Pixel Envy

Written by Nick Heer.

The Inside Story of iBeer

Speaking of the early days of iPhone apps, here is Quinn Myers, writing for Mel:

On July 10, 2008, Steve Jobs teased the opening of Apple’s highly anticipated App Store. “The quality and the sophistication of the applications you can write for the iPhone is in a different class,” he told the New York Times. The next day, the App Store launched with more than 500 apps curated for the iPhone’s groundbreaking technology, but only the app of the highest quality and most sophistication would rise to the top: iBeer, an app that kind of made it look like your phone was a glass of beer.

Remarkably, the app is still on the App Store.

MacOS Widgets Deserve Better

Stephen Hackett:

Notification Center is a real mess. Even on a Pro Display XDR, you get three visible notifications. That’s it. Anything older is hidden behind a button, regardless of how many widgets you may have in the lower section of the Notification Center column.

Apple needs to rethink this and let this new class of widgets breathe, being able to use the entire screen like the widgets of yore could. Bringing back Dashboard is an obvious solution here, and I’d love to see it make a return.

Hackett’s screenshots of Dashboard make me nostalgic for that uniquely mid-2000s blending of pseudo-realistic textures and clean formatting. Dashboard was the epitome of that sort of thing — remember the water ripple effect when you dropped a widget onto the Dashboard layer? That made no sense but was absolutely perfect. I miss subtler textural elements like that or the perforated metal tray of available widgets. Sheets of frosted glass have run their course.

Anyway, I am not sure that bringing Dashboard back to life is the right direction, but I would love to see something happen to make widgets and Notification Centre feel more considered and less of a junk drawer. I feel similarly about the many spatial layers of MacOS, like Launchpad and Mission Control — something about them has not quite solidified for me.1

One more thing: in a footnote, Hackett points out how these widgets were interactive. They were interesting in other ways, too. All of them were built with web technologies using a specific IDE Apple created called Dashcode, which it launched in 2006. At WWDC 2007, when Steve Jobs announced the “sweet solution” for iPhone apps, Dashcode was envisioned as a way to build those web apps. The idea was that developers could take their existing Mac OS X widget and convert it to work as an iPhone web app. That, obviously, was not well-received, and an official SDK for native apps was launched the following year. Dashboard withered and died, but not before Dashcode bit the dust. Yet, it took until just a couple of years ago for widgets to once again be a multi-platform effort, now with SwiftUI and, as Hackett wrote, without interactivity. Curious.


  1. I really like Apple’s trackpad gestures for all of these things, especially since they became tracked to your fingers entirely in real-time several years ago. It would be cool if the full-hand pinch gesture was used for something Dashboard-esque. ↩︎

Apple Moved Quickly to Clean Up the Wordle Clones in the App Store, but There Is Still Far to Go

This article by Jason Cross, writing in Macworld, is harsh but mostly fair. The last line of this paragraph, in particular, stood out to me:

It would be a trivially small amount of money for Apple to create an internal group dedicated to proactively finding and eliminating scam, copycat, infringing, exploitive apps. But every one it finds costs Apple money. And doing nothing isn’t hurting sales, not when it’s so much cheaper to just market the App Store as so secure and trustworthy. Apple seems to view App Store trust and quality as a marketing activity more than a real technical or service problem.

It is hard not to feel the same way after years of this same sort of complaint. Apple often says the App Store is trustworthy, and that every app is “held to the highest standards”. But it does not take much digging to find apps that fail to uphold those promises. For example, an App Store search for “who blocks me” finds apps that promise to reveal who views your social media profiles and who is blocking you. Neither of those capabilities are supported by the APIs of Facebook, Instagram, or Twitter. But there are dozens of apps that claim to offer that functionality, most of which require the purchase of an expensive subscription.

Apple Confirms It Has Stopped Issuing iOS 14 Security Updates

Andrew Cunningham, Ars Technica:

Apple told Ars that it always intended the iOS 14 security update option to be temporary. Essentially, people could have a short grace period while Apple worked out the worst of the new operating system’s early bugs, but you would always eventually have to upgrade to stay patched.

The features page for iOS 15 merely says that users can “continue on iOS 14 and still get important security updates,” with no mention of any sort of time limit, though this support page published after iOS 15’s release does mention that iOS 14 security updates will only be available for a vague “period of time.” This approach isn’t consistent with how Apple handles macOS, where the two previous versions of the OS continue to receive security updates in (albeit imperfect) lockstep with the latest macOS version.

When it was released, iOS 15 was given secondary billing as a version that was “also available” on the Software Updates screen. The assumption by many — including me — was that Apple might support the previous year’s version of iOS for about a year.

Alas, just four months later, Apple has already pulled the plug on iOS 14 updates. All the company had to do is be specific and clear in its communications with users still on iOS 14, but there was no notification; iOS 14.8.1, which was released in October, just one day stopped being unavailable. If something like degraded battery performance throttling created a big dent in Apple’s reputation, this sort of thing is chipping its paint: it may be easy to miss, but it also eats away at customers’ trust.

Technology Trade Group Issues Statement on the ‘Banning Surveillance Advertising Act’

This statement from Information Technology and Innovation Foundation VP Daniel Castro is a ride:

Online advertising pays for the vast majority of free online services. Banning targeted ads would make online advertising much less effective, so advertisers will pay less for them and those who display ads — including app developers, media companies, and content creators — will earn significantly less revenue. Faced with a budget shortfall, many online services will have few options other than to either reduce the quality of their services or charge their users fees.

It will not surprise you to know that this group is funded by basically every major technology company, including Amazon, Apple, Facebook, Google, and Microsoft.

But let us engage with this argument on its merits, and not which ostensibly independent voices are making it. One reason highly-targeted ads cost more than less targeted ones is because there are more companies involved in their delivery and each one gets its cut. Another reason is, allegedly, because Google overcharged advertisers, paid publishers a lower rate, and kept the difference.

And while some wealthier households might be willing to pay for ad-free Internet services, millions of American families would be hurt by this policy as they find themselves cut off from key parts of the digital economy. Indeed, this policy would be equivalent to telling the millions of American households who watch ad-supported broadcast television that, to protect them from advertising, they will have to sign up for premium cable and streaming subscriptions instead.

This is some race-to-the-bottom nonsense that conflates less-targeted advertising with a ban on ads altogether — a confused argument this industry loves to make because its actual practices are indefensible. Non-creepy advertising is completely fine. Just do that.

It is worth Americans’ time to question the efficacy of the bill’s text and look for unintended consequences. But this trade group assumes everyone is a sucker and will fall for its misleading arguments.

Lawmakers Propose Legislation to ‘Ban Surveillance Advertising’

Joseph Cox, Vice:

“The Banning Surveillance Advertising Act does what its title suggests. The legislation prohibits advertising facilitators (e.g., Facebook, Google DoubleClick, data brokers) from targeting ads with the exception of broad location targeting to a recognized place (e.g., municipality),” a press release announcing the proposed legislation reads. “The bill also prohibits advertisers from targeting ads based on protected class information and any information they purchase. Violations can be enforced by the Federal Trade Commission, state attorneys general, or private lawsuits,” it adds. The legislation would also prohibit targeted advertisements based on protected class attributes such as race, gender, and religion.

Reps. Anna G. Eshoo of California and Jan Schakowsky of Illinois, and Sen. Cory Booker of New Jersey are the Democratic lawmakers behind the proposed legislation.

Can Duruk:

My hope is that we will look back at the current state of the internet, funded solely by adtech, like when we used asbestos for insulation, lead for toys, and land mines for defense.

There is no chance that this bill becomes law in the U.S., thereby causing the world’s ad tech market to adjust to a better model, but a simple Canadian boy can dream.

U.K. Home Office Launches Anti-Encryption ‘No Place to Hide’ Ad Campaign

James Ball, Rolling Stone:

The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. One key objective: mobilizing public opinion against Facebook’s decision to encrypt its Messenger app.

The Home Office has hired the M&C Saatchi advertising agency — a spin-off of Saatchi and Saatchi, which made the “Labour Isn’t Working” election posters, among the most famous in UK political history — to plan the campaign, using public funds.

According to documents reviewed by Rolling Stone, one the activities considered as part of the publicity offensive is a striking stunt — placing an adult and child (both actors) in a glass box, with the adult looking “knowingly” at the child as the glass fades to black. Multiple sources confirmed the campaign was due to start this month, with privacy groups already planning a counter-campaign.

Hannah Bowler of the Drum — a publication I had not heard of until I began researching this story specifically, and which does not seem like the most trustworthy source for original information given that it claims to be the “third-biggest marketing website in the world” but does not have a Wikipedia page — speculates that this could also be intended to counter WhatsApp’s “Message Privately” ads. That seems entirely plausible to me. Whatever the case, it launched today.

The Home Office claims that 14 million fewer reports of possible abuse may be filed every year if unspecified social media companies, which clearly refers to Facebook, enable end-to-end encryption. It cites data from NCMEC in making this assertion. But I looked through that organization’s releases and could not figure out from where the Home Office drew its conclusions. The NCMEC says that, in 2020, it received 21.4 million reports (PDF) from platforms like Facebook and Google. Facebook’s platforms provided 20.3 million of those reports; NCMEC does not publish more granular data for Facebook. Perhaps 14 million of those reports were from Facebook and Instagram direct messages — WhatsApp messages are already encrypted — and the remaining six million came from other sources on Facebook’s platforms, like posts and Facebook Groups. But it is entirely unclear, and the “14 million” number appears nowhere I can find on NCMEC’s website. This may be nitpicking, but I think it is important that if we are using numbers to illustrate the scope of a problem, that they should be right.

Everyone who is reading this with some knowledge of end-to-end encryption is surely thinking the same thing: it is awful to know that encrypted messaging can be used for heinous purposes, but it comes with tremendous security and privacy benefits for the rest of us. But this campaign is clearly not for well-informed people, as Ball reports:

One key slide notes that “most of the public have never heard” of end-to-end encryption – adding that this means “people can be easily swayed” on the issue. The same slide notes that the campaign “must not start a privacy vs safety debate.”

What a cynical viewpoint the Home Office and M&C Saatchi must have. Privacy is absolutely a factor, and the Home Office agrees:

[…] End-to-end encryption is valuable technology designed to keep our data and conversations safe. We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy. […]

Unfortunately, the Home Office goes on to ask for an untenable compromise position. The closest we have seen to a middle ground is Apple’s on-device detection of child abuse materials destined for iCloud — and the backlash was so striking that those plans have been indefinitely delayed.

This is a hard problem to contend with, but the solution cannot be to ban anything that does not leave a trail of evidence, as though such an effort would be possible. The rest of us do not want the GCHQ spying on our messages. Besides, it is not as though law enforcement is actually as “in the dark” as they like to claim.

Safari 15 Does Not Respect Same-Origin Policy for IndexedDB, Permitting Extraordinary Cross-Site Tracking

Martin Bajanik, of FingerprintJS:

In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy. Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session. Windows and tabs usually share the same session, unless you switch to a different profile, in Chrome for example, or open a private window. For clarity, we will refer to the newly created databases as “cross-origin-duplicated databases” for the remainder of the article.

I know I just wrote it in the headline, but this is an extraordinary bug. Michael Tsai points to a November 2021 WebKit bug report that has since been access-restricted.

You know what is most wild about this for me? I came across this bug when working on some web development last autumn, but I assumed I must be misinterpreting what I was seeing because there was no way such a critical vulnerability would be so transparently visible. Alas.

According to Bajanik, some patches were committed to WebKit this weekend that should fix this bug. That is the good news. The bad news is that this same bug is present in every implementation of Safari 15’s engine, including every iOS browser since they all use the same engine, and no software updates have been issued to fix this vulnerability.

Update: The updates to MacOS, iOS, and iPadOS that will be released shortly contain a fix for this bug.

Custom 3D Landmarks in Apple Maps

Justin O’Beirne:

As part of its 2021 cartographic redesign, Apple replaced 213 of its existing 3D models of landmarks and other venues with new, artist-created models.

[…]

These new custom landmark models are currently available in seven areas: the San Francisco Bay Area, Greater Los Angeles, New York City, London, Washington, San Diego, and Philadelphia.

The San Francisco Bay Area has the most models (60 models total), while the San Diego area has the least (11 models total).

Compare this list against two of O’Beirne’s other catalogues: feature availability in top metro areas and priority countries. I am especially interested in countries with large metro areas and many iOS users, yet with few Apple Maps features. Seoul is located within a country of, according to O’Beirne’s calculations, at least ten million iOS users, but only has a city guide and some landmark icons, and not even the 3D landmarks of London or Washington. It is a similar story in Moscow — Russia has at least 29 million iOS users — and São Paulo — Brazil has an estimated 16 million.

In New York or London, Apple Maps probably feels pretty feature-rich. But elsewhere it is patchier, even in cities like Calgary which are comparatively well-covered. There are surely different teams working on 3D landmarks and more fundamental features but, from a distance, it can feel like Apple is lavishing attention solely on U.S. population centres — and London — and filling in fine details in those cities at the expense of some basic functionality elsewhere. I would love cycling directions, or even some more consistent labelling — a selection of Calgary streets in the same area are referred to as “15 ST SW”, “16TH ST SW”, “EIGHTH ST SW”, and “8 ST SW”. It is eye-opening to know this is considered good coverage for Apple Maps; major commercial areas are not marked on the streets of Paris, not even the Champs-Élysées.

I often wonder if it makes sense that there are basically two major efforts in digitizing the world’s cartography for commercial purposes, and both are fronted by companies based in the same part of the United States. The expense of such a wide-reaching project is surely a hurdle, but it would be great if others could offer a more local solution. Perhaps one reason there is not as much competition in this space is, in part, because iOS users cannot change their default maps app. I am not sure it makes sense to modernize the in-car GPS systems that required a different disc for each region, but I also have to wonder if Apple or Google can deliver worldwide cartography that is accurate and not encumbered by their myriad other business interests.

User-Friendly Diagnostics Should Be a Core Part of Any System

Howard Oakley:

Software engineers are hopeless optimists when they design and code only for success. There’s much more to handling errors than displaying a couple of phrases of in-house jargon and fobbing the user off with a magic number. It’s high time that designing error-handling to help the user became a central tenet of macOS.

My only quibble with Oakley’s conclusion here is that it should not be limited to MacOS; I expect better diagnostics across all of Apple’s operating systems. Otherwise, this is spot on.

It is bananas that the best error messages users will encounter are those with an inscrutable code — “the best” because it is at least something which can begin a web search for answers. But a Mac is not a microwave; it has a very large display and can display more information than an error code of a few characters. Worse still are errors which have no information — Oakley’s example is a MacOS installer with the error “This copy of the Install macOS Big Sur.app application is damaged, and can’t be used to install macOS.” has only an “OK” button, as though that is an acceptable response1 — or silent failure where no message is displayed to the user at all.

There is no way this is the best that can be done, nor is it what we should expect out of our ostensibly modern families of operating systems.


  1. Since this is a MacOS installer, a better error message would have an option to fix the application, or at least re-download it in full. ↩︎

‘Modern’ Browsers

Jim Nielsen’s mom could not access a website from her computer or iPad to register for volunteering:

So I looked at the version of Chrome on my parent’s computer. Version 76! I knew we were at ninety-something in 2022, so I figured that was the culprit. “I’ll just update Chrome,” I thought.

Turns out, you can’t. From what I could gather, the version of Chrome was tied to ChromeOS which couldn’t be updated because of the hardware. No new ChromeOS meant no new Chrome which meant stuck at version 76.

But what about the iPad? I discovered that my Mom’s iPad was a 1st generation iPad Air. Apple stopped supporting that device in iOS 12, which means it was stuck with whatever version of Safari last shipped with iOS 12.

So I had two older browsers that couldn’t be updated. It was device obsolescence because you couldn’t install the latest browser.

I ran into a similar issue when I tried booting into Mac OS X Lion — the version that shipped with my 2012 MacBook Air — and found that many websites, including my own, refuse to load because of incompatibilities with modern SSL certificates or HTTPS standards, I think. This laptop is officially obsolete in Apple’s terms; it can only be upgraded to Catalina. It will stop working eventually, but I wonder if the hardware will give out first or if it is more likely that I will sooner be unable to use it for day-to-day tasks.

Even on the most basic of document-based websites, there are technical hurdles that prove the web is little without the right web browser. I like a lot of the work done by the Electronic Frontier Foundation, but one of the quieter drawbacks of its leadership in encrypting the web is that many websites can only be accessed through newer browsers.

Faking an iPhone Reboot

ZecOps, a security research company (via Bruce Schneier):

We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown. The user cannot feel a difference between a real shutdown and a “fake shutdown”. There is no user-interface or any button feedback until the user turns the phone back “on”.

To demonstrate this technique, we’ll show a remote microphone & camera accessed after “turning off” the phone, and “persisting” when the phone will get back to a “powered on” state.

This is one of those things that is as clever as it is worrying. Imagine if you thought your iPhone was the target of a spyware attack, so you try turning it off and back on — except your phone never switched off and all of that behaviour was faked. Extraordinary.

More Details Revealed in States’ Antitrust Suit Against Google

Russell Brandom, the Verge:

On Friday, a coalition of state attorneys general led by Texas Attorney General Ken Paxton released a new antitrust complaint (PDF) against Google, giving more details into the company’s alleged collusion with Facebook in programmatic ad markets. The filing was first reported by Politico.

… which put the public document behind its paywall, is how that sentence should end. The full docket is on Court Listener, and that would also be an acceptable link. Making people hunt for court filings — or pay Politico, for some reason — is inexcusable.

At least Brandom posted it, and reports:

In one particularly uncomfortable passage, the complaint quotes a 2015 email in which “Google employees expressed fear that Google’s exchange might ‘actually have to compete’ with other exchanges at some point in the future.

Much of the case rests on the concessions Google allegedly made to Facebook in the wake of the Jedi Blue arrangement, including lower fees and longer timeout limits in exchange bidding. One newly unredacted portion of the complaint claims that the concessions gave Facebook a clear advantage in winning auctions.

Tripp Mickle and Keach Hagey, of the Wall Street Journal, document an offence a little more grievous than their refusal to link to the updated filing anywhere in this article:

Google misled publishers and advertisers for years about the pricing and processes of its ad auctions, creating secret programs that deflated sales for some companies while increasing prices for buyers, according to newly unredacted allegations and details in a lawsuit by state attorneys general.

Meanwhile, Google pocketed the difference between what it told publishers and advertisers that an ad cost and used the pool of money to manipulate future auctions to expand its digital monopoly, the newly unredacted complaint alleges. The documents cite internal correspondence in which Google employees said some of these practices amounted to growing its business through “insider information.”

The allegations as presented by the attorneys general make my eyes glaze over a little because of the many acronyms and technologies involved. I should also note they have not yet been tested in court. But if they are true, it means the online advertising duopoly is rigged to the detriment of advertisers, the web, and our privacy. Remember: both Facebook and Google claim they need to build behavioural profiles on each of us for targeting purposes. But they are allegedly exploiting their position to configure the market for their benefit and nobody else’s.

I tried checking for differences between this filing and the last, but no tool I used did a great job because there are so many changes. One little thing I noticed is that Missouri’s Attorney General is a guy named Eric Schmitt. Nice touch.

Update: Leah Nylen put together a good — and mercifully short — Twitter thread about the allegations in that Journal article.

New U.S. ‘TLDR’ Bill Would Require Simplified Versions of Service and Privacy Agreements

Makena Kelly, the Verge:

The Terms-of-service Labeling, Design and Readability Act – or TLDR for short – would require websites to provide a “summary statement” for users before they opt in to a terms of service agreement. The statement would summarize the legal jargon into something more easily understood by the average user, along with disclosing any recent data breaches (from the three years) and the types of sensitive data the site may collect. The summary would also explain “whether a consumer can delete their data, and if so, provide instructions on how.”

Cute name. It seems like a generally good thing to provide users with a more digestible version of the painful legal contracts we are expected to read and understand before agreeing to use, well, just about anything.

For the past couple of years, the Verge has tried to help readers see how many terms and conditions are required of devices by including an “Agree to Continue” section in its reviews:

Every smart device now requires you to agree to a series of terms and conditions before you can use it — contracts that no one actually reads. It’s impossible for us to read and analyze every single one of these agreements. But we started counting exactly how many times you have to hit “agree” to use devices when we review them since these are agreements most people don’t read and definitely can’t negotiate.

That is all fine and wonderful. But I am not really sure what meaningful changes will be accomplished by these ideas given what many of us already know about our lack of privacy online. Google, for example, already has a simplified privacy policy. I appreciate the effort, but do most users actually read it? Even if someone does, can they understand the long-term implications of allowing Google to amass a record of your online interactions? Can they change settings before Google begins collecting usage information?

People already have a sense of how much is collected; what they lack is control. Very few people are going to behave differently because they read more privacy policies. It would be a different story if there were restrictions covering the collection and retention of user information and users were allowed to change settings before using a company’s products.

German Company’s Use of Google Analytics ‘Breached GDPR’

Lindsay Clark, the Register:

Datenschutzbehörde, or DSB, has found that a German publisher, not named in the case, was in breach of Article 44 of the General Data Protection Regulation (GDPR) in the use and operation of Google Analytics – commonly used throughout web publishing and ecommerce – because of its movement of personal data to the United States.

In 2020, the EU Court of Justice struck down the so-called Privacy Shield data protection arrangements between the bloc and the US in what is now known as the Schrems II ruling, which has ramifications for US cloud providers, social media sites, and providers of online tools.

Datenschutzbehörde, Austria’s data protection authority, specifically cited the risk of espionage by U.S. intelligence agencies as a reason why this publisher’s use of Google Analytics violates GDPR rules. That is not an unreasonable concern. While users in some countries may benefit from having the protections of the U.S. legal system to avoid domestic overreaches, it is detrimental for users in Canada and many European countries.

An Early Look at Leica’s New M11

A new Leica flagship means there is a lot to be dreaming of if you are the kind of person who, like me, are charmed by the particular blend of new and classic that only Leica really delivers. And it would not be an “M” camera without some quirks.

Barney Britton and Richard Butler, DPReview:

This USB-C socket can be used for charging the camera and for rapid offload of data, from a memory card or the 64Gb of internal storage built into the camera. The camera comes with an Apple certified USB-C to Lightning lead for connection to iPhones and iPads.

It is a little funny to me that it comes with a USB-C to Lightning cable, even though the Apple device you would probably want to use for editing these massive files is the iPad Pro, which has a USB-C port at the bottom. Standards are great, that is why we have so many of them.

Calgary’s own Chris Niccolls and Jordan Drake, also of DPReview, have a lovely video overview, too.

Responsible

I cannot remember controversy over one of Apple’s products like that which it is experiencing from AirTags. Apple is no stranger to controversy, of course — how many “–gate”s have bubbled up over product quality shortcomings, real and exaggerated? — but this is different. It is the first time I can think of where the fundamental function of the product is seen to be causing real harm.

To paraphrase one of the better lines from a mediocre series, Apple has a public relations problem because its product has an actual problem, and its product has an actual problem because the world has a problem. Apple has control over perhaps two of those problem strata; it cannot fix the objectification of women in society. But it should not be releasing products that directly exacerbate those known issues.

You could perhaps make a similar argument about a product like the iPhone: the camera could be used for surreptitious photography, for example. But that is not the sole purpose of the iPhone. It is not like Apple is selling some super tiny camera accessory.

It is also true that this is not specific to AirTags. In addition to the well-known Tile tracker, there are plenty of cheap tiny location beacons on the market, not to mention the ultra-precise GPS trackers available on Amazon and at your local spy and surveillance shop.1

But there is something different when the world’s most valuable company introduces a miniaturized beacon that uses others’ devices as a pinpointing mechanism. I am not sure what it is, but I do not think the specifics matter. I do not think there is much point in getting bogged down in exactly why there is concern about AirTags specifically because the effects are right there: women are finding these things being used to track their location. We can quarrel over specifics and wonder why Tile trackers rarely received this kind of negative press.

But maybe all of this is actually very simple: maybe this just is not something Apple needs to be offering. I know I am a mere observer and that a multi-trillion-dollar — holy shit — company can figure this stuff out but, as a layperson, it really does seem this straightforward. Perhaps there need to be greater protections before Apple could offer these kinds of products once again, but I do not see why it should ever be gambling its reputation on a cheap accessory similar to those already available while providing assistance to terrible people.

There are advantages to the vast Find My network, and perhaps Apple should explore ways to make it more appealing to third-parties. Clearly, Apple thought it could do something different and better here. But I see shades of the live audio chat room in the concerns over AirTags: just because something can be done, that does not necessarily mean it ought to be. In both cases, there are societal-level concerns these products will exacerbate or, at the very least, be an accessory to.

Perhaps the responsible thing is to not launch them at all.


  1. I am not sure how common these are where you live, but there are a couple in Calgary. I get an involuntary neck tilt every time I drive by one of them because it has a big banner outside that reads, simply, Spy Store. Good luck to our local Bonds, Bournes, Hunts, Salts, and Archers. ↩︎

Consistency Sin

Craig Hockenberry:

My answer is something I call “consistency sin”. Understanding the cause lets us avoid similar situations in the future.

Your first reaction to this nomenclature may be, “Isn’t consistency a good thing in user interfaces?”

Absolutely! Colors, fonts, and other assets should be similar within an app. Combined they help give the user a sense of place and act as a guide through an interface. And in many, cases these similarities should be maintained across platforms. There’s no sin there.

But you can get into trouble when this consistency starts to affect the user experience.

There is an article about consistency I have been putting together for months and have not figured out a great angle. I think Hockenberry’s piece is what I was trying to write.

Consistency exists on so many levels: within a particular window or area of an application, within the application, between applications from the same company, between applications on the same platform, within the platform, and between platforms — and then, consistency between how elements look and how they work. MacOS would be worse if every button looked completely different, and it would also be worse if everything looked and worked the same as it does in iPadOS. I feel like the era of MacOS we are in now has strayed over that line. Dialog boxes are harder to read; notifications are worse; translucency makes things harder to read. I have not heard a satisfactory justification for any of these changes, but all of the excuses I have seen boil down to consistency. All of these elements have been updated to be more like the way things look and work on iOS and iPadOS, but I do not think that is a laudable goal unto itself.

Facebook Loses Second Attempt to Dismiss FTC Antitrust Case

Hannah Murphy and Kiran Stacey, Financial Times:

A US judge has denied Facebook’s attempt to dismiss for a second time the antitrust lawsuit brought by the US Federal Trade Commission seeking to force the social media company to unwind its acquisitions of Instagram and WhatsApp.

“Second time lucky?” began the opinion on Tuesday from Judge James Boasberg in Washington, who concluded that the lawsuit, which accuses Facebook of conducting a “course of anti-competitive conduct”, could proceed.

The rejection of Facebook’s motion is a victory for the FTC after its original lawsuit was dismissed by Boasberg last year.

[…]

However, the judge said he would not let the FTC pursue allegations that the company changed its platform policies to cut off services to rivals, because the conduct was too far in the past.

The first version of this suit — the one that was dismissed — was filed in December 2020 under the previous FTC administration. There are many remaining questions about the amended complaint, created under Lina Khan’s leadership, but at least the FTC now has the opportunity to fully vet its concerns.

U.S. Federal Spending on Facial Recognition Tech Expands

Tonya Riley, CyberScoop:

In fact, CyberScoop identified more than 20 federal law enforcement contracts with a total overall ceiling of over $7 million that included facial recognition in the award description or to companies whose primary product is facial recognition technology since June, when a government watchdog released a report warning about the unmitigated technology. Even that number, which was compiled from a database of government contracts created by transparency nonprofit Tech Inquiry and confirmed with federal contracting records, is likely incomplete. Procurement awards often use imprecise descriptions and sometimes the true beneficiary of the award is obscured by subcontractor status.

Among the contracts CyberScoop cites is one between the FBI and Clearview AI. Quite a stark contrast compared to countries like Canada and France that have banned the company from operating within their borders or using any citizens’ data.

AirTags Are a Classic Story of a New Technology With Benefits That Are Also Concerns

Lucas Matney, TechCrunch:

Apple has arranged so much of their wearable product marketing over the last few years on how their devices function in edge use cases. The Apple Watch’s last several generations have focused on health tracking features that could help identify rare conditions or help users in a life-threatening situation. TV commercials have documented the individual stories of users who have found the Apple Watch to be a life-saving tool. With AirTags, there’s potential for some of that same good, but there’s also much more downside. In the next year, we’re undoubtedly going to see examples of AirTags being used in nefarious ways that bundled together serve as the antithesis of one of these Apple Watch commercials. It may end up being a product defined by its gross shortcomings.

AirTags are not a complex product. They are small location beacons — everything that makes them effective for finding lost keys or a stolen bicycle makes them pretty effective for tracking someone’s whereabouts. How does any company correct the course of a product like that? An optional app is insufficient.

The United States’ Most Prestigious Business Publication Addresses ‘Green Bubbles’

Tim Higgins, Wall Street Journal:

That pressure to be a part of the blue text group is the product of decisions by Apple executives starting years ago that have, with little fanfare, built iMessage into one of the world’s most widely used social networks and helped to cement the iPhone’s dominance among young smartphone users in the U.S.

[…]

Apple and other tech giants have long worked hard to get traction with young users, hoping to build brand habits that will extend into adulthood as they battle each other for control of everything from videogames to extended reality glasses to the metaverse. Globally, Alphabet Inc.’s Android operating system is the dominant player among smartphone users, with a loyal following of people who are vocal about their support. Among U.S. consumers, 40% use iPhones, but among those aged 18 to 24, more than 70% are iPhone users, according to Consumer Intelligence Research Partners’s most recent survey of consumers.

Is it 2019 again? That was the last time we had a spate of stories examining the plight of Android users texting friends with iPhones. There was the Fast Company exposé of teenagers’ “distaste” for green bubbles, that thorough investigation by the New York Post into the problem — featuring interviews with exactly one iPhone user who refused to date Android users, and one Android user who felt slighted — and there was Samsung’s ridiculous comeback attempt.

Pause for outrage.

In 2015, Paul Ford wrote a much better version of this argument — in no small part because Ford is an excellent writer:

This spontaneous anti-green-bubble brigade is an interesting example of how sometimes very subtle product decisions in technology influence the way culture works. Apple uses a soothing, on-brand blue for messages in its own texting platform, and a green akin to that of the Android robot logo for people texting from outside its ecosystem (as people have pointed out on Twitter, iPhone texts were default green in days before iMessage — but it was shaded and more pleasant to the eye; somewhere along the line things got flat and mean).

As Ford documents, there have been times when Apple took advantage of this cultural phenomenon. But there are plenty of caveats, one of which Higgins describes in this Journal article:

Apple is not the first tech company to come up with a must-have chat tool among young people, and such services sometimes struggle to stay relevant. BlackBerry and America Online were among the popular online communication forums of past decades that eventually lost ground to newer entrants.

Is something different about today’s messaging services that would make them stickier than their ’90s and ’00s predecessors? AOL is a less fitting comparison; BlackBerry Messenger is the most accurate predecessor to iMessage: for a long time, a BlackBerry device was required to use BBM, and you currently need an Apple device to use iMessage.

Messaging services come and go. Overall, I find it hard to see any specific correlation between device user base and messenger choice. Sure, iOS devices and iMessage are popular in the United States, but it is not the case that both are similarly popular around the world. In Japan, for instance, iOS devices have a higher market share than they do in the U.S., but the dominant messaging service is LINE, the “do-everything platform”. In most other countries, WhatsApp is the messaging app everyone uses regardless of smartphone operating system. In Indonesia, BBM was wildly popular until it was shuttered globally in 2019, even though sales of BlackBerry devices dried up long before. It also depends on which part of a country’s population you are measuring: in Canada, where iOS’ market share is neck-and-neck with Android’s, WhatsApp is not very popular except with new Canadians, 84% of whom use it daily.

I have written before about how iMessage is a platform differentiator for Apple, but I do not think it is as bulletproof as either its biggest fans or extreme antitrust detractors believe. More to the point, I do not know anybody who uses just one messaging service.

Articles like these read mostly as an avenue to show that some young people are sometimes shallow, as most of us probably were at that age. I remember when zipper binders were the trendy item among my peers, or when the popular kids wore Abercrombie and Fitch. If a person refuses to go on a date with someone solely because of the phone they use, that seems more like a red flag that should be avoided.

These sorts of trend pieces seem to mix up cause and effect. I would not read too much into it. Most iPhone users will probably pick another iPhone as their next phone, just as most Android users will probably pick another Android phone. If having a sorted-out messaging platform was such a compelling selling point, you would expect Android users to be leaving the platform in droves. As it turns out, it is probably a small piece of a much larger reason why most people stick with the same platform when they buy a new phone.

On Twitter, the Block Button Is Right There

Jamie Zawinski (via Jesper):

Basically, I block someone if they have said something stupid enough to make me want to hit reply and frustratedly explain it to them. We all know that there is no future in sending that reply, but as I said, the struggle is real. So instead I block them, because the chance that this person will ever say something I want to hear is… not large.

But, maybe some day Mr. Firstname Bunchanumbers dot Eth and I woulda been pals. My loss!

And those blocks happen not just for people who have replied to me. If I see your comment, and you’re a dumbass, you get a block. This sometimes leads to perplexed people saying “but he blocked me and we’ve never spoken!” So if that’s you, and it made you sad, my sympathies. But this is a matter of self-defense and one does what one must.

Over the last, say, five years, I have found myself using Twitter’s “block” button more liberally. I have qualms about the default-to-public quality of a Twitter profile, but I also sometimes converse with people who do not follow me, and I often tweet unfinished thoughts which I later reference here. So: public is fine. I also like to hear criticism or disputes with something I have written, and Twitter is a good medium for that.

However, sometimes I will see tweets from people who I simply do not wish to hear from. It does not matter whether they are likely to interact with me in the future; what matters is that I can partly control whether they have the option. So I will block them. It is nothing personal and not necessarily very effective: they can still email me, but at least it requires a little more effort.

This post also introduced me to the excellent MegaBlock service. You connect your Twitter account and then paste a link to a tweet. It will block the author of the tweet and everyone who liked it. Nice.

Some Antivirus Software Now Includes Cryptocurrency Mining

Brian Krebs:

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Founded in 2006, Avira Operations GmbH & Co. KG is a German multinational software company best known for their Avira Free Security (a.k.a. Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Ariz.-based NortonLifeLock Inc., the same company that now owns Norton 360.

The catch is the software vendor gets a cut of mined cryptocurrency. Now you can build upon the legendary performance characteristics of antivirus software with another background process that helps Avira make some extra money. At least it is opt-in rather than opt-out.

Public Domain Day 2022

The Public Domain Review is one of many organizations that puts together a terrific list celebrating the works entering the public domain every year. It is like an annual reminder that most copyright terms are far too long.

This year in Canada — and in other countries with life plus fifty year terms — the list includes works by Louis Armstrong, Jim Morrison, and Stravinsky.

Lawsuit Alleges Google Paid Apple to Stay Out of Search

Tim Hardwick, MacRumors:

Apple has an agreement with Google that it won’t develop its own internet search engine so long as Google pays it to remain the default option in Safari, a new class action alleges.

Filed in a California court earlier this week against Apple, Google, and their respective CEOs, the lawsuit alleges the two companies have a non-compete agreement in the internet search business that violates US antitrust laws.

This is one hell of a lawsuit; you can read the complaint here (PDF). Unlike many antitrust suits, it does not argue solely that Google’s presence as the default browser on all of Apple’s platforms — and its multibillion-dollar annual payments for its position — is illegally hampering competition. Rather, it claims that Apple has agreed not to develop a search engine to avoid giving Google any competition. It also says that Tim Cook derived personal bonuses based on this agreement.

I am not a lawyer; I have no idea if this case is legally sound. But the evidence for these allegations amounts to, more or less, a couple of photographs of Cook and Sundar Pichai at dinner, and some out-of-context quotes. The complainants say that the talks during these dinners were “taped by bystanders” but I see no recordings or transcripts in the docket. I will also note that Apple has, in Spotlight, its own general-purpose web search engine built into its platforms.

The Reliability Journey

Steven Sinofsky:

PCs used to crash a lot, a whole lot. PCs routinely crashing, freezing, hanging (various ways to describe a computer that has ceased to function) and losing work was the norm. Over about twenty years of engineering and iteration, the PC experience changed dramatically for the better, with vastly more reliability and higher quality. Now I recognize even typing that should make for a protracted thread on Hacker News or Reddit where everyone shares the crashes that just happened today or happen “constantly”. This is the story of going from a world of nearly universal quality and reliability problems to a literal world-changing invention that dramatically altered the path of PC quality.

I really enjoyed this essay about learning how to capture and share debugging information with the software vendor — in this case, Microsoft. I have to wonder what today’s systems look like, given that users of Windows now measure in the many billions. How does debugging scale to the users of products from Microsoft or Apple or Google today? Submitting reports through Feedback Assistant feels almost quaint in its similarity to the developments described by Sinofsky.

CBC Lifestyle Journalist Becomes This Week’s Substack Hero

Sarah Hagi, Gawker:

Leaving a writing job in a huff to join the truth warriors of the newsletteratti has worked incredibly well for well-known journalists like former New York Times editor and columnist Bari Weiss, Intercept co-founder Glenn Greenwald, former New York Magazine writer Andrew Sullivan and Vox co-founder Matthew Yglesias.

Usually, this approach only works well for people with name recognition, but one fellow Canadian has proved you don’t even need that to be hoisted up as a free speech warrior as long as you type the correct words in the correct order.

Tara Henley’s screed against the CBC’s editorial direction is almost transparently insincere. Our national broadcaster is a institution worth changing for the better, but Henley’s criticisms simply do not match the CBC’s actual output. I have seen CBC stories of everything she says it does not cover with some frequency.

There is nothing wrong with starting a newsletter or going indie. But the way some of these journalists and commentators carry on, you would think they are bravely publishing in the storm of a totalitarian dictatorship. That does not match the reality of journalists in the U.S. or Canada or the U.K. or the E.U. who are afforded broad rights and freedoms, as are the rest of us, and who have a wide choice of outlets and employers.

You started a blog. So did lots of other people. Stop making a big thing out of it.

iCloud Private Relay White Paper

Apple (PDF), via Michael Tsai:

iCloud Private Relay is a new internet privacy service from Apple that allows users with iOS 15, iPadOS 15, or macOS Monterey on their devices and an iCloud+ subscription to connect to the internet and browse with Safari in a more secure and private way.

[…]

Private Relay is built on the principle that IP addresses that identify users need to be separated from the names of websites that users access. To achieve this separation, Apple has engineered an innovative dual-hop architecture in which users’ requests are sent through two separate internet relays operated by different entities. Private Relay’s dual-hop architecture protects the privacy of users by separating who can observe their IP addresses from who can see the websites they visit.

Compared to some of Apple’s more detailed technical documentation, this white paper has noticeable omissions. For example, it does not name the providers of the second hop “egress” proxy, only stating that they are “some of the largest content delivery networks (CDNs) in the world”.

Thankfully, it does shed some light on the protocols and technologies Apple is using:

DNS is the system that translates server names into IP addresses when using the internet. The ability to observe DNS lookups allows potential trackers to monitor user activity. To protect the privacy of DNS name resolution for all queries sent by the device and prevent such tracking, Private Relay uses Oblivious DNS over HTTPS (ODoH).

Check.

Apple also lists circumstances where Private Relay may be unavailable, saying that it is “designed to provide clear status information and control to the user”. Among the reasons it may not be available include local network settings, devices under certain management profiles, and DNS settings. Not listed are countries where it is unavailable for regulatory reasons.

Wordle, a Daily Word Game

Speaking of respect, Wordle is a great game that is free and has no growth hacking nonsense. One word a day, six attempts to solve it. It clocks in at less than 400 KB, too. I know this is probably not breaking news for many of you, but it is delightful.

It Is ‘Premature’ to Know Almost Anything About the Smiths’ New Media Venture

Benjamin Mullin of the Wall Street Journal broke today’s biggest media news:

Bloomberg Media Chief Executive Justin Smith stepped down effective immediately to found a new media company, and tapped New York Times media columnist Ben Smith to lead its future newsroom.

“The news industry is facing a crisis in consumer trust and confidence due to the distorting influence of social media and rising levels of polarization and parochialism,” Justin Smith said in an email Tuesday. “My plan is to launch a premium news business that serves unbiased journalism to a global audience and provides a high-quality platform for the best journalists in the world.”

The New Yorker’s Lauren Collins on Twitter:

By MAN

MAN leaving news org to start news org with MAN. “We will miss MAN,” MAN said. MAN took over column from MAN, who succeeded other MAN. MAN pubbed report on MAN compiled by MAN, which led to inquiry by MAN. “MAN helped transform media,” said MAN.

Collins wrote this in the context of the New York Times’ story about this news, but surely it applies equally to Mullin’s coverage.

Clare Malone, of the New Yorker, asked Ben Smith some good questions but received frustratingly empty answers (Malone’s questions are italicized):

Do you have any people whom you see as competitors in mind? For those of us who are not in your and Justin’s mind — the two Mr. Smiths — what is it?

We’re thinking more about the audience than about competitors, I would say. And I think there is a big audience of people who are dissatisfied with their current options. There’s a lot of research that suggests that, for sort of a range of overlapping reasons.

Like what? Tell me more about that.

I think there are a lot of people who want to be treated with respect. We want to serve the highest common denominator, and I think there’s an opportunity for that.

Sometimes, being vague is tantalizing; sometimes, it is just being vague. What does Smith — the Ben one — really mean when he says that they are seeking an audience within the English-speaking world of “200 million people who are college educated”? Is that not pretty much how every English-language broadsheet newspaper or bookish magazine would describe itself? Nevertheless, I am interested in this venture, if only because I really like Ben Smith’s work.

I am particularly interested in this concept of respect for readers. Does that mean this media outlet will be one of very few that does not interrupt your reading with a prompt to subscribe to its newsletter? Perhaps it will not have third-party tracking, or precisely target audiences using third-party data, right? The Markup has proved that media outlets can respect readers in all of these ways. Will the Smiths follow suit?

Ming-Chi Kuo: Second-Generation AirPods Pro to Support Lossless Audio

Hartley Charlton, MacRumors:

Apple’s second-generation AirPods Pro will feature support for Lossless audio and a charging case that can emit a sound for location tracking purposes, according to Apple analyst Ming-Chi Kuo.

In a note to investors, seen by MacRumors, Kuo explained that the second-generation AirPods Pro will feature new selling points that will lead to strong demand, including support for Apple Lossless (ALAC) audio and a charging case that users can trigger a sound from to highlight its location.

The first thought which occurred to me is the undertaking required to replace a metre or two of wire. Just last month, Apple’s vice president of acoustics said in an interview that Bluetooth’s bandwidth was an impediment to supporting lossless audio in AirPods. It seems that a different standard or perhaps a proprietary protocol will be needed to enable the same quality of playback in a wireless headphone that I achieve today through a physical connection.

But then it occurred to me how strange it is that I am able to wirelessly transmit lossless audio until I need to transfer it the short distance between my device and my ears. I can stream it over a cellular connection, or download lossless files to my Mac and sync them to my iPhone over Wi-Fi, but a cable is needed for playback. For now, anyway.

Ben Smith Profiles CrowdTangle Founder Brandon Silverman

Ben Smith, in his column for the New York Times this weekend, profiled CrowdTangle’s founder Brandon Silverman. CrowdTangle was acquired by Facebook in 2016, but its team was effectively dismantled in 2021 after information surfaced by the software became embarrassing to the company. Facebook’s spokespeople have disputed any connection.

Anyway, Smith’s column covers some proposed legislation that Silverman helped write, which is intended to increase transparency around algorithmic platform decisions. Smith:

Much of what Americans know about what happens inside companies like Google and Facebook these days comes from employees who tire of the corporate spin and leak internal documents. Congress is responding to documents leaked first to The Wall Street Journal by a former Facebook product manager, Frances Haugen. The revelations in those documents confirmed and deepened the perception of an out-of-control information wasteland hinted at by CrowdTangle’s data.

Mr. Silverman isn’t a leaker or a whistle-blower, and he declined to discuss details of his time at Facebook. But his defection from Silicon Valley to Capitol Hill is significant. He arrived with detailed knowledge of perhaps the most effective transparency tool in the history of social media, and he has helped write it into a piece of legislation that is notable for its technical savvy.

“Defection” is an interesting choice of word, given Silverman’s history later disclosed by Smith:

For Mr. Silverman, the legislation is a return to politics. He came to the tech industry through an unusual path, which began in 2005 at the Center for Progressive Leadership, a nonprofit organization aimed at training a new generation of political leaders. He became interested in building online communities as a way to keep the program’s alumni connected. In 2011, he helped found a company then called OpenPage Labs, aimed at building social networks for progressive nonprofits using Facebook’s “open graph,” a short-lived program that allowed software developers to integrate their applications with Facebook.

The Center for Progressive Leadership was based in Washington D.C., while OpenPage Labs was founded and run out of Baltimore, which is economically and politically tied with D.C. through its close proximity. I do not see this as a story of “defection” as much as it is about Silverman continuing a career.

Something New in Something Old

In late December, for a few years now, I have tweeted out a big list of albums I enjoyed. On Thursday, I posted my picks for 2021, some of which were likely not a surprise for anyone who follows me on Last.fm. This spring, I reactivated my account there and began scrobbling again after years away in the pursuit of better music recommendations. I am not sure it is working, but here is what I have found so far.

Apple Music is a remarkable deal for me: spending ten bucks a month gives me access to almost any record I can think of, often in CD quality or better. There are radio features I do not use and music videos I rarely watch, but the main attraction is its vast library of music. Yet, with all that selection, I still find new music the old-fashioned way: I follow reviewers with similar tastes, read music blogs, and ask people I know. Even though Apple Music knows nearly everything I listen to, it does a poor job of helping me find something new.

Here is what I mean: there are five playlists generated for me by Apple Music every week. Some of these mixes are built mostly or entirely from songs it knows I already like, and that is fine. But the “New Music Mix” is pitched as a way to “discover new music from artists we think you’ll like”. That implies to me that it should be surfacing things I have not listened to before. It does not do a very good job of that. Every week, one-third to one-half of this playlist is comprised of songs from new albums I have already heard in full. Often, it will also surface newly-issued singles and reissued records — again, things that I have listened to.

When I scroll down to the “New Releases” section on the “For You” page, it is an even sadder story. Perhaps I have this all wrong, but this seems to me like it should be where I learn about new albums from artists I already listen to. I can remember just one time since Apple Music launched when this section matched my expectations for it. At all other times, it shows weeks-old records I have not played from artists I have not heard of. And they just sit there for weeks, unplayed, until another set of similarly-confusing picks is displayed. Have I got the concept of “New Releases” completely wrong?

Shallowest of all are the “Similar Artists” recommendations on every artist’s page. It tends to prioritize proximity to the selected artist, so it often shows side projects and solo acts. For example, according to Apple Music, artists similar to Soundgarden include Chris Cornell — who was Soundgarden’s lead singer — and Temple of the Dog — one of his side projects — and Audioslave — another Cornell project. It also suggests Alice in Chains, Stone Temple Pilots, and Pearl Jam, three other bands with similar tonal qualities. How many listeners of Soundgarden are there in 2021 who do not know about any of these other bands and projects? I would wager it is a tiny number given Soundgarden’s fame and fanbase. I suppose there are some people who are not fans, per se, and would appreciate these recommendations. But why is Apple Music showing me those artists when I have listened to them all in Apple Music?

In fairness, the artist pages are distinct from the “For You” section of the app. Yet, surely the entire service should be tailored for me. Otherwise, what is the purpose of the algorithmic backend?

You may rightfully ask why I have not stopped using Apple Music and switched to, for example, Spotify, which has far better recommendations. The answer is because I have an anachronistic setup of mostly local music that I would like to keep syncing to my iPhone, and I still do not trust any of the matching or cloud syncing features to do that job for me, including Apple’s.

So: Last.fm. There are a few things I like about it. First, it seems to take into account my entire listening history, though it does give greater weight to recency and frequency. Second, it shows me why it is recommending a particular artist or album. Something as simple as that helps me contextualize a recommendation. Third, its suggestions are a blend of artists I am familiar with in passing and those that I have never heard of.

Most importantly, it feels free of artificial limitations. Apple Music only shows a maximum of eight similar artists on my iPhone, but there are pages of recommendations on Last.fm. Echo and the Bunnymen has twenty-five pages with ten artists each. I can go back and see my entire listening history since I started my account there. Why can I only see the last forty things I listened to on Apple Music?

There are so many things Apple could learn from Last.fm’s recommendation approach, and I wish it would. Right now, its approach is somewhere between inconsequential and unhelpful. It does not have to be this way, and it should not be this way.

Maybe part of my appreciation comes from my nostalgia for the mid-2000s internet era. They are memories of shiny, colourful logos, wet floors everywhere, and new social networks for every conceivable interest. These websites encouraged centralization and many were ultimately destructive to privacy, but there were also gems like Last.fm. It was built around a simple premise: track your music listening history for better recommendations.

It still feels like an artifact of a simpler era. While Apple is busy rebuilding Music in MacOS so it feels less like a weighty mess, Last.fm still feels like a breath of fresher air. I am not calling it lightweight — it is still a web app, so that would be ridiculous — but it does not feel as ponderous as Apple’s attempts. I wish Apple could capture a bit of that magic, if only because Music is still used every day on all of my devices.

In the meantime, I will keep tracking my library with Last.fm. It feels a little quaint, a little cute, but I like it. On my Macs, I use NepTunes; on my iPhone, I use Soor. Both are very good.

Putting an Ear to the Ground of Apple’s Audio Efforts

Tom Parsons of What Hi-Fi? recently interviewed Apple’s VP of acoustics Gary Geaves, and Eric Treski, who works on AirPods marketing. This part seems worth thinking more about:

This is where Adaptive EQ, which was first introduced with the AirPods Pro, comes in: “we’ve added an inward-facing microphone”, says Geaves, “which continuously monitors what’s being played by the speaker and tunes the bass and, to some extent, midrange frequencies as well, to deliver a really consistent frequency response regardless of the level of fit that each person gets”. The idea is that everyone hears the music the same way, and the way the artist intended.

Geaves’ response has echoes of computational photography about it. When asked to clarify how Apple could possibly know what the artist’s intent could be, Geaves says that it is a mix of analytics and human adjustment. I still get the feeling that we cannot really know — but that it is also true of audio products generally. How do any of us know whether the speakers in our headphones or home audio setup are fairly representing what we are listening to?

Parsons presses the two Apple representatives on new stuff released this year, like the third-generation AirPods and spatial audio. But it is when asked about lossless audio that Geaves gives the most intriguing answer:

“Obviously the wireless technology is critical for the content delivery that you talk about”, he says, “but also things like the amount of latency you get when you move your head, and if that’s too long, between you moving your head and the sound changing or remaining static, it will make you feel quite ill, so we have to concentrate very hard on squeezing the most that we can out of the Bluetooth technology, and there’s a number of tricks we can play to maximise or get around some of the limits of Bluetooth. But it’s fair to say that we would like more bandwidth and… I’ll stop right there. We would like more bandwidth”, he smiles.

Given that AirPods Max and Apple Music’s lossless audio option were announced within six months of each other, yet were incompatible for bandwidth reasons, it seemed like something had to give. It felt like a plot hole in both products’ respective stories.

A Year and a Half After the Joint Exposure Notification Framework Was Launched, Its Effects Remain ‘Murky’

Gerrit De Vynck and Cat Zakrzewski, Washington Post:

But nearly two years later, as the omicron variant sweeps across the United States, adoption of the system is still far behind what its creators and proponents envisioned. More than 20 states don’t use it at all, including large states like Florida and Texas that have reported millions of cases and tens of thousands of deaths. Even in states where millions have activated the notifications, only a fraction of people who test positive for the virus report it to the Apple and Google system. California’s system, for example, has been activated on more than 15 million devices, but only about 3 percent of the nearly 3.9 million cases reported since launch were logged in the system.

On Apple’s side, this framework arrived in iOS 13.5 as an optional feature, and was more deeply integrated in the system when iOS 14 shipped in September last year; it was pushed at a similar time through an Android system services update for devices running Marshmallow or later. That was pretty early in this pandemic. Around where I live, that was when it seemed like this pandemic could have been a relatively minor catastrophe, course-corrected by decisive and unprecedented public health actions.

Alas, it turns out that carrying on as though everything was back to normal in summer of 2020 was not a great response here or anywhere that was similarly incautious. In this midst of this was when the Canadian government launched its COVID Alert app, which quickly gained widespread adoption in every province except British Columbia and Alberta, where it remains unavailable. But it is hard to say how significant that is. While not abandoned, only 869 cases were reported in the app last month, even though thousands of cases were being reported every day.

Similarly, this Post report paints a bleak picture of the framework’s poor adoption in the U.S., which Karen L. Howard of the GAO blamed partly on a lack of privacy protections in U.S. law. But I have had a hard time finding similar information about other countries’ responses.

The Apple–Google exposure notification framework is the system adopted by national COVID apps in Germany, Ireland, and Switzerland, where there are much stricter data privacy laws than in the U.S., which has perhaps played a role in driving higher adoption rates. Even still, finding evidence that this framework has played a meaningful difference in this pandemic is hard to come by. Irish authorities were understandably proud of their country’s rapid adoption rate, but a report earlier this year found that only a quarter of cases in Ireland were registered in the app.

Update: A reader from New Zealand pointed me to a story about that country’s exposure notification efforts. It is unfortunately similar in substance, but gives more context about the framework’s lacklustre performance.

The Confusing World of HDMI

Simon Baker, TFTCentral:

In this article we want to look at what the “HDMI 2.1” term really means, and address a worrying early sign in the market of things to come. We’ve delved in to what is required for this certification and what that means to you as a consumer if you ever want to buy something labelled with HDMI 2.1. Don’t make any assumptions about what that will give you, sadly it doesn’t seem to be nearly as simple as that.

The people who write the HDMI spec should get together with those behind USB-C so they can create a single port that nobody understands.

2014: ‘AIs Are Now Re-Writing History’

Earlier this month, I linked to Marques Brownlee’s overview of computational photography. Both Brownlee and myself have vague memories of an announced iPhone feature that would create the best group photo of many, accounting for smiles and blinking.

I still have not found a trace of this feature anywhere. But Pete Ashton sent me an email about a similar Google Photos feature introduced in 2014.

Chris Guld, Picasa Geeks:

If you upload 2 or more pictures of the same group of people to Google+, the Auto-Awesome feature will create a composite picture with the best smiles.

Robert Elliott Smith (via Pete Ashton):

Over lunch, I pointed all this out to my friend Cory Doctorow. I told him that algorithms are, without prompting from their human designers or the owners of the photos, creating human moments that never existed. He was somewhat non-plused. He reminded me that cameras have always done that. The images they capture aren’t the moments as they were, and never have been.

In a sense, all digital photography is computational; even analog photography only reflects a moment based on the specific chemistry of the film. But this new era instinctively feels different to me, and I have not quite put my finger on why. I think it is something to do with the camera manipulating a specific scene’s contents rather than making adjustments based on the scene’s optical qualities.

James Hoffmann’s New Series Is About the Bialetti Moka Express

James Hoffmann’s coffee videos have been a truly excellent way for me to pass the time this year. Weirdly, they have sometimes paralleled what has been going on in my life. Last month, just after I got back from a vacation where I used Nespresso machines for the first time, Hoffmann tried every pod for that machine.

Now, shortly after I was given a Bialetti Moka, Hoffmann has decided to do a thoughtful episodic look at the brewer and its history. This first episode has me looking forward to my next cup of Moka-brewed coffee as I worry about Bialetti’s future.

See Also: Earlier this year, I linked to Hoffmann’s series about the AeroPress.

An Accidental Repository of Niche Music on Spotify

Annie Rauwerda, Boing Boing:

A decade ago, when Spotify was two years old in the UK and had just become available in the US, Chris Johnson started a musical discovery project called TAPEFEAR. He “created a script to find new music on niche music sites, cross reference Spotify to see if it was available to stream,” according to a Reddit post, and besides a bit of occasional tinkering, he largely forgot about it. In total, Johnson says the script ran for a decade amassing 42,000 songs.

According to Johnson, it is actually 42,000 albums on TAPEFEAR. With all this choice, it makes you wonder why first-party playlists on these streaming platforms often feature music from off-brand production houses if not because of lower royalty payout rates, which Spotify has denied.

Washington Post Poll Finds Increasing Concerns About Technology Trustworthiness and Privacy

Heather Kelly and Emily Guskin, Washington Post:

It’s the rare thing that Americans of all ages and across the political spectrum largely seem to agree on: They don’t trust social media services with their information and they view targeted ads as annoying and invasive, according to a Washington Post-Schar School poll. Many Americans use social media — and most use Facebook — but 64 percent say the government should do more to rein in big tech companies.

[…]

Most Americans say they are skeptical that several Internet giants will responsibly handle their personal information and data about their online activity. And an overwhelming majority say they think tech companies don’t provide people with enough control over how their activities are tracked and used. The survey was conducted in November among a random sample of 1,122 adults nationwide.

It is worth skimming the full survey results (PDF) if you, like me, find this sort of stuff curious. Among the most notable findings is that 64% of those asked by the Post said they think increased government intervention is warranted, compared to 38% who said the same to Pew Research in 2012.

The Verge has conducted a similar survey occasionally, and posted the most recent results in October. For example, when asked whether Facebook has a positive, negative, or neutral impact on society, 36% of those polled by the Verge said it was positive, compared to just 10% of those asked by the Post. On questions of trust, those polled by the Post’s research partner were more suspicious of all tech companies than those asked by the Verge.

Perhaps the most alarming pervasive suspicion is one that is still dismissed by many experts — and the companies themselves — as an urban legend. About 7 in 10 Americans think their phone or other devices are listening in on them in ways they did not agree to. Perhaps given the steady drumbeat of damaging true stories that come out about the companies — mishandling of personal data, unchecked dangers for children, contributing to the destructive spread of misinformation and polarization — secretly activating a microphone doesn’t seem like a big leap.

No part of me believes Google or Facebook are listening to any of our conversations through devices’ microphones for the purposes of ad targeting. That narrative sure was not helped when Google failed to acknowledge a microphone in Nest thermostats a couple of years back but, even so, this belief remains a myth.

It does not surprise me that people are so distrustful. According to the Post’s survey, 56% of people also delete their web browser’s history in an attempt to evade tracking. But the technologies they are hoping to defeat run on the websites they browse; they do not rely on the browser’s stored history. Perhaps some people know that and are simply being cautious, but 79% of polled individuals also felt like tech companies generally do not provide enough control.

Internal Amazon Documents Indicate Limitations in User Exploration of Voice-Controlled Devices

Priya Anand, Bloomberg:

Amazon has also been using Alexa itself to nudge consumers to use the system in new ways. In recent years the devices have begun suggesting new requests that people could make, in the process of fulfilling whatever function they actually did request. Annoyed customers have struggled to turn off the feature. (There’s no easy way to do so, but fiddling with settings can significantly reduce the unwanted chattiness, according to an article published on the tech news website CNET in June.) “Almost every day after I ask quick things, I get, ‘By the way, I can recommend birthday gift ideas so you can buy more things from Amazon! Wouldn’t you love to hear that??’” an Alexa user complained in a recent Reddit post. “No, Alexa, the answer has always been no. Just tell me the temperature.” That kind of frustration might explain why some people unplug their speaker and toss it into a closet.

This article makes a big deal about the 15–25% of Alexa owners who stop using the device in January after receiving it as a gift over winter holidays. I am not sure it is worth fussing over that. Maybe they just did not want to be gifted an Alexa.

But I am fascinated by the last paragraph, quoted above. Siri does something similar, but suggests capabilities more related to the query you just made. In both cases, it seems like Amazon and Apple are trying to figure out how to solve the discoverability problem of services primarily controlled through voice. It is a heavy-handed approach that seems to disappoint users instead of delighting them.

It is a tricky balance because we still have no idea what we can try asking these interfaces, and what guardrails and limitations they have. I do not have an Alexa device but, if I ask Siri “will I need a tuque tomorrow?”, it tells me about the chance of rain. Not useful. We must be both very curious and very patient for what may be scant rewards.

Akiva Cohen Reads Alex Berenson’s Lawsuit Against Twitter

Alex Berenson, the “pandemic’s wrongest man”, recently sued Twitter for banning him in August. He alleges that, by doing so, Twitter somehow violated the First Amendment, the California Constitution, and somehow unjustly enriched itself, among eight total claims.

It makes no sense.

That should be obvious, right? Like, we are talking about Alex Berenson here — he has a notoriously tenuous grasp on cause and effect, and either cannot read very well or deliberately misrepresents the information he uncovers. But it is not Berenson writing these claims; he has lawyers working on this suit on his behalf, and they should know better than to entertain a fiction of seriousness for this clown.

Akiva Cohen, who is an actual lawyer, has read through the entire suit to explain why it is so comically wrong. Unfortunately, Cohen did so in a Twitter thread and illustrated it with animated gifs. It is not an easy thing to read — made worse by a bug where Twitter will sometimes omit some tweets in a thread — and I wish it were published as a more coherent narrative. However, it is too comprehensive and too entertaining — “what the crispy fried fuck is this?” — to avoid linking to.

If you would prefer a briefer explanation, Mike Masnick of Techdirt has you covered, and on a single webpage with paragraphs, no less.

The Year of Garbage Internet Trends

Rebecca Jennings, Vox:

Sea shanties are the framework with which I view a great many things that happened in 2021, because so many of them were entirely meaningless fads: blips on the radar lasting only for a moment but just long enough to obscure some larger, more important picture. It is fascinating to trace the origins of these glitches of nothingness: inconsequential tweets that turned into inconsequential TikToks that turned into inconsequential news articles that somehow, suddenly seemed more consequential than anything else that day.

Perhaps we are all living in a nihilist fog of trends birthed by Twitter and TikTok — which does not sound great.

Meta Shareholders Call for Oversight Audit

Ina Fried, Axios:

A letter sent earlier this month to Meta’s corporate secretary, a copy of which was seen by Axios, says that, “Shareholders request the board commission an independent assessment of the Audit and Risk Oversight Committee’s capacities and performance in overseeing company risks to public safety and the public interest and in supporting strategic risk oversight on these issues by the full board.”

The letter is being submitted by the Harrington Associates and Park Foundation, both Facebook shareholders, in conjunction with the Campaign for Accountability.

You may remember the Campaign for Accountability as the organization which, despite running the Tech Transparency Project, refuses to name its funders.

More From Karl Bode on Four Years Since the End of U.S. Federal Net Neutrality Rules

Karl Bode, Techdirt:

This apparently needs repeating: a telecom regulator ignoring all objective data and neutering itself at the behest of the telecom lobby is a bad thing. Ignoring the public and using bogus data to eliminate popular consumer protections that took fifteen years of consensus making to craft is a bad thing. Telecom lobbyists using dead and fake people to create fake support for broadly unpopular policy is a bad thing. Putting natural monopolies with 30 years of anti-competitive behavior under their belts in charge of US telecom policy is a bad thing. If you’re applauding this stuff you’re either misinformed, or engaged in the misinforming.

I am personally in favour of exploring ISP nationalization, especially here in Canada. But if that is a bit too wild for you, the next best thing is ensuring network neutrality is maintained by regulation and adequate enforcement. Internet access is a utility, and it ought to be governed like one.

A Big Thank You

We have just about reached the end of the year, and I want to thank everyone for reading my little website. Whether you started today or you have been a regular for a long time, I truly appreciate that you choose to give my writing a slice of your time and attention.

I would particularly like to thank those of you who have thrown your money behind my hobby on Patreon. Earnings there have helped me pay for subscriptions, hosting, apps, and other things that let me do a better job. This is not how I put a roof over my head or food on the table, but it does require a little financial outlay — and a lot of time — and I am thankful for the assistance.

If you would like to throw a few bucks behind my writing, the best way to do so is on Patreon. If you would not or cannot, I do not value your attention any less. Thank you for reading.

Festivities and Forgetfulness

Today’s issue of Natasha Mascarenhas’ newsletter perfectly captures how I feel right now, but with almond roca instead of ladoos. Until just a couple of weeks ago, it felt like this might be the last holiday season where COVID cautions and health anxieties are running high — but that is no longer the case.

It does not help that it has been freezing for a week now. I would love to go on a photo walk, but it is awful hard to find the motivation. It is a privilege to be merely exhausted, and that is where I am now.

The Effects of Four Years Without Net Neutrality Rules in the U.S.

One of the bizarre by-products of the Trump administration is the rehashing of hysterical media coverage while ignoring real, proven consequences. CNN is notoriously terrible — remember their 2014 coverage of Malaysia Airlines Flight 370? — but apparently the headline of the repeal of net neutrality rules four years ago is ripe for mockery on every anniversary. Nathan Leamer, a former advisor to then-FCC chair Ajit Pai:

CNN called this the End of the Internet as We Know It.

This headline should be in the hall of fame for misinformation. Complete fake news, But of course there has been no accountability from other blue checks and media institutions for the lack of truthiness.

Setting aside Leamer’s complete misunderstanding of truthiness, this headline is awful, even on a purely journalistic level. It tells readers nothing about the contents or context of the story. The story itself is, thankfully, more substantive and presented under a sober banner.

In that thread, Leamer presents a few other examples of bad guesses of what the end of net neutrality in the U.S. could look like. An unfortunate number of people believed that the internet would get slower as a direct result, loading “one word at a time” according to Senate Democrats. That take was so divorced from reality that I felt embarrassed for them in the snow-covered refrigerator I call home. And Leamer was not the only one: Fox News and the libertarian publication Reason dutifully covered the missing annihilation of the internet without acknowledging any effects of the end of net neutrality. That is not because there were none.

Karl Bode, writing in Techdirt in 2019:

One common refrain by Pai and and the industry (and many folks who don’t understand how the broken telecom market works) is that because the internet didn’t immediately collapse upon itself post-repeal in a rainbow-colored explosion, that the repeal itself must not be that big of a deal. That ignores the fact that ISPs are only largely behaving because they’re worried about the numerous new state level net neutrality laws passed in the wake of the federal repeal. Not to mention the 23 state AG lawsuit against the FCC (which, if victorious, would restore some or all of the rules).

[…]

Meanwhile, claims that nothing happened in the wake of the repeal aren’t even true. Giants like AT&T have quietly started using broadband usage caps to disadvantage competitors like Netflix. ISPs like CenturyLink have blocked internet access to sling ads. Mobile carriers now charge you more just to stream in HD as intended. And the repeal of net neutrality didn’t just kill net neutrality, it eroded the FCC’s ability to police the sector, leaving us with revolving door regulators totally unwilling to do anything about numerous sector scandals including the collection and sale of user location data or hurricane recovery failures.

Last June, AT&T excused its recently-acquired HBO products from data caps. Then, during an earnings call last November, Comcast’s CEO was effusive about how the company privileged Peacock subscribers. 2020 capital expenditures among U.S. ISPs dropped during a time when Americans relied on high-speed internet more than ever, even while consumer spending increased.

Many tweets about 2017’s coverage of the end of net neutrality rules were clearly inaccurate and hysterical — that is for certain. But the loss of those rules has not magically solved U.S. broadband problems, either; on the contrary, it has exacerbated the worst tendencies of telecommunications conglomerates as many people — including yours truly — predicted. U.S. ISPs, which should be mere utility providers, are abusing their positions to advantage their own products and services. Net neutrality rules should be restored and, just as importantly, ISPs should not be excluded from antitrust discussions.

The Internet Archive Then, Now, and Into the Future

Joel Khalili of TechRadar profiled Brewster Kahle, founder of both Alexa — RIP — and the Internet Archive. Kahle says the future of the Archive is as complicated as the future of the web:

To highlight these issues, the Internet Archive recently launched the Wayforward Machine, a satirical take on the Wayback Machine that promises to let users “visit the future of the internet”.

Plugging a URL into the Wayforward Machine generates a page plastered with an endless stream of pop-ups, some of which demand payment or personal information, while others simply note that access to information is denied. The message is hardly subtle.

The Internet Archive’s sanctimonious qualities are both admirable and maddening, and this dystopian vision hits both notes.

I wonder about the impact of our platform-centric world on the Archive’s mission. For example, individual Instagram posts and profiles are archived more sporadically than their website counterparts, even for famous and well-followed accounts. A snapshot of NASA’s website is created multiple times every day, but the Archive will let its Instagram profile go for several days in a row without making a copy, even though NASA is posting new photos. Is that a limitation imposed by Meta or Instagram? NASA’s Twitter page is also archived daily. Is it a disk space concern — photos and video, compared to text? Should the Internet Archive’s mission be less ambitious, perhaps, if it is to survive?

‘Truth Social’, the Trump Twitter Clone, Prohibits Disparagement of Its Platform on Its Platform

Patrick Hedger, linking to Truth Social’s terms of service:

This is from the terms of service of Trump’s “censorship free” social media platform under “prohibited activities”.

From the terms:

As a user of the Site, you agree not to:

[…]

23. disparage, tarnish, or otherwise harm, in our opinion, us and/or the Site.

This is yet another Twitter clone that promises an “open, free, and honest” platform — much like Parler and Gab and Gettr — but it is different because it is run by Donald Trump. I am not sure what, in his opinion, constitutes harmful speech about Truth Social on its own platform. His reputation suggests anything less than unmitigated adoration is grounds for dismissal.

Users are also prohibited from offering goods or services, annoying any staff members, or misleading any other users. Truth Social reserves the right to terminate access to the site to any user for any reason in their “sole discretion and without limitation”.

There is nothing wrong with any of this; it is all the kind of standard legal stuff that makes one think someone may have used a template. But it shows that a level of moderator involvement is a desirable characteristic of any social network. Pretending otherwise is embarrassing.

France Latest to Slap Clearview AI With Order to Delete Data

Natasha Lomas, TechCrunch:

France’s privacy watchdog said today that Clearview has breached Europe’s General Data Protection Regulation (GDPR).

In an announcement of the breach finding, the CNIL also gives Clearview formal notice to stop its “unlawful processing” and says it must delete user data within two months.

Good; keep these orders coming. Like previous deletion demands, there are likely problems with ascertaining who in Clearview’s database is covered, but at least there is collective action by countries that have laws concerning individuals’ privacy. It is a stance that declares its entire operation an unacceptable violation. I see nothing wrong with putting Clearview out of business and discouraging others from replicating it.

Music and TV Apps Use JET in MacOS 12.2 Beta

Luming Yin:

macOS 12.2 beta is now available, featuring smoother scrolling in Safari on the latest MacBook Pro with ProMotion, and a native Apple Music and TV experience backed by AppKit views instead of web views.

Filipe Espósito, 9to5Mac:

Some parts of the Music app were already native, such as the music library. But now Mac users will notice that searching for new songs in Apple Music is much faster as the results pages are displayed with a native interface instead of as a webpage. Scrolling between elements has also become smoother with the beta app, and trackpad gestures are now more responsive.

[…]

Yin mentioned that the Apple TV app has also been rebuilt with a native backend. While this is indeed true, 9to5Mac found out that Apple had already updated the TV app with JET technology in macOS Monterey 12.1, which is available for everyone. Of course, more refinements are expected for both apps in the upcoming macOS 12.2 betas.

Michael Tsai:

Note that Music was always an AppKit app (not Catalyst). The difference in 12.2 seems to be that more content within the window now uses native controls. Personally, I didn’t notice a change, perhaps because I don’t use the Apple Music areas of the app.

These changes seem exclusive to the Apple Music parts, which — like the iTunes Store — have long been webpages rendered in the frame of a native Mac app. They have always felt slow and disconnected from the main app. In MacOS 12.2, these web-based sections are now interpreted as native Mac views, and Music feels noticeably faster because of it.1 Scrolling is smoother, and the spacebar now pauses and resumes playback correctly. These improvements and the significantly reduced CPU consumption in MacOS 12.1 make me believe that someone at Apple really does care about the Music app on MacOS. There is hope.

Then again, the preferences window in Music is still modal. Some things will never change.


  1. I believe recent versions of the Mac App Store also use the Jet framework. ↩︎

A Deep Dive Into an NSO Group Zero-Click iMessage Exploit

Ian Beer and Samuel Groß, of Google’s Project Zero team:

Earlier this year, Citizen Lab managed to capture an NSO iMessage-based zero-click exploit being used to target a Saudi activist. In this two-part blog post series we will describe for the first time how an in-the-wild zero-click iMessage exploit works.

Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.

This is a breathtaking accomplishment by NSO Group. I thought I knew where this explanation was going, but then I got to the penultimate section and it left me amazed.

One thing I have long wondered is what avenue was chosen for delivering the first part of the payload. iMessage has allowed the delivery of many file types since it launched. Most — like video or some arbitrary file — require user interaction, so those are ruled out. That leaves webpage previews and images, and we know that webpage previews are generated on the send-side, not by the recipient. So:

Looking at the selector name, the intention here was probably to just copy the GIF file before editing the loop count field, but the semantics of this method are different. Under the hood it uses the CoreGraphics APIs to render the source image to a new GIF file at the destination path. And just because the source filename has to end in .gif, that doesn’t mean it’s really a GIF file.

Are image formats the only instances where a file is interpreted and then a version created by iMessage on the client device? I am looking forward to the promised followup to this post.

Also, I recommend this article about how Xerox scanners screwed up documents and made files legally invalid — linked by Beer and Groß — just because it is really interesting.

Apple’s Tracker Detect App for Android Supports AirTags and Items on the Find My Network

Ian Sherr, CNet:

Apple has released a new Android app called Tracker Detect, designed to help people who don’t own iPhones or iPads to identify unexpected AirTags and other Find My network-equipped sensors that may be nearby.

The new app, which Apple released on the Google Play store Monday, is intended to help people look for item trackers compatible with Apple’s Find My network. “If you think someone is using AirTag or another device to track your location,” the app says, “you can scan to try to find it.”

I might be reading this wrong, but it seems like the selling points for Android users to download this app are:

  1. They would like to help owners of AirTags and other Find My items find their stuff.

  2. They think they may have a stalker.

Without undermining the seriousness of the second reason, it is not often a company launches a companion app to detect someone else’s misuse of its products. That is the main reason someone would keep this app on their phone, right? And it is not only Apple thinking about this; Tile will ship a similar feature next year.

Perhaps we will all need to download apps for products we do not use so that we are not victims of our location being tracked by some unauthorized person. But this does not really apply to “all” of us: women will be — and have been — targeted for stalking by beacons. I guess the market for high-tech key-finding devices is not going anywhere, so at the very least a universal anti-stalking measure should be part of the Bluetooth spec.

Bloomberg Businessweek’s 2021 Jealousy List

Every year, Bloomberg Businessweek’s writers and editors select stories from other publications they wish they had written. I love the concept, and this year’s “Jealousy List” is full of stuff I want to read.

In linking to the 2020 list, I said that I will be jealous of the person or publication who can fully explain the now-infamous “Big Hack” feature: the dubious story of Chinese intelligence surreptitiously implanting chips on the boards of servers made by Supermicro. But that was last year; now there are two questionable stories involving multiple intrusion techniques, a decade of spycraft, dozens of companies, several U.S. government agencies — and the only journalists anywhere who can report even a hint of this are Jordan Robertson and Michael Riley of Bloomberg. I would love to know the story behind that.

Live Audio Rooms Are a Poorly-Moderated New Frontier

Elizabeth Dwoskin, Will Oremus, Craig Timberg, and Nitasha Tiku, Washington Post:

Earlier this year, as Twitter raced to roll out Spaces, its new live audio chat feature, some employees asked how the company planned to make sure the service didn’t become a platform for hate speech, bullying and calls to violence.

In fact, there was no plan. In a presentation to colleagues shortly before its public launch in May, a top Twitter executive, Kayvon Beykpour, acknowledged that people were likely to break Twitter’s rules in the audio chats, according to an attendee who spoke on the condition of anonymity to describe internal matters. But he and other Twitter executives — convinced that Spaces would help revive the sluggish company — refused to slow down.

Fast forward six months and those problems have become reality. Taliban supporters, white nationalists, and anti-vaccine activists sowing coronavirus misinformation have hosted live audio broadcasts on Spaces that hundreds of people have tuned in to, according to researchers, users and screenshots viewed by The Washington Post. Other Spaces conversations have disparaged transgender people and Black Americans. These chats are neither policed nor moderated by Twitter, the company acknowledges, because it does not have human moderators or technology that can scan audio in real-time.

Abuse in and from live audio rooms is entirely predictable. It permits a massive audience for the worst people while being ephemeral. When Clubhouse — last year’s hot new thing — was just a few months old and still only available by invitation, Casey Newton, then at the Verge, explored the obvious problems with keeping users in check:

And for Clubhouse, moderation issues promise to be particularly difficult — and if the app is to ever escape closed beta successfully, will require sustained attention and likely some product innovation. Tatiana Estévez, who worked on moderation efforts at the question-and-answer site Quora, outlined Clubhouse’s challenges in a Twitter thread.

Audio is fast and fluid; will Clubhouse record it so that moderators can review bad interactions later? In an ephemeral medium, how will Clubhouse determine whether users have a bad pattern of behavior? And can Clubhouse do anything to bring balance to the age-old problem of men interrupting women?

“Is this impossible? Probably not,” Estévez wrote. “But in my experience, moderation and culture have to be a huge priority for both the founding team as well as for the community as a whole.”

Estévez in that Twitter thread:

Clubhouse has to deal with this problem both with policies (to kick off bad actors) and with culture. The culture needs to encourage listening, and valuing female voices. And to be honest, many early adopter tech men are bad listeners and don’t value hearing from women.

This was over a year ago and, perhaps unsurprisingly, Swathi Moorthy in Moneycontrol reported last week that Clubhouse still has problems with abuse.

I do not think we should expect apps like Clubhouse or Twitter Spaces to fix misogyny, but it is unethical to create spaces for it to intensify and target specific individuals. I am not arguing that it ought to be illegal to create a new platform without having a moderation solution in place, but I think it is painfully stupid to do so. I am struggling to understand what is gained by creating an audio version of 4chan where it is even more difficult to set boundaries and expectations.

Apparently the metaverse is just around the corner.

iOS Apps Are Tacitly Permitted to Track Users in Aggregate Regardless of App Tracking Transparency Permissions

Patrick McGee, Financial Times:

Apple has allowed app developers to collect data from its 1bn iPhone users for targeted advertising, in an unacknowledged shift that lets companies follow a much looser interpretation of its controversial privacy policy.

In May Apple communicated its privacy changes to the wider public, launching an advert that featured a harassed man whose daily activities were closely monitored by an ever-growing group of strangers. When his iPhone prompted him to “Ask App Not to Track”, he clicked it and they vanished. Apple’s message to potential customers was clear — if you choose an iPhone, you are choosing privacy.

But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles.

Is this actually a “shift” in the way this policy is interpreted? The way Apple has defined tracking in relation to the App Tracking Transparency feature has remained fairly consistent — compare the current page against a snapshot from January. Apps cannot access the device’s advertising identifier if the user opts out and, while Apple warned developers creating unique device identifiers, it does not promise it can prevent the tracking of users, and especially not in aggregate.

It is concerning to me that Apple’s advertising and dialog box text may create the impression of a greater privacy effect than they may realistically achieve. Perhaps Apple’s definition of “tracking” does not align with public expectations; or, perhaps, privacy should not be a product to sell.

Karl Bode, Techdirt:

We also get just an endless parade of semantics, like ISP claims they “don’t sell access to your data” (no, they just give massive “anonymized” datasets away for free as part of a nebulous, broader arrangement they do get paid for). We get tracking opt-out tools that don’t actually opt you out of tracking, or opt you back in any time changes are made. And we get endless proclamations about how everybody supports codifying federal privacy laws from companies that immediately turn around and spend millions of dollars lobbying to ensure even a basic privacy law never sees the light of day.

Privacy is not a luxury good, nor should it be up to individual companies to decide which infringements are acceptable.

Marques Brownlee’s Thoughts on Computational Photography

Most of the manipulations highlighted by Marques Brownlee are just automatic versions of tasks photographers used to have to spend hours completing in Photoshop or Lightroom. It is only generalizing a formerly specialized set of skills, but it seems like that approaches a fuzzy line of what may be desirable.

I could swear I vaguely remember the iPhone camera feature Brownlee mentions where it will merge images to make the best group photo where nobody is blinking, but I think we may both be hallucinating that announcement. I cannot find evidence of it; the best I found is a begging blog post from last year.

That Secret TikTok Document Obtained by the New York Times Has Been Circulating Publicly for a Year Under a Different Name

In his Sunday “Media Equation” column in the New York Times, Ben Smith said he obtained an internal document created for new TikTok employees:

The document, headed “TikTok Algo 101,” was produced by TikTok’s engineering team in Beijing. A company spokeswoman, Hilary McQuaide, confirmed its authenticity, and said it was written to explain to nontechnical employees how the algorithm works. The document offers a new level of detail about the dominant video app, providing a revealing glimpse both of the app’s mathematical core and insight into the company’s understanding of human nature — our tendencies toward boredom, our sensitivity to cultural cues — that help explain why it’s so hard to put down. The document also lifts the curtain on the company’s seamless connection to its Chinese parent company, ByteDance, at a time when the U.S. Department of Commerce is preparing a report on whether TikTok poses a security risk to the United States.

What is interesting to me is the lengths the Times went to so that it could obscure this relatively mild piece of internal documentation. Unlike many other artifacts obtained by the Times, a copy was not linked within the article, and even embedded diagrams were reproduced instead of the originals being shown.

Whether those were precautions borne of a secrecy promise, or perhaps because the original documents had legibility problems, I feel like Smith buried the lede. After wading through an overwrought exploration of the file’s contents, Smith reports on the many lingering connections the ostensibly independent TikTok has with its predecessor app Douyin:

TikTok’s development process, the document says, is closely intertwined with the process of Douyin’s. The document at one point refers TikTok employees to the “Launch Process for Douyin Recommendation Strategy,” and links to an internal company document that it says is the “same document for TikTok and Douyin.”

It turns out the Douyin version of that shared internal document has been circulating publicly for months.

Protocol’s Zeyi Yang, writing in the Source Code newsletter:

In fact, another closely related app uses the same secret sauce. In January, a document titled “Guide to a Certain Video APP’s Recommendation (Algorithm)” was released on several Chinese platforms. While it intentionally obscured which app it’s referencing, there are plenty of hints that it’s about Douyin, TikTok’s Chinese version.

For one, the Chinese document describes how it makes recommendations in the exact same formula and language (yes, word for word) as the document leaked to the Times. They also used the same challenge to the algorithm as a case study.

And in a Q&A entry about competitors, the document mentioned three other major Chinese apps — Toutiao, Kuaishou and Weibo — that rely on recommendation algorithms, but not Douyin, the app that does it the best.

The link above is now dead, but you can find plenty of copies on Chinese social networks — one that was uploaded to CSDN, for instance. It is in Chinese, but it appears to be exactly the same file.

Twitter Is Testing a New Process for Reporting Tweets

Twitter is making a lot of interesting moves lately, and its new reporting workflow is one of them.

Take a look at the screenshots seen in the post. It is more-or-less a change of language compared to the existing workflow, but it makes a world of difference to my eyes. Though there are more words on each page, it seems much clearer to me how to categorize a report of a tweet that could be grounds for removal, especially since you can choose multiple criteria.

This new workflow is only being tested among a small group of users right now, but I hope something like it proves successful. I welcome changes like these aimed at better guidance through a process that can be confusing or intimidating, particularly if they are being harassed.

The Information: Tim Cook Engineered a $275 Billion Deal With China in 2016

Samuel Axon, Ars Technica:

Today, The Information published a lengthy report detailing Apple CEO Tim Cook’s efforts to establish strong relationships between Apple and Chinese government officials and agencies.

Citing both interviews and direct access to internal Apple documents about repeated visits by Cook to China in the mid-2010s, the report describes a $275 billion deal whereby Apple committed to investing heavily in technology infrastructure and training in the country.

The nonbinding, five-year deal was signed by Cook during a 2016 visit, and it was made partially to mitigate or prevent regulatory action by the Chinese government that would have had significant negative effects on Apple’s operations and business in the country.

Wayne Ma’s report is paywalled, of course, but I have a few choice observations. First, it confirms what analysts speculated in 2016 when Apple announced its uncharacteristic investment in ride hailing company Didi Chuxing — that it was basically a way to appease government officials in China. Cook wrote a glowing endorsement of Didi Chuxing CEO Jean Liu for Time’s “100 Most Influential People” feature in 2017.

Second, while this agreement may be officially non-binding, it is hard to imagine Apple could run afoul of its spirit given its dependency on suppliers and manufacturing in China. Ma reports that Apple acquiesced to many government demands, like building research and development centres in the country — including one with the university where Cook was later named chairman of the advisory board — assigning an executive specifically to business in China, and even changing the scale of disputed territories in Apple Maps.

However, it also seems that this deal has helped Apple avoid more stringent regulation in other areas, in ways that are beneficial to users’ rights. Even though Chinese users’ iCloud data is stored on servers located within the country and operated by a local partner — as required by law — it has been allowed to retain control over its encryption keys. The government has allowed it to retain control over its source code, too. But Ma has previously reported that many of Apple’s exemptions are being revoked, and now writes that key businesses, including the App Store, are in a sort of legal limbo.

It seems that Apple is relying more on Chinese suppliers due, in part, to an agreement that it deepens its investment in the country while agreeing to comply with increasingly nationalistic laws. Apple may have published its Commitment to Human Rights last year, but it is further entangling itself with a government that is committing genocide. This entire situation remains Apple’s biggest liability as it goes into 2022 when, according to Ma’s reporting, the agreement could be extended through May.

A History of Autopilot’s Development at Tesla

Cade Metz and Neal E. Boudette, New York Times:

Unlike technologists at almost every other company working on self-driving vehicles, Mr. Musk insisted that autonomy could be achieved solely with cameras tracking their surroundings. But many Tesla engineers questioned whether it was safe enough to rely on cameras without the benefit of other sensing devices — and whether Mr. Musk was promising drivers too much about Autopilot’s capabilities.

Now those questions are at the heart of an investigation by the National Highway Traffic Safety Administration after at least 12 accidents in which Teslas using Autopilot drove into parked fire trucks, police cars and other emergency vehicles, killing one person and injuring 17 others.

I hope autonomous vehicle technologies really can improve safety for drivers and pedestrians alike. I hope more that mass transit gets better, but why not have both? Just know that I am not rooting for these efforts to fail.

One of the defences I often see is that there were only twelve accidents where Autopilot failed out of millions of vehicles on the road. That is likely better than the record of human drivers behind the wheel of any brand of car.

But what this angle misses is that this is effectively twelve accidents caused by the same driver. Autopilot may have been in different cars at the time and with different software versions, but it is all attributable to the same code. Tesla’s software is the driver. That is not a radical position — it is what Volvo argued six years ago for its own cars. Tesla should accept full responsibility when drivers use its autonomous features and not cower behind weak disclaimers that fail to match its own public rhetoric.

One more thing:

Amnon Shashua, chief executive of Mobileye, a former Tesla supplier that has been testing technology that is similar to the electric-car maker’s, said Mr. Musk’s idea of using only cameras in a self-driving system could ultimately work, though other sensors may be needed in the short term. He added that Mr. Musk might exaggerate the capabilities of the company’s technology, but that those statements shouldn’t be taken too seriously.

“One should not be hung up on what Tesla says,” Mr. Shashua said. “Truth is not necessarily their end goal. The end goal is to build a business.”

I hope this is not meant as praise. If it is not possible to build a business truthfully, we are in bad shape. But I am sure it is meant tongue firmly in cheek which, combined with its forthcoming IPO, makes it a fortuitous time for Mobileye to be criticizing a competitor in the press.

Talking Apple Watch Straps

Eric Brain of Hypebeast interviewed Apple’s Evans Hankey and Stan Ng about the range of Apple Watch bands. It is unfortunately a pretty light interview — all marketing, no insight — but it made me reflect on how long Apple has been shipping some of these bands for, virtually unchanged.

The big, as-yet unanswered question is what it take for Apple to break backwards compatibility, or if that is something in the cards. Many Apple Watch owners have built up enormous collections of bands, and the longer Apple retains compatibility, the longer it will feel like that is a given.

So far, no strap has been exclusive to an Apple Watch series because of case size, though there are subtle fit issues when, say, putting a band designed for a 38mm model onto a 41mm Series 7. Apple says that the Solo Loop and Braided Solo Loop are only compatible with Series 4 or newer models, but the fit is not terrible on older models. It is not outright incompatible. There are also a handful of bands that have been exclusive to one of the smaller or larger models, like the Modern Buckle and now-discontinued Leather Loop.

In traditional watch terms, Apple has maintained a nearly consistent lug width in each size bracket. This fascinates me. It seems like every new iPhone has slightly different measurements for justifiable reasons like a different camera system and, so, needs a different case. But if you can still use the exact same bands as you used on the Apple Watch of six years ago, so long as you continue to buy either the small or large model.

For comparison, Rolex has been making versions of its iconic Submariner for nearly seventy years, but it consistently took 20mm straps until last year. It would be unwise to speculate that Apple will also take decades to change, but Watch hardware itself have been fairly consistent year-over-year. It is similarly iconic.

Privacy and Repairs

Apple’s announcement last month that it would soon sell users the parts they need to repair devices themselves reignited discussion about the perceived advantages and drawbacks of self-repair, and promoted questions about how many users would actually take advantage of the program. My guess is that it will be proportionate to the number of people who repair their own vehicles: not many. That is a shame because replacing an iPhone’s display or a MacBook Air’s battery is not very difficult, and I find it emotionally rewarding.

Regardless of whether that resonates with anyone else, one reason more people should be able to repair their own devices is to maintain control over their data. This is not theoretical.

Michael Brice-Saddler, reporting for the Washington Post in November 2019:

It was a sense of foreboding that prompted Gloria Fuentes to delete several apps from her phone ahead of an Apple Store appointment last week in Bakersfield, Calif.

[…]

It turns out Fuentes’s initial concerns were legitimate. When she got home, Fuentes turned on her phone and noticed a text that had been sent to an unknown number, she wrote. The message’s contents were even more harrowing: Fuentes alleged that the Apple employee had gone through her photos, retrieved a private picture and texted it to himself.

The picture in question was taken more than a year ago, she added.

In this article, Brice-Saddler mentions a handful of similar incidents from years past.

James Titcomb, reporting for the Telegraph in June:

Apple paid millions of dollars to a student after iPhone repair technicians posted explicit photos and videos from her phone to Facebook, legal documents have revealed.

The tech giant agreed a settlement with the 21-year-old after two employees at a repair facility uploaded the images from a phone she had sent to Apple to be fixed, resulting in “severe emotional distress”.

The repair facility was operated by Pegatron, but customers are not aware of that when turning their phones in to Apple for repair.

Ryne Hager, AndroidPolice:

Over the week, two Pixel owners have publicly reported that devices sent back to Google for warranty service and replacement were used to violate their privacy. In one instance, someone allegedly took “nudes” from the device and posted them on a customer’s social media account before stealing a small sum via PayPal. Game designer and New York Times bestselling author Jane McGonigal also later tweeted out her own report detailing someone’s attempts to secure similar information from her account, trawling her Gmail, Google Drive, and other data backup sources after she sent her phone to Google for repair.

Stories of repair technicians taking advantage of their position are as disgusting are they are common. Employees like these are present in official channels, at contractors, and at independent repair shops. But even though the problem is a common one, it should surprise nobody that all of these stories are about men violating the privacy of women through their broken devices.

It is not as though other professions do not have their share of creeps. But medical professionals and lawyers have more to lose. When a doctor violates the confidentiality of their relationship with a patient, their name makes the news, and they may get stripped of credentials or expelled from colleges. In many cases, the repair technicians who are found to be responsible for similarly egregious violations are nameless, and could easily get hired elsewhere.

Other professions requiring a high degree of trust in confidential information have codes of conduct their practitioners must adhere to, and governing bodies that can discipline rule-breakers. Repair technicians do not; the qualifications Apple requires of Genius Bar staff are similar to those of retail floor staff. Perhaps that is something which ought to be considered: a self-governing body that sets a minimum standard of expertise for consumer-level repairs,1 and can de-certify anyone who abuses their position.

The above cases are symptomatic of the objectification of women, almost always by men, that is commonplace at all levels of society and which we desperately need to correct. But privacy concerns are not limited to these flagrant violations. There are also items that all of us have on our computers that would make us concerned if a technician accessed them. These privacy incursions are certainly less egregious, but are damaging in their own way. We keep records of our conversations, banking history, health, and so much more on devices we would be reluctant to hand to a stranger on the street.

If you are concerned about someone else handling your device — and I think there are perfectly good, non-criminal reasons for being wary — a self-repair option might make sense for you. We should all expect privacy from technicians, and those who choose a full-service option are in no way asking to be taken advantage of. But self-repair offers another level of reassurance. Your device never leaves your hands. That peace of mind may, for some, be worth the modest learning curve.


  1. I am familiar with the kinds of certifications available to system administrators. ↩︎

Life360 Is Selling Precise Location Data on Its Tens of Millions of Users

Jon Keegan and Alfred Ng, the Markup:

Life360, a popular family safety app used by 33 million people worldwide, has been marketed as a great way for parents to track their children’s movements using their cellphones. The Markup has learned, however, that the app is selling data on kids’ and families’ whereabouts to approximately a dozen data brokers who have sold data to virtually anyone who wants to buy it.

In 2019, Apple pulled about a dozen parental control apps from the App Store over privacy concerns, since they abused Mobile Device Management, though I cannot find any reports that Life360 was among them. However, I did come across a Wired article from later that year in which Louise Matsakis reported that Life360’s public trading prospectus indicated the value it sees in mining its vast collection of user data — largely of children — for profit.

Last month, Life360 announced it would be acquiring Tile.

Verizon Joins Other U.S. Telecoms in Opting Users Into Data Collection and Tracking

Andrew Paul, Input:

A new program innocuously titled the “Verizon Custom Experience” is sold to users as a way for the company to “personalize our communications with you, give you more relevant product and service recommendations, and develop plans, services and offers that are more appealing to you.” To accomplish this, all a Verizon subscriber needs to do is… allow the company access to all the websites you visit, apps you use, as well as see everyone you happen to call and text.

Well, okay, so that’s a bit misleading. You don’t “need” to allow access — Verizon already default granted it. You can manually go in and change a few settings to remedy the situation, though. Here’s how.

Emma Roth, the Verge:

In April, T-Mobile started automatically enrolling users in a program that shares your data with advertisers unless you manually opt-out from your privacy settings. On AT&T’s privacy center, the company says that it collects web and browsing information, along with the apps you use, and that you can manage these settings from AT&T’s site.

Even though this is a common practice among U.S. internet providers, it still disturbs me that they treat it as an opt-out arrangement. Each user has to get an idea that this program exists in the first place, know what it is called — “Custom Experience” is a weaselly marketing way to avoid saying tracking and profiling — and figure out how to disable it. This is a massive ISP-wide privacy violation that is completely legal, and entirely unethical.

Little Annoyances in MacOS Monterey

Howard Oakley:

Monterey is a chance for Apple’s engineers to catch up with the backlog of bugs which have marred Big Sur and its predecessors. While plenty have already been fixed, there are still many to go. This brief survey lists some of those which have been niggling me since the release of macOS 12.0.1, with links to the more serious problems at the end. This is by no means complete, and I’m sure you’ll each know of many that haven’t yet irritated me. While I welcome your proposals, please be careful to outline how each bug can be reproduced, so that we can enjoy them for ourselves.

Michael Tsai:

If we’re talking annoyances, rather than bugs per se, the top of my list would have to be the narrow alerts.

I could pick and choose from the bugs I have filed in the past several months to build a list like these. I seldom find applications outright crashing, but there are plenty of entry-level user interaction problems: in several apps, scroll position is not preserved while using the app or when it is backgrounded; notifications fly in from the bottom edge of the screen when waking my Mac like there is a violent toaster on my desk; Music remains a small tragedy.

In isolation, it would be hard to isolate any of these problems as particularly upsetting or difficult. But they compound. Each one adds unnecessary friction to the tools I use all the time. You can add them all to a list but, for me at least, they multiply my annoyance. From where I am sitting, it is hard to know if these problems are being treated seriously, or if they are falling by the wayside as Apple races to get new features ready in time for WWDC 2022.

Microsoft Does the Bare Minimum, Is Testing a Way to Set a Default Browser

Mary Jo Foley, ZDNet:

Microsoft has been doing its best to force Windows 11 users to stick with its own Edge browser by making switching from it as difficult as possible. But there’s hope the company may do the right thing and stop this nonsense.

The latest Windows 11 Dev Channel test build released earlier this week, Build 22509, has a new browser Set default button, as discovered by Microsoft watcher Rafael Rivera. If and when this new button makes it into the commercially available Windows 11 release, users will again have a cleaner and simpler way to select a browser other than Edge.

It is not like Microsoft accidentally stumbled into the current chaotic browser selector. It made a choice to build something radically different than the Windows 10 picker. All it had to do is avoid user-hostile interactions, but Microsoft deliberately made changes in that direction anyway.

If it ships, this change is for the better. But we should not forget how much negative coverage was required for Microsoft to act, and I bet current antitrust climate helped. Good. Platform owners should be scared to make changes like this, and the pressure should be maintained until Microsoft reverts its other dark patterns. The web only exists through web browsers so it is important to encourage competition.

Twitter’s New Media Permission Policy

Twitter Safety:

There are growing concerns about the misuse of media and information that is not available elsewhere online as a tool to harass, intimidate, and reveal the identities of individuals. Sharing personal media, such as images or videos, can potentially violate a person’s privacy, and may lead to emotional or physical harm. The misuse of private media can affect everyone, but can have a disproportionate effect on women, activists, dissidents, and members of minority communities. When we receive a report that a Tweet contains unauthorized private media, we will now take action in line with our range of enforcement options.

Emma Bowman, NPR:

Emerson Brooking, a senior fellow at the Atlantic Council’s Digital Forensic Research Lab, tweeted that the rule is “written so broadly that most anyone can lodge a complaint against anyone.”

Public figures are exempt from the policy, Twitter said. The social media company assured users that “context matters,” and that its private information policy “includes many exceptions in order to enable robust reporting on newsworthy events and conversations that are in the public interest.”

Brooking added that a lot hinges on those last two words.

Chad Loder is maintaining a thread of legitimate public interest stories that are being curtailed because of this policy. Accounts are being locked from months-old retweets of photos being taken by journalists in public. Twitter’s whole thing is its firehose of information, its misapplication of this policy is kneecapping the use cases that make the platform so valuable.

Businesses Are Slowly Reducing Their Dependence on Third-Party Targeting Data

Suzanne Vranica, the Wall Street Journal:

New privacy protections put in place by tech giants and governments are threatening the flow of user data that companies rely on to target consumers with online ads.

Great.

As a result, companies are taking matters into their own hands. Across nearly every sector, from brewers to fast-food chains to makers of consumer products, marketers are rushing to collect their own information on consumers, seeking to build millions of detailed customer profiles.

Not so great — but not as worrying for privacy as it sounds, either.

When the New York Times told Axios last year that it would be phasing out the use of third-party data for user targeting and relying on its own, I explained why this is a privacy benefit, even though it made the Times a collector of user data:

I would vastly prefer to revert to a pre-personalized ad world, but I still see this move as a step in the right direction. It may still collect data for targeting, but at least it does not involve the near-universal surveillance of companies like Facebook and Google. Reducing their ability to conduct broad and intrusive behavioural data collection is an important step towards a more private web.

This remains true. As much as I think an advertising marketplace should not target users based specifically on who they are and their activities, the least evil version of that is one where individual businesses leverage their existing relationships with people instead of depending on vast web-wide tracking.

But these companies are not exclusively using first-party data. The Journal is careful to acknowledge that targeting information from Facebook, Google, and other ad tech companies will still be used by businesses alongside their own. Furthermore, these data collection schemes are going beyond the typical granularity of loyalty programs, collecting attributes like device identifiers and tying them to names. Building these databases through QR codes and contest entries is sneaky, but not unique or new.

Make no mistake: this is not a slam-dunk win for privacy. I would like to see a regulatory framework scaling back the collection of this data by prohibiting its use for ad targeting, and banning its sale or sharing. But this is a less bad version of personalized advertising because it leverages existing opt-in relationships, rather than fishing for behavioural data with a Google-sized dragnet.

Microsoft Is Pushing People to Keep Using Edge When They Try to Download Chrome

Sayan Sen, Neowin:

In the latest related news, when someone is trying to download Google Chrome from Edge, Microsoft seems to be reminding such users with a popup (image below) that its own browser is built upon the same (Chromium) technology as Chrome, suggesting that there’s no need for a new browser.

So far it’s somewhat fine since there is no lie in that part. However, the prompt also appears to suggest that Edge itself is more secure than Chrome as part of the prompt says “with the added trust of Microsoft”.

[…]

To be completely fair to Microsoft, Google also occasionally sends such pop-ups and prompts when using its search engine or other services. Here’s a classic one below. But at least Google allows the option to reject its advances. That’s not the case for Edge though.

I think this is subtly different from Google’s use of its homepage — the Times Square billboard of internet advertising — to promote its own products. This is a case of Microsoft using its own platform to steer users away from a competing product when it is likely they have navigated to that competitors’ page deliberately. What’s next? Maybe Microsoft could direct users to the Surface marketing site when they try to buy an iPad.

Twitter Should Become a Paid Platform

Ben Thompson:

Given that impact, I can see why Elliott Management would look at Twitter and wonder why it is that the company can’t manage to make more money, but the fact that Twitter is the nexus of online information flow reflects the reality of information on the Internet: massively impactful and economically worthless, particularly when ads — which themselves are digital information — can easily be bought elsewhere.

[…]

So let’s review: there is both little evidence that Twitter can monetize via direct response marketing, and reason to believe that the problem is not simply mismanagement. At the same time, Twitter is absolutely essential to a core group of users who are not simply unconcerned with the problems inherent to Twitter’s public broadcast model (including abuse and mob behavior), but actually find the platform indispensable for precisely those reasons: Twitter is where the news is made, shaped, and battled over, and there is very little chance of another platform displacing it, in large part because no one is economically motivated to do so.

Given this, why not charge for access?

I tell you, when Thompson gets it, he really gets it. “Massively impactful and economically worthless” could be etched in the stone foundation of Twitter’s headquarters.

I happen to be one of the truly sick freaks for whom Twitter is their favourite social network, and I think that is true in part because I do not really understand it. Facebook, Instagram, TikTok, Pinterest — I get what they do and what they are for. But Twitter? It is brief bursts of shouting, shared links, photos, reply guys, and automated feeds. It is chaotic.

I like it so much that I would pay $50 a year to be a member — no joke. And I do not want more half-steps like Twitter Blue. Just charge me for access and I am sure I would pay it, like I would have done for the past fourteen years I have had an account with the site.

Reef’s Ghost Kitchens Are Proving to Be a Messy Business

Eliot Brown, Wall Street Journal:

In addition to the three fireball incidents, Reef has faced multiple citywide shutdowns over permitting and other regulatory violations, challenges connecting to local utilities, higher-than-expected costs and a labor shortage, said former executives and managers. Many former employees described the environment at Reef as chaotic.

[…]

Reef stands out among ghost-kitchen startups given its large amount of funding — over $1.5 billion — as well as its business model. While competitors tend to rely on large shared kitchens for numerous restaurant brands, Reef’s strategy is focused on putting trailer-size kitchens in parking lots near residential areas.

As a reminder, Reef Technologies is the product of two parking companies — ParkJockey and Impark — owned and generously funded by SoftBank to transform empty stalls into pop-up versions of city amenities. I used to live near one of these trailers: calling it a “ghost” kitchen is apt, given how busy it was with vehicle traffic, yet lacking any of the presence or warmth you would associate with a restaurant. On any night, I could watch delivery drivers pull up in a little hatchback, throw on their hazards, and rush to the fluorescent glow of that trailer in the middle of an otherwise-empty surface lot to fetch someone’s chicken wings and Coke.

All of this is brought to you by parking companies that squat on valuable downtown blocks, thereby helping make cities less friendly, less walkable, and less connected.

Parag Agrawal Replaces Jack Dorsey as Twitter CEO

Twitter’s press release:

Twitter, Inc. today announced that Jack Dorsey has decided to step down as Chief Executive Officer and that the Board of Directors has unanimously appointed Parag Agrawal as CEO and a member of the Board, effective immediately. Dorsey will remain a member of the Board until his term expires at the 2022 meeting of stockholders. Bret Taylor was named the new Chairman of the Board, succeeding Patrick Pichette who will remain on the Board and continue to serve as chair of the Audit Committee. Agrawal has been with Twitter for more than a decade and has served as Chief Technology Officer since 2017.

Jack Dorsey tweeted a screenshot of his internal announcement email — unfortunately, without alt text. Dorsey has held the CEO title since he reclaimed it from Dick Costolo on July 1, 2015. In February 2020, Paul Singer’s Elliott Management firm made a sizeable investment in Twitter. Elliott’s goals? To replicate the “Stories” format made so popular by Snapchat and Instagram — which went spectacularly — and to get rid of Dorsey as CEO.

While serving as CTO, Agrawal has been shepherding Twitter’s “Bluesky” protocol efforts. Interesting days ahead.

Update: The now-routine context-free old tweet ransacking has begun for Agrawal.

Amazon’s Data Request Results Page Is Needlessly Difficult

Over a week ago, I requested a copy of my personal data from Amazon, after a few journalists reported some surprising finds in theirs. I am a very light user of Amazon’s services, so I did not expect anything remarkable, but I was curious.

Well, I just got a copy of it this evening, and the most surprising thing was how it was delivered. When you request a copy of your data from another company, it typically takes a few hours or perhaps a few days to become available. Apple says “up to seven days”;1 Google says “possibly hours or days”; Twitter says “24 hours or longer”.

Amazon does not promise to turn around its files nearly as quickly. It says that it can take up to thirty days to create the exported data. When it does become available, you are presented with a list of individual downloads labelled and categorized by function — in mine, there were 57.

And there is no “download all” button.

Oh, and all of the download buttons are not actually direct links to each file, but instead link to an HTML page that fetches the correct download, which means you cannot save the files to a specific folder on your computer.

Remember, I am a light Amazon user, so mine mostly consisted of retail-related files, like my search history, order history, and payment data on file including the last four digits of credit cards. I was a little surprised to see a copy of every order status email Amazon has ever sent me, along with a database of the read status of each one.

Otherwise, there is very little to report, and I probably would not have written anything if the download process were not hysterically cumbersome. I just do not understand why all of this was not delivered as a single zip file. It is like I am being punished for having the audacity to request my data.


  1. I did not request a copy of my iCloud Photos, iCloud Drive, or iCloud email inbox. The promise may be different if I asked for all of that. ↩︎

‘Make a U-Turn’

BuffaloCoward on Reddit, commenting on how often Apple Maps suggests doing a u-turn when using it for navigation directions:

I’ve always found u-turns to be stressful, and I try and avoid them if possible. Apple doesn’t know the turning radius of my car, I just want to turn u-turns off like you can toggle avoid toll roads or highways.

And the thing is, if you’re navigating and miss a turn the thing just turns into a[n] infinite loop of u-turns. No matter how many you skip it’ll just tell you to make another u-turn.

In Alberta, it is illegal to make a u-turn in many circumstances, including at any intersection with traffic lights. Even so, Apple Maps will demand you make a u-turn if you deviate from the route it has selected; it is the only way it seems to know how to return you to the route. Because I am not interested in committing traffic offences, if I miss my turn, I will make three rights in a row to get around the block, and then make a left turn to get back to where I started. That is a completely sensible alternative that Maps simply will not suggest, nor does it ever seem to re-route in a way that will let me follow the current road to a different intersection.

I was inspired by BuffaloCoward’s post, but where I disagree is in making u-turns an option. Apple Maps should simply be better at re-routing. A u-turn should be a last resort measure, only suggested when any other option would be either impossible or require an implausibly longer route. Every other way of changing my route after a missed turn is preferable to a u-turn and should be evaluated first.

Good luck to the team trying to get Project Titan out the door in four years.

Apple’s Self-Repair Program ‘Feels Good’ to Tim Cook, Will Sell Parts Through a Third Party

On Friday, while Apple was opening a store in Los Angeles, KTLA reporter Rich DeMuro spoke with Tim Cook for a few minutes and asked about the self-repair program. Cook:

Well, we realized that there were some people that wanted to do this [self-repair] and that are trained to do this. You know, they’re the Popular Mechanics crowd, if you will, which I love and have been focused on my entire life. So it feels good to put the manuals out there and get the parts out there — that enables people to do this. Still, if you’re not comfortable doing that, we encourage you to come in the Apple Store and get it done for you. That’s still the best way, perhaps, for most people. But if you’re a technician, then have at it. You’re able to do it yourself.

I am sure Popular Mechanics appreciates the shout-out.

MacRumors obtained an internal memo with a few more details. Joe Rossignol:

Apple’s memo also said that its online parts store will be operated by an unspecified third party. While no official reason was provided, it would certainly be logistically easier for Apple to outsource shipping and receiving of parts to and from customers. A similar system is already in place for Apple Authorized Service Providers.

It makes sense to operate the parts store for end users as a branch of the Authorized Service Providers’ store. Still, it is a little curious for a company as vertically integrated as Apple. The third-party sourcing for authorized repair shops is news to me.

The Amazon Lobbyists Fighting Against Consumer Privacy Protections

Jeffrey Dastin, Chris Kirkham, and Aditya Kalra, Reuters:

Amazon’s lobbying against privacy protections aims to preserve the company’s access to detailed consumer data that has fueled its explosive online-retailing growth and provided an advantage in emerging technologies, according to the Amazon documents and former employees. The data Amazon amasses includes Alexa voice recordings; videos from home-camera systems; personal health data from fitness trackers; and data on consumers’ web-searching and buying habits from its e-commerce business.

Some of this information is highly sensitive. Under a 2018 California law that passed despite Amazon’s opposition, consumers can access the personal data that technology companies keep on them. After losing that state battle, Amazon last year started allowing all U.S. consumers to access their data. (Customers can request their data at this link.) Seven Reuters reporters obtained and examined their own Amazon dossiers.

Even setting aside its massive cloud computing business, it is staggering to imagine how much information Amazon has access to on its users with historically poor internal controls. For its heaviest users — Prime members who have Ring doorbells, Alexa devices in every room, read their Kindle most nights, and shop at Whole Foods — Amazon has a more-or-less complete picture of their lifestyle.

I am a very light Amazon user, with just one order made in 2021, and six in 2020. I do not have any Alexa or Kindle devices, and have never shopped at Whole Foods. So I was a little surprised when I requested my data on November 19 and was told that it would take up to a month for them to produce a copy. I delayed writing about this story because I wanted to have a copy of my own data in hand, but it has been five days and I have not received anything. Any other large technology company has produced a copy of my data within hours of me making the request, and even the slowest information brokers have taken just a couple days. Is Amazon relying on an entirely manual process?

Some of the examples cited by Reuters are a little weak on their face:

Alexa devices also pulled in data from iPhones and other non-Amazon gear – including one reporter’s iPhone calendar entries, with names of people he was scheduled to contact.

I am not sure it is newsworthy that Alexa devices need to know information about users’ calendar entries in order to respond to queries like “what time is my meeting with Leslie?”, for example. But perhaps it should be — if this reporter was not aware of how much information a smart speaker needed to ingest and share with Amazon’s servers, for some reason, it can understandably feel like an invasion of privacy. If something can be done locally, it probably ought to be.

One more thing:

As executives edited the draft, Herdener summed up a central goal in a margin note: “We want policymakers and press to fear us,” he wrote. He described this desire as a “mantra” that had united department leaders in a Washington strategy session.

This is a terrible goal to even suggest in a margin note, and it is indicative of the kind of ruthless work culture that urgently needs to die.

Amazon’s Poor Record of Internal Privacy Controls Has Enabled Corruption, Snooping, and Insufficient Logging

Will Evans, Wired:

Around the tail end of 2016, a guy named Gary Gagnon — a cybersecurity executive with decades of experience, primarily in federal government work — flew to Seattle to discuss becoming Amazon’s new vice president of information security. His last interview of the day was with Wilke, the consumer CEO, who met Gagnon in a small conference room off of his modest office, dressed in a flannel button-down and jeans. The outfit was part of a tradition, Gagnon recalls Wilke explaining: He always dressed like a warehouse worker during the peak holiday shopping season, to remind folks at headquarters of the people who really kept Amazon churning.

[…]

As he settled into his new role, Gagnon quickly realized that all was not well with “information security” — as he was urged to call it — at Amazon. The size of the company’s network was astounding, but “it was all put together with tape and bubblegum,” a tangle of old and new software, Gagnon says. “It grew up out of a garage and it just kept going from there.” New consumer products were locked down with the utmost secrecy before launch, Gagnon says. But otherwise it seemed like everyone on the network had access to nearly everything, including customer information — and yet there was no insider threat program dedicated to preventing rogue employees from abusing their access while he was there. More fundamentally, he says, the team didn’t seem to have any systematic way of prioritizing its biggest security risks. “It was shocking to me,” Gagnon says.

Every section of this article is a gripping story of internal failures, corruption, and weak excuses. According to Evans’ reporting, Amazon prioritized growth to such an extent that even basic internal privacy controls were not implemented, and tens of thousands of employees had access to far more information than required for their job. Customer details were routinely scavenged and sold, sometimes finding their way into the hands of sketchy third-party firms that blended together several data sources. Evans too often compares this to the Cambridge Analytica scandal at Facebook for my liking.

Yet, despite this exhaustive look at Amazon’s internal practices, Gagnon’s fate somehow gets only a passing mention. He was reportedly fired after a conference in London in circumstances “under dispute”. There is plenty more room for detail and it appears that Evans interviewed Gagnon, but we get no more information than Amazon’s acknowledgement of his termination. Strange.

Apple Sues NSO Group

Apple:

Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.

NSO Group is one of four companies recently added to a list maintained by the U.S. Department of Commerce, which prohibits any U.S. company from selling products or services to NSO Group without U.S. government approval. If it were also legally prohibited from using any of Apple’s products or services, it would surely put a damper on the company’s ability to operate, though it would only be a little bit surprising if NSO Group managed to acquire devices through another route.

A copy of Apple’s complaint is available on CourtListener. This is the second time this legal strategy has been used against NSO Group — Facebook sued it in 2019. The “new information” about how this spyware works mostly appears to be these paragraphs from the suit:

On information and belief, Defendants created more than one hundred Apple IDs using Apple’s systems to be used in their deployment of FORCEDENTRY.

On information and belief, after obtaining Apple IDs, Defendants executed the FORCEDENTRY exploit first by using their computers to contact Apple servers in the United States and abroad to identify other Apple devices. Defendants contacted Apple servers using their Apple IDs to confirm that the target was using an Apple device. Defendants would then send abusive data created by Defendants through Apple servers in the United States and abroad for purposes of this attack. The abusive data was sent to the target phone through Apple’s iMessage service, disabling logging on a targeted Apple device so that Defendants could surreptitiously deliver the Pegasus payload via a larger file. That larger file would be temporarily stored in an encrypted form unreadable to Apple on one of Apple’s iCloud servers in the United States or abroad for delivery to the target.

One of the minor privacy flaws of iMessage is that it will automatically tell you whether someone else has enabled it. All you have to do is type an email address or a phone number into the “To:” field in Messages; if it turns blue, it is an iMessage account and, therefore, associated with an Apple ID and an Apple device. In a vacuum, this is not very meaningful, but it appears that NSO Group was using a similar technique to figure out where to send its spyware.

Perhaps not as headline-making is this announcement:

Apple is notifying the small number of users that it discovered may have been targeted by FORCEDENTRY. Any time Apple discovers activity consistent with a state-sponsored spyware attack, Apple will notify the affected users in accordance with industry best practices.

I cannot find any reports of Apple notifying potential victims of state-sponsored attacks, so this appears to be a new policy. Twitter was doing this in 2015, and Google in 2012.

Update: As of November 24, Apple is now alerting possible targets. Ewa Wrzosek, a prosecutor in Poland, shared screenshots of what one of those warnings looks like. Wrzosek was notified by iMessage; others were sent emails.

For Premium Spotify Users, Albums No Longer Play in Shuffle by Default

First erroneously summarized and mocked as Spotify removing the shuffle button from album pages at Adele’s request, the accurate announcement is far more tame.

Andrew Paul, Input:

First off, the change really only affects Premium users (surprise surprise), so all you plebians not paying your monthly Spotify tithes will still suffer the shuffle. Secondly, it remains easy to enable shuffling album tracks by going to the “Now Playing View” and selecting the shuffle icon. So yeah, less a “take shuffle button off all album pages” as the BBC says, and more a “Premium users get a slightly more streamlined method to play album tracks in order.

Albums used to default to playing in a shuffled order on Spotify, and now they play according to the album sequence — that is the change. Frankly, it is long overdue and it seems silly to me that shuffle was ever the default for this particular play mode. Playlists? Sure. Albums? No way. Individual users should be able to choose if they wish to play an album on shuffle, but it is disrespectful to the art for a platform to make it the default behaviour.

I have read many of the stories about this change, and it still seems unclear how much Adele had to do with it. Alison Foreman of Mashable reported that Adele’s new record was first to receive the album-ordered default playback behaviour; but, when Adele tweeted about it, she quoted a story about how this applied to all albums. I am mostly sure it is not coincidental that the change in default behaviour rolled out the same weekend as Adele’s new record, but it does not seem certain that it came explicitly at her request, either.

How Facebook and Google Fund Global Misinformation

In 2015, Facebook launched Instant Articles, which is sort of its version of Google’s Accelerated Mobile Pages format in the sense of it being a phone-first fast-loading proprietary webpage format. It allowed Facebook to capture the ads displayed on those pages.

Karen Hao, MIT Technology Review:

Instant Articles quickly fell out of favor with its original cohort of big mainstream publishers. For them, the payouts weren’t high enough compared with other available forms of monetization. But that was not true for publishers in the Global South, which Facebook began accepting into the program in 2016. In 2018, the company reported paying out $1.5 billion to publishers and app developers (who can also participate in Audience Network). In 2019, that figure had reached multiple billions.

Early on, Facebook performed little quality control on the types of publishers joining the program. The platform’s design also didn’t sufficiently penalize users for posting identical content across Facebook pages — in fact, it rewarded the behavior. Posting the same article on multiple pages could as much as double the number of users who clicked on it and generated ad revenue.

Clickbait farms around the world seized on this flaw as a strategy — one they still use today.

You may quibble with Hao’s use of the term “clickbait”; if so, feel free to replace it with something like “low-quality publishers” in your head. The results are the same.

Hao’s reporting is strong and I recommend this article, but it can also be seen, in part, as an updated and consolidated version of stories published since Instant Articles debuted:

  • In 2016, Kyle Chayka reported for the Verge that the generic and consistent layouts of pages powered by AMP and Instant Articles made it hard to distinguish between legitimate news sources and sketchy blogs.

  • In 2017, Sarah Perez wrote for TechCrunch about how Facebook would begin ranking faster-loading pages higher in users’ News Feeds, a decision that incidentally benefitted Instant Articles. Facebook says that Instant Articles are “ranked in News Feed by the same criteria” used for any other page.

  • Notably, Jane Lytvynenko reported for Buzzfeed News in 2018 that Instant Articles were gaining adoption among disreputable publishers. They also used Facebook’s advertising technology.

By advantaging their own formats — however incidentally they may claim — while eschewing moderation, Google and Facebook must be held at least partially responsible in my eyes for the misinformation they helped fund and spread. I do not mean that in a legal sense; I am not a lawyer. But their moral culpability for this should be attached to them for as long as we think about them.

Bloomberg: Apple Aims for Fully Autonomous Car as Early as 2025

Mark Gurman, Bloomberg:

For the past several years, Apple’s car team had explored two simultaneous paths: creating a model with limited self-driving capabilities focused on steering and acceleration — similar to many current cars — or a version with full self-driving ability that doesn’t require human intervention.

Under the effort’s new leader — Apple Watch software executive Kevin Lynch — engineers are now concentrating on the second option. Lynch is pushing for a car with a full self-driving system in the first version, said the people, who asked not to be identified because the deliberations are private.

[…]

Apple is internally targeting a launch of its self-driving car in four years, faster than the five- to seven-year timeline that some engineers had been planning for earlier this year. But the timing is fluid, and hitting that 2025 target is dependent on the company’s ability to complete the self-driving system — an ambitious task on that schedule. If Apple is unable to reach its goal, it could either delay a release or initially sell a car with lesser technology.

This is the project I am most doubtful of — not just from Apple, but from the entire industry. I will believe in the possibility of a fully autonomous car when I see one driving like a human would in mixed weather conditions, construction zones, gravel roads, and twisty mountain passes — not until then.

Other companies have loudly trumpeted their attempts at autonomous vehicles with not great results, but Apple has, as you would expect, kept its efforts mostly to itself. I wonder how it is getting along. Gurman reports that a key milestone has been achieved that puts it on the path to launching in the foreseeable future, but I still cannot shake my doubts. It is not because of what we have seen from Tesla or Waymo or others; I think the best way to view Apple is through its own work. And that is a big problem because its history of automation, cartography, and machine learning has not been encouraging. From the company that brought you Apple Maps and Siri is not a great tagline for a vehicle weighing many tonnes and travelling at high speeds with only its own programming to guide it.

But if 2025. or even 2030, is seen internally as a reasonable timeframe for public availability of this thing, it can only be seen as a promising project. I refuse to be anywhere near one — inside or out — until it has proved its capabilities, but this is intriguing.

In a Brooklyn Drive, Tesla’s Full Self-Driving Mode Seems Scary for Everyone

Matt McFarland, CNN:

I’d spent my morning so far in the backseat of the Model 3 using “full self-driving,” the system that Tesla says will change the world by enabling safe and reliable autonomous vehicles. I’d watched the software nearly crash into a construction site, try to turn into a stopped truck and attempt to drive down the wrong side of the road. Angry drivers blared their horns as the system hesitated, sometimes right in the middle of an intersection.

The Model 3’s “full self-driving” needed plenty of human interventions to protect us and everyone else on the road. Sometimes that meant tapping the brake to turn off the software, so that it wouldn’t try to drive around a car in front of us. Other times we quickly jerked the wheel to avoid a crash. (Tesla tells drivers to pay constant attention to the road, and be prepared to act immediately.)

Watch the video where CNN editor Michael Ballaban drives — well, is present — this thing. It looks terrifying. I am not sure about you, but I would prefer to be in control at all times, rather than relying on partial automation while I maintain a driving level of focus so I may rescue the car when it screws up.

There are caveats, certainly. This is beta software, and it is certainly impressive that it can do some basic driving on its own. But this is not a self-driving car — not even close.

Not What Windows Wrought

Jack Wellborn:

I also get why people are excited about Microsoft in general. This new Microsoft surprises and delights by doing things that old Microsoft would never consider. They have Visual Studio for the Mac. They make PC hardware. They even include Linux support in Windows. This new Microsoft is exciting and different, but they’ve also been around long enough to show us who they are. Nothing exemplifies that more than Windows on ARM. I think it’s great Microsoft has spent five years pushing Windows on ARM, but no one in their right mind could say they’ve been as successful at it when compared to what Apple has just accomplished. The tech community likes to pretend that Windows on ARM and the Surface Pro X are viable, if not flawed, options when they’re really not.

Wellborn’s selection of quotes from enthusiastic press coverage of Microsoft’s lukewarm ARM efforts reminded me to go look for some reactions to the early rumours and the announcement that Apple would be switching to its own processors. I want to do this not just because these things are funny to read in hindsight, but also because they illustrate why media and analyst coverage often gets this stuff wrong in the first place — especially when it comes to Apple.

Let me take you back to springtime of 2018. Perennial speculation of a shift away from Intel processors in the Mac seemed to be confirmed when Ian King and Mark Gurman of Bloomberg reported on the in-progress transition. A flurry of responses from columnists and reporters followed.

Brian Barrett of Wired seemed to think the architecture shift would necessarily include radical software changes:

Apple could also find users flummoxed at its attempt at the MacOS-iOS mashup that would apparently accompany an ARM transition. It wasn’t so long ago, after all, that Microsoft flamed out spectacularly when it attempted to bring a mobile UI to the desktop in Windows 8, an overhaul that left users feeling mostly confused and annoyed. And while Cupertino has already made some adjustments to give its desktop and mobile operating systems some common ground—its Apple File System, introduced last spring, works across both—it will have to combat years of ingrained expectations about how Apple devices behave.

In fairness, Barrett called his imagined list of problems likely to arise during this transition “surmountable”. But, still, it is a list of doom-and-gloom thoughts about how hard it will be for Apple to move away from Intel, with the assumption that it could only be for the most lightweight and entry-level uses, sort of like ARM laptops that run Windows.

Samuel Axon of Ars Technica speculated that Macs running on Apple’s processors could fit in the lineup like ARM-based Microsoft Surfaces, at least at first (emphasis mine):

While it makes sense for Apple to start sailing on this journey now, it likely won’t arrive at its destination (total independence from Intel) for several years—likely well beyond the 2020 date that Bloomberg names as the earliest launch window for a first Intel-free Mac. If an Apple-chip-powered Mac arrives in 2020, it could be a specialized product in a Mac lineup that still mostly includes Intel-based computers.

Joel Hruska of ExtremeTech was worried about entirely the wrong customer base:

But it’s genuinely surprising that Apple would choose to abandon CPU compatibility given the significant impact x86 had on its Mac product lines. Mac adoption rates shot upwards once people knew their hardware would be seamlessly compatible with Windows. Walking away from that same compatibility now seems foolish, at least as far as good customer support is concerned.

Windows on ARM theoretically presents a solution to this problem, but the WoA OS is limited to 32-bit applications, with no support for x86 drivers, Hyper-V, and limited API compatibility. Supposedly this transition won’t take place before 2020, which gives MS and Apple another 20 months to get their ducks in a row, but 20 months isn’t actually all that much time to perfect cross-OS compatibility, especially not if the goal is to add better and more robust support for 64-bit applications and various types of system drivers.

These analyses have many flaws, but one thing they share is the idea that Microsoft tried similar things and failed, so why should Apple be any different? I buy the argument that Apple’s attempt should not have been deemed a success until the company proved its bonafides, but these predictions are ludicrous: MacOS is nearly the same on Intel and M1 processors, Apple was not timid with its M1 introduction, and I do not imagine the question of Windows’ availability made anyone at Apple blink.

After Apple announced the transition at WWDC 2020 — but, critically, before it announced or shipped any consumer hardware — Alex Cranz of Gizmodo speculated on the company’s motivations with the help of an analyst:

Profits are the likely motivation behind Apple’s biggest moves — for any publicly-traded company’s biggest moves — even when those moves have altruistic outcomes like improving customer privacy. And Apple’s main profit driver is vertical integration: the practice of keeping as many elements of a supply chain in-house as possible to drive down costs, increase revenue, and maintain a hold on the markets it dominates.

“Apple hasn’t been very successful over the past five years with the Mac and most of the innovation has come from Windows vendors,” analyst Patrick Moorhead told Gizmodo. “I think Apple sees vertical integration as a way to lower costs and differentiate. We’ll see. It’s a risky and expensive move for Apple, and right now I’m scratching my head on why Apple would do this. There’s no clear benefit for developers or for users, and it appears Apple is trying to boost profits.”

Apple undoubtably likes vertical integration, and not just because of cost reasons. (By the way, have you noticed how often columnists and analysts write about Apple’s ostensible desire for control as though that is the goal, but rarely define the possible motivations for choosing to build integrated devices instead of collections of parts?) Moorhead’s inability to see benefits for anyone other than Apple looked silly at the time and has only aged worse.1

Neither Moorhead and Cranz give serious thought to the possibility that processors of Apple’s own design could be the foundation of Macs that perform better than their Intel counterparts and get far better battery life. Cranz dances around exploring it for a couple of paragraphs — maybe Apple’s chips will be competitive with those from Intel and AMD — but most of the article is dedicated to the supposedly taller walls of Apple’s garden. There is no clear reason why this is the case: Apple has only ever officially supported the Darwin-based versions of MacOS on its own hardware, no matter what instruction set or vendor its processors use. Moorhead, on the other hand, bet on Apple only transitioning laptops and consumer hardware to its own processors, and retaining Intel for its higher-performance Macs. “Fingers crossed,” Cranz wrote in response.

I assume few Mac users are now crossing their fingers that Apple keeps Intel processors in future products, even at the high end.

Re-reading some of the press from this time in the Mac’s history and comparing it to coverage quoted by Wellborn is a heck of a head-trip. Even without the knowledge that Apple’s own processors would instantly become the benchmark for the personal computer industry, it seems like the flaws in others’ efforts — Microsoft’s in particular — are centred only once reliable rumours surface about Apple’s entry. Then, these writers oftentimes seem to view Apple’s attempts through exactly the same lens as any other company’s, somehow ignoring the vertical integration that so distinguishes it or its own history of product development.

That is not to say the press should have assumed that ARM Macs would be brilliant; skepticism is often lacking in the tech press. But it seems especially egregious in the case of this transition because Apple’s previous processor architecture change is recent memory. Why assume Apple would take a similar route as Microsoft did with Windows on ARM when it always seemed more likely that it would mimic its own past success of moving from PowerPC to Intel?

But, no, the tech press looked to the attempts of other companies as instructive of what Apple would do, despite that being a flawed speculation strategy for decades.

I am reminded of that classic Macalope nugget:

It’s amazing how future Microsoft products beat current Apple products time and time again, isn’t it?

An interpolation of that: it is amazing how present Microsoft problems do not match the speculated doom of similar efforts from Apple, time and time again.


  1. In the 2018 Wired article, Moorhead is also quoted as an expert analyst voice:

    “Computationally I can see a Core i3 or low-end Core i5,” says Patrick Moorhead, founder of Moor Insights & Strategy, comparing ARM’s abilities to entry-level Intel chips. “I can’t imagine that by 2020 they’d have a processor anywhere near the capabilities of a Xeon or a Core i7.”

    Nobody seemed to predict the astonishing power of even a base model M1 MacBook Air. But when read alongside Moorhead’s analysis cited by Cranz in 2020, it looks like he was certain this was purely a play to spend less money with Intel rather than a serious effort to do better. Why would Apple go through the effort of switching for any other reason than because it wanted more than what Intel could offer? ↩︎

Chromium’s URL Blocklist Can Now Prevent Viewing Page Source

Thomas Claburn, the Register:

Future Chromium-based browsers under administrative control will be able to prevent users from viewing webpage source code for specific URLs, a capability that remained unavailable to enterprise customers for the past three years until a bug fix landed earlier this week.

Back on October 15, 2018 an employee of Amplified IT, a Google education partner since acquired by CDW, filed a bug report describing how the Chromium URL Blocklist – which administrators can set to conform with organization or enterprise policy – doesn’t actually work.

Evidently, tech savvy students were viewing the source code of web-based tests to determine the answers.

The rationale for this bug seems pretty weak. If exam software is revealing answers in the page source, it should be rewritten. In this case, it was Google Forms, which makes this bug fix from Google’s Chromium project look especially hinky. But I am convinced a policy like this should behave as expected for all URLs, so it makes sense to make the correction even with the weak example. If you look solely at the facts of this bug and the limited scope of this fix, it should be uncontroversial.

Much dumber still was the hand-wringing about how this is some kind of plot to allow individual websites to block users from viewing markup, which is as technically illiterate as it is alarmist. I was shocked to see how many people spread this version of the story even well after it was clear this was an administrative policy for managed environments.

If the web were still primarily a venue for document viewing, as I naïvely believe it ought to be, I would see this through a more debilitating lens. But the web is basically an operating system and viewing the source tells you little these days. I think that is a bigger regression, but it is only tangentially related to this bug. This is a big, scary pile of nothing.

Apple Announces Self Service Repair Coming Next Year for Recent iPhones and M1 Macs

Apple:

Apple today announced Self Service Repair, which will allow customers who are comfortable with completing their own repairs access to Apple genuine parts and tools. Available first for the iPhone 12 and iPhone 13 lineups, and soon to be followed by Mac computers featuring M1 chips, Self Service Repair will be available early next year in the US and expand to additional countries throughout 2022. Customers join more than 5,000 Apple Authorized Service Providers (AASPs) and 2,800 Independent Repair Providers who have access to these parts, tools, and manuals.

The initial phase of the program will focus on the most commonly serviced modules, such as the iPhone display, battery, and camera. The ability for additional repairs will be available later next year.

Brian Heater, TechCrunch:

Apple hasn’t listed specific prices yet, but customers will get a credit toward the final fee if they mail in the damaged component for recycling. When it launches in the U.S. in early-2022, the store will offer some 200 parts and tools to consumers. Performing these tasks at home won’t void the device’s warranty, though you might if you manage to further damage the product in the process of repairing it — so hew closely to those manuals. After reviewing that, you can purchase parts from the Apple Self Service Repair Online Store.

And you thought Apple could no longer surprise? This makes sense in the context of right-to-repair bills progressing in the U.S. and around the world. Apple has been lobbying against that legislation, often with ludicrous arguments that look especially funny in light of today’s news.

There seem to be a handful of caveats. Most notably, the program is launching only for very recent iPhones in the U.S., and then gradually rolling out to more countries and offering repairs for M1 Macs. This program will not help me replace the battery in my partner’s iPhone X when it is needed. Support for other products currently sold, like Intel Macs and iPads, also has not been announced. I have little hope future Apple Watch and AirPods models will become repairable, but they should be.

While I am cautiously optimistic about this new program, it does not resolve the rationale for oversight. Apple still controls the parts and repair channels, which means it can stop offering this at any time. As welcoming as I think this new direction seems to be, regulations can and should be used to set expectations. We should not be having this same discussion five or ten or twenty years from now.

Update: Maddie Stone, the Verge:

But Apple didn’t change its policy out of the goodness of its heart. The announcement follows months of growing pressure from repair activists and regulators — and its timing seems deliberate, considering a shareholder resolution environmental advocates filed with the company in September asking Apple to re-evaluate its stance on independent repair. Wednesday is a key deadline in the fight over the resolution, with advocates poised to bring the issue to the Securities and Exchange Commission to resolve.

This at least explains the timing.

Twitter Makes API V2 Official

Amir Shevat and Sonya Penn of Twitter:

With today’s updates, the Twitter API v2 is now officially the primary Twitter API. Over the past several months, we’ve shipped lots of new features and endpoints to the API v2 that weren’t previously available on v1.1, including endpoints for Spaces, posting polls in Tweets, and pinning and unpinning Lists (see a full list here). You can follow our product roadmap for a list of v2 endpoints in development and view our mapping of v1.1 to v2 endpoints.

Dan Brunsdon of Twitter:

Specifically, we’ve removed terms that restricted replication of the Twitter experience, including Twitter’s core features as well as terms that required permission to have high numbers of user tokens.

We know that building solutions that help people on Twitter often means a developer has to build (or replicate) some of the things that are available on Twitter. These changes to our Developer Policy are intended to drive clarity for the developer ecosystem and provide an open API platform that makes it easier for developers to build, innovate, and make an impact on the public conversation.

Perhaps this really is Twitter’s attempt to reignite a community of third-party clients. I hope so. There were dozens of clients ten years ago (via Elle) that offered better versions of the Twitter timeline as well as those that provided a more focused experience. But that feels a bit like history now in large part because of changes made in 2012.

This week’s announcement appears to be Twitter’s mea culpa, but developers are right to be cautious. A third-party client cannot search tweets older than one week, view likes or retweets with comments, use bookmarks, or vote in polls — among many other limitations. Some of these things are on Twitter’s roadmap for API V2, but it is unclear whether all of them will come to fruition. One thing seems certain: we are not going back to the days when users’ posts were available as an RSS feed.

The Software Slip

Dan Moren, Macworld:

But one challenge with continually moving the state of the art forward is that sometimes it comes at the expense of making sure the technology that’s already here works as well as it can. After all, if you have to add a dozen new features in a year, that could mean taking away from work enhancing reliability, and squashing bugs in existing features.

We’ve all encountered a slew of problems — some simple (if ridiculous) to fix, others are maddeningly difficult to troubleshoot. As our devices get more and more complex, it’s all too easy for some of those problems to persist for years. And though the best part of the Apple experience has long been “it just works,” the question is… what happens when it doesn’t?

I try not to write outright grief posts here because they are not very fun to read, but I have to get this off my chest.

I was too generous when I gave Apple’s software quality in 2020 a four out of five. It was certainly better than the preceding year, but I should have graded it a whole point lower, at least. 2021 has been even rockier for me, and not just with Apple’s software and services. I feel increasingly as though big software vendors are taking customers’ business for granted.

Quality used to be one of the factors that differentiated Apple’s products from its competitors — not just in the big picture of things “just working”, but also in the details. That feels much less true than it used to. There are big problems: MacOS Monterey bricked a bunch of T2 Macs, and the version of Shortcuts that debuted across Apple’s operating system lineup this year shipped in an unusable state. But the thousand tiny cuts are perhaps more grating: Preview windows do not open in the last-used position or size, unlike any other Mac app; audio does not always initiate in CarPlay, so you have to disconnect and reconnect your phone every so often; Music for MacOS is somehow getting more bloated and less usable with every update ever since it was called “iTunes”; the play/pause (F8) key behaviour is unpredictable and shitty all the time.

Then there are the error messages which, to Moren’s point, make it hard to know what to do when things go wrong. Sometimes, things just fail silently. When there is an error message, it is often unhelpful and vague. Last night, I was trying to edit a shared Pages document on my Mac. The moment I made an edit, I was told that a new version of Pages was available and I needed to update before making the change. So I clicked on the button to open the App Store, but did not see any updates available. It took a few minutes of back-and-forth before I noticed there was a new version but, because that Mac is stuck on Catalina, it was unavailable to me. So it turns out that a shared Pages document can be edited on a newer version which silently breaks compatibility, and the only way someone will find out is when they decode a cheery update notification. I would not mind except this sort of stuff happens all the time in software and services from Apple and plenty of other vendors.

I am not trying to use software; I am trying to get something done, and these tools are frequently an impediment as much as they are a boon.

Moren:

If Apple can’t improve the reliability of its software — and, to a certain degree, it can never guarantee that everything will work perfectly for everyone — it at least owes it to its users to create more robust resources for helping them help themselves. […]

This viewpoint is so engrained for software that it shows up in licenses and end-user agreements. For example, in Apple’s MacOS Monterey agreement (PDF, corrected from the original all-uppercase formatting):

To the maximum extent permitted by applicable law, the Apple software and services are provided “as is” and “as available”, with all faults and without warranty of any kind, and Apple and Apple’s licensors (collectively referred to as “Apple” for the purposes of sections 8 and 9) hereby disclaim all warranties and conditions with respect to the Apple software and services, either express, implied or statutory, including, but not limited to, the implied warranties and/or conditions of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, and non-infringement of third party rights.

Why is this acceptable for software, including operating systems? Nearly anything else you buy — clothing, furniture, transportation, even the hardware the software runs on — has a warranty. Consumer protection laws require manufacturers to stand behind their products and ensure they perform as promised. But not consumer software.1

This is not solely an issue with Apple’s software and services. It is increasingly not the except but the rule with software I use from larger companies — especially those that have adopted the software-as-a-service model. Rarely have I experienced this problem with software from smaller and medium-sized vendors, which is often built by developers who care about the experience of individual customers.

I am baffled that we are expected to rely on software, services, and operating systems made by companies that, legally, do not stand behind their quality.

See Also: Brilliant Hardware in the Valley of the Software Slump from Craig Mod last year, and my comments.


  1. Industrial software often comes with a warranty. Some professional software-as-a-service vendors offer a service level agreement, but this should not be confused with a warranty. If uptime dips below the agreed-upon level, the vendor may give a partial reimbursement; but, there are often many loopholes, and they will not necessarily guarantee the problem will not return. ↩︎

Medical Misinformation Goes Unchecked on Radio and Podcasts

Tiffany Hsu and Marc Tracy, New York Times:

Marc Bernier, a talk radio host in Daytona Beach, Fla., whose show is available for download or streaming on iHeart’s and Apple’s digital platforms, was among the talk radio hosts who died of Covid-19 complications after expressing anti-vaccination views on their programs. The deaths made national news and set off a cascade of commentary on social media. What drew less attention was the industry that helped give them an audience.

[…]

Jimmy DeYoung Sr., whose program was available on iHeart, Apple and Spotify, died of Covid-19 complications after making his show a venue for false or misleading statements about vaccines. One of his frequent guests was Sam Rohrer, a former Pennsylvania state representative who likened the promotion of Covid-19 vaccines to Nazi tactics and made a sweeping false statement. “This is not a vaccine, by definition,” Mr. Rohrer said on an April episode. “It is a permanent altering of my immune system, which God created to handle the kinds of things that are coming that way.” Mr. DeYoung thanked his guest for his “insight.” Mr. DeYoung died four months later.

Hsu and Tracy report that iHeart, Apple, and Spotify have rules for podcasters that, if enforced, would require the removal of lies like the ones broadcast by these hosts. But the FCC, which regulates public airwaves, cannot intervene because it is a government agency and would, therefore, be violating the First Amendment. The message of this article seems to be that podcast directories ought to do a better job of moderating their platforms because they are able to.

Let me set aside the technical requirements of doing so, and focus on the theory alone, because I think it strays into uncomfortable territory. For one, many of the hosts profiled in this piece are not podcast hosts — they are syndicated radio hosts who happen to also distribute their shows in podcast form. The biggest problem with these jackasses is how they exploit their platform to miseducate audiences. This has been an AM radio trope for decades. Is anyone surprised the same people continue to spread dumb contrarianism?

My view of podcasts differs subtly from my enthusiasm for moderation by Facebook or Twitter or YouTube of users’ posts. Social media posts are mostly written by a public that is ill prepared for celebrity. Many of the most popular podcasts, on the other hand, are from professional broadcasters who should be tempered by editors and management. I think it is funny that iHeart has a theoretical higher standard for what its hosts say in podcast form compared to radio. Apple and Spotify, meanwhile, have no mandate to carry these shows as podcasts, but it seems ridiculous for it to be left to either company to moderate what radio hosts say.

Windows 11 Blocks Edge Browser Competitors From Opening Links

Daniel Aleksandersen, developer of EdgeDeflector which opens microsoft-edge:// links as standard https:// links:

This brings us back to today. Windows 10 and 11 no longer care about the default web browser setting. Microsoft even removed the default web browser setting from Windows 11. Instead of a single setting for the default web browser, customers must set individual “link associations” for the http:// and https:// protocols; as well as file associations for the .html file type. This is a huge jump in complexity compared to the previous design. It’s clearly a user-hostile move that sees Windows compromise its own product usability in order to make it more difficult to use competing products.

According to a guide by Barbara Krasnoff, of the Verge, all file extensions that you might associate with a web browser — .htm, .html, .shtml — have individual default preferences. Presumably, this is for all of the exactly three people who wish to open each file format in a different web browser by default and not because Microsoft, the world’s most valuable publicly-traded company, cannot shake its anti-competitive habits.

Furthermore, Microsoft has added first-party experiences like News and Interest in Windows 10 and Widgets in Windows 11. It gave the features prominent positions on the taskbar. These “web experiences”, as Microsoft calls them, feature links to online news, weather, and other resources. Search result links in the Start menu and links sent to the device from a paired Samsung or Android devices are also affected.

However, these features don’t use regular web links (https://). Instead, they use microsoft-edge:// links that only work with the company’s web browser. These links are also featured in other Microsoft apps and are found around the Windows shell. These special links only exist to force users into using Microsoft Edge. They serve no other purpose than to circumvent the user’s default browser preference to promote a Microsoft product.

In the latest build of Windows 11, Microsoft has blocked the methods used by EdgeDeflector and web browsers like Firefox. It is almost admirable how transparently anti-competitive Microsoft is being because, despite being the world’s most valuable company, it faces little scrutiny from regulators. Sucks for the users, but who gives a damn about them?

Update: On November 15, Microsoft confirmed to the Verge that this was a deliberate change to block utilities like EdgeDeflector.