Automattic Is Doing Some Weird Stuff With Users’ Public Data

Jason Koebler and Samantha Cole, 404 Media:

Almost every platform has some sort of post “firehose,” API, or way of accessing huge amounts of user posts. Famously, Twitter and Reddit used to give these away for free. Now they do not, and charging access for these posts has become big business for those companies. This is just to say that the existence of Automattic’s firehose is not anomalous in an internet ecosystem that trades on data. But this firehose also means that the average user doesn’t and can’t know what companies are getting direct access to their posts, and what they’re being used for.

I am not particularly surprised to learn that public posts on blogs are part of a massive feed, but I am shocked it is not as obvious that self-hosted WordPress sites with Jetpack installed are automatically opted into it as well. For something as popular as Jetpack is — over five million users, according to its installation page — I was surprised by how infrequently this has been mentioned: aside from privacy policies and official documentation, I found a 2013 article on the Next Web, a Reddit comment from a few years ago, and a handful of content marketing specialists suggesting it helps with search optimization.

After avoiding questions from 404, Automattic says it is “winding down” firehose access.

Samantha Cole, 404 Media:

Tumblr and are preparing to sell user data to Midjourney and OpenAI, according to a source with internal knowledge about the deals and internal documentation referring to the deals.

The exact types of data from each platform going to each company are not spelled out in documentation we’ve reviewed, but internal communications reviewed by 404 Media make clear that deals between Automattic, the platforms’ parent company, and OpenAI and Midjourney are imminent.


  • We currently block, by default, major AI platform crawlers — including ones from the biggest tech companies — and update our lists as new ones launch.


We are also working directly with select AI companies as long as their plans align with what our community cares about: attribution, opt-outs, and control.

  • We will only share public content that’s hosted on and Tumblr, and only from sites that haven’t opted out.

  • We are not including content from sites hosted elsewhere even if they use Automattic plugins like Jetpack or WooCommerce.

I am not sure which crawlers are currently being blocked or how that is being accomplished, but it does not appear to be in WordPress blogs’ robots.txt files.

The New York Times comprehensively blocks known machine learning crawlers, which you can verify by viewing its robots.txt file; the crawlers we are interested in are listed near the bottom, just above all the sitemaps. That is also true for Tumblr. But when I checked a bunch of sites at random — by searching “ inurl:2024” — I found much shorter automatically generated robots.txt files, similar to WordPress’ own. I am not sure why I could not find a single blog with the same opt-out signal.

What is implied in Automattic’s disclosure is how it is preparing to switch Tumblr and WordPress blogs from the current opt-in model to an opt-out one. Both platforms have been popular among artists and I am not sure they would expect their contributions to become fodder for machines.

Then again, that is true for everybody who has ever posted anything on the web: it is all training data now, unless you can explicitly say otherwise.

Apple Now Says Never Mind, Progressive Web Apps Will Continue to Work in WebKit in the E.U.

Two weeks ago, Apple confirmed it would roll back the capabilities of Progressive Web Apps in the E.U. to the days of iPhone home screen bookmarks. It said it would need to do this to comply with the Digital Markets Act, implying it interpreted alternative browser requirements to apply equally to web apps:

[…] Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

However, in an update to that page, Apple is now undoing this regression, as noted by Chance Miller, 9to5Mac:

With today’s announcement, Apple has reversed course and said that Home Screen web apps will continue to exist as they did pre-iOS 17.4 in the European Union. “This support means Home Screen web apps continue to be built directly on WebKit and its security architecture, and align with the security and privacy model for native apps on iOS,” Apple explains today.

This means that all Home Screen web apps will still be powered by WebKit, regardless of whether the web app is added using Safari or not – exactly as it works today and has for years.

Apple is framing this as a decision it made because it is just so dang nice — “[w]e have received requests to continue to offer support for Home Screen web apps in iOS, therefore we will continue to offer the existing Home Screen web apps capability”. If this is true, that means its earlier statement must have been wrong — there was no legal rationale for web app regressions, only a preference.

A more likely explanation is that the DMA is complicated and Apple is still figuring out what changes it mandates in iOS. This is a big package of legislation that needs interpretation. Apple’s lawyers now seem to think PWAs can still be WebKit-only. Whether regulators will agree is something we will find out when iOS 17.4 is released and, at the same time, whether Apple was correct to blame the law.

Update: Michael Acton, Financial Times:

The European Commission welcomed Apple’s announcement, saying that it had “directly or indirectly” received more than 500 complaints about the company’s original plan.

“Contrary to Apple’s public representation, the removal of Home Screen Web Apps on iOS in the EU was neither required, nor justified, under the Digital Markets Act,” a commission spokesperson added.

A version of this entire debacle which is fair to Apple is that it misunderstood its obligations, and would never have degraded PWAs in the E.U. if not for its too-careful interpretation of the law. But it does not get to take credit for undoing its mistake.

Canadian Competition Bureau Expands Its Investigation Into Google’s Advertising Practices

Today’s announcement from the Competition Bureau reveals an expansion in the scope of its investigation into Google’s advertising business, something it has been looking into for over three years. One of the problems faced by regulators like these is the sheer scale of an operation like Google’s, and it should not be a surprise that these things take considerable time, effort, and money.

Even so, they are important. Corporations need to know their business resides within legal norms, and their anticompetitive practices can still be restricted. Whether it is necessary to continuously expand the scope is a great question and I hope to see an answer in whatever final report is produced by the Bureau. Perhaps there is no good way of addressing the sole market of video ads — the investigation’s original subject — without also looking into the multiple other business layers Google has constructed.

The trial for similar allegation in the United States wrapped up in November, and it will be adjudicated later this year. E.U. authorities told Google last year it would need to sell part of its ad business. In the U.K., an investigation is ongoing, while French regulators penalized Google in 2021.

Project Titan’s Cancellation Seems to Have Broken Some Brains

Even though it has only been a couple of days since word got out that Apple was cancelling development of its long-rumoured though never confirmed car project, there have been a wave of takes explaining what this means, exactly. The uniqueness of this project was plenty intriguing because it seemed completely out of left field. Apple makes computers of different sizes, sure, but the largest surface you would need for any of them is a desk. And now the company was working on a car?

Much reporting during its development was similarly bizarre due to the nature of the project. Instead of leaks from within the technology industry, sources were found in auto manufacturing. Public records requests were used by reporters at the Guardian, IEEE Spectrum, and Business Insider — among others — to get a peek at its development in a way that is not possible for most of Apple’s projects. I think the unusual nature of it has broken some brains, though, and we can see that in coverage of its apparent cancellation.

Mark Gurman, of Bloomberg, in an analysis supplementing the news he broke of Project Titan’s demise. Gurman writes that Apple will now focus its development efforts on generative “A.I.” products:

The big question is how soon AI might make serious money for Apple. It’s unlikely that the company will have a full-scale AI lineup of applications and features for a few years. And Apple’s penchant for user privacy could make it challenging to compete aggressively in the market.

For now, Apple will continue to make most of its money from hardware. The iPhone alone accounts for about half its revenue. So AI’s biggest potential in the near term will be its ability to sell iPhones, iPads and other devices.

These paragraphs, from perhaps the highest-profile reporter on the Apple beat, present the company’s usual strategy for pretty much everything it makes as a temporary measure until it can — uhh — do what, exactly? What is the likelihood that Apple sells access to generative services to people who do not have its hardware products? Those odds seem very, very poor to me, and I do not understand why Gurman is framing this in the way he is.

While it is true a few Apple services are available to people who do not use the company’s hardware products, they are exclusively media subscriptions. It does not make sense to keep people from legally watching the expensive shows it makes for Apple TV Plus. iCloud features are also available outside the hardware ecosystem but, again, that seems more like a pragmatic choice for syncing. Generative “A.I.” does not fit those models and it is not, so far, a profit-making endeavour. Microsoft and OpenAI are both losing money every time their products are used, even by paying customers.

I could imagine some generative features could come to Pages or Keynote at, but only because they were also added to native applications that are only available on Apple’s platforms. But Apple still makes the vast majority of its money by selling computers to people; its services business is mostly built on those customers adding subscriptions to their Apple-branded hardware.

“A.I.” features are likely just that: features, existing in a larger context. If Apple wants, it can use them to make editing pictures better in Photos, or make Siri somewhat less stupid. It could also use trained models to make new products; Gurman nods toward the Vision Pro’s Persona feature as something which uses “artificial intelligence”. But the likelihood of Apple releasing high-profile software features separate and distinct from its hardware seems impossibly low. It has built its SoCs specifically for machine learning, after all.

Speaking of new products, Brian X. Chen and Tripp Mickle, of the New York Times, wrote a decent insiders’ narrative of the car’s development and cancellation. But this paragraph seems, quite simply, wrong:

The car project’s demise was a testament to the way Apple has struggled to develop new products in the years since Steve Jobs’s death in 2011. The effort had four different leaders and conducted multiple rounds of layoffs. But it festered and ultimately fizzled in large part because developing the software and algorithms for a car with autonomous driving features proved too difficult.

I do not understand on what basis Apple “has struggled to develop new products” in the last thirteen years. Since 2011, Apple has introduced the Apple Watch, AirPods, Vision Pro, migrated Macs to in-house SoCs causing an industry-wide reckoning, and added a bevy of services. And those are just the headlining products; there are also HomePods and AirTags, Macs with Retina displays, iPhones with facial recognition, a range of iPads that support the Apple Pencil, also a new product. None of those things existed before 2011.

These products are not all wild success stories, and some of them need a lot of work to feel great. But that list disproves the idea that Apple has “struggled” with launching new things. If anything, there has been a steady narrative over that same period that Apple has too many products. The rest of this Times report seems fine, but this one paragraph — and, really, just the first sentence — is simply incorrect.

These are all writers who cover Apple closely. They are familiar with the company’s products and strategies. These takes feel like they were written without any of that context or understanding, and it truly confuses me how any of them finished writing these paragraphs and thought they accurately captured a business they know so much about.

Joe Biden Signs Executive Order Intended to Restrict Data Sales to ‘Countries of Concern’

U.S. President Joe Biden today signed an executive order, previously covered, which intends to limit the sale and distribution of Americans’ sensitive data to “countries of concern”:

To address this threat and to take further steps with respect to the national emergency declared in Executive Order 13873, the order authorizes the Attorney General, in coordination with the Secretary of Homeland Security and in consultation with the heads of relevant agencies, to issue, subject to public notice and comment, regulations to prohibit or otherwise restrict the large-scale transfer of Americans’ personal data to countries of concern and to provide safeguards around other activities that can give those countries access to sensitive data. […]

According to a fact sheet (PDF) from the U.S. Department of Justice, six countries are being considered for restrictions: “China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela”. The sensitive data which will be covered includes attributes like a person’s name, their location, and health and financial information.

This sounds great in theory, but it will be difficult to enforce in practice as data brokers operating outside the U.S. will not have the same restrictions. That is not to say it is useless. However, it is not as effective as creating conditions hostile to this kind of exploitation to begin with. You should not have to worry that your precise location is being shared with a data broker somewhere just because you checked the weather, nor should you need to be extremely diligent in reviewing the specific policies of each app or website you visit.

See Also: Dell Cameron, Wired.

How the Pentagon Learned to Use Targeted Ads to Find Its Targets

Bryon Tau, in an excerpt from his new book “Means of Control”, as published in Wired with a clarification in brackets by me:

Initially, PlanetRisk was sampling data country by country, but it didn’t take long for the team to wonder what it would cost to buy the entire world. The sales rep at UberMedia provided the answer: For a few hundred thousand dollars a month, the company would provide a global feed of [the location of] every phone on earth that the company could collect on. The economics were impressive. For the military and intelligence community, a few hundred thousand a month was essentially a rounding error — in 2020, the intelligence budget was $62.7 billion. Here was a powerful intelligence tool for peanuts.

Locomotive, the first version of which was coded in 2016, blew away Pentagon brass. One government official demanded midway through the demo that the rest of it be conducted inside a SCIF, a secure government facility where classified information could be discussed. The official didn’t understand how or what PlanetRisk was doing but assumed it must be a secret. A PlanetRisk employee at the briefing was mystified. “We were like, well, this is just stuff we’ve seen commercially,” they recall. “We just licensed the data.” After all, how could marketing data be classified?

Government officials were so enthralled by the capability that PlanetRisk was asked to keep Locomotive quiet. It wouldn’t be classified, but the company would be asked to tightly control word of the capability to give the military time to take advantage of public ignorance of this kind of data and turn it into an operational surveillance program.

In the where are they now? vein, UberMedia was acquired by Near, a name you might recognize from recent coverage of how its data was used to target visitors to abortion clinics. Sen. Ron Wyden has requested (PDF) an investigation from the FTC and SEC; the former has been on a roll settling data broker and privacy violations.

Bloomberg: Project Titan, Apple’s Car Project, Has Been Shut Down

Mark Gurman, Bloomberg:

Apple Inc. is canceling a decade-long effort to build an electric car, according to people with knowledge of the matter, abandoning one of the most ambitious projects in the history of the company.

2023 California testing reports, made public earlier this month, showed Apple had been running its cars more than ever. In hindsight and with the context of this news, it looks from the outside like all that was a last-chance effort to assess the likelihood of the project’s success.

This must be devastating for a lot of employees. It is also a testament to Apple’s lack of comment regarding unreleased products. Tim Cook disclosed a little about the company’s efforts in self-driving, though this minor acknowledgement would have come anyway because of those mandatory reports. But because Apple was not, officially, developing a car, it does not need to say anything about the project’s future. Difficult internally, I am sure, but easy in public.

I have to say I am looking forward to the inevitable tell-all article or book. Also, how much do you think Apple wants for the track?

Granular Private Data Is the Foundation of Targeted Advertising, Obviously

What people with Big Business Brains often like to argue about the unethical but wildly successful ad tech industry is that it is not as bad as it looks because your individual data does not have any real use or value. Ad tech vendors would not bother retaining such granular details because it is beneficial, they say, only in a more aggregated and generalized form.

The problem with this argument is that it keeps getting blown up by their demonstrable behaviour.1 For a recent example, consider Avast, an antivirus and security software provider, which installed to users’ computers a web browser toolbar that promised to protect against third-party tracking but, in actual fact, was collecting browsing history for — and you are not going to believe this — third-party tracking and advertising companies on behalf of the Avast subsidiary Jumpshot. It was supposed to be anonymized but, according to the U.S. Federal Trade Commission, this “proprietary algorithm” was so ineffective that Avast managed to collect six petabytes of revealing browsing history between 2014–2020. Then, it sold access (PDF):

[…] For example, from May 2017 to April 2019, Jumpshot granted LiveRamp, a data company that specializes in various identity services, a “world-wide license” to use consumers’ granular browsing information, including all clicks, timestamps, persistent identifiers, and cookie values, for a number of specified purposes. […]

One agreement between LiveRamp and Jumpshot stated that Jumpshot would use two services: first, “ID Syncing Services,” in which “LiveRamp and [Jumpshot] will engage in a synchronization and matching of identifiers,” and second, “Data Distribution Services,” in which “LiveRamp will ingest online Client Data and facilitate the distribution of Client’s Data (i.e., data segments and attributes of its users associated with Client IDs) to third-party platforms for the purpose of performing ad targeting and measurement.” These provisions permit the targeting of Avast consumers using LiveRamp’s ability to match Respondents’ persistent identifiers to LiveRamp’s own persistent identifiers, thereby associating data collected from Avast users with LiveRamp’s data.

We know these allegations due to the FTC’s settlement — though, I should say, these claims have not been proven, because Avast paid a $16.5 million penalty and said it would not use any of the data it collected “for advertising purposes”. The caveat makes this settlement feel a little incomplete to me. While there are other ways aggregated personal data can be used, like in market research, it does not seem Avast and Jumpshot were all that careful about obtaining consent when this software was first rolled out. When they did, the results were predictable (PDF):

Respondents had direct evidence that many consumers did not want their browsing information to be sold to third parties, even when they were told that the information would only be shared in de-identified form. In 2019, when Avast asked users of other Avast antivirus software to opt-in to the collection and sale of de-identified browsing information, fewer than 50% of consumers did so.

I am interpreting “fewer than 50%” as “between 40–49%”; if 18% of users had opted in, I expect the FTC would have said “fewer than 20%”. Most people do not want to be tracked. For comparison, this seems to be at the upper end of App Tracking Transparency opt-in rates.

I noted the LiveRamp connection when I first linked to investigations of Avast’s deceptive behaviour, though it seems Wolfie Christl beat me to the punch in December 2019. Christl also pointed out Jumpshot’s supply of data to Lotame, something the FTC also objected to. LiveRamp’s whole thing is resolving audiences based on personal information, though it says it will not return this information directly. Still, this granular identity resolution is not the kind of thing most people would like to participate in. Even if they consent, it is unclear if they are fully aware of the consequences.

This is just one settlement but it helps illustrate the distribution and mingling of granular user data. Marketers may be restricted to larger audiences and it may not be possible to directly extract users’ personally identifiable information — though it is often trivial to do so. But it is not comforting to be told collected data is only useful as part of a broader set. First of all, it is not: there are existing albeit limited ways it is possible to target small numbers of people. Even if that were true, though, this highly specific data is the foundation of larger sets. Ad tech companies want to follow you as specifically and closely as they can, and there are only nominal safeguards because collecting it all is too damn valuable.

  1. Well, and also how weird it is to be totally okay with collecting a massive amount of data with virtually no oversight or regulations so long as industry players pinky promise to only use some of it. ↥︎

When Is Journalism Hacking?

When I linked to Tim Burke’s indictment yesterday, I compared the ridiculousness of the case to Josh Renaud’s near-indictment for viewing the source of a webpage. I missed an obviously more analogous and equally outrageous case: that of Aaron Swartz.

Sarah Jeong, of the Verge,

[…] Swartz was prosecuted for scraping JSTOR, a paywalled academic database that could be freely accessed on MIT’s campus network. Theoretically, his access began to “exceed authorization” when he signed into the network as Gary Host (G. Host, or Ghost), and then when, after campus IT attempted to block his computer for excessive server requests, he spoofed his DNS.

These are disproportionate consequences for actions which are, at worst, mischievous, not criminal. And we need a little mischief.

Sponsor: Magic Lasso Adblock: Incredibly Private and Secure Safari Web Browsing

Online privacy isn’t just something you should be hoping for – it’s something you should expect. You should ensure your browsing history stays private and is not harvested by ad networks.

By blocking ad trackers, Magic Lasso Adblock stops you being followed by ads around the web.

Magic Lasso Adblock screenshot

It’s a native Safari content blocker for your iPhone, iPad, and Mac that’s been designed from the ground up to protect your privacy.

Rely on Magic Lasso Adblock to:

  • Remove ad trackers, annoyances, and background crypto-mining scripts

  • Browse common websites 2.0× faster

  • Double battery life during heavy web browsing

  • Lower data usage when on the go

So, join over 280,000 users and download Magic Lasso Adblock today.

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

Timothy Burke Indicted on Ridiculous Conspiracy Charges

Justin Garcia, Dan Sullivan, Jay Cridlin, and Olivia George, Tampa Bay Times:

Tampa media consultant Tim Burke was charged Thursday with 14 federal crimes related to alleged computer hacks at Fox News.


According to the indictment, Burke and an unnamed person used “compromised credentials” to access and save protected commercial broadcast video streams, then disseminate specific clips after taking steps to mask where they came from and how they were obtained.

The indictment, thankfully embedded by the Times, makes it sound like Burke was some master hacker. But in an interview with Mathew Ingram of Columbia Journalism Review, Burke’s defence attorney Mark Rasch has a different explanation:

Here’s what we know: Fox News does the Kanye West–Tucker Carlson interview. They broadcast two hours of it. At the same time, Fox, like many other broadcasters, are livestreaming continuously to many different entities — to their affiliates, and so on — and these live feeds are in high definition and encrypted. But at the same time, they are also broadcasting low-definition, unencrypted feeds. They’re internet addressable, with no user ID and password required. All you need to know is the URL.

There are third-party sites that transmit these live feeds as a service. They have password-protected websites. And in this case, somebody on the internet provided Tim with the publicly posted user ID and password for a demo account on one of these services that are used by broadcasters. So Tim logs in to the site, and the site automatically downloads to his computer a list of all the livestreams on the site. The important thing to note here is that those livestreams did not require a user ID and password to access them, just a URL.

If this is as described, it is as idiotic to treat Burke as a criminal it was for Missouri Governor Mike Parson to go after a journalist who viewed the source of a webpage and reported it was leaking teachers’ Social Security Numbers. Charges were not filed in that case but the prosecutor left dangling a suspicion that it was still illegal. Now, there is Burke being charged with fourteen counts for similarly bogus reasons, and questioning whether what he does is actually journalism. It is nonsense.

Oh, and there is a Vice connection.

Vice Is Dead

Alexander Saeedy and Alexandra Bruell, Wall Street Journal:

Vice Media said it would stop publishing content on its flagship website and plans to cut hundreds of jobs, following a failed effort by owner Fortress Investment Group to sell the embattled digital publisher and its brands.

From the internal memo sent by Bruce Dixon, Vice CEO:

We create and produce outstanding original content true to the Vice brand. However, it is no longer cost-effective for us to distribute our digital content the way we have done previously. Moving forward, we will look to partner with established media companies to distribute our digital content, including news, on their global platforms, as we fully transition to a studio model. As part of this shift, we will no longer publish content on, instead putting more emphasis on our social channels as we accelerate our discussions with partners to take our content to where it will be viewed most broadly.

The way Vice has “distributed [its] digital content […] previously” is by having a website. That it is not “cost-effective” to run a website is creating rumours that it is about to be shuttered without any real effort at preservation.

This is a real shame; Vice had some of the best privacy and security coverage in the industry. I am sure I have referenced the site’s work at least dozens of times. Its record is imperfect, especially recently, but it has published solid, creative reporting for decades. Four of its former writers founded 404 Media last year, and other have found new gigs. Still, if all these articles disappear from everywhere but the Internet Archive, it will be a deep loss.

iMessage Encryption Standard to Be Updated to Protect Against Quantum Computing

Apple, in a post credited to Security Engineering and Architecture:

Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.

Do note, as you read through this post, that the different security levels shown are an Apple invention, not an industry standard.

This sounds like a huge leap forward — a way of cryptographically securing today’s data on today’s devices against future threats from future computers. It is both an affirmation of Apple’s dedication to even hypothetical security threats, and a political statement.

Yet I am left with many questions. Apple says this protocol will begin rolling out with the public releases of iOS 17.4, iPadOS 17.4, MacOS 14.4, and WatchOS 10.4 — missing from that list is VisionOS, though I am not sure I should read anything into that — but it is not clear to me if these operating systems are required for PQ3 encryption. In other words, if a device has not been updated or cannot be updated to these software versions, does that preclude messages from being encrypted using this protocol? If so, that might be true of all iMessage contacts, and it does not appear there is any way of knowing which encryption protocol is being used.

Furthermore, is this protocol defeated by regular iCloud backups — those to an account without Advanced Data Protection — through the same loophole as existing iMessage end-to-end encryption? It does not seem to me that Apple’s goal has ever been to entirely prevent law enforcement access. But it is notable if all this protection against quantum computer decoding is also capable of being defeated by legal demand or, indeed, legal threat. Even so, I have a hunch how this news will be received by anti-encryption authorities.

These are among the many questions I have for Apple, and I expect to hear more as this update approaches its release. However, I do not think I will get an answer to the thing I am most curious about: is a protocol similar to PQ3 going to be used by Apple to secure other end-to-end encrypted data against future threats? It would make sense.

I Thought It Might Be Hard to Replace My 27-Inch iMac Given Apple’s Current Desktop Lineup, But It Actually Seems Great (Adjusted for Inflation)

When I bought my mid-2017 iMac, I had assumed I would get eight to ten years of updates from it, similar to my mid-2012 MacBook Air. Alas, just four years after it was on my desk, Apple deemed it unworthy of running MacOS Sonoma, which means I have begun looking at desktop replacements on a slightly more urgent timetable. Not today, mind you, and hopefully not for a while — but my desk will need something new eventually.

And it will be very different because Apple now only makes one iMac. The 27-inch model used to fill an in-between prosumer role for those who needed more power, but could not afford or justify something like the Mac Pro.1 It has been an ideal computer for me, and I want to at least match it spec-for-spec: a 27-inch display, top-of-the-line CPU, 1 TB of internal storage, and 64 GB of RAM. Mine cost CAD $3,750, with two caveats:

  1. I bought it refurbished, which saved me CAD $350.

  2. I got the best spec I could in every way except storage — a terabyte is fine for me — and RAM, which I left at the base 16 GB configuration. I then paid CAD $346 from Amazon for 64 GB of RAM, which I was able to install myself.

    One might protest, saying this is an unfair comparison, to which I would respond: yes, that is kind of the point. There is no longer an option to install aftermarket upgrades of any kind, which means Apple should give users a reason to trust its pricing.

For complete fairness, however, I will compare only new non-refurbished prices, and I will use U.S. dollars to prevent currency conversion issues. If I had bought this computer in this spec from Apple in a not-refurbished state, in the United States, it would have cost me USD $4,500. (For the record, $1,400 of that cost is from upgrading the stock 16 GB of RAM to 64 GB. This was robbery even by 2017 standards.)

Ideally, I will be able to match the price I paid for my iMac and, to be even fairer, I will adjust for inflation: about USD $5,500 is my target. So let us start with the simplest issue: the display.

Since the iMac of today is no longer viable due to its single size, my contenders are the Mac Mini, the Mac Studio, and the Mac Pro. All of these will require an external display, and if I want to match my iMac’s 5K Retina display, the choices are infamously poor. Aside from Apple’s Studio Display, there are two other options: LG’s UHD UltraFine and Samsung’s ViewFinity S9. The LG monitor is $1,300 and, as I understand it, still unreliable, while the Samsung is the same price as Apple’s at $1,600. Since I would likely end up with either of the latter, my target computer costs $3,900 or less.

I can write off the Mac Pro because it starts at $7,000, even though its base spec satisfies my requirements. With a Studio Display, the total bill is nearly double what my iMac would have cost. The Mac Mini is no good, either, because its RAM ceiling is just 32 GB. Please do not send me email about how 32 GB of Apple’s special memory is equivalent to 64 GB of standard RAM.

That leaves the Mac Studio. The model with the best Ultra system-on-a-chip comes standard with the RAM and storage spec I want, but it is $5,000. With a display, it will be over a thousand dollars above my inflation-adjusted target. But hang on, because the CPU upgrade is $1,000 on its own; with the base Ultra SoC, I am just above the inflation-adjusted budget. That is close enough for my books, and a surprising result: you can now get the second-best SoC available on any Mac with a display for basically the same as the highest-end 2017 iMac.

Remember, too, that the iMac I bought was nowhere near the fastest model Apple introduced in 2017 — that was the iMac Pro, which started at $5,000, but with 32 GB of RAM. Upgrading that to 64 GB would have cost $800, and I have not even factored in inflation. The spiritual successor to the iMac Pro is probably the Mac Studio with an Ultra SoC, and it is less expensive at the same spec — including a display — than the iMac Pro used to be.

Perhaps that makes the Mac Studio with the Max SoC the successor to the 27-inch high-spec iMac models. As of writing, a Mac Studio configured with 64 GB of RAM, a 1 TB SSD, and the best Max SoC available is $2,800. Add a display, and you are looking at a setup $100 less expensive than the non-inflation-adjusted list price of my iMac.

These are all expensive computers, and I still think Apple charges way too much for RAM — though at least upgrading from 32 to 64 GB is now just $400. But this is a way better situation than I had expected. I thought I would be in a very difficult buying situation when it comes time to replace my beloved iMac without a direct equivalent. But writing this article as a way of working out my options has me feeling pleasantly surprised.

Now just wait a moment as I take a sip of water and look at the pricing in the Canadian store.

  1. If you are a little bit old, you may remember a time when the performance Mac tower was almost affordable. The Power Mac G5, for example, started at USD $2,000, and the highest standard configuration was $3,000. Adjusted for inflation, that is under $5,000 for Apple’s highest-performance Mac. ↥︎

RCMP’s Collection of Open-Source Information Under ‘Project Wide Awake’

Bryan Carney, the Tyee, March 2019:

The RCMP has been quietly running an operation monitoring individuals’ Facebook, Twitter, Instagram and other social media activity for at least two years, The Tyee has learned.


“There is a position taken that this is public information and does not constitute private information, and that is an inaccurate assessment of the way that Canadian law assess public and private in this country as far as I’m concerned,” he [Chris Parsons of Citizen Lab] said.

Carney, of the Tyee, in a November 2020 followup article:

A 3,000-page batch of internal communications from the RCMP obtained by The Tyee provides a window into how the force builds its capabilities to spy on internet users and works to hide its methods from the public.


Back on Dec. 28, 2016, the RCMP ordered “optional goods” — extra software and features — in a Babel X contract found in the documents, but the list was blanked out. No contract or procurement documents naming Babel X appeared on Public Services and Procurement Canada websites until 2020.

Last year, the U.S. Office of the Director of National Intelligence published a report acknowledging it collects vastly more information than it needs for immediate investigative purposes.

Philippe Dufrense, Privacy Commissioner of Canada, in the introduction to a similarly scathing report about the RCMP’s Project Wide Awake program, published Thursday:

These issues are at the heart of the Office of the Privacy Commissioner of Canada’s (OPC) investigation into the Royal Canadian Mounted Police’s (RCMP) Project Wide Awake initiative.

The initiative uses privacy impactful third-party services to collect personal information from a range of sources, including social media, forums, the dark web, location-based services and fee-for-access private databases. The data is used for a variety of policing purposes, including investigating suspected unlawful activity, locating missing persons, identifying suspects, detecting threats at public events attended by high-profile individuals, and maintaining situational awareness during an active situation.

The OPC’s investigation identified concerns related to both accountability and transparency, namely that the RCMP did not take the necessary steps to ensure that the personal information collection practices of all of its service providers were compliant with Canadian privacy law.

The Commissioner found possible violations of privacy law, particularly with the use of Babel X, and says the office made three specific recommendations, “none of which were accepted by the RCMP”. Alas, this office has little recourse; Facebook and Clearview could simply ignore the results of similar investigations.

Apple’s 2023 Report Card

It is that time of year again. A panel of smart people, and also me, have completed Jason Snell’s annual survey of how we think Apple is doing when it comes to products, services, and social obligations.

The grades I gave were generally aligned with the rest of the panel — just look at that steep drop in the iPad’s grade, for good reasons. Where I seem to differ from many other people, based on the average grade, is in software quality.

I remain disappointed by how poorly Apple’s software often works for me. A MacOS Ventura update last year introduced a strange problem where my MacBook Pro would seize up any time HDR media was displayed, similar to problems early in the product’s release. No amount of troubleshooting fixed it until I upgraded to MacOS Sonoma which, alas, introduced new issues of its own, like notifications that sometimes fade onscreen instead of animating from the right, and text drawing problems. Smaller details, to be sure, but it all adds up to fragile experience. I routinely see graphical inconsistencies, hanging first-party applications, Siri problems, and insufficient contrast across all Apple devices I use.

My expectations are not that high. I only wish MacOS, in particular, would not feel as though it was rusting beneath the surface.

Sponsor: Magic Lasso Adblock: 2.0× Faster Web Browsing in Safari

Want to experience twice as fast load times in Safari on your iPhone, iPad, and Mac?

Then download Magic Lasso Adblock — the ad blocker designed for you. It’s easy to set up, blocks all ads, and doubles the speed at which Safari loads.

Magic Lasso Adblock is an efficient and high performance ad blocker for your iPhone, iPad, and Mac. It simply and easily blocks all intrusive ads, trackers, and annoyances in Safari. Just enable to browse in bliss.

Magic Lasso screenshot

By cutting down on ads and trackers, common news websites load 2× faster and use less data.

Over 280,000+ users rely on Magic Lasso Adblock to:

  • Improve their privacy and security by removing ad trackers

  • Block annoying cookie notices and privacy prompts

  • Double battery life during heavy web browsing

  • Lower data usage when on the go

And unlike some other ad blockers, Magic Lasso Adblock respects your privacy, doesn’t accept payment from advertisers, and is 100% supported by its community of users.

With over 5,000 five star reviews, it’s simply the best ad blocker for your iPhone, iPad, and Mac.

Download today via the Magic Lasso website.

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

Apple Demotes Progressive Web Apps to Bookmarks for E.U. Users in iOS 17.4

James Moore, Open Web Advocacy:

We have been alerted that Apple has broken Web App (PWA) support in the EU via iOS 17.4 Beta. Sites installed to the homescreen failed to launch in their own top-level activities, opening in Safari instead. This demotes Web Apps from first-class citizens in the OS to mere shortcuts. Developers confirmed the bug did not occur outside the EU.


The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

Michael Tsai:

Apple had two years or so to prepare for the DMA, but they “had to” to remove the feature entirely (and throw away user data) rather than give the third-party API parity with what Safari can do. I find the privacy argument totally unconvincing because the alternative they chose is to put all the sites in the same browser. If you’re concerned about buggy data isolation or permissions, isn’t this even worse?

Manton Reece:

Apple repeatedly talks about these “600 new APIs” as if it is a favor to developers, but it was Apple’s choice to handle it this way. For example, to comply with the DMA’s requirements on sideloading or marketplaces, Apple could’ve chosen a system similar to installing apps from TestFlight. This would require zero new APIs for developers, just as TestFlight itself has no new APIs when building a beta version of your app.

Apple created the new APIs — a significant number in MarketplaceKit alone — so that they would have control over distribution. By both reviewing marketplaces and requiring that marketplaces use new APIs to install apps, Apple can track app install numbers, allowing them to invoice developers the new €0.50 Core Technology Fee. The new APIs help Apple, not developers.

Apple has long promoted web apps as an open and free — as in speech — alternative to the more restrictive policies of the App Store. No matter why Apple made this decision, it is trading the inherently competitive web for third-party browser engines and app distribution for reasons that, as Reece explains, are difficult to believe.

To be clear, web apps will still work in the E.U. because, well, they are websites. But the gulf between them and native apps will be wider than it is elsewhere since none of the six hundred new APIs are for making Progressive Web Apps work with third-party browser engines.

OpenAI Announces Sora, a Text-to-Video Generator


We explore large-scale training of generative models on video data. Specifically, we train text-conditional diffusion models jointly on videos and images of variable durations, resolutions and aspect ratios. We leverage a transformer architecture that operates on spacetime patches of video and image latent codes. Our largest model, Sora, is capable of generating a minute of high fidelity video. Our results suggest that scaling video generation models is a promising path towards building general purpose simulators of the physical world.

I am linking to the research page for Sora; the overview page has other examples but is less descriptive. Unfortunately, reading this research is difficult because, for me in Safari, the many lazy loading embedded videos cause the scroll position to move around unexpectedly.

The products of Sora are far more impressive than this janky webpage suggests. It is hard not to be in awe of how far these systems have progressed and what they are now able to do — from whole-cloth generation to more nuanced examples like extending the runtime or changing a video’s setting.

Meta Still Cannot Explain Which Posts Are ‘Political’

Oliver Darcy, in CNN’s Reliable Sources newsletter, asked Meta what it meant by “political” posts:

The Meta spokesperson, instead, offered this vague statement: “Informed by research, our definition of political content is content likely to be about topics related to government or elections; for example, posts about laws, elections, or social topics. These global issues are complex and dynamic, which means this definition will evolve as we continue to engage with the people and communities who use our platforms and external experts to refine our approach.”

The statement only raised more questions than answers. A lot can be categorized under the banner of “social topics.”

Even though Adam Mosseri said people will still see posts from users they follow regardless of whether they contain some undefinable “political” topics, I have seen plenty of questions about the likelihood of this ranking change affecting all “political” posts. It is a fair concern, especially since there is no way for Threads to default to showing only posts from people a user follows.

A timeline based on rankings and suggestions requires a great deal of trust — something which Meta lacks. Lacking a clear definition for what is being moderated differently does not help.

Gurman: Apple Is Still Working on Generative Tools in Xcode

Mark Gurman, Bloomberg:

Apple Inc., racing to add more artificial intelligence capabilities, is nearing the completion of a critical new software tool for app developers that would step up competition with Microsoft Corp.

The company has been working on the tool for the last year as part of the next major version of Xcode, Apple’s flagship programming software. It has now expanded testing of the features internally and has ramped up development ahead of a plan to release it to third-party software makers as early as this year, according to people with knowledge of the matter.

“Racing”, in the sense that it has been developing this for at least a year, and its release will likely coincide with WWDC — if it does actually launch this year. Gurman’s sources seem to be fuzzy on that timeline, only noting Apple could release this new version of Xcode “as early as this year”, which is the kind of commitment to a deadline a company takes if is is, indeed, “racing”.

Sixth paragraph:

Apple shares, which had been down as much 1.5%, briefly turned positive on the news. They were little changed at the close Thursday, trading at $183.86. Microsoft fell less than 1% to $406.56.

Some things never change.

The High Cost of Uber’s Small Profit

Paris Marx:

After being unable to turn a profit for well over a decade, Uber seems to have finally gotten there. But it didn’t do it by building a sustainable business that benefits all its stakeholders. To get to this point, it fired thousands of workers, hiked the prices for its millions of customers, and further turned the screws on the people most important to its business: the drivers and delivery workers. They need to suffer so investors can get a $7 billion share buyback and a maybe even a dividend.

Uber only seems to work financially if it behaves less like an aspirational tech company and more like a logistics broker flexing its leverage.

Data Broker Near Intelligence Linked Visits to Hundreds of Planned Parenthood Locations and Anti-Abortion Ad Campaign

Alfred Ng, Politico:

A company allegedly tracked people’s visits to nearly 600 Planned Parenthood locations across 48 states and provided that data for one of the largest anti-abortion ad campaigns in the nation, according to an investigation by Sen. Ron Wyden, a scope that far exceeds what was previously known.


Wyden’s letter asks the Federal Trade Commission and the Securities and Exchange Commission to investigate Near Intelligence, a location data provider that gathered and sold the information. The company claims to have information on 1.6 billion people across 44 countries, according to its website.

Scrutiny over Near Intelligence first began at the Markup before the Wall Street Journal reported how its data was used for this ad campaign.

Data brokers like Near provide the critical link that allows precise targeting for ad campaigns like this one. People are overwhelmingly concerned about the exploitation of their private data, yet have little understanding of how it works. It is hard to blame anyone for finding this industry impenetrable. That makes it easier for data brokers like Near to dampen even the most modest attempts at restricting their business and, because regulators have limited legal footing on privacy grounds, they must resort to finding procedural infractions. It is like Al Capone’s imprisonment on tax offences.

An effective privacy framework would make it more difficult for third parties to collect users’ data, would limit its use, and would require its destruction after it has served its purpose. Unfortunately, a policy like that would also destroy the data broker industry, sharply curtail Silicon Valley advertising giants, and limit intelligence gathering efforts. So, instead, users must nominally consent and pretend they — we — have meaningful control.

European Commission Finds iMessage, Bing, Edge and Microsoft Ads Are Not Gatekeepers

The European Commission:

Yesterday, the Commission has adopted decisions closing four market investigations that were launched on 5 September 2023 under the Digital Markets Act (DMA), finding that Apple and Microsoft should not be designated as gatekeepers for the following core platform services: Apple’s messaging service iMessage, Microsoft’s online search engine Bing, web browser Edge and online advertising service Microsoft Advertising.


The non-confidential versions of the decisions will be published under cases DMA.100015, DMA.100024, DMA.100028 and DMA.100034 on the Commission’s DMA website.

The DMA case ’24 is actually related to Meta’s messaging services; I believe the iMessage decision will be published at ’22 when confidential information has been removed. One data point sure to be scrubbed is the precise number of iMessage users in the E.U., which Apple says falls below the governance threshold of 45 million regular users plus ten thousand business users. Based on some rough back-of-the-envelope math, I assume Apple is leaning heavily on a lack of business users to make its case.

Messaging client interoperability remains a particularly controversial imposition as end-to-end encryption must work between first- and third-party clients. That likely entails some kind of plugin architecture to avoid exposing secrets. I do not expect Apple to take advantage of third-party compatibility.

On another note, it sure is an interesting time in which the browser Microsoft ships with Windows and aggressively pushes — outside of Europe — is used so infrequently it is not considered a gatekeeper but Apple’s default browser is. It feels like some “Freaky Friday” nostalgia.

An Oral History of Apple’s ‘1984’ Macintosh Ad

Saul Austerlitz, New York Times (unlocked link if you need it):

In recent interviews, several of the people involved in creating the “1984” spot — [Ridley] Scott; John Sculley, then chief executive of Apple; Steve Hayden, a writer of the ad for Chiat/Day; Fred Goldberg, the Apple account manager for Chiat/Day; and Anya Rajah, the actor who famously threw the sledgehammer — looked back on how the commercial came together, its inspiration and the internal objections that almost kept it from airing. These are edited excerpts from the conversations.

I had no idea the crowd was comprised of real fascists who, apparently, fought with each other on set.

Government of Canada Says It Will Improve Vehicle Theft Prevention Technologies

The Government of Canada today announced it would ban the Flipper Zero, a product which allows users to explore wireless signals under 1 GHz, hardware protocols, and infrared. That is the headline story emerging from yesterday’s National Summit on Combatting Auto Theft. But there is more to talk about.

There has been a significant spike in car thefts in Canada. (I am unable to link to the specific chart but, if you select “total theft of motor vehicle” from the “Violations” list, you will see the increase that occurred in 2022, and which has likely continued to rise.) These are not thefts of Hyundais and Kias because vehicle immobilizers have been required since 2007. Notably, the 105,673 auto thefts which occurred in 2022 — the most recent year reported by Statistics Canada — remains well below the 146,000 reported in 2007.

The main difference is in which cars are stolen. The top three cars are fairly typical, but at number four are Lexus RX models, and number five are Toyota Highlanders. The Range Rover came in at number eight, but take a look at the theft frequency: nearly four percent of insured vehicles were reported stolen. These cars often end up being exported.

Which brings me to the parts of the Government’s press release that actually interest me:

Additionally, the Government of Canada is using the tools and authorities it has to further curb auto theft:


  • Transport Canada will modernize the Canadian Motor Vehicle Safety Standards to ensure they consider technological advancements to deter and prevent auto theft. […]

This, and a further statement pledging to “work with Canadian companies, including the automotive industry, to develop innovative solutions to protect vehicles against theft”, give me hope for a more secure standard that will help in the same way immobilizers did in 2007. Keyless entry exploits are not a new phenomenon. You can almost count on the subject appearing at DEF CON annually. Manufacturers have failed to take this seriously and stricter standards are overdue. Alas, there are currently no specifics and, it should be noted, millions of cars on the road in Canada will remain vulnerable even after new security requirements are introduced.

Meta Says Threads Users Will Not Be Recommended ‘Political’ Posts From Accounts They Do Not Follow

Sara Fischer, Axios:

Meta will not “proactively recommend political content from accounts you don’t follow” on Threads, the company said in a statement provided to Axios.


Users who post political content can check their account status to see whether they’ve posted too much of it to be eligible for recommendation.

Fischer says Meta is using the same policies it has used for Facebook and Instagram, which Meta describes in vague terms:

As part of this, we aim to avoid making recommendations that could be about politics or political issues, in line with our approach of not recommending certain types of content to those who don’t wish to see it.

Still, there is a fundamental question: what are “political issues”? I looked through Meta’s documentation without finding a good answer. Does any topic which has been politicized count? Are all posts about global warming, trans rights, healthcare, and intellectual property law considered political, or just those which advocate for a particular position? If advocacy is demoted, it likely benefits the status quo and creates a conservative bias by definition. Surely the answer is not to restrict people telling stories which could be construed as politically motivated. Would a post arguing the advantages and disadvantages of different types of stoves be demoted depending on which specific disadvantages are listed for gas stoves? Is this something Meta is able to reproduce in different regions?

An investigation last year by Jeff Horwitz, Keach Hagey, and Emily Glazer of the Wall Street Journal was illuminating in highlighting the consequences of testing different policy adjustments on Facebook in 2021–2022:1

Just testing the broad civic demotion on a fraction of Facebook’s users caused a 10% decline in donations to charities via the platform’s fundraising feature. Humanitarian groups, parent-teacher associations and hospital fundraisers would take serious hits to their Facebook engagement.

An internal presentation warned that while broadly suppressing civic content would reduce bad user experiences, “we’re likely also targeting content users do want to see….The majority of users want the same amount or more civic content than they see in their feeds today. The primary bad experience was corrosiveness/divisiveness and misinformation in civic content.”

The actual problem Meta has is that users spend time in the fun house mirror maze of its recommendations and the real world. Politicians operating in bad faith use nuanced issues circulating on social media platforms as an opportunity to create publicity materials that, in turn, perform well on those same platforms. Ideological obligations transform fact-based policy into thoughtless dunking.

Meta is in this mess because it believes it should recommend things to users it think they might find interesting. It transformed its platforms from opt-in systems where users affirmatively agree to see posts from particular users and topics into places where they must take steps to exclude unwanted things from their feed. It puts Meta in a position where it influences what users see, something which many people find objectionable when it does not comport with their values.

As a reminder, Meta says this only affects the recommendations of posts from accounts users do not follow. You should still see posts from the reporters, pundits, and activists you follow which, if you follow any, are likely ideologically consistent. Oh, and Meta still sells a way for people and organizations to advocate directly.

  1. Another tidbit from this story:

    The company is still debating whether it should also restrict how it promotes other types of content. When newsfeed dialed back the reward for producing inflammatory posts on politics and health, some publishers switched to more sensationalistic crime coverage.

    I wonder if this partly explains that wave of panicked shoplifting stories↥︎

Microsoft Will End Mixed Reality Support in Windows Later This Year

Amanda Langowski and Brandon LeBlanc of Microsoft:

Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 26052 to the Canary and Dev Channels.


Plugging in to use a Windows Mixed Reality headset will not work starting with this build. Windows Mixed Reality is no longer available to users as Windows Mixed Reality has been announced as deprecated. This includes the Mixed Reality Portal app, and Windows Mixed Reality for SteamVR and Steam VR Beta. Existing Windows Mixed Reality devices will continue to work with Steam through November 2026, if users remain on their current released version of Windows 11 (version 23H2) and do not upgrade to this year’s annual feature update for Windows 11 (version 24H2). This deprecation does not impact HoloLens.

Perfect timing to pull back from this space.

Lawsuit Alleges Wrongly Accused Person Landed in Jail Thanks to Facial Recognition False Positive, Then Assaulted

Matthew Gault, Vice:

In January of 2022, Harvey Murphy was arrested and thrown in jail while trying to get his driver’s license renewed at a local DMV. According to a $10 million lawsuit Murphy has since filed, a “loss prevention” agent working for a Sunglass Hut retail store used facial recognition software to accuse Murphy of perpetrating an armed robbery at a store in Houston, Texas. In reality, Murphy was more than 2,000 miles away at the time of the robbery.

According to a lawsuit 61-year-old Murphy has filed against Macy’s and Sunglass Hut, “he was arrested and put into an overcrowded maximum-security jail with violent criminals. While in jail trying to prove his innocence, he was beaten, gang-raped, and left with permanent and awful life-long injuries. Hours after being beaten and gang-raped, the charges against him were dropped and he was released.”

Via Tim Cushing, Techdirt:

Law enforcement loves to portray detentions that only last “hours” to be so minimally detrimental to people’s rights as to not be worth of additional attention, much less the focus of a civil rights lawsuit. But it only takes seconds to violate a right. And once it’s violated, it stays violated, even if charges are eventually dropped.

As usual, nobody is posting the original text of the lawsuit, so I pulled a copy myself.

What happened to Murphy is obviously the product of several failures at a human level. However, it is hard for me to believe any of this would have materialized without a false positive facial recognition which, allegedly, was conducted by EssilorLuxottica and Macy’s, not law enforcement. Even for the regulation reluctant, this must be one area where much stricter oversight and policies are enforced.

Update: I adjusted the headline for clarity.

Wide Lightning

iFixit has been tearing down Apple’s Vision Pro, and there is much to look at in this thing. There are jam-packed boards if you are into nitty-gritty details, there are many complicated parts sandwiched together, and there are the “highest-density displays [iFixit has] ever seen”.

So I think I will focus on the strange connector used at the pack end of the battery.

Charlie Sorrel, in “part one” of the iFixit teardown:

On the left side is the proprietary battery cable connection, which snaps into place with a magnet and then twists to lock. We understand why Apple used a non-standard connector here, even if we don’t love it — at least it can’t be yanked out by a passing child, or when the cord inevitably catches on your chair. But the plug at the other end of the cable is unforgivable. Instead of terminating with a USB-C plug, it connects to the battery pack with what looks like a proprietary oversized Lightning connector, which you release using a paperclip or SIM-removal tool.

This connector means that you can’t just swap in the USB-C battery pack you already own. Lame.

It only took four days and the second part of the iFixit teardown for Sorrel to suggest some reasons for the use of a proprietary connector:

The pack is also outputting a non-USB-standard 13 volts to keep up with the Vision Pro’s processing demands, which is one explanation for the bespoke “big Lightning” cable — so you don’t accidentally plug other devices in and fry them. It also explains why you can’t just plug it straight into a USB-C battery pack. In fact, the Vision Pro’s battery pack has enough tech to act as an uninterruptible power supply, providing it specific, clean power even when plugged into the wall.

Oh, so maybe it does not seem so “unforgivable”?

Whether Apple would have used a USB-C connector if it were able to make the headset’s power demands compliant with the typical voltage of a USB-C device is something you can speculate about if you would like. It seems to me that Apple’s choice of a non-USB-C connector might not require it to use something proprietary; there are other options. But this seems entirely fair in context. The Vision Pro is not compatible with standard batteries, but the power bank it comes with does have a standard connector on it. It sure is a bizarre connector, though.

Chris Dixon’s ‘Read Write Own’

Molly White, following an excoriating review of venture capitalist Chris Dixon’s new book on her Citation Needed newsletter, which is a great name I would steal if I had a time machine:

Although there are no footnotes marked in the text, I was briefly pleased to find a section for notes at the end of the book, where Dixon does lightly cite various sources — mostly news articles, and many from crypto media outlets. However, my relief that I might be able to easily fact-check the long list of questionable claims I had noted quickly faded as I discovered that citations were included to verify things like his statement that “people hated the irritating alien Jar Jar Binks”, and not the much bolder claims he makes throughout. Many claims go completely unsubstantiated, and one subsection — the one on “Blockchain networks” — cites just one source (for the epigraph).

Even knowing that Dixon is an extraordinarily influential and wealthy person, White’s review makes it sound like this is some self-serving promotional nonsense he must have self-published. In actual fact, it appears to be some self-serving promotional nonsense from the “world’s largest English-language general trade book publisher”. Judging by the feedback Dixon is receiving, it seems to be good enough for the true believers.

How Apple Is Demonstrating the Vision Pro

Michael Steeber:

Compared to other new platforms, Apple is relatively early to the spatial computing category in a consumer context. In addition, Apple Vision Pro is intensely personal, much more so than even the Apple Watch. Trying your buddy’s Vision Pro is more like trying on their shoes than playing with their iPhone: it might work if you’re the same size, but it’s going to be awkward and maybe even a little bit gross.

All of this makes a great demo absolutely critical. That’s mostly new ground for Apple. Even the Apple Watch demo experience was essentially a more sophisticated and personal way to try the product and explore band options. Today, it’s not even possible to walk into an Apple Store and hold Vision Pro without an appointment.

This is a good look at what it is like to try a Vision Pro in one of Apple’s stores — something those of us outside the United States are unlikely to experience for many months. Even if you are uncertain about Steeber’s frankly fawning coverage of the retail experience, it is worth your time to understand how such a unique and personal device can be shown to so many people in a relatively organized fashion. This is unlike any product Apple has tried to sell in its stores and, so, demands an entirely different approach.

Judge Allows FTC Case Against Kochava to Proceed

Suzanne Smalley, the Record:

An Idaho federal judge on Saturday ruled that a Federal Trade Commission (FTC) enforcement action against the data broker Kochava — which the agency asserts sells vast amounts of non-anonymized data belonging to millions of people — may continue, a reversal of a prior ruling to dismiss the case.

Privacy advocates consider the court decision to be significant for several reasons, including that the case is the FTC’s first against a geolocation data broker to be fought in court. The decision also lays the foundation for a widely anticipated FTC rulemaking on commercial surveillance, which could further limit data brokers’ activities.

The FTC, under Lina Khan, is scoring victories for consumers worldwide by beating back data brokers like Kochava and X-Mode, as they cannot be certain they are only collecting data on U.S. customers. If the FTC prevails in this suit, it could put significant restrictions on this industry based on the fundamental principle that exposing private data is inherently subjecting people to potential harm.

Bluesky Opens to the Public

Will Oremus, Washington Post:

“I didn’t see the future,” [Jay] Graber said in an interview Monday, referring to the subsequent ouster of Dorsey as Twitter’s CEO and sale of the company to Elon Musk. “But as I like to say, the captain can always sink the ship.”

Today, Bluesky is opening to the public after nearly a year as an invitation-only app, with Graber as its CEO. With a little over 3 million users, it’s mounting a long-shot bid to take on the company that spawned it — and to set social media on a course that no single captain can control.

Bluesky does not need to become more popular than behemoths like Twitter or Threads to be successful. Twitter itself proved that: it was big, sure, but despite operating nowhere near the scale of Facebook or Instagram, it was disproportionately influential.

Bluesky’s interpretation of a text-based social network is compelling. It is familiar, fast, and feature-rich, without being overwhelming. I just wish there was a good Mac app. If you have not had an opportunity to check it out, now is a great time. I will bury my five unused invitation codes alongside the 99 Gmail invites I never used.

Update: I finally got an account set up for this website so you can follow it on Bluesky if you would like. A reminder of the Mastodon account too, which will probably work on Threads whenever it federates.

Fixing Google’s Most Recent Pixel Storage Issue Requires Developer Tools and the Command Line

Thomas Claburn, the Register, in October:

Bug reports filed to Google’s Issue Tracker on October 17 and 24 describe Pixel 6 and Pixel 7 devices that can no longer access locally stored photos and other documents, or conduct updates, because the hardware reports having no space to store files. They also describe being stuck in a loop of constant reboots.

More than 500 comments have been posted to the October 17 thread, many from Pixel device owners who claim they too have been affected.

Joe Hindy, PC Magazine, November 7:

The storage glitch essentially locked affected Pixel owners out of local storage if they had multiple users, including guests, restricted profiles, and child users (but not if they just had more than one Google account on the device). At worst, the bug caused boot loops that made the phone totally inoperable without a factory reset, which erased data that had not been backed up.

After releasing a Google Play system update to patch it temporarily, Google this week launched its monthly software update for November 2023, which should fix the issue on the Pixel 6, Pixel 6a, 6 Pro, 7, 7 Pro, 7a, Tablet, Fold, Pixel 8, and Pixel 8 Pro.

Ron Amadeo, Ars Technica, last week:

Google has another fix for the second major storage bug Pixel phones have seen in the last four months. Last week, reports surfaced that some Pixel owners were being locked out of their phone’s local storage, creating a nearly useless phone with all sorts of issues. Many blamed the January 2024 Google Play system update for the issue, and yesterday, Google confirmed that hypothesis. Google posted an official solution to the issue on the Pixel Community Forums, but there’s no user-friendly solution here. Google’s automatic update system broke people’s devices, but the fix is completely manual, requiring users to download the developer tools, install drivers, change settings, plug in their phones, and delete certain files via a command-line interface.

Like the October problem, this seems to disproportionately impact devices with multiple user profiles, according to Amadeo. And, like those past Pixel problems and the Google Drive issues in November, the only support many users were able to find for days was in communal commiseration on user forums.

Secretive Intelligence Firm With Alberta Government Contract Reveals Limitations of Public Disclosures

Ethan Cox, Ricochet:

On Thursday, February 1 a strange tweet was sent from the Twitter account of Welund, a secretive multi-national surveillance company run by former law enforcement and intelligence operatives with a track record of spying on activists and public figures.

“Obstruction charge against Indigenous journalist Brandi Morin proceeds,” read the tweet, linking to an article on Welund’s intelligence platform — an article that can only be accessed by corporations, law enforcement agencies and governments who pay huge sums to access Welund’s “intelligence.”

It seems kind of strange for Welund to be tweeting a stream of locked-down links. Surely there must be a better front-end for clients to follow the latest relevant news from within this platform, right? Weird stuff.

I am linking to this article primarily because it shows how obfuscated and unaccountable these private intelligence firms are. For example:

Another wrinkle is that Welund’s services are offered in a format designed to thwart access to information requests. Instead of sending intelligence reports to government officials by email, they publish them on their own secure site, where government officials are able to sign in and access them. Because the documents are never in the possession of the government, they can’t be compelled to disclose them.

Cox also found Welund’s connection to the Alberta government through a barely documented branch known as the Provincial Security and Intelligence Office. According to a description on page 153 of 2022–2023 government estimates (PDF), it is overseen by the Chief Firearms Office; it is not mentioned in the current year estimates (PDF). The most comprehensive public explanation of the PSIO can be found on page 22 of the transcript of a March 2022 hearing (PDF). I would not assume the government is being deliberately withholding. Rather, this is likely one of those cases where even standard government transparency is not enough to understand the powers and decisions made by this Office.

Of course, it could be worse. Cox:

[…] multiple subsidiary companies are often created to decrease the likelihood of journalists or others piecing together the business relationship between such a company and government, law enforcement or other clients. We’ve identified at least four distinct business entities that all trace back to Welund, including Foresight Reports, Welund North America Ltd. and Falling Apple Solutions.

This is a clever tactic. If a contract is between some minor office within an agency and a consulting firm instead of, say, directly between an agency and a private intelligence firm, it makes it harder to track spending. For example, if you were looking at this agreement between Public Works and Government Services Canada and Carahsoft, you would not be aware it is for Palantir access unless you also searched the contract number and found Carahsoft’s press release.

This required transparency is better than the entirely voluntary private sector. The vast majority of us have zero insight into the supply chains and contractors for everything we buy. But the public sector could do a better job of ensuring visibility into the true nature of every party in a contract. Also, the Alberta government should more fully disclose its intelligence services, and they should not be spying on journalists.

There is one thing I am not certain of from Cox’s investigation:

Welund also did not respond to a request for comment sent last night, but within minutes of our request being sent the tweet referencing Brandi Morin was deleted from their Twitter feed.

Then, after we sent comment requests to the government bodies this morning, their entire site was locked down. Instead of the landing page detailing their services that previously greeted visitors, their site now leads only to a secure login portal for clients.

The first part of this quote is entirely correct; the tweet was removed from Welund’s account. So far as I can tell, the second claim — that the company locked out an inquiring public — is questionable.

Like many websites, Welund’s can be accessed via http and https protocols but, unlike most, visiting the https one is entirely different. The http version contains the same marketing page as appears in Cox’s report and which, this article says, was “locked down” following inquiries. The https version redirects to the sign-in page. In Safari, I can access both pages no problem. However, in the Chromium-based Vivaldi, the http version redirects to the https version because it automatically “upgrades” connections. Archived versions of Welund’s website from last year exhibit the same behaviour.

It seems plausible to me this was the reason why Welund’s website appeared to be closed off, though I am not sure how Cox would have seen the http version first. (Perhaps in a different browser?) I have flagged this for Ricochet in an email. Right now, Welund’s stripped-down site — a classic trait of bizarrely successful government contractors — works fine for me if you view it in a browser which still supports http connections.

The Layoffs Will Continue Until Morale Improves

Bobby Allyn, NPR:

Now in 2024, tech company workforces have largely returned to pre-pandemic levels, inflation is half of what it was this time last year and consumer confidence is rebounding.

Yet, in the first four weeks of this year, nearly 100 tech companies, including Meta, Amazon, Microsoft, Google, TikTok and Salesforce have collectively let go of about 25,000 employees, according to, which tracks the technology sector.

Paul Farhi, the Atlantic, on Tuesday this week:

For a few hours last Tuesday, the entire news business seemed to be collapsing all at once. Journalists at Time magazine and National Geographic announced that they had been laid off. Unionized employees at magazines owned by Condé Nast staged a one-day strike to protest imminent cuts. By far the grimmest news was from the Los Angeles Times, the biggest newspaper west of the Washington, D.C., area. After weeks of rumors, the paper announced that it was cutting 115 people, more than 20 percent of its newsroom.

Sara Fischer, Axios, one day later:

The Messenger, a digital news startup that launched with $50 million in funding last May, plans to shut down operations, a source familiar with the situation told Axios Wednesday.

There is a huge roundup of coverage of the Messenger’s failure in today’s issue of Today in Tabs. While many layoffs have been conducted poorly, the Messenger shut down with another level of brutality, to the extent that former staff are suing.

There are an awful lot of tech workers and journalists whose jobs have been taken from them this year. It is only the first of February. The reasons behind the layoffs in each sector are different; Allyn notes how shareholders are rewarding the tech companies eliminating jobs. The pain, however, is the same.

Tim Cook, Apple CEO, Is ‘Really Excited’ for Apple’s New Product

On the eve of Apple’s Vision Pro release, Vanity Fair published a preview from Nick Bilton. It is a fun, light-touch article, notable mostly for its photos of Tim Cook wearing the headset, answering a perplexing obsession.

Bilton interviewed Cook about the Vision Pro and got a glimpse into how Apple describes its origins “maybe six, seven, or even eight” years ago.1 It is predictable, but the text I bolded in this paragraph caught me off guard:

It was at Mariani 1, a nondescript low-rise building on the edge of the old Infinite Loop campus with blacked-out windows. This place is so secret, it’s known as one of Apple’s “black ops” facilities. Nearly all of the thousands of employees who work at Apple have never set foot inside one. There are multiple layers of doors that lock behind and in front of you. But Cook is the CEO and can go anywhere. So he strolls past restricted rooms where foldable iPhones and MacBooks with retractable keyboards or transparent televisions were dreamed up. Where these devices, almost all of which will never leave this building, are stored in locked Pelican cases inside locked cupboards.

These products are certainly from Bilton’s imagination even though they are presented as though they exist. Its inclusion alongside stuff Cook apparently told him makes the piece land somewhere between fiction and documentary, in an uncanny valley of access journalism. That does not mean it is not an entertaining piece to read, though.

Alberta Government Proposes Discriminatory Policies Against Trans Youth

Paula Tran, Global News:

In a social media post on Wednesday afternoon, Alberta Premier Danielle Smith said the government will require parental notification and consent if a child 15 years or younger changes their name and pronouns at school.

In the video on X, formerly known as Twitter, Smith said parents of children aged 16 and 17 will not need to consent to the changes but will need to be notified.

These are only the start of a long list of unsubstantiated policies aimed at discriminating against trans youth. Yet Smith’s video wraps them in the language of civil rights and inclusion. It is an unsettling effect.

Smith’s specific objections are a grab bag of familiar grievances, none of which are supported by experts in this field. An article published last year by Evan Urquhart is a good if U.S.-centric overview of common beliefs; Calgary’s Skipping Stone Foundation has a list of resources, too. Smith’s policy proposal is purely based on vibes, which means it cannot be disputed with facts. Kids in this province will feel the disproportionate hurt it will cause. Smith had the gall to claim her goal was “depoliticizing” the rights of transgender kids in this province by inserting politics between patients and doctors.

From a joint statement issued by Egale Canada and Skipping Stone Foundation:

The draconian measures announced run directly counter to expert guidance and evidence, violate the constitutional rights of 2SLGBTQI+ people, and will lead to irreparable harm and suffering.

Egale and Skipping Stone will bring legal action to protect our communities.

Canadian Women and Sport also expressed their firm disagreement.

Making a PDF Page Larger Than Germany

A few weeks ago, I shared on Mastodon one of my favourite Wikipedia graphics: an image on the PDF article which purportedly shows the maximum size of a page in Acrobat. I would like to correct the record.

Alex Chan (via Andy Baio):

Some version of this has been floating around the Internet since 2007, probably earlier. This tweet is pretty emblematic of posts about this claim: it’s stated as pure fact, with no supporting evidence or explanation. We’re meant to just accept that a single PDF can only cover about half the area of Germany, and we’re not given any reason why 381 kilometres is the magic limit.

I started wondering: has anybody made a PDF this big? How hard would it be? Can you make a PDF that’s even bigger?

Without spoiling things, it turns out pages can be considerably larger if you use Preview, and I do mean considerably.

Preview — now there is another piece of software that ought to have been on my list of favourite MacOS applications.

The George Carlin Mechanical Turk

Justin Ling, on January 12:

In a hour-long special, I’m Glad I’m Dead, [George] Carlin returns to talk reality TV, AI, billionaires, being dead, mass shootings, and Trump.

It premiered to horrified reviews. Carlin’s daughter called the special an affront to her father: “Humans are so afraid of the void that we can’t let what has fallen into it stay there,” she wrote on Twitter. Major media outlets breathlessly reported on the special, wondering if it was set to harken in a new era of soulless automation.

This week, on a very special Bug-eyed and Shameless, we investigate the Scooby Doo-esque effort to bring George Carlin back from the dead — and prank the media in the process.

Ling was one of few reporters I saw who did not take at face value the special was, as claimed, a product of generative “artificial intelligence”. Just one day after exhaustive coverage of its release, Ling published this more comprehensive investigation showing how it was clearly not a product of “A.I.” — and he was right. That does not absolve Dudesy of creating this mockery of Carlin’s work in his name and likeness, but the technological story is simply false.

Cory Doctorow:

The modern Mechanical Turk — a division of Amazon that employs low-waged “clickworkers,” many of them overseas — modernizes the dumbwaiter by hiding low-waged workforces behind a veneer of automation. The MTurk is an abstract “cloud” of human intelligence (the tasks MTurks perform are called “HITs,” which stands for “Human Intelligence Tasks”).

This is such a truism that techies in India joke that “AI” stands for “absent Indians.” Or, to use Jathan Sadowski’s wonderful term: “Potemkin AI”:

This Potemkin AI is everywhere you look. […]

Doctorow is specifically writing about human endeavours falsely attributed to machines, but the efforts of real people are also what makes today’s so-called “A.I.” services work, something I have often highlighted here. There is nothing wrong, per se, with human labour powering supposed automation, other than the poor and unstable wages they are paid. But there is a yawning chasm between how these products are portrayed in marketing and at a user interface level, the sight of which makes investors salivate, and what is happening behind the scenes.

By the way, I was poking around earlier today trying to remember the name of the canned Facebook phone and I spotted the Wikipedia article for M. M was a virtual assistant launched by then-Facebook in 2015, and eventually shut down in 2018. According to the BBC, up to 70% of M’s responses were from human beings, not software.

Meta’s Quest Could Be the New BlackBerry

Salvador Rodriguez, Wall Street Journal:

Meta Platforms is hoping Apple’s launch of the Vision Pro can reinvigorate its $50 billion metaverse effort, which consumers have yet to widely embrace.


Meta employees see the Quest and its software ecosystem emerging as a primary alternative to Apple in the space, filling the role played by Google’s Android in smartphones, the people said.

The success or, more likely, failure of Meta’s concept of a metaverse should be viewed separately from its ability to sell headsets. If Meta wants to position them as one and the same, it is a less appealing concept to me. One of the things Apple has done very well with the first generation Vision Pro is positioning it as familiar and expected within its futuristic context.

David Heaney, UploadVR:

Android is a semi-open software platform. Any phone maker can integrate the open-source core of Android for free and without permission, and can integrate Google’s services and the Google Play Store by agreeing to certain compatibility criteria and preinstalling Google’s suite of apps.

The Meta Quest platform on the other hand is exclusive to Meta’s own devices. Its strategy is more akin to wanting to be a second Apple than what Google did with Android. That sounds more like BlackBerry than Android, and the market combination of iPhone and Android killed off BlackBerry.

Via Charles Arthur:

Note this implicitly accepts the Vision Pro as the iPhone of XR, which is possible – but it might be the iPad.

If it is the iPad of this world, it implies it may be the leader in a market the public seems uncertain about. Sales-wise, it may not be a bad thing for Apple, but it does require buy-in in a sector where non-tech people seem hesitant. There is a difference between financial success and cultural success.

I noted above the familiarity of the Vision Pro — how it is a benefit that, if you have used an Apple device, you know the apps and services which will be on it. That expectation also applies to the company behind it. Apple is a known quantity. Buyers can be reasonably confident their $3,500 headset will not be abandoned after a couple of years. Meta, conversely, has a poor track record for hardware: its phone collaboration sucked and it scrapped its latest efforts by way of the Portal and an in-development watch. Apparently, it will not be making a second-generation Quest Pro. It has an Apple-like approach to hardware and software integration while taking a Google-like approach to product development. I bet that is not a successful long-term strategy.

Nitter Is Dead

As Twitter becomes more insular and technically unreliable, I have increasingly turned to Nitter, which describes itself as a “free and open source alternative Twitter front-end”. It mirrors posts and profiles, does not require users to be signed in, and is faster than Twitter’s own website.

Naturally, the mechanism behind this is unofficial and seems to rely on a network of Twitter accounts. And, it seems, Twitter is taking them down and cutting off the path by which Nitter worked:

If nothing changes, all remaining instances will go down eventually: Instances rely on guest accounts, which are valid for a certain time and of which you need a ton to run a public instance. The API for this got taken down and it doesn’t look like a fluke this time.

Twitter is unfortunately still a place where newsworthy things happen. I linked to a tweet only yesterday, and I imagine that will continue so long as people keep posting things of relevance there. That is true despite instability on the site; posts, threads, and the entire site often fail to load for me, but Nitter provided an excellent fallback service. Sadly, no longer.

On Being a Luddite

Nathan J. Robinson, of Current Affairs, spoke to Brian Merchant, formerly of the Los Angeles Times, about his book “Blood in the Machine”. Published last year, it tells the history of the Luddites and finds parallels in today’s technologies.

Merchant, in response to a question from Robinson about the widespread misconception that Luddites are merely anti-technology:

Luddism is about questioning who machinery serves. It’s really a question of political economy, of being able to locate exploitative or abusive uses of technology, and in which cases machinery becomes hurtful to commonality. So, as a framework, I think it’s one that we can certainly apply today, which is why I found it so interesting.

This is a worthwhile ongoing pursuit. There are those who insist technology is politically neutral, mere tools, and what we do with it is a separate issue. But it is far more nuanced. There are different incentives when, for example, generative machine learning tools are being used in positions of power compared to when they are used by an outsourced temporary workforce. We ought to always question how new technologies will likely be used, and whose power they will serve.

By the way, Merchant’s book is a good read. Worth checking out.

‘Patternz’ Links Real-Time Ad Bidding to Vast Surveillance

Joseph Cox, 404 Media (this page may be login-walled, which 404 justifies for business reasons):

Hundreds of thousands of ordinary apps, including popular ones such as 9gag, Kik, and a series of caller ID apps, are part of a global surveillance capability that starts with ads inside each app, and ends with the apps’ users being swept up into a powerful mass monitoring tool advertised to national security agencies that can track the physical location, hobbies, and family members of people to build billions of profiles, according to a 404 Media investigation.


Patternz’s marketing material explicitly mentions real time bidding. This is where companies in the online ad industry try to outbid one another to have their ad placed in front of a certain type of user. But a side effect is that companies, including surveillance firms, can obtain data on individual devices such as the latitude and longitude of the device. Patternz says it is analyzing data from various types of ad formats, including banner, native, video, and audio.

It is important to be cautious about the claims made by any company, but especially ones which say they are operating at unprovable scale, and market themselves to receive rich government contracts. It does not seem possible to know for sure whether Patternz really processes ninety terabytes of data daily (PDF), for example, but the company claims it creates a direct link between online advertising networks and global surveillance for intelligence agencies. It does not sound far fetched.

Cox’s story builds upon reports published in November by the Irish Council for Civil Liberties — one regarding Europe (PDF) and a slightly different one focused on the U.S. (PDF). Both of those reports cite exploitations of real-time bidding beyond Patternz. All stories paint a picture of an advertising system which continues to ingest huge amounts of highly personal, real-time information which is purchased by spooks. Instead of agencies nominally accountable to the public monitoring the globe with a sweeping, pervasive, all-seeing eye, there are also private businesses in this racket, all because of how we are told which soap and lawn care products we ought to buy.

Even if you believe targeted advertising is a boon for publishers — something which seems increasingly hard to justify — it has turned the open web into the richest and most precise spyware the world has ever known. That is not the correct trade-off.

Probably worth keeping an eye on a case in California’s Northern District, filed in 2021, which alleges the privacy problems of Google’s real-time bidding system amount to a contract breach.

Sponsor: Magic Lasso Adblock: Incredibly Private and Secure Safari Web Browsing

Online privacy isn’t just something you should be hoping for – it’s something you should expect. You should ensure your browsing history stays private and is not harvested by ad networks.

By blocking ad trackers, Magic Lasso Adblock stops you being followed by ads around the web.

Magic Lasso Adblock screenshot

It’s a native Safari content blocker for your iPhone, iPad, and Mac that’s been designed from the ground up to protect your privacy.

Rely on Magic Lasso Adblock to:

  • Remove ad trackers, annoyances, and background crypto-mining scripts

  • Browse common websites 2.0× faster

  • Double battery life during heavy web browsing

  • Lower data usage when on the go

So, join over 280,000 users and download Magic Lasso Adblock today.

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

Automatic Transcripts Coming to Apple Podcasts

In more Apple news from today — this time unambiguously good — automatic transcriptions of podcasts are coming in iOS 17.4:

Apple automatically generates transcripts after a new episode is published. Your episode will be available for listening right away, and the transcript will be available shortly afterwards. There will be a short delay while we process your transcript. If portions of your episode change with dynamically inserted audio, Apple Podcasts will not display the segments of the audio that have changed since the original transcription. Music lyrics are also not displayed in the transcripts.

Great for accessibility and for finding that one moment in an episode. I prefer Overcast but this is a feature anyone can use occasionally as a kind of personal podcast search engine.

Meet the New Boss

Apple’s response to the E.U.’s Digital Markets Act has arrived. In theory, this is the biggest ever change to the way native apps are distributed and sold on iOS. Between the complexity and caveats, however, this is not a Mac-like software experience on the iPhone — though I am not sure I fully understand what it is.

Let me back up to December 2022. I hate quoting myself but, well, here is something I wrote in response to a Bloomberg report from Mark Gurman about Apple’s Digital Markets Act preparations:

It will be interesting to see how Apple frames this shift for its European customers. It has spent years claiming its first-party App Store policies are a reason why people buy iPhones. While it can continue to promote its own App Store as the best option, it would look silly if it created the impression of reducing security for European users while rolling this out. The same is true of its privacy stance if, as also reported by Gurman, it makes its Find My network more permissive to third-party trackers. Apple may also want to preserve its existing strategy wherever regulators do not require its software and services to be more interoperable, but that could make it look like European customers have more choices than users in, say, the United States — which they probably will.

The answer to this public relations conundrum is found in a bitter press release. The tone is not really a surprise; I guess I would also be frustrated if I were required to change the way my platform has worked for sixteen years. But, still, it is quite something to read paragraphs like this one:

The new options for processing payments and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats. That’s why Apple is introducing protections — including Notarization for iOS apps, an authorization for marketplace developers, and disclosures on alternative payments — to reduce risks and deliver the best, most secure experience possible for users in the EU. Even with these safeguards in place, many risks remain.

Or these two sentences describing how Safari will present a list of third-party browsers on first launch:

This change is a result of the DMA’s requirements, and means that EU users will be confronted with a list of default browsers before they have the opportunity to understand the options available to them. The screen also interrupts EU users’ experience the first time they open Safari intending to navigate to a webpage.

To be fair, confirmation screens are probably not the best way to drive browser diversity. The status quo also sucks: arguably the only reason why Google Chrome is not wholly dominant is because of decisions made by platform vendors like Apple and Microsoft. Then again, the state of the browser market is evidence of how little competition matters when people have familiar choices.

Back to the App Store; Apple is making several changes in the E.U., including:

  • Third-party payment processors can be used within apps, and developers can also link to external payment destinations from within an app.

  • Lowered commission of 10–17%, down from 15–30%, with an optional use of Apple’s payment processor at an extra 3%.

  • Third-party browsers can now use different browser engines.

In addition to these and other E.U.-specific changes, Apple is permitting streaming game apps worldwide.

The headline announcement is the addition of third-party app stores in iOS — and, it seems, only iOS. Apple has built MarketplaceKit to facilitate this, will require Notarization of all applications regardless of distribution channel — which sounds different than the MacOS Notarization process because it involves real people — and has an extensive explanation of its rationale for this system. This is not really “sideloading” or the Mac-esque experience some have been envisioning because these “marketplace apps” — as Apple is calling them — will be the only other way of installing native iOS apps. The way you will get the marketplace apps themselves, Apple says, is via the web, but other kinds of third-party software are not able to be installed on an iPhone this way. In other words, you can download apps from an app store or the App Store.

In the questions-and-answers section near the end, it says its “traditional business model has reflected the value” of the platform, and these new E.U. rules have “separate[d] out the many ways Apple creates value for developers”. To bridge the gap, it will charge a Core Technology Fee of €0.50 under certain conditions, which is in line with what I expected would happen. In its press release today, Apple says almost all developers will pay the same or less, and less than one percent will need to pay the Core Technology Fee. Many of those are probably the massive developers you can immediately think of. Notably, this is the first time entirely free applications will pay any kind of per-user fee to Apple, and it is not cheap.

Developers are not automatically opted into this new arrangement. They will be able to choose whether they stick with the current terms, or agree to the new terms — but the new contract is required to distribute an app through a different marketplace, or to use a different payment processor. In return, developers get lower commission, but must pay the Core Technology Fee if they exceed one million annual E.U. installs of their app.

That is my rundown of these changes and I think I got everything right, but there is a lot I missed out on. I think David Barnard has a very good Twitter thread with more details, and Jason Snell at Six Colors has a good overview. I thought this was a particularly keen observation by Snell:

I have to think that Apple will have a team of security people watching carefully as these features roll out across the EU. But there will also be a team of PR people ready to publicize any incident that feeds into Apple’s narrative about the DMA endangering EU citizens.

I fully expect unscrupulous people will take advantage of this new arrangement and Apple will spread the word. But it is not as though the App Store itself is free of scams; Michael Tsai has an entire category of posts dating back more than a decade. Even if scams make their way into third-party marketplace apps, a real person at Apple has seen and approved them, as explained in the question-and-answer segment:

The Notarization process involves a combination of automated checks and human review to help ensure apps are from credible parties, free of malicious content like malware, function as promised, and don’t expose users to egregious privacy and security risks or fraud.

This is still Apple’s platform and it still wants it to be safe. It remains to be seen whether the E.U. will view today’s announcements as sufficiently compliant with the letter and spirit of the DMA, and I suspect there will be questions about the amount of control Apple will retain, and the Core Technology Fee it will charge.

I have two questions:

  1. Will any of this be worthwhile for developers? If Apple’s numbers are accurate, it makes the E.U. look like a more desirable region for iOS app distribution. At least there are options and choices.

    On a related note, one wonders if it will be beneficial for users. As I wrote in my self-quote above, Apple says the App Store is part of users’ buying decisions. That is, it seems to believe people use iPhones in part because of the way it controls its available software. The problem is that it will be difficult to get a sense of whether users actually value the App Store on its merits if these new features are not popular amongst developers.

  2. Is this foreshadowing similar changes to Apple’s other restricted platforms, or perhaps expanding them worldwide? Earlier today, I would have thought this is a plausible take. But the more I think about it, the more I believe Apple will continue its established path until other governments force a change. I would be happy to be proven wrong, especially if this policy change is ultimately beneficial to developers.

So, knowing all of that, how would one go about getting their hands on these updates? Apple says all of these things will be rolling out in March, and the new APIs and frameworks are included in the iOS 17.4 beta seed released to developers earlier today.

These features are only available to E.U. users, and Apple is being as restrictive with these changes as it is for censorship in China. One cannot simply change their iPhone’s region in Settings to an E.U. member state. As previewed last year, there is a new process that validates feature availability based on, according to Filipe Espósito of 9to5Mac, the billing address on file and the device location, among other qualities.

Still, if Apple can be an Irish company for tax reasons, my iPhone should be able to become Irish for device control reasons.

It does leave me with one final question: how are developers outside the E.U. able to test compliance with these new capabilities? Perhaps I missed this in the documentation, but it seems like this may be one additional restriction to keep these alluring features geographically gated. Pity.

Even if this is not everything developers and advanced users may have hoped for, it is a radical shift for Apple’s non-Mac platforms. There is much to look forward to, and some things to be worried about. Mostly, though, this leaves many questions because of the cautious and confusing approach Apple is taking. There are perhaps good, well-founded reasons for doing so, and I do not think it is always intending to be as brutal as its decisions appear. But Apple’s relationship with developers has been on rocky ground for years and its latest policies are a reminder of the company’s control. Meet the new boss? Well, you know how that goes.

In Praise of Heart and Soul

A little thing I noticed when I was looking up great older Mac software is how much of my appreciation for it was driven by its feel. I put Coda on my list of all-time great Mac software because Panic worked hard to make it feel just right — just the way they had intended. When I look at screenshots of Aperture, I remember how its atmosphere of technical precision was still friendly.

There are plenty of reasons why that is, but I think a major one is their tactile quality. Everything which can be manipulated not only looks like it can, but invites you to do so. And there is no more foundational tactile interface element than a button.

Niko Kitsakis:

This should make it clear why there is a reason that the virtual buttons in our graphical user interface should indeed look like buttons: They should communicate that they can be used. When they just look like icons, they don’t do that.

One objective of the visual interface language introduced in MacOS Big Sur was, according to Alan Dye, to “[reduce] visual complexity to keep the focus on users’ content” which meant, for example, that “buttons and controls appear when you need them, and they recede when you don’t”.

In practice, it means interfaces become ambiguously interactive. A design system of line art glyphs floating in detail-free window chrome makes it easier to create light and dark themes, but it also turns everything into a flavourless smear of grey tones.

One of the great examples of this is Time Machine. Its original aesthetic invited emotional investment in — of all things — backing up your computer. I remember wanting to create a backup just so I could see that interface work. Unfortunately, its current guise is an accurate interpretation of the phrase backup utility, and little more. This is not specifically an argument in favour of decorated, glossy, detailed user interface elements — though I do like those — but it is an argument in favour of craft. Of heart and soul. I know what I am supposed to feel when I look at Time Machine in Leopard. But with this current iteration? I have no idea.

Today’s Time Machine does have one thing going for it compared to many other visual interfaces in MacOS: at least it has buttons that look more-or-less like buttons.

The Mac Turns Forty


CUPERTINO, Calif., January 24, 1984 — Apple Computer today unveiled its much-anticipated Macintosh computer, a sophisticated, affordably priced personal computer designed for business people, professionals and students in a broad range of fields. Macintosh is available in all dealerships now.

Via Stephen Hackett, who highlights a quote in that press release from Steve Jobs (emphasis Hackett’s):

“With Macintosh, the computer is an aid to spontaneity and originality, not an obstacle. It allows ideas and relationships to be viewed in new ways. Macintosh enhances not just productivity, but also creativity.”

That still defines the Mac today, four decades after it was introduced. This is why I fell in love with the Mac in the first place way back at my high school newspaper, and why I still love it today.

Plenty of people have spent this anniversary reminiscing about what the Mac means to them; Michael Tsai has a good roundup. On “Upgrade”, a six-member panel reflected on the best Macs, software, and accessories in a duplicate-free draft format; they also pointed out their “Hall of Shame” moments. It seems a little hacky for me to invite myself to add on but, heck, why not?

Without spoiling the episode, my pick for my favourite Mac has to be the one I am typing this on: the 14-inch M1 MacBook Pro. The laptop is the definitive configuration of a modern Mac, and this model is a near perfect example.

Picking my favourite Mac software is massively difficult. I dug up a seventeen year old hard drive to jog my memory, and it is a long list. From Apple, my picks are: Aperture, Exposé, the original space-themed version of Time Machine, and the ability to type special characters by using the option key. From other developers, my picks are Coda, Homebrew, NetNewsWire, Pulp, Things, and myriad joyful Twitter clients like Bluebird and Twitterrific. I could go on. If I had to pick only one to reincarnate, it would probably be Aperture.

My favourite accessory has to be the 30-inch Cinema Display. The Thunderbolt Display was a worthy successor, but the aspect ratio was just a little better on the original gigantic Apple display.

As for a Hall of Shame thing? That would be the slow but steady encroachment of single-window applications in MacOS, especially via Catalyst and Electron. The reason I gravitated toward MacOS in the first place is the same reason I continue to use it: it fits my mental model of how an operating system ought to work. I love how I can float a bunch of application windows all around my desktop and it still feels organized and workable; when I try to do the same thing on my Windows P.C. at my day job, it is nowhere near as good. Uniwindow applications rob users of the best parts of this model.

Bloomberg: Biden Administration Preparing Order to Restrict Foreign Sales of U.S. Data

Riley Griffin, Bloomberg:

The administration plans to soon unveil the new executive order, which will direct the US Attorney General and Department of Homeland Security to issue new restrictions on transactions involving data that, if obtained, could threaten national security, according to three people familiar with the matter, who asked not to be named as the details are still private.

The draft order focuses on ways that foreign adversaries are gaining access to Americans’ “highly sensitive” personal data — from genetic information to location — through legal means. That includes obtaining information through intermediaries, such as data brokers, third-party vendor agreements, employment agreements or investment agreements, according to a draft of the proposed order.

Like the X-Mode settlement earlier this year, this does not reflect a principled stance on data brokers. The Biden administration has not reached the conclusion that this shady industry trading barely-legal data is terrible for Americans’ privacy and should be abolished. Its objection to the ways in which this information can be used by political adversaries is real, sure, but it can still be made available if passed through intermediaries. There is no reliable way of geofencing the kind of data sold by these brokers; I have found my own (Canadian) personal information in databases of brokers who insist they only hoard details about U.S. citizens.

The only way to effectively restrict this trade is to reduce the amount of data that can be collected. Cut it off at the source.

HP Now Says It Is Blocking Third-Party Printer Ink for Your Protection

Paul Kunert, the Register, September 2022:

The DRM-like mechanism [HP Dynamic Security] resulted in the print hardware returning a message that the carriage was damaged and an HP-branded toner was required. A Dutch ink seller spotted the move, saying the mass rejection was actually set up in March 2016 and the software was activated in September that year.

The Electronic Frontier Foundation then got involved, demanding HP reverse the policy, but this was ignored. However in Australia in 2018, HP offered compensation for not disclosing the software’s impact to customers that bought the devices with the DSF pre-installed or to anyone that received it via the firmware update. A class action settlement was reached in the US last December.

In Europe, a similar settlement was reached in September 2022. However, by March 2023, HP was at it again.

Scharon Harding, Ars Technica:

HP customers are showing frustration online as the vendor continues to use firmware updates to discourage or, as users report, outright block the use of non-HP-brand ink cartridges in HP printers. HP has already faced class-action lawsuits and bad publicity from “dynamic security,” but that hasn’t stopped the company from expanding the practice.

As Harding reports, HP spent years defending this practice as necessary to protect its intellectual property and to provide “the best consumer experience”, which sounds familiar. Ten months and another class action suit later, HP has another rationale to explain away this horrible practice.

Harding again, Ars:

Last Thursday, HP CEO Enrique Lores addressed the company’s controversial practice of bricking printers when users load them with third-party ink. Speaking to CNBC Television, he said, “We have seen that you can embed viruses in the cartridges. Through the cartridge, [the virus can] go to the printer, [and then] from the printer, go to the network.”


HP acknowledges that there’s no evidence of such a hack occurring in the wild. Still, because chips used in third-party ink cartridges are reprogrammable (their “code can be modified via a resetting tool right in the field,” according to Actionable Intelligence), they’re less secure, the company says. The chips are said to be programmable so that they can still work in printers after firmware updates.

In December, the U.S. Federal Trade Commission noted in a blog post it would investigate specious privacy and security justifications for locking out competition:

Where dominant market participants use privacy and security as a justification to disallow interoperability and foreclose competition, the FTC will scrutinize those claims carefully to determine whether they are well-founded and not pretextual, and whether the chosen approach is tailored to minimize anticompetitive impact.

This post was seen by the New York Times as a response to the then-current controversy over Apple’s blocking of Beeper Mini. The lens in the paragraph I quoted above could easily be applied to App Store policies and HP’s printer ink shenanigans, too.

One other thing from that CNBC interview:

Andrew Ross Sorkin: Long-term mode, do you think that the idea of third-party cartridges at all are a bad idea? There should be no third-party market?

Enrique Lores: Our view is that we need to make printing as easy as possible, and our long-term objective is to make printing a subscription.

Kick rocks!

Apple Music Will Pay a Ten Percent Bonus to Artists Who Release Spatial Audio Mixes

Benjamin Mayo, 9to5Mac:

Apple will pay up to 10% more per play in royalties for tracks where a spatial version is available. This is starting with January’s payouts.

Crucially, Apple Music users do not necessarily have to listen in Spatial Audio for the artist to be rewarded with the bonus payout.

I am still iffy about the concept of Spatial Audio tracks. Like previous efforts of mixing music in surround sound, songs work best when it they are recorded with the intention of mixing in Spatial Audio. Is a ten percent bonus on the notoriously stingy payouts of music streaming services worth the effort and cost of songs made in this way?

It is probably worth keeping this tucked in the back of your mind when Apple announces at some point in the future the number of available Spatial Audio tracks.

Vision Curious


A question the technology press loves to ask is some variation of what supplants the smartphone? and the answers are always unsatisfactory. Mainly that is the case because it does not seem like the right question. The smartphone is a near-perfect convergence device that has touched every fibre in the fabric of the world. But I think it is a perennial question because it is a device that still feels new; a personal computer, on the other hand, seems like a permanent fixture. For many people, the computer on our desk or lap feels like it has always been there.

What if it made more sense to ask: what comes after the P.C.?

It is a question worth asking not because the P.C. is old, but because we can ask if there are things which could be done better. That might be something the P.C. does right now, but not as well as we imagine it could, or it is something we wish were possible but is limited by the form factor.

In Apple’s world, the answer to this question seemed to be the iPad. While Apple began referring to the post-P.C. era well before its introduction, the iPad was the device which supercharged ideas about moving beyond the P.C. and doing everything from this new era of mobile-first devices. Yet even though it was a sales hit, particularly in its first few generations, the capabilities of the iPad have been an ongoing struggle and controversy.

Partly that is because of software design choices. iPadOS is built on iOS; it is an evolution of an operating system made for touch screens — which is a good thing — and, more specifically, for touch screen phones. It means every advanced capability we take for granted in MacOS — multitasking, layers of application windows, pointers, multiple display support — has needed to be rethought and rebuilt for a tablet-specific environment. It means we are fourteen years into the iPad experiment and, even though its screen has grown by three diagonal inches since it debuted, it remains a device that still feels connected to the 320 × 480 pixel display it rode in on.


My dad bought his first digital camera in 2004, a Nikon Coolpix 4500. I remember that bizarre swivelling camera design about as well as I remember walking into the store to buy it with him; it also happened to be an authorized Apple reseller.

On one table was an iMac G4 paired with the surprisingly good Pro Speakers. But it was the model on another table I remember most: a Power Mac G5 connected to a 30-inch Cinema Display. I could sit down in front of the “world’s fastest” P.C. and open Safari or iTunes on the world’s biggest display. Even using those boring applications felt like the business when they were projected onto this huge canvas.

Anyone who has cooked with enthusiasm knows how cramping a foolscap-sized cutting board is. Displays are exactly like that. Working on a large, high-resolution screen — just like the one I sat in front of in that Apple reseller twenty years ago — feels almost limitless, constrained only by its two dimensional form.

So what happens if the display and, with it, the impression of the entire computer were abstracted away to create an environment?

Vision Curious

Apple is calling this “spatial computing” — not virtual or augmented reality, though those are components of it. And the device with which it is entering the field is called the “Vision Pro”. That name has been dissected to no end for its suffix, Pro. It implies this is not the version for consumers, but for a more selective group of individuals: specifically, those who have $3,500 in dicking around money. But it is the Vision part of the name that I am most interested in. It is not only describing the computer-in-your-eyes aspect of the product, it conveys to me this is Apple’s perspective on where it thinks personal computing will be heading. This is truly Apple’s vision of the future. Trepidations with this version aside, I think I get it, and I think I am on board.

Even if this product, which is supposed to usher it in, is almost on users’ faces, it still seems so far away. Virtual and augmented reality are, in my mind, part of a brand new industry — but it is not. In 2023, IDC says, 8.1 million headsets were sold worldwide. For comparison, in 2014, the year before the Apple Watch went on sale, less than five million smartwatches and fitness bands were shipped, according to the now-defunct Smartwatch Group. Then Apple molded that segment in its image. Of course, how many smartwatches and headsets are being sold does not tell you how many are actually being used; it is entirely plausible that eight million drawers have a headset stuffed near the back.

Even knowing all of this, I cannot help but feel Apple is redefining the personal computer in a way that has so far eluded other attempts from it and others. Perhaps the eventual Vision line will not entirely replace the Mac, but I could see that being the case for lots of people, not just those who would also find an iPad or an iPhone an acceptable working device. Most of us have jobs that could benefit from having more space, even if we are just spending time in spreadsheets or building an email campaign. Putting a development window and a browser window side-by-side on my 27-inch iMac is workable but cramped. I am imagining how great it could be if I could put those windows all around me, plus more for different browser widths. A desktop projected across an entire field of vision is, in theory, more capable and more elegant than multiple monitors, especially if there is no discernible loss of quality.

At least, that is how it appears from the outside looking in. I have not even glanced at a Vision Pro in person, let alone spent time with one. (That is why this post is titled “Vision Curious”, not “Vision Pro Impressions”.) But it is not hard to see an ambitious roadmap: to one day augment or even replace the Mac with something simultaneously more expansive and more portable. Apple is not the first to think along these lines, but it is the first to have a full stack of hardware, operating system, and applications created specifically for this endeavour. No other company has all of those things; they are all dependent on processors of others’ design, or third-party operating systems — or both.

If I am right — if the intended trajectory of this thing is successful and it one day takes the role of the Mac for many people — the Vision Pro will benefit from a gentle introduction. Face it: computer goggles look real weird. It is probably a big reason for the failure of Google Glass, and why Microsoft’s HoloLens is only used in niche contexts. We have a lot to get used to if this category is to become commonplace, so it helps if users need to learn as few new things as possible. Perhaps the most captivating thing about what I have seen so far is the way Apple presents the software as exactly what you are used to. Even the native VisionOS versions are pitched as “the familiar apps you know and love”. As someone uneasy with this entire product category, this grounding element is important.

Of course, those same apps exist in an entirely new context. This is the part where my curiosity takes over and I have no expectations. I have read as much as I can from those who have used the Vision Pro in what are, as of writing, limited demonstration environments. I am only able to imagine what it feels like to be fully immersed in the article you are reading, a movie you are watching, a game you are playing, or something you are making.

The Vision Pro sure sounds compelling. It looks about as good as computerized ski goggles are capable of, it has some familiar qualities to prevent users from getting completely lost, and all the demo impressions I have read suggest it is a transformative experience.

Hold on, though; here is the catch: while Apple says the Vision Pro is capable of displaying a MacOS environment as a 4K display within the virtual environment, VisionOS is based on iPadOS. Given the system’s design and the way one navigates within it, this is not a surprise. Yet, here I am, already questioning whether VisionOS will be able to keep Safari tabs in memory or if it will reload them after using other applications, like iPadOS has always done. Can Photos in VisionOS create Smart Albums? Heck — can it even display Smart Albums?

Maybe VisionOS is great in ways iPadOS has not yet been able to achieve. I am optimistic. However, my impression from a distance is that a wearable computer with the capabilities of MacOS — though not necessarily running MacOS — is compelling to me, but a wearable computer with the capabilities of iPadOS is less so.

It is not just system abilities at stake, but platform restrictions, too. After Apple announced the unsurprising rules by which it would govern purchases made on iOS via links in third-party apps, I was reminded of how the Mac is an outlier in the company’s platform strategy. Every other operating system Apple makes is based on iOS in technology and policy. The Mac is special by choice. Apple could always extend more advanced operating system functionality to its other devices if it chooses. If Apple’s intention is for this headset to lay the groundwork for a mainstream Mac-adjacent platform, I hope it will not be constrained by console-like policies.

Aside from the platform-specific apprehension of an iPadOS-based product, I have questions about isolation. A headset is also necessarily personal, qualities of which Apple has both leaned into and distanced itself from. In its announcement, Apple mentions the “private […] 4K display” connected to your Mac, but is also careful to explain how “users stay connected with those around them” through the EyeSight display on the headset’s outward-facing plane.

However, none of this permits others to share the same experience. Sometimes, this is desirable, saving us from creative directors peeking at a work in progress and offering their incisive feedback unprompted. Sometimes, though, it creates friction. How many of us watch movies with a partner, or want to collaborate with a group of people on a project, or want to show the friend next to us this really funny video? Apple would probably say there are solutions for these things, like AirDrop, AirPlay, and SharePlay. These little interpersonal moments necessarily become digital.

I do not know that this is good or bad, just radically different. The Wall Street Journal’s Nicole Nguyen wrote about changing interaction standards for headphones, since many have passthrough audio. A fully immersed person is another step up from that. I still think it is only respectful to remove headphones when talking to someone, just like it is always right to always turn the lights off when you are the last person to exit a room.

Apple also makes products that are better tailored to those kinds of situations, and it would be happy to sell you those. Maybe that is the way of the future for a lot of people: more devices for more specific contexts. Smartphones are convergence devices but so are laptops — just ones that are differently capable and less portable. A headset does not replace a P.C. as a do-it-all device for nearly any occasion. However, if you spend most of your computer time alone — and many of us do — it could be an example of a deconvergence device. People love their phones, so why try to replace them? They are a hub around which every other piece of technology revolves, from the headphones and smartwatch you choose to the vast app-centred economic sector.

The things which are piquing my interest and the things I am concerned about are not exclusive to the Vision Pro; lots of tech companies have tried similar concepts. If Apple is putting its weight behind it, it is clearly trying to transform it from a somewhat niche interest to major platform. Definitely not today, maybe not tomorrow, but one day it will be commonplace — or, at least, that is the pitch.

The introduction of the Vision Pro felt entirely different than any recent product from a famously user-conscious company like Apple because this first version is clearly not intended for adoption by millions. Even if Apple sells every single one made this year, it will only be of minor relevance to the company’s total sales. It feels closer to a first draft than most recent all-new Apple products. For the iPad and Apple Watch, for example, none of the first-party apps were shipped in compatibility mode. Its relatively restrained launch reinforces how different the Vision Pro is in its first iteration.1

But a muted debut does not necessarily imply a lack of confidence in this category. On the contrary, I think the first impressions I have seen so far, while carefully choreographed for choice journalists, have been more convincing than an Apple executive’s enthusiastic presentation ever could be. Maybe it is a testament to marketing susceptibility, but this is the first time I have felt a headset like this has made sense. The early Oculus demos I experienced twelve years ago were technically impressive but I did not see how it could fit with what I am interested in. What I have seen from other efforts in the intervening years is a focus specifically on “augmented reality” and “virtual reality”. But gaming is not my bag, and neither is immersion in a “metaverse”, and neither, still, are persistent projections in my eye everywhere I go — as far as I know. But being able to read, write, browse the web, edit photos, and design things on a room-filling scale in high resolution with many of the tools I already use? That is exciting.

Apple’s term for this has been “spatial computing”, and I do not think that is a pure blue ocean invention of language to make it harder to compare Apple’s thing to other headset. It sounds right. There are certainly elements of augmented and virtual reality, but those are components of a more expansive imagination of what can be done when a powerful computer sits millimetres in front of your eyes.

It is poetic for the Vision Pro to ship barely more than a week after the Mac turns forty. I can hardly imagine a world without the Mac and, in a Wired interview with Steven Levy, it seems Greg Joswiak cannot either, saying it is “a product that defines who we are”. I do not think the Mac needs to die for spatial computing to succeed. However, it appears we are at the beginning of another forty-year trajectory, and I am cautiously on board.

  1. It is also the first new platform Apple has introduced in its pandemic-era prerecorded press announcement style instead of an in-person event. ↥︎

Sponsor: Magic Lasso Adblock: 2.0× Faster Web Browsing in Safari

Want to experience twice as fast load times in Safari on your iPhone, iPad, and Mac?

Then download Magic Lasso Adblock — the ad blocker designed for you. It’s easy to set up, blocks all ads, and doubles the speed at which Safari loads.

Magic Lasso Adblock is an efficient and high performance ad blocker for your iPhone, iPad, and Mac. It simply and easily blocks all intrusive ads, trackers, and annoyances in Safari. Just enable to browse in bliss.

Magic Lasso screenshot

By cutting down on ads and trackers, common news websites load 2× faster and use less data.

Over 280,000+ users rely on Magic Lasso Adblock to:

  • Improve their privacy and security by removing ad trackers

  • Block annoying cookie notices and privacy prompts

  • Double battery life during heavy web browsing

  • Lower data usage when on the go

And unlike some other ad blockers, Magic Lasso Adblock respects your privacy, doesn’t accept payment from advertisers, and is 100% supported by its community of users.

With over 5,000 five star reviews, it’s simply the best ad blocker for your iPhone, iPad, and Mac.

Download today via the Magic Lasso website.

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

David Mills Died Aged 85

David Mills, inventor of Network Time Protocol, died this week aged 85.

When I saw the news first at Ars Technica, I confess I had no idea who this person was and, while I was vaguely aware of the importance of synchronized clocks in computing, I had no full appreciation for the work involved or how fraught it is.

Nate Hopper, in a 2022 New Yorker article:

Should Internet time synchronization run on rigorously tested and battle-worn but whimsical and arguably bloated code that someone may still struggle to fully understand, even after devoting decades to it? Or should it be based on a nimbler, less pedantic standard designed by people who can’t agree on what’s best? There won’t be one answer: no open-source author has enforcement power over what implementations companies and system administrators choose to deploy. (According to Stenn, much of the Internet still utilizes version three of N.T.P., which was published in 1992.) Finding consensus can be difficult for both clocks and people. […]

This article reminded me of a list of falsehoods programmers believe about time, which I return to read every now now and again. Not because it is something I need to reference for my work, but only because it is a good reminder of how we often take for granted the most basic building blocks of society.

Something as seemingly straightforward as keeping track of time is, as it turns out, unbelievably complicated. Even if one knows this fact, it can be difficult to fully grasp. Mills was a key part of a group of people who were ultimately able to get enough things synchronized to make modern life possible.

How the Myth of Bitcoin’s Anonymity Was Busted

Andy Greenberg, Wired:

When she had started that process of probing the Bitcoin ecosystem, [Sarah] Meiklejohn had seen her work almost as anthropology: What were people doing with bitcoin? How many of them were saving the cryptocurrency versus spending it? But as her initial findings began to unfold, she had started to develop a much more specific goal, one that ran exactly counter to crypto-anarchists’ idealized notion of bitcoin as the ultimate privacy-preserving currency of the dark web: She aimed to prove, beyond any doubt, that bitcoin transactions could very often be traced. Even when the people involved thought they were anonymous.

This is an excerpt from Greenberg’s 2022 book “Tracers in the Dark” which, like virtually everything Greenberg writes, I enjoyed immensely.

Regarding the Data Protection Review Court

The U.S. Department of Justice, in November:

Last October, the Attorney General issued regulations creating the DPRC [Data Protection Review Court] within the Office of Privacy and Civil Liberties at the Department of Justice. The DPRC serves as the second level of the new redress process established by the President through Executive Order 14086, which also strengthened other safeguards for U.S. signals intelligence activities. […]

This court was established after the U.S. passed the CLOUD Act in early 2018, just before the E.U.’s GDPR was to take effect. This was pointed out in a July 2020 Forbes article by Robert E.G. Beens, CEO of Startpage, who goes on to write:

The U.S. economic center of gravity is Silicon Valley. When you think about all the personal data that big tech companies can provide to U.S. government intelligence agencies, it’s not surprising that there was a “long history of close cooperation” between them and intelligence agencies’ offices.

I believe many big tech companies have an immense economic interest in making sure any online privacy regulations are weak and do not limit their business models too much because knowledge, to them, can also equal power.

I stumbled upon this article via a February 2023 Lawfare piece by Paul Rosenzweig, who linked to it in this paragraph:

The DPRC addresses a long-standing grievance among Europeans, who for years have said that they lack an adequate review and redress process for alleged privacy violations by the U.S. government and, most particularly, by the intelligence community. Though many think those complaints overstated, Biden’s executive action nonetheless constituted an effort to mitigate the charge.

Clearly, that is not Beens’ perspective, and a gross distortion of what was argued in that Forbes piece. Nevertheless, Rosenzweig does write about a curious consequence of the DPRC and which complaints against intelligence gathering operations it allows:

A fair assessment of the DPRC must also recognize that, in at least one way, its status as an executive body may be a net benefit to European complainants. This is because Europeans will have standing to bring their challenges and have them heard on the merits. Americans in American courts will not.

Rosenzweig cites Clapper v. Amnesty International establishing the inability to find standing for Americans to sue over mass surveillance by the U.S. government. You can learn more about that case over on the Five–Four podcast.

Alfred Ng and John Sakellariadis, Politico:

The court’s location is a secret, and the Department of Justice will not say if it has taken a case yet, or when it will. Though the court has a clear mandate — ensuring Europeans their privacy rights under U.S. law — its decisions will also be kept a secret, from both the EU residents petitioning the court and the federal agencies tasked with following the law. Plaintiffs are not allowed to appear in person and are represented by a special advocate, appointed by the U.S. attorney general.


“90 percent of the cases will never even see that court,” [Max] Schrems said of the DPRC. “If [intelligence agencies] do their jobs well, no one is even going to bring a case because they wouldn’t know they’re under surveillance.”

The secrecy of this court is, much like that of the Foreign Intelligence Surveillance Court, a legal and civil rights nightmare waiting to happen. I cannot see that it matters whether one is more worried about the implications it may have on U.S. law or E.U. citizens, the secrecy is the problem.

A Survey of Popular Apps Currently Compatible With Apple’s Vision Pro

John Voorhees, MacStories:

You see, iPhone and iPad apps are compatible with Apple Vision Pro and made available to its users by default. Developers have to affirmatively opt-out, using App Store Connect if they don’t want their apps to show up in the device’s App Store.

As it turns out, it’s possible to tell if a developer has opted out by using App Store API endpoints. So, with a little help, we built a shortcut to check some of the most popular apps on the App Store. […]

Of forty-six popular apps — all of which you will recognize — all but seventeen have been opted out of compatibility mode. None have a native VisionOS app. One important caveat noted by Voorhees is that all of this could change by February 2. Apple only began allowing submissions of Vision Pro apps last week so it is also possible some of these big-name developers have not submitted new versions, or they are holding native versions until Vision Pro release day.

Still, it is an interesting survey of where things stand right now, particularly for the large list of first-party apps which will be shipping in compatibility mode. Some of them, like Reminders and Stocks, are presumably lower priority applications that do not benefit as much from a spatial experience. But Maps, in particular, seems to me like an application that will be completely different as a VisionOS app and needs more development time.

‘The Tyranny of the Algorithm’

Kyle Chayka, in the Guardian, describes the universalized interior design trends of what he calls post-recession “hipster coffee shops”:

Of course, there have been examples of such cultural globalisation going back as far as recorded civilisation. But the 21st-century generic cafes were remarkable in the specificity of their matching details, as well as the sense that each had emerged organically from its location. They were proud local efforts that were often described as “authentic”, an adjective that I was also guilty of overusing. When travelling, I always wanted to find somewhere “authentic” to have a drink or eat a meal.

If these places were all so similar, though, what were they authentic to, exactly? What I concluded was that they were all authentically connected to the new network of digital geography, wired together in real time by social networks. They were authentic to the internet, particularly the 2010s internet of algorithmic feeds.

This is an excerpt from Chayka’s new book “Filterworld: How Algorithms Flattened Culture”, out this week. I have put myself on the waiting list for it at the library and I am looking forward to reading it, but I am already skeptical of the argument it will make based on what is presented here.

Based on the title, you can probably predict it references Thomas Friedman’s “The World is Flat”, which is a questionable start. Where Friedman proposes an economic playing field he says has been levelled somewhat by globalization and technology, Chayka argues a similar effect has occurred in cultural and expressive terms primarily through algorithmically promoted, sorted, and filtered ideas. On its face, this will be a compelling investigation. I think the role played by automated systems in our understanding of current events needs ongoing serious longform exploration. There have been plenty of books about individual companies, and there have been article-length vibes-based stories, but the only deep exploration in this vein I can remember is Cathy O’Neil’s excellent “Weapons of Math Destruction” from 2016. Chayka seems to present a more recent evaluation.

Unfortunately, my first glimpse of it is this Guardian story. While the book has a more generic title, this excerpt is specifically about the apparent influence of Instagram and Australian café culture on coffee shops and restaurants. Chayka writes that it is not any specific aesthetic quality which is disputable but “the fundamental homogeneity, which became more and more entrenched” in otherwise unrelated areas. But this just sounds like it is describing trends accelerated by the web, not necessarily something impressed upon us by what photos are on someone’s social media feed. The world is full of incongruous architectural, language, branding, and fashion choices — but, then again, it has been for a long time before social media or even the internet. I am curious to read how Chayka expands upon this argument.

Later in this excerpt, there is one more thing I found notable. Chayka, regarding businesses’ use of Instagram:

The effect May observed could be called “follower inflation”. High follower numbers correlate less and less to actual engagement over time, as the platform’s priorities change or the same content tricks stop working. It’s a familiar feeling for all of us who have been on Instagram over the past decade. While it might hurt your ego to receive fewer likes on a selfie, it’s a real financial problem when that follower footprint is how a business makes money, whether it’s a cafe attracting visitors or an influencer selling sponsored content.

What is not established in this piece is whether a business being popular on Instagram necessarily correlates with being popular in real life. Photogenic business features and art exhibitions are something I have written about before, and I still think there is lots to be explored therein. I am sure photo walls and brightly-coloured decor is attractive and lures people in. What keeps them coming back and spreading the word, on the other hand, is a place worth visiting beyond the aesthetics. Some of my favourite places to visit in Calgary have terrible social media presence, but they are constantly busy because they are good.

The New TV

James Meek, London Review of Books:

The​ arcs of the New Hollywood and the new TV are alike. The early optimism of Easy Riders fades when it turns out that American auteurs inspired by the French New Wave aren’t the future of popular big-screen entertainment: instead it’s the merch-rich, tech-heavy, super-franchisable kidult melodramas of the Star Wars series, with their exuberant faux-alien decors, portentous dialogue and reliable income stream. Some of the same processes are happening in TV.

And, now, in streaming services which, as Meek writes, are content to drown users in expensive shows that often fail to fulfill their potential. I particularly liked the part of this essay about the era of prestige television shows defined by anti-heroes.

U.S. Apple Developers Can Now Offer Non-App Store Purchasing Option

Juli Clover, MacRumors:

Apple is making major changes to its U.S. iOS App Store policies, and developers are now able to direct customers to a non-App Store purchasing option for digital goods. Apple is allowing apps to feature a single link to a developer website that leads to an in-app purchase alternative, but Apple plans to continue to collect a 12 to 27 percent commission on content bought this way.

Clover says it and Apple says it but I feel compelled to emphasize this one point: this is a U.S.-only capability. In the Netherlands, Apple permits dating apps — and only dating apps — to use a similar entitlement, or a different one that permits in-app purchases with another payment system. Soon, Apple will be enabling sideloading for E.U. users, a capability I could see coexisting with the Dutch entitlements, and it seems likely Japanese regulators could demand the same.

Developers sure will have a lot of paperwork to complete in the near future if they want to take advantage of these additional capabilities. Apple is creating this bureaucracy because it says this is how it gets paid to develop iOS; Judge Yvonne Gonzalez Rogers found, on page 114 of her decision (PDF) Apple’s arguments were “pretextual, but not to the exclusion of some measure of compensation”. I find that line questionable mainly because Apple has developed MacOS continuously for over twenty years without taking a commission on digital purchases. But who am I to question that?

I do believe the App Store costs money to run and, also, that Apple would like to make it profitable. In addition to a payment infrastructure, Apple pays for hosting, marketing, DRM — whether developers want it or not — and developer events in-person and online. I do not know if this costs anywhere close to its App Store revenue and I question the merits of it, but this argument seems like a nominally defensible, though not P.R.-friendly, justification for a commission if these are the terms by which the App Store will operate. (Judge Rogers came to more-or-less the same conclusion.)

The snag is that Apple needs to make the App Store uncompetitive by design because no third-party app distribution platform would have extra costs. I think I would prefer if the App Store needed to compete on its own merits, but it could mean other knock-on effects. Maybe Apple would charge separately for all of the other developer programme features, for example, or increase the price of a developer membership.

In the interim, this is the messy system we have. Instead of one App Store around the world — with minor asterisks — there will now be different permissions depending on which geographically-restricted features a developer chooses to use. And Apple has created a bureaucracy to ensure it captures all the money it believes and has argued it is owed. Many developers would be right to question that, but should not be surprised when E.U. sideloading rules are similarly un-Mac-like.

Fusus Allows Police to Monitor Public and Private Camera Feeds Across Cities

Jon Schuppe and Bracey Harris, reporting for NBC News in December 2020 from Mississippi:

The move made Jackson, which has struggled to keep up with advances in high-tech crime-fighting, one of two dozen places in the country where police agencies inked deals this year with Fusus, a small Georgia company that aims to make it easier for American law enforcement agencies to build networks of public and private security cameras.


The company helps police departments build networks of public and private cameras. The service includes devices — black boxes the size of Wi-Fi routers — that convert video from just about any kind of camera into a format that can be fed, live or recorded, into a police surveillance hub. Fusus contracts with police departments, which typically sell, subsidize or give the devices to private users. Documents obtained through government records requests show Fusus listing packages from $480 to $1,000 a year per device.

Zac Larkham, OpenDemocracy, September 2023:

Fusus has been attempting to expand into the UK, opening an office in London’s Canary Wharf in March this year and hiring former officers from the Met to approach councils and police forces. It has approached Tower Hamlets and Hackney borough councils and the Met, City of London and Merseyside police forces to sell products that integrate CCTV and surveillance networks, according to Freedom of Information requests.

Kensington and Chelsea Council and Merton Council also confirmed they had also been in contact with Fusus when approached by openDemocracy, with Kensington and Chelsea running a 60-day trial starting earlier this month.

Bobby Hristova, CBC News, October:

Hamilton police was one of over a dozen Canadian police agencies in attendance at the Real Time Crime Center Operations and Tech Integration conference in Mississauga, Ont., in early October, CBC Hamilton has learned.

Some of those in attendance saw a demo of Fusus — a paid service that makes it easier for police to access privately owned security camera footage from residents and businesses.

I linked to a couple of pieces about Real-Time Operations Centres in July.

Joseph Cox, 404 Media, in November:

404 Media has obtained a cache of internal emails, presentations, memos, photos, and more which provide insight into how Fusus teams up with police departments to sell its surveillance technology. All around the country, city councils are debating whether they want to have a system that qualitatively changes what surveillance cameras mean for a town’s residents and public agencies. While many have adopted Fusus, others have pushed back, and refused to have the hardware and software installed in their neighborhoods.

Joseph Cox, 404 Media:

More than a hundred local police departments, sheriff’s offices, and cities have set up an AI-powered camera system, with nearly 200,000 connected cameras belonging to residents and businesses around the country able to provide “direct access” to law enforcement, according to a 404 Media analysis of a set of scraped data.

404 Media has assembled a spreadsheet of Fusus data it obtained. The scale is surprising to me, considering it requires private camera owners to purchase hardware costing at least $350, plus $150 per year, in order to allow Fusus access to their cameras’ feeds. According to this sheet, however, over 187,000 camera feeds are “integrated”.

Initiatives like these are fascinating because they represent a break from falling societal trust in institutions in the U.S., Canada, and the U.K. (PDF); something like this requires significant public buy-in. While people generally are more confident in local institutions — like city governments and police — I would be shocked if many people agreed to provide live camera access directly to their local police service if asked. It should be noted the data published by 404 Media is inherently self-selecting, which means people are wilfully opting in to mass surveillance and paying to participate. This should not be confused with an authoritarian police state in which participation in a system like this would be mandatory. Here, it is not. The obligations of a police state are certainly objectionable, of course, but so is mass surveillance on its own grounds — even when it is purely voluntary.

Given inflated media reports of crime, I have little wonder why this sector has been so successful.

WhatsApp’s User Base Appears to Be Growing in the U.S.

Alex Kantrowitz, in a Big Technology article with the headline “WhatsApp is Finally Starting to Dominate in the United States. Here’s Why.”:

Suddenly, everyone in the U.S. seems to be using WhatsApp. The app — once seen as an international phenomenon — grew daily users in the U.S. by 9% in 2023, according to Apptopia, and is gaining steam among the iPhone crowd.

Nine percent growth is nothing to sniff at, but framing it as “starting to dominate” and stating that it is being used by seemingly “everyone in the U.S.” is an over-egged pudding if ever I saw one.

Kantrowitz has some theories about why it is growing; here is one I found plausible:

A record number of Americans took vacations in 2023, with many traveling abroad. Hot spots like Mexico City, Santorini, and the Amalfi Coast were overrun with American tourists, a product of stimulus cash crossed with a desire for revenge travel. Outside the States, these travelers learned that WhatsApp is a vital communication tool for people and businesses. And after the international introduction, they kept using it, keeping in touch with contacts abroad and seeking to connect with U.S. businesses in a similar way.

It would not surprise me if this was a significant catalyst for WhatsApp’s growth — whether it is maintained is a different story. WhatsApp truly is the communications fabric for much of the world. I use it for chatting with family throughout Europe and, just this weekend, I made dinner reservations for later this year.

Kantrowitz’s other theories include WhatsApp marketing campaigns and growing business users, both of which make sense to me, and increased interest in cross-platform compatibility, which is less convincing. Kantrowitz writes “most of WhatsApp’s users in the U.S. are iPhone owners”, according to the company, and — if you believe Statcounter or Counterpoint — better discussions with Android users would fit. The iPhone, according to those sources, has a plurality of the U.S. smartphone market, so if there were an even distribution of WhatsApp users, more of them would be iPhone owners. However, if you believe CIRP, the iPhone’s market share in the U.S. has been declining and now sits at 39%.

Artifact Is Shutting Down

Kevin Systrom announced the decision to shut down Artifact on Medium:

While we’ve made this decision, we wanted to make sure that we allowed the community time to adjust. So, today we’ve decided to slim down the app’s complexity and operations by removing the ability to add new comments and posts. This type of content requires a fair amount of moderation and oversight and we will not have the staff going forward to support these features. Your existing posts, however, will remain visible to you on your own profile self-view. In the meantime, Artifact will continue to operate the core news reading capability through the end of February.

Systrom and Mike Krieger launched Artifact last January, but I did not get into using it until — and this is true — earlier this week. It is unfortunate this did not pan out as successfully as Systrom and Krieger’s last idea.

How Threads Will Integrate With the Fediverse

Tom Coates attended an event of some kind thrown by Meta in December in which the company laid out its fediverse plans for Threads:

Threads itself has only been around for a few months now and it still towers over the rest of the Mastodon community in terms of users. It’s based on the Instagram user base, and Instagram users can opt in to use Threads with a single tap. Because of that — as of a recent earnings report — Meta can currently claim around 160 million total users and about 100 million MAUs. So, again, Threads ‘integrating’ with the fediverse is maybe not the way to think about it, and Threads attempting to engage with it without entirely crushing it is closer to the mark.

Given that paragraph, you might be surprised by the overall optimistic tone of this piece. I found myself nodding along with Coates’ description of the challenges of trying to fit the Meta model into the fediverse, and vice versa. It is not impossible, it is going to require a lot of work, and it sounds like Meta wants to make a good faith effort. I do not much like Threads as an application, but I know many people are now active there and I would like to see their posts on my own terms.

Then again, I am reminded of the time Facebook launched a fakey email service which used email addresses for its own internal messaging capabilities. Fun fact — it was called “Project Titan”, which seems to be a name reserved for only the best projects.

Platformer Is the Latest Newsletter to Leave Substack

Casey Newton, Platformer:

In emails, comments, Substack Notes and callouts on social media, you’ve made your view clear: Platformer should leave Substack. We waited a day to announce our move as we finalized plans with Ghost and began our migration. But today we can say clearly that we agree with you.


We didn’t ask Substack to solve racism. We asked it to give us an easy, low-drama place to do business, and to commit to not funding and accelerating the growth of hate movements. Ultimately we did not get either.

Platformer is not the biggest publication on Substack — that remains Heather Cox Richardson’s newsletter — but it is the one Substack uses in its marketing images. It is also one of several newsletters which has either left the platform or is in the process of migrating in this wave of protest. In 2022, Grace Lavery moved; in 2021, Jude Doyle did.

Newton used this opportunity to correct the record on some phrasing from Monday’s issue he came to regret. He also clarifies what makes Substack different, including its recommendation and social components, and dedicates a section of this newsletter to common questions and answers about why this is important. Those growth features are how I was able to assemble my own list of a dozen large — that is, thousands of readers — pro-Nazi publications hosted on Substack earlier today without looking very hard. Newton may have submitted a list of six of the very worst — of which Substack banned five — but there are plenty more out there, and they are not hiding.

Sleeve, a Now Playing and Scrobbler for MacOS

Unnecessary backstory: in this year’s instalment of “Classics Week”, Anthony Fantano highlighted the excellent Gorillaz album “Demon Days”. It has been a while since I last played it, so I gave it a spin and it was an instant nostalgia tunnel to 2005. I joked about needing a glassy album cover on my desktop and Christopher Downer pointed me to Sleeve.

Sleeve is a simple but useful widget for your desktop, similar to Bowtie. It shows your currently-playing song and it is a scrobbler. As it happens, Sleeve was updated a few months ago. Just six U.S. dollars for a lovely piece of indie software that does a handful of things very well. My only complaint is a lack of wet floor effect.

The Internet Archive Now Hosts DatPiff’s Collection of Rap Mixtapes

In April, the Internet Archive’s Jason Scott said DatPiff would be uploading every mixtape it had because the site was going in a “different direction”. The resulting library of hundreds of thousands of records is an overflowing treasure chest.

Andre Gee, Rolling Stone:

No one at DatPiff divulged much about what happened with last year’s server crash or their new plans for their platform. They developed an app in 2019, but it’s no longer on the App Store or Google Play store. It’s unclear what Datpiff 2.0 will look like in a digital ecosystem where streaming providers and platforms like SoundCloud have become the primary venues for artists to upload their music. But what’s surer, for now, is that their upload to The Internet Archive will protect a generation of music.

We are so lucky the Internet Archive exists.

Substack Is Not Infrastructure

Matt Birchler:

Substack is not open source, they are proprietary software. Substack is not infrastructure, they are a brand that is directly tied to the people using them to publish. Go to any Substack blog and you’ll see the Substack logo and terms and conditions. Subscribe to a writer’s newsletter, and boom, you’ve got a Substack account that you’ll now use to subscribe to anything else (and they’ll make sure to suggest things to make sure you do). No one is talking about Digital Ocean starting up a subscription service where you pay them a flat fee and get full access to all websites using them as a provider. I’m not saying this is bad, I’m just saying this is how social platforms work, not how infrastructure services work.

Ryan Broderick has decided to move Garbage Day:

None of this had to happen. Ghost, a Substack competitor, has almost no real moderation to speak of, but no one seems to care. You know why? Because it’s not trying to jam all of its users into one feed to compete with Twitter or whatever. Substack, meanwhile, has insisted on adding more social features over the last three years, instead of making their email product better. Which is still missing tons of pretty basic features. And so they, predictably, ended up creating a poorly moderated network that was attractive to extremists. […]

There was a time when Substack seemed more utilitarian than the way it now presents itself. It has social network components; it has recommendation engines; its homepage is primarily aimed at readers and promotes the wide range of newsletters published on the platform. It has a “Staff Picks” category.

Substack knows who its writers are, it knows they publish some worrisome stuff, and it works both sides — to the extent there are opposing sides on the issue of whether Nazis should be permitted to broadcast their views using this popular broadcasting platform. To Casey Newton, of Platformer, Substack said it would be removing some Nazi-supporting newsletters. To the perpetually JAQ-ing Jesse Singal, someone leaked the full email from Substack’s founders to Newton as fodder for a broader misleading free speech argument, and a question of whether five Nazi newsletters is such a big deal.

Nazis surely use other platforms; sometimes, they may broadcast their deeply hateful views. But most platforms that are comfortable associating their brand with what is published and promoted within will respond to hate speech by removing those posts or those users. The problem is, of course, the Nazi, but it is a problem to hang out a shingle as a business open to treating all ideas as equally open for debate. Infrastructure companies, on the other hand, tend to avoid associating themselves with those who use their services in such a direct manner.1 Substack tries to have it both ways. As a result, it is affecting its own reputation and that of the writers who use the platform.

  1. Worth noting many web hosts also deny services for all kinds of reasons and, if notified of misbehaviour, will terminate accounts. This famously happened to Nazi forum Stormfront↥︎

Finally, a Grocery Cart That Can Prevent an Ad-Free Moment of Existence

Alex Bitter, Business Insider:

Instacart will test ads on its Caper smart shopping carts at Bristol Farms grocery stores in Southern California, it said on Monday. These carts, designed by an AI startup Instacart acquired in 2021, have been tested in Kroger, Schnucks, Geissler’s, and Wakefern. The new ads will appear on a screen just above the handle on the carts, and the ads will even be personalized based on an individual shopper’s choices.

It is not as though most supermarkets are a pleasant ad-free existence today. In addition to the visual noise of shelves of product packaging, many chains yell ads at you over the in-store announcement system, and permit shelf-level marketing signage.

Albert Burneko, Defector:

This is one of those new technologies that’s useful primarily as a viewfinder on a dismal present and a future determined to be even more miserable. Nobody anywhere will like the smart carts. Nobody, anywhere, will find them not-obnoxious. Everybody who does more than a couple of moments of thinking about it will be horrified by the idea of humanity digging gigantic devastating holes in the ailing planet and mining out its contents for the purpose of putting tablet computers onto grocery carts so that they can perform a service repulsive to literally everyone. Nobody — nobody nobody nobody! — wants to live in a society characterized by inescapable omnipresent advertising for consumer products; no one yet born has yearned to have video advertisements take up ever more of their field of vision.

These “A.I.-powered smart shopping carts” — as they are nauseatingly described on Caper’s website — are pitched as a way to both generate revenue through advertising and reduce employment costs. It is the product of a bleak imagination. To be fair, it is unlikely I will be seeing these in my local grocery stores; the places I shop are nowhere near as fancy as Bristol Farms. But, still, nobody wants this.

Airline Safety Requires Constant Dedication

Zeynep Tufekci, New York Times (via Jason Kottke):

Both incidents could have been much worse. And that everyone on both airliners walked away is, indeed, a miracle — but not the kind most people think about. They’re miracles of regulation, training, expertise, effort, constant improvement of infrastructure, as well as professionalism and heroism of the crew.


As the facts come in, there will be more questions as to what went wrong — United Airlines and Alaska Airlines have both found loose bolts on the grounded Boeing airliners. That coast guard plane in Japan was in the wrong place. But progress comes by acknowledging these failures and working to make them even less likely in the future.

One of my all-time favourite series is “Mayday” which, through dramatizations of disaster investigations, shows how necessary it is to learn about every factor contributing to a tragedy. These investigations are rarely shown as blaming anyone, but the relevant authorities still seem to hold parties accountable for their mistakes and, just as important, attempt to prevent similar errors.

Update: Felix Salmon also wrote about this at Axios.

Using the Wayback Machine and Google Analytics to Find Hidden Web Connections

Justin Clark, Bellingcat:

[…] Bellingcat has developed a lightweight open source research tool — Wayback Google Analytics — which automates the collection of tracking codes and discovery of relationships between websites using copies of sites maintained by The Internet Archive’s Wayback Machine. This will help researchers sidestep recent changes to how Google manages its analytics data.

This is one of those things that is worth bookmarking now because you might find yourself needing it months-to-years down the road. Via Andy Baio, naturally.

Lina Khan’s FTC Gets Results Against Data Broker X-Mode

In 2020, Joseph Cox of Vice published an investigation into HYAS, explaining how it received precise location data from X-Mode; I linked to this story at the time. The latter company, now Outlogic, obtained that data from, according to Cox’s reporting, an SDK embedded “in over 400 apps [which] gathers information on 60 million global monthly users on average”. It sold access to that data to marketers, law enforcement, and intelligence firms. Months later, Apple and Google said apps in their stores would be prohibited from embedding X-Mode’s SDK.

Even in the famously permissive privacy environment of the United States, it turns out some aspects of the company’s behaviour could be illegal and, in 2022, the FTC filed a complaint (PDF) alleging seven counts of “unfair and deceptive” trade. Today, the Commission has announced a settlement.

Lesley Fair of the FTC:

[…] Among other things, the proposed order puts substantial limits on sharing certain sensitive location data and requires the company to develop a comprehensive sensitive location data program to prevent the use and sale of consumers’ sensitive location data. X-Mode/Outlogic also must take steps to prevent clients from associating consumers with locations that provide services to LGBTQ+ individuals or with locations of public gatherings like marches or protests. In addition, the company must take effective steps to see to it that clients don’t use their location data to determine the identity or location of a specific individual’s home. And even for location data that may not reveal visits to sensitive locations, X-Mode/Outlogic must ensure consumers provide informed consent before it uses that data. Finally, X-Mode/Outlogic must delete or render non-sensitive the historical data it collected from its own apps or SDK and must tell its customers about the FTC’s requirement that such data should be deleted or rendered non-sensitive.

This all sounds good — it really does — but a closer reading of the reasoning behind the consent order (PDF) leaves a lot to be desired. Here are the seven counts from the original complaint (linked above) as described by the section title for each:

  • “X-Mode’s location data could be used to identify people and track them to sensitive locations”

  • “X-Mode failed to honour consumers’ privacy choices”

  • “X-Mode failed to notify users of its own apps of the purposes for which their location data would be used”

  • “X-Mode has provided app publishers with deceptive consumer disclosures”

  • “X-Mode fails to verify that third-party apps notified consumers of the purposes for which their location data would be used”

  • “X-Mode has targeted consumers based on sensitive characteristics”

  • “X-Mode’s business practices cause or are likely to cause substantial injury to consumers”

These are not entirely objections to X-Mode’s sale of location data in a gross violation of their privacy. These are mostly procedural violations, which you can see more clearly in the analysis of the proposed order (PDF). The first and fifth counts are both violations of the rights of protected classes; the second is an allegation of data collection after users had opted out. But the other four are all related to providing insufficient notice or consent, which is the kind of weak justification illustrating the boundaries of U.S. privacy law. Meaningful privacy regulation would not allow the exploitation of real-time location data even if a user had nominally agreed to it. Khan’s FTC is clearly working with the legal frameworks that are available, not the ones that are needed.

Sen. Ron Wyden’s office, which ran an investigation into X-Mode’s practices, is optimistic with reservations. Wyden correctly observes that this should not be decided on a case-by-case basis; everyone deserves a minimum standard of privacy. Though this post and case is U.S.-focused, that expectation is true worldwide, and we ought to pass much stricter privacy laws here in Canada.

Substack Clears the Absolute Lowest Bar

Casey Newton, Platformer:

Substack is removing some publications that express support for Nazis, the company said today. The company said this did not represent a reversal of its previous stance, but rather the result of reconsidering how it interprets its existing policies.

As part of the move, the company is also terminating the accounts of several publications that endorse Nazi ideology and that Platformer flagged to the company for review last week.

The headline and dek of this article paint a picture in my mind that Substack will remove all Nazi publications when they are reported because it is an inherently violent ideology, but Newton clarified via email that it is something which will be decided on a case-by-base basis.

Molly White [sic]:

i spoke personally with hamish mckenzie last week, and came out of the conversation with very little faith in the company’s approach to moderation. i’m glad they caved on this point (or promised to cave?), but i am not optimistic something similar won’t happen yet again

The problem I have long had with Substack’s moderation policies is not necessarily about how many publications it hosts which are discriminatory, hateful, or full conspiracy-brained idiocy — though I do object to how many of those users make money from Substack — it is its downright welcoming attitude toward all those things. McKenzie dusted off the doormat for the “people [who] do hold those [Nazi] and other extreme views” despite disliking them. It is one thing to have a permissive attitude toward speech. It is quite another to treat people writing Nazi-supporting newsletters as just some users among many, so long as they are not advocating for violence or death threats.

Update: Five. Substack will remove five newsletters that “violate our existing content guidelines, which prohibit incitements to violence based on protected classes”. I appreciate Platformer digging into this and pressuring Substack, but they are truly clearing the lowest possible bar.

Heartbreaking: David Heinemeier Hansson Makes a Great Point

David Heinemeier Hansson:

But unfortunately there is no rule of law with the app stores, except that of the jungle, and Apple is the 800 lbs gorilla, ruling as it sees fit. So now HEY is back on trial in their kangaroo court. This time with our new calendar feature, HEY Calendar, which we dared make a separate app in service of users.

After spending 19 days to review our submission, causing us to miss a long-planned January 2nd launch date, Apple rejected our stand-alone free companion app “because it doesn’t do anything”. That is because users are required to login with an existing account to use the functionality.

This feels familiar because the exact same thing happened just before WWDC 2020 with the Hey email client: Apple rejected it because it showed only a login screen and did not permit users to register within the app. This is common among many types of applications available in the App Store but, apparently, this was not allowed for the specific category into which Hey fit.

After some bad press, Apple added a new rule for the App Store to permit free client applications of paid web services, “(eg. VOIP, Cloud Storage, Email Services, Web Hosting)”.

Michael Tsai:

The plain reading of this is that the items in parentheses are examples, not an exhaustive list.

That is the only logical explanation. After all, what rule would permit a free frontend for a paid email service, but not for a calendar? Alas, the Hey Calendar client was rejected by Apple for — the company says — the same reason as the email client, even though there is now a specific exemption in the App Store guidelines for email clients like the one for Hey.

Anyway, Hansson says a new build of Hey Calendar has been submitted purely to address the issue of it not doing anything unless someone logs in, and the thing the app will do is show anniversaries of notable days in Apple’s history.

Stephen Hackett, creator of the Apple History Calendar:

For each of my three Kickstarters, I’ve included digital versions of the highlighted dates for people to import into their calendar apps.

Coincidences happen, right? It is not like Hackett owns these dates and, according to Hackett, it appears Hey’s data is entirely unique and not a duplicate of the Apple History Calendar. But this is Hansson who reverted to type to make it clear that, yes, this was a spiritual ripoff:

This is essentially a digital version of the 2024 Apple History Calendar that raised over $40,000 on Kickstarter. Apple has a rich history that lots of people want to relive, and we’re giving them that inside the beautiful HEY Calendar app. For free!

What a dick.

The primary story remains Apple’s unpredictable policing of the App Store, capriciously rejecting apps from even well-known developers. But the secondary narrative here is of bullies: Apple, yes, but also Hansson. It should have been easy for both Apple and Hansson to make this situation look good in the face of yet another dumb App Review move, but neither chose that route.

Antitrust Case Against Apple Expected in U.S. This Year

David McCabe and Tripp Mickle, New York Times:

The Justice Department is in the late stages of an investigation into Apple and could file a sweeping antitrust case taking aim at the company’s strategies to protect the dominance of the iPhone as soon as the first half of this year, said three people with knowledge of the matter.

The agency is focused on how Apple has used its control over its hardware and software to make it more difficult for consumers to ditch the company’s devices, as well as for rivals to compete, said the people, who spoke anonymously because the investigation was active.

I would not trust commentary before details are made public — though I imagine those specifics are foreshadowed beginning on page 330 of the Investigation of Competition in Digital Markets report (PDF) of 2020 — but there is one thing in this Times story I feel compelled to highlight:

Apple’s new privacy tool, App Tracking Transparency, which allows iPhone users to explicitly choose whether an app can track them, drew scrutiny because of its curtailing of user data collection by advertisers. Advertising companies have said that the tool is anticompetitive.

This is why a baseline level of privacy expectations ought to be regulated in law, not by individual companies. You could quibble with the wisdom of potentially investigating Apple’s offering of privacy protections — perhaps you believe it should be able to compete on those grounds — but, as a major platform operator, it undeniably has leverage which could be construed as illegally anticompetitive.

Facebook’s Link History Feature

Thomas Germain, Gizmodo:

Facebook recently rolled out a new “Link History” setting that creates a special repository of all the links you click on in the Facebook mobile app. Users can opt-out, but Link History is turned on by default, and the data is used for targeted ads. As lawmakers introduce tech regulations and Apple and Google beef up privacy restrictions, Meta is doubling down and searching for new ways to preserve its data harvesting empire.

This is a confusing feature and an even more confusing story. It sounds like this is a new vector for data harvesting but, as Germain writes a few paragraphs later, Facebook has long tracked what users do across the web — when they click on a link from Facebook, and also when they visit a webpage anywhere containing Facebook’s tracking tools. Meta tracks your activity across the web because users nominally agreed to it when they signed up and did not read the legal contract they signed, and because the administrators of many websites big and small want to advertise on Meta’s platforms and have been deputized by Meta to help build audience profiles. This is no longer newsworthy. It sucks.

Also, Link History is not brand new, as far as I can tell. The Internet Archive saved a copy of the documentation for this feature in September. (Due to some sort of quirk with how Facebook serves these pages and how Archive saves them, it will appear blank. However, if you view the HTML source, you will see it is the same page with the same text.)

Finally, it is not clear to me that turning this feature off will have the privacy bonafides it may seem. The documentation says, after toggling it off, Facebook “won’t save your link history or use it to improve your ads across Meta technologies”, but that does not necessarily mean the pages you visit will not inform which ads you see if you have not also changed your off-Meta activity settings. The kindest interpretation of such granular and distinct settings is to allow people to make more specific changes. The realistic explanation is that it is very confusing, and most people will just stick with the defaults anyway.

The Messenger Is Sinking

Max Tani, Semafor:

The board of the startup news organization The Messenger weighed shutting the publication down at a meeting on Friday, after learning that the company is on track to run out of cash at the end of January.

The New York Times earlier reported Wednesday that The Messenger, launched last May as a politically centrist, wide-ranging bid for big web traffic and advertising dollars, is laying off nearly two dozen staffers out of a total of around 300.

Looks like I can delete the reminder I set myself for November to check if this thing is still up. I feel bad for the reporters and employees who thought they would be joining a well-funded publication, only to find a boss whose big idea was for it to become one of the the most popular news websites in the U.S. within a year by using ancient growth tactics and who would pay for everything with crappy display ads and chum boxes.

Update: As of January 3, a Messenger spokesperson told Tani “the notion of us discussing closure is beyond absurd” since they had, they said, just raised more money. As of January 31, the Messenger has been shut down.

How to Be Optimistic About Technology Now

When I was much younger, I assumed people who were optimistic must have misplaced confidence. How anyone could see a future so bright was a complete mystery, I reasoned, when what we are exposed to is a series of mistakes and then attempts at correction from public officials, corporate executives, and others. This is not conducive to building hope — until I spotted the optimistic part: in the efforts to correct the problem and, ideally, in preventing the same things from happening again.

If you measure your level of optimism by how much course-correction has been working, then 2023 was a pretty hopeful year. In the span of about a decade, a handful of U.S. technology firms have solidified their place among the biggest and most powerful corporations in the world, so nobody should be surprised by a parallel increase in pushback for their breaches of public trust. New regulations and court decisions are part of a democratic process which is giving more structure to the ways in which high technology industries are able to affect our lives. Consider:

That is a lot of change in one year and not all of it has been good. The Canadian government went all-in on the Online News Act which became a compromised disaster; there are plenty of questions about the specific ways the DMA and DSA will be enforced; Montana legislators tried to ban TikTok.

It is also true and should go without saying that technology companies have done plenty of interesting and exciting things in the past year; they are not cartoon villains in permanent opposition to the hero regulators. But regulators are also not evil. New policies and legal decisions which limit the technology industry — like those above — are not always written by doddering out-of-touch bureaucrats and, just as importantly, businesses are not often trying to be malevolent. For example, Apple has arguably good reasons for software validation of repairs; it may not be intended to prevent users from easily swapping parts, but that is the effect its decision has in the real world. What matters most to users is not why a decision was made but how it is experienced. Regulators should anticipate problems before they arise and correct course when new ones show up.

This back-and-forth is something I think will ultimately prove beneficial, though it will not happen in a straight line. It has encouraged a more proactive dialogue for limiting known negative consequences in nascent technologies, like avoiding gender and racial discrimination in generative models, and building new social environments with less concentrated power. Many in tech industry love to be the disruptor; now, the biggest among them are being disrupted, and it is making things weird and exciting.

These changes do not necessarily need to be made from the effects of regulatory bodies. Businesses are able to make things more equitable for themselves, should they so choose. They can be more restrictive about what is permitted on their platforms. They can empower trust and safety teams to assess how their products and services are being used in the real world and adjust them to make things better.

Mike Masnick, Techdirt:

Let’s celebrate actual tech optimism in the belief that through innovation we can actually seek to minimize the downsides and risks, rather than ignore them. That we can create wonderful new things in a manner that doesn’t lead many in the world to fear their impact, but to celebrate the benefits they bring. The enemies of techno optimism are not things like “trust and safety,” but rather the naive view that if we ignore trust and safety, the world will magically work out just fine.

There are those who believe “the arc of the universe […] bends toward justice” is a law which will inevitably be correct regardless of our actions, but it is more realistic to view that as a call to action: people need to bend that arc in the right direction. There are many who believe corporations can generally regulate themselves on these kinds of issues, and I do too — to an extent. But I also believe the conditions by which corporations are able to operate are an ongoing negotiation with the public. In a democracy, we should feel like regulators are operating on our behalf, and much of the policy and legal progress made last year certainly does. This year can be more of the same if we want it to be. We do not need to wait for Meta or TikTok to get better at privacy on their own terms, for example. We can just pass laws.

As I wrote at the outset, the way I choose to be optimistic is to look at all of the things which are being done to correct the imbalanced and repair injustices. Some of those corrections are being made by businesses big and small; many of them have advertising and marketing budgets celebrating their successes to the point where it is almost unavoidable. But I also look at the improvements made by those working on behalf of the public, like the list above. The main problem I have with most of them is how they have been developed on a case-by-case basis which, while setting precedent, is a fragile process open to frequent changes.

That is true, too, for self-initiated changes. Take Apple’s self-repair offerings, which it seems to have introduced in response to years of legislative pressure. It has made parts, tools, and guides available in the United States and in a more limited capacity across the E.U., but not elsewhere. Information and kits are available not from Apple’s own website, but a janky looking third-party. It can stop making this stuff available at any time in areas where it is not legally obligated to provide these resources, which is another reason why it sucks for parts to require software activation. In 2023, Apple made its configuration tools more accessible, but only in regions where its self-service repair program is provided.

People ought to be able to have expectations — for repairs, privacy, security, product reliability, and more. The technology industry today is so far removed from its hackers-in-a-garage lore. Its biggest players are among the most powerful businesses in the world, and should be regulated in that context. That does not necessarily mean a whole bunch of new rules and bureaucratic micromanagement, but we ought to advocate for structures which balance the scales in favour of the public good.

If there was one technology story we will remember from 2023, it was undeniably the near-vertical growth trajectory of generative “artificial intelligence” products. It is everywhere, and it is being used by normal people globally. Yet it is, for all intents and purposes, a nascent sector, and that makes this a great time to set some standards for its responsible development and, more importantly, its use. Nobody is going to respond to this perfectly — not regulators and not the companies building these tools. But they can work together to set expectations and standards for known and foreseeable problems. It seems like that is what is happening in the E.U. and the United States.

That is how I am optimistic about technology now.

A Search Engine for Canadian Independent Bookstores

When I link to books, I typically point readers to IndieBound — now Bookshop — because it lets people buy a copy from a local store instead of a rainforest-themed monolith. Though this works for U.S.-based readers, it has not given Canadians the same access.

Enter IndieBookstores, which does basically the same thing but in Canada. It is built on BookManager, which seems to be fine software for bookstores but not great for individual users just trying to find a title.

Google Settles ‘Incognito’ Lawsuit

Caroline O’Donovan, Washington Post:

Google settled a class-action lawsuit on Thursday brought by users who alleged the search giant captured and tracked their data while in “Incognito” mode, a Chrome browser setting that is supposed to protect users’ privacy.

Previously, a federal judge in California had scheduled a 2024 trial date in the case, which has been put on hold while the details of the settlement are finalized, according to a Thursday court filing.

Simon Sharwood, the Register:

The plaintiffs initially suggested damages of $5 billion, with around $5,000 paid to each of a million potential complainants. Sadly, document 1,089 [the term sheet] doesn’t mention the agreed settlement.

This lawsuit has always seemed pretty dumb to me if you know what “Incognito Mode” is supposed to mean, something which Google spells out when you enable it in Chrome. However, I do think it is telling how much this relies on the fine print of how Google itself defines “incognito” compared to the word’s actual meaning, in a way that sort of reminds me of Tesla’s “Autopilot” and “Full Self-Driving” features. I am not saying this misinterpretation should be worth five billion dollars; all I am saying is that “incognito” is a bad word to describe the actual functionality it offers.

The Best Global Tech Stories of 2023

I have previously linked to Bloomberg’s annual “jealousy list” of articles from other outlets they wish they had published; it is mostly an excuse to ask about the Supermicro fiasco.

This year, though, no snark and no Bloomberg. This year, Rest of World — a website you really ought to be reading, if I may be so bold — published its own list of great stuff from other publications. I like the international focus of the articles this list, even though most of them are from U.S. outlets.

In addition to the aforelinked Zeke Faux story, my favourites from this list are John Herrman’s look at Temu, Rebecca Tan and Regine Cabato’s investigation of A.I. training for the Washington Post, and Vox’s Izzie Ramirez explaining why everything you buy is a little worse now. Happy reading.

Pig Butchering in Myanmar

Alastair McCready and Allegra Mendelson, South China Morning Post (likely paywalled):

Cambodia’s scam sector gained infamy last year after reports seeped out of massive human trafficking, forced labour and systematic torture. The Philippines’ role as a major scam hub was also reaffirmed in late June when a raid on a Chinese-run scam complex in southern Manila freed more than 2,700 people, while Laos is host to large-scale scam operations at the notorious Golden Triangle Special Economic Zone.

But in Myanmar, these brutal criminal enterprises continue unchecked. They are abetted by the country’s ongoing domestic turmoil, brought about by the 2021 military coup, and operated by alliances of Chinese criminals and a local paramilitary group, beyond the reach of outside law enforcement, civil society and the media.

Teele Rebane, et al., CNN:

In three short years, according to UN and FBI investigators, transnational crime organizations have exploited developments in technology and the civil war in Myanmar to build a billion-dollar industry to scam people across the world out of their life savings.

This huge scam operation relies on army of modern-day slaves, assembled by what the UN has called one of the largest human trafficking events in Asia in recent history.

It’s known as a “pig butchering” scam — a type of confidence fraud in which victims are lured by scammers often impersonating young women on the internet. The scammers then spend weeks building a relationship with their victim, introducing them to cryptocurrency and encouraging them to invest on a fake platform.

In his book “Number Go Up”, Zeke Faux reported on the mass scam operations in Cambodia.

There are a bunch of stories about what these operations are like for scammers and the criminals they are coerced into working for. It is a consistently sad and brutal story, but it is one that is important to keep studying and repeating as a cautionary tale for the multiple layers of potential victims.

The CNN article is good, but it appears to draw heavily from other sources for which it gives no credit. Most obvious is the SCMP story; it also seems to me based on the details provided that CNN spoke to the same U.S. victim as first reported by Cezary Podkul and Cindy Liu of ProPublica last September. I recommend reading them all, as each has different details the others lack, though the ProPublica story is the most comprehensive.

Advanced Exploit Chain Affecting Older iOS Versions Detailed by Kaspersky

Dan Goodin, Ars Technica:

Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.

“The exploit’s sophistication and the feature’s obscurity suggest the attackers had advanced technical capabilities,” Kaspersky researcher Boris Larin wrote in an email. “Our analysis hasn’t revealed how they became aware of this feature, but we’re exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering.”

The post on Kaspersky’s site has more technical information about the chain of exploits used here.

As you might recall, Russian intelligence officials claimed Apple assisted the NSA to build this malware — something which Apple has denied and, it should be noted, no proof has been provided for Apple’s involvement or the NSA’s. It does not appear there is any new evidence which would implicate Apple. But it is notable that it relied on an Apple-specific TrueType specification, and bypasses previously undisclosed hardware memory protections. To be clear, neither of those things increases the likelihood of Apple’s alleged involvement in my mind. It does show how disused or seemingly irrelevant functions remain vulnerable and can be used by sophisticated and likely state-affiliated attackers.

Bluesky Gets a Real Brand

Jay Graber announced the new branding — a butterfly — on Bluesky’s blog:

Like a butterfly emerging from its chrysalis, we are starting to open up. Posts on Bluesky have been public from the start through the open protocol, but today we’re making them publicly accessible through the app. We’re unfolding a little bit at a time, and are excited to bring you along on this journey of metamorphosis!

This justification might be a little try-hard, but I love the logo: a blue butterfly. It is so nice and so simple that I was surprised when I could not think of another tech company which had used that kind of visual before. And then I remembered MSN. Bluesky’s take is better, of course, and I appreciate how it retains a connection to Twitter. It feels to me like a newer and brighter version of Twitter than it does a knockoff.

This announcement gives me an excuse to share some thoughts on the state of the big three Twitter replacements, beginning with Bluesky. It is my favourite of the three. It feels light and nimble, like it was specifically designed for quick snippets of text — because that is what it is. I appreciate the ability to create and share recipes for algorithmic feeds, and I like how it permits you to tailor filtering to your preferences. Its first biggest struggle right now is that it remains available by invitation only, which has slowed its growth, but perhaps that will prove to be a wise decision in the long-term. The other problem for me is the lack of a real Mac app.

Mastodon is my second-favourite, though it is the one I use most because there are proper apps for it available on all the platforms I use. I also have more followers there which helps when I want answers to a question. The main reason I like it less than Bluesky is because it feels more complicated. Every action is spread across multiple networks, which means adding a post to my favourites means copying the post URL to the search box of my Mastodon instance, and then hitting the star icon. It is one of many hiccups of the existing federated architecture, but it does not seem to me like it is an inherent problem — just an issue with the current implementation.

In distant last place is Threads. It may be the most popular, but it is the one I find myself checking least, and the only one I would not miss if it disappeared tomorrow. In contrast to Bluesky’s lightness, Threads feels cumbersome, like every action necessitates the physical movement of gears in some distant building. Publishing, viewing a thread, or blocking someone takes several seconds each time. The algorithmic home timeline rarely serves me things I am interested in, and seems to favour engagement bait and brands and influencer nonsense and brands, and also brands. It is a shame because it will sometimes show me threads from photographers who post great work, so I tap the heart and hope to see more — but never do. I hide and block with glee. None of this seems to suggest to Threads what I would like to see more or less of.

ActivityPub and the Fediverse in 2024

Colin Devroe:

In 1991, Geoffrey A. Moore described the challenges of introducing new technology products as Crossing the Chasm. The chasm is this very real gap between the earliest adopters and the early majority adopters of any new technology. By crossing the chasm, the momentum gained usually enables the technology to find market fit.

Most protocols, standards, products and services experience this gap in adoption. Even the internet followed the lifecycle described by Moore. I think it can be said that ActivityPub, though fairly well implemented in a variety of services for several years now, is about to cross that chasm in 2024.

I would like to see this happen — I am more optimistic than I may come across — but I am skeptical because Threads — the best chance for widespread adoption of ActivityPub — will make fediverse integration an option, not mandatory. That is probably the right call. It just means users will be required to dig around in their account settings to change a preference for something they may not understand, which I do not expect many people to do.

The other reason I am not holding my breath is that “ActivityPub” and “fediverse” are clunky and confusing names. They sound technical. I have long argued that “RSS” has a similar impediment. But my expectation of the role of naming in a product’s viability has softened in the past year because of the stunning success of products called “Substack” and “ChatGPT”.

David Pierce, the Verge:

I’m convinced we’ll be better off with a hundred different apps for Snapchat or Instagram or X instead of just one, a dozen companies competing to build the best moderation tools, and an app store filled with different ways for me to follow and be followed by other people on the internet. It doesn’t make sense that we have a dozen usernames, a dozen profiles, a dozen sets of fans and friends. All that stuff should belong to me, and I should be able to access it and interact with it anywhere and everywhere.

This sounds right to me. Any platform operator should have standards and expectations for what they will permit, but control over what users see should be separated from those centralized positions. It should be a marketing advantage for client software which can surface the best posts from anywhere and filter out the worst. There is no reason that kind of algorithmic sorting needs to have a large Californian business at its core.

Mouse Poop in Cereal Boxes

Dave Karpf:

But the philosophical issues are secondary to the pragmatic ones. Pragmatically, it’s really quite simple. Content moderation is costly. It is a first-order revenue sink, not a revenue-generator. (I say “first-order” because if you skimp on content moderation, eventually you’re going to have a cascade of problems that cost you a lot of money <*cough* ElonyouidiotNilayPatelwarnedyou *cough*>.) But the KPIs for the content moderation team are never going to be “look how much new business we brought in for the company.” When content moderation is going well, you don’t hear much about it. That’s kind of the goal.

This is why every tech CEO loves the libertarian approach to speech issues. Tech libertarianism holds that someone else (or no one at all) should expend resources on setting and enforcing boundaries for how your product is used. The essence of the position is “I shouldn’t have to spend money on any of this. And I shouldn’t ever face negative consequences for not spending money on this.”

Karpf’s apt metaphor is the amount of mouse poop permitted in boxed cereal — which, if you are interested, is not a specific FDA category, but on a related note, is an average of below nine milligrams per kilogram of wheat, and less than one in a sample of fifty grams of cornmeal — was well considered even before Substack co-founder Hamish McKenzie published a defence of why platforming the views of literal Nazis is good and necessary. There is a vast gulf between acknowledging that some people who have Nazi views may be using the platform inadvertently and what McKenzie wrote, which is that Nazis ought to be welcomed on Substack to broadcast their views short of specific encouragement of violent acts. He may as well be advocating for the right of mice to defecate in cereal.

Substack is not the last bastion of free speech on the web, despite what it may claim. It is just one platform of many, and there is always the freedom to host your own. Substack is proud that writers can “own all your content” and “own your subscriber list”. It should mean a much lower tolerance for Nazis because it means those writers can be kicked off but they get to take their list elsewhere. They get to keep their audience; they lose nothing except time. Instead, Substack is pretending it is some bulwark against encroaching censorship, and the best way it can demonstrate that is by allowing Nazis to generate income and take a 10% commission from those subscribers.

Apple’s Next Generation CarPlay Shown in Real Car Mockups

In the nick of time to beat its self-imposed “late 2023” deadline, Apple has announced two automakers which will support the new version of CarPlay: Aston Martin and Porsche. This news is not relevant to my tax bracket, and it was delivered in a series of articles from — at least — Cool Hunting, British GQ, and Car and Driver. The Cool Hunting article, by Josh Rubin, is probably the best of the bunch — even though it reads like marketing copy directly from Apple — primarily because there are quotes from Alan Dye, an Aston Martin executive, and Porsche’s “Vice President of Style”. Nice.

I am still uncertain about the transformation of the entire dashboard into a control interface with moving touch targets. I can adjust the heated seats in my car while on the highway because I know exactly where the physical button is, and I can feel when my finger is on it and when it is pressed. None of that applies to a touch screen. There is not any great data on how safe these systems are compared to physical knobs and switches, but a 2020 study of just forty people found CarPlay and Android Auto distracted drivers to the point where their response times were worse than substance-impaired drivers.