Pixel Envy

Written by Nick Heer.

Doppler for Mac

A few years ago, Brushed Type released the excellent Doppler app for iPhone which, by focusing on local music libraries, has offered a delightful experience ever since. Well, now there’s a Mac version.

John Voorhees, MacStories:

Doppler’s appeal runs deeper, though. There are plenty of music players you can point at a folder of files. What sets Doppler apart is its attention to delivering a top-notch listening experience in a reliable, great-looking package. I’d love to see Doppler adapted to the iPad too, and hopefully, syncing with Apple Music’s library will be out soon, but if you’re a music fan looking for a great playback experience for the music you own, Doppler is a must-try app.

If you’re like me and you still have a local music collection — and I think that is a pretty good idea — you owe it to yourself to give Doppler a try, if only for its exquisite album art finder. I found the overall experience very refined, especially for a first version, and I am excited to see its progress as more features take shape. Seven day trial and then just $25 USD.

Gawker Is Back, Again, Kind Of

Leah Finnegan, Editor in Chief of the new Gawker:

Why did Bustle Digital Group want me to edit Gawker in the first place? Well, I was Gawker’s features editor from 2014 to 2015, before I was asked to leave because I live-tweeted a meeting during which Gawker founder Nick Denton hit his head on a lamp. From there I went on to be executive editor of The Outline, which was acquired by Bustle in 2019. Bustle immediately shut down The Outline when the pandemic started, for which I hold no ill will, because The Outline, while a very special site, made no money. I suppose my selling points as a potential editor-in-chief of Gawker were that I had previously worked at Gawker and Bustle and was unemployed. I was also willing to do it, which not many people can say. And I am a genius.

I am impressed that all of the old links appear to be working. There is a lot of history contained in URLs that begin with “gawker.com”. But this iteration of the website, as a product of Bustle Digital Group, uses the same deconstructed design language as Input and the Outline and Nylon and basically everything else BDG does. I think it spoils the bloggish appeal in the same way that the Onion became a bit less funny when it was migrated to the Kinja stack.

Elon Musk Sounded Uncertain About Full Self-Driving on Tesla’s Earnings Call

Jason Torchinsky, Jalopnik:

Here’s a transcript of the call, at the bit I want to talk about:

Elon Musk: (57:45)

Yeah. It’s like any given the price is going to be wrong. So we’ll just adjust it over time, as we see if the value proposition makes sense to people. I’m not thinking about this a lot right now. We need to make full self-driving work in order for it to be a compelling value proposition.

Tesla has been selling this service for years now, and Elon is saying that for it to be a “compelling value,” the company will “need to make full self-driving work.”

That sure sounds like he’s saying that anyone who has already paid for FSD both does not yet have a system that works, and their purchase was not a “compelling value.”

It sounds to me like Tesla has been treating the ten thousand dollar self-driving option as a sort of Kickstarter for maybe, eventually, making its existing fleet of vehicles fully autonomous. But what happens if Tesla is unable to deliver these future features with the hardware it has sold under the promise of “Full Self-Driving Capability”? How many Tesla owners optioned it now with the hope that it will be compelling value in the future, instead of waiting for that time — when it will likely be more expensive?

Tesla’s approach to autonomous vehicles is full of contradictions. The company calls the feature “Full Self-Driving”, but a car optioned with it does not currently drive itself, and it may never do so. The company keeps raising the cost of the option creating pressure on buyers to spec it now or risk a greater expense if and when Tesla can deliver the promised features, but Musk also says that the option is not yet “compelling”.

The Online Advertising Duopoly Reports Massive Earnings

Jennifer Elias, CNBC:

Alphabet reported Q2 2021 earnings after the bell. The stock rose more than 3% after hours on the strong numbers, which crushed analyst expectations.

[…]

Total Google ad revenue increased to $50.44 billion, up 69% from the year-ago quarter, which was hurt by the onset of the Covid pandemic.

Tripp Mickle, Wall Street Journal:

Google’s parent company flexed its digital dominance, reporting its highest quarter ever for sales and profit behind a gusher of online advertising from businesses vying for customers across reopened economies.

[…]

Other tech companies have benefited from a soaring digital ad market. Snap Inc. last week reported revenue more than doubled behind strong user growth, while Twitter Inc. reported sales surged 74% behind increased advertising.

Facebook:

Advertising revenue growth in the second quarter of 2021 was driven by a 47% year-over-year increase in the average price per ad and a 6% increase in the number of ads delivered. Similar to the second quarter, we expect that advertising revenue growth will be driven primarily by year-over-year advertising price increases during the rest of 2021.

Elizabeth Culliford and Nivedita Balu, Reuters:

Facebook Inc said on Wednesday it expects revenue growth to “decelerate significantly,” sending the social media giant’s shares down 3.5% in extended trading even as it reported strong ad sales.

[…]

Facebook said it expects Apple’s recent update to its iOS operating system to impact its ability to target ads and therefore ad revenue in the third quarter. The iPhone maker’s privacy changes make it harder for apps to track users and restrict advertisers from accessing valuable data for targeting ads.

Facebook said much the same thing in its earnings press release last quarter. Perhaps its advertising revenues will begin to be impacted by App Tracking Transparency after all, but it seems likely that the feature will benefit the online advertising duopoly. In this riskier climate, advertisers seem to be favouring the known quantities of Google and Facebook. I will repeat what I wrote in April:

As is often the case for stories about privacy changes — whether regulatory or at a platform level — much of the coverage about App Tracking Transparency has been centred around its potential effects on the giants of the industry: Amazon, Facebook, and Google. But this may actually have a greater impact on smaller ad tech companies and data brokers. That is fine; I have repeatedly highlighted the surreptitious danger of these companies that are not household names. But Facebook and Google can adapt and avoid major hits to their businesses because they are massive — and they may, as Zuckerberg said, do even better. They are certainly charging more for ads.

Privacy should not be something that users must buy, nor should its violation be a key selling point. Privacy is something that should be there, for all of us, regardless of the device we use, the websites we visit, or the ad tech networks we unknowingly interact with.

Calgary Parking Authority Exposed Drivers’ Personal Data and Tickets

Zack Whittaker, TechCrunch:

If you parked your car in one of the thousands of parking spots across Calgary, there’s a good chance you paid the Calgary Parking Authority for the privilege. But soon you might be hearing from the authority after a recent security lapse exposed the personal information of vehicle owners.

[…]

But a logging server used to monitor the authority’s parking system for bugs and errors was left on the internet without a password. The server contained computer-readable technical logs, but also real-world events like payments and parking tickets that contained a driver’s personal information.

Nice to see my city being recognized by the international technology press. As of writing, the Calgary Parking Authority has not notified account holders, and I could not find any relevant local news stories.

What Will Happen to Music Libraries When Streaming Services Die?

Joe Pinsker, the Atlantic:

The first time I remember shopping for music was at a Best Buy one day in 2001. I came home with two CDs: the Baha Men’s Who Let the Dogs Out and the pop compilation Now That’s What I Call Music! 5.

Each of those albums cost more than a month of streaming does today, which reflects all that happened to music listening in the intervening 20 years — Napster and LimeWire, iPods and iPhones, Spotify and TikTok. Every decade I’ve been alive, a new format has ascended. Tapes were displaced in the 1990s by CDs, which were displaced in the 2000s by mp3s, which were displaced in the 2010s by streaming. Now, instead of buying music, people rent it.

[…]

The music I’ve salvaged from earlier times is now part of my collection on Spotify, which I’ve been using since it launched in the United States, 10 years ago this month. But as I look back on the churn of the past couple of decades, I feel uneasy about the hundreds of playlists I’ve taken the time to compile on the company’s platform: 10 or 20 years from now, will I be able to access the music I care about today, and all the places, people, and times it evokes?

I still have the very first CD I remember buying, in a particularly luxe A&B Sound location in 2003 now occupied by a gym. I cannot remember when I last put that disc into a player. According to Music, the MP3s I ripped from that CD were most recently listened to in 2010, but I streamed that same record just a few weeks ago. That raises some interesting questions: Am I likely to ever play the MP3s I created all those years ago? Will they work next time I try? What am I most likely to do when I want to listen to that record and find that it has, for example, been pulled from streaming services? What new format will emerge in a decade’s time, and will it have that album on it?

In some sense, we have never stored music recordings in a permanent way. Vinyl records degrade with time and on playback. Manufacturers promised that CDs would last hundreds of years, but their actual lifespan is entirely variable. Hard drives degrade, and music streaming is an unproven business model with an oddly stagnant price point. Even so, transitioning so much of our listening to a deliberately temporary model seems short-sighted. We have replaced our hope of permanence with the more honest promise of ephemerality, which is perhaps more honest, but places all control and trust over our very personal attachment to art in the hands of big companies. I’m not sure about you, but that seems like a mistake.

There is some good news. Ed Christman, Billboard:

Here’s a simple way to put the explosion of vinyl record sales in perspective: Pressing plants around the globe have the capacity to manufacture 160 million albums a year, according to the estimate of one executive with decades of experience in physical formats. But, he explains, the current “extraordinary” demand for vinyl looks to be more than double that: somewhere between 320 million and 400 million units.

We still want physical versions of many records even though much of our casual listening has been moved to a rental model. They may not last forever, but they cannot be removed from our shelves if a record label and a streaming service have a legal dispute.

Safari Changes in the Fourth Beta of iOS and iPadOS 15

Great roundup of the most recent set of changes to Safari’s UI from — who else? — Michael Tsai.

There is some good news: the “⋯” Button of Mystery has been scrapped and replaced with the standard share button. There’s also a reload button in the address bar right beside the URL — but it is grey, while every other tappable control in Safari is blue.

However, a whole-cloth web browser redesign is perhaps one of the most ambitious and difficult UI changes to make, and it still shows. I appreciate that Apple has been trying to move user interface components toward the bottom of the display in several applications; phone screens are still growing, and notification bubbles can cover toolbars at the top. It makes sense to prioritize thumb-accessible areas for interactivity. But when Google prototyped a similar bottom-focused redesign, many users found it “disorienting”, according to Chris Lee. It is a similar story in iOS 15.

Of all the commentary Tsai cited, Michael Love’s stood out to me:

They’re already desperately trying to make this UI work *and it’s a brand new UI*; imagine if a year or two from now they want to add some new option to it.

I often get the impression that software vendors, in general, imagine that it is inherently good for them to ship frequent updates with noticeable changes, and that users must appreciate the knowledge that their software is being updated all the time. This is a hallmark of the “Agile” development model and the software-as-a-service world. But I would submit that most users just want to get stuff done in more-or-less the same way as they did before an update. Software should enable that as much as possible; it should not be a barrier, and whole-cloth redesigns like these are burdensome on users.

In this context, reconfiguring Safari so that the entire user interaction happens in the lower half of the screen is a win for usability, but a loss for muscle memory. I think this once-in-a-lifetime update could make sense in the long term. But when coupled with some of the space constraints created by this specific iteration and how cramped the controls are, it is hard to argue in favour of this interpretation of Safari.

Meanwhile, the latest version of iPadOS has gained a preference in Safari to toggle the new unified tab and address bar, similar to that introduced in the last MacOS Monterey beta seed, which ought to be a clue. I think adding options to, effectively, switch between new and old versions of an app is a tacit admission that a change is big enough to be troublesome for a large number of users.

None of the versions of Safari 15, including the one in Monterey, should be scrapped entirely. But many of the UI changes are either too ambitious or — in the case of colour-changing tabs — poorly considered. New versions of iOS and iPadOS will probably be rolling out to users in six to eight weeks, and I do not think this flagship app is close to being shippable.

Update: Federico Viticci:

I wish I was kidding at this point, but the Safari tab bar in iOS 15 beta 4 *can* get busier.

Here’s what happens if you do a Google search, have an extension active, and have just downloaded a file.

In the pursuit of simplicity, the first version of this Safari redesign hid almost everything so that the UI could be condensed into a single address bar. Just three revisions in, Safari now appears far more complicated than its predecessor.

Amazon’s Revolving Door of Brands

Juozas Kaziukėnas, Marketplace Pulse:

In the headphones category on Amazon, 1,800 different products from 666 brands were among the top 100 best-sellers in the last twenty-four months. That’s nearly three new products from almost one new brand every day replacing current items in the best-sellers list. Those brands are pseudo-brands like NUBBYO, LAFITEAR, NANMING, AIWONS, or HWCONA.

Only five brands – Apple, Samsung, Sony, Soundcore, and Tozo – had a product in the headphones best-sellers list for the entire twenty-four months. Just twenty have been in it for over 500 days (70% of the time). More than half of brands were on the list for only five days or less; hundreds of brands that gained some momentum, all to get lost among the sea of lookalikes a few days later.

I appreciate this longer-term view into the staying power — or lack thereof — of passthrough trademarks raised in a story I linked to last year by John Herrman, New York Times:

“For brand owners, enrolling provides you with powerful tools to help protect your trademarks, including proprietary text and image search and predictive automation,” the company declares. It gives owners control over product listings that contain their products, and the ability to protect themselves against unauthorized sellers using their names. Crucially, Amazon says on its site, “it gives you more access to advertising solutions, which can help you increase your brand presence on Amazon,” as well as to “utilize the Early Reviewer Program to gain initial reviews on new products” — a sanctioned method for improving a product’s search result.

If you’re feeding a brand-new listing into the Amazon machine, in other words, and doing so without a pre-existing brand or customers, getting into Brand Registry is extremely important. To achieve real and lasting success on Amazon, it’s vital.

As of 2017, it also requires a registered trademark.

Amazon’s policies have singlehandedly incentivized the creation of hundreds of these nonsense trademarks, and Kaziukėnas shows that they have no long-term staying power. These are entirely disposable brands for disposable goods: if you have a problem with your new pair of HWCONA headphones, where do you turn to get them fixed? What company is staking their reputation on the quality of these products? From a consumer’s perspective, there is nothing giving these products any greater expectations than some knock-off brand stocked in a dollar store.

I would love to see an investigation like the one Kaziukėnas did across dozens of different product categories to see if the results are similar.

The Nightmare of Our Snooping Devices

Shira Ovide, the New York Times:

Most Americans by now understand that our phones are tracking our movements, even if we don’t necessarily know all the gory details. And I know how easy it can be to feel angry resignation or just think, “so what?” I want to resist both of those reactions.

Hopelessness helps no one, although that’s often how I feel, too. Losing control of our data was not inevitable. It was a choice — or rather a failure over years by individuals, governments and corporations to think through the consequences of the digital age. We can now choose a different path.

Most articles about privacy tend to feel pretty bleak, but Ovide’s comes across refreshingly optimistic. I appreciate that.

These are choices we can demand of our governments at different levels. It is particularly warranted in the United States, given that it is the headquarters of many privacy-hostile companies and, therefore, the jurisdiction in which users’ data is regulated.

A Naïve, Nostalgic Look at Apple’s Business Model

Jean-Louis Gassée:

Once upon a time, Apple offered an easy-to-understand business model. The company made personal computers, small, medium, and large. Successfully positioned in the affordable luxury market sector, Apple devices sold well with healthy margins. Those margins helped finance strong R&D investments and took good care of employees, investors, and Uncle Sam.

[…]

In the company’s latest SEC filing for the quarter ended in March 2021, Apple’s Services reached $16.9B, exactly as much as the $16.9B number for the combined Mac and iPad revenue, although still far form the $48B iPhone revenue for that quarter.

This changes the business model’s “center of gravity”.

Apple’s business model is still admirably simple compared to many of its biggest competitors. Facebook and Google sell advertisements against scraped user data and profiling; Microsoft and Amazon are more diversified, but a large slice of their revenue comes from enterprise and government contracts. Apple, for the most part, sells physical products, bytes, and service contracts to end users.

But this new focus on recurring services revenue — predictable monthly payments from as many buyers as possible — has created plenty of opportunities for Apple to degrade its existing product offerings. As the iTunes Store gave way to the Apple Music streaming model, iTunes was replaced with the much worse Music app, which feels like an old <frame>-based website given the façade of a desktop application. Applications across MacOS and iOS now interrupt users with advertisements in a nagging reminder that your multi-thousand-dollar purchase of a hardware product is merely the beginning of your financial relationship with Apple.

I understand why this is happening, but a pivot to services is a hard turn for Apple to make, and I feel it is not executing it as gracefully as it could — and should — be.

As Gassée writes, the definition Apple uses for reporting revenue in its Services category is pretty broad. This is how Apple described the category in its most recent annual filing:

Services net sales include sales from the Company’s advertising, AppleCare, digital content and other services. Services net sales also include amortization of the deferred value of Maps, Siri, and free iCloud storage and Apple TV+ services, which are bundled in the sales price of certain products.

One thing not mentioned by either Gassée or Apple is that about one-fifth to one-quarter of Apple’s services revenue is from Google for making it the default search engine across Apple’s ecosystem. I mentally subtract $3 billion from this category in the quarterly earnings report to create a truer estimation of how Apple’s own-brand services are performing.

Allowing Tesla Owners to Beta Test Autonomous Functionality on Public Roads Is a Safety Hazard

Keith Barry, Consumer Reports:

FSD beta 9 is a prototype of what the automaker calls its “Full Self-Driving” feature, which, despite its name, does not yet make a Tesla fully self-driving. Although Tesla has been sending out software updates to its vehicles for years—adding new features with every release—the beta 9 upgrade has offered some of the most sweeping changes to how the vehicle operates. The software update now automates more driving tasks. For example, Tesla vehicles equipped with the software can now navigate intersections and city streets under the driver’s supervision.

“Videos of FSD beta 9 in action don’t show a system that makes driving safer or even less stressful,” says Jake Fisher, senior director of CR’s Auto Test Center. “Consumers are simply paying to be test engineers for developing technology without adequate safety protection.”

One owner’s car repeatedly drove over a double yellow line while creeping into an intersection. Another’s confused the moon with a yellow traffic light. Tesla excuses this by pointing to cautionary statements on the in-car display that state that it is “not a substitute for an attentive driver”, and says that it is only being rolled out to owners who signed up to participate in pre-release testing.

But the fact of the matter is that these features are being marketed as “Full Self-Driving” and “Autopilot”. Unlike other cars equipped with automatic lane keeping and radar-assisted cruise control, Tesla is not pitching these features as part of a safety enhancement package, but as autonomous vehicle technologies. There is no way the company does not know how owners are using these features and, consequently, subjecting other drivers, pedestrians, and cyclists to their beta testing experience at great risk to public safety.

It is also true that human drivers will make mistakes. Not every driver on the road is equally competent, and it is possible that Tesla’s system is better than some human drivers. But autonomous systems can lull the human operator into a false impression of safety, with sometimes deadly consequences.

Playdate Previews

Andrew Webster, the Verge:

And then there’s the Playdate from Panic. Whereas the aforementioned handhelds are almost uniformly technological upgrades, the Playdate offers something much weirder. It looks kind of like a Game Boy that comes from an alien world. There are familiar elements, like a D-pad and face buttons, but many of its games are controlled by a crank that slots into the side. And those games are only available in black and white, and they’ll eventually be released as part of weekly mystery drops.

It sounds strange and fascinating, and I had the chance to head into the PlayDate’s parallel universe over the last few days with a near-final version of the device. It definitely is weird — but that’s also what makes it exciting.

Sam Machkovech, Ars Technica:

Nothing I’ve played on the Playdate thus far screams “revolutionary” or “must-have.” Two low-powered CPUs, intentionally lo-fi hardware, and a single rotary crank can only combine to deliver so much. These four test titles likely lack the scope or depth that some gamers hope for in a brand-new system’s launch library.

Yet everything I’ve played on the Playdate has been accessible, amusing, and unique, and getting four games at once has distributed the fun factor around in a way that I really appreciate. Two of the games are built with replayability in mind—one as a score chaser, the other as a puzzle-minded platformer with speedrunning potential. The other two titles are more linear but focus less on challenge and more on atmosphere; these show what developers can do within a wimpy system’s limits to deliver their own comfortable, unique games on black-and-white hardware.

Preorders for the Playdate begin one week from today, July 29. I am so excited about the possibilities of this weird little thing.

The NSO ‘Surveillance List’, What It Is and Isn’t

Kim Zetter’s Zero Day newsletter has been a consistently good read. Today’s issue, about that mysterious list of tens of thousands of phone numbers forming the basis of much of the Pegasus Project reporting, is a great example:

There is nothing on the list to indicate what purpose it’s meant to serve or who compiled it, according to the Post and other media outlets participating in the Pegasus reporting project. There is also nothing on the list that indicates if the phones were spied on, were simply added to the list as potential targets for spying or if the list was compiled for a completely different reason unrelated to spying.

[…]

Those varying descriptions have created confusion and controversy around the reporting and the list, with readers wondering exactly what the list is for. The controversy doesn’t negate the central thesis and findings, however: that NSO Group has sold its spy tool to repressive regimes, and some of those regimes have used it to spy on dissidents and journalists.

The reporting associated with the Pegasus Project has been enlightening so far, but not without its faults. The confusion about this list of phone numbers is one of those problems — and it is a big one. It undermines some otherwise excellent stories because it is not yet known why someone’s phone number would end up on this list. Clearly it is not random, but nor is it a list of individuals whose phones were all infected with Pegasus spyware. This murkiness has allowed NSO Group’s CEO to refocus media attention away from the ethical dumpster fire started when his company knowingly licensing spyware to authoritarian regimes.

A Priest Was Outed by His Phone’s Location Data, Likely Through Ad Tech Middle Parties

This is one of those stories that gets into some difficult territory as far as my writing about it goes. These are not light topics.

JD Flynn and Ed Condon, the Pillar:

Monsignor Jeffrey Burrill, former general secretary of the U.S. bishops’ conference, announced his resignation Tuesday, after The Pillar found evidence the priest engaged in serial sexual misconduct, while he held a critical oversight role in the Catholic Church’s response to the recent spate of sexual abuse and misconduct scandals.

[…]

According to commercially available records of app signal data obtained by The Pillar, a mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 — at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities.

I do not wish to devalue any reader’s faith; if you are Catholic, please know that I am not criticizing you specially or your beliefs.

The Catholic Church has a history of opposing LGBTQ rights and treating queer people with a unique level of hatred — this report says that the use of Grindr and similar apps “present[s] challenges to the Church’s child protection efforts”, invoking the dehumanizing myth tying gay men to pedophilic behaviour, an association frequently made by the Catholic Church.1 I find it difficult to link to this story because of statements like these, and it offends me how this priest was outed.

But I also think it is important to give you, reader, the full context of what is disclosed, and what is not. For example, I understand that Catholic priests have an obligation to be celibate and, theoretically, the Pillar would investigate any clergy it believed was stepping out of line. But this specifically involves one priest and Grindr, and leaves a lot of questions unanswered. For a start, how did the Pillar know? Did it get tipped off about Burrill’s activities so it would know where to look, or did it receive data dumps related to the phones of significant American clergy? And what about other dating apps, like Tinder or Bumble? Surely, there must be priests in America using one of those apps to engage in opposite-sex relationships; why not an exposé on one of them? This report does not give any indication about how it began investigating. I find that odd, to say the least.

The reason I am linking to this is because of that data sharing angle. As reported by Shoshana Wodinsky at Gizmodo, Grindr has repeatedly insisted on the anonymity of its data collection and ad tech ties:

When asked about the Burrill case, a Grindr spokesperson told Gizmodo that it “[does] not believe Grindr is the source of the data behind the blog’s unethical, homophobic witch hunt.”

[…]

Obviously, only Grindr knows if Grindr is telling the truth. But these sorts of adtech middlemen the platform’s relying on have a years-long track record of lying through their teeth if it means it can squeeze platforms and publishers for a few more cents per user. Grindr, meanwhile, has a years-long track record of blithely accepting these lies, even when they mean multiple lawsuits from regulators and slews of irate users.

Wodinsky points to a piece at the Catholic News Agency — which both Pillar writers both used to work for — claiming that an anonymous party had “access to technology capable of identifying clergy […] found to be using [dating apps] to violate their clerical vows”. It will come as no surprise to you that I find it revolting that someone can expose this behaviour through advertising data. It is a wailing klaxon for regulation and reform.

But, also, is it ethical for a news organization to acquire data like this for the purpose of publicly outing someone or sharing their private activities? In a 2018 story, the New York Times showed how it was possible to identify people using similar data. But the newsworthiness of that story was not in individuals’ habits and activities, it was about how easy it is to misuse advertising and tracking data. And where is the line on this? Are journalists and publications going to begin mining the surveillance of ad tech companies in search of news stories? I would be equally disturbed if this were instead a report that exposed the infidelity of a “family values”-type lawmaker. I think the Pillar exposed a worrisome capability with this report, and also initiated a rapid ethical slide.

Thank you for making it through this post. As compensation, please enjoy some impressive finger athletics.


  1. The authors clarify that they are ostensibly concerned about the relative ease with which minors are able to use dating and hookup apps. That is a fair criticism. But this digression cannot be separated from this harmful belief, nor from the Church’s history of sexual abuse of minors. That abuse was not caustic because the clergy involved were engaged in same-sex relations, it was because they were powerful adults molesting children. ↩︎

A Case Against Security Nihilism

I get the feeling I am going to be linking to a lot of NSO Group-related pieces over the next little while. There are a couple of reasons for that — good reasons, I think. The main one is that I think it is important to understand the role of private security companies like NSO Group and their wares in the context of warfare. They function a little bit like mercenary teams — Academi, formerly Blackwater, and the like — except they are held to, improbably, an even lower standard of conduct.

The second reason is because I think it is necessary to think about how private exploit marketplaces can sometimes be beneficial, at great risk and with little oversight. There are few laws associated with this market. There are attempts at self-regulation, often associated with changing the economics of the market through bug bounties and the like.

Which brings me to this piece from Matthew Green, cryptographer at Johns Hopkins University and mobile device security researcher:

NSO can afford to maintain a 50,000 number target list because the exploits they use hit a particular “sweet spot” where the risk of losing an exploit chain — combined with the cost of developing new ones — is low enough that they can deploy them at scale. That’s why they’re willing to hand out exploitation to every idiot dictator — because right now they think they can keep the business going even if Amnesty International or CitizenLab occasionally catches them targeting some human rights lawyer.

But companies like Apple and Google can raise both the cost and risk of exploitation — not just everywhere, but at least on specific channels like iMessage. This could make NSO’s scaling model much harder to maintain. A world where only a handful of very rich governments can launch exploits (under very careful vetting and controlled circumstances) isn’t a great world, but it’s better than a world where any tin-pot authoritarian can cut a check to NSO and surveil their political opposition or some random journalist.

Sounds appealing, except many of the countries NSO Group is currently selling to are fantastically wealthy and have abysmal human rights records. I must be missing something here because I do not know that there is a way to increase the cost of deploying privately-developed spyware so that its use is restricted from regimes that many people would consider uniquely authoritarian, since they are often wealthy. Amnesty researchers found evidence of the use of NSO’s Pegasus on Azerbaijani phones, too: like Saudi Arabia, Azerbaijan is an oil-rich country with human rights problems. And then there is the matter of international trust: selling only to, for example, NATO member countries might sound like a fair compromise to someone living in the U.S. or the U.K. or Canada, but it clearly establishes this spyware as a tool of a specific political allegiance.

We must also consider that NSO Group has competitors on two fronts: the above-board, like Intellexa, and those on the grey market. NSO Group may not sell to, say, North Korea, but nobody is fooled into thinking that a particularly heinous regime could not invest in its own cybercrime and espionage capabilities — like, again, the North Korean ruling party has and does.

But — I appreciate the sentiment in Green’s post, and I think it is worthwhile to keep in mind as more bad security news related to this leak will inevitably follow in the coming days and weeks.

Clearview AI Raises $30 Million From Unidentified Investors

Kashmir Hill, the New York Times:

Clearview AI is currently the target of multiple class-action lawsuits and a joint investigation by Britain and Australia. That hasn’t kept investors away.

The New York-based start-up, which scraped billions of photos from the public internet to build a facial-recognition tool used by law enforcement, closed a Series B round of $30 million this month.

The investors, though undeterred by the lawsuits, did not want to be identified. Hoan Ton-That, the company’s chief executive, said they “include institutional investors and private family offices.”

It makes sense that these investors would want their association with the company kept secret, since identifying them as supporters of a creepy facial recognition company is more embarrassing that their inability to understand irony. Still, it shows how the free market is betting that this company will grow and prosper despite its disregard for existing laws, proposed legislation, and a general sense of humanity or ethics.

Dismantle this company and legislate its industry out of existence. Expose the investors who are propping it up.

The Eternal October

Mike Masnick, Techdirt:

I think it’s time that we bring back recognition of how innovation, and technology such as the open internet, can actually do tremendous good in the world. I’m not talking about a return to unfettered boosterism and unthinking cheerleading — but a new and better-informed understanding of how innovation can create important and useful outcomes. An understanding that recognizes and aims to minimize the potential downsides, taking the lessons of the techlash and looking for ways to create a better, more innovative world.

I appreciate this cognizant optimistic approach, and am excited to see what Masnick has in store.

Calcalis Interviews NSO CEO Shalev Hulio

Omer Kabir and Hagar Ravet of Calcalis:

Perhaps due to the magnitude of the media interest in the investigation, NSO executives chose to break the secrecy that usually surrounds their company and answer questions directly. In an interview with Calcalist, NSO chief executive Shalev Hulio denied his software was being used for malicious activity. At the heart of his claims is the list of 50,000 phone numbers on which the investigation is based, and which it is claimed are potential NSO targets. The source of the list wasn’t revealed, and according to Hulio, it reached him a month prior to the publication of the investigation, and from a completely different source.

The publications behind the Pegasus Project assert that this list of phone numbers is, in the words of the Guardian, “an indication of intent”. This is clearly not a list of random phone numbers — several of the numbers on it are tied to phones with local evidence of Pegasus software, and many more of the numbers belong to high-profile targets. But, according to Hulio, it is impossible that this is entirely a list of targets:

According to Hulio, “the average for our clients is 100 targets a year. If you take NSO’s entire history, you won’t reach 50,000 Pegasus targets since the company was founded. Pegasus has 45 clients, with around 100 targets per client a year. In addition, this list includes countries that aren’t even our clients and NSO doesn’t even have any list that includes all Pegasus targets – simply because the company itself doesn’t know in real-time how its clients are using the system.”

Hulio says that NSO Group investigated these allegations by scanning clients’ records that agreed to an analysis, and could not find anything that matched the Pegasus Project’s list. But it is hard to believe he is being fully honest with examples like these of his hubris:

“Out of 50,000 numbers they succeeded in verifying that 37 people were targets. Even if we go with that figure, which is severe in itself if it were true, we are saying that out of 50,000 numbers, which were examined by 80 journalists from 17 media organizations around the world, they found that 37 are truly Pegasus, so something is clearly wrong with this list. I’m willing to give you a random list of 50,000 numbers and it will probably also include Pegasus targets.”

If a list of just 50,000 random phone numbers — basically, everyone in a small town — contains Pegasus targets, Pegasus is entirely out of control. It is a catastrophic spyware emergency. Hulio was clearly being hyperbolic, but his bluster generated quite the response from Calcalis’ interviewer:

That isn’t accurate. Out of the 50,000 numbers they physically checked only 67 phones and in 37 of them, they found traces of Pegasus. It isn’t 37 out of 50,000. And there were 12 journalists among them. That is 12 too many.

NSO Group’s response, while impassioned, cannot be trusted. The company has not earned enough public goodwill for its CEO to use such colourful language. But the Pegasus Project’s publication partners also need to clarify what the list of phone numbers actually means, because something here is not adding up.

Troubles With Apple’s Bug Bounty Program

I used some of the Washington Post’s reporting on the Pegasus Project in my piece about its revelations and lessons, but I never really addressed the Post’s article. I hope you will read what I wrote, especially since this website was down for about five hours today around the time it started picking up traction. Someone kicked the plug out at my web host; what can I say?

Anyway, the Post’s story is also worth reading, despite its headline: “Despite the hype, iPhone security no match for NSO spyware”. iPhone security is not made of “hype” and marketing. On the contrary, the reason this malware is notable is because of its sophistication and capability in an operating system that, while imperfect, is far more secure than almost any consumer device before it, as the Post acknowledged just a few years ago when it claimed Apple was “protecting a terrorist’s iPhone”. According to the Post, the iPhone is both way too locked down for a consumer product and also all of its security is mere hype.

Below the miserable headline and between the typically cynical Reed Albergotti framing, there is a series of worthwhile interviews with current and former Apple employees claiming that the company’s security responses are too often driven by marketing response and the annual software release cycle. The Post:

Current and former Apple employees and people who work with the company say the product release schedule is harrowing, and, because there is little time to vet new products for security flaws, it leads to a proliferation of new bugs that offensive security researchers at companies like NSO Group can use to break into even the newest devices.

[…]

Apple also was a relative latecomer to “bug bounties,” where companies pay independent researchers for finding and disclosing software flaws that could be used by hackers in attacks.

Krstić, Apple’s top security official, pushed for a bug bounty program that was added in 2016, but some independent researchers say they have stopped submitting bugs through the program because Apple tends to pay small rewards and the process can take months or years.

Apple disputes the Post’s characterization of its security processes, quality of its bug bounty program, involvement of marketing in its responses, and overall relationship with security researchers.

However, a suddenly very relevant post from Nicolas Brunner, writing last week, indicates that Apple’s bug bounty program is simply not good enough:

In my understanding, the idea behind the bounty program is that developers report bugs directly to Apple and remain silent about them until fixed in exchange for a security bounty pay. They also state very clearly, what issues do qualify for the bounty program payout on their homepage. Unfortunately, in my case, Apple never fulfilled their part of the deal (until now).

To be frank: Right now, I feel robbed. However I still hope, that the security bounty program turns out to be a win-win situation for both parties. In my current understanding however, I do not see any reason, why developers like myself should continue to contribute to it. In my case, Apple was very slow with responses (the entire process took 14 months), then turned me away without elaborating on the reasons and stopped answering e-mails.

A similarly frustrating experience with Apple’s security team was reported last month by Laxman Muthiyah:

The actual bounty mentioned for iCloud account takeover in Apple’s website is $100,000 USD. Extracting sensitive data from locked Apple device is $250,000 USD. My report covered both the scenarios (assuming the passcode endpoint was patched after my report). Even if they chose to award the maximum impact out of the two cases, it should still be $250,000 USD.

Selling these kind of vulnerabilities to government agencies or private bounty programs could have made a lot more money. But I chose the ethical way and I didn’t expect anything more than the outlined bounty amounts by Apple.

[…]

But $18,000 USD is not even close to the actual bounty. Lets say all my assumptions are wrong and Apple passcode verifying endpoint wasn’t vulnerable before my report. Even then the given bounty is not fair looking at the impact of the vulnerability as given below.

Apple says that it pays one million dollars for a “zero-click remote chain with full kernel execution and persistence” — and 50% more than that for a zero-day in a beta version — pales compared to the two million dollars that Zerodium is paying for the same kind of exploit.

Steven Troughton-Smith, via Michael Tsai:

I’m not sure why one of the richest companies in the world feels like it needs to be so stingy with its bounty program; it feels far more like a way to keep security issues hidden & unfixed under NDA than a way to find & fix them. More micro-payouts would incentivize researchers.

Security researchers should not have to grovel to get paid for reporting a vulnerability, no matter how small it may seem. Buy why would anyone put themselves through this process when there are plenty of companies out there paying far more?

The good news is that Apple can get most of the way toward fixing this problem by throwing money at it. Apple has deep pockets; it can keep increasing payouts until the grey market cannot possibly compete. That may seem overly simplistic, but at least this security problem is truly very simple for Apple to solve.

Security Is the Story We Have, Not the Story We Want to Have

This weekend’s first batch of stories from the “Pegasus Project” — a collaboration between seventeen different outlets invited by French investigative publication Forbidden Stories and Amnesty International — offers a rare glimpse into the infrastructure of modern espionage. This is a spaghetti junction of narratives: device security, privatized intelligence and spycraft, appropriate targeting, corporate responsibility, and assassination. It is as tantalizing a story as it is disturbing.

“Pegasus” is a mobile spyware toolkit created and distributed by NSO Group. Once successfully installed, it reportedly has root-level access and can, therefore, exfiltrate anything of intelligence interest: messages, locations, phone records, contacts, and photos are all obvious and confirmed categories. Pegasus can also create new things of intelligence value: it can capture pictures using any of the cameras and record audio using the microphone, all without the user’s knowledge. According to a 2012 Calcalist report, NSO Group is licensed by the Israeli Ministry of Defense to export its spyware to foreign governments, but not private companies or individuals.

There is little record of this software or capability on NSO Group’s website. Instead, the company says that its software helps “find and rescue kidnapped children” and “prevent terrorism”. It recently published a transparency report arguing that it offers lots of software for other purposes. It acknowledged some abuse of Pegasus’ capabilities, but said that those amount to a tiny number and that the company does not sell to “55 countries […] for reasons such as human rights, corruption, and regulatory restrictions”. It does not say in this transparency report which countries’ governments it prohibits from using its intelligence-gathering products.

Much of this conflict is about the stories which NSO Group wants to tell compared to the stories it should be telling: how its software enables human rights abuses, spying on journalists, and expanding authoritarian power. In fact, that is an apt summary for much of the security reporting that comprises the Pegasus Project: the stories that we, the public, have, not the stories that we want to have.

One of the stories that we tell ourselves is that our devices are pretty secure, so long as we keep them up to date, and that we would probably notice an intrusion attempt. The reality, as verified by Citizen Lab at the University of Toronto, is that NSO Group is particularly good at developing spyware:

Citizen Lab independently documented NSO Pegasus spyware installed via successful zero-day zero-click iMessage compromises of an iPhone 12 Pro Max device running iOS 14.6, as well as zero-day zero-click iMessage attacks that successfully installed Pegasus on an iPhone SE2 device running iOS version 14.4, and a zero-click (non-zero-day) iMessage attack on an iPhone SE2 device running iOS 14.0.1. The mechanics of the zero-click exploit for iOS 14.x appear to be substantially different than the KISMET exploit for iOS 13.5.1 and iOS 13.7, suggesting that it is in fact a different zero-click iMessage exploit.

“Zero-day” indicates a vulnerability that has not already been reported to the vendor — in this case, Apple. “Zero-click” means exactly what it sounds like: this is an exploit delivered by iMessage that is executed without any user interaction, and it is wildly difficult to know if your device has been compromised. That is the bad news: the story we like to tell ourselves about mobile device security simply is not true.

But nor is it true that we are all similarly vulnerable to attacks like these, as Ivan Krstić, Apple’s Head of Security Engineering and Architecture, said in a statement to the Washington Post:

Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. […] Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. […]

This situation is reminiscent of the 2019 zero-day attacks against iPhone-using Uyghurs, delivered through news websites popular with Uyghurs and presumably orchestrated by the Chinese government. Those vulnerabilities were quietly fixed at the beginning of that year, but their exploitation was not disclosed until Google’s Project Zero published a deep dive into their existence, at which point Apple issued a statement. I thought it was a poor set of excuses for a digital attack against an entire vulnerable population.

This time, it makes sense to focus on the highly-targeted nature of Pegasus attacks. The use of this spyware is not indiscriminate. But — with reportedly tens of thousands of attempted infections — it is being used in a more widespread way than I think many would assume. Like the exploits used on Uyghurs two years ago, it indicates that iPhone zero-click zero-days might not be the Pappy Van Winkle of the security world. Certainly, they are still rare, but it seems that there are some companies and nation-states that have stocked their pantries for a rainy day and might not be so shy about their use.

Still, nothing so far indicates that a typical person is in danger of falling victim to Pegasus, though the mere presence of zero-click full exploitations is worrisome for every smartphone user. The Guardian reports that the victims of NSO Group’s customers are high-profile individuals: business executives, investigative journalists, world leaders, and close associates. That is not to minimize the effect of this spyware, but its reach is more deliberately limited. If anything, the focus of its deployment teases for us mere mortals the unique security considerations faced by those at higher risk of targeted attack.

Thing is that many of those high-profile people use iPhones. The diplomats and friends of assassinated journalist Jamal Khashoggi profiled by the Washington Post all use iPhones. Many celebrities use iPhones, even when promoting Android devices. Jeff Bezos used an iPhone X.1 Many of the devices examines as part of the Pegasus Project are, indeed, iPhones, which has push the Washington Post team reporting on this investigation to conclude that this is largely an iPhone-specific problem:

Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple’s reputation for superior security when compared with its leading rivals, which run Android operating systems by Google.

The months-long investigation by The Post and its partners found more evidence to fuel that debate. Amnesty’s Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37. Of those, 34 were iPhones — 23 that showed signs of a successful Pegasus infection and 11 that showed signs of attempted infection.

If you read Amnesty’s full investigation into Pegasus — and I suggest you do as it is comprehensive — there is a different explanation for why the iPhone is overrepresented in its sample, and a clear warning against oversimplification:

Much of the targeting outlined in this report involves Pegasus attacks targeting iOS devices. It is important to note that this does not necessarily reflect the relative security of iOS devices compared to Android devices, or other operating systems and phone manufacturers.

In Amnesty International’s experience there are significantly more forensic traces accessible to investigators on Apple iOS devices than on stock Android devices, therefore our methodology is focused on the former. As a result, most recent cases of confirmed Pegasus infections have involved iPhones.

iOS clearly has many holes in its security infrastructure that need patching. Reporting from the Post suggests that the demand of launching a major new version of iOS every year — in addition to the four other operating systems Apple updates on an annual cycle — not only takes a toll on the reliability of its software, but also means some critical vulnerabilities take months to get patched. Apple is not alone in that regard, but it does raise questions about the security of the world’s information resting entirely in the hands of engineers at three companies on the American west coast. Is it a good thing that that high-risk people only have a choice between iOS and Android? Does it make sense that many of the world’s biggest companies almost entirely run Windows? Is enough being done to counter the inherent risks of this three-way market?

The security story we have is one of great risk, with responsibility held by very few. There are layers of firewalls and scanners and obfuscation techniques and encryption and all of that — but a determined attacker knows there are limited variables. iOS is not especially weak, but it is exceptionally vertically-integrated. If the latest iPhone running the latest software updates is vulnerable, all iPhones probably are as well.

There are two more contrasting sets of stories I wish to touch on about the responsibility of NSO Group and companies like it in these attacks. First, NSO Group is careful to state that it is merely a vendor and, as such, “does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers”. However, it is also adamant that its software had zero role in Khashoggi’s assassination. How is it possible to square that certainty with the company’s alleged lack of involvement in the affairs of customers it cannot confirm nor deny?

Second, I gave credit earlier this year to the notion that private marketplaces of security vulnerabilities might actually be beneficial — at least, compared to weakened encryption or some form of “back door”. NSO Group is the reverse side of that argument. The story I like to tell myself is that, given that there is an established market for zero-days, at least that means law enforcement can unlock encrypted smartphones without the need for a twenty first century Clipper Chip. But the story we have is that NSO Group develops espionage software over which, once sold, it has little control. The company’s spyware is now implicated in the targeting of tens of thousands of phones belonging to activists, human rights lawyers, journalists, businesspeople, demonstrators, investigators, world leaders, and friends and colleagues of all of the above. NSO Group is a private company that enables dictators and autocrats, and somehow gets to wash its hands of all responsibility.

The story it wants is of a high technology company saving children and fighting terrorists. The story it has is an abuse of power and a lack of accountability.


  1. You might remember that embarrassing texts and images were leaked from Jeff Bezos’ iPhone a couple of years ago that confirmed that he was cheating on his now ex-wife with his current partner Lauren Sanchez. Bezos got in front of the National Enquirer story with a heroic-seeming Medium post where he copped to the affair.

    In that post, he also insinuated that the Saudi royal family used NSO Group malware to breach his phone’s security and steal that incriminating evidence in retaliation for his ownership of the Washington Post and its coverage of the Saudi royalty’s role in Post contributor Jamal Khashoggi’s assassination. In addition, the Post had aggressively reported on the Enqiurer’s catch-and-kill scheme to silence salacious stories.

    While that got huge amounts of coverage, a funny thing happened not too long after: the Wall Street Journal confirmed that the Enquirer did not get the texts and photos from some secret Saudi arrangement and, instead, simply paid Sanchez’ brother who had stolen them. A fuller story of this public relations score was reported earlier this year by Brad Stone in Bloomberg Businessweek. It seems that, contrary to contemporary reporting, there was little to substantiate rumours of a high-tech break-in by a foreign government.

    It is unclear whether Bezos was simply spinning a boring story in a politically-favourable way; a recent Mother Jones investigation found that Amazon’s public relations team is notorious among journalists for being hostile and telling outright lies. But if he was targeted by the Saudi Arabian royal family using NSO Group software, it is notable that it is apparently not on the list of 55 countries that the company refuses to sell to on the basis of human rights abuses↩︎

Instagram Has Become a Blend of TikTok and SkyMall

Instagram head Adam Mosseri, a few weeks ago:

But today I actually want to talk a bit more about video. And I want to start by saying we’re no longer a photo-sharing app or a square photo-sharing app. The number one reason that people say that they use Instagram in research is to be entertained. So people are looking to us for that. […]

Leaning hard on video at the expensive of everything else — now where have I heard that before?

Ben Thompson:

To this point I have framed Mosseri’s announced changes in the context of Instagram’s continual evolution as an app, from photo filters to network to video to algorithmic feed to Stories. All of those changes, though, were in the spirit of Systrom’s initial mission to capture and share moments. That is why perhaps the most momentous admission by Mosseri is that Instagram’s new mission is simply to be entertainment.

I have to wonder if it is in preparation for more than that, given this piece by Clive Thompson, writing for Medium’s the Debugger:

If you flew during the 90s and 00s, you probably remember SkyMall. It was a catalogue of completely loony products — often high-tech gadgets of dubious promise, such as “a vacuum cleaner to catch flies, an alien butler drink tray, a helmet that promises to regrow your hair using lasers.”

[…]

I can’t say precisely when my Instagram ads began to tip over into SkyMall territory. I’d been noticing the devolution for months, maybe years. But these days when I open up the app, every ad customized for me is some decidedly loopy gewgaw.

Maybe Instagram’s growth continues to be driven by the successful features it can lift directly from other photo- and video-based apps. But I wonder if this mix of ads for bizarre direct-to-consumer goods and the integrated e-commerce functionality are laying the foundation for a platform more like WeChat, Line, or Gojek. Perhaps Instagram does not expand into logistics operations, but why would it not push further into online payments, and buying and selling products? For many, shopping is entertainment. Why not facilitate that inside one of the world’s most popular mobile apps and take a cut of every purchase?

Even discarding my idle speculation, the name “Instagram” sure is beginning to feel outdated or, at least, disconnected.

The White House Is Not Colluding With Facebook on Censorship

Susan Heavey, Elizabeth Culliford, and Diane Bartz, Reuters:

Facebook is not doing enough to stop the spread of false claims about COVID-19 and vaccines, White House press secretary Jen Psaki said on Thursday, part of a new administration pushback on misinformation in the United States.

Facebook, which owns Instagram and WhatsApp, needs to work harder to remove inaccurate vaccine information from its platform, Psaki said.

From the White House transcript of that press briefing, in response to a reporter’s question about what actions the U.S. federal government is taking:

In terms of actions, Alex, that we have taken — or we’re working to take, I should say — from the federal government: We’ve increased disinformation research and tracking within the Surgeon General’s office. We’re flagging problematic posts for Facebook that spread disinformation. We’re working with doctors and medical professionals to connect — to connect medical experts with popular — with popular — who are popular with their audiences with — with accurate information and boost trusted content. So we’re helping get trusted content out there.

Psaki’s admission that the government is “flagging” posts with misinformation has caused quite the gnashing of teeth in pockets of the professional commentary circuit, with the Wall Street Journal’s editorial board calling it “censorship coordination”.

But, as Mike Masnick writes at Techdirt, that is not an accurate portrayal of what the Biden administration is doing:

It’s a simple fact: the US government should not be threatening or coercing private companies into taking down protected speech.

But, over the past few days there’s been an absolutely ridiculous shit storm falsely claiming that the White House is, in fact, doing this with Facebook, leading to a whole bunch of nonsense — mainly from the President’s critics. It began on Thursday, when White House press secretary Jen Psaki, in talking about vaccine disinfo, noted that the White House had flagged vaccine disinformation to Facebook. And… critics of the President completely lost their shit claiming that it was a “First Amendment violation” or that it somehow proved Donald Trump’s case against the social media companies.

It did none of those things.

I think Ken White’s messaging is better than the official White House version, but I do not think it would ameliorate the situation for those who believe the administration is colluding with Silicon Valley, or who are exploiting vaccine misinformation for their own gain.

Microsoft and Google Have Redesigned Their Emoji

Microsoft’s Claire Anderson, on the company’s Medium-based design blog (can Microsoft not host its own blog?):

As the world moves toward hybrid work scenarios that blend in-person with remote, expressive forms of digital communication are more important than ever. Over 1,800 emoji exist within Microsoft 365, and we’ve been working for the past year to dramatically refresh them by creating a system that is innately Fluent.

We opted for 3D designs over 2D and chose to animate the majority of our emoji. While you’ll see these roll out in product over the coming months, we wanted to share a sneak peek with you in honor of World Emoji Day. We’re also excited to unveil five brand-new emoji that signal our fresh perspective on work, expression, and the spaces in between.

Even though the video in the post is not entirely reflective of the actual textures and detail in these emoji, there is some beautiful design at play in these images. The faces, in particular, are playfully rendered, yet still legible even at the smaller size shown in the banner image. Many of the objects have soft lighting effects that, while slightly reducing contrast, do not seem to affect clarity too much. I am looking forward to seeing what they will look like in actual use.

Jennifer Daniel of Google, a company that hosts its own blog and uses its own top-level domain extension:

Well, it looks like giving some love to hundreds of emoji already on your keyboard — focusing on making them more universal, accessible and authentic — so that you can find an all-new fav emoji (I’m fond of 🎷🐛). And, you can find all of these emoji (yes, including the king, 🐢) across more of Google’s platforms including Android, Gmail, Chat, Chrome OS and YouTube.

I am much less fond of these.

‘Buy Now, Pay Later’ Services

Maddy Varner, the Markup:

If you’ve scrolled through any e-commerce sites lately, you’ve probably seen a version of it: A charming dinner plate costs $28 or “4 interest-free installments of $7.00 by Afterpay.” A pastoral checkered dress could run you $74.50 … or, alternatively, “4 interest-free payments of $18.62 with Klarna.”

In the past year, more and more merchants have started incorporating “buy now, pay later” options into their websites. They’re often prominently featured on product pages, where shoppers who might otherwise click away are encouraged to instead splurge and split their spending into periodic payments.

[…]

While BNPL companies present these loans as a smart budgeting tool, experts say costs can quickly add up, leaving shoppers with mounting debt. And regulators across the world have started to rein in these services, concerned that they can negatively impact the young consumers who tend to use them.

It is a bit disappointing but unsurprising that Apple is rumoured to be working on a competing offering. Once a company has got its feet wet in the murky sea of financial services, why would it be reluctant to go further?

Unclack for MacOS

Here is an excellent little single-purpose Mac utility: Unclack automatically mutes your mic when you are typing, and unmutes it when you stop. That’s it; that is all it does.

This was apparently released months ago, but I was only introduced to it recently, and it has been a very good thing to have. I am a loud typist pretty much always — it is a bad habit, I know — and this little utility means that I do not have to remember to mute and unmute my mic during online meetings. However, I have also discovered that I speak more while typing than I realized, thanks to this utility.

This is, for me, a perfect addition to my work-from-home software toolkit, and it is free. Recommended.

Abolishing Online Anonymity Will Not Tackle Abuse

Hussein Kesvani, in an opinion piece for the Guardian:

There is an argument that by forcing people to reveal themselves publicly, or giving the platforms access to their identities, they will be “held accountable” for what they write and say on the internet. Though the intentions behind this are understandable, I believe that ID verification proposals are shortsighted. They will give more power to tech companies who already don’t do enough to enforce their existing community guidelines to protect vulnerable users, and, crucially, do little to address the underlying issues that render racial harassment and abuse so ubiquitous.

My pet theory is that our fractured relationship with other users of big online platforms has nothing to do with anonymity and everything to do with standards. Pseudonymity and anonymity have been a part of the internet since it was created. Many users of forums and, before them, BBSes were only known by their handles. The biggest thing that has changed in the last fifteen-or-so years is a weakening of moderation efforts and community standards. It used to be that you had to go to specific websites known for users’ ability to test the limits of good taste and free speech, but that approach was mainstreamed. In the earlier days of Twitter, company executives famously referred to it as the “free speech wing of the free speech party”. Alexis Ohanian repeatedly praised Reddit’s laissez-faire approach to speech, and Facebook has wrestled with moderation issues for well over a decade now. Many users may have been repelled by rampant abuse, and those who remained were able to set a standard for new users to grow accustomed to.

Lax moderation in the founding years of these platforms undoubtably aided their growth, but that rapid ascendency also compounded their inability to moderate as they grew. Mike Masnick of Techdirt has said that moderation is impossible at scale, but I think that is partly because platforms are not moderating at a small scale. Trying to embed community standards into a platform hosting hundreds of millions of users is a fraught exercise. It has to start when these platforms are nascent.

That is my little theory, but it is sort of irrelevant. There is no way to reset platforms to the size they were at their founding so that we can try this whole thing again. I do not know how we, collectively, find a better way to express ourselves online now that the standard has been set. I do not think banning anonymity is a realistic or effective solution. Platforms’ lowered tolerance for abuse is, I think, helpful, if long overdue. But some change perhaps comes from understanding that we are often communicating with real people. I am not arguing that it will solve racism, but Kesvani is right: requiring verified identification to use web platforms will only give a superficial impression of improving on that front, too.

‘Roadrunner’ Contains Undisclosed Generated Re-Creations of Anthony Bourdain’s Voice

Helen Rosner, of the New Yorker, interviewed Morgan Neville about his new film “Roadrunner”, a documentary about Anthony Bourdain’s life:

There is a moment at the end of the film’s second act when the artist David Choe, a friend of Bourdain’s, is reading aloud an e-mail Bourdain had sent him: “Dude, this is a crazy thing to ask, but I’m curious” Choe begins reading, and then the voice fades into Bourdain’s own: “… and my life is sort of shit now. You are successful, and I am successful, and I’m wondering: Are you happy?” I asked Neville how on earth he’d found an audio recording of Bourdain reading his own e-mail. Throughout the film, Neville and his team used stitched-together clips of Bourdain’s narration pulled from TV, radio, podcasts, and audiobooks. “But there were three quotes there I wanted his voice for that there were no recordings of,” Neville explained. So he got in touch with a software company, gave it about a dozen hours of recordings, and, he said, “I created an A.I. model of his voice.” In a world of computer simulations and deepfakes, a dead man’s voice speaking his own words of despair is hardly the most dystopian application of the technology. But the seamlessness of the effect is eerie. “If you watch the film, other than that line you mentioned, you probably don’t know what the other lines are that were spoken by the A.I., and you’re not going to know,” Neville said. “We can have a documentary-ethics panel about it later.”

Since Bourdain wrote the words generated by this faked audio, I can see how this might seem like a fine compromise if you twist your brain around a little bit, but it is diving headfirst into some murky ethical waters. In this specific case, it comes across as exploitative and disrespectful.

This email is apparently not the only generated audio in the film, too, and it is unclear what the circumstances are around other clips. A big reason why there are no clear answers here is because Neville reportedly does not disclose the use of generated speech in the film — and that is inexcusable. For shame.

Bloomberg: Three-Quarters of iOS Users Opt Out of Tracking

Kurt Wagner, Bloomberg:

When users get asked on iPhone devices if they’d like to be tracked, the vast majority say no. That’s worrying Facebook Inc.’s advertisers, who are losing access to some of their most valuable targeting data and have already seen a decrease in effectiveness of their ads. 

The new prompt from Apple Inc., which arrived in an iOS software update to iPhones in early June, explicitly asks users of each app whether they are willing to be tracked across their internet activity. Most are saying no, according to Branch, which analyzes mobile app growth. People are giving apps permission to track their behavior just 25% of the time, Branch found, severing a data pipeline that has powered the targeted advertising industry for years.

The opt-in numbers reported by Branch are similar to those last reported by Flurry for worldwide users.

The online advertising industry has been telling us for years that consumers overwhelmingly prefer personalized ads and are only too happy to give up private information. What a crock of lies. The ad tech industry has been relying on a lack of transparency and consent to drive its business. When given a choice, there is now large-scale evidence that people abhor tracking and will usually opt out.

Also, for what it is worth, iOS 14.5, the update that launched App Tracking Transparency, was released in April and not “early June” as reported here. Never change, Bloomberg.

Twitter Is Axing Fleets, the Stories-Like Feature Demanded by Activist Investors, Due to Low Usage

Ilya Brown of Twitter:

We built Fleets as a lower-pressure, ephemeral way for people to share their fleeting thoughts. We hoped Fleets would help more people feel comfortable joining the conversation on Twitter. But, in the time since we introduced Fleets to everyone, we haven’t seen an increase in the number of new people joining the conversation with Fleets like we hoped. Because of this, on August 3, Fleets will no longer be available on Twitter.

You may recall that the Fleets feature was launched globally in November, reportedly due to pressure from Paul Singer’s Elliott Management though Jack Dorsey took issue with that characterization. I am not sure Wall Street is the best place to look for product ideas, but I admire Twitter’s willingness to experiment with copycat features apparently demanded by the same jerks who pushed Argentina to default. That’s innovation.

Meet BIGDBM and FullContact, Two Companies in the De‍-‍Anonymization Industry

Joseph Cox, Vice:

Tech companies have repeatedly reassured the public that trackers used to follow smartphone users through apps are anonymous or at least pseudonymous, not directly identifying the person using the phone. But what they don’t mention is that an entire overlooked industry exists to purposefully and explicitly shatter that anonymity.

They do this by linking mobile advertising IDs (MAIDs) collected by apps to a person’s full name, physical address, and other personal identifiable information (PII). Motherboard confirmed this by posing as a potential customer to a company that offers linking MAIDs to PII.

While American lawmakers have been focused on allegations of criminally anticompetitive practices by bigger tech companies and American media has extensively covered Facebook and Google’s creepy tracking practices, the data “enrichment” industry has skated by with little attention outside of the tech-centric press. Its practices cannot be ignored.

A couple of years ago, records of over one billion people were found on an unprotected server, sourced from two different data enrichment companies. American cellular providers share subscriber information with advertisers and enrichment companies. This entire industry matches identifiers in different data sets to produce more comprehensive, more detailed, and more individualized profiles on people, which it sells back to the advertising industry, other data companies, resellers, and government agencies, according to the privacy policy of one of the two companies in this report.

I thought it might be useful to look at ways to opt out of this kind of associative data collection, so let’s examine those two companies.

FullContact cares so much about privacy that it provides a process for removing your data from its systems — but that is helpful only if you know the company exists. I followed the process and saw that FullContact had linked two of my email addresses and my phone number against a scraped copy of the LinkedIn profile I deleted many years ago, various social media profiles — remember FourSquare? — and my city. If you are familiar with the APIs provided by social media companies, this is probably an unsurprising data set. I sent a request to delete my data and, within an hour, I received an email confirming it was completed.

BIGDBM is much less transparent. On its Data Market page, it brags that it offers:

[…] a secure, cloud-based, self-service data platform that enables users to quickly and easily select data from billions of records. All BIGBDM records contain a persistent individual ID that keeps track of individuals in both online and offline data environments, allowing our customers for marketing to individuals using digital ads, or offline using phones and direct mail.

People seemingly have little control over whether BIGDBM has their identifier. On its privacy page, California users are able to request a copy of their data by completing a PDF form — which, as of writing, returns an error stating that the HTTPS certificate expired last year — and emailing them a copy. Then, BIGDBM may grant access to its California-specific database tool, at which point it appears that users may be allowed to delete their information. Apparently, this only applies to users in California; if you live elsewhere in the United States, BIGDBM may process your request if you nicely ask a sympathetic company representative.

It is unclear how the company treats information about non-Americans. Its privacy policy says that it does not collect information about people in the European Union “as a matter of course”, but how can it guarantee that? And what about people elsewhere?

Of course, all of this is only relevant if you have heard of BIGDBM. Companies like these are often unnamed in the user agreements and privacy policies most users do not read before registering for a service. In many cases, they fall under a generic term, like “vendors”, “partners”, or “other parties”.

It is onerous to require that individual users understand the full consequences of privacy policies like these. They grant most companies the freedom to share whatever information they feel like with whichever third-parties they deem relevant to their business practices. Those parties might re-share it, or mix it with other records to increase its granularity. All of this is permitted under U.S. law. And, because many technology products and services are based in the U.S., it often means that non-Americans are subject to the same policies due to the jurisdiction clause in the user agreement.

In a Period of Eighteen Months, Over Fifty Facebook Engineers Were Fired for Accessing Private User Data

New York Times reporters Sheera Frenkel and Cecilia Kang have written a new book about Facebook, “An Ugly Truth”, with an apt cover design. Last week, the Times published an excerpt about the fractured relationship between Sheryl Sandberg and Mark Zuckerberg. But it is the one published yesterday in the Telegraph that I think warrants further comment:

During a period spanning January 2014 to August 2015, the engineer who looked up his onetime date was just one of 52 Facebook employees fired for exploiting their access to user data. Men who looked up the Facebook profiles of women they were interested in made up the vast majority of engineers who abused their privileges. Most did little more than look up users’ information. But a few took it much further. One engineer used the data to confront a woman who had travelled with him on a European holiday; the two had gotten into a fight during the trip, and the engineer tracked her to her new hotel after she left the room they had been sharing. Another engineer accessed a woman’s Facebook page before they had even gone on a first date. He saw that she regularly visited Dolores Park, in San Francisco, and he found her there one day, enjoying the sun with her friends.

I do not know that Facebook will ever live down the reputation established by a teenaged Zuckerberg in an instant message to a friend of his after he launched it:

Zuck: They “trust me”

Zuck: Dumb fucks.

According to this excerpt, the limitations on engineer access to Facebook user data did not change much between the time Zuckerberg sent those messages and mid-2015. Mix that attitude with the goal Zuckerberg elucidated in a 2007 conversation with Sandberg before hiring her:

[…] he described his goal of turning every person in the country with an internet connection into a Facebook user.

There are now databases containing the personal details of about a third of the world’s population which, at least for a span of eighteen months, an average of one engineer was fired every two weeks for improperly accessing users’ profiles, targeted advertising categories, or location data. This excerpt implies they were caught because they had used company-provided computers, and that they only represent a fraction of the “thousands” of engineers spying on Facebook users. This is an extraordinary abuse of power, akin to real-world stalking with fewer risks to the perpetrator.

In this excerpt and in a brief mention in the Times’ review, Alex Stamos comes out looking pretty good. I am curious about whether that holds in the full story.

You may need to log into a Telegraph account to read this link. Or you can just get the book; I placed a hold on a copy from my local library.

In W3C Discussions, Ad Tech Companies Are Tussling With Web Browser Vendors Over Privacy Features

Issie Lapowsky, Protocol:

One of the web’s geekiest corners, the W3C is a mostly-online community where the people who operate the internet — website publishers, browser companies, ad tech firms, privacy advocates, academics and others — come together to hash out how the plumbing of the web works. It’s where top developers from companies like Google pitch proposals for new technical standards, the rest of the community fine-tunes them and, if all goes well, the consortium ends up writing the rules that ensure websites are secure and that they work no matter which browser you’re using or where you’re using it.

The W3C’s members do it all by consensus in public Github forums and open Zoom meetings with meticulously documented meeting minutes, creating a rare archive on the internet of conversations between some of the world’s most secretive companies as they collaborate on new rules for the web in plain sight.

But lately, that spirit of collaboration has been under intense strain as the W3C has become a key battleground in the war over web privacy. Over the last year, far from the notice of the average consumer or lawmaker, the people who actually make the web run have converged on this niche community of engineers to wrangle over what privacy really means, how the web can be more private in practice and how much power tech giants should have to unilaterally enact this change.

The “tech giant” framing of this piece obscures the multisided battle that is going on within these discussions. There are browser vendors — like Apple and Brave — that are more privacy-conscious, but with conflicts of interest, as well as people who advocate for these features with fewer conflicts. There are representatives of the big privacy-hostile tech companies: Google and Microsoft1 have web browsers, while Amazon and Facebook do not. And then there are ad tech companies that are smaller than the big tech companies but, as I have repeatedly argued, can be almost as creepy.


  1. Microsoft has a personalized ad network that tracks Windows users across their computers↩︎

Consumer Reports Wants to See Your Internet Bill

Geoffrey A. Fowler, Washington Post:

I recently moved and needed to sign up for Internet and TV service. I chose a package that Comcast advertised would cost $90 per month.

When the first bill arrived, it totaled — surprise! — $127.72. That’s 42 percent more.

As I’ve learned, jacking up prices for service is perfectly legal. It’s also maddeningly common.

[…]

Comcast tells me this is exactly what its customers want. It said it disclosed its copious additional fees to me in various fine-print communications — though only after I entered my credit card number. “We conduct extensive consumer research and host focus groups and incorporate our findings into the way we present information to our customers, all in an effort to help ensure they have a positive experience and can easily understand the details of their service,” said Jennifer Khoury, Comcast’s chief communications officer.

There is nothing American consumers love more than ISPs and hidden fees, with the exception of pretty much anything else. Still, this is not solely a Comcast problem, nor is it only an American problem: one Canadian ISP’s website currently promises “TOTAL TV PLANS FOR $50/MO.” without making it clear that “Total TV” is a brand and not reflective of the bundle pricing, and the $50 per month rate only applies to the first month’s bill, after which it is $150 per month.

Russell Brandom, the Verge:

You don’t always get what you pay for in internet access. Most places only have one option, so you’re stuck picking the good plan or the bad plan from a single carrier, and if the expensive “broadband” plan turns out to be closer to dial-up speeds, there isn’t much you can do. And that’s without getting into the big swaths of the country that don’t even have a broadband option on the table.

So we’re joining with Consumer Reports to take a close look at the problem, collecting as many internet bills as we can to get a sense of which telecoms are holding up their end of the bargain — and which ones are falling short. The idea is to get a bird’s-eye view of the speeds people are actually getting, and what they’re paying for those speeds.

Consumer Reports promises that it will de-identify bills submitted to it. If you are American and would like to participate, you can complete the survey. I would happily participate if a similar study were offered in Canada.

Impatience for Professional Macs Running on Apple’s Own SoC

DL Cade, Digital Photography Review:

Ever since Apple unveiled the M1 System on a Chip (SOC)—the CPU/GPU/RAM combo pack that powers the latest 13-inch MacBook Pro, MacBook Air, Mac mini, and the redesigned 24-inch iMac – the creative world has been buzzing. It’s fast, it’s power efficient, it barely needs to be cooled, and since it was designed by Apple for an Apple operating system, the M1 system is optimized to within an inch of its life.

[…]

The problem is that the M1 was never meant to power professional-grade hardware. It’s a preview of coming attractions – an extraordinary appetizer designed to serve the enthusiast and amateur community, while tantalizing pros with a mere taste of what’s possible. Seven months on, the pros are getting impatient.

Tim Bray:

DPReview just published Apple still hasn’t made a truly “Pro” M1 Mac – so what’s the holdup? Following on the good performance and awesome power efficiency of the Apple M1, there’s a hungry background rumble in Mac-land along the lines of “Since the M1 is an entry-level chip, the next CPU is gonna blow everyone’s mind!” But it’s been eight months since the M1 shipped and we haven’t heard from Apple. I have a good guess what’s going on: It’s proving really hard to make a CPU (or SoC) that’s perceptibly faster than the M1. Here’s why.

Bray’s speculation is well-considered, but perhaps misplaced.

Tom’s Guide:

As rumors swirl around a future M1X chip for the MacBook Pro 2021 and a possible M2 chip for the 2022 MacBook Air, Apple sees big things ahead for Apple Silicon, both in terms of achieving new designs and perhaps appealing to the most demanding audience of all — gamers. After all, many of the engineers building Apple’s chips are gamers themselves.

“Of course, you can imagine the pride of some of the GPU folks and imagining, ‘Hey, wouldn’t it be great if it hits a broader set of those really intense gamers,’” said [Apple VP Tim] Milet. “It’s a natural place for us to be looking, to be working closely with our Metal team and our Developer team. We love the challenge.”

The eagerness of seeing how the M1 could possibly be made to look like last year’s technology is understandable. But it has been just one year since Apple announced that it was making this transition, and the first products with the M1 were only announced and shipped in November. Good things take time, I say. A betting person might look at when Apple launched new Mac hardware for the past five years or so, and treat that as guidance for when the announcement will be made for first slate of Apple’s high-end Macs running on its own silicon.

Update: Via Nut Bunnies on Twitter, it is also worth mentioning that there is still an ongoing chip shortage, which not one of these articles does. I still think beginning with consumer Macs and then adding higher-end models later is a perfectly sensible strategy, and there is little indication outside the company that professional models are delayed.

The Infinite Ugly Scroll

Saikat Chakrabarti on Twitter:

Every now and then I think about bad readability on the Internet has gotten and it makes me sad.

Every major website now requires users to complete the same set of tedious tasks approximately every seven or more days from their last visit, or whenever the site’s cookies expire. It is horrible. Between data-addicted advertisers and marketers, and well-meaning but flawed policies intended to impress upon users some semblance of informed consent, the web is increasingly hard to read.

Via Shoshana Wodinsky in the replies to that tweet, here is an excellent March 2020 piece by David Roth for Columbia Journalism Review:

Even on the websites of august institutions ads interrupt the text every two paragraphs; ads follow you down the sides of the page like store security; ads pop up in boxes that resist being closed, the elusive little x evading your cursor.

There have always been websites like this, usually the kind that we save for private browsing: places to stream out-of-market sporting events, or download bittorrents of hard-to-find films, or browse other things that no reasonable person would admit to.

Now, a great many websites are at least a little bit like this. Not all of these sites are as hard up as they appear, but all of them — the authentically desperate and the merely thirsty, the ones trying heroically to sell their way out of a downward spiral and those blithely steering into it — have made the same choice. Which is to look and feel and be more friendly to advertisers than readers.

The galling thing is that this strategy works — not for users, of course, but on an entirely commercial level it works. Now that we are all inured to the horrific experience created in service of anti-privacy advertising schemes, there is little incentive for mainstream websites to do things any other way. This makes money. News websites can experiment with paywalls, but this problem extends far beyond those kinds of websites. Go to the online store of any retailer and you will have to decline a newsletter box and hide some sort of coupon offer; you might have to do the latter twice because it will appear again if you move your cursor towards the tab bar, triggering what is known in the business as an exit intent popup. You are clearly there to browse and perhaps make a purchase, and the retailer still wants to inundate you with hard sales tactics.

The web has fallen so far in just the past ten years. I am worried about what is the next lowest bar online marketers will collectively decide websites no longer have to clear.

Gojek Drivers Use Third-Party ‘Tuyul’ Apps to Improve Their Working Conditions

Rida Qadri, Vice (via hamba_biasa91 on Twitter):

Over the last six years, a burgeoning underground market for unauthorized, third-party Gojek apps has emerged. Named after a child-like spirit in Indonesian folklore that helps his human master earn money by stealing, each tuyul app responds to specific needs of drivers to help make their jobs less miserable.

[…]

Despite Gojek’s adversarial relationship with tuyul, the company has benefited by adopting some of the features originally created by unauthorized apps. For instance, the “automatic bidding” app drivers had developed was introduced into the official Gojek app through a new feature called “autobid.” Gojek also briefly introduced the ability for drivers to filter orders, but according to drivers removed the feature when too many drivers started filtering for specific types of orders. While Gojek adopting driver-developed app features shows its responsiveness to driver needs, it also comes with the fear of drivers losing agency over how and how long they can use the features.

If there is one constant in the gig economy, it is that businesses must concede that they are actually employers rather than mere platforms for contractors. Every time they try treating workers like independent labour, they find it is an impediment to their business model.

Marketers Are Worried That iCloud Private Relay Could Be a Technical Hurdle Instead of a Policy One

Seb Joseph, Digiday:

And herein lies the rub for ad execs. Apple has told them fingerprinting is off-limits but doesn’t seem to be aggressively enforcing this policy. Few execs, however, believe this perceived inaction will last. Eventually, goes the thinking, Apple won’t need to enforce a policy like ATT to rid its mobile operating system of fingerprinting — it will have the technology to block it from ever happening in the first place. The reason: Private Relay.

Private Relay renders a person’s IP address useless for fingerprinting because it redirects web traffic through two separate servers. Granted, an IP address is just one of many aspects that make a fingerprint of someone’s behavior on a device — but it’s an important one.

For all of marketers’ thrashing and gnashing about App Tracking Transparency, it really is only a policy change. Apple certainly tries to enforce it; it knows about SDKs that function as trackers, and at least one attempt to circumvent these rules has faltered. iCloud Private Relay creates a much more robust barrier, especially if it is extended to all network traffic from all apps — and, notably, compliance does not depend on the attentiveness of an App Store reviewer.

Ten Years After ‘People Staring at Computers’

Kyle McDonald:

In 2011 I published a series of photos taken with the laptops in two New York City Apple Stores, as part of my ongoing exploration of surveillance, face analysis, and computer-mediated interaction. In response, Apple contacted the Secret Service and they raided my apartment. After censoring the work online, Apple did not pursue a civil case against me. And after a few months long investigation by the Secret Service, Assistant United States Attorney Judith Philips declined to prosecute me.

Ten years later, this work is still an important reference point for my art practice. I continue to work with faces and to reflect on privacy and surveillance in a new era dominated by machine learning.

McDonald’s work has long been a reference point for my own practices related to surveillance and privacy. I still find this piece fascinating, even if it is admittedly creepy:

I’m not sure I would make this piece today, anyway. I’m increasingly critical of artwork that attempts to engage with the theme of surveillance by replicating systems of surveillance. How fruitful can a conversation be about consent and privacy, when an artist does not seek their subject’s consent?

It feels like the era of a shock-and-awe approach in laying bare the privacy abuses of our time has run its course. That era seemed to be driven by a misplaced interrogation of power: even though the general public participates in widespread privacy abuses, we did not create them and do not maintain them. A more effective exploration of widespread surveillance has to acknowledge this power difference to be both ethical and effective.

Apple Music Lobotomizes Siri

Dave Scocca on the TidBits forum (via Michael Tsai):

What’s killing me is Apple Music. I have an iTunes library of almost 15,000 songs, mostly ripped from my CDs but with a number of iTunes store purchases. I have a 256 GB iPhone to allow me to have my music with me, and my new-ish Civic has CarPlay. It used to be great–I could use either the car’s voice control button or (later) “Hey Siri” and request music and have it played.

Since activating Apple Music, that process has gone completely to hell. Siri seems to have no idea of what music might actually be stored on the phone. At first, I could play an album using the phone controls or the CarPlay interface, but if I asked Siri to play the exact same album I would be told that it couldn’t be played because I didn’t have cellular data enabled for music streaming. I have tried adding the words “from my library” to various places in my requests to Siri, and it generally does nothing.

I complained about this two years ago when this behaviour was introduced in iOS 13; my bug report — FB6825077 — is dated July 26, 2019. That bug report has gone unacknowledged and unfixed. It is another example of how Siri and CarPlay can be more distracting than helpful, which is worrisome behind the wheel.

The best solution I have found for requesting music is to ask to play an album or playlist “from my local library”. It is imperfect, but it is the command that most often gets me what I want. But it is entirely unnecessary — why would I prefer that my iPhone waste bandwidth streaming a record from Apple Music when I have a local copy right there? It makes no sense at all.

Facebook-Funded Comscore Study Indicates Heavy Use of First-Party Apps on Android and iOS

Alex Heath, the Verge:

If you use an iPhone or Android phone, chances are the majority of your most-used apps were made by Apple and Google.

That’s the takeaway from a new Comscore study that ranks the popularity of preinstalled iOS and Android apps, such as Apple’s Messages, alongside apps made by other developers. The results show that the majority of apps people use on their phones in the US come preinstalled by either Apple or Google. The first-of-its-kind report was commissioned by Facebook, one of Apple’s loudest critics, and shared exclusively with The Verge.

I am guessing it will not surprise most of you to see the effect of defaults, but it is quite something to see Instagram, for example, used by fewer people every month than Apple’s own Stocks app on iOS and the Samsung Calculator on Android.

Interesting as it may be, I have serious doubts about the accuracy of this study. Apparently the most-used app on iOS is the phone app — according to this study, it has more active monthly users in the U.S. than the camera, Messages, YouTube, or Instagram. Why do I not believe that? Meanwhile, not a single phone app appears on the list of the twenty most popular apps on Android — but Walmart’s shopping app sneaks in at the bottom of the list. Also, Gmail is the fourth most popular app on Android, but the highest email application on iOS — Apple’s own Mail app — ranks thirteenth, which is yet another data point indicating that email analytics cannot be trusted.

I’m not arguing that Facebook skewed this study in a specific direction. I just think that these results indicate a flawed methodology.

Microsoft’s Falling Surface Duo

Jesus Diaz, writing at Tom’s Guide shortly after Microsoft unveiled the Surface Duo phone in October 2019, nearly a year before it was released:

Yesterday, as I finished watching Microsoft’s presentation on my iPad Pro, I thought that Redmond had crushed its old archnemesis in just half an hour. The Surface Neo and the Surface Duo made me think that Microsoft is now the king of innovation and industrial design. They have beaten Apple at its own game.

Not only that, but I also got the impression that, while Apple has been aimlessly wandering for years now — led by a man who is an administrator not interested in products but marketing and profits — Microsoft has surprisingly come out with a clear vision of what they want the future to be. And they are executing it.

Diaz calls Microsoft “the David to Apple’s Goliath”, which is an incredible analogy to use for what are currently the two most valuable businesses in the world, both of which are the only companies to have a market cap of over $2 trillion. Even at the time Diaz wrote this, Apple and Microsoft were worth around a trillion dollars apiece, which is less David-and-Goliath and more Hobbs-and-Shaw.1

Rob Enderle, eWeek, in August 2020, a few weeks before the Surface Duo was finally released:

Microsoft’s last major attempt to pivot a market belonging to someone else was with the Zune, which attempted to redefine the iPod segment into something with video and where music sharing was legal. It failed, and it was embarrassingly followed by the iPhone, which showcased what Microsoft should have built instead.

[…]

In short, the Surface Duo won’t be a Zune (the execution is far above where the Zune was); the question is whether it will eventually step up to reaching its potential as an iPhone-like product that can pivot the market. That question will depend on several things I’ve mentioned, and it will take two to five years.

Enderle acknowledges that the first version of the Surface Duo would likely be rocky. Like the iPhone, he says, it would take several iterations for it to sell well. But the iPhone was immediately apparent as the future of mobile devices. The Surface Duo, on the other hand — well?

Ron Amadeo of Ars Technica yesterday:

Poor Microsoft. The company’s Surface Duo phone was supposed to be the company’s triumphant entry into the Android phone market, but instead, it will probably be remembered as one of the bigger flops in the industry. The latest chapter of Microsoft’s dual-screen disaster involves a new low price for the ongoing fire sale: Amazon’s Woot is selling the phone for $409, an incredible $990.99 off the $1399.99 MSRP. The one catch is that it’s locked to AT&T.

Woot’s inventory is now sold out, which will disappoint those of you hoping to buy a prototype device that was inexplicably announced a year before going on sale at a higher price than any iPhone model or, for what’s worth, this Suzuki. Not a great showing for the new “king of innovation” and one of the “best inventions of 2020” according to Time magazine.


  1. As Diaz writes, the other major new product announced at Microsoft’s 2019 press conference was the Surface Neo. Despite a promised holiday 2020 launch date, it still has not shipped, possibly in part because development on the operating system it was supposed to run has been cancelled↩︎

Reactions to Amazon’s Purchase of MGM

Nicole Sperling, New York Times:

At MGM, the two [Michael De Luca and Pamela Abdy] have compiled a heady mix of A-list directors and compelling material they hope hearkens back to the days when Fred Astaire and Judy Garland roamed the once-hallowed studio’s hallways. The next six months will show if their strategy pays off. [Paul Thomas] Anderson’s movie will debut on Nov. 26. It will follow Ridley Scott’s pulpy drama “House of Gucci,” starring Lady Gaga and Adam Driver. In December, Joe Wright’s musical adaptation of “Cyrano,” with Peter Dinklage and featuring music from The National, will be released.

[…]

In a shareholder meeting last month, Jeff Bezos, Amazon’s founder and executive chairman, called the reason behind the acquisition “very simple.” He said MGM had a “vast, deep catalog of much beloved” movies and shows. “We can reimagine and redevelop that I.P. for the 21st century.”

That runs counter to the approach Mr. De Luca and Ms. Abdy have primarily taken.

Paris Marx, Jacobin:

Commenting on the merger, Nicholas Russell explained that the streaming wars and the consolidation it’s incentivized turns film and television into “commodities to be traded and hoarded in order to capture subscriptions,” which leads to a “dilution of both quality and vitality for the cinematic form.” While companies like Disney are producing fewer movies for cinema as they focus exclusively on blockbusters, they’re all developing a flood of content for their streaming platforms to keep people’s attention — but the quality of those programs has notably declined.

This is not new, per se, as many works of art have long been treated as valuable assets. Wealthy patrons ordered musical compositions to which they held exclusive rights for a period of time; paintings were commissioned by religious institutions and royalty; sculptures were collected by the aristocracy for hundreds of years before the modern art market.

But what is seemingly new is how much entertainment is driven by so few franchises and, owing to consolidation, so few studios. It is not enough to have a successful movie and some sequels. Now, it is that and spin-off movies and broadcast television shows and streaming media and theme park attractions and novelizations that occupy the same narrative universe. Shared worlds are not a recent invention, but it is hard to come to terms with the sheer volume of storytelling that is driven by milking single collections of intellectual property.

That oft-referenced Walt Disney quote comes to mind:

I don’t make pictures just to make money. I make money to make more pictures.

I wish I saw more cinema driven by the love of movies and less seemingly built around an assembly-line business model and easy revenue.

Brent Kendall, Wall Street Journal:

The Federal Trade Commission will be the agency to review Amazon.com Inc.’s proposed acquisition of Hollywood studio MGM, according to people familiar with the matter, just as the commission gets a new chairwoman who has been critical of the online giant’s expansion.

[…]

The MGM review could present an early test for new FTC Chairwoman Lina Khan, who made her name in antitrust circles in large part by criticizing Amazon. She wrote a widely read law-review article while at Yale Law School that argued U.S. antitrust law has failed to restrain the online retailer.

If you haven’t read Khan’s instant classic 2017 Yale Law Journal article about Amazon, I urge you to make time for it. I found it very readable, even for a layperson like me, though it is more like a book than then “note” it is categorized as.

Annie Palmer and Lauren Feiner, CNBC:

Amazon is pressing for the recusal of FTC Chairwoman Lina Khan from ongoing antitrust probes of the e-commerce giant, citing her past criticisms of the company’s power.

In a 25-page motion filed Wednesday with the FTC, Amazon argued that Khan has made public comments about Amazon and its conduct, including that the company is “guilty of antitrust violations and should be broken up,” suggesting she lacks impartiality in antitrust investigations into Amazon.

Calling bias is, according to this report, not an uncommon move for companies that are facing scrutiny. That does not make it any less a cheap shot. If Khan’s pre-FTC analysis is correct — if a fair and honest assessment of the marketplace arrives at a conclusion that is negative for Amazon’s practices — that is not evidence of prejudice. I am sure there are many scholars that disagree with the conclusions Khan arrived at in that Yale piece, but I do not think anyone would seriously accuse her of not doing her homework on the issues.

Audacity’s New Privacy Policy Does Not Make It ‘Spyware’ Any More Than Any Other Application

An un-bylined FOSS Post, uh, post headlined “Audacity is now a Possible Spyware, Remove it ASAP”:

The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software).

Ever since, Audacity has been a heated topic.

The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.

Shoshana Wodinsky, Gizmodo:

Ever since Audacity was acquired by tech conglomerate Muse Group in late April, fans of the free-to-use audio tool have been raising hell about some of the changes made to the software. First came plans to add telemetry capture. Then came a new contributor license agreement. Then last week came a privacy policy update that some Audacity die-hards say turns the software into “spyware.” But Audacity isn’t “spyware” — if only because virtually every app we use is some form of spyware these days.

[…]

Also worth mentioning here is that some of the other products under the Muse Group umbrella — like the music notation software MuseScore — feature nearly identical privacy policies, which suggests the parent company just updated Audacity’s policies for some consistency across its catalog. But that doesn’t excuse the piss-poor wording on its original draft, which Ray swears will be “revised” soon enough.

A website for free software enthusiasts is casually throwing around loaded terms like “spyware” for commonplace software features? Blow me over.

All the Right Words on Climate Have Already Been Said

Sarah Miller, Nieman Lab:

What then? What would happen then? Would people be “more aware” about climate change? It’s 109 degrees in Portland right now. It’s been over 130 degrees in Baghdad several times. What kind of awareness quotient are we looking for? What more about climate change does anyone need to know? What else is there to say?

Several minutes into Marc Maron’s “End Times Fun” special, he jokes that “we did everything we could” to combat climate change because “we brought our own bags to the supermarket… yeah, that’s about it”. I think about that joke a lot — partly because it is very well constructed in a typically Marc Maron sort of way, and partly because, yeah, that feels about right.

I went to art school; I do not know what we can individually do about how much we ruin our planet. We can consume less, finish all the food in our fridge, use as little plastic as possible, and steer away from our most excessive instincts. But after all that — what then? Everything I have read points to a bleak future for anyone living near a coastline, in particular, or in an already-warm region unless there is significant intervention from governments and private industry.

My feeds in NetNewsWire often juxtapose distressing stories like those against, say, a recent issue of Today in Tabs where it is pointed out that fast fashion company Shein launches ten thousand products every month — over three hundred a day, every day — and this is completely okay in the eyes of some because it is merely satisfying demand. The machine churns, it spits out a $17 patterned shirt that you can own for just four monthly payments of $4.25, Shein invests some of its earnings into developing a different patterned shirt that it will sell you for $19, and apparently everyone is happy with the significance of this arrangement. Nobody has to think about how it is possible to fit the entire production costs of a shirt into under twenty Canadian dollars, nobody has to concern themselves with the lifespan and integrity of that garment, and Shein can repeat it all tomorrow when it launches another three hundred new items.

The article linked in that Tabs newsletter says that Shein shotguns products into the marketplace, then uses that sales data to create its next batch of products. But that basically means that it has produced plenty of goods that have been discarded by design. Shein knows it is going to waste many things it makes; that is core to its strategy.

This sort of structure repeats itself on my laptop with alarming frequency: I read a story about the climate we have created through decades of disregard for our waste, and then I read a story about something that is wasteful by design because that is how it has become successful. I will drink a glass of water — incidentally, sourced from a river fed by melting snowpack on a glacier that has been receding at alarming speed — and try to reconcile everything I have ever read about our deteriorating climate with our continued exploitation of this planet. It feels hopeless.

Defector Approaches Forty Thousand Paying Subscribers Just Nine Months After Launch

Esther Kezia Thorpe, Media Voices Podcast:

The new company is owned by its employees, and at the moment, is almost completely funded by subscriptions. Defector’s VP of Revenue and Operations Jasper Wang spoke to us on the Media Voices Podcast to tell the story of how the publication formed, how subscriptions are going, and whether other outlets could replicate its success.

[…]

Looking at other publications, Defector initially played around with a lower entry price point of around $5 a month. “We did the back of the envelope math and said, ‘$5 a month, if we can convert 30,000 people, that’s actually not enough money,’” Wang said. “We have to make sure that we’re not shooting ourselves in the foot, and make sure that that floor is high enough.”

I have been a huge fan of Defector since its launch last year, and I am excited to renew my subscription when the time comes. Its writers produce something reliably good to read every day, and I have been impressed to see a new publication succeed with the shocking strategy of asking people to pay enough money. And I don’t even like sports.

The Collective and Rotting Hallucination That Is the Internet

Jonathan Zittrain, the Atlantic:

This absence of central control, or even easy central monitoring, has long been celebrated as an instrument of grassroots democracy and freedom. It’s not trivial to censor a network as organic and decentralized as the internet. But more recently, these features have been understood to facilitate vectors for individual harassment and societal destabilization, with no easy gating points through which to remove or label malicious work not under the umbrellas of the major social-media platforms, or to quickly identify their sources. While both assessments have power to them, they each gloss over a key feature of the distributed web and internet: Their designs naturally create gaps of responsibility for maintaining valuable content that others rely on. Links work seamlessly until they don’t. And as tangible counterparts to online work fade, these gaps represent actual holes in humanity’s knowledge.

This article is not solely about link rot — though that is a significant component; instead, it is about the unique qualities of electronic resources that lend themselves to poor suitability for long-term reference and archiving. I wanted to highlight one example Zittrain cites.

Philip Howard bought a copy of “War and Peace” on his Nook in 2012:

As I was reading, I came across this sentence: “It was as if a light had been Nookd in a carved and painted lantern…” Thinking this was simply a glitch in the software, I ignored the intrusive word and continued reading. Some pages later I encountered the rogue word again. With my third encounter I decided to retrieve my hard cover book and find the original (well, the translated) text.

For the sentence above I discovered this genuine translation: “It was as if a light had been kindled in a carved and painted lantern…”

Imagine if, in a hundred years’ time, the version of “War and Peace” that was being read in schools was the former, and then someone discovered that “Nookd” was a mistranslation because someone had lazily done a find-and-replace to substitute trademarked product names.

John Bowers, Clare Stanton, and Jonathan Zittrain, writing in May for Columbia Journalism Review:

We found that of the 553,693 articles within the purview of our study — meaning they included URLs on nytimes.com — there were a total of 2,283,445 hyperlinks pointing to content outside of nytimes.com. Seventy-two percent of those were “deep links” with a path to a specific page, such as example.com/article, which is where we focused our analysis (as opposed to simply example.com, which composed the rest of the data set).

Of these deep links, 25 percent of all links were completely inaccessible. Linkrot became more common over time: 6 percent of links from 2018 had rotted, as compared to 43 percent of links from 2008 and 72 percent of links from 1998. Fifty-three percent of all articles that contained deep links had at least one rotted link.

This was a sample data set from 1996 through mid-2019, but maybe the most shocking number is the 2018 one: after just a year, one in every sixteen links from the Times’ website to an external source had stopped working. The Times already has an attribution problem; this just makes it worse. The researchers point out that URLs within U.S. Supreme Court opinions fare even worse, with about half of links not working as originally intended.

Zittrain and colleagues created Perma.cc to try to solve this problem, particularly for legal and scholarly users. It is a good, necessary effort that uses the Internet Archive’s engine to build permanent links to pages that Perma.cc promises are, indeed, permanent.

But while you would think all permalinks on the web would be permanent, just like you might think permafrost would never thaw — the “perma” is a pretty big clue — but it turns out that language is funny like that.

In my testing, Perma.cc worked fine for text-based pages, but failed to capture video files on YouTube. That is broadly the case with other archival methods; there simply is not a large-scale effective YouTube mirror. If something is removed from the world’s most popular general-purpose video hosting site, it may be lost forever.

Three Weeks With iOS and iPadOS 15

Victoria Song, Gizmodo:

Most people are perfectly fine waiting until September for the annual upgrades to iOS, iPadOS, and watchOS. But for the impatient few among us, you can actually test out Apple’s next-generation software for the iPhone, iPad, and Apple Watch starting today by downloading the public betas if iOS 15, iPadOS 15, and watchOS 8.

Federico Viticci:

For the past three weeks, I’ve been running the developer beta of iOS and iPadOS 15 on my iPhone 12 Pro Max and M1 iPad Pro, respectively. Common wisdom says you’re not supposed to install early developer builds of iOS and iPadOS on your primary devices; I have to ignore that since work on my annual iOS and iPadOS reviews starts as soon as the WWDC keynote wraps up, which means I have to get my hands on the latest version of the iPhone and iPad operating systems as quickly as possible. As I explained on AppStories, putting together these reviews is some of the most challenging work I do all year, but it’s rewarding, I have fun with it, and it gives me a chance to optimize my writing setup on an annual basis.

The result of jumping on the beta bandwagon early is also that, at this point, having used iOS and iPadOS 15 daily for over three weeks, I have a pretty good sense of what’s going to be popular among regular users, which features power users are going to appreciate, and what aspects of the OSes still need some fine-tuning and tweaks from Apple. […]

Like every year since iOS 5, I have done the same because I am an impatient fool. So far, I have found that these betas are remarkably stable and, since the most recent seed — which happens to be the same as the now-available public beta — battery life isn’t too bad, either.

I appreciated Viticci’s early look at the good, the bad, and the Safari. I am still getting used to the Focus options. One little thing I noticed is that the “Driving” Focus mode defaults to switching on when it detects that you are in a vehicle in motion. This is perhaps something you may want to change if you, for example, ever take the bus or are a passenger.

Google Plus Launched Ten Years Ago This Week

Steven Levy, writing for Wired in 2011 about the launch of Google Plus, code-named “Emerald Sea”:

The massive wave symbolizes the ways Google views the increasingly prominent social aspect of the web — as a possible tsunami poised to engulf it, or a maverick surge that it will ride to glory. Beirstadt’s turbulent vision is the perfect illustration. “We needed a code name that captured the fact that either there was a great opportunity to sail to new horizons and new things, or that we were going to drown by this wave,” [Vic Gundotra] said last August, when Google first showed me a prototype.

Did he say drown? It almost beggars belief that the king of the search — the most successful internet business ever, with $30 billion in yearly revenue — would be running scared by the social networking trend led by Facebook, a company that barely rakes in a few billion. Nonetheless, people at Google feel that retooling to integrate the social element isn’t a luxury. It’s a necessity. As early as last August, I asked Gundotra whether he felt Emerald Sea was a bet-the-company project.

“I think so,” he replied. “I don’t know how you can look at it any other way.”

It is hilarious in hindsight to look back at the fanfare afforded to the launch of Google Plus. Just two years into the experiment, I felt confident enough to call Google Plus a ghost town; it took the New York Times another year to do the same.

But was it really a “bet the company project”? Google’s then-CEO Larry Page thought it was worth tying part of employees’ bonuses to the success of Google Plus, so the product got integrated into most of Google’s user-facing products, only for that to be unwound just a year after Gundotra left the company. Everything has worked out fine without Google growth-hacking its way into popularizing its miserable Facebook knock-off; if anything, keeping it around would have been a mistake.

Visualizing the Northwest Heat Wave

The New York Times published a series of visualizations of this week’s record-breaking heat wave across the Pacific Northwest and into the Canadian North, via Andy Baio. Lytton, British Columbia hit nearly 50°C today, breaking the Canadian record for the third day in a row and which, according to Wikipedia’s list, is greater than any temperature recorded in Europe, Central America, South America, or Southeast Asia. Many people in the province have died as a result of the heat.

It has not been nearly as extreme in Calgary, but it is certainly anomalous, with every day since Sunday breaking 30°C, and today’s high temperature just 0.2°C shy of the all-time record. Only about a quarter of residences have air conditioning; my apartment does not, and I am sure it has remained in the mid- to high-twenties all week long.

We are all so ill-equipped for these extremes.

Western Digital Removed a Password Requirement for Resetting My Book Live Hard Drives, Allowing Them to Be Wiped

Dan Goodin, Ars Technica:

Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows.

The vulnerability is remarkable because it made it trivial to wipe what is likely petabytes of user data. More notable still was that, according to the vulnerable code itself, a Western Digital developer actively removed code that required a valid user password before allowing factory resets to proceed.

I remember when Western Digital was the gold standard in hard drives. The My Book line of external drives, in particular, offered a clean look that fit onto a desk, FireWire connectivity for speed, and long-term reliability. The five-line code snippet posted by Goodin has largely erased my confidence in the company. This is an extraordinary breach of trust.

‘Disabled People Shouldn’t Need to Justify Their Right to Live’

Steven Aquino, Forbes:

The political attitude towards Amazon is not necessarily wrong. Big Tech surely ought to be held accountable for their actions; indeed, holding those in power accountable vis-a-vis accessibility reporting is to call them out when warranted. The problem with such a binary, either/or stance is it ignores any gray areas. In this case, what lies in the gray is accessibility and the real needs of disabled people deserving of amplification.

The fact of the matter is Amazon is a godsend for countless scores of disabled people. The canonical example is the super popular Prime delivery service. Not everyone with a disability can afford the $119/year service, but for those who can, the accessibility gains can be substantial. For those whose mobility is compromised, for instance, the ability to order paper towels or even groceries online and have items arrive at their doorstep in days (or hours, with Amazon Fresh) is hugely empowering in terms of survival, but also independence and self-reliance. Rather than possibly burden family and friends to help run your errands all the time, you can instead use the Amazon app or website to shop for yourself. Especially for something like grocery shopping, having a gallon of milk or a carton of eggs brought right to your door frees someone with a disability from having to deal with navigating a store and wrestle with logistics on how to get stuff home. Maybe a person can’t even literally get to a store easily, for travel or health reasons. Thus, Amazon to the rescue. The bourgeois idea people should shop locally instead of on Amazon is nice and romantic, but it’s also steeped in privilege. After all, not everyone can get out to a farmer’s market or corner store to get food.

Aquino’s argument is very strong: the failures of Amazon’s internal policies — or those of any large company — are beyond the responsibility of any individual consumer to bear. It is a little bit like arguing that we should avoid air travel because of its impact on climate change — our individual efforts pale in comparison to the kinds of policies that can be enacted by governments and industries. Amazon needs to do better by its workers, and regulators need to do their jobs, so that services that are mere conveniences to some but absolute essentials for many are not delivered with feelings of guilt or unethical behaviour. I do not think it is necessary to create a binary choice between ethics and services, especially not when many people find there is not really any choice in using those services.

U.S. Judge Dismisses Two Antitrust Suits Against Facebook, Invites FTC to Refile

Hannah Murphy and Kiran Stacey, Financial Times:

A judge has dismissed two antitrust lawsuits against Facebook, one from the Federal Trade Commission and another by a coalition of US states, dealing a significant blow to regulators and sending the social media group’s share price to record levels.

In an opinion on Monday, Judge James Boasberg in Washington, DC said the FTC’s lawsuit was “legally insufficient” and the federal agency had “failed to plead enough facts to plausibly establish” that Facebook had monopoly power over the social networking market.

However, the FTC will have 30 days to file a new complaint, he added.

Diane Bartz and Elizabeth Culliford, Reuters:

Facebook shares rose more than 4% after the ruling. The share price rise put Facebook’s market capitalization over $1 trillion for the first time.

[…]

The judge said that the FTC did not adequately support its assertion that Facebook has more than 60% of the market. But Boasberg said the agency could potentially fix the issue in a refiling.

Just three years ago, Apple became the first publicly-traded American company to hit the trillion-dollar market cap mark. As of this writing, all five “big tech” companies are part of that club, plus Saudi Aramco, the sole non-tech, non-U.S. entry. It is a hell of a time to be part of the shareholder class, I imagine.

Matt Stoller:

That said, I’m not sure panic is warranted. I talked to a bunch of smart lawyers, and I’m told that what matters about today’s decision are four things. First, the judge dismissed the way the FTC characterized the market, which sounds bad, but isn’t that big a deal. In his dismissal, moreover, the judge told the FTC how to fix its complaint, which it can do by refiling in 30 days with more market share data. (As antitrust scholar Daniel Crane notes, the FTC will almost certainly refile.) That’s a huge loss for Facebook, since market definition is perhaps the most important legal battlefield and the judge will probably come to accept the government’s framework.

Second, the judge said the FTC’s biggest claim — that Facebook’s acquisition of Instagram and WhatsApp were done to foster monopoly — can go forward. That’s another big loss for Facebook. […]

Ever since speculation began about a forced divesture of Instagram, a narrative has spread among some tech commentariat that everyone mocked the acquisition at the time as a stupid move that would inevitably flop. That is completely wrong; contemporaneous publications from the tech-centric to the bloggy to the mainstream praised the deal.

If I am speculating cynically, I might guess that one reason startup founders and venture capital types have been eagerly spreading this narrative is because their ability to turn theoretical value into real money partly hinges on the possibility of selling unprofitable high-valuation companies to bigger technology conglomerates. But who knows? Maybe they really do believe that the Instagram purchase was widely seen as a tossing away a billion dollars, only for all those haters to flush beet red after being outsmarted by Mark Zuckerberg, smoked meats demigod.

Stoller, continued:

[…] Third, he tossed the FTC’s allegations of anti-competitive conduct, saying that Facebook as a monopoly is allowed to crush anyone it wants. That’s a loss for the government. And fourth, he also dismissed the state AG cases entirely on the doctrine of ‘laches,’ a bureaucratic limit which will constrain state antitrust action going forward (unless Congress fixes it). Another loss.

The first — or, well, third — thing that Stoller is referring to here is how the judge was comfortable with the idea that Facebook could shut off a competitor’s platform access. In the case of this suit, it is referring to Vine’s terminated access to Facebook’s friend-finding API. The ACCESS bill in the big tech company antitrust package requires API interoperability, and Rep. Cicilline’s bill prohibits limitations that do not apply to the platform owner. If the ACCESS bill becomes law, I am intrigued by a web where our social graph becomes truly portable and cross-communicative. I do not think it would have kept Vine alive; its closure reflects some truly Twitter-specific product focus problems.

Windows 11 Is Officially Compatible Only With Processors From Four Years Ago or Newer

Alina Yee, PCWorld:

A new operating system incompatible with older hardware—that’s surely another MacOS announcement, right? Not this time. Windows users could soon find themselves in the same boat as Apple fans: Following close behind Thursday’s official announcement of Windows 11 was the reveal of much stricter hardware compatibility for Windows 10’s successor.

I am not sure I understand the comparison to MacOS in this lede. Surely many new versions of operating systems phase out support for older processors; you cannot run Windows 10 on a Pentium 2. But it is bizarre for another reason that Yee surfaces just a few paragraphs later:

At the moment, Intel processors compatible with Windows 11 date back to mid-2017 and no earlier. Think 8th-generation CPUs and beyond. Microsoft has the full rundown on its site, which includes Pentium, Celeron, and Xeon chips. For ease of scanning, we’ve culled that list to a handful of the common mainstream consumer processors from each generation.

Officially, Windows 11 is incompatible with processors in computers released starting just a few years ago, but even more recent models are going to be stuck on Windows 10. Microsoft’s own Surface Studio 2 cannot be upgraded to Windows 11 despite being released in October 2018, and which the company is still selling today with the same CPU.

Does that mean that a lot of this hardware is rendered obsolete, leading to “heaps of needless trash”? There are some people who will get rid of their computer simply because it will not work with Windows 11, but will that be a lot or a little? I am not sure; I hope it is not many, since that would be wasteful. In practical terms, Windows software developers tend not to limit their compatibility requirements to the latest and greatest version. Users of devices stuck on Windows 10 will likely have access to a large software library for years to come, in addition to Microsoft’s own security updates. It is just incongruent to see the company touting advancements in Windows 11 for devices like the Surface Studio 2 which will not be made available to anyone who buys one of those computers today.

And since Yee brought up the Apple comparison, I felt compelled to check out which Macs the next version of MacOS will work with. Turns out that if you have an iMac, a MacBook Air, or a MacBook Pro from 2015, you can upgrade; if you have something more specialized, like a 2013 Mac Pro, you can also get Monterey. Like Windows 11, it also has stricter requirements than its predecessor, but at least it will comfortably work with all of the Macs Apple currently makes.

WatchOS, though? That’s a different story.

The Devils You Don’t Know

Om Malik:

The companies we should be worried about are the many smaller and mid-sized companies that most of us have never heard about. Whether it is app developers surreptitiously selling information to third parties, data breaches at retailers (and their digital platforms), or data-brokers with security systems that have more holes than swiss cheese, these companies will continue to be the cause of most headaches in our digital lives. And they are the group more likely to take liberties with data and privacy.

[…]

And at the top of the list are companies that have always been hostile to their customers: telephone companies, electric utilities, insurance companies, for-profit hospital systems, big airlines, and other such organizations. They will only use “smart data” to amplify their past bad behavior.

There is good reason to focus on the biggest and most valuable companies, since they, by default, have the most influence. But setting the bar so high — the bills proposed in the United States only apply to companies with a market cap over $600 billion — neglects the many smaller companies and industries that are begging for better oversight.

This is something I have been concerned about for years because an overwhelming focus on the biggest tech firms means far less scrutiny of companies that are big enough to do real harm and anonymous enough to avoid consequences. Every company is a technology company now, to some extent or another: oil refineries rely on computer control and proprietary software; lumber mills use automated multi-axis saws; airplanes are computers with engines, seats, and wings, all of which have their own computers. All of these connected systems come with risks for the market and for consumers from the supply chain level up.

Malik cites a recent case of utilities in Texas changing customers’ smart thermostats as an example of a previously unthinkable concern. I would point to cellular carriers, ad tech companies, and data brokers as industries that exploit privacy vulnerabilities without consent for their own gain.

The high value bar of the legislation currently proposed in the U.S. means that many sectors with little competition remain unaddressed. I have been looking at hotel reservations for an upcoming trip, and I was reminded of the lack of competition in travel booking websites. Booking Holdings owns Booking.com — obviously — plus Priceline, Agoda, and Kayak, among several other brands. In addition to Expedia.com, Expedia Group owns many other companies such as Hotels.com, Hotwire, Orbitz, Travelocity, and Trivago. If you are from North America or Europe and you are booking a hotel room online, chances are that it will be through a service owned by one of these two companies which, combined, represent 92% of the U.S. market. But neither one is worth anywhere near $600 billion, so they would not be required to divest any of their brands should the current crop of U.S. tech company bills become law.

Some Digital Packrattery

A recent piece by Doc Searls was the inspiration for today’s post:

The best new phones come with the ability to shoot 108 megapixel photos, record 4K video with stereo sound, and pack the results into a terabyte of onboard storage. But what do you do when that storage fills up?

If you want to keep those files, you’ll need to offload them somewhere. Since your computer probably doesn’t have more than 2Tb of storage, you’ll need an external drive. Or two. Or three. Or more. Over time, a lot more.

Welcome to my world.

Like Searls, I am a digital packrat; unlike him, I do not have quite so many terabytes of storage sitting around on hard drives. But it is a lot, and I know that my large collection of spinning drives will probably die one day. The thing is that most of the files on my drives, I can safely assume, would not be missed if they disappeared. But some of them would be, and I do not know which ones.

I do know that I dodged a bullet earlier this year.

I should preface this by saying that this is not some stealth advertising for Backblaze, nor have I received any compensation for posting it. I have questions and qualms with Backblaze. But this is a true story of a Groundhog Day tragedy averted.

In 2019, shortly after I had finished setting up my kind-of new iMac, I was laying in bed about to drift off to sleep when I sat straight upright with the fear that I would lose my entire iTunes library in some catastrophic hard drive failure. This is not an exaggeration: the database file that is among my most prized digital possessions dates back to when I bought an iPod Mini in 2004, and has ballooned to just shy of fifty thousand songs. These songs are all properly tagged and titled, and everything had correct cover art until Music somehow shuffled all of the pictures between different albums and songs earlier this year. It is a modern marvel how Apple removed the App Store and podcasts and e-books and a virtual university from iTunes, stripped it down to just music, and the result is somehow worse than the app it replaced.

Anyhow, I like and appreciate streaming music services, but if they disappeared tomorrow, I would be mildly upset. If I lost my iTunes library — now my Music library, I suppose — I would be devastated. But I have always been treated it with a level of risk that does not comport with how much I value it. My library totals over half a terabyte, which makes it the digital equivalent of one of those overstuffed sectional sofas: impossible to fit comfortably in a space, and quite awkward to move around. Despite this, it has been moved onto and off of external hard drives with alarming regularity as the library expands and then I get a bigger hard drive to move it to, and then — well, you see where this goes.

So, after a terrible night’s sleep in 2019, I spent the following morning setting up a remote backup service. I chose Backblaze; you may prefer something else. And — lo — just four months later, a full mirror of my iMac’s internal and external hard drives.

Jump cut to earlier this year. February 2. I was sitting at my desk, copying some files onto that very same external hard drive, when it spontaneously disconnected. I unplugged it, plugged it back in, and it would not mount. Running various Disk Utility commands did not help. Luckily, I was copying files onto one partition, but my iTunes library was stored on a different partition — because, you know, I’m not a fool — and that appeared to be okay. But the main reason I was able to remain calm is that I knew that my entire library was preserved in some data centre and I could entirely restore it.

That day, I ordered a modern solid state drive to replace the spinning rust version. There is another story here about how I needed to order from Amazon because I was unable to find an adequate drive locally, and Amazon lied to me about shipping speed and caused a small amount of grief in trying to sort that out, but that is remarkably even less interesting than my Backblaze story. Anyway, the drive arrived a week later — despite selecting and paying for one-day shipping — and I was able to fully recover my iTunes library from the broken drive.

Is there a point to this story? Sure: I never want to be without local and remote backups. This is a lesson most people learned about a decade ago, but I fully understood it a few months ago.

Microsoft Announces Windows 11

Not every day brings a new major version of Windows, but Microsoft is pitching today’s announcement of Windows 11 as just such an occasion. On the surface, it is more of an iterative update than any new version of Windows for a long time; it seems like, with Windows 10, Microsoft established a good foundation that does not require radical changes. At the time, Microsoft even went so far as to claim that Windows 10 would be the “last version of Windows”. Things change.

I’m probably never going to love any new version of Windows so long as it keeps feeling and acting and looking like Windows, but there are a couple of things announced today that are notable in relation to its role in the broader operating system market.

Aaron Tilley, Wall Street Journal:

Microsoft said it won’t require developers to use its payment system, drawing a contrast to Apple, which typically takes a 30% cut on sales made through its iPhone App Store. Microsoft has backed Epic Games Inc. in its legal battle with Apple over app-store fees. Apple has fiercely defended its app-store policy as providing customers greater security.

That’s true not only of iOS but of the app stores on each of its platforms. In Apple’s world, if someone got an application through the App Store, Apple usually owns that customer relationship, not the developer. There are exceptions; but, as a general rule, if an app comes from one of Apple’s app stores, Apple owns that financial relationship.

Microsoft has decided that it does not need to be a part of every transaction that occurs through its platform, even if that customer relationship began from the Microsoft Store. That seems wise. How much of that is driven by regulatory action that specifically targets very large, very valuable technology companies is up to you to decide — but it seems pretty obvious that none of this would be happening without intensifying legal scrutiny around the world.

Tilley:

Epic Games CEO Tim Sweeney on Thursday tweeted: “The 2021 version of Microsoft is the best version of Microsoft ever!”

App developers still need to pay Microsoft a 15% fee on sales if they want to use the software giant’s apps payment system. The charge is 12% for game developers.

I am not sure what Sweeney is cheering about on Twitter. PC games are still subject to a 12% commission, and it is my understanding that this does not apply to the Xbox where games are subject to a 30% commission. According to figures released during the Epic Games lawsuit against Apple, Xbox players represent the second-biggest source of Fortnite revenue, while PC gamers generate so little revenue for Epic that their share was not broken out.

The other thing that caught my eye was how Satya Nadella ended the presentation.

Dieter Bohn, the Verge:

Nadella’s speech was almost entirely about building a case that Windows would be a better platform for creators than either macOS or (especially) iOS. He argued that “there is no personal computing without personal agency,” insisting that users should be more in control of their computers.

Nadella called out the changes Microsoft is making to its app store rules, allowing more types of apps, Android apps, and — most importantly — allowing apps to use their own payment systems if they so choose. He said, “A platform can only serve society if its rules allow for this foundational innovation and category creation.” That rhetoric sounds vaguely nice and inspiring out of context, but in the specific context of the current debates, lawsuits, and legislation over app store rules, it’s a sharp and direct critique.

That quote about personal agency will, I think, resonate particularly with the kind of person who watches a forty-five minute presentation about a new operating system. It is probably something we can all appreciate, however, as something that bridges the extremes of the Free Software Foundation’s mantra and something like the console model.

It is also a reflection that the desktop platform model that has worked for Microsoft for decades will continue to work for the foreseeable future. This is not a new strategy — not really. About ten years ago, Microsoft tried chasing a console model with Windows RT, but it did not go well; four years ago, it tried again with Windows 10 S. Both platforms restricted users to apps from Microsoft’s own software marketplace, and both contained many software limitations akin to those of Apple’s operating systems.

Bohn:

[…] Just as Google and Apple build their companies around their business models, so does Microsoft. But Microsoft’s business model has nothing to do with selling Windows or even getting a cut of app sales anymore. It’s about Microsoft 365, Azure, and enterprise services.

This is not entirely true; Microsoft’s most recent quarterly earnings indicate that the category into which it categorizes Windows represents about a third of the company’s overall revenue. But it is remarkable that Windows — a product that used to be so synonymous with Microsoft that I often heard people calling the company “Windows” — ceased to be its flagship product in financial terms, even though it is the foundation on which most of Microsoft’s products are built — and, it should be pointed out, the environment where much of the world’s business and governance passes through.

Apple’s ‘Building a Trusted Ecosystem’ Argument

Katie Canales, Insider:

In a sweeping post published Wednesday, Apple warned allowing users to sideload — or download apps onto their smartphones from outside the App Store — would open the doors to cybercriminals, malware, and scammers. That reality would also put children at risk, Apple says, since apps from outside its App Store wouldn’t have parental controls.

“Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store,” Apple said.

I am not sure I would call a sixteen-page white paper (PDF) a “post”. This is a full-throated argument by Apple against any intervention in its platform policies. The message that the company is trying to get across is simple:

Would allowing sideloading from websites and third-party app stores on iPhone threaten users who only download apps from the App Store?

Yes. […]

There’s more, but that’s the argument in a nutshell. Allowing apps to be delivered through mediums other than Apple’s App Store is, in the company’s view, a nonstarter and a massive security threat. That is not exactly true. But it is hard to see how Apple did not create this situation for itself through years of control — specifically, over in-app purchases. The company’s anti-steering rules prohibit developers from mentioning the rules themselves, let alone any other purchasing options, and it has hell-bent on enforcing those rules in particular. It gambled that regulators would continue to treat app marketplaces as private entities in little need of regulatory oversight, and it bet big.

In a parallel universe — one in which Apple cut its commission over a period of several years, as Phil Schiller suggested, and where it was not so prohibitive with its anti-steering rules — would it be getting sued by developers over its App Store rules, investigated by governments around the world, and be facing a battery of proposed legislation that would, if passed, eliminate the most compelling qualities of its products? I cannot imagine the situation would be this heated. But we do not live in that universe; in this one, that is the gamble Apple is making, and customers and developers are left hanging in the balance.

Also — and this is a little thing — but the repeated use of the “locked Apple” privacy graphic in that report is, I think, maybe not the greatest way of disabusing people of the notion that Apple’s ecosystem is so closed-off that it entraps users.

Instagram Is Going to Start ‘Suggesting’ Posts Throughout Users’ Feeds

Taylor Hatmaker, TechCrunch:

The days of a scrolling to the end of your Instagram feed look to be coming to an end. After adding algorithmic suggestions to the bottom of the app last year, Instagram is running a test that would splice more recommended posts from accounts you don’t follow into the feed with those you do.

[…]

The experiment might not make it into the final product, but from the way the winds over at Facebook have been blowing lately it looks pretty likely. Like we mentioned, Instagram and parent company Facebook introduced some tools to give people more control over their own behavior on the notoriously addictive-by-design apps back in 2018, including the “You’re all caught up” message and a way to track time spent.

[…]

In 2020, it sounds like Facebook is done humoring those concerns. Instagram is feeling the heat from TikTok’s preternaturally well-tuned endless algorithmic feed and booming success. Like it has so many times in the past, the company is looking to shift its own identity to chase a threatening competitor rather than staying the course or trying something new.

The warped language of this increasingly terrible idea fascinates me. A “suggestion” in day-to-day use is a small piece of advice, perhaps, that you can choose whether to devote attention toward. A “suggested” picture in Instagram appears between posts from people you actually follow and ads, and there is no way to opt out. You have to give it approximately the same attention you would give any other photo or ad.

The expansion of “Suggested Posts” to the bottom of the timeline was so off-putting to me that I stopped using Instagram for several months, until I discovered that almost none of the worst parts of the service appear on the web version. I missed catching up with friends, and the web offers a much better experience than the app. Unfortunately, I found that pictures I was posting through the web were noticeably compressed. Compare this puddle shot with this one — the first one looks blurry and lacks definition. I promise the originals have similar sharpness.

So, maybe a month ago, I started using the app again a little more. I do not love it; I find its inevitable and growing Facebook-ization off-putting. The reason Facebook is able to make user-hostile decisions like these is the same reason it was hard for me to stay away from Instagram: it is, for many, the social network to catch up with real-life friends.

VentureBeat’s Sage Lazzaro on Twitter:

None of the “social networks” are actually social networks anymore. None of them are interested in helping us connect with friends. It’s just about pushing as much content — especially monetized content — on us as possible.

Exactly — down to the word “content”.

Amazon Prime Is a Tremendous and Terrifying Thing

Ellen Cushing, in what I think is a must-read article in the Atlantic:

This type of loyalty is remarkable. “It used to be that being a consumer was all about choice,” says Emily West, an associate professor at the University of Massachusetts at Amherst and the author of the forthcoming book Buy Now: How Amazon Branded Convenience and Normalized Monopoly. But now, “two-thirds of people start their product searches on Amazon.” Prime discourages comparison shopping — looking around is pointless when everything you need is right here — even as Amazon’s sheer breadth of products makes shoppers feel as if they have agency.

[…]

“Amazon is a beast we’ve never seen before,” [Jake] Alimahomed-Wilson told me. “Amazon powers our Zoom calls. It contracts with ICE. It’s in our neighborhoods. This is a very different thing than just being a large retailer, like Walmart or the Ford Motor Company.”

Even the most ardent capitalist must recognize how corrupted the marketplace has become after decades of conglomerate-making acquisitions. Amazon’s web services and logistics know-how are part of modern life’s infrastructure. I do not think we have even begun to contend with the present-day effects of such a vast empire of shareholder-led control.

Canadian MPs Pass Bill C-10, but It Is Unlikely to Pass in the Senate

Menaka Raman-Wilms and Bill Curry, the Globe and Mail:

Members of Parliament have passed Bill C-10, an act to amend the Broadcasting Act, handing the controversial legislation to the Senate just ahead of the summer recess.

The bill was passed early Tuesday morning with a vote of 196 to 112. The Conservatives have been staunchly opposed to the government legislation, arguing that the removal of a clause that protected the rights of individuals to upload content such as videos to social media sites means Canadian citizens could fall under the new regulations. The government has said that other amendments ensure that people’s rights will not be threatened.

Michael Geist:

Given the woefully inadequate Canadian Heritage committee hearings with the exclusion of digital-first Canadian creators, technology companies, consumer groups, and numerous independent experts as well as the passage of amendments without debate, discussion or experts, Bill C-10 desperately needs a comprehensive review. If Parliament resumes in the fall, there will be an opportunity for that review in the Senate. If, as most expect, there is an election, Bill C-10 will die, providing a much-needed opportunity to start from scratch by developing forward-looking, balanced legislation that supports the creative sector, safeguards freedom of expression, and recognizes the risks of over-broad regulations overseen by the CRTC.

Even though its passage seems mostly for show than any real effect, this is a terrible piece of legislation. I expect better.

Prime Day Press Prostration

Karl Bode in a lengthy Twitter thread:

It’s so bizarre that the lion’s share of tech news sites traffic in Amazon blogspam a few days a year and nobody in any position of power seems to think that’s gross or weird in any way.

Affiliate linking schemes seem to blur the line between advertising and reporting when they are used as an excuse to promote a sale. These posts do not represent a typical ad or “native ad”, where an ad is made to look like an article; Amazon has not directly paid for this coverage. But Amazon does give media outlets a cut of every sale they direct readers toward.

The remarkable thing is that these posts are not tainting coverage of Amazon as one might assume. If anything, the press is leaning into the company’s worst aspects in the same breath as providing critical coverage, which is almost surreal in its presentation. I have used Bode’s thread as a starting point for a few examples.

This morning, the Verge’s homepage contained thirteen separate Prime Day posts — plus another with links to products on sale at other big box retailers — alongside a summary of that ITV investigation that found millions of products destroyed by Amazon annually. Wired’s homepage yesterday featured a story about Amazon’s poor labour practices — strangely tagged “Office Politics” — literally surrounded by posts about Prime Day and competing promotions from other retailers. CNN’s homepage this morning contained an entire block of Prime Day promotion just below the top stories.

I think there is a subtle difference between this ravenous Prime Day coverage and something like the New York Times’ ownership of the Wirecutter. The latter is a review website that uses kickbacks to fund its operations instead of advertising. I have often used the Wirecutter’s advice, but purchased the product in a store or through a different online retailer. These Prime Day posts are different: they specifically instruct readers to go shop at Amazon. They are nakedly promotional in a way that I think crosses a line and cannot be seen as ethical.

Analysis of the iOS SSID Format String Bug

Carl Schou on Twitter:

After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~)

Zhi Zhou analyzed this bug:

For the exploitability, it doesn’t echo and the rest of the parameters don’t seem like to be controllable. Thus I don’t think this case is exploitable. After all, to trigger this bug, you need to connect to that WiFi, where the SSID is visible to the victim. A phishing Wi-Fi portal page might as well be more effective.

Embarrassing — but, apparently, not dangerous.

In One British Warehouse, Amazon Is Destroying Over a Hundred Thousand Items a Week

Richard Pallot, ITV News:

In one week in April, a leaked document from inside the Dunfermline warehouse showed more than 124,000 items marked ‘destroy’. To repeat, that’s just for seven days. In contrast, just 28,000 items in the same period were labelled ‘donate’.

[…]

Why are hundreds of thousands of products being destroyed in this way? The answer is Amazon’s hugely successful business model. Many vendors choose to house their products in Amazon’s vast warehouses.

But the longer the goods remain unsold, the more a company is charged to store them. It is eventually cheaper to dispose of the goods, especially stock from overseas, than to continue storing the stock.

To be clear, this is just one Amazon warehouse. Amazon says it has 185 of them around the world. I would be careful not to extrapolate directly, but it seems likely to me that millions of items are being destroyed every single week around the world. This is certainly not a solely Amazon problem, but this story reveals a staggering amount of needless waste and destruction, incentivized by the company’s policies, our ruinous buying habits, and fast shipping expectations.

Some Google Executives Wish Sundar Pichai Would Make Decisions Faster

Daisuke Wakabayashi, New York Times:

Fifteen current and former Google executives, speaking on the condition of anonymity for fear of angering Google and [Sundar] Pichai, told The New York Times that Google was suffering from many of the pitfalls of a large, maturing company — a paralyzing bureaucracy, a bias toward inaction and a fixation on public perception.

The executives, some of whom regularly interacted with Mr. Pichai, said Google did not move quickly on key business and personnel moves because he chewed over decisions and delayed action. They said that Google continued to be rocked by workplace culture fights, and that Mr. Pichai’s attempts to lower the temperature had the opposite effect — allowing problems to fester while avoiding tough and sometimes unpopular positions.

In an article about Pichai’s apparently indecisive and slow-moving leadership style, it is remarkable how feeble are the examples cited by Wakabayashi — not even the company’s inability to ship a good messaging client. Google’s leadership apparently considered acquiring Shopify, and Pichai took a while to address Timnit Gebru’s firing, but there are few other specifics. This article reads more like a few Google executives decided to leak their frustrations to the Times because Pichai has not been returning their emails fast enough.

What this article shows most of all is that, eventually, every corporate behemoth has to act its size. With over half of digital ad spending going to Google — a single company — I hope it behaves more responsibly than it did ten or twenty years ago, boring as that is. Google is, more than ever not a tech company but an advertising company, and a deeply immoral one at that.

A Timeline of Sixteen Years of Some of Google’s Messaging Efforts

Chaim Gartenberg, of the Verge, has chronicled many of Google’s efforts to build a universal messaging app for the past sixteen years, and it does not include every possible example. For instance, there is a separate messaging client built into Google Photos.

For all of the ways Google is great at web services, it is shocking how poorly it has handled instant messaging. I would love to know the inside story of why there are so many disjointed and failed attempts to launch such a seemingly straightforward platform-level feature. It seems like something Google’s engineers ought to be able to sort out if they had some way of communicating the problem.

Different Software Update Tracks in iOS

Jason Snell, Macworld:

Apple’s been crowing about the pace at which its users install software updates for ages. Rapid uptake of updates is a sign of a healthy ecosystem—and yet, as announced last week, Apple has made a change that threatens to derail the iOS update train. Just as it unveiled all the features that threaten to make iOS 15 a must-have update this fall, Apple also announced that iOS 14 users who aren’t ready to board will have the opportunity to step off and wait it out.

“iOS now offers a choice between two software update versions in the Settings app,” reads a page on the iOS 15 website. “You can update to the latest version of iOS 15 as soon as it’s released for the latest features and most complete set of security updates. Or continue on iOS 14 and still get important security updates until you’re ready to upgrade to the next major version.”

This is a curious strategy shift. I wonder how long this will persist. Will users get three update options next year: staying on iOS 14, staying on iOS 15, and updating to iOS 16? Apple has been okay about creating out-of-band security patches; how long would it guarantee support for? More to the point, why is it pursuing this strategy instead of pushing users to shift to the latest version? Snell has some thoughts about how that last question might be answered.

WWDC Session on Discoverable Design

Marcos Tanaka pointed out this session from WWDC this year.

Jiabao Li of Apple’s prototyping team:

So, we have our ten main features, and we know people love clean interfaces. So, we’ll just throw all the non-essential features into a menu. Clean and easy, right? You may have seen this icon before. It’s called a hamburger menu. When we tested our interface in the hands of people and found out that, when the hamburger menu is closed, people don’t know what’s inside. The three lines don’t convey anything about the features inside. So, instead, we decided to go with a tab bar navigation system, which appears at the bottom of an app and lets people quickly switch between different sections. It’s better because you can immediately see the most important features of the app.

The most minimal user interfaces might not be usable or simple because people won’t know what to do. Because when we hide things to make the app look minimal, we increase the risk that people won’t find features. They might even forget that your favorite feature exists.

Inconsistencies at big companies are to be expected. But it is fairly shocking to see, in a WWDC session, such a blatant dismissal of the visual interface trends creeping throughout Apple’s operating systems and applications. The teams that work on Safari, Music, and Notification Centre should talk to Jiabao when they get the chance.

Safari 15 and Chickenshit Minimalism

Stephen Hackett, Six Colors:

Apple seems to be unhappy with the traditional browser design that includes navigation tools at the top, with websites being forced to live in their own view down below, and with Safari 15, it has blurred the line between browser and web content. This goes far beyond the mere splashes of color that Safari users may be used to seeing behind their navigation controls when scrolling a long webpage.

Now, the new tab bar takes on the color of the website, letting the entire window take on the personality of whatever website is visible. Apple says that this lets browsing feel more expansive, as the browser’s UI is now yielding to the content.

If you are running Big Sur, you can get the same UI experience in the latest version of Safari Technology Preview. It is a very big change.

Before I begin with a few high-level criticisms, I should say that this is an early preview that may change significantly or, like the tabs above the address bar in Safari 4, be scrapped altogether. That said, Apple is marketing the new design heavily, so if you are not a fan of this change, don’t get your hopes up. I should also say that I think I use the web differently than many people. As John Gruber and Ben Thompson said on a recent episode of “Dithering”, there are two types of people in the world: those who know that Safari on iPhone has a limit of five hundred open tabs, and those who do not. I am the former.

I am not a fan of the new Safari design. I am not sure I hate it, and I think I get what Apple is trying to do by combining the tab and address bar into a single element and allowing it to inherit the colour of the page. But I do not think it makes sense yet and, worse, I am concerned about some bad design patterns that are emerging. Before I get into that, I wanted to start with the tab bar backdrop colour.

Hackett:

The color the tab bar takes on can be manually set by including setting a meta tag named theme-color in the head of the webpage. (Optionally, different values can be set for light and dark modes.) If this value isn’t set, Safari will choose its own color from the website’s background color or header image. Thankfully, Safari is smart enough to not use colors that interfere with UI elements like standard window controls in macOS.

This meta tag might be familiar to anyone who has built websites with specific support for Android.

This background colour only applies to the currently open tab; it does not persist when switching tabs. If you are on CNet — which has a red accent colour — and then switch to this website, which has a white accent, the CNet tab does not stay red. There is an obvious reason for this: it would become messy and hard to read with many tabs open. But you could make a similar argument if CNet were the only open tab — the red backdrop is jarring and difficult to read in every context.

It also is not a consistent browsing experience if the theme-color is not defined for a website. For example, at the top scroll position of a Markup article, the tab bar backdrop will be a deep blue, selected automatically by the browser. But if you scroll the page a little, the tab will turn grey. Surely it should select a colour and maintain it. And, while Safari is smart enough not to automatically select colours that will make it hard to see window controls, it will accept theme-colors that do. An article page at Rest of World will turn the tab bar a shade of green that is very close to that used for the expand window control in the Aqua MacOS theme.

Condensing the address bar into each tab is also irksome. It is a clever idea, but it means that everything moves around because tabs move. They scroll left to right; they change size as you open and close other tabs.

The small size of a browser tab also means that many controls are hidden by default, including the reload and share buttons. They are all buried into one of those vague “⋯” controls that Apple is obsessed with these days. If you share web links a lot, there is not even a way to add the button back to the toolbar in a more permanent state. This, I think, continues a worrying pattern of bad UI habits.

Over the past several releases of MacOS and iOS, Apple has experimented with hiding controls until users hover their cursor overtop, click, tap, or swipe. I see it as an extension of what Maciej Cegłowski memorably called “chickenshit minimalism”. He defined it as “the illusion of simplicity backed by megabytes of cruft”; I see parallels in a “junk drawer” approach that prioritizes the appearance of simplicity over functional clarity. It adds complexity because it reduces clutter, and it allows UI designers to avoid making choices about interface hierarchy by burying everything but the most critical elements behind vague controls.

If UI density is a continuum, the other side of chickenshit minimalism might be something like Microsoft’s “ribbon” toolbar. Dozens of controls of various sizes and types, loosely grouped by function, and separated by a tabbed UI creates a confusing mess. But being unnecessarily reductionist with onscreen controls also creates confusion. I do not want every web browser control available at all times, but I cannot see what users gain by making it harder to find the reload button in Safari.

I just want something in the middle of that continuum. That goes for Safari, but it could just as easily be applied to UI elements that are slowly being hidden behind menus and mouseovers across MacOS like the progress time in Music, the invisible access to Notification Centre, the invisible controls on notifications themselves, and, yes, the proxy icon in document-based applications. These details matter. It is one thing to have a few onscreen elements that have functionality most users are largely unaware of, but it is quite another to hide them with the assumption that if you know, you know.

My opinion might change as I spend more time with this version of Safari on my Mac and iPad, where it is basically the same. But I am adding the “⋯” button to my UI element enemies list. Like the back button, it is a vague excuse to avoid making decisions. It makes application interfaces worse, and the more often I see it, the more concerned I am about Apple’s human interface direction.

Facebook Is Starting to Roll Out Ads in Its Oculus VR Headsets Because of Course It Is

Facebook is an advertising company. From the moment it bought Oculus in 2014, there were questions about whether it was going to be used as yet another place where we cannot escape from companies trying to sell us crap — so much so that Oculus co-founder Palmer Luckey promised in a Reddit Q&A that the headsets would not be used for advertising. Imagine my surprise when, under its creepy ad company ownership, that is turning out to be untrue.

This was no surprise — everyone saw this coming — and it still sounds horrible. If augmented reality and virtual reality truly are the technologies of the future, I hope that they are not hyperrealistic echoes of the ad giants largely responsible for the current state of the web.

Proposed U.S. Antitrust Legislation Would Require Preinstalled Apps to Be Removable

Rebecca Kern, Bloomberg:

Apple Inc. would be prohibited from pre-installing its own apps on Apple devices under antitrust reform legislation introduced last week, said Democratic Representative David Cicilline, who is leading a push to pass new regulations for U.S. technology companies.

Cicilline told reporters Wednesday that a proposal prohibiting tech platforms from giving an advantage to their own products over those of competitors would mean Apple can’t ship devices with pre-installed apps on its iOS operating platform.

“It would be equally easy to download the other five apps as the Apple one so they’re not using their market dominance to favor their own products and services,” the Rhode Island Democrat said.

Cicilline equivocated on a question of whether this would also apply to Microsoft’s platforms. Given that it fulfills the prerequisites of active user count and market capitalization, it would also likely be prohibited from including preinstalled apps.

I would love to know what Cicilline believes an empty shell of an operating system looks like. Can a platform owner include a web browser so that it is possible to search for applications? Can it include a terminal emulator or command line applications, of which there are many competing types? Would preinstalling curl but not wget be a problem since they have some overlapping functionality? Can a platform owner include specific drivers for components or is that verboten? Since Apple allows alternative software keyboards, would defaulting to its own violate the law? This may all sound snarky but I am genuinely wondering what an operating system without any preinstalled apps looks like.

And what is the goal here? I agree in theory with limiting a platform owner’s ability to use that unique power and privilege to stifle competition. But if a user has to configure everything about their system manually, well that just sounds horrible. It is why no year has been the year of Linux on the desktop: most people just want the tool to work with as little configuration and maintenance as possible. The question for regulators is how they can improve competition and define platform owners’ responsibilities with a user-friendly expectation.

Update: After this article was published, Rich Luchette, a senior adviser to Cicilline, tweeted a clarification:

Just to correct the record, this is not what Cicilline said. iPhones can be shipped with pre-installed apps, but Apple could not stop someone from un-installing or changing their default settings under the non-discrimination bill.

In another example of Bloomberg’s stellar reporting, Kern has updated this article to reflect this understanding. However, in Benedict Evans’ analysis, the actual text of the bill more closely reflects the initial report. Excellent work all around.

U.K. Authority Investigating Anticompetitive Practices in iOS and Android

The BBC:

The UK’s Competition and Markets Authority (CMA) has confirmed it is investigating Apple and Google over their dominant position in the mobile phone market.

It is “taking a closer look” at the “effective duopoly” the two firms have.

That includes the operating systems Android and iOS, both app stores, and Safari and Chrome web browsers.

The U.K.’s Competition and Markets Authority:

The CMA is looking into whether the two firms’ control over mobile ecosystems is stifling competition across a range of digital markets. The CMA is concerned this could lead to reduced innovation across the sector and consumers paying higher prices for devices and apps, or for other goods and services due to higher advertising prices.

The study will also examine any effects of the firms’ market power over other businesses – such as app developers – which rely on Apple or Google to market their products to customers via their phones.

The CMA is asking developers to complete a survey for an assessment of their experiences with both platforms and their respective app marketplaces. Its scope does not appear to be limited to British developers; if you offer apps in the U.K., you should complete the survey.

Benedict Evans contrasted the approach taken by the U.K. and the recent bills proposed in the U.S.:

USA: An 11-page law banning Apple and Google from adding features to iOS or Android

UK: A 12 month consultation, producing an expert report, followed by recommendations for legislation

Structure matters as much as intent.

The American bill has not become law yet. Also, it is not as though it was written in a vacuum: a committee investigated the firms for sixteen months and solicited developer commentary before issuing a lengthy report last year.

That is not an argument that the U.S. process is perfect or the proposed legislation makes complete sense. But Evans, in this tweet-length commentary, distills the American position on this to iron-fisted regulators equipped with policies pulled from thin air, and nothing could be further from the truth.

Web Browser Security on iOS

Lorenzo Franceschi-Bicchierai, reporting for Vice last month:

Since the beginning of 2021, Apple has patched seven bugs that “may have been actively exploited,” according to Motherboards’s count of vulnerabilities mentioned in Apple disclosures. That means the company is relatively confident that some hackers somewhere were taking advantage of those bugs to hack iPhones — something the industry usually refers to as zero-days caught “in the wild.” To be clear, if a bug is being used “in the wild,” that means that a hacker is using it to hack people. In this case, that means Apple fixed these bugs only after iPhone users were being hacked by some unknown-to-us entity.

The good news is that Apple, with the help of other companies and researchers, is not only patching these dozen security vulnerabilities but is also able to see that they are being used in the wild. The bad news is, well, that they were being used in the wild and that there have been seven different vulnerabilities of this type disclosed in the last four months, which is a lot of security vulnerabilities. Out of the seven in the wild vulnerabilities fixed by Apple this year, five of them were in Webkit, the browser engine developed by the company and used in Safari.

Justin Schuh on Twitter:

An attacker with enough resources will inevitably win, and any major software will eventually get hit by a 0day. That stated, Webkit/Safari represents a uniquely soft spot in iOS security, and Apple won’t allow their customers to choose a more secure browser instead.

SecurityWeek’s Ryan Naraine in his Monday Security Conversations newsletter:

Late yesterday afternoon, Apple released an emergency patch to cover a pair of WebKit bugs being exploited in mysterious zero-day attacks on older iPhones. For those keeping count, we’re up to 46 in-the-wild zero-day discoveries so far in 2021. A whopping three-quarters of all the documented 0days in 2021 have hit three prominent vendors: Microsoft (30%), Apple (25%) and Google (20%).

[…]

You see, Apple App Store rules forbid third-party runtimes, which means that Google or Brave or DuckDuckGo or any non-Apple browser cannot ship their own rendering or JavaScript engines on iOS. When you install Chrome on iOS, you’re really running Apple’s Safari (WebKit) with a Chrome UI and interface.

Every time I see a batch of dangerous WebKit/Safari security flaws, I think of these interconnected risks and the false sense of security they bring to modern computing.

As ex-Googler Chris Evans puts it, your Chrome on iOS browser is “typically less secure, slower, less standards compliant.”

While web browsers are a vulnerability on pretty much all platforms, and Apple’s rendering engine restrictions on iOS create a unique single point of failure in WebKit, I do not fully understand this line of reasoning. Naraine does not cite a specific source for his figures, but it is safe to say that a huge number of those Google zero-days have been in Chrome. In fact, at least six Chrome zero-days have been found actively exploited in the wild so far this year, similar to the number of WebKit zero-days. All of those vulnerabilities were found in cross-platform components. I can see good arguments for allowing browser vendors to use their own rendering engines on iOS, but these figures suggest that it will not magically improve security. I do not love the idea of such a singular point of failure but, if anything, a more liberal rendering engine policy means that users would have to contend with vulnerabilities in WebKit and Chrome.

Ad Tech Companies Are Already Linking FLoC IDs to Other Identifiers

Kate Kaye, Digiday:

Google’s automated cookieless ad targeting method — or Federated Learning of Cohorts — is supposed to protect privacy by providing people with a greater degree of anonymity than the third-party cookie offered. Instead, it may make it quicker and easier for advertising companies to identify and access information about people online.

As privacy and data ethics advocates warned, companies are starting to combine FLoC IDs with existing identifiable profile information, linking unique insights about people’s digital travels to what they already know about them, even before third-party cookie tracking could have revealed it. And identity tech firms say the IDs will help improve the accuracy of systems that detect people’s identities and could even serve as persistent identifiers.

Ad tech companies will use every possible identifier to isolate individual users and market themselves as uniquely precise in their targeting capabilities. Effective advertising does not depend on hyper-accurate personalization, but it is important for ad tech companies to preserve this illusion so that this lucrative scam may continue for as long as possible.

Google’s FLoC initiative is a blatant attempt at redefining privacy in its favour and away from users’ expectations. It doubles down on profiling instead of moving away from this invasive and unnecessary way of serving advertisements — and ad tech companies are taking full advantage.

Beats Studio Buds

Caitlin McGarry, Gizmodo:

I tested pairing Studio Buds to an iPhone 12 Pro and a Google Pixel 5, and the process was identical for both devices. Open the case lid, press the Bluetooth pairing button nestled between the two earbuds, and a notification with an image of the Studio Buds requesting permission to connect pops up almost instantly. The only difference between the Android and iOS experience is the need for an additional Beats app on an Android phone to customize the earbuds’ controls and update the firmware for new features. On an iPhone, these controls are accessible from the Bluetooth settings, no app required. Otherwise, you get the same exact experience.

McGarry says that, unlike other Beats headphones, the Studio Buds do not have any of Apple’s custom wireless chips, so they do not support automatic device pairing or switching. But they do support other exclusive-to-AirPods features like “Hey, Siri” and the simplified setup process. I cannot imagine the former would ever be supported in headphones from a non-Apple-owned company, but I have to wonder if the better Bluetooth configuration could be made available to other accessory makers.

Remixing Old Tracks in Spatial Audio Is ‘Sacrilegious’

Bob Lefsetz:

Let’s say you have the equipment and ability to make an Atmos mix. My understanding is right now, you send the end product to Dolby and they use their special sauce to create the final product. Furthermore, they have special sauce to turn the same Atmosfied music into two track stereo. So, in a business where how it sounds is critical, Dolby is the ultimate arbiter.

The writer at the top is right. It is sacrilegious to remix/Atmosfy classic tracks. They weren’t cut that way to begin with. It even bugs me that they’re using remixed tracks from “Abbey Road” to Atmosfy, now you’re multiple steps from the original.

No matter how good I thought Marvin Gaye’s “What’s Going On” sounded in Atmos, it is a bit like doing a 3D movie conversion on “2001: A Space Odyssey”. The person creating the remix, no matter how well-intentioned, has no idea what the original mixer or the artist would have wanted in this situation.

Just like 3D movies, Atmos mixes only really work for songs and albums recorded with it in mind. That’s why I remain surprised that a bunch of albums recorded with the intention of a surround sound mix — “Dark Side of the Moon”, “The Downward Spiral” — are not available in Atmos on Apple Music, but a cheap conversion of “What’s My Age Again” is.

Bipartisan U.S. Lawmakers Push Five Antitrust Bills Targeted at Tech Companies

Cecilia Kang, New York Times:

The bills — five in total — take direct aim at Amazon, Apple, Facebook and Google and their grip on online commerce, information and entertainment. The proposals would make it easier to break up businesses that used their dominance in one area to get a stronghold in another, would create new hurdles for acquisitions of nascent rivals and would empower regulators with more funds to police companies.

The legislation could reshape the way the companies operate. Facebook and Google, for instance, could have a higher bar to prove that any mergers aren’t anticompetitive. Amazon could face more scrutiny when selling its own branded products like toilet paper and clothing. Apple could have a harder time entering new lines of business that are promoted on its App Store.

A tech industry lobbying group is simultaneously seeking to minimize what lawmakers are confronting — “[w]ith all the challenges facing our country […] some policymakers think our biggest problem worth fixing is… Amazon Basics batteries” — and exaggerate how debilitating it would be to people. Heck of a time to introduce this legislation during the same week Apple has spent telling the world how great it is that all of its platforms are so tightly integrated with unique cross-device features that it can only do because it controls the hardware, software, and services stack.

I am dying to know why tech companies have spent the past decade becoming more siloed, entrenched, and unwavering in their taunting of antitrust action instead of pulling back just a touch. Of course, I wrote that and then immediately remembered that the two biggest spenders on lobbying in the U.S. are Amazon and Facebook, so it seems unlikely that all of these bills will become law as-is. Meanwhile, Axios reports that it is Rupert Murdoch’s companies that you can thank for the Republican support of this legislation; incidentally, Murdoch also pushed for Australia’s new media law.

The Digital Garden

Maggie Appleton (via Gabe Weatherhead) writing about the practice of “Digital Gardening” — that is, personal scratchpads of ideas, links, snippets, and unfinished thoughts categorized loosely and tended to frequently:

In performance-blog-land you do that thinking and researching privately, then shove it out at the final moment. A grand flourish that hides the process.

In garden-land, that process of researching and refining happens on the open internet. You post ideas while they’re still “seedlings,” and tend them regularly until they’re fully grown, respectable opinions.

[…]

Gardens are imperfect by design. They don’t hide their rough edges or claim to be a permanent source of truth.

I love this idea, but I think assuming good faith and reckoning with bad and ill-formed ideas in public is a hard shift to make.

“Learning in public” is something I have been thinking about since my friend G. Keenan Schneider wrote about, among other things, the piling on of people on Twitter who have said something stupid. Not something racist or sexist or exclusionary or discriminatory — just something dumb and wrong.

There are certainly those who ought to know better — people with a significant public presence who elevate stupidity — but there are also plenty of people with maybe dozens or hundreds of followers who are riffing, and they get something wrong. Sometimes, people will kindly explain to them where they messed up or point them to a good resource. A lot of the time, they will quote-tweet them to shame and embarrass.

It was something I thought about when Joe Rogan said on his podcast that, in his opinion, young people did not really need to get vaccinated against the novel coronavirus, and said later that he’s “not a respected source of information” so listeners should not trust his advice. Shant Mesrobian defended Rogan’s comments by saying that it merely proved that “the show is an open platform for debate and a free exchange of ideas”, a sentiment that was approvingly shared by Glenn Greenwald who commented “Rogan doesn’t feign expertise he doesn’t have. He admits what he doesn’t know.”

But there are vast gaps between all of these things. We have all been given the tools to be broadcasters, but most of us probably do not have the responsibility that entails. And, most of the time, that is fine; our sillier comments stay within a small group of people even if our accounts are public. People like Rogan are different: they have massive followings, so they have a responsibility not to workshop uninformed medical ideas before an audience. I do not think many people, if any, would be directly influenced by Rogan — I was going to get vaccinated, but then this podcast host noncommittally shrugged his shoulders so I guess I won’t now — but treating them as though they are open questions with two or more equally probable answers for which someone with millions of listeners cannot possibly find a reputable source is an abuse of that power and position, no matter how innocently- or well-intentioned.

I often wish that I could just post a link with my scratch notes; if I did, this post would have been up two hours ago. But you come here to read full sentences, so it is the least I can provide. However, it is not that simple: while I am certainly not famous, I am lucky to have an audience. It is important for me to remember that I cannot write solely for myself, since other people might read it. No matter whether it is a longer article or just a quick link, I don’t want to further the spread of something that I believe to be false or unhelpful.

Perhaps there is a place in public for loose thoughts and ignorant questions, but I am not sure what happens when that attracts attention and publicity. We have to assume good intentions in every idea and link. Yet, if there is anything we have learned in the last many years of the internet, it is that many people will abuse your trust for their gain.

On Elevated Stupidity

Dave Holmes, Esquire:

There are many voices of Elevated Stupidity but only one face, and fittingly, it is an emoji: the smug thinky guy. His round yellow face is contorted into a rictus of Deep Thought, resting on a disembodied thumb and forefinger. Let me see if I have this right, that little asshole is thinking, right next to the dumbest thoughts you’ve ever read. “Let me play devil’s advocate here,” he says, failing to notice that Satan is pretty well defended these days. […]

An eminently quotable and truly delightful piece of writing that is somehow too elegant to be a rant but just frustrated enough that it cannot simply be called a column.

How Spatial Audio Will Work With the Apple TV

Igor Bonifacic, Engadget:

[…] When you sit down to watch a movie or TV show, the included head tracking feature will lock in after it detects you’ve been looking in the same direction for a while. Once you get up to walk around, it will reactivate. […]

As long as I am pointing out when I am right, I feel like it is only fair to show you when I am wrong. Spatial audio will work with existing Apple TV models and high-end AirPods, with the assumption that a stationary position probably means you are looking directly at the screen. Simple.

Dark Sky Will Stop Working at the End of 2022

When Dark Sky was acquired by Apple last year, it promised to keep the API functioning at least until the end of 2021. As of now, developers dependent on it have about a year and a half to find another provider.

There is a WeatherKit private framework lurking in iOS 15 that does not exist in iOS 14. It currently only contains strings of different weather conditions, but perhaps it will be more substantial and not private in the future.

For what it’s worth, there is a same-named private framework in MacOS Catalina and Big Sur, but its contents are very different. It contains images of different weather conditions, and lengthier sentences like “The high will be (placeholder). (Placeholder) tonight with a low of (placeholder).” instead of the simple condition text (“sunny”, “cloudy”) in the iOS 15 framework. Therefore, I do not believe it is a mistake in copying files from a shared code base.

Apple Is Using Akamai, Cloudflare, and Fastly for iCloud Private Relay

Dan Rayburn:

On Monday, Apple announced some new privacy features in iCloud, one of which they are calling Private Relay. The way it works is that when you go to a website using Safari, iCloud Private Relay takes your IP address to connect you to the website and then encrypts the URL so that app developers, and even Apple, don’t know what website you are visiting. The IP and encrypted URL then travels to an intermediary relay station run by what Apple calls a “trusted partner”. In a media interview published yesterday, Apple would not say who the trusted partners are but I can confirm, based on public details (as shown below; Akamai on left, Fastly on the right), that Akamai, Fastly and Cloudflare are being used.

Dave Hamilton, the Mac Observer:

Apple made specific mention that while the “Ingress Proxy” servers are run by Apple, the “Egress Proxy” (aka the server which communicates with the websites you visit) is not controlled by Apple and is under the control of “a (trusted) content provider”. This means that Apple doesn’t know what site(s) you’re visiting, and the third-party content provider doesn’t know who you are.

I imagine the Oblivious DNS over HTTPS standard proposed by Apple, Cloudflare, and Fastly last year is relevant to this, and I have to wonder about this week’s Fastly outage, too.

WWDC is a Developers’ Conference After All

Apple’s relationship with the developer community has often been fractured, but I am not sure there has been such outright animosity and grief with the company as that expressed in the past year. The arguments expressed on the blogs of many developers — from Marco Arment to Becky Hansmeyer to Michael Tsai — are the norm, not the exception.

The developer community is deeply unhappy. While the opening keynote of WWDC has undoubtably become more of a consumer marketing affair, the rest of the conference is just for developers — and they have long needed to feel heard.

Dan Moren, Six Colors:

Usually, the hours before Apple’s keynote event are filled with speculation and excitement, but this year there is far more frustration and antipathy than I can remember seeing in my decade and a half covering Apple. There’s always been some degree of dissatisfaction, especially amongst developers, but it’s hard to escape that the current story about Apple is less about its products and more about its attitude.

[…]

WWDC marks Apple’s opportunity to take control of the story. Whatever its executives announce when they take the stage later today has the potential to dominate the tech news cycle for days and weeks to come.

But the real question is whether, by sheer compelling nature or simply by volume, it can drown out the existing narrative.

So, how did Apple do?

Well, that depends on which issues you would like to focus on. Fraud is a hot-button problem, with a lengthy story about App Store scams appearing in the Washington Post on Sunday.

Sarah Perez, TechCrunch:

Related to this, Apple clarified the language around App Store discovery fraud (5.6.3) to more specifically call out any type of manipulations of App Store charts, search, reviews and referrals. The former would mean to crack down on the clearly booming industry of fake App Store ratings and reviews, which can send a scam app higher in charts and search.

[…]

But a new update to these guidelines seems to be an admission that Apple may need a little help on this front. It says developers can now directly report possible violations they find in other developers’ apps. Through a new form that standardizes this sort of complaint, developers can point to guideline violations and any other trust and safety issues they discover. Often, developers notice the scammers whose apps are impacting their own business and revenue, so they’ll likely turn to this form now as a first step in getting the scammer dealt with.

This could be beneficial to developers who may stumble across fraud, but it does not users, and particularly not those who have found themselves close to becoming victims but did not fall for a scam. While I get that a reporting mechanism could introduce a new vector for misuse by less-knowledgeable users, I still cannot believe there is nowhere for an average person to say that they found a scam.

The long-requested TestFlight for Mac is finally real, as part of the new Xcode Cloud service. It will also be possible to A/B test App Store pages, something else many developers have wanted for a long time. So that’s the good news.

What about the thorny problem of some high-profile developers getting access to platform features and APIs that most do not? For example, it was possible to get a refund for Hulu and Netflix subscriptions bought through in-app purchases from within their apps — something developers are generally unable to offer. While there is a promising new beginRefundRequest method, it just displays the App Store refund request sheet within the app with the same two-day turnaround, still controlled by Apple.

I do not know that there was a single developer who expected Apple to relent on its in-app purchase policy. It remains unchanged, and likely will until lawmakers demand a different policy.

A story today by Jacob Kastrenakes, of the Verge, noted — almost as an aside — that Patreon is allowed to offer third-party payment services in its app. For example, I tried upgrading one of my subscriptions to a level that had entirely digital perks, and Patreon threw up its own payment form. I tried subscribing to a creator account and once again saw Patreon’s own form, not an in-app purchase dialog. You can try it by subscribing to my perk-less Patreon account. I am insufferable and I am sorry.

I do not know that this is enough to cool Apple’s tense relationship with developers. Judging by the number of people I saw taking issue with Apple’s annual payout slide, I doubt it. I imagine all of the presenters this year are thrilled they did not have to talk about how great the App Store is in a room full of people who resent it, but the reasons for their disdain continue.

Open Rates and Mail’s Market Share

Apple’s announcement earlier this week that it was turfing analytics for email opens has made quite a few people mad. I think their concerns are misplaced. They should be less worried that changes to Mail across Apple’s platforms are going to mess up their statistics, and more concerned that their analytics were wrong all along.

Let’s start with Joshua Benton of Nieman Lab:

These images are the only way newsletter senders know if their emails are actually being opened. And that open rate is an important part of how newsletter publishers sell ads — as well as how they judge the relative success or failure of the email.

Email open rates are notoriously unreliable. Some sources will say that open rates are underreported; others will say that they are way too high. That is because open rates are determined by the number of times that a tracking pixel in an email is downloaded. If users have images turned off, it will not be triggered; if a user’s email client automatically goes to the next message when an email is deleted, it may register as the email being opened again and again.

That explains statistics like the ones quoted by Benton:

There have long been ways to block tracking pixels, but they were mostly only used by nerds like me; this is Apple Mail, the dominant platform for email in the U.S. and elsewhere. According to the most recent market-share numbers from Litmus, for May 2021, 93.5% of all email opens on mobile come in Apple Mail on iPhones or iPads. On desktop, Apple Mail on Mac in responsible for 58.4% of all email opens.

Those numbers are crazy high — much higher than Apple’s device market share because Apple users spend a lot more time receiving and reading email than users on Android, Windows, or Linux. Overall, 61.7% of all emails are opened in Apple Mail, on one device or another.2 So even a small change in how it handles email has a huge impact on the newsletter industry writ large.

I find these numbers derived from hundreds of millions of email opens literally impossible to believe. These are from a worldwide report, but iOS market share does not exceed the mid-60% range in any country, and only accounts for about one out of every four smartphones sold. Yet, according to Litmus, the default Mail app accounts for well over nine out of every ten email opens in a mobile email app. Do Android users — of which there are many more of around the world — simply never check their email on their phones? I doubt it. Litmus also reports that Microsoft Outlook, the ubiquitous email client of offices worldwide, has only 40% of the desktop email client market, far below Mail’s 58%. But Windows still has a 76% share of the desktop PC market compared to MacOS’ 17%, a ratio of about 4:1 that is mirrored in Wikimedia’s analytics — and Apple’s Mail app is not available on Windows.

Litmus acknowledges a mesasuring error in its recent stats, stating that Gmail may be underrepresented. It is unclear whether that is all Gmail sources, just Gmail on the web, or just Gmail mobile apps. But mobile email was apparently dominated by iPhones and iPads to a similar degree for all of 2020. These sky-high iPhone figures are not an anomaly in Litmus’ data, and they remain completely disproportionate to actual iPhone market share.

The footnote in the second paragraph is a disclaimer from Benton that email client market share statistics are unreliable. No kidding. But these numbers are so clearly off the mark that I do not think they should be used until Litmus can provide a clear explanation of why iPhones are so overrepresented. Benton’s explanation makes no sense; since when is there a dearth of email-using Windows and Android users? Alex Williams’ theory gets closer to the truth, I think: all of Google’s Gmail clients may simply report “Gmail”. The fact is that these numbers may never make sense because automated email analytics simply are not very good.

In the grand scheme of things, this may be a small point, but it bothers me to see these numbers being cited by Benton and approvingly quoted by Casey Newton. The signal they should send is not that something like 90% of mobile audiences will be unmeasurable, but that these analytics never should have been used by marketers and email administrators.

At WWDC 2021, Apple Again Showed That Accessibility Truly Is for Everyone

Steven Aquino, Forbes:

Many of the new functionalities Apple announced this week at the company’s annual WWDC keynote have serious ramifications for accessibility. Study Apple carefully long enough and it’s not hard to understand why; not only is this a reflection of their institutional commitment to the disability community, it also underscores the idea that accessibility, conceptually and pragmatically, is not a domain solely for disabled people. Although accessibility software should (and always will) prioritize people with disabilities first and foremost, you needn’t have a disability to reap benefits from larger text on your iPhone. Accessibility is inclusive of everyone, regardless of ability.

Following last month’s unveiling of new discrete accessibility features, Apple on Monday showed off a slew of mainstream, marquee features spanning Apple’s five operating systems—iOS, iPadOS, watchOS, macOS, and tvOS—that are eminently useful as de-facto accessibility features, whether you’re disabled or not.

Great roundup of features that are unfortunately often seen as marginal ease-of-use improvements for many, but are critically important for those with accessibility needs. Live Text is one of those features that I know I am going to use often to convert written notes into digital documents.

Lossless and Spatial Audio Launch on Apple Music

Becky Roberts, What Hi-Fi?:

Last month, Apple announced that Dolby Atmos-powered spatial audio tracks would soon be coming to its music streaming service alongside CD-quality and hi-res lossless audio for no additional cost and, after a staggered rollout over the course of the day, both features are now live (at least they are for us).

Spatial audio with Dolby Atmos is designed to deliver surround sound and 3D audio via your headphones – to put “multidimensional sound and clarity” between your ears. This experience works with Apple’s AirPods, as well as any headphones. That’s right, Apple Music’s spatial audio tracks will play on all headphones (and here’s how to enable it).

You can enable spatial audio for all headphones by going to Settings, Music, and choosing “Always On” from the Dolby Atmos menu instead of the default “Automatic” setting.

Micah Singleton, of Billboard, interviewed Eddy Cue about the launch of these features:

And the analogy to that is obviously the first time you ever saw HD on television: you knew which one was better because it was obvious. And we’ve been missing that in audio for a long time. There really hasn’t been anything that’s been substantial. We’ll talk about lossless and other things, but ultimately, there’s not enough difference.

[…]

So we went after the labels and are going to the artists and educating them on [Dolby Atmos]. There’s a lot of work to be done because we have, obviously, tens of millions of songs. This is not a simple “take-the-file that you have in stereo, processes through this software application and out comes Dolby Atmos.” This requires somebody who’s a sound engineer, and the artist to sit back and listen, and really make the right calls and what the right things to do are. It’s a process that takes time, but it’s worth it.

I admire Cue’s honesty about lossless audio in this interview. I know that he’s doing so in part to market Apple’s implementation of spatial audio as a differentiator, but it really is a much bigger deal than lossless. I can tell the difference between lossy and lossless audio. If lossless audio was a more expensive Apple Music tier, I would not pay for it; I would, however, pay for spatial audio. It is really good when done well.

I was skeptical of marketing claims like these. There have been a handful of attempts at mixing music in better-than-stereo for decades, and they have all sort of failed.

A handful of records came out in quadrophonic sound in the 1970s, including Miles Davis’ “Bitches Brew” and Pink Floyd’s “Dark Side of the Moon”. In the 2000s, there was a slew of records re-released in a 5.1 surround sound mix on “super audio” CDs: Fleetwood Mac’s “Rumours”, Nine Inch Nails’ “The Downward Sprial”, and Donald Fagen’s “The Nightfly”, an audiophile favourite.

As of writing, not one of those records is available in Dolby Atmos on Apple Music. I would have assumed that a conversion from surround sound to Dolby Atmos would be easier than converting from stereo, but I guess I guessed wrong.

Spatial audio reminds me more of 3D movies than it does going from SD to HD: when it is used with some finesse, it is terrific, but it can be overdone. Migos’ “Stir Fry” sounds incredible, as does YG’s “Still Brazy” and Marvin Gaye’s “What’s Going On” — the song; the rest of the album has not yet been mixed in Dolby Atmos, but I cannot wait to hear “Right On” with a more spacious mix.

Other songs take it a little too far. Jay-Z and Kanye West’s “Gotta Have It” is bananas in Dolby Atmos. Lil Wayne’s “Lollipop” almost sounds like a different song entirely, and Disclosure’s “Latch” sounds constrained, like pressure has built up in my ears. Other tracks simply are not mixed very well; I do not think Blink 182’s “What’s My Age Again?” benefits from Atmos.

The genres that seem to gain the most from Dolby Atmos are classical and jazz recordings. This entire performance of Brahms’ Symphony No. 4 and this one of Chopin’s Piano Concerto No. 2 are available in Atmos and they will transport you. It is incredible. I recommend them both; try toggling Atmos on and off in Settings to hear the difference.

This first batch of tracks has me excited for more. Maybe this is the year we will finally get the Nine Inch Nails’ “The Fragile” in the surround mix it deserves. I would love to hear Travis Scott’s entire psychedelic catalogue in spatial audio, too.

As the Pandemic Subsides in the U.S., Companies Subsidized by Venture Capital Are Raising Prices

Kevin Roose, New York Times:

Profits are good for investors, of course. And while it’s painful to pay subsidy-free prices for our extravagances, there’s also a certain justice to it. Hiring a private driver to shuttle you across Los Angeles during rush hour should cost more than $16, if everyone in that transaction is being fairly compensated. Getting someone to clean your house, do your laundry or deliver your dinner should be a luxury, if there’s no exploitation involved. The fact that some high-end services are no longer easily affordable by the merely semi-affluent may seem like a worrying development, but maybe it’s a sign of progress.

It is hard to see the gig economy as anything other than exploitative, but Roose is right: these services are made somewhat more affordable than concierge services for the rich by more distributed labour, but they are not the middle class perks they have positioned themselves to be. Unfortunately, while investors for Uber and Lyft have long been content to subsidize the pirate taxi industry, actual taxi drivers have found themselves struggling to make ends meet. This gambling has so distorted the market that, until pandemic restrictions began taking effect early last year, there were so many drivers for Uber and Lyft that they, too, often earned below minimum wage.

You can see similar effects across the board. Airbnb is one reason why it has become harder to find apartments for people who live in bigger cities, and its popularity is underwritten by investment money that has kept prices lower than a typical hotel room. Food delivery companies bleed small restaurants of their profit margin, take huge venture capital investments, and still manage to lose money.

All of these companies, according to Roose, have been raising their prices to match or exceed those of similar non-subsidized services, as I wrote two years ago. But that does not undo the disruption to jobs and livelihoods by venture capital subsidies that created these predatory pricing models to begin with.

Craig Federighi on the Many Privacy Features Introduced at WWDC

After a bit of a bummer post — sorry — I wanted to highlight a few things that impressed me after today’s WWDC opener, beginning with privacy features.

Shoshana Wodinsky, Gizmodo:

First up is Mail Privacy Protection, which is a new tab in Apple’s Mail app that’s meant to do what the name implies: letting users decide what data the program shares. Under this new tab, users can choose to hide their IP address and location details from email senders, not unlike the recent iOS 14 updates that keep apps from slurping up details like precise location and a phone’s mobile ad ID. As an added benefit, Apple says its new mailbox settings will keep people from tracking whether you opened the email they sent you and when that email was opened.

This is an interesting twist on the tracker blocking features of some other email apps. But instead of trying to block them, the Mail app in iOS 15, iPadOS 15, and MacOS Monterey will download everything in every message, even when you do not open a message. And it will do so indirectly, “routed through multiple proxy servers”, in Apple’s words. It appears that marketers will still get a very approximate idea of your location — Apple says that it is at a “region” level — but will not know if you did or did not open a message.

This is pretty clever. Any image can theoretically be used as a tracker, so it is a constant cat-and-mouse game for apps like Hey to find and block while still displaying relevant pictures. This is the “I am Spartacus” gambit: instead of fighting the trackers, this technique embraces them all, rendering them useless for understanding open rates or tracking any user.

Marketers, take note.

Wodinsky:

On top of the inbox updates, the company also announced new “app privacy reports,” which will surface more detailed intel about how non-Apple apps are tracking your activity across your device. Similar to Safari privacy reports, these will break down which apps on your device are accessing what kind of data, and how much of that data gets sent to specific third-party trackers. As part of that report, users will also get an overview of how often a given app accessed your microphone, camera, or precise location over the past week. Think of it as a quick list to shame the worst privacy offenders on your phone.

In a preemptive counterstrike, Facebook announced today that it would begin showing creators a breakdown of how much of their earnings from in-app purchases are going to Apple and Google. Tag, you’re it.

Wodinsky:

Apple introduced a slew of new features for iCloud on the privacy front. First, the company announced Private Relay, a new VPN service built into iCloud that will let users browsing on Safari completely encrypt their traffic. Apple says this setting ensures that “no one between the user and the website they are visiting can access and read” any data sent over Private Relay, not even Apple or the user’s network provider. […]

This comes with iCloud Plus, which is Apple’s new name for all of its paid iCloud plans. iCloud Private Relay does not allow you to pick a different country and only works in Safari; you should not think of it as a replacement for a VPN in many circumstances. As such, it should play nicely with personal and corporate VPNs.

iCloud Private Relay will not be available in several countries, including Belarus, China, the Philippines, and Saudi Arabia.

Michael Grothaus of Fast Company was briefed on these features before today’s keynote, and spoke with Craig Federighi about them:

Federighi explains that governments are often reactive when it comes to technology – and there’s no way for them to get around that. At least on the consumer front, companies do most of the innovating. They’re also the ones who find new ways to exploit data. So governments can put rules around technologies or processes only after they’ve become a problem. Those rules often lag far behind the speed of such innovations. That’s why even if governments were more proactive, it would still fall on companies such as Apple to develop new privacy-enhancing technologies.

That being said, Federighi believes that “there’s absolutely a role where government can look at what companies like Apple are doing and say, ‘You know, that thing is such a universal good – such an important recognition of customer rights – and Apple has proven it’s possible. So maybe it should be something that becomes a more of a requirement.’ But that may tend to lag [Apple’s privacy] innovation and creation of some new thing that they can evaluate and decide to make essentially the law.”

I am sure regulation will not preemptively correct every privacy ill, but surely there are good reasons that the data broker industry is uniquely capable and creepy in the United States compared to other developed countries. Privacy problems are not a U.S.-only problem, but they are a U.S.-mostly problem — and, because so much personal information of users worldwide is stored on servers controlled by U.S. entities under U.S. laws, we are all sucked into the failure of the U.S. to legislate.

iOS and iPadOS 15

Let’s get something out of the way first: I am a dummy, and you should not do what I do every year and install the very first betas of the very newest operating systems on your only devices as soon as those builds are available. From six hours of use, I can assure you that these first builds of iOS and iPadOS 15 are pretty rocky and you should probably avoid them, even if you install betas every year.

So, with that done, I wanted to write a little about the first day of WWDC and, particularly, the iPad.

This year feels lower-key, but perhaps in a good way, like a Mavericks-era MacOS situation. Many of the headlining features feel like things that are “finally” here: better notifications with more granular controls, iPad multitasking that doesn’t require so many spells and incantations, FaceTime screen sharing, and last year’s iOS 14 features making their way to the iPad. I point that out not to diminish their impact. If anything, based on how often I have heard and read requests for these features, I imagine they will be important to many users. I am certainly looking forward to all of those enhancements becoming absorbed by my day-to-day use.

At the same time, the big headlining updates for iPadOS emphasize to me that it still is not a high-priority product for Apple. You can certainly see the usability enhancements in this update as progress; literally any visible onscreen elements for multitasking could be considered an improvement over the past system. But you can also see that the iPhone — and even the Apple Watch — have received meaningful changes every year, while multitasking on the iPad has been screaming for fixes the entire time with only begrudging progress. The changes this year — which involve a “⋯” menu with different windowing options, and being able to create spaces from the App Switcher, home screen, and App Library — are all steps forward, but only partially resolve its least intuitive characteristics. Or look at how widgets could be placed anywhere on the iOS 14 home screen, but it took a full year for that functionality to come to the iPad. Translate is yet another example of an app that was on the iPhone for a full year before the iPad.

Perhaps I am being especially critical because this year’s M1-powered iPad Pro and even last year’s A14-powered iPad Air suggested bigger leaps in capability than we have seen so far. There do not appear to be any features enabled by these more powerful models. Even app development in Swift Playgrounds appears to be available on older devices — I applaud device longevity, but I hope we do not have to wait four or five years for iPadOS to begin taking advantage of the power of the M1.

And perhaps I am the jerk here because, while last year’s WWDC was planned and executed remotely, the software updates that were announced were at an advanced stage of development when Apple’s developers began working from home. Development for this year’s updates was conducted almost entirely from home, so it is reasonable to think that it would be more difficult, particularly given the psychological toll of this pandemic.

I just love the iPad so much — in theory. I am writing this post on one, which is not atypical. Even after today, it continues to have groundbreaking hardware that is constrained by its software. That very same sentence has been applicable after every WWDC for years. I would not like to write it again.

Flexibility Is a Vital Component of the Future Happiness of Workers

Craig Grannell:

For Apple specifically, the company used to say ‘think different’. It could leverage that approach and lead a new way of how major corporations work rather than being so prescriptive. And while Apple shifting to three days in/two days out is a big cultural shift, it has an opportunity to do more. If your company has been by every measure a massive success during the pandemic, then it has space to be more radical, not less, regarding workers.

Retaining high-performing employees who are committed to Apple’s goals remains one of the highest-priority concerns at the company. In 2019, several notable employees exited; just this week, Bloomberg reported the departure of “several” managers of Apple’s car project to other companies. Those are just the most visible employees, too, who are less affected by a requirement to work in an office even part-time.

I do not know that there is a particular trend of Apple losing employees. I do not have any information on attrition trends. But I am hopeful that Apple — or any company — will respond quickly if it begins losing good and long-term employees purely because of what they see as a mediocre remote work arrangement.

Remote work does not come at no cost. If work-from-home arrangements for high-salary jobs like these become really popular over the next, say, five years, it seems likely that it will distort real estate markets in places with lower living costs, and not just in developed countries.

Ransomware Is Increasingly Impacting Day-to-Day Life

Heather Kelly, Washington Post:

The recent spate of high-profile ransomware incidents is exactly what cybersecurity professionals have been warning about for years. But it’s partially the impact on everyday people — far from the executive suites, cybersecurity companies, or government agencies that regularly fret about the criminal enterprise — that has made the risk more visible. The ripple effects of ransomware can result in everything from mild inconvenience to people losing their lives, and it’s only increased in frequency during the pandemic.

“It’s not only that it’s getting worse, but it’s the worst possible time for it to happen,” said Robert Lee, chief executive of Dragos, an industrial cybersecurity firm. He says on average, there are likely 20 to 30 big ransomware cases happening behind the scenes in addition to the ones making headlines.

Perhaps the most striking thing about this article is that there is only a passing mention of Bitcoin — and nothing about cryptocurrency more generally — even though these attacks are only possible because of cryptocurrency.

Stephen Diehl (at the time I am writing this, Diehl’s post is unavailable for some reason, but it is on the Wayback Machine):

The singular reason why these attacks are even possible is due entirely to rise of cryptocurrency. And is entirely enabled by this one technology, it could not exist otherwise.

[…]

Cryptocurrency is the channel by which all the illicit funds in this epidemic flow. And it is the one channel that the US Government has complete power to reign in and regulate. The free flow of money from US banks to cryptocurrency exchanges is the root cause and needs to halt. Cryptocurrencies are almost entirely used for illicit activity and investment frauds, and on the whole have no upside for society at large while also having unbounded downside and massive negative externalities.

There are good examples of cryptocurrency being used as a workaround for restrictive government policies, in much the same way as encrypted messaging. But the incentives for bad actors to abuse financial systems are so much greater.

The Apple Watch’s Place

Benjamin Clymer, founder of Hodinkee, in a column for GQ:

I have a confession to make: I, one of the foremost evangelists for mechanical watches, wear an Apple Watch. I don’t brag about it or post it on social media, but I strap on my Apple Watch three or four times a week, making it one of the most trusty pieces in my entire collection.

Interesting perspective. I wonder how many people have found the opposite to be true: the people whose first ever watch purchase or first over, say, $200, was an Apple Watch, which moved them to invest in a small collection of analogue watches.

Apple Employees Are Writing Lengthy Internal Letters That Keep Getting Leaked

Zoë Schiffer, the Verge:

A week after The Verge published the García Martínez letter, a group of Muslim employees at Apple penned a note calling for the company to release a statement in support of Palestine. When Tim Cook didn’t respond, the letter was leaked to The Verge.

It is interesting to me that these letters, and another about Apple’s back-to-office plan, were leaked specifically to the Verge. They were not sent to a labour reporter at the more aggressive Vice, or to a business publication like Bloomberg. Curious.

The two letters, and their leaks, are signs of a slow cultural shift at Apple. Employees, once tight-lipped about internal problems, are now joining a wave of public dissent that’s roiling Silicon Valley. Employees say this is partly because Apple’s typical avenues for reporting don’t work for big cultural issues. They also note the company rolled out Slack in 2019, allowing workers to find and organize with one another.

[…]

Public organizing, particularly on social media, has been enormously successful in Silicon Valley, allowing workers to wrestle power away from management. At Google, it’s led the company to end forced arbitration for all full-time employees. At Amazon, it’s spawned massive unionizing campaigns. Now, it seems to be Apple’s turn. “Suddenly at Apple, as everywhere else, managers can only stand back and watch as workers reshape the bounds of what will be permitted at work,” wrote Casey Newton, founder and editor of Platformer.

The Google and Amazon examples Schiffer cites were both truly organized in public and on social media. But all three Apple letters — so far — are ostensibly for internal audiences only, though that façade is crumbling.

I have to wonder if this recent spate of letters has actually made a difference. The one asking for a reconsideration of hiring policies cost Antonio García Martínez a job, but it is unclear whether there have been any changes to recruiting or interviewing. Apple and its leadership did not post any statements in defense of Palestine, either.

While it is too soon to know whether there will be any changes to Apple’s plan to bring employees back to the office for 60% or more of a workweek, I do not imagine this will make a dent. I know that some people will find this a bummer — the past year has proved that many people can do many jobs without being anywhere near an office. But many people were hired at Apple with the understanding that they would be working at the company’s buildings. This is not a case of Apple reducing the amount of time working from home; it is an increase from being required to be in the office full-time. This pandemic has been difficult and traumatic, but it is not a permanent state. I do not think it is realistic to expect everything to go back to the way it was before this pandemic, but it is equally unlikely that our generally rich and privileged lives will be unrecognizable because of it.

I hope this does not come across as indifferent. Many people have lost family and friends to this pandemic, and countless more have been impacted in ways little and large — including me.

Steven Aquino says that Apple has long been accommodating for people with disabilities. I have also heard several stories of Apple being surprisingly flexible for people who cannot work in Cupertino. That is clearly not the case for all people who wish to work remotely, but there are satellite Apple offices in dozens of cities that you would not immediately think of. Employees are, however, working in offices.

Apple’s arrangement is limiting, as are most jobs. There are plenty of companies that I would love to work for that would require me to relocate, and that is frustrating but fine. There are also many remote positions I could consider at other companies if I were looking for another job and wanted to work from home. If these requirements mean that Apple begins to bleed too much talent to more remote-friendly companies, it will no doubt adjust its policies. For now, so long as it is safe, this is entirely what I expected — and, I think, what most people should have anticipated.

TikTok Updates Its U.S. Privacy Policy to Begin Collecting Biometric Data

TikTok has updated its privacy policies several times already this year, with improvements for users under 16 and removing the ability to opt out of targeted advertising. But a new statement this week is particularly concerning:

We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection.

Though I imagine those who are concerned about TikTok’s connections to the Chinese government or who see it as surveillance software will find this more nefarious than, say, I do, I still think it is pretty alarming. There is no good reason — not one — for a lighthearted social media app to uniquely identify people based on unchangeable physical characteristics, even for something as apparently innocuous as tagging.

Sarah Perez of TechCrunch reports that this policy change may have a more sedate origin:

It is worth noting, however, that the new disclosure about biometric data collection follows a $92 million settlement in a class action lawsuit against TikTok, originally filed in May 2020, over the social media app’s violation of Illinois’ Biometric Information Privacy Act. The consolidated suit included more than 20 separate cases filed against TikTok over the platform’s collection and sharing of the personal and biometric information without user consent. Specifically, this involved the use of facial filter technology for special effects.

In that context, TikTok’s legal team may have wanted to quickly cover themselves from future lawsuits by adding a clause that permits the app to collect personal biometric data.

The plaintiffs in that suit allege a creepy scheme to mine everything created through the app, including draft videos that were not published. This biometric data collection clause may be related to face mask filters and effects. But, if that is the case, why are those features available elsewhere while this clause is U.S.-only? And, given that this clause is so broad, is it reasonable to think that an ad-supported platform will continue to use it solely for fun filters in perpetuity? The answer to that last one seems obvious: rather than minimizing data collection, TikTok is giving itself latitude.

By the way, TikTok has three different privacy policies: one for the U.S., one for Switzerland, the U.K., and the European Economic Area, and one for everywhere else. Comparing these policies raises many questions. For example, the U.S. one seems to permit far greater collection than the other two. Is that because it is described more comprehensively, or is it because the U.S. has virtually none of the national privacy standards that are common elsewhere?

In the rest of the world, TikTok says it is allowed to collect many different types of behavioural information, including “app and file names and types, keystroke patterns or rhythms” in addition to things like IP addresses and device attributes, but that is not so different from many other social media apps. It also says that it collects “the existence and location within an image of face and body features and attributes” in order to, among other things, “enable special video effects”, which explains why it is able to offer face filters without collecting “biometric” data. This language does not appear in the more permissive U.S. policy; it also does not appear in the stricter policy for Europe and the U.K., but a quick scan of top British TikTok users indicates that face-based filters are available there, too.

It seems that the greater privacy protections afforded to non-U.S. countries are not prohibitive. My American readers should ask themselves why lawmakers are failing them when so many industries are eager participants in anti-privacy practices.

Twitter Launches Paid Subscription First in Canada and Australia

Sara Beykpour and Smita Mittal Gupta of Twitter:

We’ve heard from the people that use Twitter a lot, and we mean a lot, that we don’t always build power features that meet their needs. Well, that’s about to change. We took this feedback to heart, and are developing and iterating upon a solution that will give the people who use Twitter the most what they are looking for: access to exclusive features and perks that will take their experience on Twitter to the next level.

Twitter calls this tier Twitter Blue, which is a great name but with a feature set that I do not find compelling. I imagine many heavy users would pay ten bucks a month for no ads and a chronological timeline. Heck, I know many people would pay for editable tweets. Gareth suggested that it could be an identity verification mechanism, too, and better search functionality would help journalists immensely.

Alas, the initial feature set is a bit underwhelming. There are folders for bookmarks, a better thread reader, some different icons and themes — odd for a product named after a specific colour — and the closest thing to editable tweets is an undo button that disappears after a few seconds. Twitter says that it will add more features over time. I certainly hope so. I would love to pay for Twitter, but this is a surprisingly weak offering.