Pixel Envy

Written by Nick Heer.

‘60 Minutes’ Reports on Google’s Dominance

This isn’t a terrific report. It is pretty light on details, skimming over more technical aspects of Google’s dominance: Google Chrome isn’t mentioned even once, despite being the world’s most popular web browser, and neither was the company’s mischievous bypassing of iPhone users’ privacy settings. While that may be a function of its allotted running time, Google’s behaviours deserves a much deeper dive.

Nevertheless, I think this exchange is worth paying attention to:

Gary Reback: Google makes the internet work. The internet would not be accessible to us without a search engine

Steve Kroft: And they control it.

Gary Reback: They control access to it. That’s the important part. Google is the gatekeeper for— for the World Wide Web, for the internet as we know it. It is every bit as important today as petroleum was when John D. Rockefeller was monopolizing that.

If this argument sounds familiar to you, it’s because Reback was extensively interviewed for a New York Times Magazine piece in February. However, it does raise two good questions:

  1. How fair and accurate is this comparison?

  2. While European antitrust regulators have reached to Google’s dominance, American regulators have been reluctant to do so while, even after Google’s acquisition of DoubleClick. What are they waiting for?

Ironically-Named LocationSmart Leaked Live Location Data for Customers of All Major U.S. Mobile Carriers on Its Website

Yesterday, I linked to Joseph Cox’s report for Vice concerning Securus’ weak safeguards protecting access to its software that monitors the real-time location of cellphones. While I was writing it, I couldn’t help but think that there isn’t much worse it could get, right? Well, what about if a similar location tracking application had no security — at all?

Brian Krebs (emphasis his):

LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.

There’s a lot about this that’s pretty outrageous, but I think the most alarming aspect of this is that a company most of you have probably only just heard of has access to your phone’s live location, and they’ve never asked you if that’s okay.

Basic Questions About Google Duplex

Dan Primack of Axios found Google’s demo of Duplex a little fishy:

When you call a business, the person picking up the phone almost always identifies the business itself (and sometimes gives their own name as well). But that didn’t happen when the Google assistant called these “real” businesses:

  • When the hair salon picks up, a woman says: “Hello, how can I help you?”

  • When the restaurant picks up, a woman says: “Hi, may I help you?”

Axios called over two dozen hair salons and restaurants — including some in Google’s hometown of Mountain View — and every one immediately gave the business name.

There also does not seem to be ambient noise in either recording, such as hair dryers or plates clattering. We heard that in most of the businesses we called, but not in all.

Google CEO Sundar Pichai insisted three times that these calls were real, but these discrepancies should be answered. If these calls were edited, even just to remove the business name to limit publicity, Google hasn’t said. Very strange.

Finally, neither the hair salon nor the restaurant ask for the customer’s phone number or any other contact information.

Primack also included this as a reason why the calls seemed suspicious, but I disagree. The hair salon asked for the customer name; I don’t usually book my haircuts, but when I do, they don’t ask for contact information. The restaurant didn’t need to ask for contact information because the staff member answering the phone said that no reservations would be accepted for Duplex’s party size.

Jack Wellborn on Twitter:

Regardless of whether the Duplex demo was real or not, I keep wondering why Google didn’t target it to businesses first. People are used to talking to robots when calling businesses and some might even prefer it.

As a demo, it’s pretty cool, though somewhat less compelling to me as a recording rather than a live preview. But as an actual consumer service offering, I’m not sure I get it in its current guise. While Pichai said that 60% of American businesses don’t have an online booking system, that number has been dropping and, though I doubt it will hit zero, their pitch is to a temporary and shrinking market.

But as a business product, like Wellborn describes, it makes more sense to me. Why not have a robot handle reservations? As Sarah Jeong said on Twitter, this is only a product “because we treat service industry people like robots” anyway, unfortunately.

But that’s only if we feel like Duplex is limited to making bookings. Over time, it will of course become more capable. Like they do for the web, Google is already crawling the real world with things like Street View and AI-powered verification of business details. What’s next?

Twitter Is Executing Its 2012 Vision

Yesterday’s announcement to API changes and pricing may have been foreshadowed six years ago, but it’s still hard to be facing what looks like the slow turning of the screw on third-party Twitter clients.

Favstar Is Shutting Down in June

Speaking of the influence Twitter’s API changes are having on third parties, Tim Haines has announced that Favstar is shutting down:

Favstar started in May 2009, and in it’s early years was a huge hit with people new to Twitter, up-and-coming comedians, tech folk, reporters, celebrities, and people looking for a quick route to the best tweets. You could visit Favstar, and almost be guaranteed a laugh, whatever your sense of humor.


Favstar will go offline on June 19th 2018.

Haines’ announcement comes just shy of the two year anniversary of Stellar.io’s goodbye, which had a similar purpose. I miss Stellar, and I’ll miss Favstar greatly.

Twitter hasn’t cared about their ecosystem of third-party apps for ages. Unfortunately, they are often the best way to experience Twitter.

Hacker Breaches Now-Ironically-Named Securus, a Company That Provides Cellphone Location Monitoring Software

Hey, remember Securus, the company I told you about last week that provides software that can monitor the location of most cellphones in the United States with only a phone number?

Joseph Cox, Vice:

A hacker has broken into the servers of Securus, a company that allows law enforcement to easily track nearly any phone across the country, and which a US Senator has exhorted federal authorities to investigate. The hacker has provided some of the stolen data to Motherboard, including usernames and poorly secured passwords for thousands of Securus’ law enforcement customers.

Although it’s not clear how many of these customers are using Securus’s phone geolocation service, the news still signals the incredibly lax security of a company that is granting law enforcement exceptional power to surveil individuals.

Cox reports that users’ passwords were hashed using MD5 which, as of a decade ago, was considered by the U.S. Office of Cybersecurity and Communications to be “cryptographically broken and unsuitable for further use”. I disagree with the notion that a private company can offer this sort of software with little legal oversight or scrutiny, but even if you think that’s totally okay, surely tracking the live location of hundreds of millions of people should be guarded with more than an email address and a badly-encrypted password.

Future of Many Third-Party Twitter Apps in Question as New API Pricing Is Shared With Developers

Juli Clover, MacRumors:

Third-party Twitter app developers will be required to purchase a Premium or Enterprise Account Activity API package to access a full set of activities related to a Twitter account including Tweets, @mentions, Replies, Retweets, Quote Tweets, Retweets of Quoted Tweets, Likes, Direct Messages Sent, Direct Messages Received, Follows, Blocks, Mutes, typing indicators, and read receipts.

Premium API access, which provides access to up to 250 accounts, is priced at $2,899 per month, while enterprise access is more expensive, with pricing quotes available from Twitter following an application for an enterprise account.

That is a huge lump of money: over $10 per user per month from developers for real-time activity if they have just 250 users; can you imagine the rate for tens of thousands of users? Let’s be generous and assume that they’ll give third-party developers operating at that scale a remarkable deal of $1 per user per month. At $12 per user per year, that’s probably unsustainable for developers like Tapbots and the Iconfactory to be charging a flat rate.

I know lots of people — myself included — who have proposed paying a monthly fee to continue using third-party clients. Loathe as I am to suggest it, perhaps a subscription model is one way for these apps to stay afloat. Given the choice, I’d rather pay five bucks per month to continue to use Tweetbot than use the official Twitter app, especially as there isn’t a first-party Mac client.

I bet I’m in the minority, though; I bet this is Twitter’s way of slowly turning the taps off for third-party apps that replicate the consumer Twitter experience. What a pisser.

As an aside, Twitter developer relations has mastered the art of the sleazy redirection:

There’s no streaming connection capability as is used by only 1% of monthly active apps. Also there’s no home timeline data. We have no plans to add that data to Account Activity API or create a new streaming service. However, home timeline data remains accessible via REST API.

The 1% of monthly active apps that make use of streaming could represent hundreds of thousands of users, maybe even millions. Only Twitter knows that for certain, but they’re not sharing it, because it would give away an approximate number of users who reject Twitter’s own apps while still using the platform.

Notifications on Android P vs. iOS 11

Michael Simon, Macworld:

Even before the public beta of version 9.0 landed this week, Android’s system of notifications was far superior to Apple’s. As someone who regularly bounces between the two platforms, I actively ignore the iOS Notification Center, but on Android, I use it regularly to catch up on things I might have missed. The Android notification shade isn’t just for messages and alerts; it’s an information center for your entire digital life.

As it stands, I have far fewer complaints about notifications on Android Oreo than I do on iOS 11, but the system has its kinks and annoyances just like it did on previous Android version, Nougat and Marshmallow. But in Android P, notifications are nearly perfect. Google hasn’t overhauled the notification system in Android P, but it has implemented a series of meaningful tweaks that work to make notifications useful, whether you want to interact with them, control what you see, or just keep them at bay.

And I hope someone on Apple’s iOS team is taking notes.

Making notifications the centre of my phone sounds like my idea of hell, but I certainly hope iOS 12 includes significant refinements to the notification system. It’s messy, it’s astonishingly interruptive, notifications cover app controls and a mis-tap can send you to a completely different app, and there isn’t always something you can do from the notification so you end up having to launch the app anyway. Notifications may necessarily be an interruption, but they shouldn’t be quite so intrusive.

UIs That Amass Memories

I’ve been watching this tremendous Twitter thread started by Marcin Wichary since yesterday:

Fascinated by UIs that accidentally amass memories. One of them is the wi-fi “preferred networks” pane – unexpected reminders of business trips, vacations, accidental detours, once frequented and now closed cafés.

Another? The alarm page and its history of painful negotiations with early mornings. (One of these, I’m sure, was for a lunar eclipse; another for sending a friend in Europe a “good luck” text.)

I like that both of these places require you to coax your memory a bit to remember.

What else like this is out there?

People replying have suggested logs of completed reminders, weather app, and composing a new iMessage to an infrequent contact as more memory-laden UIs. Another two suggestions, from me: open tabs, and web browser history. I have a hard time with remembering to close tabs on Safari for iOS, and there’s an animation bug where, sometimes, opening a new tab will scroll through the entire list, giving me glimpses of articles and websites I opened weeks prior. Also, Safari on the Mac defaults to keeping history items for a year, and trudging through those can be a trip down memory lane — again, articles that I was reading, recipes, job hunting, trying to find a new apartment, and the like are all in there.

I love all of those suggestions, but the one I keep coming back to is WiFi history, especially because it’s collected almost passively. I hadn’t checked my own history in a while and found it absolutely full of memories: the network I set up for my parents in my childhood home, which they’ve since sold; there’s a hotspot for a Gloria Jean’s Coffee location, which I could have connected to in Kuta when I got lost there, or it could have been from another time in Los Angeles. Wonderful.

The Media’s Paywall Obsession Won’t Work for Most

Mike Masnick, Techdirt:

This is an important point, and one we’ve tried to make a few times in the past, highlighting that all of the metrics you hear about concerning audience side are complete bullshit, but everyone in the ecosystem has strong incentives to keep up the charade. At least they do while they’re pitching advertisers. When the actual hard subscription numbers come down, it can be a real wake up call. I’m reminded, of course, of the newspaper Newsday that implemented a paywall with great fanfare… and three months later had a grand total of 35 subscribers. Thirty. Five.

And they were hardly the only one. We’ve written time after time after time after time of paywalls failing for newspapers, and actually doing a lot more overall harm in terms of reducing both audience and influence.

I’ve been thinking about this a lot lately. What follows is not exactly new, but I want to set something up in your mind.

You used to have to pay for the entirety of your local paper if you wanted news in print form, and it worked even if you only read a few stories a day, and you had to flip through loads of big ads to get to the handful of stories you actually cared about. All of this came from one or two sources, largely because you couldn’t live in, like, Lowell, Indiana and get that day’s Los Angeles Times dropped on your doorstep every morning. It didn’t matter that the local paper was comprised of a mix of original and syndicated reporting; it was the only way to get the news.

Now, you can read far more stories in a day and never touch your local paper. And why would you when, through a horrible downward spiral of business choices, it may now be almost entirely Associated Press stories that you can get anywhere? Besides, the big scoops largely go to the New York Times, Washington Post, and Wall Street Journal. Just look at this year’s list of Pulitzer Prize winners in journalism — of the fourteen award categories, fully half were won by the Times, Washington Post, Reuters, and USA Today. Compare the clustered wins of 2018 against the more widely-awarded prizes twenty or thirty years ago.

Many of us will, therefore, only pay a monthly fee towards one or two publications that we find really valuable; and, for most of us, that’s probably a national broadsheet “paper of record” rather than a thin local edition. But the national papers of record can’t realistically cover all local news of relevance across an entire country. Also, I’ve focused on American papers here, but this is a massive problem in Canada as well, and around the world.

Like I mentioned at the top of the preceding paragraphs, I’ve been thinking about this quandary a lot, for reasons of obvious importance — the continued existence of a press covering all levels of government and activities is crucial — but also for selfish concerns: I want to find a way for Pixel Envy to support itself. What ails the news industry also affects, albeit to a far lesser extent, independent blogs and web-only publications. Relatively large websites like the Onion and Gizmodo Media Group are struggling; the Awl shuttered earlier this year. Maybe the web cannot support all of these fantastic sites — that it did at any time was maybe a silly fluke. But I think giving up and treating the web as a place for giants and nobody else would be a mistake and a great shame.

Perhaps new legislation and the reclamation of our privacy online will spur the creation of small, privacy-focused advertiser networks again, akin to the Deck Network or something like the Outline’s ad strategy. Perhaps we need more networks of bloggers, too, allowing readers to subscribe to several related websites at the same time, without creating barriers to readership with paywalls. Maybe there’s a third and fourth source of money beyond readers and advertisers — I’m not sure. But non-giant entities, whether web-only or in print, need a funding solution for the future that isn’t solely reliant upon massive traffic, Facebook referrals, or subscriptions.

The Toronto Star’s Plan to Save Itself

Brett Popplewell, the Walrus:

Shortly after his arrival in 2017, John Boynton, Cruickshank’s replacement as publisher of the newspaper and Torstar CEO, called a town hall in the newsroom. Boynton is a fifty-four-year-old turnaround specialist with no real journalistic experience but a record of success in running Aeroplan and other multi-million-dollar loyalty programs. The job of saving the Star has fallen to him. What he inherited when hired wasn’t just the fate of Torstar’s 3,800 employees but the legacy of the Star’s costliest and most valuable resource: its reporting.

According to sources, Boynton, standing near the empty desks of the men and women who’d been hired and then fired as a result of Star Touch, looked at what was left of his staff and said: “We can’t be a department store anymore.” The Star needed to transform into a publication less concerned with being everything for everyone on the streets of Toronto. It needed instead to do what tech companies like Facebook and Google were doing — study its readership algorithmically, learn what readers want, and stop feeding them what they don’t.

“We’re going to kill some sacred cows,” he said. The words alarmed many. Someone asked what the Star would consider a sacred cow. “We need the data,” Boynton replied. The response didn’t ease any concerns. In the old model, every reader counted. Soon, only those whom data science indicates have a propensity to pay may end up mattering to the Star — and any other newspaper still standing after the next presidential election. The trend won’t just redefine the value of certain journalists but the value of certain types of journalism as well.

No matter how much I want the Star to succeed and cannot imagine the pressures it faces, along with almost every other newspaper, this sort of thinking worries me. The present U.S. administration has probably caused subscriptions to the Washington Post and New York Times to shoot higher, but that’s not because we want to read more hard news; we like spectacle, and we’re getting that in spades. We also need news coverage with less intrigue, but still carries great importance, and that remains a hard sell.

Last year, I read “Saving the Media” by Julia Cagé, and its proposal fascinated me. Cagé proposes a new way for media organizations to be recognized in a business sense, which, she says, would give greater control over a newspaper’s editorial direction to its staff, and more diversified funding sources without editorial influence. I don’t know how scalable this business model is for, say, a local-only paper to something more like the Star, but it’s a proposal worth considering. Try to find the book at your local library or independent bookshop.

GDPR and the Adtech Bubble

In just two weeks, the E.U. can begin fining GDPR violators. This is a must-read essay by Doc Searls, touching on the law itself, consent, and adtech. There’s a lot in this piece that is quotable and brilliant, but I think this is a truly critical paragraph:

And that’s on top of the main problem: tracking people without their knowledge, approval or a court order is just flat-out wrong. The fact that it can be done is no excuse. Nor is the monstrous sum of money made by it.

In addition to GDPR, Apple’s anti-tracking feature in iOS 11 and MacOS High Sierra has also, apparently, caused great concern amongst adtech companies that rely upon users’ implied consent, as most browsers’ default preferences permit the setting of third-party cookies. In cases where they don’t — for example, in Safari — adtech companies actively try to subvert your preferences. For example, Criteo:

Criteo may use non-cookie technologies in limited cases where the by-default settings of your browser aim to prevent the use of cookies for cross-site personalization and only if you have unambiguously accepted our services after being asked to do so (and offered the possibility to refuse subsequently).

A reminder that Criteo’s idea of unambiguous consent has long been represented by a banner across the bottom of the screen that indicates that any further clicks on the webpage will be construed as consent, and that you can opt out in the future if you read the banner in full and managed to remember the name of the third-party company that is now tracking you across the site.

It’s obvious — but no less revealing about their suspension of morality — how adtech companies will take full advantage of browser defaults to imply consent, but will actively fight against browser defaults through nefarious behaviours when it impacts their business.

Searls’ next paragraph is key, too:

Without adtech, the EU’s GDPR (General Data Protection Regulation) would never have happened. But the GDPR did happen, and as a result websites all over the world are suddenly posting notices about their changed privacy policies, use of cookies, and opt-in choices for “relevant” or “interest-based” (translation: tracking-based) advertising. Email lists are doing the same kinds of things.

Understanding that the GDPR is the direct result of widespread bad behaviours is truly critical. I don’t think this will eliminate bad actors, but it will provide a framework for adequate consequences. If a company cannot bear the legal blowback from a failure of responsibility to adequately protect users’ information, they should not be collecting it in the first place.

Google Duplex and AI Ethics

Natasha Lomas, TechCrunch:

Yet Pichai said Google had been working on the Duplex technology for “many years”, and went so far as to claim the AI can “understand the nuances of conversation” — albeit still evidently in very narrow scenarios, such as booking an appointment or reserving a table or asking a business for its opening hours on a specific date.

“It brings together all our investments over the years in natural language understanding, deep learning, text to speech,” he said.

What was yawningly absent from that list, and seemingly also lacking from the design of the tricksy Duplex experiment, was any sense that Google has a deep and nuanced appreciation of the ethical concerns at play around AI technologies that are powerful and capable enough of passing off as human — thereby playing lots of real people in the process.

Zeynep Tufekci:

Google Assistant making calls pretending to be human not only without disclosing that it’s a bot, but adding “ummm” and “aaah” to deceive the human on the other end with the room cheering it… horrifying. Silicon Valley is ethically lost, rudderless and has not learned a thing.

Instead of worrying about humanoid robots becoming self-aware and destroying us all, I think it’s more satisfying and intellectually stimulating — and, of course, more practical — to ask questions about the ethics of the pseudo-automated systems we’re so quick to applaud.

See Also:Who Will Command the Robot Armies?” by Maciej Cegłowski.

Despite Announcing Otherwise, Google’s Revised Privacy Policy Still Permits It to Mine Users’ Gmail Accounts for Advertising

Paris Martineau, the Outline:

Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users’ Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also “may analyze [email] content to customize search results, better detect spam and malware,” a practice the company first announced back in 2012.

It’s bothersome that Google was scooping up users’ emails for ad targeting purposes in the first place, then said that they would stop doing it — after way too long — and has now given itself permission to keep doing so if they want to. But it isn’t going to make a difference: the popularity of Gmail and, more broadly, how deeply we’ve allowed surveillance capitalism to become embedded in the way we live and work on the web.

Apple Cracking Down on Applications That Send Location Data to Third-Parties

Chance Miller, 9to5Mac:

In the instances we’ve seen, the apps in question don’t do enough to inform users about what happens with their data. In addition to simply asking for permission, Apple appears to want developers to explain what the data is used for and how it is shared. Furthermore, the company is cracking down on instances where the data is used for purposes unrelated to improving the user experience:

You may not use or transmit someone’s personal data without first obtaining their permission and providing access to information about how and where the data will be used.

Data collected from apps may not be used or shared with third parties for purposes unrelated to improving the user experience or software/hardware performance connected to the app’s functionality.

Good — there’s almost no circumstance in which a third-party has any business in receiving location data when it isn’t connected with what the app actually does. But this is also the kind of thing I wish App Review was better at catching in the first place. Apps that request permission for location data, or access to contacts, or access to the photo library — in particular — ought to be subject to a degree of scrutiny that would prevent malicious uses of this functionality from appearing in the App Store in the first place. I’m not saying that they don’t catch this behaviour; rather, that there shouldn’t be enough apps in the store abusing location permissions to warrant a “crackdown”.

Securus Software Can Track Location of Cellphone in U.S. With Little Oversight

Jennifer Valentino-DeVries, New York Times:

Securus offers the location-finding service as an additional feature for law enforcement and corrections officials, part of an effort to entice customers in a lucrative but competitive industry. In promotional packets, the company, one of the largest prison phone providers in the country, recounts several instances in which the service was used.

In one, a woman sentenced to drug rehab left the center but was eventually located by an official using the service. Other examples include an official who found a missing Alzheimer’s patient and detectives who used “precise location information positioning” to get “within 42 feet of the suspect’s location” in a murder case.

Asked about Securus’s vetting of surveillance requests, a company spokesman said that it required customers to upload a legal document, such as a warrant or affidavit, and certify that the activity was authorized.

“Securus is neither a judge nor a district attorney, and the responsibility of ensuring the legal adequacy of supporting documentation lies with our law enforcement customers and their counsel,” the spokesman said in a statement. Securus offers services only to law enforcement and corrections facilities, and not all officials at a given location have access to the system, the spokesman said.

To be clear, all that this software requires is for users to type in a phone number, upload a supporting document, and check a box certifying that it’s a legal request. The location of the phone attached to that number will then be revealed; there appears to be no intermediary step of verifying that the location search is legally justified. No wonder this news story is about the abuse of such a flawed system.

Tesla Adds Fremont Factory to Its Line of Credit Collateral

Alexandra Scaggs, Financial Times:

While observers were preoccupied with its CEO’s personal life, Tesla disclosed it has added its Fremont, Calif. factory to a pool of collateral backing its US asset-based revolving credit line from nine banks.

CreditSights analysts called attention to the addition of the Fremont factory — a 5.3m-square-foot facility that was previously home to a famous joint venture between GM and Toyota — in a Tuesday note. The electric carmaker also said vehicles in or on their way to Belgium could be included in the base of collateral for its Dutch borrowings.

About six months ago, the Economist wrote about the rarity of future success for firms with billion-dollar debts. Watch this space.

Microsoft’s New Fee Structure for App Developers


Starting later this year, consumer applications (not including games) sold in Microsoft Store will deliver to developers 95% of the revenue earned from the purchase of your application or any in-app products in your application, when a customer uses a deep link to get to and purchase your application. When Microsoft delivers you a customer through any other method, such as in a collection on Microsoft Store or any other owned Microsoft properties, and purchases your application, you will receive 85% of the revenue earned from the purchase of your application or any in-app products in your application.

This kind of arrangement doesn’t necessarily mean that developing for one platform is necessarily more lucrative than another. However, it might be a pretty good incentive for major developers to submit their apps to the store, as Microsoft isn’t garnering a third of their earnings.

I wonder if we’ll see anything about App Store fee structures at WWDC. I’d like to see Apple adopt something more like a progressive tax rate: for example, the first thousand downloads of an app could be at a 0% rate, then 5% for the next 10,000 downloads, then 10% for another 25,000, and so on. Their current 30% cut looks comparatively antiquated on the back of Microsoft’s announcement.

The Equifax Breach That Can’t Get Any Worse Gets Worse Again

Sean Gallagher, Ars Technica:

On May 7, executives of Equifax submitted a “statement for the record” to the Securities and Exchange Commission detailing the extent of the consumer data breach the company first reported on September 7, 2017. The data in the statement, which has also been shared with congressional committees investigating the breach, reveals to a fuller extent how much personal data was exposed in the breach. Millions of driver’s license numbers, phone numbers, and email addresses were also exposed in connection with names, dates of birth, and Social Security numbers — offering a gold mine of data for identity thieves and fraudsters.

Equifax had already reported that the names, Social Security numbers, and dates of birth of 143 million US consumers had been exposed, along with driver’s license numbers “in some instances,” in addition to the credit card numbers of 209,000 individuals. The company’s management had also reported “certain dispute documents” submitted by about 182,000 consumers contesting credit reports had been exposed as well, in addition to some information about British and Canadian consumers.

A reminder that, instead of pushing for record fines and legal repercussions in the wake of the worst data breach in American history, the head of the CFPB — you know, the regulatory agency that’s responsible for financial industry oversight — doesn’t feel the need to proceed with his agency’s investigation into Equifax.

What Happened to Apple’s Whimsy?

Peter Cohen, reflecting on the first iMac on its twentieth birthday:

I hope that Apple finds an opportunity to go full circle with the Mac yet again. It probably won’t be the iMac, but I hope that some future Apple device, whether it’s a phone, tablet, laptop or desktop machine, or some hitherto unimagined gadget, regains that sense of whimsy and wonder we’ve seen before. Something to help us emotionally connect with it and that essential Apple user experience in a way that’s different, and less invisible, than how we do today.

I’ve been thinking about the original iMac and iBook a lot recently, on occasion of the iMac’s birthday and the cancellation of the AirPort, the first generation of which was introduced alongside the iBook. The vibrant colours and translucent plastics — and the handles, of course — made these computers feel approachable and human.

I’m not sure that I would like to see too more of that goofiness, though. It’s not that I hate fun; rather, I think that Apple’s increasingly austere take on industrial design has made them better at shipping products that feel almost invisible. I appreciate that. It reduces the hardware to a tool, but not an appliance, yet I think Apple’s products feel even more approachable than they used to because so much of what they make is entirely straightforward. They don’t need to mask the complexity of the software with a layer of gumdrop plastic; in many ways, the software has become simple enough that the hardware can reflect that.

Then again, now that the iPhone has a gorgeous glass back, why can’t it be sold in a range of highly-saturated colours?

VI Months With the iPhone X

The way that tech product reviews work is pretty simple: most companies give select members of the tech press a review unit before the product is available to the general public. Reviewers typically can’t talk about it until a later date, usually around the time that the product will be on sale. The time between when reviewers receive the product and when they’re allowed to publish a review is usually extremely short — often, about a week. That’s enough time to get a general feel but, in my opinion, not enough time to adequately review it. For various reasons — many of them good! — reviewers typically feel like they have to publish something as soon as they’re able to, and most don’t do a followup because they’re not using nineteen smartphones on a daily basis.


I’m not a member of the tech press and, therefore, do not get review units. I did publish some initial thoughts on the iPhone X about a week after I bought mine, but I wanted to write some more about what it has felt like after several months of using it. I’m keenly aware that many of you probably have owned and used an iPhone X for as long as I have, and so you might not find anything here particularly newsworthy. Apple has sold tens of millions of them, too, so it’s not like these thoughts are particularly exclusive. They are, however, mine.


Let’s start with the easiest thing about the iPhone X: its hardware is damn nice to look at and to use. It is still the most beautiful product Apple has ever shipped; it still feels impossibly good, like a prototype, like a fine watch, et cetera, et cetera. The body combined with the display’s extremely high resolution and True Tone — which has been so accurate in most environments that the white on screen is practically identical to the white surfaces my iPhone has rested upon — and it looks like a concept render brought to life without sacrifice.

I’ve kept my iPhone in a case for most of its first five months because a) it’s been a long-ass winter, which necessitates gloves, thick jackets, and other things that make for clumsy handling; b) I’ve been travelling; and c) I paid a lot of money for this thing, so you bet I’m keeping it as pristine as I can. I’ve been using Apple’s cases the entire time — a purple leather one, and an orange silicone one — so three sides and the back glass are all perfect. Of the exposed parts, the bottom of the stainless steel band looks great to my eye. It doesn’t appear to be scratched, even around the Lightning port.

However, the display has not remained blemish-free. There are a few small but noticeable hairline scratches, especially in the area where my right thumb swipes upwards to unlock or scroll. I haven’t treated this iPhone any differently, nor is the skin on my thumb any different than it used to be, as far as I know. However, after comparing the screen of my iPhone X against my old iPhone 6S, it seems to be scratched more obviously. I’ve been hesitant to write about this because there seems to be complaints about this every year though I don’t know how much actually changes year-to-year, and I also think that the first scratches that appear tend to be the most noticeable. But based on what I’ve heard from others, my perception of it being more scratch-prone does not appear to be isolated. Apple says that the glass in the iPhone X is the “most durable” in any smartphone, but they don’t elaborate on what “durable” means.

The screen itself continues to be amazing. Colours are rich without being inaccurate, and pixels appear to be closer to the glass than in any previous model. I maintain that there is no reason to treat this OLED display any differently than its LCD predecessors: you don’t need to use the dark mode in apps or have an all-black wallpaper if you don’t want to. You don’t need to worry about burn-in. It’s just a damn good screen, exactly as you would expect from any iPhone.


The one component of the iPhone’s body that I’m torn on is the camera bump. Instead of being sloped like it is on the iPhones 7 and 8, it’s a giant sharp-edged jutting-out rounded box. Because my phone has been in a case for most of the time I’ve used it, I haven’t been bothered by how the bump sits on a table or another hard surface, but every time I pop the case off, I’m struck — in both very positive and quite negative ways — by all of these attributes.

On the one hand, it almost looks like there’s a piece of the phone that wasn’t assembled quite right. Its construction is clearly quite refined, but there’s not a lot to resolve the transition between the lens cover, the bezel, and the back glass. It doesn’t look bad; it just looks odd.

But, I must say, its crisp edges do look precise. The bump on my old 6S looks sheepish by comparison, as though Apple was embarrassed to have it. This one looks like they’re very comfortable with the cameras not fitting flush, and they’re making the most of that.

The cameras themselves, though, do not confound me: they’re amazing. I want to separate my assessment of them into software and hardware because there are two stories to tell.

I usually shoot in RAW, which means that the sensor data is saved directly, bypassing Apple’s imaging processing algorithms. Those algorithms remove noise, sharpen the image, and adjust the colours to a palatable palette that’s saturated, but not cartoonishly so. My iPhone 6S captured generally smooth and good-looking images, but a closer inspection of scenes with a lot of foliage or fine detail tended to look painterly. It was one of my chief complaints with that phone’s camera. Apple clearly spent some time working on the image processor in the iPhone X to perform better at these kinds of scenes, and every photo I’ve shot with it has been noticeably far better in its details than the 6S.

Yet, no matter how much better the new noise reduction algorithms are, they’re still no match for the detail you can see in a RAW photo. That’s part of the hardware story: both of these cameras are truly sublime. And I do mean “both” — I’ve been using the 56mm “zoom” camera about as often as I have the 28mm standard camera, and its performance has been just as solid.

The combination of the hardware and software stories merge with Portrait mode. Introduced with the iPhone 7 Plus, it uses the two rear cameras to assess the relative distance of objects in the frame and create a pseudo shallow depth-of-field image. It’s really fun and, now that Darkroom allows manual adjustment of the foreground and background parts of the image, a feature that I like playing around with. But its depth maps aren’t usually accurate — hair and glasses frequently seem to confuse it — and the default blur is often too exaggerated for my taste.

On the front side, the highlight feature is clearly Animoji and they are so much fun. I’ve sent a few videos, but I usually use them as stickers. In fact, they’re so good, its a real shame they’re included solely as a Messages feature. I’ve spent quite a lot of time around toddlers recently, and it’s hilariously good fun to sit with them and play around with Snapchat lenses, language barriers be damned. There’s no equivalent standalone app for Animoji, and I think there ought to be; using it within Messages feels clumsier than simply opening Snapchat. Animoji is, hands-down, the feature that my friends want to play around with most after I got this iPhone.

Face ID

One of the benefits of writing about a product months after it was released is that initial controversies and *–gates tend to be resolved in the interim. Case in point: Face ID.

Apparent Controversy Number One: switching from the accurate and much-liked Touch ID home button to the usually flawed world of facial recognition was sure to be a flop. After all, facial recognition requires a clear and mostly direct line-of-sight to your face, so you can’t use it while the device in your pocket or while it’s on a table beside you. It is also impeded by some facial coverings, like scarves and sunglasses.

In practice, Face ID has turned out to be astonishingly good — it is, dare I say, so good that it feels magical. (I know.) In virtually every common circumstance, Face ID has performed at least as well as Touch ID had, or even better. For example, on cold days, I don’t cover my face in a way that renders me unrecognizable to Face ID, but I do wear gloves, which would need to be removed for Touch ID to work correctly. After a swim or when I finish washing dishes, Touch ID would sometimes get confused, but Face ID works just fine.

The best thing about Face ID is that it feels like it gets rid of the authentication step entirely. Instead of having to place your thumb on a fingerprint reader, wait for authentication, and then move it to the display, you just swipe on the display while looking at it, which you were probably doing anyway. I decreasingly see the graphic indicating that it’s unlocking; my phone just unlocks, and it’s ready to use. And that’s something that the initial batch of reviews published around the iPhone X’s launch couldn’t capture: it really does seem to be learning the characteristics of my face and getting more accurate over time.

So, as far as I’m concerned, Apparent Controversy Number One is a non-issue for me. You may, quite reasonably, feel differently — perhaps you wear a full face covering, or your sunglasses block Face ID’s scanner, or maybe you typically hold your iPhone at a distance from your face that isn’t ideal for Face ID. I think these are all things that can be sorted out with future iterations; however, this version has worked consistently brilliantly for me. I entirely prefer it over Touch ID and would not want to switch back.

Which brings me to Apparent Controversy Number Two: Face ID’s hardware requirements have spoiled an otherwise-perfect near-bezel-free display with the addition of a gigantic notch at its top.

I didn’t mention this in my first look because, quite honestly, I barely noticed the notch after using the phone for a few minutes. Ever since, my experience has been more of the same. In day-to-day use, the notch sort of disappears along with everything else in the status bar area from what I consciously see on the display. Would the iPhone X be better, in some way, if it had a completely uninterrupted display? I think that would be nice, yes, especially in landscape. But is the notch a fair trade-off for having an authentication system that works better than Touch ID — again, in my use? Absolutely.

Battery, Charging, and Wireless Musings

I have no formal way to test battery life but it has been excellent so far. Even after using beta releases constantly since I got mine, which tend to be less refined and harder on the battery, I still easily get a full day’s use without needing to “top up”.

Like an ape, I still plug a Lightning cable into my phone to charge it. Inductive charging is clever, but because the chargers are expensive and they stop charging as soon as you move your cellphone a couple of millimetres — at least, according to the reviews I’ve read — I haven’t felt compelled enough to buy one yet.

Of course, plugging in a Lightning cable means that I can’t simultaneously charge and use the slightly higher-tech version of two cans and some string that I call “my headphones”. Apple has clearly been moving in a wireless and wearable direction, but I haven’t been able to keep up: EarPods don’t fit my apparently alien ears, and I’m still using a Series 1 Apple Watch. Therefore, the AirPower that they’re apparently going to release soon doesn’t have the same appeal to me as it might someone with Apple’s latest and greatest.

Apple has promised that they’re going to contribute the refinements they’ve developed for the AirPower to the Qi wireless charging standard, so I look forward to more reliable inductive charging in the future.


The hardware-specific attributes of the iPhone X are pretty damn good. What about iOS? Well, upgrading to the X from a 4.7-inch iPhone feels a lot like the transition from the iPhone 4S to the iPhone 5: everything gets taller but, as there’s no increase in width, a lot of things remain similar. In the case of the X, however, the hardware has reduced the display’s bezels so much, it feels almost like the device disappears and you’re just holding the software. That’s the major difference. Even without that refined approach to hardware, though, the extra display height is totally great for basically everything I do: reading long articles, skimming my email inbox, and so forth. I’ve rarely used any iPhone in landscape mode, so anything Apple can do to make the portrait orientation better, I’m all for it.

Of course, the exaggerated height also highlights the foibles of an operating system that still retains some conventions from when it first shipped with a 3.5-inch display. The home screen still follows a pattern of starting in the upper-left corner. Tapping the back button that appears after one app launches another now requires a warmup of finger callisthenics, and an active AppleCare agreement, just in case. And bringing down Control Centre by dragging from the upper-right “ear” still feels bizarre and unfinished. I sincerely hope these aspects, in particular, are rethought with iOS 12.

The gestural navigation that replaces the home button is, frankly, ingenious. Jumping between apps and the home screen feels fun, and switching between apps by swiping across the home indicator is second nature. But, now that I’m used to the way the iPhone X works, the home indicator feels redundant. While it’s not particularly visually noisy, I also wish there were a way to hide it, simply because I don’t need to see it any more.

I also feel like the flashlight and camera buttons on the lock screen are peculiar. Unlike any other button on the system that I’m aware of, they have no action when they’re tapped, instead requiring a firm press into the display. They’re not customizable, either, and the camera button is redundant — swiping right-to-left across the lock screen also launches the camera. I don’t get them. I don’t mind these buttons, really, but after six months with this phone, I still don’t get them.

There are also some curious bugs I’ve seen on my iPhone X that I’ve never seen elsewhere. If you set a very light wallpaper, for example, the clock on the lock screen and the Springboard icon labels will be a dark grey instead of white; however, when you wake the iPhone, it flashes through white before arriving at the dark grey colour. It’s very strange. Also, the clock and dock occasionally disappear.

Other than that, the iPhone X might be the best iOS 11 experience, as you would probably hope. With it in hand, a bunch of the software design decisions Apple has made for years shine even brighter. I have problems with the notification system in iOS, but the floating bubbles that slide from the top help the display feel effectively limitless, as do the chrome-less home screen and 3D Touch menus. The iPhone X is the ultimate showcase for Apple’s increasingly refined post-iOS 7 visual approach. I’m excited to see where it leads.

The Best iPhone

What more can I say? The iPhone X is the most elegant iPhone Apple has made since the iPhone 5S married to the best iOS experience they’ve ever shipped. It feels like it sets the standard of the platform for the next ten years. It feels futuristic but not alien. It is refined but not precious. It is the hundred-and-ninety-proof distillation of what an iPhone is.

Requests for Personal Data From Apple, Google, and Facebook Compared

Jefferson Graham of USA Today requested a copy of his personal data from each of three major tech companies:

The zip file I eventually received from Apple was tiny, only 9 megabytes, compared to 243 MB from Google and 881 MB from Facebook. And there’s not much there, because Apple says the information is primarily kept on your device, not its servers. The one sentence highlight: a list of my downloads, purchases and repairs, but not my search histories through the Siri personal assistant or the Safari browser. 

I don’t think the story here is that Apple retains very little customer data; the story here is that Facebook and Google have a staggering and deeply concerning amount, with extraordinary granularity, and that it reaches back years.

Twitter Logged a Bunch of Users’ Passwords in Plain Text

Twitter CTO Parag Agrawal on the company blog:

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

Interestingly enough, this was posted with the title “Keeping your account secure”, as opposed to a more accurate headline, like, “Oops, we stored your password in plain text”, or “We know the president’s password, for real”.

The euphemistic and misleading headline upsets me. What’s even more worrying is Agrawal’s reaction in a tweet:

We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.

You “didn’t have to” let Twitter users know that their account password was saved as plain text in the company’s infrastructure? Fuck you. Even if there isn’t a legal obligation to tell users, isn’t there a moral one?

Agrawal later apologized for saying that, but that’s a ridiculous initial reaction for the chief technical officer of a gigantic company.

Lie of the Day: ‘Cambridge Analytica Is Shutting Down’ Notifications

If you’re like me and have notifications turned on for several news apps, you probably got a flood of alerts today proclaiming that Cambridge Analytica was shutting down.1 Here’s what Ben Collins, Anna R. Schecter, and Vladimir Banic of NBC News wrote:

Cambridge Analytica and its parent company SCL are shutting down, citing a “siege of media coverage” that drove away its customers, NBC News has confirmed.

The data gathering firm at the center of Facebook’s controversy over user privacy has been under intense scrutiny from both the U.S. and U.K. governments for pushing advertisements to potential voters on the social network using improperly obtained profile data.

“The company is immediately ceasing all operations,” the data firm announced in a surprise statement on Wednesday, noting that “parallel bankruptcy proceedings will soon be commenced.”

There’s only one problem with this announcement: it isn’t representative of what’s actually happening, as is revealed later in this NBC report:

Paperwork filed with the British government last month, however, shows that many of Cambridge Analytica‘s top executives have been preparing to staff up a separate data firm under a new name: Rebekah Mercer and her sister Jennifer joined the board of a new data gathering company called Emerdata on March 16, but it is unclear what their roles will be.

In a British government filing declaring her new role as director at Emerdata, Rebekah Mercer listed her correspondence address as 597 Fifth Avenue in Manhattan — Cambridge Analytica’s New York office.

I doubt anyone actually believes that this is little more than a rebranding, but headlines on the reportage around this — including the one for this NBC report — give the impression that Cambridge Analytica’s overall operations are ceasing. That clearly isn’t the case, and the headlines should more accurately reflect that.

  1. The Times had a more relevant notification too, but I think I opened the app and it disappeared. ↩︎

Google Launches .app Top-Level Domain

I completely understand the arguments for giant internet companies having their own top-level domains, but it seems like a disaster waiting to happen for them to own generic domains as well. Chrome is the world’s most popular web browser; as Ben Sargent points out, it seems like only a matter of time before they could launch a TLD that only works with Chrome. Or Google could own a TLD that forces websites to carry tracking scripts.

It may be hard to understand today why Google could take these actions. But we should be more cognizant of handing control of whole sections of the web over to for-profit companies, especially those that are behavioural advertising companies.

Update: A better example of something Google might do is rank .app addresses higher in search, like they do for AMP websites.

Publisher Groups Rebuke Google’s Interpretation of E.U. Privacy Law

Paresh Dave, Reuters:

As part of its plans for GDPR, Google would offload to publishers the burden of getting user consent for the data collection that is at the core of how Google’s ad-serving business operates.

The company has also irked publishers by saying that rather than being a “processor” of data as defined by GDPR, it wants to be a “controller,” giving it more ability to use information such as reader data for its own purposes.

“Your proposal severely falls short on many levels,” publisher groups wrote to Google Chief Executive Sundar Pichai, adding that it “would undermine the fundamental purposes of the GDPR and the efforts of publishers to comply with the letter and spirit of the law.”

One big reason why Google is able to demand terms like these from publishers is that they’re the web’s largest ad network. Of course, they wouldn’t be if so many websites — including the sites of the publishers who signed this letter in the first place — opted to use more diverse ad networks, or rolled their own.

The web has opted into an advertising duopoly, with Google and Facebook, and is now expecting two of the biggest companies on the planet to treat them fairly. I’m not saying anyone deserves this, but there is a shared responsibility between ad networks and websites, and different choices should have been made.

Overcast 4.2

Marco Arment introduces the Overcast 4.2 update:

In Overcast 4.2, the login screen now prominently encourages anonymous accounts by default.

If you already have an account in iCloud, it’ll pop up a dialog box over this screen asking if you want to use it.

And the first time you launch 4.2, people with email-based accounts will be encouraged to migrate them to anonymous accounts.

Most often, you hear about new features in apps that require you to give over more information. Facebook will introduce yet another thing that uses the camera and microphone, or Snapchat will add a map of all of your friends and automatically opt you into sharing your own location. How frequently do you see app updates that are designed to reduce the amount of information that’s being collected?

I’d like to see more of this kind of thing. Kudos.

Subscriptions Should Be Easier to Manage on iOS

Stephen Hackett:

To review what subscriptions are active on your account, you have to do some exploring in the App Store, starting by tapping on your account photo, then again on your account info, then scrolling down to Subscriptions […]

Once there, you can scroll through all of your active and past subscriptions, seeing renewal details and making any changes you see fit.

This interface is slow and a little buggy at least on the iPhone X, but my biggest complaint is that it is so far buried.

This interface isn’t just buried in a semi-logical part of the system — it’s totally confusing and only available in this one very silly place. When I reviewed VSCO for the Sweet Setup earlier this year, I subscribed to VSCO X for its additional features, but had a hell of a time trying to unsubscribe. I started by looking in Settings because that’s where Apple Pay and all my other payment details are, but there’s nothing there. I had to search Apple’s knowledgebase for the answer and, even then, got a little confused because the user picture that you have to tap is only visible in three of the five App Store tabs.

I get that this is the kind of thing that users don’t need to see all of the time, but the complement to that observation is that when users want to see it, they usually really need to see it.

Update: Michael Rockwell points out that there is, indeed, a way to manage subscriptions via the Settings app. And, yeah, it’s convoluted:

[You] can also access subscriptions through the settings app: Settings > iTunes & App Store > tap on Apple ID > View Apple ID > Subscriptions

You’re probably better off using, Ryan Jones’ single-serving domain that redirects to Apple’s subscription management: manageapplesubscriptions.com.

It Has Been 229 Days Since the AirPower Charging Mat Was Announced

My Twitter timeline has been full of speculation about when the AirPower mat is likely to ship and whether its launch is technically delayed. Here is, I think, a better question: why do we know about this product at all?

Back when the HomePod’s delayed release date was announced, I wondered about a similar thing:

The announcement of this product at WWDC has confused me from the start. Some reports have compared the HomePod’s delay to that of the AirPods but, while the shipping delay on the latter product was regrettable, its announcement alongside the iPhone 7 — the first iPhone without a headphone jack — made complete sense. It finished the story.

This, though, is just bizarre. All things considered, a delay of about a month and a half isn’t terrible. But what difference would there have been if Apple had announced the HomePod when it was ready and simply pending regulatory approval? I don’t see any reason why the HomePod had to be announced at WWDC last June.

I see echoes of that announcement in that of the AirPower. Why was it announced alongside the iPhones 8 and the iPhone X? What story does it complete? It can’t be the inductive charging story: surely the entire point of using the Qi standard was that there were already loads of charging mats on the market that you could buy — Phil Schiller said as much during that keynote. So what’s the advantage in letting us know about the AirPower far in advance of when it would be available?

Imagine an alternate universe where the AirPower and the wireless charging case for the AirPods weren’t announced until, say, the opening keynote of WWDC this year with same-day availability. Sure, buyers of iPhones and Apple Watches that were released last year would have to suffer through several tedious months of wondering why Apple didn’t make their own charging pad because many of the ones out there right now aren’t very good, but the reaction to its then-immediate availability would have been a classic example of underpromising and overdelivering.

Contrast that with the more testy and impatient reaction reflected by Mike Wuerthele of AppleInsider:

Nobody but Apple can get away with such a long period of time between announcement and shipping. Narratives spin out of control in the interim, predicting doom and gloom which is nearly never warranted to the magnitude that’s on display.

There’s probably a great reason why the AirPower and compatible AirPods case haven’t yet been released. They’re probably going to be good products, too. But I don’t see any reason why we should be aware now that they’re on the way.

Apple Officially Exits the WiFi Router Business

Rene Ritchie, iMore:

Apple is ceasing production of its AirPort Express, AirPort Extreme, and AirPort Time Capsule Wi-Fi routers. I had a chance to speak to Apple briefly about the decision, and here’s the statement I was given:

“We’re discontinuing the Apple AirPort base station products. They will be available through Apple.com, Apple’s retail stores and Apple Authorized Resellers while supplies last.”

This has been expected for a while, but it’s still a bummer. The AirPort Extreme that this post was transmitted through I’ve owned for about six years and it’s still going strong; my parents’ Extreme is ten years old and it works just fine.

Zac Hall of 9to5Mac points out that most of the AirPort lineup’s functions have been eclipsed by a bunch of other stuff Apple has introduced since the last time they updated anything in the AirPort range. One thing that doesn’t yet have a replacement, though, is the Time Capsule’s backup functionality. Almost no third-party routers support backing up a Mac over WiFi, and even though I would love to see the introduction of Time Machine in the Cloud, backing up my Mac would occupy about half of my 2TB storage plan, which costs about twice as much per month as Backblaze.

Facebook’s Privacy Scandal Appears to Have Little Effect on Its Bottom Line

Sheera Frenkel and Kevin Roose, New York Times:

The Silicon Valley company reported a 63 increase in profit and a 49 percent jump in revenue for the first quarter, driven by continued growth in its mobile advertising business. Mobile advertising now represents more than 90 percent of Facebook’s advertising revenue.

The company also said that it added 70 million monthly active users last quarter, bringing it to 2.2 billion monthly active users as of March.

The results sent Facebook’s shares up more than 7 percent in aftermarket trading on Wednesday, reflecting Wall Street’s willingness to shrug off the company’s privacy issues as long as the money keeps flowing in.

Facebook’s stock is still down compared to its pre-exposé high, but recall what I wrote a few weeks ago: I’d bet good money that Facebook’s value will return to its previous high within a year or so. Investors won’t punish the company unless users do first, in droves.

Google Debuts a Standalone To-Do App, Google Tasks

Sarah Perez, TechCrunch:

Along with today’s big reveal of the redesigned version of Gmail, Google also more quietly introduced a new app that ties into its suite of productivity applications: Google Tasks. The app, as the name implies, offers you a dedicated place to create, view and edit your task list and to-dos, including those created from within the new Gmail or from Google Calendar.

Like most Google apps, Tasks feels like you’re using an Android app that has been lazily ported to iOS. Unlike most of their other apps, though, Tasks uses an inconsistent mix of Roboto, their old brand typeface, and Product Sans, their new one. The two faces don’t look good together — it’s like when Apple shipped apps that used both Helvetica and Lucida Grande.

According to their announcement of Product Sans and their new logo, the typeface was supposed to be used in promotional materials and lockups, but there’s no mention of it being used for product UIs. In fact, the only other product I can find that has this same inconsistent mix is the new Gmail.com, also previewed today.

It isn’t just about what these typefaces look like, either, but how they’re used. For example, when entering a new task, the name of the task is set in Product Sans; when it is added to the list, it becomes Roboto. Tapping on the task takes you to a details view where, now, the name of the task is in Product Sans. There are three options to add more information: if you want to add details, you’ll do it in Roboto, but adding a due date will be in Product Sans. The “add subtasks” button — well, text in the same grey as everything else except other buttons that are blue — is set in Product Sans, but the tasks are set in Roboto.

I sound like I’m nitpicking, but I’m really not. This is a simple app; the only reason it has added complexity and confusion is because Google wants their iOS apps to look like their Android apps.

Google’s Mass Data Collection

Christopher Mims, Wall Street Journal:

As justifiable as the focus on Facebook has been, though, it isn’t the full picture. If the concern is that companies might be collecting some personal data without our knowledge or explicit consent, Alphabet’s Google is a far bigger threat by many measures: the volume of information it gathers, the reach of its tracking and the time people spend on its sites and apps.

New regulations, particularly in Europe, are driving Google and others to disclose more and seek more permissions from users. And given the choice, many people might even be fine with the trade-off of personal data for services. Still, to date few of us realize the extent to which our data is being collected and used.

“There is a systemic problem and it’s not limited to Facebook,” says Arvind Narayanan, a computer scientist and assistant professor at Princeton University. The larger problem, he argues, is that the very business model of these companies is geared to privacy violation. We need to understand Google’s role in this.

This conversation is long overdue, but it’s vital we have it. How comfortable are we with (two) large American companies collecting and storing the vast majority of our online activities? If you are, that’s fine — Google and Facebook should have no objection to fully disclosing the extent of their tracking to gain your entirely-knowledgeable permission for doing so, but you should be able to turn it off any time you want. If you aren’t comfy with that — as, I think, the past couple months’ worth of stories about Facebook have suggested — shouldn’t that be fully respected by having none of your browsing tracked? Default cookie settings play a big role in the implied consent to tracking, of course, but more insidious means have also surfaced and which are impervious to changes in cookie settings, and with no easy way of opting out. Isn’t that obviously unethical?

SmugMug Acquires Flickr

Jessica Guynn, USA Today:

Flickr has been snapped up by Silicon Valley photo-sharing and storage company SmugMug, USA TODAY has learned.

SmugMug CEO Don MacAskill told USA TODAY he’s committed to breathing new life into the faded social networking pioneer, which hosted photos and lively interactions long before it became trendy. 

SmugMug, an independent, family-run company, will maintain Flickr as a standalone community of amateur and professional photographers and give the long neglected service the focus and resources it deserves, MacAskill said in an exclusive interview. 

He declined to disclose the terms of the deal, which closed this week.

The last time Oath — née Yahoo — showed any interest in Flickr was five years ago when they rethought the platform and gave everyone a terabyte of storage for free, and unlimited storage for just $25/year. And then they just sort of sat on it.

This is potentially good news because Flickr was, until this week, a Verizon company, and I think that it’s a little bit weird for an ISP and cable TV provider to be in charge of hosting your precious photographs. SmugMug, though, is a much smaller company, and it’s a good question whether they’ll be able to revitalize Flickr while retaining those high storage accounts.

Tim Cook Reiterates That Apple Isn’t Going to Merge the iPad and the Mac

Peter Wells of the Sydney Morning Herald interviewed Tim Cook after Apple’s education event last month in Chicago:

“We don’t believe in sort of watering down one for the other. Both [The Mac and iPad] are incredible. One of the reasons that both of them are incredible is because we pushed them to do what they do well. And if you begin to merge the two … you begin to make trade offs and compromises.

“So maybe the company would be more efficient at the end of the day. But that’s not what it’s about. You know it’s about giving people things that they can then use to help them change the world or express their passion or express their creativity. So this merger thing that some folks are fixated on, I don’t think that’s what users want.”

Cook said basically the same thing a few years ago in an interview with Independent.ie.

One comment that he made in Wells’ interview stood out at me:

“I generally use a Mac at work, and I use an iPad at home,” Cook tells me, “And I always use the iPad when I’m travelling. But I use everything and I love everything.”

In 2014, Cook told the Wall Street Journal that he did about 80% of his work on his iPad; this is a subtle change in how he’s communicating what he uses to get work done. I’m not sure how much you should read into his comment — Apple kremlinology is often a waste of time — but it’s an interesting shift, I think.

‘Login With Facebook’ Data Hijacked by JavaScript Trackers

Josh Constine, TechCrunch:

Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It’s unclear what these trackers do with the data, but many of their parent companies including Lytics and ProPS sell publisher monetization services based on collected user data.

The abusive scripts were found on 434 of the top 1 million websites including cloud database provider MongoDB. That’s according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton’s Center For Information Technology Policy.

There are clearly problems with trusting third-party code, and it is the responsibility of developers to adequately audit that code and ensure it is safe for end users. It’s getting to the point where scripts like these ought to be treated as potential malware.

U.S. Rep. Marsha Blackburn Favourably Compares Internet Fast Lanes to TSA Precheck

Jon Brodkin, Ars Technica:

Congressional Republicans want to impose “net neutrality” rules that allow Internet service providers to charge online services and websites for priority access to consumers. Making the case for paid prioritization Tuesday, US Rep. Marsha Blackburn (R-Tenn.) said that paying for priority access would be similar to enrolling in TSA Precheck.

Blackburn is clearly counting on the public’s well-known admiration of the TSA to sell this proposal to them, whether it’s because they’re waiting in line for two hours, being groped by an agent, or having their knitting needles confiscated and their shampoo tossed in the trash.

Blogging Is Most Certainly Not Dead

Jason Kottke:

Social media is as compelling as ever, but people are increasingly souring on the surveillance state Skinner boxes like Facebook and Twitter. Decentralized media like blogs and newsletters are looking better and better these days…

They certainly are. I look forward to opening my RSS reader on my iPhone, even, in a way I don’t for any social media app. I even enjoy receiving the latest editions of the handful of email newsletters that I subscribe to.1 The former consists of stories from websites I trust in reverse-chronological order, and nothing more; the latter is a daily dose of links curated and placed into context by smart, reputable people.

  1. Brian Stelter’s “Reliable Sources”, Charlie Warzel’s “Infowarzel” — truly a terrific name, too — and Dave Pell’s “NextDraft”. ↩︎

The Facebook Media Backlash

Charlie Warzel, Buzzfeed:

Using publicly available information pulled from the APIs of USA Today, the New York Times, the Guardian, and BuzzFeed, researcher Joe Hovde compiled over 87,000 articles about Facebook published by the four outlets between 2006 and 2018. Then he ran a sentiment analysis on them, scoring words on a positive-to-negative scale of -5 to +5 — for example, a negative word like “fake” was scored -3, while a more positive word like “growth” was scored +2. The results were grim.

Hovde’s chart shows a steep increase in almost exclusively negative sentiment about Facebook beginning in late 2016, around the time of the presidential election. It also reveals a steady decline in positive sentiment between 2006 and 2016.

What this study seems to show is that the media is reacting solely to the remarkably shitty outcome of the 2016 American presidential election, arguably partially enabled by Facebook’s micro targeted ads. What it actually reveals is that Facebook — and Silicon Valley firms more generally — should have been covered with much more scrutiny and skepticism for years. The growing influence of algorithmically-tailored information based on mass data collection has always been worrying for now-obvious reasons, and more mainstream outlets should have explored that angle sooner and more frequently.

Dieter Bohn’s Suggestions for Improving iOS Notifications

Dieter Bohn, the Verge:

The iPhone, though… Apple and I have fundamentally different philosophies about how we should relate to notifications. I see them as a new kind of email: annoying, necessary, and ultimately super useful. I want a framework for managing notifications — just like I have a framework for managing email.

Apple seems to believe that I shouldn’t go in for all that. Notifications are fundamentally distracting, so I think Apple’s solution is to convince us to stop giving them so much attention. Turn them off, let them float by, don’t worry about reaching “notification zero” (so to speak). My colleague Vlad Savov called it “an endless scrolling list of puffy notification clouds” and I think that’s apt. The result of this philosophy, I think, is that the tools Apple provides for dealing with notifications are blunt instruments. But I also think it’s the wrong philosophy. Some notifications are actually super important, but they’re too easy to miss in that endless pile of clouds.

Via John Voorhees at MacStories:

[…] I agree with Bohn that adding the ability to jump directly to an app’s notification settings from the notification itself would go a long way on iOS. As Federico and I discussed recently on AppStories, periodically evaluating and adjusting notifications is essential to avoiding notification overload on iOS, but it’s also something that becomes a project because it requires a lot of hunting and tapping. With a system like Android’s, I can imagine making fine-tuned adjustments to notifications more frequently because doing so would be less likely to disrupt what I was doing when I’m interrupted.

More than almost anything else on the system, managing notifications on iOS can quickly become a lot of work. I think a big reason for that it because we think of notifications as varying in importance — from high-priority phone calls and iMessage conversations right down to ads — but the system treats the vast majority of notifications similarly. There are basically four levels of notification, roughly in order of attention prioritization:

  1. Screen takeover, used for things like phone calls and the timer that have the highest priority notifications.

  2. Persistent banners.

  3. Temporary banners.

  4. Icon badges.

Most apps default to using temporary banners regardless of the notification’s priority, but that style is often way too intrusive, yet not helpful enough. With the exception of badges, notifications almost always cover part of an open app, which isn’t as passive as a “puffy notification cloud” ought to be. In addition, ways to handle notifications without having to open the spawning app have been added over time, with features like inline replies and richer notifications, but many apps don’t take full advantage of these characteristics.

In my ideal world, notifications would somehow not cover what I’m looking at, would be less prone to inundating me, and would do a better job of managing themselves without my intervention. I have no idea how to get to that point, but one thing I absolutely do not want, from Bohn’s list, is the ability for apps to add themselves to the status bar. That seems like an easy recipe for clutter, particularly with the notched status bar of the iPhone X.

Gurman: Apple Plans a News Subscription Service

Mark Gurman, Bloomberg:

Apple Inc. plans to integrate recently acquired magazine app Texture into Apple News and debut its own premium subscription offering, according to people familiar with the matter. The move is part of a broader push by the iPhone maker to generate more revenue from online content and services.

The Cupertino, California company agreed last month to buy Texture, which lets users subscribe to more than 200 magazines for $9.99 a month. Apple cut about 20 Texture staff soon after, according to one of the people.

The world’s largest technology company is integrating Texture technology and the remaining employees into its Apple News team, which is building the premium service. An upgraded Apple News app with the subscription offering is expected to launch within the next year, and a slice of the subscription revenue will go to magazine publishers that are part of the program, the people said. They asked not to be identified discussing private plans. Apple declined to comment.

If this is anything like Apple Music, I’d like to think that it could offer subscribers the opportunity to explore different perspectives in journalism while ensuring each publication gets paid.

With iCloud and Apple Music already, plus Apple News and a Netflix-like service rumoured, Apple is soon to offer a lot of subscription services. Is there a point at which it makes sense for them to offer something like an all-access pass for, say, $40 a month?

Also, for some reason, Gurman asked Gene Munster for comment on this article. You know — that Gene Munster. That Gene Munster.

Update: On a related note, I certainly hope Apple News comes to users outside of the United States, United Kingdom, and Australia. Not just this rumoured subscription — though I hope that’s more widely available as well — but Apple News as an app.

Mignon Clyburn Steps Down From FCC

Kim Hart, Axios:

Clyburn, an Obama nominee, was a consistent advocate for low-income, minority and other marginalized communities. She was a strong supporter of net neutrality, media ownership reform and lowering prison phone rates. Clyburn often clashed with current chairman Ajit Pai over policy decisions.

While Clyburn’s resignation had been expected for some time, her departure leaves an open seat on the five-member commission until a replacement is nominated by President Trump and confirmed by the Senate.

The FCC is now a four-member commission with only one remaining Democrat — and, not coincidentally, only one remaining supporter of net neutrality in its policy-deciding directorship.

Fifty Shades of Grey

To be fair, Michael Steeber of 9to5Mac has catalogued only twelve shades of greys and blacks that Apple has used since 2012. Several of those variations show very minor differences; I wonder if the shades of white and even the plain anodized aluminum shades Apple has used over the same time period also show similar — albeit more subtle — variations in colour.

The Hilarious Life and Agonizing Death of Online Comedy

Alison Herman and Victor Luckerson of the Ringer wrote a fantastic look at how online comedy sites have evolved over the past couple of years, with major changes to Facebook’s News Feed algorithms, the rise of the present American administration, and — to borrow Onion editor-in-chief Chad Nackers’ term — the “Onionization” of the world. I thought this was revealing:

Newell estimates that less than 10 percent of Reductress’s traffic is direct. Most users follow a link from an external site like Facebook or Twitter rather than navigating to the site’s homepage. Social media has so fundamentally altered internet users’ behavior that it’s difficult for individual sites to overcome. “Nobody goes on their computer and types in ‘Funnyordie.com,’” says Adriana Robles, a former staff writer at Funny or Die. “You don’t type in any website like that.”

This, in turn, created a feedback loop in which companies put fewer resources into websites and other hubs that could compete with social media. “We’re now at a point where, because everyone became dependent on Facebook, we all let our websites atrophy,” Klinman says. The big Onion website redesign in 2015 was undone when the company was acquired by Univision just eight months later and, late last year, transferred all its articles to Kinja, the same aesthetically spare publishing system used by Gizmodo, Jezebel, and other former Gawker Media sites that now share a corporate umbrella with The Onion.

The Onion is now a Gawker blog,” Klinman says. “We’ve just erased the idea that things have had importance on the internet — that it’s important to have a home, that it’s important to have a place that’s distinct and is what your brand is. Instead, we’ve flattened everything out so that it will do well on Facebook’s version of the internet.” And on Facebook’s version of the internet, everything looks the same, making it difficult for individual websites to stand out and build a distinct reputation — even voicey, incisive sites like The Onion, Reductress, and Very Smart Brothas, which have a well-honed ability to announce themselves with catchy, clever headlines.

Herman and Luckerson also profile websites like McSweeney’s Internet Tendency, which have managed to adjust, stabilize, and even grow.

Previously: I wrote a little about the ruinous sameness of Kinja websites.

Techniques for Locking Down Your Privacy and Security Online

Natasha Lomas and Romain Dillet of TechCrunch have assembled a good guide on how to remain more private and secure online. If there’s one thing I took away from this list, it’s that it’s doable, but often very difficult. That doesn’t mean you shouldn’t try — you should, and you can pick-and-choose — but know that you’ll also find your newly-private browsing somewhat less convenient and straightforward.

I loved this, by the way:

Are you really getting so much value from an app that you’re happy for the company behind it and anyone else they partner with to know everywhere you go, everyone you talk to, the stuff you like and look at — even to have a pretty good idea what you’re thinking?

Think about that: how much are you actually getting out of the apps and services you use; and, how much are they getting out of you?

Personalized ‘Hey, Siri’

A new update on Apple’s machine learning blog explores their approach to speaker recognition in detecting “Hey, Siri”. It’s obviously fairly technical, but I found this bit interesting as it describes how they measure the success of the key phrase activating Siri:

The overall goal of speaker recognition (SR) is to ascertain the identity of a person using his or her voice. We are interested in “who is speaking,” as opposed to the problem of speech recognition, which aims to ascertain “what was spoken.” SR performed using a phrase known a priori, such as “Hey Siri,” is often referred to as text-dependent SR; otherwise, the problem is known as text-independent SR.

We measure the performance of a speaker recognition system as a combination of an Imposter Accept (IA) rate and a False Reject (FR) rate. It is important, however, to distinguish (and equate) these values from those used to measure the quality of a key-phrase trigger system. For both the key-phrase trigger system and the speaker recognition system, a False Reject (or Miss) is observed when the target user says “Hey Siri” and his or her device does not wake up. This sort of error tends to occur more often in acoustically noisy environments, such as in a moving car or on a bustling sidewalk. We report FR’s as a fraction of the total number of true “Hey Siri” instances spoken by the target user. For the key-phrase trigger system, a False Accept (or False Alarm, FA) is observed when the device wakes up to a non-“Hey Siri” phrase, such as “are you serious” or “in Syria today.” Typically, FA’s are measured on a per-hour basis.

I’ve been extremely impressed by the performance of “Hey, Siri” over the last couple of years. Not only does it reliably wake my device, it also does not wake my girlfriend’s — and vice-versa, when she says “Hey, Siri”.

What Siri does after that leaves much to be desired, of course.

The Other Irresponsibility

Following Mark Zuckerberg’s awkward and tedious testimony before the House and Senate came several great pieces from journalists covering it, as well as Facebook as a whole. I wanted to collect a few of the best that I found as a sort of highlight reel of irresponsibility.

Sam Biddle, of the Intercept, on Zuckerberg’s frequent claims that he didn’t know the answer to a question, :

After watching the Facebook founder and CEO’s 48-hour trip to Capitol Hill, there are two possible conclusions: either Mark Zuckerberg deliberately misled Congress, or Mark Zuckerberg knows very little about his own company. Both are bad.

Again and again, before both Senate and House committees, Zuckerberg pleaded ignorance about the company he created and has controlled for 14 years. Zuckerberg wasn’t dodging questions about obscure corners of the company or corporate minutiae, but the most plainly fundamental aspects of Facebook’s business and privacy policies. Rather than the congressional beatdown many had expected, the most striking aspect of Zuckerberg’s testimony wasn’t his painful apologias or excuse-spinning, but his ability to spend nearly 10 hours saying almost nothing. The hearings may prove to be a sea change moment for Facebook and the greater data-mining industrial complex, but it would be hard to say the public learned much of anything.

Alex Kantrowitz, Buzzfeed:

During his two-day marathon testimony in Washington this week, Facebook CEO Mark Zuckerberg looked particularly uncomfortable answering basic questions about how Facebook tracks people when they’re not using Facebook. In case you hadn’t already heard, yes, it’s true: Facebook can track your online activity even if you aren’t signed in to Facebook.

Paris Martineau, the Outline:

Facebook claims that you can download a copy of everything it has on you here. Mark Zuckerberg said the same during his testimony to the U.S. House of Representatives yesterday (“Congressman, I believe that all of your information is in that — that file.”). However, according to Facebook’s own Privacy Operations Team, both of these statements are wrong. Even better, Facebook has told users it cannot give out this information because it’s too difficult to access and package into a readable format.

Alexis C. Madrigal, of the Atlantic, expands on the same topic:

This apparent contradiction relies on the company’s distinction between the content someone has intentionally shared — which Facebook mines for valuable targeting information — and the data that Facebook quietly collects around the web, gathers from physical locations, and infers about users based on people who have a similar digital profile. As the journalist Rob Horning put it, that second set of data is something of a “product” that Facebook makes, a “synthetic” mix of actual data gathered, data purchased from outsiders, and data inferred by machine intelligence.

With Facebook, the concept of owning your data begins to verge on meaningless if it doesn’t include that second, more holistic concept: not just the data users create and upload explicitly, but all the other information that has become attached to their profiles by other means.

Gennie Gebhart, for the EFF:

Facebook’s ethos of connection and growth at all costs cannot coexist with users’ privacy rights. Facebook operates by collecting, storing, and making it easy to find unprecedented amounts of user data. Until that changes in a meaningful way, the privacy concerns that spurred these hearings are here to stay.

Andrew Ross Sorkin, New York Times:

When Google first introduced Gmail in 2004, this newspaper raised questions about the prospect of users objecting to a service that displayed advertising to them based on the content of their email: “For many, the bottom line appears to be that sifting through personal email with an eye toward making a sale is beyond the pale.”

Well, now more than 1.2 billion people have active accounts with Gmail, a service that until the end of last year sifted through your private messages. Apparently, it wasn’t beyond the pale.

For consumers, the transaction has always been pretty clear: The convenience of free service in exchange for information that allowed advertisers to specifically target us. The distinction in that equation was motivation; we figured our data was being used by benign companies seeking to sell us that pair of sneakers we wanted, not by bad actors trying to influence our political votes — or incite violence in places like in Myanmar.

These are all very good points made by astute writers in publications that I trust. Yet, most of these web properties — the EFF’s and the Intercept excluded — use some form of Facebook’s tracking scripts, whether that’s a Like or Share button, Beacon, or Pixel. That means they’re part of the problem; in a way, I am, too, by linking to them but, in my defence, Facebook’s scripts are among the web’s most popular, as are — surprise, surprise — Google’s.

The Outline uses Facebook’s Custom Audience and Pixel tracking, according to Ghostery. However, you may not be aware of that because it isn’t exactly something they advertise. To find it, you’d have to open the hamburger menu on the above linked page, click the small “Legal” link at the bottom, and look under the second section of their privacy policy where they link to a help article about the Facebook Pixel without outright stating that they’re using it.

They’re not alone; many websites don’t fully disclose their use of these trackers, and most do so only in a byzantine and buried privacy policy. The New York Times, for example, has a tiny grey “Privacy” link nestled in their footer. Then, you must scroll about halfway down the page to the “Third Parties” section, where you may “click here” to view a list of third-parties that “may be using cookies”. However, Facebook does not appear on this list despite the Times absolutely using their scripts. I was unable to find a reference on their website to the Times’ use of Facebook’s advertising and targeting scripts.

What’s absolutely clear here is that websites need to stop using Facebook’s tracking scripts — and Google’s too, while they’re at it.

For what it’s worth, users can and should make it harder for advertising companies to collect their browsing data. In iOS, under Privacy in Settings, you can switch on the Limit Ad Tracking option, and turn on Prevent Cross-Site Tracking under Safari settings. The latter option is also available for Safari on MacOS. Zack Whittaker at ZDNet has more information on opting out. You can also use a script or ad blocker to prevent tracking scripts from loading.

I completely understand that these scripts provide many advantages from a marketing and advertising perspective. I also get that the realities of the news business mean that publishers feel forced to make hard choices that increase revenue despite potentially compromising on principle. But websites that embed these scripts are contributing to these privacy-violating platforms. All web property owners — but especially highly-trafficked properties — have a responsibility to their visitors. Participating in a web-wide tracking scheme betrays that trust. It must be stopped.

Gurman: HomePod Sales Are Middling So Far

Mark Gurman, Bloomberg:

At first, it looked like the HomePod might be a hit. Pre-orders were strong, and in the last week of January the device grabbed about a third of the U.S. smart speaker market in unit sales, according to data provided to Bloomberg by Slice Intelligence. But by the time HomePods arrived in stores, sales were tanking, says Slice principal analyst Ken Cassar. “Even when people had the ability to hear these things,” he says, “it still didn’t give Apple another spike.”

During the HomePod’s first 10 weeks of sales, it eked out 10 percent of the smart speaker market, compared with 73 percent for Amazon’s Echo devices and 14 percent for the Google Home, according to Slice Intelligence. Three weeks after the launch, weekly HomePod sales slipped to about 4 percent of the smart speaker category on average, the market research firm says. Inventory is piling up, according to Apple store workers, who say some locations are selling fewer than 10 HomePods a day. Apple declined to comment. The shares gained 1.4 percent to $173.83 in early trading.

This doesn’t surprise me. I mean that in the sense that the HomePod isn’t, as far as I’m concerned, a very good product yet, but also because it’s a version one Apple product that doesn’t have a wide rollout. Some analysts were disappointed with initial Apple Watch sales, too, and it launched in nine major markets instead of the three that the HomePod is currently available in. That’s not to say that miserable sales are good or that the HomePod’s launch has been all rosy; I just wouldn’t read too much into this report.

Meanwhile, Juli Clover at MacRumors is reporting that Siri has been updated with — and you’re not going to believe this — more jokes. Truly, what we have all been waiting for.

Behind the Music

After I linked to Kirk McElhearn’s piece about Apple Music’s limited search capabilities, Erin “Syd” Sidney pointed me to a three-year-old post he wrote about the lack of detailed creator information available on the platform:

Liner notes are how my friends became walking encyclopedias who could draw a line, no matter how thin, between records that spanned genres and generations.


Songwriters whose work we could admire and follow as they provided the musical framework for artists to develop. Producers. Engineers. Humans.

Each one of these people represents an industry, one being bulldozed over by what appears to be simply a lack of attention to detail.

Music purchased via the iTunes Store has long included a PDF version of the album booklet, and went even further in 2009 with the introduction of the interactive iTunes LP format. In an amazing coincidence, Apple just recently stopped accepting new iTunes LPs in the Store.

While I don’t think the full experience of the iTunes LP format was successful, I wish elements of that could be brought into Apple Music. Hip-hop producers and a handful of rock producers are well-represented in Apple Music playlists, but imagine if you could get detailed information about any track. Lyric support, introduced in iOS 10, is a great start for listeners to begin to explore music in greater depth,1 but songwriters, engineers, musicians, and non-superstar producers regularly go uncredited.2

Note that the absence of this information isn’t necessarily a technical issue. My understanding is that major artists submit directly to streaming platforms with track metadata set according to the ID3 spec and album metadata added separately; indie artists submit this information via intermediaries like CD Baby and Tunecore. If you’ve ever edited track or album information in iTunes, you’re familiar with several of the fields ID3 supports. However, there are several fields not shown in iTunes that are also supported, including the “TIPL” field, which stands for the “involved people list”.

It would certainly be a Herculean effort to add this information to all of the tens of millions of tracks in Apple Music — an effort that, in my fantasy world, would be totally worth it. For starters, many producers and songwriters are known for particular styles; adding more of this information could make for more accurate suggestions. But, along the lines that Sidney writes, it could also encourage deeper user discovery. There’s nothing like working your way through a songwriter’s catalogue, or understanding the widely-varied engineering career of someone like Steve Albini, or grasping the scope of every album Bob Ludwig has mastered.

  1. Not only does Spotify display lyrics, they went one step further and built in Genius support to help explain the lyrics. ↩︎

  2. I wonder if this is one reason why producers like Metro Boomin and Murda Beatz frequently tag the tracks they produced with a unique vocal signature. ↩︎

The Joys of Data Hygiene

The Economist describes Europe’s new data privacy law, GDPR, set to go into effect on May 25:

The new law was mostly written by privacy-conscious Germans. Consent to collect and process personal data now has to be “unambiguous” and for “specific” purposes, meaning that catch-all clauses hidden in seldom-read terms and conditions, such as “your data will be used to improve our services”, will no longer be sufficient. “Data subjects” can demand a copy of the data held on them (“data portability”), ask for information to be corrected (“right to rectification”), and also request it to be deleted (“right to be forgotten”).


As a result the GDPR ensures that all organisations which collect and keep data will take their use (and abuse) much more seriously. Take the fines. Under the GDPR’s predecessor, an EU directive dating from 1995, fines were negligible. The upshot was that firms gave data protection little attention and few resources. But the risk of hefty penalties has raised privacy to a board-level matter. “We have support from the top down,” says Susan Bandi, who is in charge of data security and privacy at Monsanto, an agrochemicals company.

There has never been a more consumer- and person-friendly data privacy law than GDPR. We can all hope for a ripple effect where adhering to GDPR’s rules becomes the easiest solution for companies worldwide; unfortunately, that’s not likely for giants like Facebook and Google. But it is a huge step forward for Europeans, and a model of what a good personal data protection law looks like.

Updates From Indonesia

I returned recently from another trip throughout Indonesia and want to share some observations and updates since the first time I visited two and a half years ago.

When I visited in 2015, 3G service was the norm, and even in densely-populated areas of Java and Bali, it was typical to see only two or three bars. Now, strong LTE service blankets much of both islands. That’s important: the only internet connection many people have is through their smartphone.

It’s also great for battery life. The iPhone X I used on this trip has a much bigger battery than the iPhone 6S I used last time, which obviously contributes to longer battery life, but so does the quality of the cellular signal.

One of the more notable changes is that most people are now carrying one smartphone, as opposed to the two or more per person that I saw previously. There are, I suspect, several reasons for this — phones are better, there’s better balance between performance and battery now, and high-end smartphones are more expensive — but, based on what I’ve been told and what I can figure out with the limited online reporting on this, it appears that Indonesian law now requires cellular plans with voice and SMS capabilities to be associated with a national ID number when they are registered. I don’t think this means that someone can’t have two or more cell plans, but my understanding is that it’s discouraged.

For that reason, I had a data-only plan purchased for me, with no voice or SMS capabilities. This time, I didn’t need to power-cycle my phone for my Telkomsel SIM to be recognized, but a weird thing happened where, because iMessage couldn’t send and receive its authentication text messages, it was unable to complete its setup on the Indonesian number.

The pre-paid SIM offer I got is no longer available, but it cost about $10 for 11GB. Instead of being in a single bucket of bytes, my data allotment was split: 7GB of general data, 2GB for WhatsApp and BBM, and 2GB for “VideoMax”. The general 7GB bucket was also split into different amounts for 3G and LTE data, and roaming within the country — the SIM card was purchased in Surabaya, but I travelled to Lombok, Bali, and Semarang as well. It wasn’t quite clear how this data was split up; all I know is that, after two weeks, I got a text message from Telkomsel that I had zeroed out my data allotment after using just 2GB, according to iOS’ cellular settings. Data continued to flow, however, without topping up the card.

I find this plan’s separation of data into different buckets confusing and ultimately unhelpful. If I don’t use WhatsApp or BBM, I forfeit 2GB of my plan; conversely, if I were a heavy user of these services, I would have to stop after 2GB was used, even if I had a lot of data available in the general bucket.

In addition to my phone, I also brought my MacBook Air on this trip: it’s a great — and legal — backup battery, and it means that I can offload photos from my SD card every evening and back them up for safety.

Unfortunately, MacOS tends to be quite aggressive about its internet use when given the opportunity, and there are limited controls to restrict it. For example, I have automatic software updates enabled, which means that hundreds of megabytes-to-gigabytes download in the background, even on lower-bandwidth connections. This is good for my computer’s security, but it can be a bit rude when using someone else’s internet connection with a monthly bandwidth cap, or a portable wireless hotspot. Furthermore, I use iCloud Photo Library, which tends to monopolize bandwidth while it uploads all those RAW photos.

There are controls to switch these functions off individually — though the button to pause iCloud Photo Library uploads did not reliably appear for me — but I feel like there should be some sort of global option to restrict the bandwidth consumption of these system service. MacOS could also do a better job managing this automatically. A third-party app called TripMode appears to work well for this — I just didn’t discover it in time for this trip.

Last time I visited, Samsung and LG phones were everywhere, but so, too, were BlackBerrys. Still. Now, the BlackBerrys are gone and, while the two giant Korean companies remain popular, newer brands from China are on the ascendance. Everywhere I went, I saw loads of people using phones from Vivo and Oppo. It was impossible to miss the giant green Oppo banners hung outside seemingly every phone vendor’s store. Both companies make shameless iPhone clones with iOS-styled versions of Android. iPhones remain very expensive in Indonesia: a 64 GB 4.7-inch iPhone 8 is Rp 12,599,000 — about $920 USD or nearly four months of minimum wage earnings in Jakarta.

Uber wasn’t able to make inroads in Southeast Asia, but two other companies have taken Indonesia by storm: Grab, which acquired Uber’s Southeast Asian business, and Go-Jek. Both operate platforms for multiple services. Go-Jek, appropriately, offers rides for a single person on a motorbike, but they also have car drivers and a partnership with Bluebird taxis for fixed-rate fares. In addition, they provide food delivery and even have a payment service built in. Based on what I’ve read, Grab is similar, but I only used Go-Jek.

On a non-technical note, leaving Indonesia for a second time was even harder than the first. It was and remains a beautiful country full of exceptionally generous people, delicious food, beautiful weather, and a depth and breadth of culture. I can’t wait until I get to go back.

Rethinking the Apple Watch Platform

Manton Reece, reacting to stats that David Smith posted of the adoption rate of the Series 3 Apple Watch compared to prior versions:

The big difference between the Apple Watch and the original iPhone or iPad is that many people (perhaps most) do not run third-party apps on the watch. Those people are not even counted in David Smith’s numbers. Unlike the iPhone and iPad, which are significantly improved with new apps, the Apple Watch is pretty good with only the built-in Apple features.

The Apple Watch, as a product, has become very successful, and I know I use mine regularly throughout the day. But it has not been a good platform for third parties. Opening iOS up to third-party developers was instrumental in the success of the iPhone and iPad, but I’ve seen no evidence of a correlating effect between WatchOS and the Apple Watch.

An easy answer to this is that third-party WatchOS apps simply don’t need to exist, but I don’t think that’s the case either. There are plenty of instances where you might want to run a non-Apple app on your watch. I know that I would love to use Transit to know, at a glance or with a voice command, when the next train will arrive. But the platform simply isn’t there yet, and likely won’t be until Apple starts using the same tools as third-party developers.

Mark Zuckerberg’s Fourteen-Year Apology Tour

Zeynep Tufekci, writing in Wired:

Facebook’s 2 billion users are not Facebook’s “community.” They are its user base, and they have been repeatedly carried along by the decisions of the one person who controls the platform. These users have invested time and money in building their social networks on Facebook, yet they have no means to port the connectivity elsewhere. Whenever a serious competitor to Facebook has arisen, the company has quickly copied it (Snapchat) or purchased it (WhatsApp, Instagram), often at a mind-boggling price that only a behemoth with massive cash reserves could afford. Nor do people have any means to completely stop being tracked by Facebook. The surveillance follows them not just on the platform, but elsewhere on the internet — some of them apparently can’t even text their friends without Facebook trying to snoop in on the conversation. Facebook doesn’t just collect data itself; it has purchased external data from data brokers; it creates “shadow profiles” of nonusers and is now attempting to match offline data to its online profiles.

Again, this isn’t a community; this is a regime of one-sided, highly profitable surveillance, carried out on a scale that has made Facebook one of the largest companies in the world by market capitalization.

As is often the case with one of Tufekci’s pieces, this is a must-read in full. I pulled the above quote because I think it illustrates the depth and breadth of Facebook’s business model and its intrusiveness in the public sphere, even among those who are not registered users. I don’t think it’s possible to grasp the scale of their power and influence, but Tufekci comes close.

This Could Revolutionize That

Kieran Dahl, writing for the Baffler:

Hyperbolic language is nothing new in Silicon Valley, of course. But could revolutionize presents the tech media at its worst. The phrase’s juxtaposition of two contrasting words — could implies a distinct possibility of something not happening, while revolutionize means the strongest possible version of a change to something’s fundamental nature — is manipulative. No one clicks a headline that reads, “X might make an impact on Y,” no matter how intriguing the X or culturally relevant the Y. But could revolutionize is an enabler, a gateway drug into the world of false hope, hedging, and bright-eyed optimism that cyclically drive Silicon Valley into a frenzy. When could revolutionize is used in a headline, the article automatically falls Connect Four-style into one of two categories: a tepid argument for X’s tenable but ultimately minor effect on Y, or a fawning quasi-press release.

Now that privacy and security concerns and a general wariness of Silicon Valley have reached a more mainstream audience, I have to think that could revolutionize is now cause for alarm, as in: this hyped startup might carpet bomb an industry for its own short-lived success before fizzling out in the wake of a massive controversy.

Remember the Mac Mini, Too

Joe Rossignol, MacRumors:

Mac mini is three-and-a-half years old: Apple today confirmed that its revamped Mac Pro will be released in 2019. It’s an opportune time for a reminder that the Mac mini hasn’t been refreshed in three-and-a-half years as of April 16. 1,267 days ago as of today, according to our MacRumors Buyer’s Guide. We asked Apple for a comment, but it’s unlikely they’ll break silence.

Last year, the Mac Mini was upgraded from “a product in [Apple’s] lineup” to “an important part of [Apple’s] product line going forward”; Panzarino made no mention of any status change indicated during his Mac Pro briefing.

And that’s weird. Half of the Mac models Apple ships are stale. It isn’t just me who finds that strange, right? We now know that a new Mac Pro is coming next year, and we know that the likely fate of the MacBook Air is that it will be replaced by the MacBook when the latter’s price point allows it. But what’s the likely roadmap for the Mac Mini? I’m kind of intrigued that it’s unclear — maybe it will be something more like an Intel NUC, or perhaps something even smaller — but I’m also worried that it’s another product Apple won’t make minor updates to because they’re too busy reinventing it. I don’t think it’s unreasonable to expect them to do both.

The Story of Windows’ Decline

Ben Thompson:

The story of Windows’ decline is relatively straightforward and a classic case of disruption:


What is more interesting, though, is the story of Windows’ decline in Redmond, culminating with last week’s reorganization that, for the first time since 1980, left the company without a division devoted to personal computer operating systems (Windows was split, with the core engineering group placed under Azure, and the rest of the organization effectively under Office 365; there will still be Windows releases, but it is no longer a standalone business). Such a move didn’t seem possible a mere five years ago, when, in the context of another reorganization, former-CEO Steve Ballmer wrote a memo insisting that Windows was the future […]

It’s like seeing the Kübler-Ross stages of grief turned into a corporate strategy.

Apple’s Next Mac Pro Will Arrive Next Year

The headline is the bad news. While that was the implication at last year’s press briefings, we now have a year. We don’t yet have a timeframe for when in 2019, but I sincerely doubt we’ll see it before WWDC 2019.

Of course, that will mark six years since the current iteration of the product was introduced, never to be upgraded in its history. Six years without an upgrade — not just without a major upgrade, but without an upgrade at all — is an embarrassing black mark on Apple’s history of pro products. The only change made to the current product was to slide the mid-leve configuration down to the entry-level slot; that change was made last year, which is far too late.

Where things get more frustrating, from my perspective, is that it feels like the Pro is stuck in a position of not being released until it is a perfect rethinking of what a professional Mac should be.1 Matthew Panzarino of TechCrunch got to interview core members of the Mac Pro team recently, in a quasi-sequel to last year’s press briefings:

Now, it’s a year later and Apple has created a team inside the building that houses its pro products group. It’s called the Pro Workflow Team, and they haven’t talked about it publicly before today. The group is under John Ternus and works closely with the engineering organization. The bays that I’m taken to later to chat about Final Cut Pro, for instance, are a few doors away from the engineers tasked with making it run great on Apple hardware.

“We said in the meeting last year that the pro community isn’t one thing,” says Ternus. “It’s very diverse. There’s many different types of pros and obviously they go really deep into the hardware and software and are pushing everything to its limit. So one thing you have to do is we need to be engaging with the customers to really understand their needs. Because we want to provide complete pro solutions, not just deliver big hardware, which we’re doing and we did it with iMac Pro. But look at everything holistically.”

This sounds great. Apple is taking the time to really understand where professional users’ sticking points are and address them — whether in improving hardware design, fixing software bugs, or addressing incompatibilities with system components — in current products and using that understanding to guide the future Mac Pro. None of this is bad news, and Ternus even suggests that this research will also influence MacBook Pro updates as well:

“Well, it’s a need for some of them,” adds Ternus. “I want to be clear that the work that we’re doing as a part of the workflow team is across everything. It’s super relevant for MacBook Pros, it’s super relevant for iMacs and iMac Pros and in the end I think it helps us in dialogue with customers to figure out what are the right systems for you. There is absolutely a need in certain places for modularity. But it’s also really clear that the iMac form factor or the MacBook Pros can be exceptionally good tools.”

Where I think this whole saga gets very frustrating for a lot of current and potential Mac Pro customers is that Apple is describing a product — a powerful, professional-grade, modular desktop computer — that already exists: it’s the tower-style “cheese grater” Mac Pro. While Apple is working away to reinvent one of the most critical components of a professional user’s workflow, those users are stuck with product choices that may not quite fit.

Though last year’s mea culpa acknowledged the weaknesses of the current Mac Pro, I think Apple should have taken it a step further and taken the PR black eye by pulling that product from the market, replaced it with the old cheese grater in a more current configuration, and kept iterating in it while developing the new Pro. I have to think there was something technically fraught with doing so; and, now, it’s probably too late.

As it is, Pro customers that need a modular product are once again left in limbo as they await a reinvented high-end Mac. I hope it’s worth the wait, but several professional users have indicated that they don’t trust Apple to get it right.

Or, see Dr. Drang’s more succinct version of this argument:

Apple will be taking an extra year to design the only product in its lineup whose buyers don’t care about its design.

I’m optimistic that there’s a good reason to take several years to build and ship a rethought product worthy of the Mac Pro badge. But I’m also realistic: that’s a very long time to ship a revolution, when what many users want today is an evolution.

  1. There are plenty of users — yours truly included — who have expressed a desire for Apple to slow down and get things right. I don’t think you’ll find anyone who thinks that Apple is moving too quickly with the Mac Pro. Six years between updates is a lot↩︎

Facebook Says Data on Most of Its Two Billion Users Vulnerable

Sarah Frier, Bloomberg:

Facebook Inc. said data on most of its 2 billion users could have been accessed improperly, giving fresh evidence of the ways the social-media giant failed to protect people’s privacy while generating billions of dollars in revenue from the information.

The company said it removed a feature that let users enter phone numbers or email addresses into Facebook’s search tool to find other people. That was being used by malicious actors to scrape public profile information, it said.

Well, yes, of course it was. Facebook is a website that centralizes the conversion of abstract, individual pieces of personal data for over two billion people; that’s a golden opportunity for any data miner.

That’s not just me saying that with hindsight, either. Jeremy Kirk reported on this capability for PC World over four years ago. A couple of years ago, Slawomir Tulski built a proof-of-concept way to match Facebook and LinkedIn profiles using, in part, Facebook search. A quick web search will return dozens of discussions about the possibilities of using Facebook search to scrape profiles. This shouldn’t be the first time the company has realized that creating a powerful search engine for a third of the world’s population could be misused.


Facebook also said data on as many as 87 million people, most of them in the U.S., may have been improperly shared with research firm Cambridge Analytica. This is Facebook’s first official confirmation of the possible scope of the data leak, which was previously estimated at roughly 50 million. It has resulted in calls from legislators and policymakers for greater regulation of social media, helping to shave billion of dollars from the company’s market value.

Like Equifax’s massive breach last year, I’d bet good money that Facebook’s value will return to its previous high within a year or so. There’s simply no lasting consequence for not adequately containing the data of millions or billions of people when the company responsible is as entrenched and as powerful as these giants are.

Apple Hires John Giannandrea

Jack Nicas and Cade Metz, New York Times:

Apple has hired Google’s chief of search and artificial intelligence, John Giannandrea, a major coup in its bid to catch up to the artificial intelligence technology of its rivals.

Apple said on Tuesday that Mr. Giannandrea will run Apple’s “machine learning and A.I. strategy,” and become one of 16 executives who report directly to Apple’s chief executive, Timothy D. Cook.

This is a big get for Apple; Giannandrea‘s name is on a bunch of the patents that form the groundwork for Google’s “Knowledge Graph” search infrastructure. My interpretation of this is that it means that he’s familiar with making assistant-type software more understanding of user intent; however, it should also be noted that an extension of the Knowledge Graph has been a source of pain for Google as well.

As this Times story explains, Apple has been making big hires in the machine learning space, and MacStories’ John Voorhees points to over a hundred Siri-related job postings on Apple’s website. What I’ve long wondered is how much of Siri’s lacklustre qualities can be blamed on a lack of staff, how much is the fault of Siri’s managers, and how much is a product of the way the company operates. If it’s primarily the first and second, then hiring renowned leaders and additional staff across Siri’s various teams could make a positive contribution. But if it’s the third, it’s going to require more than a few key hires. What’s most interesting, I think, about Giannandrea’s hire is that he’s reporting directly to Tim Cook. Hopefully, that means a clear direction for what Siri’s capabilities ought to be, and how we should expect it to function.

Drivers Report That Google Maps Isn’t Reliable in Indonesia

Resty Woro Yuniar, writing in the South China Morning Post:

“Google Maps has often guided me farther away from my destinations. I’ve had to call my customers, which means I have to keep buying phone credit just so I can pick-up passengers or deliver their packages,” Nurani says. “My income is not that big and I can’t keep wasting my money on phone credits.”

Nurani isn’t alone. Many drivers with ride-hailing companies in the Southeast Asian nation are less likely to rely on digital navigation tools than their Western counterparts, as online maps can be full of glitches and lack short cuts for two-wheelers – a common mode of transport in the region. Weak internet connectivity also causes headaches for drivers, something that Agus Saputra, another Go-Jek driver in Jakarta, is all too familiar with.

“One time I was following Google Maps, and suddenly it just stopped because I lost the signal, I was confused because I didn’t know where I was,” Saputra said.

I’ve been travelling around Indonesia for the past couple of weeks — though not to Jakarta — and I’ve seen similar issues. Google Maps frequently doesn’t display local businesses, and it hasn’t always shown roads accurately: sometimes they exist in reality but aren’t shown on the map, while others aren’t correctly shown as one-way streets. And that’s Google Maps, in well-populated areas of a country where Android has a market share of over 90%. I’ve barely opened Apple Maps on this trip because it makes the country’s second-largest city look like a ghost town.

But, as Yuniar explains, maybe there’s an advantage to the biggest Silicon Valley firms so far failing to accurately map Southeast Asia:

The secret to Grab’s success can be traced back to two years ago when the company deployed resources to improve mapping data.

This effort resulted in more than 3,000 new, precise pick-up points across Southeast Asia.

These in-house, localised data complement existing data provided by commercial maps that Grab uses such as Google Maps, Foursquare, and Nokia’s HERE, among others. Grab also has created algorithms to help drivers obey traffic laws, for example, like an odd-even car licence plate rule in Jakarta that sees vehicles take to the road only on alternate days and a regulation in Hanoi that bars contract cars with fewer than nine seats from 11 roads during peak hours, says Ajay Bulusu, regional head of map operations at Grab.

A recurring point I’ve made on this website for a couple of years now is that giant American companies often have too much influence over other countries’ communications and web infrastructure. I still think that’s the case, but their blind spots can help encourage local development. Given the size of the largest American tech companies, though, that also makes these smaller businesses prime acquisition targets; I wouldn’t be surprised to see an offer made for Grab.

Apple Music Doesn’t Let Users Search for Composers

Kirk McElhearn:

I know, classical music is a small share of the overall music market. But it’s still an important part of the overall music landscape, and if there are currently 36 million Apple Music subscribers, that means there are at least a couple of million people who listen to classical music.

Yet you cannot search for composers.

You see some composers listed as “artists,” you see their names in the titles of albums (for a number of years, many if not most classical albums that feature music from a single composer have that composer’s name at the beginning of the title), you may see playlists with a composer’s music, you even see “songs,” but you cannot see all the music by a composer.

It’s not just composers excluded from Apple Music’s search function, either: searching Apple Music seems to be limited to title, artist, album, and genre fields. Even something as basic as the year of release cannot be searched even amongst local tracks on iOS, and I find that completely absurd. I would love nothing more than to see a modernized version of the column browser better tailored for Apple Music’s vast library.

It’s Weirdly Hard to Steal Mark Zuckerberg’s Trash

Joe Veix, in one of my favourite pieces in recent memory for the Outline:

In 2014, Mark Zuckerberg bought a new home in San Francisco’s Mission District, about a mile from where I lived at the time. Shortly after the purchase, the man who once printed business cards boasting, “I’m CEO, Bitch” began refurbishing the $10 million “fixer upper.”

I immediately biked over to the area to scope the place out. I figured that having the address of one of the richest and most powerful people in the world could be vaguely useful. Maybe if a Class War ever started, I could point an angry mob in his general direction. Or maybe I could steal his valuable trash.

After four years of stalling, I finally decided to go ahead with the latter idea. My quarter-baked plan was this: I’d drive to his Mission District pied-à-terre on trash collection day, snatch a few bags of whatever, and dig through it. I could learn more about Mark Zuckerberg’s habits and interests, creating my own ad profile of him. Then I could sell this information to brands looking to target that coveted “male, 18-34, billionaire” demographic. Think of it as a physical version of Facebook’s business model.

This is so great.

Apple Releases iOS 11.3

This update is probably going to be thought of as the “we’re sorry we didn’t tell everyone about performance throttling on iPhones with reduced battery life” version of iOS, but there are plenty of new features in it as well. I like the bigger and better Animoji selection, enhanced privacy features — likely partially encouraged by GDPR compliance — and Safari improvements designed to impede surreptitious efforts to track users via form autofill.

Notably absent from this release, however, are AirPlay 2 and Messages in the Cloud, both of which appeared in early betas before being removed from the public release. I don’t know about AirPlay 2, by Messages in the Cloud has remained buggy in every iteration I’ve tested: messages frequently take a while to sync, and occasionally appear wildly out of order. That’s the kind of thing that needs to be fixed before it’s released publicly.

At the same time, this delay isn’t going to help Apple’s recent reputation as a company that has trouble meeting its own deadlines. Bugs happen and plans change — I get that. But incidents like these build up and make it harder to rely upon other shipping promises, like those made earlier this week.

As usual, a slew of other software updates were released today, including WatchOS 4.3, tvOS 11.3, MacOS 10.13.4, and an update for the publicly-unnamed HomePod operating system.

Apple’s ‘New’ Education Strategy

Bradley Chambers:

As I rewatched the 2012 keynote and pondered the 2018 keynote, I realized that Apple is yet again trying to craft a future for education that I am not sure fits with reality.

Individual schools certainly have and will continue to take advantage of both Swift Playgrounds and Everyone Can Code. Some schools will undoubtedly take advantage of Everyone Can Create content that Apple announced yesterday.

Some teachers will look at some of the new apps that Apple has created for educators, but will 50% of teachers in the US explore new solutions? I highly doubt it. Teaching is a hard job. Apple even had a video where students talked about how hard their teacher’s job was. Being a teacher can be a thankless job. Teachers put in a lot of hours outside the classroom for a salary that is less than they deserve. I’m not sure the average teacher is getting excited about another new app to learn (and then explain to students).

This much I completely understand as a concern. I worry that Apple’s strategy simply requires too many (expensive) pieces and too many things to learn for schools to even consider adopting it.

Here’s what puzzles me about Chambers’ take:

This doctrine should apply to education as well. If Apple believes they can make a significant contribution to schools, then they should go all in to change everything about school technology. They should buy major a textbook publisher and change the purchasing model for books when you deploy iPads. They should buy (or buy back) a student information system platform and integrate it with all of their new apps.

They should build a viable alternative to G-Suite that makes it easy for schools to manage communications. They should do all of this at a price where the least affluent districts can deploy it as easily as the most affluent ones.

That seems great, but it also sounds like another world of complexity that schools simply don’t have the time or finances to implement, regardless of how inexpensive Apple makes their solution.

Also, not that textbook publishers are saints — far from it — but I’m not sure I’d like to see tech companies owning such a fundamental piece of school hardware.

Regardless, I’d love to see Apple making a bigger impact in the space. Schools, in particular, shouldn’t be relying upon technologies built by companies with a business model dependent on mass data collection.

Apple’s Education-Focused Updates

Apple introduced a good round of minor updates to its 9.7-inch base model iPad, iWork suite, and education-focused software today. There’s nothing groundbreaking here — you’ve probably seen either the keynote or the highlight reel — but today’s event was interesting to me for two reasons:

  1. it was Apple’s first education-focused event in six years; and,

  2. it was Apple’s first ever product event to be held in Chicago — at least, as far as I can figure out.

Both of these factors signified to me that Apple was likely framing this event as meaningful updates with a cohesive story, but not brand new products. If they had major products to introduce — like, say, an Apple Pencil with support for wireless charging, or an iPad with Face ID — I feel like they would choose to have this event at the Steve Jobs Theater instead.

Coincidentally, minor spec bump-like updates like these are some of my favourites. They show incremental progress that may not look as important, but indicates ongoing attention and effort.

The updated base model iPad introduced today, for example, combines the processor from an iPhone 7, the LTE capabilities from an iPhone 6S, the first-generation Touch ID sensor from the iPhone 5S, and the Apple Pencil support from iPad Pro models, all inside a body that’s basically unchanged from the first iPad Air. That’s not a complaint; the base model iPad is an exceptional value, especially now with support for the Apple Pencil. I only wish that its display were laminated, and that every iPad came with LTE as standard.

Apple’s iWork updates are also pretty solid, with the addition of more advanced ePub creation features, though Apple insists that it is not a replacement for iBooks Author — for now. There are also some sweet new drawing features in the iWork apps that make use of the Apple Pencil.

New for teachers is an app called Schoolwork. Coming in June, it appears to be Apple’s take on an LMS specifically built for iPads managed via Classroom. They also introduced a companion framework for developers called ClassKit that allows apps to offer assignments and activities for use with Schoolwork.

The combined story here is that Apple has a more compelling narrative for how they’re building their vision for the future of education. Whether they’ll be able to claw back significant influence in the space is a good question, though — budget-restricted school districts may simply be swayed by the much cheaper price of Google’s Chromebooks, regardless of the iPad’s features. But there’s a lot here to love even if you aren’t a student or teacher: Apple Pencil support on the base model iPad and updates to the iWork suite are great news regardless.

Facebook Scraped Call, Text Message Data for Years Without Users’ Explicit Consent

Sean Gallagher, Ars Technica:

This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years’ worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received.

This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us — my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata.

Facebook responded by claiming that this creepy spyware they call a “feature” is only available through Messenger and Facebook Lite with explicit user opt-in, but Gallagher is reporting that neither app was installed on the specific device he found call history for, nor does he recall consenting to Facebook tracking his messaging history. Facebook also says that they don’t record the contents of phone calls or messages, which is awfully similar to the defence repeated by the NSA after it was revealed that they were collecting the same kind of metadata. That’s probably not the kind of comparison Facebook would like to strike, but it isn’t inappropriate.

Also keep in mind that several people had to write the code that makes this possible: someone had to write the Android API that allowed these logs to be monitored, while someone else had to write Facebook’s end that made this whole thing possible. Then there were managers and quality assurance staffers who could have objected to this capability. It took years for this functionality to be stopped for third party apps on Android.

For what it’s worth, this story applies only to Android users, because of course it does; iOS has never allowed a third-party app to silently monitor call or messaging history.

Facebook’s Abdication of Responsibility

Alex Kantrowitz, Buzzfeed:

"I’m not sure we shouldn’t be regulated," Zuckerberg said in an interview with CNN’s Laurie Segall, after being asked why his company shouldn’t be regulated.

Asked how the government should regulate Facebook, Zuckerberg said "ads transparency regulation — that I would love to see." He referenced legislation that’s currently in the Senate that would require internet companies to disclose who paid for ads, a clear reference to the Honest Ads Act. The bill hasn’t gone anywhere since its introduction last fall. Zuckerberg said he didn’t believe internet companies should be less transparent than other mediums, like radio or TV.

Facebook could do this today, right now, without waiting for regulations that require them to do so. But Zuckerberg is indicating here that they won’t implement the policies of the Honest Ads Act without being obligated to legally. In addition, the Internet Association lobbying group — of which Facebook is a member — has so far campaigned against the Act. The difference between what Zuckerberg says in interviews and the actions of the company he runs is a chasm that splits universes.

Facebook Pathetica

Michael Del Moro posts on Twitter a statement from a Facebook spokesperson:

Mark, Sheryl and their teams are working around the clock to get all the facts and take the appropriate action moving forward, because they understand the seriousness of this issue. The entire company is outraged we were deceived. […]

Mark Zuckerberg in a post on Facebook:

In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against our policies for developers to share data without people’s consent, so we immediately banned Kogan’s app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.

They did not disclose this at the time, nor did they notify the fifty million users whose information was accessed by Cambridge Analytica. So their claim in their press statement that they felt deceived is bunk: they knew, and did nothing when it mattered first.

Zuckerberg continues:

Last week, we learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. We immediately banned them from using any of our services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We’re also working with regulators as they investigate what happened.

One other thing that Facebook immediately did after being notified of the forthcoming media reports is that they — and Cambridge Analytica — threatened to sue. Mike Masnick, Techdirt:

But, it’s raising a bigger question, as well, and it’s one that caused Facebook to do something that I’ll definitively call as “incredibly stupid,” which is that it threatened to sue the Guardian over its story, mainly because the Guardian story refers to this whole mess as a “data breach” for Facebook’s data.

Facebook instructed external lawyers and warned us we were making ‘false and defamatory’ allegations. Today they said it was not correct to call this a data breach. We are calling it a data breach. https://t.co/Q8wrw0FDyr

And, of course, Facebook wasn’t the only one who threatened to sue. Cambridge Analytica did too:

The Observer also received the first of three letters from Cambridge Analytica threatening to sue Guardian News and Media for defamation.

Facebook’s attitude so far is that this story has been a massive inconvenience to them, and they’d rather not think about it if that’s okay with everyone. But it isn’t okay. It’s an outrageous exploitation of data that Facebook’s business model has enabled, and they’re scared that users will figure that out.

Nick Heer Uses This

You might be familiar with Uses This, a collection of interviews by Daniel Bogan about the hardware and software tools people use to get things done. Well, Bogan asked me to tell everyone about what I use to do whatever it is that I do. It’s a collection of things that are horribly inefficient and woefully outdated, but these things work for me.

Facebook’s Surveillance Machine

Zeynep Tufekci reacts to Cambridge Analytica’s exploitation of Facebook data, in the New York Times:

If Facebook failed to understand that this data could be used in dangerous ways, that it shouldn’t have let anyone harvest data in this manner and that a third-party ticking a box on a form wouldn’t free the company from responsibility, it had no business collecting anyone’s data in the first place. But the vast infrastructure Facebook has built to obtain data, and its consequent half-a-trillion-dollar market capitalization, suggest that the company knows all too well the value of this kind of vast data surveillance.

Should we all just leave Facebook? That may sound attractive but it is not a viable solution. In many countries, Facebook and its products simply are the internet. Some employers and landlords demand to see Facebook profiles, and there are increasingly vast swaths of public and civic life — from volunteer groups to political campaigns to marches and protests — that are accessible or organized only via Facebook.

One uniquely terrible attribute that these companies share is their willingness to exploit developing nations as test beds for techniques they hope to use elsewhere. From the Times story that broke the news of the way Cambridge Analytica acquired Facebook user data in the United States:

Mr. Nix, a brash salesman, led the small elections division at SCL Group, a political and defense contractor. He had spent much of the year trying to break into the lucrative new world of political data, recruiting Mr. Wylie, then a 24-year-old political operative with ties to veterans of President Obama’s campaigns. Mr. Wylie was interested in using inherent psychological traits to affect voters’ behavior and had assembled a team of psychologists and data scientists, some of them affiliated with Cambridge University.

The group experimented abroad, including in the Caribbean and Africa, where privacy rules were lax or nonexistent and politicians employing SCL were happy to provide government-held data, former employees said.

There isn’t any evidence that Cambridge Analytica used Facebook user data in these experiments. But the way that Facebook has made itself a de facto component of the communications infrastructure of developing nations is troubling as well. Massive amounts of user data from Facebook initiatives like Internet.org is being scooped up and held by a giant company in California, largely because many in the developing world have few options for getting online. It’s exploitative and shameful.

It’s also worth pointing out that lax American privacy laws and a weak regulatory environment also enabled Facebook’s mass data collection. If Facebook were instead a European company, they would have faced much stricter limitations on what kind of data they could collect and how they could use it. That probably means they wouldn’t have been as successful, but it also means that there likely wouldn’t be a gigantic database of attributes about one-third of the world’s population in the hands of a single company. Something to think about.

‘Hey’ Used to Be for Horses

M.G. Siegler:

I live in a house with both the Echo and the Home. And I’m always testing out Siri to see what she can and cannot do in relation to the competition. It’s just so much nicer to invoke Alexa than the others. And I’m certain a part of it is not having to add that extra wake word.

It also happens to be an awful word. Hey. Every time I hear it, I think back to growing up when my parents would make the dreadful parenting joke — which was really more of a reprimand. “‘Hey’ is for horses.” These days, we’re not only letting our children say “hey”, we’re basically forcing them to.

Not only that, but with the anthropomorphization of assistant software, I think the “Hey” can be a little demeaning as well.

There’s something about all of this software that feels like it’s still a prototype. A proof of concept, and little more. It’s not just Siri — it’s everything. And, while today’s virtual assistants are better at parsing natural language commands, they’re still more verbose and far more particular than how we actually speak to other people. Alexa’s new brief mode is a step in the right direction, I think, as is its lack of a “Hey”. But there’s still so far to go.

Fifty Million Facebook Profiles Harvested for Cambridge Analytica

Matthew Rosenberg, Nicholas Confessore, and Carole Cadwalladr, New York Times:

[Cambridge Analytica] had secured a $15 million investment from Robert Mercer, the wealthy Republican donor, and wooed his political adviser, Stephen K. Bannon, with the promise of tools that could identify the personalities of American voters and influence their behavior. But it did not have the data to make its new products work.

So the firm harvested private information from the Facebook profiles of more than 50 million users without their permission, according to former Cambridge employees, associates and documents, making it one of the largest data leaks in the social network’s history. The breach allowed the company to exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump’s campaign in 2016.

Carole Cadwalladr and Emma Graham-Harrison, the Guardian:

The data was collected through an app called thisisyourdigitallife, built by academic Aleksandr Kogan, separately from his work at Cambridge University. Through his company Global Science Research (GSR), in collaboration with Cambridge Analytica, hundreds of thousands of users were paid to take a personality test and agreed to have their data collected for academic use.

However, the app also collected the information of the test-takers’ Facebook friends, leading to the accumulation of a data pool tens of millions-strong. Facebook’s “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it being sold on or used for advertising. The discovery of the unprecedented data harvesting, and the use to which it was put, raises urgent new questions about Facebook’s role in targeting voters in the US presidential election. It comes only weeks after indictments of 13 Russians by the special counsel Robert Mueller which stated they had used the platform to perpetrate “information warfare” against the US.

Both the Times and the Guardian describe this as a “data breach”, but I don’t think that’s entirely descriptive of what went on here. When I hear “data breach”, I think that a password got stolen or a system was hacked into. But Facebook VP Andrew Bosworth tweeted that there was nothing that was stolen — users willingly gave their information to an app, which went behind their backs to use the information in a somewhat sketchy way that users did not expect.

Which, when you think about it, is kind of Facebook’s business model. Maciej Cegłowski:

The data that Facebook leaked to Cambridge Analytica is the same data Facebook retains on everyone and sells targeting services around. The problem is not shady Russian researchers; it’s Facebook’s core business model of collect, store, analyze, exploit.

Facebook preempted the publication of both of these stories with a press release indicating that they’ve suspended Strategic Communications Laboratories — Cambridge Analytica’s parent — from accessing Facebook, including the properties of any of their clients.

However, the reason for that suspension is not what you may think: it isn’t because Kogan, the developer of the thisisyourdigitallife app, passed information to Cambridge Analytica, but rather because he did not delete all of the data after Facebook told him to.

Also, from that press release:

We are constantly working to improve the safety and experience of everyone on Facebook. In the past five years, we have made significant improvements in our ability to detect and prevent violations by app developers. Now all apps requesting detailed user information go through our App Review process, which requires developers to justify the data they’re looking to collect and how they’re going to use it – before they’re allowed to even ask people for it.

Of course, this kind of review process doesn’t exist for new projects created by Facebook itself, beyond the company’s blanket privacy policy.1 When Facebook starts analyzing user photos for facial recognition purposes without telling users first, that’s a similar violation of expectations and trust.

Marco Rogers:

Today, Facebook execs are going out of their way to let us know that this is the intended purpose of the platform. This isn’t unexpected. This is why they built it. They just didn’t expect to be held accountable.

Facebook can make all the policy changes it likes, but I don’t see any reason why something like this can’t happen again at some point in the future. Something will slip through the cracks and create unintended consequences of third-party companies having extraordinary access to one of the largest databases of people anywhere.

Facebook is more than happy to collect the world’s information, but it is clear to me that they have no intention for taking full responsibility for what that entails.

  1. Which users often don’t understand the implications of before accepting. ↩︎

Alexa’s New ‘Brief Mode’

Sarah Perez, TechCrunch:

Amazon confirmed it’s rolling out an optional “Brief Mode” that lets Alexa users configure their Echo devices to use chimes and sounds for confirmations, instead of having Alexa respond with her voice. For example, if you ask Alexa to turn on your lights today, she will respond “okay” as she does so. But with Brief Mode enabled, Alexa will instead emit a small chime as she performs the task.

The mode would be beneficial to someone who appreciates being able to control their smart home via voice, but doesn’t necessarily need to have Alexa verbally confirming that she took action with each command. This is especially helpful for those who have voice-enabled a range of smart home accessories, and have gotten a little tired of hearing Alexa answer back.

I would love an option like this for Siri on all of my devices. It indicates a great deal of trust Amazon has in its own product for them to reduce Alexa’s feedback to a simple audio chime. They must be convinced that users will have enough confidence in Alexa’s abilities for its feedback to be truncated to such an extreme.

Protecting Against HSTS Abuse

Brent Fulgham of the WebKit team:

HTTP Strict Transport Security (HSTS) is a security standard that provides a mechanism for web sites to declare themselves accessible only via secure connections, and to tell web browsers where to go to get that secure version. Web browsers that honor the HSTS standard also prevent users from ignoring server certificate errors.


What could be wrong with that?

Well, the HSTS standard describes that web browsers should remember when redirected to a secure location, and to automatically make that conversion on behalf of the user if they attempt an insecure connection in the future. This creates information that can be stored on the user’s device and referenced later. And this can be used to create a “super cookie” that can be read by cross-site trackers.

I already think that most trackers are installed unethically, as users frequently aren’t aware of the implications of different cookie policies and privacy settings. But this is a special level of intrusive. At what point does a company offering a user tracking solution go beyond what is reasonably expected by customers from software like that and create something downright abusive to users’ rights? I’d argue that this is pretty close.

HomePod as a Personal Apple Hub

Thoughtful article by Ryan Christoffel at MacStories:

HomePod succeeds as a music speaker, but it’s not the device we expected – at least not yet. Due to its arrival date more than three years after the birth of Alexa, we expected a smarter, more capable product. We expected the kind of product the HomePod should be: a smart speaker that’s heavy on the smarts. Apple nailed certain aspects with its 1.0: the design, sound quality, and setup are all excellent. But that’s not enough.

HomePod isn’t a bad product today, but it could become a great one.


By becoming a true hub for all our Apple-centric needs.

I love the idea of the HomePod becoming a sort of “source of truth” in the home. It could know a lot more about each family member’s devices, and perhaps use the voice “fingerprint” created for “Hey Siri” to figure out which family member is using it. Due to Apple’s unique stance on user privacy, I would even feel comfortable with keeping my tailored Siri profile, if you will — my Siri history, things I usually request, knowledge about my particular music library, and so on — in iCloud, and synced between all my devices and a HomePod or two. That’s a big ask, but something like that would make it feel more complete — more of an Only Apple can do this kind of a product.

The World Wide Web Turns Twenty-Nine

Sir Tim Berners-Lee:

The web that many connected to years ago is not what new users will find today. What was once a rich selection of blogs and websites has been compressed under the powerful weight of a few dominant platforms. This concentration of power creates a new set of gatekeepers, allowing a handful of platforms to control which ideas and opinions are seen and shared.

These dominant platforms are able to lock in their position by creating barriers for competitors. They acquire startup challengers, buy up new innovations and hire the industry’s top talent. Add to this the competitive advantage that their user data gives them and we can expect the next 20 years to be far less innovative than the last.

It’s worthwhile asking just what is needed to — *sigh* — disrupt the business of companies like Facebook, Google, and Amazon, especially if they’re simply going to buy or copy potential threats. A little part of me worries that it isn’t enough to create a different site or app to reduce the influence of today’s dominant web companies.

After Washington State Passes Net Neutrality Laws, California Proposes Its Own

Rachel La Corte of the Seattle Times, last week:

Washington became the first state Monday to set up its own net-neutrality requirements after U.S. regulators repealed Obama-era rules that banned internet providers from blocking content or interfering with online traffic.


The new law also requires internet providers to disclose information about their management practices, performance and commercial terms. Violations would be enforceable under the state’s Consumer Protection Act.

“But wait,” you may be thinking, “didn’t the FCC ban states from enacting net neutrality laws of their own, just as Comcast and Verizon asked them to do?”

Jon Brodkin of Ars Technica, in an article today about California’s tough new net neutrality proposal:

[Stanford law professor Barbara Van Schewick] argues that the FCC’s preemption claims are invalid.

“While the FCC’s 2017 Order explicitly bans states from adopting their own net neutrality laws, that preemption is invalid,” she wrote. “According to case law, an agency that does not have the power to regulate does not have the power to preempt. That means the FCC can only prevent the states from adopting net neutrality protections if the FCC has authority to adopt net neutrality protections itself.”


The California proposal is remarkably strong, by the way. It isn’t just a copy of the FCC’s 2015 rules; it’s much more comprehensive than that, mandating tight restrictions on interconnection and zero-rating. Brodkin again:

Van Schewick said the California bill is notable for prohibiting ISPs from charging “access fees” that online services would have to pay in order to send data to broadband consumers. “None of the other [state] bills have done this and it’s one of the loopholes that ISPs will use (if it’s not closed) to extract payments from edge providers,” van Schewick told Ars.

From the reporting I’ve read in Ars and other publications, this bill ticks a lot of boxes for effective legislation of ISPs as de facto common carriers.

The Information Looks at the History of Siri

Aaron Tilley and Kevin McLaughlin of the Information (this article is behind a paywall):

To determine how Apple squandered its own head start over rivals Amazon and Google in the digital assistant realm, The Information interviewed a dozen former employees who worked on various teams responsible for creating Siri or integrating it into Apple’s ecosystem. Most of them agreed to speak only on the condition that they not be named, citing non-disclosure agreements they had signed or concerns about retaliation from Apple executives.


Many of the former employees acknowledged for the first time that Apple rushed Siri into the iPhone 4s before the technology was fully baked, setting up an internal debate that has raged since Siri’s inception over whether to continue patching up a flawed build or to rip it up and start from scratch. And that debate was just one of many, as Siri’s various teams morphed into an unwieldy apparatus that engaged in petty turf battles and heated arguments over what an ideal version of Siri should be — a quick and accurate information fetcher or a conversant and intuitive assistant capable of complex tasks.

Even if you view this as a half-true gossip piece — and I don’t think it is, for what it’s worth — it’s still a fascinating look into the struggles Apple has faced with improving Siri’s capabilities.

For example, Tilley and McLaughlin report that separate teams worked on Siri and Spotlight’s suggested answers, which explains why the same query would sometimes return different results in each. On iOS, Apple rebranded some Spotlight features as Siri features: Siri App Suggestions, and Siri Search Suggestions, for example.

And then there’s Apple’s acquisition of VocalIQ two and a half years ago:

The VocalIQ team viewed Siri as a “manually-crafted system” and felt their technology could help improve it, said a former VocalIQ employee. VocalIQ’s technology is designed to continually finetune its accuracy by ingesting and analyzing data from voice interactions, he said. Apple has successfully integrated the VocalIQ technology into Siri’s calendar capabilities, sources familiar with the project said.

It’s interesting that Siri’s capabilities are set up in such a way that something like VocalIQ can be applied to just one feature. I don’t know how much this says, if anything, about why Siri often feels like its capabilities are so fragmented, but it struck me as odd.

Siri has been the responsibility of Craig Federighi since last year, transferred from Eddy Cue’s online services oversight. This year’s WWDC seems too soon to see that particular branch of discussion bear fruit; but, then again, the inconsistencies and general untrustworthiness of Siri make it feel like it cannot be soon enough for real changes to be made.

Update: The mysterious ATP Tipster:

The only thing you need to know about Siri is that the people who used to build it feel the need to absolve themselves of personal responsibility for the state that it is in. That they are doing so in the press is almost an implementation detail.


YouTube, the Great Radicalizer

Eye-opening op-ed by Zeynep Tufekci, in the New York Times:

Human beings have many natural tendencies that need to be vigilantly monitored in the context of modern life. For example, our craving for fat, salt and sugar, which served us well when food was scarce, can lead us astray in an environment in which fat, salt and sugar are all too plentiful and heavily marketed to us. So too our natural curiosity about the unknown can lead us astray on a website that leads us too much in the direction of lies, hoaxes and misinformation.

In effect, YouTube has created a restaurant that serves us increasingly sugary, fatty foods, loading up our plates as soon as we are finished with the last meal. Over time, our tastes adjust, and we seek even more sugary, fatty foods, which the restaurant dutifully provides. When confronted about this by the health department and concerned citizens, the restaurant managers reply that they are merely serving us what we want.

I’ve been paying attention to the examples of this that Tufekci has been collecting on Twitter and it’s eye-opening. Even videos about relatively mundane topics lead users down a rabbit hole of bullshit. I’m not one to play the “think of the children” card but, in this instance, I strongly believe that it’s a concern.

The Original Siri App Compared to Siri Today

In 2010, Tom Gruber created an impressive demo video of Siri, his company’s new app. It showed how someone could use relatively natural language requests to get things done on an iPhone using little more than their voice, and effectively kicked off the virtual assistant wave since.

Kevin Clark reflected on that video today:

It’s fascinating that the original Siri demo is still better than today’s Siri in a few aspects.

For fun and frustration, I tried all of the original commands featured in that eight year old video on my iPhone:

  • I’d like a romantic place for Italian food near my office”: Siri today correctly parses everything up until “near my office”, which it interprets as near me. I tried using the name of the organization that I work for instead of my office and it also interpreted that as near me.

    Then I tried asking Siri to find me restaurants near the address of my office. It interpreted that as an instruction to find restaurants in Cranbrook, BC — about 400 kilometres or four hours away. I don’t see why I should have to specify that I’m looking for restaurants in Calgary.

  • I’d like a table for two at Il Fornaio in San Jose tomorrow night at 7:30”: I tried using this exact phrasing — of course, swapping out Il Fornaio for a restaurant near me — and I was told that Siri “can’t book a table right now”. That felt like a failure until I tried rephrasing asking it “how about next Friday?”, at which point I was prompted to continue making the reservation using OpenTable. I was impressed that it kept the context intact.

    However, when I tried again with the request, “I’d like a table for two at Model Milk next Friday at 7:30”, I received the same “can’t book a table right now” error, and I can’t seem to reproduce the apparent success I had earlier. That’s frustrating; I was very impressed with the first apparent success, despite the vague error message.

  • Where can I see Avatar in 3D IMAX?”: I swapped “Avatar” for a better film but otherwise kept the request the same. Siri successfully found a theatre showing it in 3D — as far as I know, there isn’t a 3D IMAX showing near me — but I wasn’t able to buy tickets through Siri and it doesn’t check the showtimes against other calendar events, like a dinner reservation. To be fair, Siri has never allowed you to buy movie tickets in Canada because Fandango isn’t available here, but I also have the (terrible) Cineplex app installed — I wish there were some connection between the two.

    One thing I noticed when I tested several phrasings of this is that Siri only responds to full theatre names. All of the theatres near me have very long names, but nobody here actually uses the full name. For example, when I tried asking for “showtimes for Black Panther at Eau Claire”, Siri got confused. It also transcribed Eau Claire wrong most times I tried it, but that’s not necessarily relevant here. It wasn’t until I asked for “showtimes for Black Panther at Cineplex Odeon Eau Claire Market” that I got an answer. I wish it responded to fuzzier matches.

  • What’s happening this weekend around here?”: Siri interprets this as a request for news headlines, not events as in the original Siri app.

    When I tried rephrasing this question to “what events are happening this weekend”, it did a web search in Google, but without my location. It wasn’t until I asked “what events are happening in Calgary this weekend” that I got a web search with links to local event calendars.

    In the original Siri demo, they extend this by asking “how about San Francisco?”, so I did the same. It returned the weather forecast for this evening in San Francisco.

  • Take me drunk I’m home”: Today’s Siri did well here, responding “I can’t be your designated driver”, and offering to call me a taxi.

All of this may vary depending on where you’re located, what Siri localization you have, and even what device you use Siri on.

What’s clear to me is that the Siri of eight years ago was, in some circumstances, more capable than the Siri of today. That could simply be because the demo video was created in Silicon Valley, and things tend to perform better there than almost anywhere else. But it’s been eight years since that was created, and over seven since Siri was integrated into the iPhone. One would think that it should be at least as capable as it was when Apple bought it.

It’s no secret that Siri often feels like it has languished, and almost nothing demonstrates that more than the original demo. I’m sure there are domains where it performs better than the original — for example, it works, to varying extents, in countries outside of the United States. It works with more languages than just English, too. That’s all very important, but it boggles my mind that even some of the simpler stuff — like asking for restaurants near a different location — fails today, even in English.

I’d like to hear from readers who have time to attempt this same demo where they live. Please let me know if you give it a try; I would love to know the results.

Farhad Manjoo Unplugged From the Internet for His News Apart From in All of the Ways He Didn’t

Farhad Manjoo, New York Times:

This has been my life for nearly two months. In January, after the breaking-newsiest year in recent memory, I decided to travel back in time. I turned off my digital news notifications, unplugged from Twitter and other social networks, and subscribed to home delivery of three print newspapers — The Times, The Wall Street Journal and my local paper, The San Francisco Chronicle — plus a weekly newsmagazine, The Economist.

Dan Mitchell, Columbia Journalism Review:

But he didn’t really unplug from social media at all. The evidence is right there in his Twitter feed, just below where he tweeted out his column: Manjoo remained a daily, active Twitter user throughout the two months he claims to have gone cold turkey, tweeting many hundreds of times, perhaps more than 1,000. In an email interview on Thursday, he stuck to his story, essentially arguing that the gist of what he wrote remains true, despite the tweets throughout his self-imposed hiatus.

The biggest problem with Manjoo’s piece is that it is framed as “unplugging” from social media, when it’s really just a reduction in using it as a primary source for news. It’s more subtle and makes for a way less interesting headline, but it’s more honest.

By the way, I find the entire genre of tech writers writing about not using technology so trite. Beyond that, it’s 2018 — telling people not to follow news accounts on Twitter is just yelling into the wind. Want a few tips for reading the news? Here are four things I try to do, for whatever it’s worth:

  • Resist the urge to react immediately.

  • Resist the urge to refresh feeds and news sources when bored. News will happen regardless.

  • During a breaking news event, nothing makes sense to anyone, so keep that in mind when reading the first wave of reporting on it.

  • Twitter threads tend to be tedious and unnecessary.

Maybe those tips will be useful to you; maybe they won’t. Maybe they’re things you do already without thinking about it. But at least you didn’t have to pretend to stop using Twitter for two months to figure it out.

FBI Director Imagines a World of Unicorns, Dragons, and Secure Encryption That Can Be Sidestepped by Law Enforcement

Tim Cushing of Techdirt, responding to FBI Director Chris Wray:

We have a whole bunch of folks at FBI Headquarters devoted to explaining this challenge and working with stakeholders to find a way forward. But we need and want the private sector’s help. We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both. I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available. But I just don’t buy the claim that it’s impossible.

It really doesn’t matter whether or not Wray “buys” this claim. If you deliberately weaken encryption — either through key escrow or by making it easier to bypass — the encryption no longer offers the protection it did before it was compromised. That’s the thing about facts. They’re not like cult leaders. They don’t need a bunch of true believers hanging around to retain their strength.

The thing that bothers me most about Wray’s insistence that a magical “secure but accessible only by law enforcement” encryption standard is that technical experts at the FBI surely know that it isn’t possible, yet he keeps making the claim that it is. Does Wray simply not pay attention to his employees?

In Defence of Surfing the Insecure Web

Dave Winer opposes Google’s plan to effectively deprecate HTTP by discriminating against non-HTTPS websites in Chrome:

I don’t think the explosion is over. I want to make it easier and easier for people to run their own web servers. Google is doing what the programming priesthood always does, building the barrier to entry higher, making things more complicated, giving themselves an exclusive. This means only super nerds will be able to put up sites. And we will lose a lot of sites that were quickly posted on a whim, over the 25 years the web has existed, by people that didn’t fully understand what they were doing. That’s also the glory of the web. Fumbling around in the dark actually gets you somewhere. In worlds created by corporate programmers, it’s often impossible to find your way around, by design.

The web is a social agreement not to break things. It’s served us for 25 years. I don’t want to give it up because a bunch of nerds at Google think they know best.

Mozilla has indicated that they are doing the same. But Eric Mill wrote a piece a couple of years ago about this very topic, and he appreciates the deprecation of HTTP:

I understand the fear of raising the barriers to entry. As a child, I too fell in love with an internet made by everyone, and have spent my career, my volunteer work, and my hobbies trying to share what that love has taught me. I want children everywhere in the world to grow up feeling like the internet that permeates their lives is also in their service — a lego set in real life that you can buy with a week’s allowance.

Yet as an adult, I also understand that power for ordinary people is hard to come by and hard to keep. The path of least resistance for human society is for money to buy more money, and might to demand more might. Democracy is designed not so much to expand freedom as it is to give people tools to desperately hold onto the freedom they have.

Put another way: power has a way of flowing away from the varied, strange, beautiful little leaf nodes on the outer edges and into the unaccountable, unimaginative, ever-hungry center.

Mill actually uses the enforcement of HTTPS by browser vendors as a knock against big companies like Verizon and Comcast that inject ads into HTTP-served websites, and spy agencies like the NSA and the GCHQ:

What animates me is knowing that we can actually change this dynamic by making strong encryption ubiquitous. We can force online surveillance to be as narrowly targeted and inconvenient as law enforcement was always meant to be. We can force ISPs to be the neutral commodity pipes they were always meant to be. On the web, that means HTTPS.

As Mill points out in his article, there are great reasons to add an HTTPS certificate to a website that has no interactive elements beyond links. It makes sense to me to generally prefer HTTPS going forward, but I have concerns about two browser vendors working to effectively eliminate the non-HTTPS web; or, at least, to put barriers between it and users.

I like the way Firefox attempts to educate users directly adjacent to insecure password fields; I also don’t mind the way Chrome handles notifications of HTTP-only webpages today. But the changes coming in July that will mark all HTTP webpages as “not secure”, and that will make a large — if hardly-trafficked — part of the web feel like it’s diseased. And what will Google do in the future, I wonder? If they’re going to progressively increase their warnings on HTTP webpages, what’s next?

I also agree with Winer on another key point: enforcing a pseudo-mandatory policy on HTTPS makes it that much harder for someone new to this stuff to even begin to understand it. As Frank Chimero recently wrote, building stuff for the web has become vastly more complicated since even five years ago. I’m happy to keep learning new skills and growing my understanding of what the web can do, but I don’t know where to begin on this modern web. I don’t intend to hold myself up as a barometer of the complexities of modern web programming or anything — I just don’t know what’s going on any more. I’ve been doing this stuff for nearly twenty years. I don’t know how someone who is eight years old could start digging into React, or Node.js, or any of the other modern JavaScript-based ways of writing <h1>hello world</h1>.

I’m sure the kids will figure it out — they always do. However, I worry that introducing more requirements, even something as simple as HTTPS, can be discouraging. That’s the last thing HTTP/HTML web should be: discouraging. It is one of the greatest enablers of communication in human history. Let’s not allow its future to be dictated by browser vendors.

Or, in Mill’s language: let’s make sure we encourage building more leaf nodes by making their creation easier and more fun, instead of allowing a much stronger centre to form.

The Ways in Which Facebook Builds User Data Profiles for Targeted Advertising

Joanna Stern, Wall Street Journal:

A conspiracy theory has spread among Facebook and Instagram users: The company is tapping our microphones to target ads. It’s not.


I believe them, but for another reason: Facebook is now so good at watching what we do online — and even offline, wandering around the physical world — it doesn’t need to hear us. After digging into the various bits of info Facebook and its advertisers collect and the bits I’ve actually handed over myself, I can now explain why I got each of those eerily relevant ads. (Facebook ads themselves offer limited explanations when you click “Why am I seeing this?”)

Advertising is an important staple of the free internet, but the companies buying and selling ads are turning into stalkers. We need to understand what they’re doing, and what we can — or can’t — do to limit them.

Think about how quickly we’ve accepted this as the new normal, and why. Do we really prefer highly-specific advertising, as Facebook and Google say we do, or is it simply very creepy? Even if you don’t have a Facebook or Google account, you’re using Safari — which limits ad tracking by default — and have all sorts of silly settings to limit your exposure to trackers, there are still an extraordinary number of ways that your information can be acquired for highly-targeted advertising, almost always without your explicit permission.

California Becomes Eighteenth State to Introduce ‘Right to Repair’ Legislation

Jason Koebler, Vice:

“The Right to Repair Act will provide consumers with the freedom to have their electronic products and appliances fixed by a repair shop or service provider of their choice, a practice that was taken for granted a generation ago but is now becoming increasingly rare in a world of planned obsolescence,” Susan Talamantes Eggman, a Democrat from Stockton who introduced the bill said in a statement.

The announcement had been rumored for about a week but became official Wednesday. The bill would require electronics manufacturers to make repair guides and repair parts available to the public and independent repair professionals and would also would make diagnostic software and tools that are available to authorized and first-party repair technicians available to independent companies.

I’m intrigued by this wave of “right to repair” legislation — much of which has been pushed by Repair.org, a repair industry trade group — but I’m curious about what parts must be repairable, especially in consumer electronics. The full text of the California bill hasn’t been posted publicly, as far as I can see, but Minnesota’s has and it’s fairly nonspecific. I’m all for batteries being designed to be more replaceable, even if it takes popping a few screws out, but what about trickier components, like chips that are soldered to the board? Would a manufacturer be required to provide full board component repairability, or just the ability to replace the board itself?

Selfishly, I hope this legislation leads to more upgradable MacBooks, especially the Pro. I don’t think a professional notebook designed to last several years should have its internal storage capacity capped at time of purchase.

Notes on Analytics and Tracking in Onavo Protect for iOS

Will Strafach:

Recent media coverage of Onavo Protect encouraged me to investigate the code for the iOS version of their app. I wanted to determine what types of data is collected in addition to the alleged per-app-MAU tracking performed server-side.

I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook (graph.facebook.com) as the user goes about their day:

  • When user’s mobile device screen is turned on and turned off

  • Total daily Wi-Fi data usage in bytes (Even when VPN is turned off)

  • Total daily cellular data usage in bytes (Even when VPN is turned off)

  • Periodic beacon containing an “uptime” to indicate how long the VPN has been connected

If I’m reading this right, Strafach hasn’t found indications — yet? — that Onavo sends app usage data to graph.facebook.com, but we know Onavo collects that data.

What he has found so far doesn’t appear to be nearly that intrusive, but it’s also bizarre. For example, why does Facebook need to know when your phone’s display is on?

Tangentially, Onavo’s behaviour is the kind of thing I wish App Review was more strict towards. There’s perhaps a thin line between analytics packages that developers sometimes use and what Onavo does; similarly, there’s a thin line between Onavo’s data collection and Facebook’s entire business model. But this app is just skeevy — it buries its Facebook affiliation1 and data gathering behind a different brand and the promise of protecting you from phishing.

  1. The only mention of Facebook on their website is on the about page, and in the App Store, the Facebook affiliation is in a large paragraph of text in the initially hidden area of the app description. ↩︎

iTunes LP and the iPad

David Millar:

“Apple to Discontinue ‘fancy HTML in a zip file’ Format”

Michael Tsai:

I’m not quite sure whether iTunes LP was a bad idea or simply one that neither Apple (aside from Steve Jobs?) nor the music producers actually had much interest in. How else to explain that Apple never brought it to iPad?

I think iTunes LP was a fine enough idea; ultimately, though, I can’t imagine that many people went out of their way to buy iTunes LPs instead of the usually-cheaper non-LP version of the album.

They were built using an extraordinarily flexible and easy-to-use SDK by way of TuneKit, which was basically just a website. Theoretically, that simplicity should mean that they should have worked perfectly okay on the iPad that shipped just six months after iTunes LP was introduced, and that the number of iTunes LPs created should have been more than could easily be catalogued on Wikipedia. If lots of people truly cared about them, there would be an easy way to find them in a user’s iTunes library and in the iTunes Store.

Amazon Admits Alexa Is Creepily Laughing at People and Is Working on a Fix

Shannon Liao, the Verge:

Over the past few days, users with Alexa-enabled devices have reported hearing strange, unprompted laughter. Amazon responded to the creepiness in a statement to The Verge, saying, “We’re aware of this and working to fix it.”

As noted in media reports and a trending Twitter moment, Alexa laughs without being prompted to wake. People on Twitter and Reddit reported that they thought it was an actual person laughing near them, which can be scary when you’re home alone. Many responded to the cackling sounds by unplugging their Alexa-enabled devices.

Just one more thing Amazon’s virtual assistants can do that the HomePod cannot.

But why is this possible at all? Is there some sort of hidden maniacal laughter mode? Is that something people would ever want to trigger intentionally, let alone have the device invoke accidentally? Is this a prank? And could you trust Amazon’s virtual assistant to not do anything like this again?

Apple to Discontinue ‘iTunes LP’ Format

Remember iTunes LP? Here’s how a 2009 Apple press release described the then-new format:

iTunes LP is the next evolution of the music album delivering a rich, immersive experience for select albums on the iTunes Store by combining beautiful design with expanded visual features like live performance videos, lyrics, artwork, liner notes, interviews, photos, album credits and more.

At the time, Steve Jobs described it as a way to replicate an album-like experience digitally.

As of the end of this month, though, Apple will no longer accept new iTunes LP releases. Dani Deahl, the Verge:

Earlier today, UK-based website Metro claimed to have a leaked internal email from Apple sent to music producers titled “The End of iTunes LPs.” The email supposedly stated that “Apple will no longer accept new submissions of iTunes LPs after March 2018,” and that “existing LPs will be deprecated from the store during the remainder of 2018. Customers who have previously purchased an album containing an iTunes LP will still be able to download the additional content using iTunes Match.”

While iTunes LP submissions will end this month, existing iTunes LPs will not be depreciated. Not only will these iTunes LPs continue to be available, but users will still be able to download any previous or new purchases of iTunes LPs at any time via iTunes.

I have a few iTunes LPs, but I also have a ton of actual LPs. One thing that network-accessed music will always lack, whether it is streamed or purchased, is the physicality of an album. Apple’s attempt at replicating it was a good effort and allowed them to do things that you simply can’t do with album art and liner notes, like including music videos, or behind-the-scenes films of the recording process.

But, these days, those extras don’t require a specific packaged format. Videos are streamed for the one or two times most people watch them, and lyrics are just a scroll away for many Apple Music tracks. The world moved beyond iTunes LP. And the remaining things it offered — like exquisite artwork on gorgeous poet, and that sense of a packaged product — simply can’t be replicated effectively on a screen. The weight of an LP still means something, and bytes simply don’t weigh anything.

By the way, I see a lot of stories right now forecasting the end of the iTunes Store based, in part, on this announcement. The original Metro story, for example, mis-quotes the email in its headline, and Cult of Mac jumped right on that bandwagon. I wouldn’t read too much into those. If Apple were killing music sales, they would just come out and say that.

European Union Plans to Tax Tech Giants on Local Revenue

Romain Dillet, TechCrunch:

Google, Amazon, Apple and Facebook have all faced different issues when it comes to tax optimizations. They’ve been routing their revenue through Ireland, Luxembourg, the Netherlands and other countries with a low corporate tax. Sometimes the money end up in Bermuda or the tiny island of Jersey.


That’s why Europe’s economy ministers wanted to find a way to tax them properly that is easy to implement. And Le Maire confirmed that Europe will look at the overall revenue of tech giants in each country and tax them based on that figure.

This makes complete sense to me. As Tim Cook once wrote:

Taxes for multinational companies are complex, yet a fundamental principle is recognized around the world: A company’s profits should be taxed in the country where the value is created.

This is a tax that will be assessed in each country based on companies’ earnings in each country — that seems fair enough. What’s strange, though, is that the original article off which TechCrunch’s report is based indicates that this is a tax specifically on tech companies. Perhaps it’s just a lack of context created by a poor automatic translation, but that seems silly to me. As virtually all multinational companies practice various forms of tax avoidance, why not apply this strategy to all companies operating across the E.U.?

In Addition to Cellebrite, a Second Firm Offers Late-Model iPhone Unlocking Services

Thomas Fox-Brewster, Forbes:

Just a week after Forbes reported on the claim of Israeli U.S. government manufacturer Cellebrite that it could unlock the latest Apple iPhone models, another service has emerged promising much the same. Except this time it comes from an unkown entity, an obscure American startup named Grayshift, which appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer.

In recent weeks, its marketing materials have been disseminated around private online police and forensics groups, offering a $15,000 iPhone unlock tool named GrayKey, which permits 300 uses. That’s for the online mode that requires constant connectivity at the customer end, whilst an offline version costs $30,000. The latter comes with unlimited uses.

I don’t imagine Apple’s legal department is particularly thrilled that one of their ex-employees is helping crack device security measures.

At any rate, that’s now two firms that have similar intrusion capabilities using methods that they won’t report to Apple because their business models depend on their not doing so. That means that all iPhone owners are walking around with serious — albeit perhaps hard-to-exploit — vulnerabilities in their device’s security architecture. At least Apple may be able to surreptitiously acquire a copy of GrayKey and patch the vulnerabilities it uses.

Facebook Surveys Users to Find Out Whether Men Soliciting Sexual Images of Children Should Be Allowed on the Platform

Alex Hern, with one hell of a lede in the Guardian:

Facebook has admitted it was a “mistake” to ask users whether paedophiles requesting sexual pictures from children should be allowed on its website.

You don’t say.

On Sunday, the social network ran a survey for some users asking how they thought the company should handle grooming behaviour. “There are a wide range of topics and behaviours that appear on Facebook,” one question began. “In thinking about an ideal world where you could set Facebook’s policies, how would you handle the following: a private message in which an adult man asks a 14-year-old girl for sexual pictures.”

The options available to respondents ranged from “this content should not be allowed on Facebook, and no one should be able to see it” to “this content should be allowed on Facebook, and I would not mind seeing it”.

I don’t know how something like this could be possible, unless Facebook is somehow running this survey in an entirely automated way, including in writing the questions. Maybe they are, but I think someone — a human being — must have written this question and someone else must have seen it before it was published. Either there was an over-reliance in automated tools, nobody working on this survey caught such a blatantly stupid question, or someone genuinely believed this was something worth asking.

Delayed Disgratification

The Macalope, commenting on this tragedy of an article by the Motley Fool’s Ashra’s Eassa:

The phone was shipped “on time.” It was shipped when it was announced to ship and when Apple was able to meet enough demand. Your imaginary ship dates do not enter into this equation.

Eassa thinks there are people who looked at the later release date for the iPhone X and were “discouraged at having to wait until November to buy an iPhone that would ultimately be replaced by a newer, better model in about 10 months” and therefore didn’t buy an iPhone this year at all.

That seems like a very small set of people. And it’s quite likely that the 2018 release schedule will be exactly the same as the 2017 release schedule, with a base phone coming first and a higher end model coming second. So it’s a very small set of people who are very bad at evaluating choices.

Interestingly, one year ago — nearly to the day — Eassa argued that releasing the then-rumoured OLED iPhone in November was preferable:

Of course, Apple is better off delaying a product a smidgen to make sure it’s ready to go and if the redesigned fingerprint scanner meaningfully enhances the user experience, then the delay is probably worth it.

Three things about last year’s article:

  1. This was published when some rumours still claimed that the OLED iPhone would ship with a fingerprint scanner, hence that reference.

  2. Its headline frames this as “bad news”, so it sounds like Eassa is just sticking with that narrative rather than revising it in the face of facts.

  3. In interviews about the iPhone X, Apple executives have claimed that it actually shipped early — internally, they were apparently targeting a 2018 release.

Jack and the Mean Talk

Jack Dorsey:

We love instant, public, global messaging and conversation. It’s what Twitter is and it’s why we‘re here. But we didn’t fully predict or understand the real-world negative consequences. We acknowledge that now, and are determined to find holistic and fair solutions.

We have witnessed abuse, harassment, troll armies, manipulation through bots and human-coordination, misinformation campaigns, and increasingly divisive echo chambers. We aren’t proud of how people have taken advantage of our service, or our inability to address it fast enough.

That’s an extraordinarily frank admission. I admire that. So what will Twitter do about it?


Recently we were asked a simple question: could we measure the “health” of conversation on Twitter? This felt immediately tangible as it spoke to understanding a holistic system rather than just the problematic parts.

Dorsey points to an article from Cortico,1 a nonprofit firm that “aims to strengthen an American public sphere weakened by political, cultural and socioeconomic isolation“:

This experience led us to the idea that perhaps we could measure aspects of the health of the public sphere—in terms of communication exchanges between groups or tribes—grounded in data from public social media and other public media sources. As a starting point, we are developing a set of health indicators for the U.S. (with the potential to expand to other nations) aligned with four principles of a healthy public sphere:

  1. Shared Attention: Is there overlap in what we are talking about?

  2. Shared Reality: Are we using the same facts?

  3. Variety: Are we exposed to different opinions grounded in shared reality?

  4. Receptivity: Are we open, civil, and listening to different opinions?

This sounds a lot like Twitter will reference Cortico’s techniques to try to automate the hate away from conversations, but a post on Twitter’s blog indicates that they have no idea how to do this. I’m skeptical of its success. I’m concerned that Dorsey sees it as a problem, but has waited too long to do anything about it and now wants to invent a way to do it automatically, like a university student who waited to start writing their ten-thousand word essay until the night before it’s due. It seems earnest, but also a bit desperate.

I think that a better start would be to ban Nazis. I mean that literally. Flag any account where its name, handle, location, bio, or recent tweets contain allusions to Hitler normally used by white supremacist groups: “1488”, “HH”, “14 words”, and other hate symbols in context. That gives human operators the ability to sift through heaps of these accounts and ban the ones that are clearly and obviously Nazis, of which there are frighteningly many. This isn’t a perfect solution; it’s barely scratching the surface. But it would be a material change in how Twitter operates and a clear line as to what they do not tolerate. “No Nazis” should not be a controversial point of view.

  1. I had never heard of Cortico before Dorsey posted this, so I went to Wikipedia. There’s no entry for the company; there is, however, an entry for cortiço, a term used in Portugal and Brazil to describe ultra high density housing with poor sanitary conditions. I don’t know where the American firm got their name, but that’s a hell of an association. ↩︎

Twitter Launches Bookmarks

Jesar Shah, product manager at Twitter:

Today, we’re introducing Bookmarks, an easy way to save Tweets for quick access later. But wait, there’s more! Today’s update makes sharing better, too. With our new “share” icon on every Tweet, you’ll be able to bookmark a Tweet, share via Direct Message, or share off of Twitter any number of ways. Because we put all sharing actions together in one place, it’s easier to save and share privately or publicly — in the moment, or later.

This looks great. Bookmarking is easily one-third to one-half of how I use the “like” button. A key difference between the two is that bookmarks are private; likes are public and, for a few years now, followed users’ likes have been inserted at the top of the algorithmic timeline. If Twitter were driven less by juicing “engagement” metrics, this feature might not be necessary.

Unfortunately, there’s nothing in this announcement nor anything in Twitter’s documentation that suggests they’re making this available to third-party developers; I hope they do.

Forbes: Cellebrite Can Now Unlock Recent iPhones, Including the iPhone X

Thomas Fox-Brewster, Forbes:

Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. […]

On some level, this is extremely impressive. The iPhone is the gold standard in consumer smartphone security — possibly in smartphone security period — and they keep improving with every generation. A flaw that allows someone to bypass an iPhone’s hardware-enforced encryption is very rare indeed; that’s why some security firms will pay up to a million dollars for that kind of an exploit.

But it is deeply troubling as well. While we don’t know anything about Cellebrite’s technique for breaching an iPhone’s security — including whether their method has been patched in an iOS 11 update — it is notable that a security firm has found an exploit but is unlikely to tell Apple about it. It’s concerning that three-letter agencies are hoarding zero-days, but at least those agencies are ostensibly publicly accountable. That doesn’t make it right, but it does make it slightly easier to stomach than a for-profit company charging $1,500 a pop to law enforcement agencies worldwide — some of which are less reputable than others, mind you — and not disclosing vulnerabilities to software vendors is callous. It puts users worldwide at risk for their financial gain.

Update: If you are worried about the possibility of Cellebrite — or anyone else who figures out their PIN cracking methodology — breaking into your phone, Ray “Redacted” has a good tip:

If you are concerned by this then one thing you can due to mitigate it is to change your iPhone PIN from a six digit number to an alphanumeric passphrase. The cellebrite exploit involves a brute force PIN trick that allows unlimited attempts without wiping.

Like any passphrase, it should contain a mix of lowercase and uppercase letters, numbers, and symbols. It can even be of a similar length, but a greater combination of character options means a longer cracking process.

Update: Fox-Brewster has confirmed with Cellebrite that their method can unlock iPhones running up to iOS 11.2.6, the latest public release.

Timers, Reminders, and Alarms

Dr. Drang explored all the conceivable ways you can tell your Apple devices to notify you about something at a specific time, and it’s quite the mess. There are huge inconsistencies between devices, basic failures in Siri’s competence, and baffling shortcomings to nearly every approach.

One thing I wanted to draw attention to, though, was this observation:

The number of alerts that can be set was the starting point for the last post. People want multiple timers in their HomePods. That’s great, but Apple’s never had multiple timers in any iOS device, which is why I’ve always used reminders instead.

This is true. But, while I don’t think Drang is framing this as a rebuttal, per se, to critics who have pointed out that the HomePod supports only a single timer, I think it’s much more glaring on that device for a good reason: it’s an appliance. All smart speakers1 are designed to be placed on a table or a desk, and many will be used in or near the kitchen. If you have two or three different dishes on the go, you may want two or three different timers, and a smart speaker seems like it should be able to provide that. It would be nice — very nice, at that — if the iPhone supported multiple timers; it’s almost an expectation for the HomePod to. And, for what it’s worth, I think the Apple Watch also ought to do that by now.

  1. Apple can emphasize the audio quality all they like, but by putting Siri in the HomePod, they opened it up to direct comparison against the Google Home and Amazon Echo. ↩︎

Some iCloud Storage Infrastrucure Has Been Switched From Microsoft Azure to Google Cloud

Jordan Novet, CNBC:

Apple periodically publishes new versions of a PDF called the iOS Security Guide. For years the document contained language indicating that iCloud services were relying on remote data storage systems from Amazon Web Services, as well as Microsoft’s Azure.

But in the latest version, the Microsoft Azure reference is gone, and in its place is Google Cloud Platform. Before the January update, Apple most recently updated the iOS Security Guide in March.

When news of this deal first broke nearly two years ago, I was surprised that Apple was still so dependent on third parties for iCloud storage. I understand that these things take time, but iCloud is seven years old this year, and Apple has been providing various internet services for decades.

Apple maintains that they control the encryption keys and that Google cannot possibly intercept iCloud users’ data, which is true — with the possible exception of email, since it is stored unencrypted — but I don’t think that iCloud users expect their data to be stored in ways not entirely controlled by Apple, especially given the company’s emphasis on privacy.

For Chinese Users, Apple Moves to Store iCloud Keys in China

Stephen Nellis and Cate Cadell, Reuters:

When Apple Inc begins hosting Chinese users’ iCloud accounts in a new Chinese data center at the end of this month to comply with new laws there, Chinese authorities will have far easier access to text messages, email and other data stored in the cloud.

That’s because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system.

Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.

Nothing about this is good news, but it’s very hard to see what alternatives there are in this case. They could threaten to pull out of the Chinese market unless the law is changed, but that would do more damage to Apple than it would the Chinese government, with likely little effect. Also, it’s likely that iCloud not being offered in China would motivate people there to switch to a less secure alternative.

It’s difficult to reconcile this forced hand with Apple’s overall commitment to user privacy:

In a statement, Apple said it had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China. It said that while the company’s values don’t change in different parts of the world, it is subject to each country’s laws.

I’ve written several times previously about my discomfort with a handful of predominantly Californian companies controlling the flow and storage of much of the world’s data. For Chinese citizens, though, it was potentially beneficial to have the American legal system as a barrier for information requests.

See Also: Apple’s iCloud security overview, which appears to be the same in China, but also hasn’t been updated in about six months.