortis of ProPublica:

The coveted blue tick can be difficult to obtain and is supposed to assure that anyone who bears one is who they claim to be. A ProPublica investigation determined that Jugenburg’s dubious alter ego was created as part of what appears to be the largest Instagram account verification scheme ever uncovered. With a generous greasing of cash, the operation transformed hundreds of clients into musical artists in an attempt to trick Meta, the owner of Instagram and Facebook, into verifying their accounts and hopefully paving the way to lucrative endorsements and a coveted social status.

Since at least 2021, at least hundreds of people — including jewelers, crypto entrepreneurs, OnlyFans models and reality show TV stars — were clients of a scheme to get improperly verified as musicians on Instagram, according to the investigation’s findings and information from Meta.

The scam required the creation of enough veneer of success to trick Meta’s verification deciders into giving these jokers a badge. It is hilarious to reflect on how successful someone would have to be to afford these services — tens of thousands of dollars, according to ProPublica’s reporting — yet still feel insufficiently notable without a blue badge. I guess fake clout is still clout until it all falls apart.

Amazon’s Upcoming Ring Nation ‘Show’

Andrew Paul, Popular Science:

Hosted by comedian Wanda Sykes, the show originates from MGM Studios (itself a subsidiary of Amazon), and promises “friends and family a fun new way to enjoy time with one another” via doorbell cams, although the ensuing online reaction has been less than promising. Despite the rising popularity of smart home security systems such as Ring, it seems as though some audiences can see through the upcoming show’s premise to know it sounds less “family friendly” than a thinly-veiled surveillance state infomercial attempting to push more home monitoring products.

Just some lighthearted yuks in support of the private police state. Order your Ring today, brought to you by Amazon, and you, too, can help cops violate civil liberties while providing material for this long-form advertisement.

Free, as in Context

Kashmir Hill, New York Times:

Mark noticed something amiss with his toddler. His son’s penis looked swollen and was hurting him. Mark, a stay-at-home dad in San Francisco, grabbed his Android smartphone and took photos to document the problem so he could track its progression.

[…]

After setting up a Gmail account in the mid-aughts, Mark, who is in his 40s, came to rely heavily on Google. He synced appointments with his wife on Google Calendar. His Android smartphone camera backed up his photos and videos to the Google cloud. He even had a phone plan with Google Fi.

Two days after taking the photos of his son, Mark’s phone made a blooping notification noise: His account had been disabled because of “harmful content” that was “a severe violation of Google’s policies and might be illegal.” A “learn more” link led to a list of possible reasons, including “child sexual abuse & exploitation.”

Hill is among the best reporters anywhere on these sensitive, nuanced topics, and this story is no exception. Through careful reporting, Hill writes about two people whose Google accounts were closed — and, at least in Mark’s case, deleted from its servers — because both had taken photos of their naked children for diagnostic purposes.

I think Hill’s article thoughtfully explores the difficult and often contradictory questions around CSAM policing — certainly in a more cogent way than I can write about it — and I think this article is worth reading in full. The part I am more able to comment on is Google’s final decision to lock these parents out of their accounts.

It is a stunning display of Google’s power — and a painful reminder about single points of failure — that it is able to eradicate someone’s connection to the world without warning or recourse. Ben Thompson went so far as to call it a civil liberties violation in spirit, if not in law.

The sad thing is how unsurprising this is to anyone who has tried to deal with Google in any capacity aside from being an ad buyer. A few years ago, Talking Points Memo’s Josh Marshall wrote about his frustration with Google’s demonetization of stories about right-wing terrorists:

With the events of recent months and years, Google is apparently now trying to weed out publishers that are using its money streams and architecture to publish hate speech. Certainly you’d probably be unhappy to hear that Stormfront was funded by ads run through Google. I’m not saying that’s happening. I’m just giving you a sense of what they are apparently trying to combat. Over the last several months we’ve gotten a few notifications from Google telling us that certain pages of ours were penalized for ‘violations’ of their ban for hate speech. When we looked at the pages they were talking about they were articles about white supremacist incidents. Most were tied to Dylann Roof’s mass murder in Charleston.

Now in practice all this meant was that two or three old stories about Dylann Roof could no longer run ads purchased through Google. I’d say it’s unlikely that loss to TPM amounted to even a cent a month. Totally meaningless. But here’s the catch. The way these warnings work and the way these particular warnings were worded, you get penalized enough times and then you’re blacklisted.

Now, certainly you’re figuring we could contact someone at Google and explain that we’re not publishing hate speech and racist violence. We’re reporting on it. Not really. We tried that. We got back a message from our rep not really understanding the distinction and cheerily telling us to try to operate within the no hate speech rules. And how many warnings until we’re blacklisted? Who knows?

TPM also faced a different issue where its main email account, a G Suite paid Gmail account, was blocked without notification because Google flagged it as a source of spam.

It is unfair to blame TPM for relying on Google’s email services, which are among the best options for a managed email product on a custom domain, or for its use of Google ads, which are ubiquitous. Similarly, heavy use of Google services like Mark and Cassio — the other dad in Hill’s story — is pretty normal and encouraged by the tight integration of these products.

Google’s response in each of these cases points to a lack of humanity. It reflects a complete absence of care about the context in which its products are being used, from a company that has a primarily American perspective and may miss real problems in other countries. It is a recipe for more stories like these, especially since a Google spokesperson told Hill the company stood behind its decision. Not only does Google think it did the right thing, it believes deleting Mark’s entire Google presence was the right outcome.

Someone more sympathetic than I am might point out that Google will always struggle to understand context because it is operating at a prohibitively massive scale. This is a cop-out or, at least, an incomplete thought. Google, like many other big businesses, has prioritized growth at the expense of caution because the incentives outweigh the risks. Some variation of this is true across industries, from banking to natural resources to food. Nestlé is practically synonymous with a jaw-dropping lack of ethics but people keep buying Perrier and Cheerios.

It is overly simplistic to say these problems would not exist if businesses were smaller, but I believe shrinking businesses would minimize these problems. And, when they do appear, they would have a smaller effect. I disagree with Thompson’s assessment that “it seems silly to argue that getting banned from a social media platform isn’t an infringement on individual free speech rights”; far from Thompson’s claim that “you can still say whatever you want on a street corner”, you can write whatever you want on a website untouched by Facebook or Twitter, as he did. We have never had so much freedom to speak our minds and broadcast it to an audience. But we have never placed so much of our identity in the hands of such a small number of private entities, often poorly regulated. Software and services need a warranty and they need something like a bill of rights; and, if those demands are untenable at scale, then vendors should be smaller.

Walmart Marketplace Seller Offers Fake $17 30TB Hard Drive That’s Actually Two Small SD Cards in a Trench Coat

Joseph Cox, Vice:

Ray, a cybersecurity researcher, who saw a similar item on online retailer AliExpress, knew the offer was too good to be true. He bought the drive, suspecting it was a scam, and took it apart to find out what exactly was happening here. Sure enough, he found what amounted to a different item cosplaying as a big SSD. Inside were two small memory cards and the item had been programmed in such a way so as to appear it had 30TB of storage when plugged into a computer.

[…]

As Ray tweeted out his findings, another user, SM4Tech, found that the drive was available on Walmart. Motherboard then contacted Walmart for comment.

As Cox writes, it may have appeared that Walmart was selling the drive, but it was actually a marketplace listing. Like Amazon, Walmart lets third-party vendors use its online store to sell their wares. Some vendors are household names, while others take the same Scrabble bag approach to branding as Amazon sellers.

Amazon and Walmart are two of many retailers you probably recognize which offer an online marketplace for third-party sellers, including Best Buy and Canadian retail giant Loblaw. Staples experimented with marketplace sales, too, but I could not find any current information about its program. These products are usually offered alongside those sold by the retailer itself, with few visual clues that they may have different return policies or expectations of quality.

U.S. Federal Trade Commission Sues Kochava

From the FTC’s press release:

In a complaint filed against Kochava, the FTC alleges that the company’s customized data feeds allow purchasers to identify and track specific mobile device users. For example, the location of a mobile device at night is likely the user’s home address and could be combined with property records to uncover their identity. In fact, the data broker has touted identifying households as one of the possible uses of its data in some marketing materials.

[…]

The FTC alleges that Kochava fails to adequately protect its data from public exposure. Until at least June 2022, Kochava allowed anyone with little effort to obtain a large sample of sensitive data and use it without restriction. The data sample the FTC examined included precise, timestamped location data collected from more than 61 million unique mobile devices in the previous week. Using Kochava’s publicly available data sample, the FTC complaint details how it is possible to identify and track people at sensitive locations […]

Lauren Feiner, CNBC:

“This lawsuit shows the unfortunate reality that the FTC has a fundamental misunderstanding of Kochava’s data marketplace business and other data businesses,” Kochava Collective General Manager Brian Cox said in a statement. “Kochava operates consistently and proactively in compliance with all rules and laws, including those specific to privacy.”

Cox said the company announced a new ability to block location data from sensitive locations prior to the FTC’s lawsuit. He said the company engaged with the FTC for weeks explaining the data collection process and hoped to come up with “effective solutions” with the agency.

By “engaging with the FTC for weeks”, Cox appears to mean filing a lawsuit against the Commission earlier this month in an attempt to block the FTC from filing this complaint.

Marketing and data companies are eager to put on a privacy-respecting guise when it suits them while promising services completely antithetical to that. For example, Kochava says it offers in its data marketplace the ability to match mobile devices — perhaps the billion unique mobile devices it also brags about — to email addresses and precise locations. Its marketing materials say it can tie those devices to households and their respective behaviour and purchasing data. Of course, on the same page, it says it is “privacy-first by design” — one wonders how that is possible when the sample data set viewed by the FTC apparently pinpoints specific users by time and location.

Want to opt out? Thanks to regulation in Europe, some U.S. states, and elsewhere, that is made possible. But Kochava is uniquely dickish about it:

[…] You may submit a request to delete all your personal information by emailing Kochava at privacy@kochava.com or by contacting the legal department via telephone at 855-562-4282. However, please bear in mind that when you contact Kochava with such a request, because of the precautions we have proactively taken to protect your privacy, you are actually volunteering more personally identifying information to Kochava as a result of lodging the request than Kochava would have ever had prior to you initiating contact.

I call bullshit. What identifiers could you possibly give Kochava to opt out of its privacy hostile practices that it does not already know and have enriched with other data sources?

Kochava obviously wants to promote itself as uniquely precise to its audience of marketers who crave that kind of fidelity. Its claims warrant some skepticism. But time and time again this industry has proved itself to be as creepy as the brochures claim, at least in how much it collects. How it interprets that information is, in my experience, more questionable.

The FTC does not come out of this looking particularly good, either. Megan Gray on Twitter:

Methinks the agency knows it’s going to lose. Picked this company b/c thought it would settle. Oopsy. Then when company preemptively filed case, agency was in a corner and doesn’t want to be perceived as backing down from a fight.

Gray, continued:

The agency had until MID OCTOBER to respond to the DJ (and could’ve gotten an extension for further time). This was clearly rushed to capture the press cycle. I genuinely feel bad for staff.

It looks really bad for regulators to get financial settlements and modest concessions out of these cases without pushing for an admission of wrongdoing. It makes it look as though these cases are primarily for revenue generation instead of exposing heinous behaviour and setting standards for others to follow.

Spitballing the iPhone SE 4

Canalys:

The North American smartphone market reached 35.4 million shipped units in Q2 2022, down 6.4% yearly amid economic challenges, high inflation, and poor seasonal demand. Apple grew 3% and has dominated over half the North American region for three consecutive quarters, thanks to solid iPhone 13 demand combined with a full quarter’s performance of its entry-level model, the iPhone SE (3rd Gen). Samsung’s shipments increased 4% as its S series and low-end A series devices continued to deliver. Lenovo (Motorola), TCL, and Google rounded of the top five, claiming 9%, 5% and 2% market share.

Via Michael Tsai:

It sure seems like the mini will become the next SE.

Tsai is far from the only one to explore this line of thinking. But I do not buy it; a new rumour from AppleTrack on Twitter seems more likely to me:

RUMOR: The iPhone SE 4, likely coming next year, will essentially be a rebranded iPhone XR

Expect a 6.1-inch display with Face ID, 12MP rear camera and IP67 water and dust resistance.

The iPhone SE’s unique selling point is probably its price, not its form factor. Consider that the next most expensive iPhone in Apple’s lineup is the iPhone 11, which has the same 6.1-inch display as the rumoured SE 4. Why would Apple not simply slide this phone — more or less — down the price ladder?

Privacy Bill Triggers Lobbying Surge by Data Brokers

Alfred Ng, Politico:

Congress has never been closer to passing a federal data privacy law — and the brokers that profit from information on billions of people are spending big to nudge the legislation in their favor.

[…]

The brokers, including U.K.-based data giant RELX and credit reporting agency TransUnion, want changes to the bill — such as an easing of data-sharing restrictions that RELX says would hamper investigations of crimes. Some data brokers also want clearer permission to use third-party data for advertising purposes.

The only surprising part of this is that data brokers are bragging about being treated as an extension of law enforcement. Imagine being thrilled to live in a police state, so long as it is privatized.

‘Silicon Values’

A unique consequence of writing about the biggest computer companies, which are all based in the United States, from most any other country is a lurking sense of invasion. I do not mean this in an anti-American sense; it is perhaps inherent to any large organization emanating from the world’s most powerful economy. But there is always a sense that the hardware, software, and services we use are designed by Americans often for Americans. You can see this in a feature set inevitably richer in the U.S. than elsewhere, language offerings that prioritize U.S. English, pricing often pegged to the U.S. dollar, and — perhaps more subtly — in the values by which these products are created and administered.

These are values that I, as someone who resides in a country broadly similar to the U.S., often believe are positive forces. A right to free expression is among those historically espoused by these companies in the use of their products. But over the past fifteen years of their widespread use, platforms like Facebook, Instagram, Twitter, and YouTube have established rules of increasing specificity and caution to restrict what they consider permissible. That, in a nutshell, is the premise of Jillian C. York’s 2021 book, Silicon Values.

Though it was published last year, I only read it recently. I am glad I did, especially with several new stories questioning the impact of a popular tech company an ocean away. TikTok’s rapid rise after decades of industry dominance by American giants is causing a re-evaluation of an America-first perspective. Om Malik put it well:

For as long as I can remember, American technology habits did shape the world. Today, the biggest user base doesn’t live in the US. Billion-plus Indians do things differently. Ditto for China. Russia. Africa. These are giant markets, capable of dooming any technology that attempts a one-size-fits-all approach.

The path taken by York in Silicon Values gets right up to the first line of this quote from Malik. In the closing chapter, York (228) writes:

I used to believe that platforms should not moderate speech; that they should take a hands-off approach, with very few exceptions. That was naïve. I still believe that Silicon Valley shouldn’t be the arbiter of what we can say, but the simple fact is that we have entrusted these corporations to do just that, and as such, they must use wisely the responsibility that they have been given.

I am not sure this is exactly correct. We often do not trust the judgements of moderation teams, as evidenced by frequent complaints about what is permissible and, more often, what gets flagged, demonetized, or removed. As I was writing this article, reporters noted that Twitter took moderation action against doctors and scientists posting factual, non-controversial information about COVID-19. This erroneous flagging was reverted, but it is another in a series of stories about questionable decisions made by big platforms.

In fact, much of Silicon Values is about the tension between the power of these giants to shape the permissible bounds of public conversations and their disquieting influence. At the beginning of the book, York points to a 1946 U.S. Supreme Court decision, Marsh v. Alabama, which held that private entities can become sufficiently large and public to require them to be subject to the same Constitutional constraints as government entities. Though York says this ruling has “not as of this writing been applied to the quasi-public spaces of the internet” (14), I found a case which attempted to use Marsh to push against a moderation decision. In an appellate decision in Prager University v. Google, Judge M. Margaret McKeown wrote (PDF) “PragerU’s reliance on Marsh is not persuasive”. More importantly, McKeown reflected on the tension between influence and expectations:

Both sides say that the sky will fall if we do not adopt their position. PragerU prophesizes living under the tyranny of big-tech, possessing the power to censor any speech it does not like. YouTube and several amicus curiae, on the other hand, foretell the undoing of the Internet if online speech is regulated. While these arguments have interesting and important roles to play in policy discussions concerning the future of the Internet, they do not figure into our straightforward application of the First Amendment.

All of the subjects concerned being American, it makes sense to judge these actions on American legal principles. But even if YouTube were treated as an extension of government due to its size and required to retain every non-criminal video uploaded to its service, it would make as much of a political statement elsewhere, if not more. In France and Germany, it — like any other company — must comply with laws that require the removal of hate speech, laws which in the U.S. would be unconstitutional. York (19) contrasts their eager compliance with Facebook’s memorable inaction to rein in hate speech that contributed to the genocide of Rohingya people in Myanmar. Even if this is a difference of legal policy — that France and Germany have laws but Myanmar does not — it is clearly unethical for Facebook to have inadequately moderated this use of its platform.

The concept of an online world no longer influenced largely by U.S. soft power brings us back to the tension with TikTok and its Chinese ownership. It understandably makes some people nervous for the most popular social media platform for many Americans has the backing of an authoritarian regime. Some worry about the possibility of external government influence on public policy and discourse, though one study I found reflects a clear difference in moderation principles between TikTok and its Chinese-specific counterpart Douyin. Some are concerned about the mass collection of private data. I get it.

But from my Canadian perspective, it feels like most of the world is caught up in an argument between a superpower and a near-superpower, with continued dominance by the U.S. preferable only by comparison and familiarity. Several European countries have banned Google Analytics because it is impossible for their citizens to be protected against surveillance by American intelligence agencies. The U.S. may have legal processes to restrict ad hoc access by its spies, but those are something of a formality. Its processes are conducted in secret and with poor public oversight. What is known is that it rarely rejects warrants for surveillance, and that private companies must quietly comply with document requests with little opportunity for rebuttal or transparency. Sometimes, these processes are circumvented entirely. The data broker business permits surveillance for anyone willing to pay — including U.S. authorities.

The privacy angle holds little more weight. While it is concerning for an authoritarian government to be on the receiving end of surveillance technologies rather than advertising and marketing firms, it is unclear that any specific app disproportionately contributes to this sea of data. Banning TikTok does not make for a meaningful reduction of visibility into individual behaviours.

Even concerns about how much a recommendation algorithm may sway voter intent smell funny. Like Facebook before it, TikTok has downplayed the seriousness of its platform by framing it as an entertainment venue. As with other platforms, disinformation on TikTok spreads and multiplies. These factors may have an effect on how people vote. But the sudden alarm over yet-unproved allegations of algorithmic meddling in TikTok to boost Chinese interests is laughable to those of us who have been at the mercy of American-created algorithms despite living elsewhere. American state actors have also taken advantage of the popularity of social networks in ways not dissimilar from political adversaries.

However, it would be wrong to conclude that both countries are basically the same. They obviously differ in their means of governance and the freedoms afforded to people. The problem is that I should not be able to find so many similarities in the use of technology as a form of soft power, and certainly not for spying, between a democratic nation and an authoritarian one. The mount from which Silicon Values are being shouted looks awfully short from this perspective.

You do not need me to tell you that decades of undermining democracy within our countries has caused a rise in autocratic leanings, even in countries assumed stable. The degradation of faith in democratic institutions is part of a downward spiral caused by internal undermining and a failure to uphold democratic values. Again, there are clear differences and I do not pretend otherwise. You will not be thrown in jail for disagreeing with the President or Prime Minister, and please spare me the cynical and ridiculous “yet!” responses.

I wish there were a clear set of instructions about where to go from here. Silicon Values is, understandably, not a book about solutions; it is an exploration of often conflicting problems. York delivers compelling defences of free expression on the web, maddening cases where newsworthy posts were removed, and the inequity of platform moderation rules. It is not a secret, nor a compelling narrative, that rules are applied inconsistently, and that famous and rich people are treated with more lenience than the rest of us. But what York notes is how aligned platforms are with the biases of upper-class white Americans; not coincidentally, the boards and executive teams of these companies are dominated by people matching that description.

The question of how to apply more local customs and behaviours to a global platform is, I believe, the defining challenge of the next decade in tech. One thing seems clear to me: the world’s democracies need to do better. It should not be so easy to point to similarities in egregious behaviour; corruption of legal processes should not be so common. I worry that regulators in China and the U.S. will spend so much time negotiating which of them gets to treat the internet as their domain while the rest of us get steamrolled by policies that maximize their self-preferencing.

This is especially true as waves of stories have been published recently alleging TikTok and its adjacent companies have suspicious ties to arms of an autocratic state. Lots of TikTok employees apparently used to work for China’s state media outlets and, in another app from ByteDance, TikTok’s owner, pro-China stories were regularly promoted while critical news was minimized. ByteDance sure seems to be working more closely with government officials than operators of other social media platforms. That is probably not great; we all should be able to publish negative opinions about lawmakers and big businesses without fear of reprisal.

There is a laundry list of reasons why we must invest more in our democratic institutions. One of them is, I believe, to ensure a clear set of values projected into the world. One way to achieve that is to prefer protocols over platforms. It is impossible for Facebook or Twitter or YouTube to be moderated to the full expectations of its users, and the growth of platforms like Rumble is a natural offshoot of that. But platforms like Rumble which trumpet their free speech bonafides are missing the point: moderation is good, normal, and reinforces free speech principles. It is right for platform owners to decide the range of permissible posts. What is worrying is the size and scope of them. Facebook moderates the discussions of billions — with a b and an s — of people worldwide. In some places, this can permit greater expression, but it is also an impossible task to monitor well.

The ambition of Silicon Valley’s biggest businesses has not gone unnoticed outside of the U.S. and, from my perspective, feels out of place. Yes, the country’s light touch approach to regulation and generous support of its tech industry has brought the world many of its most popular products and services. But it should not be assumed that we must rely on these companies built in the context of middle- and upper-class America. That is not an anti-American statement; nothing in this piece should be construed as anti-American. Far from it. But I am dismayed after my reading of Silicon Values. What I would like is an internet where platforms are not so giant, common moderation actions are not viewed as weapons, and more power is in more relevant hands.

Google Duo Is Back, Kind of, and It Launches One of Two Apps Called Google Meet

You may remember when Google announced in June that it was adding Google Meet features to Google Duo, then renaming the app Google Meet, while preserving its original Google Meet app for some time. It turns out that strategy was not as easy to understand as you might think.

Abner Li, 9to5Google:

At the start of August, an update (172) started rolling out that replaced the blue Duo icon and introduced the four-colored Meet version. After updating and opening the app, Duo disappears from the launcher.

Version 173 today brings back the Google Duo icon for some reason. As such, you have both the Duo and Meet logos in your app drawer, with both working to launch the new unified Meet-Duo experience.

This is as clear as Google’s messaging strategy has ever been. The thing I have learned from this is that Google thinks launching Meet when users type “Duo” in the search field is some kind of insurmountable technical obstacles.

White House to Make All Federally Funded Research Immediately Accessible

Jacob Knutson, Axios:

The White House on Thursday issued a new policy that will require all federally funded research to be immediately — and freely — available to the public upon publication starting no later than 2026.

Public research ought to be public. Never forget how MIT kept pushing charges against Aaron Swartz after he used the university’s network to download JSTOR files in bulk. Another of Swartz’s efforts was to liberate court records. U.S. policymakers keep dangling the prospect of making PACER free as well.

Twitter Whistleblower Seems to Confirm Twitter’s Legal Argument About Spam

Donie O’Sullivan, Clare Duffy, and Brian Fung, CNN:

Twitter has major security problems that pose a threat to its own users’ personal information, to company shareholders, to national security, and to democracy, according to an explosive whistleblower disclosure obtained exclusively by CNN and The Washington Post.

[…]

The whistleblower, who has agreed to be publicly identified, is Peiter “Mudge” Zatko, who was previously the company’s head of security, reporting directly to the CEO. Zatko further alleges that Twitter’s leadership has misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns. The whistleblower also alleges Twitter does not reliably delete users’ data after they cancel their accounts, in some cases because the company has lost track of the information, and that it has misled regulators about whether it deletes the data as it is required to do. The whistleblower also says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to. Bots have recently become central to Elon Musk’s attempts to back out of a $44 billion deal to buy the company (although Twitter denies Musk’s claims).

You can read Mudge’s whistleblower disclosure and infosec report — both PDFs — for yourself, if you would like. Both contain heavily redacted sections, especially around claims of corporate fraud.

Mike Masnick reviewed these reports in two parts at Techdirt. Masnick’s first analyzed Mudge’s claims about Twitter’s security infrastructure, its compliance with an FTC consent decree, and whether it had hired foreign spies deeply embedded in the company. The second piece, published today, is exclusively responding to the many stories claiming Mudge’s investigations will help Elon Musk’s justification for backing out of his acquisition of Twitter:

So, let’s dive into those details. The first and most important thing to remember is that, even as Musk insists otherwise, the Twitter lawsuit is not about spam. It just is not. I’m not going to repeat everything in that earlier story explaining why not, so if you haven’t read that yet, please do. But the core of it is that Musk needed an escape hatch from the deal he didn’t want to consummate and the best his lawyers could come up with was to claim that Twitter was being misleading in its SEC reporting regarding spam. (As an aside, there is very strong evidence that Musk didn’t care at all about the SEC filings until he suddenly needed an escape hatch, and certainly didn’t rely on them).

[…]

Reading through all of this, anyone who actually understands the details — including what’s at play in the lawsuit — should see that Mudge is actually confirming the only thing that matters for the lawsuit: that the numbers Twitter reported to the SEC for mDAU involves estimating how much spam they mistakenly include in mDAU and not how much spam is on the platform as a whole. If the actual total amount of spam on the platform is higher than that, it doesn’t help Musk, because Musk’s legal argument is predicated on the <5% reported to the SEC.

Ryan Mac and Kate Conger, of the New York Times, listened in on a company meeting today:

Other executives — including Sean Edgett, the general counsel, and the privacy and security executives Damien Kieran and Lea Kissner — echoed Mr. Agrawal.

“We have never made a material misrepresentation to a regulator, to our board, to all of you,” Mr. Edgett said. “We are in full compliance with our F.T.C. consent decree.” He added that an external auditor reviews Twitter’s compliance with the decree every two years.

I read both of the PDFs linked above and, if true, they paint a picture of a company where developers have extraordinary latitude with few access controls and virtually no logging of their actions. If Mudge’s claims prove correct, Twitter’s board has been misled and the company constantly puts its users’ activity at risk. But after reading Masnick’s careful analysis, I am less convinced of the more headline-making claims in these documents.

9to5Mac: iOS 16.1 to Let Users Delete the Apple Wallet App

Filipe Espósito, 9to5Mac:

Code seen by 9to5Mac makes it clear that the Wallet app has become “deletable” with iOS 16.1. Unsurprisingly, some features like Apple Pay won’t work without the Wallet app. In this case, users will see a message telling them to “Download the Wallet app from the App Store.”

Since iOS 16.1 is not yet available for iPhone and the iPad lacks the Wallet app, we haven’t been able to see this new option in action.

I have to wonder whether this will be launched as Espósito describes. If the Wallet app is deletable but cannot be replaced, it does not seem like it would assuage the self-preferencing concerns raised by European regulators. It is possible this could be revised to suggest the installation of a different wallet application — the E.U.’s own, for example. But making it removable without the ability for third-party apps to use the NFC system or override the double-click home button shortcut seems like it would appease neither users nor regulators.

Apple Pay Patience

Ben Cohen, Wall Street Journal:

Apple has been picked apart for so many lessons that it could start its own business school, but what the case of Apple Pay shows is that patience is a competitive edge for companies that know how to wield it.

[…]

The percentage of iPhones with Apple Pay activated was 10% in 2016 and 20% in 2017, according to research from Loup Ventures, as most people seemed perfectly happy with their plastic cards and leather wallets. Adoption nearly doubled again in 2018. It hit 50% by 2020. Now it’s around 75% and inching closer to ubiquity. Of course, not every account that gets activated remains in active use.

PYMNTS, which has previously noted the gulf between Apple Pay activations and in-store usage, published an un-bylined response to this Journal story:

The winner here has been, and still is, the contactless card, the tap-to-pay functionality that has garnered a 14% share of in-person payments — and as seen in the chart below, that percentage has been growing all through the pandemic. Throw in the physical, plastic cards themselves, and debit cards have snared 44% of transactions and credit cards have a 27% share, as measured by the second quarter of this year.

Cohen:

I spent the past few weeks leaving cards in my pocket and tapping my phone wherever I could. But there are still plenty of places where I couldn’t. Restaurants have been slow to embrace the technology required for Apple Pay. Gas stations have been reluctant to spend on upgrading their pumps. Walmart, which favors its own mobile payment option, remains the most notable holdout among retailers.

For what it is worth, I cannot think of a single terminal I have used in the past couple of years that has not supported tap-based payments. I have been paying for groceries by tapping my card for even longer than that. Every gas station I have visited permits me to pay by tap. Even though I know Apple Pay offers a higher level of security than a physical card, I cannot remember the last terminal I tapped with my phone; it is always easier to grab the right card from my wallet. I use Apple Pay frequently with online payments, though, so that is something.

This Year’s Big iPad Update to Be Released After iOS 16 as iPadOS 16.1

Brian Heater, TechCrunch:

Apple this morning is rolling out iPadOS 16.1 beta to enrolled developer devices. It’s a break from the standard release cadence, which has tied together the tablet operating system with its smartphone counterpart, iOS, since its first release in 2019.

In a comment to TechCrunch, the company notes, “This is an especially big year for iPadOS. As its own platform with features specifically designed for iPad, we have the flexibility to deliver iPadOS on its own schedule. This Fall, iPadOS will ship after iOS, as version 16.1 in a free software update.”

This confirms an earlier report from Mark Gurman.

Contrary to Heater’s comment, iPadOS has not always been released in sync with iOS. Apple’s very first “iPadOS” release, iPadOS 13.1, did not ship until five days after iOS 13; iPadOS 13.0 was never made publicly available. Before then, the first version of iOS 4 available for iPads was iOS 4.2.

On the Internet, Nobody Knows You are You

Manton Reece:

I continue to think that my devices are now too secure. Face ID shouldn’t freak out multiple times a day, requiring a pin. Safari shouldn’t scrap cookies every week, requiring needless extra web sign-ins. Any security beyond unlocking my Mac is usually unnecessary friction.

I agree with Reece’s diagnosis of the problem, but not its cause. If someone is logged into a user account on a Mac, everything in the keychain is probably unlocked and available to them as well. And if they have text message forwarding enabled on their iPhone, an SMS-based two-factor code will appear in Message. Despite what is basically security theatre, I need to reauthenticate several times weekly on websites and in applications I use all the time. I have to sign into this website — you know, the one I solely write and administer — probably once a week for each device I use.

I get why some of these measures are in place, particularly as tracking cookies are concerned. But I wish there were a way to simply tell my computer that I — me, Nick Heer — am sitting in front of it and have all the doors opened and locks unlocked without further inquiry.

Investor Pitch Deck Claims Unplugged Services Are to Be Backed by Servers in International Waters, and Other Fictions

Remember the Unplugged Phone? Patrick Howell O’Neill, of MIT’s Technology Review, obtained the company’s pitch deck:

In June, [Erik] Prince publicly revealed the new phone, priced at $850. But before that, beginning in 2021, he was privately hawking the device to investors — using a previously unreported pitch deck that has been obtained by MIT Technology Review. It boldly claims that the phone and its operating system are “impenetrable” to surveillance, interception, and tampering, and its messenger service is marketed as “impossible to intercept or decrypt.”

Boasting falsely that Unplugged has built “the first operating system free of big tech monetization and analytics,” Prince bragged that the device is protected by “government-grade encryption.” Better yet, the pitch added, Unplugged is to be hosted on a global array of server farms so that it “can never be taken offline.” One option is said to be a server farm “on a vessel” located in an “undisclosed location on international waters, connected via satellite to Elon Musk’s StarLink.” An Unplugged spokesperson explained that “they benefit in having servers not be subject to any governmental law.”

Reminds me of the long-running libertarian fantasy of living on a barge on the ocean. This whole venture is completely untethered — unplugged, even — from reality.

iOS Apps Can Inject JavaScript on Webpages Loaded in In-App Browsers; TikTok and Instagram May Collect Sensitive Events

Felix Krause:

The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser. This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.

This is because apps are able to manipulate the DOM and inject JavaScript into webpages loaded in in-app browsers. Krause elaborated today:

When you open any link on the TikTok iOS app, it’s opened inside their in-app browser. While you are interacting with the website, TikTok subscribes to all keyboard inputs (including passwords, credit card information, etc.) and every tap on the screen, like which buttons and links you click.

[…]

Instagram iOS subscribes to every tap on any button, link, image or other component on external websites rendered inside the Instagram app.

[…]

Note on subscribing: When I talk about “App subscribes to”, I mean that the app subscribes to the JavaScript events of that type (e.g. all taps). There is no way to verify what happens with the data.

Is TikTok a keylogger? Is Instagram monitoring every tap on a loaded webpage? It is impossible to say, but it does not look good that either of these privacy-invasive apps are so reckless with users’ ostensibly external activity.

It reminds me of when iOS 14 revealed a bunch of apps, including TikTok, were automatically reading pasteboard data. It cannot be known for certain what happened to all of the credit card numbers, passwords, phone numbers, and private information collected by these apps. Perhaps some strings were discarded because they did not match the format an app was looking for, like a parcel tracking number or a URL. Or perhaps some ended up in analytics logs collected by the developer. We cannot know for sure.

What we do know is how invasive big-name applications are, and how little their developers really care about users’ privacy. There is no effort at minimization. On the contrary, there is plenty of evidence for maximizing the amount of information collected about each user at as granular a level as possible.

Meta Gets Passive-Aggressive With TikTok

Sarah Perez, yesterday, for TechCrunch:

The feature, first uncovered in changes discovered by product intelligence firm Watchful.ai, introduces a new sharing interface for TikTok Stories. Previously, users could share their TikTok Stories directly with TikTok friends by tapping their profile picture in the share sheet that pops up when you click the three-dot menu on a Story. The same interface also allows users to save the videos to their device, delete it or change its privacy settings.

Now, this sharing option will include a row of popular social apps, as well as an option to copy a link to the video, according to images provided by Watchful.ai and confirmed by TikTok.

Kaitlin Hatton, today, for the Verge:

Instagram is tired of creators making their videos in Reels and then heading over to TikTok. While using Reels this week, The Verge discovered that when trying to download an edited clip to an iPhone, the audio from the clip disappeared. This means if you want to export the footage from Reels to use in another app, you have to actually post the Reel first in order to save the sound. As recently as late July, it was possible to download the clip with audio and use it in a separate app — like, say, TikTok — without posting it first.

The audio was stripped out on three iPhones we tested, though exports with audio were still possible with Instagram on Android. Instagram did not respond to multiple requests for comment on whether this was a glitch or an intentional change.

Just as petty as the last time Instagram did this.

Lyft Asks Alberta Government to Drop Commercial Licence Requirement

Michelle Bellefontaine, CBC News:

Ride-hailing company Lyft is lobbying the Alberta government in hopes the province will lift the commercial licence requirement for drivers introduced in 2016.

Drivers for ride-hailing services require a Class 4 Alberta licence. Lyft wants the province to drop that requirement and allow anyone with a Class 5 general licence to drive for them.

“Lyft believes that Alberta should join the provinces of Ontario, Quebec, Manitoba, and Saskatchewan in adopting modern regulations for the passenger transportation industry,” the company said in a statement.

What a load of crap. Uber has been operating in Calgary and Edmonton since late 2016 under the existing law, which requires drivers to hold exactly the same license as a taxi driver because they do exactly the same job. While Lyft may publicly praise Ontario’s more lenient licensing requirements, it fails to note that drivers in Toronto must obtain a specific license. The city paused new licensees while existing holders complete training after a passenger in an Uber was killed because the driver dropped his cellphone.

I am not sure if I have relayed this story before, but the regulation of pirate taxi services in Alberta is an excellent example of what can be done when policymakers stick to common-sense standards in the face of political pressure.

After a brief false start in 2014, Uber launched in Calgary illegally — as it is wont to do — in October 2015. After about two months and with drivers facing several criminal charges, Uber agrees to stop operating in the city. This is their familiar playbook: operate illegally, and wait for regulators to succumb to public pressure. Indeed, there was plenty of anger and fury across the board, from the public at large to national magazines.

But the city held out. Calgary city councillors proposed a bylaw to regulate these services, each element of which Uber called “unworkable”. A single element of the legislation was adjusted to create a different administrative fee structure.

Guess what? Uber has been operating and thriving in this city for nearly six years under a legal structure they claimed would not work for its business. Drivers need to get a police background check, they need to complete specific training, they need to complete the same vehicle inspection as a taxi driver, and drivers need to hold insurance that permits use for companies like Uber. An Uber in Calgary means drivers have the same responsibility as taxi drivers, and passengers have the same expectations — as it should be.

This episode is proof that regulators can and should grow a spine. Uber and Lyft are app-based taxi businesses; their users deserve the same consumer protections as any other kind of transportation service. What Lyft is asking for is an adjustment to the provincial law but, make no mistake, Calgary’s stringent municipal laws are surely next on its list of things to weaken.

Another Free Speech Platform Cannot Bear the Sting of Mild Criticism

A little subgenre of news story I really dig is when platforms promoting themselves as some sort of unique bastion of free speech find their limit. This happens all the time because of course it does. Every platform figures out there are things unworthy of being hosted or broadcasted on its service. Substack has loudly trumpeted its free speech bonafides, permitting all sorts of nonsense — from pseudoscience health quackery to outright white nationalism — on its platform. Substack also hosts and promotes newsletters from totally normal and great writers, too.

Spencer Ackerman was one of them. Last month, he transitioned his excellent Forever Wars newsletter from Substack to Ghost after a yearlong grant expired:

I got paid, and I got Sam paid. [I bought MANY Transformers toys. Also food for my child.—Sam.] Substack, however, wouldn’t pay me what I asked for, which was their right, but was also an issue since I was splitting the grant. Not for the first time, I swallowed my pride and took the money. But once that happened, I made up my mind to stop using the platform as soon as I was no longer contractually obligated. This is why you’ve seen me make repeated references to publishing 100 editions of FOREVER WARS in the span of a year.

This is one of those totally normal posts you would expect to read to explain a change of platform. There is nothing incendiary in here; nothing that really throws Substack under the bus or burns any bridges. Ackerman points out that some of the other writers on the platform made it a little harder for him to get paying subscribers since Substack would be getting a cut and some people did not want to support that. Nothing wild, no big deal, right?

Sam Thielman, editor of Forever Wars:

In July, Spencer took this blog off Substack immediately after his contract with the newsletter company expired. He explained his decision in what can only be reasonably described as a mild post, which I edited, here. Substack responded by ending my contract to edit their other freelance writers, telling me, in writing, that they were doing so because of Spencer’s explanation. Twice.

Substack will not draw the line at white nationalists or anti-vaccine extremists or super transphobic commentary. But if one of its contract editors also edits the newsletter of a guy who left the platform, that crosses the free speech line. Again, this is an editor; his name is not really attached to Ackerman’s newsletter. And now he is out of a job because one of the people he works for decided — to repurpose the words of Substack’s Hamish McKenzie — to “serve readers above all else”.

Update: McKenzie responded:

We ended the freelance contract that Substack was paying on behalf of the writers, but that’s all. Sam wasn’t banned from the platform or anything like that. […]

Having reflected on this and spoken to Sam, I do think we fucked up here. It’s on me. We’ve talked to Sam and we’re paying him the full value of the affected contracts. We’re sorry to Sam for overstepping.

Thielman may not have been banned from the platform, but his income from it was terminated in a seemingly retaliatory measure. Again, from that earlier post by McKenzie:

The writer we spoke to today prized independence. They’d seen several journalistic enterprises come and go; their friends in and then out of work. But even as those outlets disappeared, readers kept following the writers they trusted. This writer felt that a subscription–based publication they alone controlled — where they owned the content and access to the audience — provided an unmatched sense of stability. For a writer, that is life-changing. Everyone else gets to benefit from stronger work that seeks not to foment conflict but to build understanding.

Substack deprived Thielman of stability when the company terminated his contract. Somehow, Joseph Mercola is able to keep publishing on Substack — the company will happily take its cut from his subscribers and permit people to pay him through its platform — but working for someone who publishes on a different platform crossed a line. Mistake or not, I would not trust Substack to deliver the stability and independence it claims. Substack really is just another platform.

‘Unclear Effects’ Responses and Corrections

I was particularly interested to see two responses to my exploration of ad tech company financials post-App Tracking Transparency. Unfortunately the first, from Ben Thompson in today’s Daily Update, is not visible to me because I am cheap, though I understand it to be a criticism that I did not account for exchange rates. That is fair and also, though I lack the context to say for sure what Thompson’s argument, maybe loosely agreeing with the point I am making more broadly.

The second criticism comes by way of a comprehensive Twitter thread from Eric Seufert. I have to say thank you to Seufert for rebutting my work and pointing to corrections I should make.

I want to start with a study I cited which showed negligible benefits for publishers running behaviourally-targeted ads compared to contextual ads — that is, ads based on the website or subject matter of the page. Seufert points out that the findings of that specific one differ wildly from others. I regret not looking deeper into this study and appreciate Seufert’s highlighting of its unique quality.

Seufert also disagrees with my methodology of assessing revenues by geography:

But I also think simply looking at geo-level OS penetration rates in sizing ATT’s impact is misguided given the skew of value between the platforms.

[…]

No public data exists for this but in general, iOS makes up a higher share of revenue in EU than in the US, despite holding a smaller absolute platform footprint. This is likely especially true for Snapchat which, again, historically prioritized iOS. I find this logic faulty.

That is fair; I can buy this argument. Incidentally, I find this situation sort of ironic. Android is developed by one of the world’s biggest ad businesses, but it is not the best platform for ads — or, more specifically, advertisers.

On Meta, I think the amount of blame to ascribe to ATT remains murky. The amount of noise created by TikTok’s rapid ascendancy and its ability to take younger users and, therefore, ad dollars away from Meta is an astonishing coup. Is ATT really the thing holding back the growth rate of platforms like Facebook and Instagram, or is it more likely that big advertising dollars are following users’ eyeballs?

Where I have landed after reading Seufert’s thread — and which I recommend you read, as well, as I think he makes several good arguments — is that ATT certainly has an effect, but it is not as pronounced as assumed by its ardent supports and its biggest detractors. It is making advertising a little more difficult but there are so many things happening that it is just one of several factors, most of which are more significant. My argument was certainly on a side of ATT being less relevant, while Seufert’s — and, presumably, Thompson’s — paint it as more impactful.

Where my disagreement with Seufert remains is in the ethics of monitoring user behaviour and showing them ads based on that surveillance:

This is a common argument, and it amounts to: “Users are simply ill-equipped to provide informed consent given the esoteric nature of ad tech.” I reject this. I think users generally understand the trade-offs between ads personalization and utility & behave accordingly.

Seufert illustrates this with a story from an article published in August 2020, after ATT was announced but well before it was released:

Advertising influences the user experience; people respond to ads through clicks but also through broader product engagement. An anecdote that I relay often from my time at Skype: we conducted a survey of users to gauge receptiveness to ads being introduced into the product, and most respondents believed that Skype already included ads. “It’s a free product, so it must make money by showing ads to users?”

This indicates to me how little we can really absorb and pay attention to. We are all like this. There are reasons there are guardrails in just about every market for safety, quality, and consumer protection. The data marketplace, at least in the United States, is shockingly unregulated for the risks inherent to the industry. We do not have the time to fully comprehend the very many ways in which our everyday behaviour is being tracked, nor how this information is shared and repurposed. We have better things to do.

I also think advertisers have better things to do than to hyper-target thousands of ad variants, seeking out an edge that might not even be there. John Gruber:

There’s an oft-cited adage attributed to the famed Philadelphia department store magnate John Wanamaker: “Half the money I spend on advertising is wasted; the trouble is I don’t know which half.” That’s the conundrum surveillance-based advertising seemingly solves. It lets advertisers know which ads generate which business, with high accuracy. It seemingly turned an unpredictable art into a very predictable science. And now, these advertisers are finding, allocating ad dollars is regressing back towards an unpredictable art.

A key word here, I believe, is “seemingly”. The data advantages of ad tech not entirely fictional, but the dashboards featuring giant numbers and beautiful charts are giving the impression of greater precision than they truly offer. It reminds me a little of the panic over email open rates last year when it announced Mail Privacy Protection in iOS 15. Ads are surely more precise than an old-fashioned system like email, but the numbers they present are often misleading or bullshit. There is an entire industry of companies that purportedly fight fraud and inaccurate metrics, but they are part of the problem as they perpetuate the myth that advertising can be damn near perfected — if only there were enough data.

You probably do not remember many ads you see on the web or on your phone. The world of digital advertising is a world filled with ugly garbage. While the technology side of digital advertising has tried to bring it toward a science, perhaps it needs to be brought back to something more artful. Less behavioural data may encourage this.

There is a middle ground between completely untargeted ads and the hyper-targeted ones advocated for by the massive industry behind them. More artful ads, placed contextually, are a good start. I also think Facebook, of all companies, actually had a fine system in place from its earliest days: it simply asked people what they liked. Because it was a place for twenty-somethings to chat, there was a social incentive to list your favourite music, books, movies, and TV shows. Marketers could buy ads for self-selected audiences. That seems entirely okay to me — it allows for well-targeted ads without strip-mining every interaction people have across their devices, every purchase they make, and every sensor they encounter.

Two stories about Apple and advertising broke since I published my piece last week. The first was about Apple’s attempts to woo Facebook into building a subscription service — which, given a fuller contemporaneous context, is not that alarming — but it also apparently felt entitled to some of its ad revenue from boosted posts. The second is from Mark Gurman reporting that Apple internally tested ad placements in Maps, and speculating the company may increase its ad products across its platforms. Both of these paint an ugly look for Apple and, when paired with its ATT strategy — which, in isolation, seem well-intentioned — will likely raise some regulators’ ire.

Privacy must be public policy. I got some things wrong in my article and I appreciate Seufert’s corrections. I am left feeling that ATT’s effects are more significant than I first thought but still less meaningful than many are eager to suggest. The biggest critics of ATT seem to believe it is a cataclysmic technology, but also that its effects have been mitigated for over a year because of strong economic factors, and that currency exchange rates are masking its more recent effects. I find this argument incompatible with itself. It seems to me these effects are still more minor than broader economic activity and changes in user behaviour. I am also glad to see we seem to agree on this last argument. If privacy truly is a human right, it should not be up to Apple and Meta to bicker over which company is entitled to elicit which compromises from its users.

A Short History of Apple and Facebook Digging in Their Heels

Salvador Rodriguez, Wall Street Journal:

In the years before the change, Apple suggested a series of possible arrangements that would earn the iPhone maker a slice of Facebook’s revenue, according to people who either participated in the meetings or were briefed about them. As one person recalled: Apple officials said they wanted to “build businesses together.”

One idea that was discussed: creating a subscription-based version of Facebook that would be free of ads, according to people familiar with the discussions. Because Apple collects a cut of subscription revenue for apps in its App Store, that product could have generated significant revenue for the Cupertino, Calif., giant.

[…]

Apple has discussed similar business models with many developers, according to a person familiar with the conversations.

If Apple was, indeed, planning a relentless and self-preferencing campaign against Facebook beginning in 2016, as Rodriguez reports, for a feature previewed in 2020, that would be pretty terrible. But 2016 is the time when Apple enabled subscriptions for all types of apps and launched its Search Ads initiative. Apple executives, including Phil Schiller, explained these changes in press briefings, and the company privately discussed them with developers, too.

Lauren Goode of the Verge in June 2016:

One popular app developer, who had been clued in to Apple’s App Store changes, says the new subscription offerings are “an earthquake in my world, in a good way.”

“It’s hard to emphasize how significantly this can change the viability of companies like mine and their growth trajectory,” says Itai Tsiddon, the co-founder of Lightricks, which makes top-selling apps like Facetune and Enlight.

If Apple discussed its changes with Tsiddon and, implicitly or explicitly, encouraged him to adopt subscriptions, why would it not do the same for big developers like Facebook?

Maybe this was a scheme five years in the making and explicitly targeted at Facebook. Its apps were a “persistent frustration for some Apple executives”, according to Rodriguez’s sources, because Apple did not get a cut of ad revenue. If that is the case, it confirms some of the harshest critiques of the App Store model and Apple’s entitlement to a cut of revenue. On the other hand, without context, it is unclear why Facebook’s apps so chafed Apple’s leadership. Maybe it is because they were popular, free, and huge, likely costing Apple huge amounts of money every time a new version of Instagram was released. That is partly Apple’s problem; the App Store is designed in a way that disincentivizes in-app transactions, incentivizes free apps, and does not care about file size or bandwidth use.

Here is the part of Rodriguez’s story that is not getting as much attention:

The Facebook executives who internally proposed ending the collection of third-party data argued that by ceasing its reliance on such data, the social-media giant could also reduce the company’s dependence on Apple and Google’s mobile operating systems.

Mr. Zuckerberg opted instead to leave the bulk of its data-collection practices in place. The company shut down an ad-targeting option that relied on information collected by data brokers shortly after the Cambridge Analytica scandal was reported in March 2018, but otherwise Facebook continued to rely on third-party data to target users with personalized ads.

Executives at Facebook knew, in 2018, that its reliance on third-party data was a risk, and that regulatory and platform changes could make its use very difficult. It could have switched to an entirely first-party model at the time. I assume its executives now regret that decision.

Why Was There Such a Huge Gap Between App Tracking Transparency’s Release and Its Apparent Effects?

Patrick McGee in a Twitter thread:

Basic answer: the apparent lag was one of perception.

When Apple introduced sweeping ‘do not track’ changes 16 months ago, the economy was booming. Covid had caused spending habits to experience a once-in-a-century shift away from services and towards goods.

[…]

Smaller brands weren’t necessarily hit by Apple’s policy changes later than the major platforms, but supply chain issues and a global pandemic created a “fog of war” that made it difficult to understand why, for instance, last year’s holiday sales period had disappointed.

This is the most convincing argument I have seen for the discrepancy between the booming financials of ad tech firms in the face of App Tracking Transparency which should, some analysts say, have destroyed much of their business. What it does not necessarily explain is the often better performance some of these companies saw in areas where the iPhone has a stronger market presence.

From the (likely paywalled) article McGee wrote about the shift in the Financial Times:

Obvi, an online shop for women’s health, was among the companies that were hit by an abrupt downturn last November when the cost to acquire new customers skyrocketed.

[…]

[Chief marketing officer Ashvin] Melwani said his marketing budget was around $20,000 a day, with 90 per cent going to Facebook. In the past few months Obvi has cut its budget, shifted spending to TikTok, and reoriented the company towards repeat customers.

Sure, many things are probably all happening at the same time. ATT may affect performance in North America, and the delay in its effects could be attributable to fortuitous timing. Meanwhile, performance in Europe could be faltering because of regulatory changes, all markets outside the U.S. are affected by the strong dollar, and Meta’s products are facing waning relevance worldwide among advertisers. Each company’s unique product mix is, I suppose, affecting each of them differently.

Even if all of this is true, and ATT really does make it more difficult and expensive to target ads, I stand by what I wrote:

Does ATT really “[deprive] consumers of widespread ad relevancy and advertisers and publishers of commercial opportunity”? Even if it does — which I doubt — has that commercial opportunity really existed with meaningful consumer awareness and choice? Or is this entire market illegitimate, artificially inflated by our inability to avoid becoming its subjects?

This massive and pernicious industry is facing its reckoning. Unfortunately, several small businesses are built on its illegitimate foundation, and they need an effective and ethical way out.

Custom UI Oddities, Past, Present, and Future

Niki Prokopov:

Ok thread of weird stuff found in redesigned macOS Ventura System Settings app.

This is, indeed, a thread full of a lot of really weird stuff. There are some new standard UI components in here, but there are definitely some custom elements and behaviours that, all told, make it look like a bad port of an application from a different platform.

At a live taping of the Talk Show this year at WWDC, Craig Federighi commented on the “new control types” in MacOS Ventura “that [are] not too heavy, [are] very readable and scannable, and yet clearly interactable”. But there are many examples in this thread of non-obvious controls, non-standard interactions, and things that only make sense if you know to hover a pointer over them.

That means this Settings app fits with Apple’s recent obsession with buried controls and cross-platform consistency, even when it may not make sense, but it makes me worried for all the times I will need to use the Settings app. I do not change systemwide preferences very often so, when I do, I want everything to smack me in the face with its obviousness.

Jeff Johnson on the new and similarly nonstandard Share popover:

If I want to navigate the menu with the keyboard, I need to enable full keyboard navigation in the Keyboard pane of System Settings. This setting is disabled by default.

And then I can navigate the menu… but not with the arrow keys! I need to use the tab key to go down the menu, shift-tab to go up the menu. Correspondingly, the menu items no longer get selected, as on Monterey and earlier, but instead have a focus ring.

Peter Böttges on Twitter (via Michael Tsai):

Keyboard support was also removed from Menubar controls like Sound/Vol. and Wi-Fi with the overhaul in Big Sur.

And most of the new UI has zero support for Apple Script automation, making it inaccessible to those having to rely on it.

That’s the wrong direction to take macOS to.

Custom UI elements are a familiar presence in MacOS. Remember the many window themes in Mac OS X Tiger? There were standard windows with a title bar, “unified” windows that merged the title bar and toolbar, bizarre pill-shaped buttons that were only present in Mail, applications that sported a brushed metal effect, and slightly darker windows in Apple’s pro application suites. Heck, iTunes was full of custom controls from its earliest incarnations, and many third-party developers have their own take on what their brand of Mac application ought to look like.

I have no problem with non-standard controls in principle. But I do have a problem with non-standard behaviours. I know Ventura is still being finished, but it is worrying to see things like keyboard navigation being, maybe, tacked on toward the end of the process. There is the very real possibility it may not materialize, too; I remember similar problems with the search field in the first Catalyst version of Maps that shipped with Big Sur.

But one hopes Apple learns from its missteps and corrects for them the next time it tries something similar. What it feels like with the changes to Settings, the Share popover, Control Centre, and the ubiquitous back button in Catalyst apps is a redo of a flawed approach. The more concerning thing this time around, for me, is that it is part of a pattern of questionable choices introduced and never re-evaluated because the next version of MacOS will be shown off just ten months from now.

Update: The new Share popover in MacOS Ventura also requires the user to move the pointer more. This runs afoul of Apple’s guidelines, which advise software vendors to “place the most frequently used menu items where people are likely to focus first”. In this context, those are the Share destinations. It is also obviously a regression.

‘Unclear Effects’ Postscript

I have this problem where, exactly two hours after pressing the “publish” button, I will think of one more thing I should have written. It does not matter how long I sit on a draft; it happens every time. But you have to stop somewhere.

In this case, though, I really want to add one more thing to the piece I wrote about the unclear effects of App Tracking Transparency from earlier today:

Is it possible the social media giants from California are facing waning relevance? Is ATT perhaps a useful scapegoat with questionable effect? […]

Meta said, quarter after quarter following ATT’s release, that its ability to make money from iPhone users would be crushed, even as it raked in higher ad sales. Finally, earlier this year, it posted some disappointing figures more reflective of inflation and a strong U.S. dollar. But it still blamed Apple for some of that loss.

It reminds me of one of those homeopathic remedies that promises relief from cold and flu symptoms after three to five days, which you may recognize is about the length of time most people notice cold and flu symptoms. Maybe you could blame Meta’s woes on a combination of sputtering user growth, trend-chasing platform updates, the rising threat of TikTok, geopolitical problems, and economic changes. Or, perhaps, it is a permissions prompt that, miraculously, has only appeared recently and to a greater extent in regions where Android is more popular.

Ad Tech Revenue Statements Indicate Unclear Effects of App Tracking Transparency

App Tracking Transparency (hereafter, “ATT”) is in the news again because many advertising-supported companies have reported a particularly bad earnings quarter attributable, many of them have said, to several factors, perhaps best summarized by Mobile Dev Memo’s Eric Seufert:

It’s impractical, if not impossible, to try to tease out the individual burden of any of these dynamics on mobile advertising performance, generally. And it’s also largely beside the point: it is the “perfect storm” combination of these three conditions that compounds to such painful detriment to advertising performance.

This is perhaps true, but it has not stopped Seufert and others from calling out ATT as a key factor. Seufert published the third instalment of his series about how unfair ATT is earlier this month after news broke of new App Store ad formats, and it is, as is typical, an excoriation of the Apple-imposed question of whether users want to be tracked by third-party services:

Note that Apple’s ad network utilizes app install and in-app purchase data, to which Apple has exclusive first-party access under the restrictions of ATT, to target ads to users with its ad network. It’s worth underscoring that, with ATT, the scope and substance of consumer data utilized to target ads remains unchanged, except that only Apple has access to it. To be fair: Apple does employ privacy controls with its own ad network that are superior to the pre-ATT status quo. But my primary contention with ATT is that it does not facilitate real consumer choice and that it deprives consumers of widespread ad relevancy and advertisers and publishers of commercial opportunity.

Those are actually three “primary” concerns, and I think it is worth responding to them. But first, I think we should ask whether ATT really is cratering mobile advertising in the way both its critics and its proponents seem to believe. That includes me, by the way. I have previously linked to stories about the apparently enormous impact ATT has had on big ad companies like Alphabet, Meta, and Snap. But I thought it would be worth a deeper look.


As Seufert says, it is very difficult to figure out what specific effect ATT has because there are so many factors involved. But it is fair to think that, if it is affecting publishers’ revenue as Seufert says, it should also be affecting advertisers’ revenue too. And, while these companies do not separate revenue by platform, they do offer geographic breakdowns. North America is the only region where the iPhone is more popular than Android; elsewhere, the reverse is true, and often overwhelmingly. We also know ATT was rolled out at the end of April 2021. With time given for users to update, that means we should begin seeing North American revenue beginning to falter in the third calendar quarter of 2021 compared to the rest of the world.

The actual figures tell a much murkier story. I do not think it is fair to suggest ATT does nothing, but its effect does not seem as pronounced as either its biggest supporters or its biggest naysayers suggest.

Snap, for example, is a company that has no major revenue stream outside of ad placements in its smartphone apps. But in Q3 2021, a full quarter after ATT’s public debut, Snap posted year-over-year revenue growth of 57% overall. In North America, it reported 60% growth — higher than in any other region.

The following quarters all show overall revenue gains in North America just one percentage point below the company’s total growth. It is a pattern that more closely mimics the number of daily active users. Snap has only posted modest, single-digit year-over-year gains in North American users, but decent double-digit growth elsewhere. Meanwhile, its growth in the average revenue per user has been stronger in North America since ATT’s debut than anywhere else.

If ATT were so significantly kneecapping revenue, I would think we would see a pronounced skew against North America compared to elsewhere. But that is not the case. Revenue in North America is only slightly off compared to the company total, and it is increasing how much it earns per North American user compared to the rest of the world.

What about Alphabet? It has actually posted year-over-year revenue gains in the United States — one of few countries where iOS is dominant — higher than those in Africa, Asia, or Europe in its first and second quarters this year. In fairness, its gains were much stronger in “Other Americas”, which comprises Mexico, southward, plus Canada.

Meta’s business is the one everyone appears to be watching because two quarters this year have been rough. In its most recent, it reported its first ever year-over-year revenue decline, which dropped by about a billion dollars in Europe and about $600 million in the U.S. and Canada. That is alarming for the company, to be sure, but it still does not track with ATT causality for two reasons:

  • iOS is far more popular in the U.S. and Canada than it is in Europe, but Meta incurred a greater revenue decline — in absolute terms and, especially, in percentage terms — in Europe.

  • Meta was still posting year-over-year gains in both those regions until this most recent quarter, even though ATT rolled out over a year ago.

Those are all big, well-known companies. What about pure advertising businesses? Surprisingly few are publicly traded. Even so, I pulled the earnings from a few popular programmatic display ad providers. Magnite, for example, calls itself the “world’s largest independent sell-side ad platform”. In its most recent quarter, the proportion of revenue it derived from the U.S. increased year-over-year compared to the rest of the world. The most recent investor report from Criteo, a major provider of retargeted ads, showed an overall decline year-over-year, but the Americas performed far better than African, Asian, or European markets.

Perhaps the most favourable evidence for ATT’s effects lies in the earnings reports from Publicis Groupe, which has acquired dozens of name-brand agencies — like Leo Burnett and Saatchi & Saatchi — and also runs a digital ad platform. It is such a multifaceted business that it is hard to see where the effects of ATT may come into play. In the first half of 2022, its “organic” growth in North America was the lowest of any region. But it ranked among the middle in total growth over 2021, posting higher gains than Asia or Europe. In the same press release, Publicis also specifically calls out the performance of Epsilon, its internal data brokerage service, as a reason for its U.S. growth.

Though I did not examine every available earnings report, I am not cherry picking. I looked through the list of companies on Martech Map, checked to see if they were significant enough and had investor information, and then looked for geographic breakdowns. It is possible I have my assumptions all wrong, too; please let me know if you believe that is the case. I am not arguing this is a perfect analogue, only that it paints a murkier picture of ATT’s apparent financial effects on the ad tech industry.


I think Seufert’s criticisms of ATT have been among the most cogent and thoughtful, and I do not intend for this to be a full article about him, specifically. But he does articulate some of the more common problems I see being raised with ATT. There are legal questions which are being investigated by British and German authorities about Apple’s simultaneous offering of “personalized” App Store ads; I will focus only on the moral questions on which I think can fairly comment.

There is a fairly significant ethical problem out of the gate: there are those who believe highly-targeted advertisements are a fair trade-off because they offer businesses a more accurate means of finding their customers, and the behavioural data collected from all of us is valuable only in the aggregate. That is, as I understand it, the view of analysts like Seufert, Benedict Evans, and Ben Thompson. Frequent readers will not be surprised to know I disagree with this premise. Regardless of how many user agreements we sign and privacy policies we read, we cannot know the full extent of the data economy. Personal information about us is being collected, shared, combined, and repackaged. It may only be profitable in aggregate, but it is useful with finer granularity, so it is unsurprising that it is indefinitely warehoused in detail. You can prove this to yourself by viewing the browsing history collected by Facebook and Google, or requesting a copy of your personal data from major brokers. Some make that process very easy: you can often complete a form on the company’s website. Others require you to send an email with the personal identifiers you would like to obtain a records check on, like your name, email addresses, phone number, and device IDs. Some will display user data to those who ask anywhere in the U.S. or worldwide, while others will only comply with requests from California or Vermont, or wherever laws require. You may find some companies you have never heard of have a lot of information about you, often a mix of scraped public sources and data shared or collected in private deals.

What you will likely find after completing several of these requests, especially if you live in the U.S., is how much information about you is being held by by these brokers and marketing companies. Even though Canadian privacy laws give me some cover from the worst abuses, I have still found brokers that held my full name, my full street address, and other personal identifiers. These attributes are not often not relevant to targeted advertising — what does it matter what my apartment number is? Why are brokers not dividing the world into general areas in the style of What Three Words? — but they hold it all because it is cheap enough to do so, even at scale. All so, the story goes, a neighbourhood restaurant can precisely advertise a special offer when it is close to my partner’s birthday.

In a passionate defence of targeted ads, Seufert asked, rhetorically, “what happens when ads aren’t personalized?”, answering “digital ads resemble TV ads: jarring distractions from core content experience. Non-personalized is another way of saying irrelevant, or at best, randomly relevant.”

For what it is worth, a relevant ad has never serendipitously graced my screen, even before I took steps to avoid targeted advertising. My friends and family barely see well-targeted ads, either. Most often, they see the same ad — on every other webpage and in every app they use — for an online store they visited once, begging them to return, sometimes in French when their device is set to an English language setting. What is the solution to this — more data collection? That is absurd. Even at their absolute best, targeted ads are seen by viewers as creepy. People do not want irrelevant ads, but they do not want to feel followed or harassed either. Targeted advertising enables the latter. Even if they were a significant payoff for publishers — which there is not — does it make sense to build the internet’s economy on the backs of a few hundred brokers none of us have heard of, trading and merging our personal information in the hope of generating a slightly better click-through rate?

Earlier, I quoted Seufert:

But my primary contention with ATT is that it does not facilitate real consumer choice and that it deprives consumers of widespread ad relevancy and advertisers and publishers of commercial opportunity.

ATT may not be worded fairly — though Seufert’s proposed solution is similarly vague and unhelpful — but he is right to argue it does not offer real choice, though probably not in the way he intends. Users can still be tracked and apps from well-known developers were found to ignore opt-outs.

Then there is the much bigger question of whether people should even be able to opt into such widespread tracking. We simply cannot be informed consumers in every aspect of our lives, and we cannot foresee how this information will be used and abused in the full extent of time. It sounds boring, but what is so wrong with requiring data minimization at every turn, permitting only the most relevant personal data to be collected, and restricting the ability for this information to be shared or combined?

Does ATT really “[deprive] consumers of widespread ad relevancy and advertisers and publishers of commercial opportunity”? Even if it does — which I doubt — has that commercial opportunity really existed with meaningful consumer awareness and choice? Or is this entire market illegitimate, artificially inflated by our inability to avoid becoming its subjects?

I wonder how much of ad tech’s woes is really ascribable to ATT, and how much is the fault of the myriad other problems it is running into: currency fluctuations, regulation, pandemic effects, and changes in user behaviour all come to mind.

Cal Newport, the New Yorker:

[…] TikTok is estimated to have a billion active monthly users, a number it achieved in a breathtakingly short time, and according to some reports it boasts an average session length of 10.85 minutes, which, if true, would be far longer than that of any other major social-media app. Meanwhile, Facebook’s parent company recently lost more than two hundred and thirty billion dollars in market capitalization in a single day after the company announced that user growth had stalled. Analysts identified TikTok as an important factor in this slowdown.

Is it possible the social media giants from California are facing waning relevance? Is ATT perhaps a useful scapegoat with questionable effect? I am not sure it is possible to say from the outside looking in, but I am also not sure we can draw any conclusions from one or two quarters this year, over a year after ATT was launched to the public.


In theory, ATT is a very good option for users. Its biggest problem is that the company which makes it also has an advertising division, and it appears to have engaged in some quiet self-preferencing behaviours. Legal questions aside, it is disappointing to see such an obvious user benefit so easily undermined. These App Store ads give ATT’s critics a clear conflict of interest to point to, look tacky, and create an unpleasant experience. ATT’s reliance on a very specific definition of “tracking” that allows Apple to segment users based on what they read in News and what they buy in third-party apps is far more permissive than I think it ought to be for a company that so loudly trumpets its privacy bonafides. But advertising that relies on first-party data can accurately be described as better for privacy than those based on the third-party data economy. Whether it is fair for Apple to treat itself, as the platform creator, as the root-level first-party with an infinitely bigger observation window is another question. I do not think it should.

Conflicts like these are one of many reasons why privacy rights should be established by regulators, not individual companies. Privacy must not be a luxury good, or something you opt into, and it should not be a radical position to say so. We all value different degrees of privacy, but it should not be possible for businesses to be built on whether we have rights at all. The digital economy should not be built on such rickety and obviously flawed foundations.

Which New iOS and MacOS Features Do People Actually Use?

Adam Engst, TidBits:

However, as you’ll see, the respondents may be outliers only in degree, not direction. The most notable finding is that most of them don’t use most of the features listed. Only four features — Live Text, Shortcuts, Hide My Email, and Memories in Photos — received more votes saying they were Occasionally or Frequently used than Never used. (A fifth feature, App Privacy Report, was close, with only 57 more people on the Never side.) It seems probable that those responding to the survey were more likely than the average Apple user to use these features, suggesting that a broader survey would have shown even lower usage levels.

Via Michael Tsai, who writes:

I use Live Text frequently and Shortcuts and translation occasionally. Often, translation doesn’t support support the language that I need so I end up going to Google Translate.

It is a TidBits survey covering twenty new features in MacOS and iOS — both now mature platforms — so I am not surprised many of its respondents said they “never” use most of these features. Still, even as a longtime user of both operating systems, I find myself discovering new and new-to-me capabilities somewhat often.

Live Text, in particular, has made all the difference in the world for me. I cannot remember the last time I used it on iOS with the Camera app, but I am often dealing with images of text in my Mac workflow. Being able to select and copy text out of screenshots or graphics has been transformative.

The other features here are a mixed bag. I have iCloud Private Relay switched on for many of my devices, and I very occasionally use Hide My Email. If I want a throwaway address, I will often use a dedicated provider instead. I have not had a set of devices compatible with Universal Control until recently but it impressed me. Focus still requires too much setup for my liking, but I have modes for working and sleeping, and both are fine.

I mentioned “discovering” features. One reason for this, I think, is because Apple often mentions features without explaining or demonstrating them. Maybe I am just busier now or my brain is getting mushier with age, but I find I often have to look through Apple’s marketing pages to try to make sense of anything that has been announced. Minor software versions also quietly carry unannounced new features, too. When Visual Lookup was released in Canada with a software update earlier this year, it was not mentioned in the release notes.

The Roomba Privacy Angle

Ron Knox, in response to Amazon’s acquisition of iRobot, makers of the Roomba:

This is also a straight-up data acquisition. The most advanced versions of Roomba collect information about your house as they clean.

It knows where you keep your furniture, the size of each room and so on. It’s a vacuum and a mapping device.

I think this thread is overblown, but it is an interesting angle I have been thinking about this weekend.

Benedict Evans:

The general point that perplexes me about threads like this is the idea that anyone wants to know trivial and random details about your life – that this has any economic value. “Amazon will know where your furniture is!” No, it won’t, but why on Earth would it care?

Rodrigo Ghedin:

Perhaps the co-founder and current CEO of iRobot could help us understand? From a 2017 Reuters interview of Colin Angle:

There’s an entire ecosystem of things and services that the smart home can deliver once you have a rich map of the home that the user has allowed to be shared.

At the time, iRobot had just made its Roomba robots compatible with Amazon’s Alexa. In the interview, Angle floated the possibility of sharing home maps with the three technology giants — Amazon, Apple, and Google —, a service that would be free of charge.

Good find from Ghedin. This Reuters story is fascinating because of its lingering effect. If you search the web for "colin angle" roomba privacy, you will find dozens of stories where Angle and iRobot’s privacy team distance themselves from its implications. The Reuters story was revised — according to metadata on the page — about four days after it was published and now carries this note at the top:

This July 24 story corrects paragraph 6 to read “share maps for free with customer consent” instead of “sell maps”.

Nevertheless, between July 24 and 28 2017, a rush of stories was published exploring the ramifications of a camera-equipped robot mapping out your house.

Maggie Astor, New York Times:

But the data, if shared, could also be a windfall for marketers, and the implications are easy to imagine. No armchair in your living room? You might see ads for armchairs next time you open Facebook. Did your Roomba detect signs of a baby? Advertisers might target you accordingly.

At the time, iRobot’s public relations people strenuously denied this will happen. I still think it is an unlikely possibility and an overreaction. But as businesses like Amazon try to blanket homes in microphones and cameras while selling advertisements and goods with basically no firewall between the two, is it any wonder imaginations are running wild? Amazon could assuage concerns by distancing its many businesses — which is completely counter to its goals, I know.

Products’ Useful Lifespans Should Be Longer Than Their Batteries

Geoffrey Fowler, Washington Post:

But the $179 AirPods, Apple’s most successful new product in years, show longevity still isn’t a paramount concern. If you show up at an Apple Store with dead AirPod batteries, they’ll only sell you new ones. (Apple wouldn’t comment when I asked why.)

This is not exactly true. Apple offers what it calls “battery service” where it replaces affected AirPods and cases for $49 each, which is something I learned the last time Fowler wrote about this issue three years ago. The same policy is in place for Apple’s other models of AirPods, including the $549 AirPods Max model for which it charges $79 for battery service.

An embedded, irreplaceable battery makes a lot of sense in many products. It means devoting less space to connectors and hatches, and does not require designers to work around available battery formats. For the length of time the batteries are usable, it can make for much better products. People clearly agree — AirPods are so good that many people who never spent more than $20 or $30 on headphones before are spending hundreds of dollars on a set. But it limits a product’s lifespan to its sole consumable part, which seems silly if you think about it.

This issue is not Apple’s alone, but I think AirPods are a good place to start. After three years of use, my second-generation model is starting to need more frequent charging. It is time to replace it. But, though I enjoy having it in my life, I am struggling with the implications of going through products worth hundreds of dollars — especially given a likely better fit of the Pro model for my ears — every few years, especially since the hundred-dollar wired earbuds I bought a couple years before my AirPods are still working great.

It sure seems as though the things I like about AirPods may not be possible if the batteries were more easily swappable, but it is hard to know for sure. Would they last nearly as long? Could they be so compact? Is it possible to design AirPods around easily-obtainable batteries? I wish Apple would prioritize that sort of thing, as it does seem irresponsible to sell such a disposable product.

I like Fowler’s idea:

So let’s revive Neistat’s radical act of transparency and demand to know when gadgets are designed to die. If companies won’t come clean on their own, let’s require a label right there on the shelf that lists the battery recharge count and how much it costs to replace the battery. The Federal Trade Commission already has the power to require other labels on products — why not for batteries?

(The Neistat here is actually referring to two Neistats — Casey and Van — who vandalized iPod posters in 2003 in an attempt to notify people of its sealed battery.)

Would people make different choices if they knew how long they can expect the battery to last and how much it will cost to replace? I am not sure. Apple publishes a list of expected cycle counts for its Macs — one thousand charge cycles for every model for the past twelve years, in case you are wondering — but does not do the same for its other products (Update: I overlooked this page on Apple’s website where it says users can expect a thousand charge cycles from iPad and Apple Watch batteries, and just five hundred cycles from iPhone batteries. Thanks to Jason for the correction.).

I stand by the headline I gave this post: a product’s useful lifespan should exceed its most consumable component. When the battery in my AirPods finally dies, for real, all of the audio technology, the chips, and the radios will still be fully functional. It seems bizarre that all those components are at the mercy of a couple of cheap glued-in batteries. We should expect better.

FEC Draft Green Lights Gmail Plan for More Political Spam

Mack DeGeurin, Gizmodo:

On Wednesday, the Federal Election Commission released a draft answer in favor of a proposed Google program that would keep Republicans’ campaign email blasts out of users’ spam folders. The carveout, first proposed by Google earlier this year under pressure from whiney Republican lawmakers, stands out as yet another example of Big Tech companies catering to conservatives to avoid the perception of conservative bias.

Those who have written to the FEC overwhelmingly do not want Google to change its spam processing rules to exclude political emails. Check out any batch of responses and you will see the same patterns: people are comfortable allowing Google to figure out what is spam and what is not, and see no need to carve out a special all-clear route for emails from political parties.

In a way, there is consistency in the FEC’s draft position: U.S. politicians are already exempt from most rules governing unsolicited phone calls and texts. They do not have to respect the Do Not Call list. It is sort of fitting for them to be excluded from spam filters, too, though it is maddening. They have extraordinary reach and individuals have little control.

The Women Calling Out Apple’s Handling of Misconduct Claims

Patrick McGee, Financial Times:

In 2018, CEO Tim Cook spoke of the company’s commitment to “helping more women assume leadership roles across the tech sector and beyond”, launching an initiative to train and mentor female entrepreneurs building apps. In the company’s internal 31-page onboarding document called “Apple Start”, the iPhone maker holds itself to a high standard, telling new employees about the “Apple difference”, how it fosters teamwork and innovation, and “does things differently”.

Yet the stories shared by women at Apple indicate the world’s largest company is falling short in building the culture it aspires to. The accounts collected by the FT paint a portrait of a People team that acts less like a safe place for employees to go with complaints and more like a risk mitigation unit that protects bad managers. In six cases, women said speaking up had cast them as bad team members and resulted in their departure. In three instances, Apple offered multiple months of salary in exchange for not disparaging the company or being held liable.

I know it was in the context of ads, but I think I will be referring to Michael Tsai’s line — “core values are what you do on an ongoing basis” — for years to come.

Unplugged Responds, Kind Of

Last week, before publishing my story about Unplugged, I sent the company a series of questions about its relationship with Glenn Greenwald, its curiously similar product to the Liberty Ghost phone, and a few other related matters. As mentioned, I had not heard back from the company when I published the article, but I promised an update if I got a response.

Here is what Unplugged told me today:

Unplugged is engaging with a variety of thought leaders and communities that all share our core values for reclaiming privacy. We had invited Glenn to be our guest at DEF CON to share his views on privacy with the audience. As it seems, he’s not going to come.

Our phone is NOT manufactured in China. Check our website FAQ.

I followed up by asking whether Unplugged waited for a response from Greenwald before telling journalists he would be at the conference on the company’s behalf and promising meetings with him. I also asked the company to, again, clarify its relationship with Liberty Blockchain. I have not heard back.

The FAQ page on Unplugged’s website does say its phones are manufactured in Vietnam, Taiwan, and Indonesia. That seems plausible to me, though I question why a couple of small companies would need to source production from three different countries.

If you are wondering how I could have missed such an obvious question and answer, you are not alone; I was equally incredulous. It turns out Unplugged’s website is built in Wix and, while extremely janky under the hood, Wix encloses plenty of metadata in its HTML and JSON source. Here is the relevant section, prettified for readability and with a chunk of irrelevant elements removed:

{
"id":"7e5e2a98-f7ab-4d9e-9d03-f5834e35d48b",
"question":"Where the UP Phone is manufactured?",
"answer":{
    "blocks":[{
        "key":"atf0a",
        "text":"Our factories are located in Vietnam, Taiwan and Indonesia",
        […]
        "slug":"where-the-up-phone",
        "shareLink":"https://www.unplugged.com//s/f/where-the-up-phone",
        "createdDate":"2022-07-28T19:39:50.568208Z",
        "updatedDate":"2022-07-28T19:40:02.388140Z"
    }]
}

This specific question and answer was inserted into the site’s FAQ on July 28 at about 7:39 PM UTC+0, which is about 1:39 PM on July 28 in my time zone. I sent questions to Unplugged, including clarification about where its phones are manufactured, about twenty hours before they updated the page with this answer.

Interestingly, while there are factories in all three countries Unplugged says makes its smartphone, many of them are in the names of Chinese companies like Oppo and ZTE. If someone is paranoid about the privacy implications of their smartphone’s manufacturing location, surely that also matters. Unplugged has not responded to questions about its manufacturing partners.

Update: One of the questions I sent Unplugged was:

Did Greenwald agree to attend DEF CON with your company before invitations to set up meeting times with Greenwald were sent to journalists?

On August 4, the company responded:

Unplugged is a privacy-first company, and as such we do not disclose information about one’s personal affairs. What we will say is our team only sends accurate information in pitches to reporters.

Greenwald told me “specific dates about when I was supposedly available to meet with journalists about this phone” were not agreed to and he did not sign any contract or agree to speak about this phone. The PR representative who sent the invitations refused to comment. Someone is being less than forthcoming and, based on the responses I have received from all parties, I do not think we will learn what really happened with this bizarre situation.

Also from Unplugged:

Liberty are indeed our partners. They sell a special edition of our phone with a couple of tweaks which are unique for their devices (such as branded casing, wallpaper and some pre-installed apps).

Unplugged did not elaborate on whether there were other connections between the companies.

A ‘Columbo’ Moment

Anna Merlan, Vice:

On cross-examination, though, things got far stickier for [Alex] Jones, especially when plaintiffs’ attorney Mark Bankston informed him that 12 days ago, Jones’ attorneys accidentally sent him an entire digital copy of Jones’ cellphone, which they then failed to declare as privileged. That means Bankston has wide latitude to ask Jones about anything he found on the phone that conflicts with things Jones has said in his testimony.

This is personal to me. For lots of very boring reasons, Jones has unfortunately been a lurking figure in the back of my brain for about twenty years. The impact he has had on my life is certainly a tiny fraction of the degree to which his broadcasts have played a role in harming the lives of those connected to the mass murder at Sandy Hook. Still, it was immensely satisfying to watch the moment Bankston told him what he obtained.

Update: Parker Molloy:

I am asking people in media to understand that their editorial decisions, from who gets invited to appear on talk shows to what topics we actually hear about in the news (and how often), are not value-neutral. Want to invite the next Tomi Lahren or Alex Jones to appear on your show? Fine. But just know that you’re not “exposing” their bad ideas or “showing the public who they really are;” you’re giving them an opportunity, which they will be lucky to have (even if they pretend to be upset about it, as Jones did about his Megyn Kelly interview.

In short: make good choices.

Commentators are pointing to this factor as among the biggest problems with a new documentary about Jones.

Core Values

Sometimes, a single sentence is all you need.

Michael Tsai, in a collection of links about the new ad formats in the App Store:

Your core values are what you do on an ongoing basis, not the talking points that you broadcast or what you did 20 years ago under different leadership.

Cogent. No notes.

There is also a discussion in Tsai’s comments about iAd, Apple’s first attempt to create an iOS ad network under Steve Jobs’ leadership. Among many differences — iAd originally had million-dollar minimum buys — one thing iAd got right was its multiparty benefit. Advertisers got their product or service in front of people, Apple got its cut, and developers of the apps in which the ads were placed got paid. And plenty of apps already included ads, so an iAd was not surprising to users.

App Store search ads are somewhat beneficial to developers who can get their apps in front of users. But they are arguably more rewarding for Apple: the cmopany gets paid for every tap from an interested user, and a cut of every paid app download and in-app purchase. iAd felt like a typical ad network that, at first, only had high-end buyers; App Store ads feel more like key money.

Rumble’s Antitrust Lawsuit Against Google Will Proceed to Discovery

In January last year, the Canadian video hosting platform Rumble sued Google (PDF) alleging violations of antitrust law. Google obviously attempted to get the lawsuit dismissed but the judge denied that request (PDF).

Dan Frieth, Reclaim the Net:

Rumble is one of YouTube’s most significant competitors. Founded in 2013, it has grown rapidly over the past few years because it upholds free speech, while YouTube has been heavily censoring content, positioning itself as the arbiter of truth while banning, deleting, and demonetizing videos that go against certain narratives.

As with so many other “free speech” alternatives to mainstream social networks, this claim is untrue. Rumble prohibits videos that are “grossly offensive to the online community, including but not limited to, racism, anti-semitism and hatred”, videos that are supportive of either Antifa or the KKK — apparently equals in the eyes of whomever wrote the site’s terms and conditions — and videos that could harm others’ reputation. Rumble also prohibits users from linking to websites that would violate these terms.

But go on:

By filing the lawsuit, Rumble hoped that there will be free and fair competition so that people can find videos uploaded on YouTube’s competitors. The suit alleges that Google uses its dominance in search and manipulates its algorithms to prevent users from finding videos on YouTube’s competitors.

The WSJ once said its reporters tested how the system works to discover that, in an overwhelming majority of cases, highly similar versions of videos ranked better if they appeared on YouTube.

Regardless of whining about moderation on platforms like YouTube and Facebook — moderation that, as acknowledged by many including Rumble itself, has sowed the seeds of potential competitors — this lawsuit is actually a little interesting. Rumble’s argument is a well-worn one: its links appear too far down on Google’s search results page, even when the search query is highly relevant to a Rumble page.

Google’s search rankings are based on a couple hundred signals, but one of the best-known is the number of external websites linking to a particular domain. The quality and relevance of those linking websites also matter. Google does not see it as particularly meaningful if a spammy WordPress site that republishes articles from the Verge has a link back to this domain, for example, but it does see a link back from the Verge itself as a positive signal.

I ran Rumble’s domain through the free trial of a few well-known SEO utilities, including Semrush and SerpStat. They indicated Rumble is most often linked to by websites like Patriots.win — the Reddit clone created after /r/the_donald was shuttered for frequent and widespread abuse — and conspiracy theory sites like Rense.com. (That is a link to the Rational Wiki article about Rense; I would not want to subject you, reader, to the site itself.) These are not high-quality links to a website that is attempting to compete with YouTube, the world’s second most popular domain.

With that kind of information, it is easy to see why Rumble videos are often outranked by YouTube ones. YouTube has billions of external individual links pointed at it; SerpStat says Rumble has about four million, and they are frequently from bad sources. Why would Google point people toward a place often cited by cranks and charlatans, and rarely by authoritative sources? But it is hard to know how much this effect is attributable to so-called “organic” signals, and how much can be ascribed to Google’s alleged self-preferencing.

I do not expect many revelations in this trial; many of those have been revealed through yet-unproven accusations in other cases. But I am curious to see if Google artificially juices the position of its own products as has been repeatedly been alleged of doing. Even if Google is prioritizing its own products, Rumble must also argue it is somehow entitled to a higher search results ranking, even though it has issued several press releases touting its massive popularity.

The Many Capabilities of Proxy Icons

Mitchell Clark, the Verge:

But then I learned that quite a few apps, including many of the built-in ones, have a quick shortcut to get at the file you’re viewing. Using this shortcut (which is officially called the proxy icon), you can easily do things like upload a PDF you have open in Preview to Google Drive without having to go looking for the file in Finder.

[…]

To be clear, this is not a new feature of the latest macOS beta or anything. I’m pretty sure I learned about it when someone mentioned it in the context of features that have been around so long that young whippersnappers like me have never even heard of them. So, yes, I am a bit late to the party here. But now that I finally learned about it, I use it all the time.

Articles like these were certainly written while proxy icons were always visible in MacOS application windows — Clark links to a 2007 TUAW piece, now at Engadget. But all instruction of how this icon works must now begin by telling users they first can hover over the title of the document to reveal a now-hidden icon, instead of a user’s curiosity being piqued by the always-visible icon.

The proxy icon should not be treated as a secret, hidden feature. It is so much more dignified and capable than that.

Apple Adding Ads to App Store Today View and Individual App Listings

Sami Fathi, MacRumors:

As part of those efforts, the first new ad opportunity will be within the Today tab – the front page of the App Store. With Today App Store ads, developers will be able to promote their apps right alongside the daily editorial content by the App Store team. Ads are clearly marked as ads and are distinguishable from the normal editorial App Store stories. The Today tab is the first tab that’s pre-loaded when the App Store app is opened and was introduced as part of the App Store redesign in 2017.

The second new ad placement for developers in the App Store will be directly within app product pages. Ads will appear under the “You Might Also Like” section towards the bottom of the page and will also be clearly marked as ads.

This coverage sounds a little too fluffy to me — too much like it came directly from Apple. It is hard to know for sure because, while this news was reported by several Apple-focused publications including 9to5Mac and Apple Insider, not one of them acknowledged its sourcing. As of writing, this news has not landed on Apple’s Newsroom, or in the news feeds of its Developer or Search Ads sections, nor does it appear on the App Store advertising info page. All three Apple-focused publications also cite in their coverage a corporate presentation to advertisers each says it “obtained” in May claiming 78% of App Store search volume came from devices with ad personalization disabled. Curious.

I wish I were able to provide more context but there is little to add because Apple appears to have used these sites to soften this Friday-grade announcement. I still think it looks really bad for Apple to step up its advertising business while taking reasonable steps to improve users’ privacy against marketing technology companies. I also think advertising in the only venue for native iOS apps is tacky and unbecoming. As a user, I feel like my attention is being squeezed by the company that made my expensive phone, that I pay monthly fees to for additional features, and that takes a cut of the subscriptions I pay developers. I get why there are ads in the App Store and I am sure some developers find them useful. As a user, though, it feels gross.

Instagram Walks Back Its Changes for Now

Casey Newton with the scoop:

Instagram will walk back some recent changes to the product following a week of mounting criticism, the company said today. A test version of the app that opened to full-screen photos and videos will be phased out over the next one to two weeks, and Instagram will also reduce the number of recommended posts in the app as it works to improve its algorithms.

[…]

“For the new feed designs, people are frustrated and the usage data isn’t great,” [Adam Mosseri] said. “So there I think that we need to take a big step back, regroup, and figure out how we want to move forward.”

[…]

But Instagram will temporarily reduce the amount of recommended posts and accounts as it works to improve its personalization tools. (Mosseri wouldn’t say by how much, exactly.)

My own Instagram use went to near-zero after I received these changes. I am surely not representative of the wider Instagram user base, but it does not surprise me that enough people found it revolting to affect the company’s metrics. What I do find notable is the intensity of the backlash: people hated this sudden shift of how the platform looked and worked.

Ashley Belanger, Ars Technica:

Despite all the negative feedback, Meta revealed on an earnings call that it plans to more than double the number of AI-recommended Reels that users see. The company estimates that in 2023, about a third of Instagram and Facebook feeds will be recommended content.

Meta’s earnings call was yesterday, and Instagram announced today that it was reverting the most recent round of changes, so the timing on this may be inaccurate. I would not bet on seeing fewer posts in your feed over the long term from accounts you do not follow; these changes are still coming, just later.

But look at the past few weeks of Meta news and it seems like the company has zero idea of what to do or why people use its products. It made drastic unlikable changes to Instagram; its leadership is panicking over TikTok; its latest public demonstration of its metaverse future is embarrassing and its educational value is less justified than the VR headset in a thirty year old Simpsons clip. Do these decisions look like the product of a focused company that has near-term goals for its future and innovative ideas beyond that? I am not saying Meta is dead in the water, but it sure looks like it is struggling to define what its future looks like for the next few years.

Unplugged Mysteries

Seth Hettena, of Rolling Stone, on Twitter:

Erik Prince’s latest venture is the Unplugged phone, an $850 standalone mobile device with its own app suite that’s being developed in Israel and will allow “patriots to communicate securely.”

Unplugged says it is based in Cyprus.

Prince is best known for founding the mercenary force and training firm Blackwater, now part of Triple Canopy. Blackwater staff murdered fourteen Iraqi civilians in Baghdad in 2007 and wounded another twenty. Those contractors were outrageously pardoned in 2020 drawing condemnation from, among many people, Glenn Greenwald.

It should have raised red flags when Greenwald, according to an emailed invitation from a PR firm, will “be at DEF CON with Unplugged”. The firm says it is offering private meetings with Greenwald at a hotel, according to a screenshot of the message from the PR firm that I am not posting because its recipient deleted its public record. But it was accurately summarized in a tweet from MIT Technology Review reporter Patrick Howell O’Neill:

A PR firm is pitching a DEF CON meeting with Glenn Greenwald who is going to the con “with” privacy phone maker http://unplugged.com. Been a minute since we’ve had a new “government-grade” privacy phone, this one is due to launch Nov 22. Anyone have any thoughts on the phone?

Greenwald responded:

This is all a lie. I have nothing to do with this product. I was asked to speak at DEF CON but haven’t agreed to do that.

But look at all the corporate journalists spreading this lie. This is what they do: once they see you as an ideological enemy, they spread lies with abandon.

Is it a lie? It is not, at least, O’Neill’s lie. I have a copy of the invitation which, unless forged, is offering exactly what O’Neill describes. There could be several ways this proves untrue — Greenwald may not be at DEF CON, for example, or he might be at the conference but not at Unplugged’s behest. Similarly, Greenwald may not be associated with the product, but his tweet does not necessarily preclude involvement with the company.

When I reached out to the PR contact on the invitation, they declined to comment, even about whether they are working for Unplugged. But in an emailed comment, Greenwald told me he has “no fucking idea why the PR firm is claiming this”, further elaborating that he has “not agreed to speak at DEF CON, nor have I scheduled any meeting with these phone people, nor have I been paid anything nor entered into any contract with anyone about any of this.” He acknowledges the “phone people asked if I’d be willing to meet with them to hear about this phone” and was offered a speaking gig by the company, but denies any further involvement with Unplugged or its products.

It seems pretty clear to me that Greenwald is not involved. Why this PR firm says it is facilitating meetings with him or treating him as an affiliate of Unplugged is a mystery to me, too. The best explanation I can think of — and this is entirely speculative — is they hoped Greenwald would agree to such a contract. At present, he says he has not.

But I got this far, so I thought it would be worth exploring the phone a bit. Zach Edwards said it looked like a Vivo phone, but as I started to dig through GSM Arena’s database, it looks more like it resembles a blend of the Xiaomi 11T and the Realme GT Neo.

Most of all, though, the phone resembles the Liberty Ghost Phone, announced in May in a since-deleted tweet — and the relationship does not appear to stop there. Liberty is promoting the Unplugged suite on its own website, and both phones run the Android fork LibertOS which sports “government-grade” security, whatever that means. The specs of the Ghost Phone are nearly identical to those of the Unplugged; the sole difference I can see is the resolution of the main rear camera. Indeed, if you try to pre-order the Liberty Ghost Phone, a notice appears on the shopping cart page advising you to read the full pre-order terms on Unplugged’s website. It is almost enough to make you think these are the same company.

But there is one more thing: Liberty explicitly claims its “phones are never made in China”, and all of the similar phones I can find are made by Chinese firms. To be clear, I cannot find the same claim on Unplugged’s website or marketing materials. But it is odd, right? I just cannot help but wonder what the chances are that two companies make nearly identical phones that seem to be based on devices from Chinese companies, but one of them says theirs is not made in China. I sent a list of questions to Unplugged, but my email went unanswered; I will update this article if I hear back.

If I were in the market for this kind of phone, I would listen to Matt Blaze and not place my trust in either of these companies, regardless of the security audit (PDF) on Unplugged’s website. Liberty and Unplugged may say they offer highly secured devices “[i]ndependent from Google and Apple”, but they are still Android phones with unclear origins and questionable futures. Will Unplugged offer regular updates? Will it even be around in five years? PwC may have audited the device and found few security concerns, but those involved in Unplugged also have close connections with private intelligence firms. I have concerns about that.

One thing this phone has going for it is that it is, at its core, an Android phone. There is a chance the device itself may not be unusable after just a few years even if the company disappears. That is not the case for a comparable product like the Purism Librem 5. (Update: Hacker News user kop316 flagged this as incorrect, as alternative Linux distros like PostmarketOS support the Librem 5. I regret the error.)

And that is all without getting into the issue of whether anyone should support a company that has a working relationship with Erik Prince. I cannot imagine a circumstance where that is even remotely ethical. The massacring of civilians in Nisour Square is just the tip of an iceberg. Prince and his firms have a long and deeply troubling history; Jeremy Scahill’s book about Blackwater is worth reading.

As far as I can tell, Liberty and Unplugged are selling different versions of the same white label phone that run the same fork of Android. Both say they are liberating users from “Big Tech”, both say they offer higher degrees of security and privacy — whether that is true is to be determined — and neither has made any commitments to long-term support. Unplugged is not affiliated with Glenn Greenwald, and the claims of PR people should be tested. Oh, and Erik Prince is just the worst.

Class dismissed.

Update: On August 3, Unplugged responded, kind of.

Changes to iMessage Undo Send and Message Editing in Latest Beta

Federico Viticci:

Some interesting changes to iMessage in iOS 16 beta 4:

  • You can now unsend a message for up to 2 minutes after sending it

  • You can still edit for up to 15 minutes

  • You can make up to 5 edits to a message

  • Recipients can see a log of all edits to a message

After these features were announced at WWDC, many — including domestic violence survivors — expressed concerns about how they be misused. The changes in this latest beta appear to ensure there is a record of previous messages, and stricter limits on both undoing a send and the number of edits that may be made.

It is good to see Apple is taking concerns seriously and making changes as a result of feedback. A lingering vector for abuse is the unsend feature — two minutes is certainly a tight time limit, but many people will see messages as they are received if they have notifications with previews enabled. I hope there is a way to preserve evidence of abuse where it is needed while still allowing users to undo the sending of a message containing a password or intended for a different recipient.

Try Glass

Ben McCarthy:

I should add, I’m a big fan of what the team at @tryglass is doing; a social network that puts photos first, no ads, no algorithms, no competition.

Every time I open it I’m delighted by what I see. That’s more than worth the price of admission.

I am a fan too.

The timing of these Instagram changes is funny — it has been about a year since Glass launched, and I received my reminder from Apple about the annual subscription renewal just a few days ago.

I doubt anyone at Instagram really thinks about Glass, but it has been a reminder to me of why I appreciate the latter platform so much. I post pictures — I am particularly happy with this recent image — and people who follow me see them in their feed. I open the app and I get to see a scrolling gallery of stunning photography from people I follow. Sometimes, I tap on the button beside the main feed view to see non-pushy examples of other users I can follow.

It all sounds so simple — and that is because it does not need to be so complicated.

Update: This is not a sponsored message. Glass is offering a 30% discount for the first year of your subscription to the first ten thousand people who sign up with the cheeky code PIVOT2VIDEO.

Meta Will Be ‘Operating With Increased Intensity’

Two articles today, published within three hours of each other, cover much of the same ground and can be summarized in the same way: Meta is struggling in what it hopes is a transition from several social network businesses to defining the “metaverse”.

First, Alex Heath and David Pierce, the Verge:

[…] As the all-hands escalated, it became clear that Zuckerberg saw that fixing his company’s culture was critical to surviving the tough times ahead. Two years into the pandemic, his company was in a very different, more vulnerable place. It even had a new name.

The days of coddling employees would be over.

“Realistically, there are probably a bunch of people at the company who shouldn’t be here,” Zuckerberg said on the June 30th call, according to a recording obtained by The Verge. “And part of my hope by raising expectations and having more aggressive goals, and just kind of turning up the heat a little bit, is that I think some of you might just say that this place isn’t for you. And that self-selection is okay with me.”

Zuckerberg’s message to employees: sacrifice yourself to Meta or perish. What a choice.

Even if you have little interest in this topic, skim this article for the time lapses made from some fantastic custom ice sculptures. It is worth it.

Mike Isaac, New York Times:

Mr. Zuckerberg, 38, is trying to push his company away from its roots in social networking and center it on the immersive — and so far theoretical — world of the so-called metaverse. Across Silicon Valley, he and other executives who built what many refer to as Web 2.0 — a more social, app-focused version of the internet — are rethinking and upending their original vision after their platforms were plagued by privacy stumbles, toxic content and misinformation.

The moment is reminiscent of other bet-the-company gambles, such as when Netflix killed off its DVD-mailing business last decade to focus on streaming. But Mr. Zuckerberg is making these moves as Meta’s back is against the wall. The company is staring into the barrel of a global recession. Competitors like TikTok, YouTube and Apple are bearing down.

The difference between this and other bet-the-company initiatives — the iPhone also comes to mind — is the completely untested viability of augmented reality. By the time Netflix spun off its DVD rentals business in 2011 — it still offers rentals in the U.S. — the streaming movie market was clearly on an ascendency. Streaming was more popular on Netflix than DVD rentals two years prior, and Netflix was far from the only player: Amazon, Apple, Crunchyroll, and Hulu were all just a few of the established competitors at the time. Apple had a different model — it only offered digital rentals — and Crunchyroll operates in a niche market, but it is not like Netflix was stepping into unprecedented territory by focusing on streaming.

The iPhone, meanwhile, redefined a healthy and growing appetite for more capable smartphones. It was risky because Apple was a much smaller, more fragile company at the time, and its development was expensive. Had it failed, it would have seriously jeopardized the otherwise successful lines of business Apple was in. But it was not risky to bet on the smartphone market generally; Apple considered the product successful if it hit one percent of the market for all cellphones in its first full year, and it did so in a growing market.

Put another way: you saw people fiddling with smartphones in public in 2006, and you may have been using a streaming video service in 2010. But how many of us have really spent time in any kind of metaverse? IDC estimates sales of fewer than eleven million augmented and virtual reality devices last year, and growth to about fourteen million this year. Can Meta or any of the companies developing in this space — including, apparently, Apple — demonstrate why tens of millions more people should add a headset to their growing collection of devices? These are early days, but I have not yet seen a reason or even a compelling concept.

The Consequences of Silence

A powerful piece from Ed Zitron:

Despite growing out of the 2008 financial crisis, Bitcoin has led to the creation of a faster, leaner and crueler crisis of its own, an unregulated hellscape where the elites have found yet another way to get rich off of the backs of regular people’s money. Whatever “noble” goals Bitcoin and cryptocurrency allegedly has or had are irrelevant — cryptocurrency does not generate freedom, it does not democratize finance, it does not create wealth for the majority of people that interact with it, and it has — this is not a “might” — led to billions of dollars of regular people’s money getting burned so that wealthy people can extract liquidity from them.

Zitron cites several of the letters Celsius clients wrote to the court following the company’s bankruptcy filing, and they are heartbreaking. As with so many victims of confidence schemes, many of them can spot warning signs in hindsight. These are smart people who have been lured by the quiet transformation of cryptocurrency from a niche Silicon Valley obsession into a mainstream scam masquerading as a financial instrument. And the most troubling thing of all is recognizing this will happen again because these companies keep getting legitimised by sports sponsorships and casual curiously press coverage.

Update: Molly White:

It’s apparently easy for some people to castigate those who’ve just lost everything by repeating this refrain, in the same way it seems to be easy for some people to only start pointing out the “obvious Ponzi” or “clear scam” projects only after everything crumbles. And it’s tempting, to those steeped in crypto, because it serves to place the blame with the individual, rather than with the platform, the particular segment of crypto that failed, or—God forbid—with crypto and its culture as a whole.

Well said.

China’s Surveillance State Is Causing a Problem With Data Leaks

Karen Hao, Wall Street Journal:

Tens of thousands more databases in China remain exposed on the internet with no security, totaling over 700 terabytes of data, the largest volume of any country, according to LeakIX, a service which tracks such databases.

[…]

All countries struggle to keep their data protected. The U.S. is second to China with nearly 540 terabytes of data left open on the public internet, LeakIX’s analysis shows. China is unique, however, for the comprehensive and sensitive nature of its exposed data — a consequence of the way it centralizes multiple streams of information from government and corporate sources on state-run surveillance platforms.

This is a well-reported story that is absolutely worth your time. Like most Journal articles, I believe it may be paywalled, but I hope you can find a way to read it.

In April, Aric Toler of Bellingcat observed how data Yandex Food was legally obligated to retain, leaked to the web, could be combined with other information to depersonalize it and reveal the names of GRU agents. But the LeakIX chart published by the Journal indicates that Russia, somehow, has fewer leaky servers than China, the U.S., or even Finland.1

It is astonishing to see how much leakier China and the U.S. are compared to anywhere else LeakIX is monitoring. But there are differences: Chinese companies are required by law to store massive amounts information, while American companies often do so based on — please forgive the trite terminology — surveillance capitalist initiatives. Another difference? Given its semi-isolation from much of the rest of the world, the data stored on leaky servers in China is likely domestic, but I would be surprised if that is the case for American servers.

This shows how important data minimization is. If user information is not being stockpiled — for ad targeting or universal surveillance — and unnecessary information is regularly being flushed, there is little to leak. Organizations in authoritarian states do not get to make that decision. Elsewhere, though, it is a choice.


  1. That is not to say it does not have a security problem. Bellingcat has occasionally relied upon Russia’s underground data market. ↩︎

Does Meta Really Want People to Make Things for Its Platforms?

Ryan Broderick:

At best Meta seems embarrassed of the people who make the content that keeps users on their apps. Or, at worst, they seem to hate them. There’s really no other explanation. Creators I’ve spoken to have described a deeply precarious existence in which they have to constantly adjust how they create content by trying to divine what each new algorithmic tweak might mean for how their posts show up in other people’s feeds. They live in constant fear of their pages being “disappeared” for some weird infraction. It sounds like a nightmare. The women eating out of toilets on Facebook aren’t eating out toilets because they like doing it. They’re eating out of toilets because Facebook’s insanely aggressive recommendation engine has pushed their content to ludicrous extremes because it’s constantly over-optimizing its own users. And because TikTok has redefined how social media works and left Meta completely unprepared for a future that’s quickly approaching, they want you eating out of toilets, but, now, it has to be in a Reel.

I imagine part of the reason for Meta’s reluctance to proudly showcase its most popular posts is because they are often junk, spam, or reposted TikToks. Imagine having one of the world’s largest audiences and being embarrassed by what they are seeing, in part because of technical decisions made to maximize user metrics.

‘The Gray Man’ Is a $200 Million Homework Assignment

Movies like “The Gray Man”trailer here — and the truly awful “Red Notice” make me wonder about the tight spot Netflix finds itself in.

Most of Netflix’s competitors are owned by studios with deep libraries of intellectual property and no incentive to license the most valuable examples. The remainder are a grab-bag: because Apple is reliant on original material, it has been selectively developing programming of a higher calibre; Amazon, meanwhile, bundles its video streaming with free shipping on Amazon purchases, and it is hard to tell how serious it is about its long-term interest. (Update: Alex reminded me that Amazon bought MGM Studios, which I completely forgot about. So, to correct: yes, Amazon is very serious about video.)

Netflix, meanwhile, looks like it is often throwing money at the wall and seeing what sticks. That is not a phenomenon unique to Netflix, for sure, and it has plenty of good shows too. Serial productions like “Stranger Things” and “Sex Education” have been well received, and it has released films like “Tick, Tick, Boom!” and “Uncut Gems”. But these are all over the place. What does a “Netflix movie” look like? Actually, that seems unfair — a lot of stuff on Netflix looks like it has been put through the exact same team of cinematographers, colourists, editors, and visual effects producers. Here is a better version of that question: who is Netflix making movies for?

It seems like many of its highest-profile movie releases are expensive attempts to justify the monthly subscription price. Not necessarily why it is worth paying twenty dollars every month, just something to keep your eyes busy so you do not unsubscribe until the next season of “The Crown” is released. It is all just content at its most empty definition. Much of Netflix’s original library feels like a much more expensive version of 1990s direct-to-video dreck. Maybe the nonstop drumbeat of action movie franchises, including those of comic book characters, have just sapped me of the energy to enjoy yet another hero-endures-explosions plot, but it is wild that many of these wildly expensive movies are so perfunctory.

The American Data Privacy and Protection Act

Gilad Edelman, Wired:

Now comes an even bigger surprise: A new version of the ADPPA has taken shape, and privacy advocates are mostly jazzed about it. It just might have enough bipartisan support to become law — meaning that, after decades of inaction, the United States could soon have a real federal privacy statute.

Perhaps the most distinctive feature of the new bill is that it focuses on what’s known as data minimization. Generally, companies would only be allowed to collect and make use of user data if it’s necessary for one of 17 permitted purposes spelled out in the bill — things like authenticating users, preventing fraud, and completing transactions. Everything else is simply prohibited. Contrast this with the type of online privacy regime most people are familiar with, which is all based on consent: an endless stream of annoying privacy pop-ups that most people click “yes” on because it’s easier than going to the trouble of turning off cookies. That’s pretty much how the European Union’s privacy law, the GDPR, has played out.

If this law is as described and passes more-or-less intact, it could fundamentally reshape the economy of the web and be a model for the rest of the world.

The Electronic Frontier Foundation is “disappointed”:

We have three initial objections to the version that the committee passed this week. Before a floor vote, we urge the House to fix the bill and use this historic opportunity to strengthen — not diminish — the country’s privacy landscape now and for years to come.

The Foundation is concerned about rollbacks of FCC authority, poor individual right to action reform, and the preemption of state laws by this national law. The latter is a particularly fraught matter: a federal regulation simplifies compliance, reduces reliance on weak state-level laws lobbied for by tech companies, and improves international competitiveness, but it could mean privacy rollbacks for those in states with more stringent laws. The Foundation points to a few examples, undermining Edelman’s claim that “it goes further than any of the state laws it would preempt — even California’s”.

Look out for reactions to this bill from technology company front groups like the Competitiveness Coalition and American Edge. Both have been focused on the American Innovation and Choice Online Act — perhaps an indication of tech companies’ priorities — but keep an eye out. The Interactive Advertising Bureau unsurprisingly opposes the law, saying it would “impose heavier regulations than any state currently does” — a demonstrably untrue claim.

Alberta Legislator Who Tested Security of Provincial Vaccine Website Facing Possible Fine

Janice Johnston, CBC News:

[Edmonton-South West MLA Thomas] Dang has said that last September, a computer-savvy constituent contacted him with concerns about potential vulnerabilities on the newly launched Alberta Health vaccine portal.

According to a court document, Dang told RCMP in a January interview that as an MLA with experience in cybersecurity it was his duty to ensure the system was secure. But an Edmonton cybersecurity expert disagrees.

[…]

Between Sept. 19 and 23, Dang’s computer program made 1.78 million queries using [Alberta Premier Jason] Kenney’s personal information. Dang admitted to RCMP and later during a news conference that the queries were randomly generated guesses aimed at revealing the premier’s health-care number.

This is clearly an unethical, unsanctioned security test for which Dang is lucky to not be facing criminal charges. But it is utterly shameful it was possible to test 1.7 million queries against the vaccine portal in four days, which works out to about five or six guesses every second.

I tweeted in support of Dang but I can also see how bad this looks for the security industry. The Government of Alberta does not run a bug bounty program, so there is no presumptive authorization for testing the security of its public systems. Dang, even if well-intentioned, had no permission to try this.

Even so, preventing brute force attacks is a bare minimum level of security anyone should expect. In attempting to build a proof-of-vaccination system, the Alberta Government created an automatic health number and identity validator. It is impossible to say how long this would have remained a problem had Dang not raised the issue as early as he could, but it is worrisome it was released this way in the first place.

Dang says he will not run for re-election; his term in office ends in May 2023.

MacOS Monterey 12.5 Still Does Not Let Users Check Charging Bluetooth Device Status From the Menu Bar

Howard Oakley:

I have also tested 12.5 for two bugs that I have been tracking. I regret to report that it doesn’t fix either:

[…]

Recharging Apple wireless input devices blocks their charge being reported in the Bluetooth menu, so the only way to tell when they’re fully charged is to stop recharging.

The best explanation I have seen for this behaviour is found in the comments of Oakley’s post: because the device is communicating over USB and not Bluetooth, it would be incorrect to show its charge status in the Bluetooth menu. But — and apologies to the author of that comment — that still does not make sense because the charge status is shown in System Preferences under the Bluetooth preference pane.

Because I only charge my Magic Trackpad every few weeks, it is the kind of thing I forget about until I want to check the charge status, and then remember I have to dive into System Preferences. I remain surprised this has not bothered one of Apple’s engineers so much that they committed a patch for it themselves, consequences be damned. If you are running MacOS Ventura, please let me know if this has been fixed.

Deadline Passes for Tech Companies to Register With Indonesian Ministry of Communication and Information

Oliver Telling and Cristina Criddle, Financial Times:

The world’s biggest tech groups have signed up to a law in Indonesia that campaigners warn threatens freedom of expression in south-east Asia’s largest economy, in the latest compromise by the sector to retain access to an important market.

Social media companies including Meta, TikTok and Twitter have registered for a licence at the Indonesian communications ministry under which they might have to censor content and hand over users’ data. Some registered only hours before a deadline at midnight on Wednesday.

Apple, Microsoft, Google, Amazon, Netflix and Spotify have also signed up.

In a press release, Indonesian authorities say tech companies which fail to register by July 27 will be blocked in the country. The statement was issued before Amazon and Microsoft signed up; it lists them alongside several other major entities like Alibaba and Opera, game developers like Epic Games and Steam, and also Yahoo.

This is certainly a law to keep an eye on. Requiring internet companies to comply with police requests is a thorny issue, but not unexpected. The more concerning demand is that authorities will be able to request the removal — in Indonesia, at least — of materials deemed illegal in the country or unfit for public consumption. Authorities in the country are particularly worried about extremism.

In a statement, the Aliansi Jurnalis Independen criticized the vague descriptions in the law as being too open to interpretation, leading to decisions that are arbitrary at best and censorship at worst. Its concern is understandable: this policy supersedes two 2014 laws intended to filter pornography and illegal acts, but which sometimes overstepped their intentions. For example, Reddit and Tumblr have been unavailable at times in their entirety because of their permissive — or, in the case of Tumblr, formerly permissive — attitude toward porn.

This new law is similarly broad, which you can probably imagine given how online game providers are encouraged to register or be blocked. While these steps have been taken by about two hundred international tech companies, over eight thousand local Indonesian websites of all types and kinds are listed in its database. These are not just “tech companies” in the typical sense. Like I said: it is broad.

The Digital Services Act, recently passed by European Parliament, similarly requires removal of materials deemed illegal. These laws reflect a growing trend, but though I do not think it is universally negative, I have concerns. The world should be watching.

Instagram Cannot Beat Them, Joins Them

Instagram introduced some changes to the way its Reels and Remix features work. Among them:

Remix for photos: Photos are core to the Instagram experience. In the coming weeks, you will be able to remix public photos. This gives you limitless inspiration to create your own unique reel.

[…]

Since reels offer a more immersive and entertaining way to watch and create videos on Instagram, we’re bringing these creative tools and the full-screen experience to your video posts, too. In the coming weeks, new video posts shorter than 15 minutes will be shared as reels. Videos posted prior to this change will remain as videos and won’t become reels.

I am sure this is market-tested, and I probably have no idea what I am talking about. But it truly feels like Instagram is Gromit laying tracks just ahead of a fast-moving train. Can anyone articulate the company’s plan a few years out? Is lobbying to rid the United States of TikTok its big creative product strategy?

So many of the creative people I know who use Instagram just want the people who follow them to be able to see their work. But their work is increasingly invisible unless it is a video, despite Adam Mosseri’s promise that “photos are so important” and to “[do] right by photos long-term”. Even if it is a video — excuse me, Reel — Instagram’s machinery may deem it unworthy of viewing by your followers.

My account received these updates today, including an always-on dark mode TikTok-like timeline view, and it is discouraging. It feels like Instagram is actively trying to destroy any simplicity it once had by kind of doing a bit of everything — badly. Again, I am certain there are metrics-based reasons for these decisions and I am just out of touch. But it seems like Instagram is constantly playing catch-up to whatever is new and trendy at the expense of anything definitively Instagram’s own.