Pixel Envy

Written by Nick Heer.

Google’s Mass Data Collection

Christopher Mims, Wall Street Journal:

As justifiable as the focus on Facebook has been, though, it isn’t the full picture. If the concern is that companies might be collecting some personal data without our knowledge or explicit consent, Alphabet’s Google is a far bigger threat by many measures: the volume of information it gathers, the reach of its tracking and the time people spend on its sites and apps.

New regulations, particularly in Europe, are driving Google and others to disclose more and seek more permissions from users. And given the choice, many people might even be fine with the trade-off of personal data for services. Still, to date few of us realize the extent to which our data is being collected and used.

“There is a systemic problem and it’s not limited to Facebook,” says Arvind Narayanan, a computer scientist and assistant professor at Princeton University. The larger problem, he argues, is that the very business model of these companies is geared to privacy violation. We need to understand Google’s role in this.

This conversation is long overdue, but it’s vital we have it. How comfortable are we with (two) large American companies collecting and storing the vast majority of our online activities? If you are, that’s fine — Google and Facebook should have no objection to fully disclosing the extent of their tracking to gain your entirely-knowledgeable permission for doing so, but you should be able to turn it off any time you want. If you aren’t comfy with that — as, I think, the past couple months’ worth of stories about Facebook have suggested — shouldn’t that be fully respected by having none of your browsing tracked? Default cookie settings play a big role in the implied consent to tracking, of course, but more insidious means have also surfaced and which are impervious to changes in cookie settings, and with no easy way of opting out. Isn’t that obviously unethical?

SmugMug Acquires Flickr

Jessica Guynn, USA Today:

Flickr has been snapped up by Silicon Valley photo-sharing and storage company SmugMug, USA TODAY has learned.

SmugMug CEO Don MacAskill told USA TODAY he’s committed to breathing new life into the faded social networking pioneer, which hosted photos and lively interactions long before it became trendy. 

SmugMug, an independent, family-run company, will maintain Flickr as a standalone community of amateur and professional photographers and give the long neglected service the focus and resources it deserves, MacAskill said in an exclusive interview. 

He declined to disclose the terms of the deal, which closed this week.

The last time Oath — née Yahoo — showed any interest in Flickr was five years ago when they rethought the platform and gave everyone a terabyte of storage for free, and unlimited storage for just $25/year. And then they just sort of sat on it.

This is potentially good news because Flickr was, until this week, a Verizon company, and I think that it’s a little bit weird for an ISP and cable TV provider to be in charge of hosting your precious photographs. SmugMug, though, is a much smaller company, and it’s a good question whether they’ll be able to revitalize Flickr while retaining those high storage accounts.

Tim Cook Reiterates That Apple Isn’t Going to Merge the iPad and the Mac

Peter Wells of the Sydney Morning Herald interviewed Tim Cook after Apple’s education event last month in Chicago:

“We don’t believe in sort of watering down one for the other. Both [The Mac and iPad] are incredible. One of the reasons that both of them are incredible is because we pushed them to do what they do well. And if you begin to merge the two … you begin to make trade offs and compromises.

“So maybe the company would be more efficient at the end of the day. But that’s not what it’s about. You know it’s about giving people things that they can then use to help them change the world or express their passion or express their creativity. So this merger thing that some folks are fixated on, I don’t think that’s what users want.”

Cook said basically the same thing a few years ago in an interview with Independent.ie.

One comment that he made in Wells’ interview stood out at me:

“I generally use a Mac at work, and I use an iPad at home,” Cook tells me, “And I always use the iPad when I’m travelling. But I use everything and I love everything.”

In 2014, Cook told the Wall Street Journal that he did about 80% of his work on his iPad; this is a subtle change in how he’s communicating what he uses to get work done. I’m not sure how much you should read into his comment — Apple kremlinology is often a waste of time — but it’s an interesting shift, I think.

‘Login With Facebook’ Data Hijacked by JavaScript Trackers

Josh Constine, TechCrunch:

Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It’s unclear what these trackers do with the data, but many of their parent companies including Lytics and ProPS sell publisher monetization services based on collected user data.

The abusive scripts were found on 434 of the top 1 million websites including cloud database provider MongoDB. That’s according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton’s Center For Information Technology Policy.

There are clearly problems with trusting third-party code, and it is the responsibility of developers to adequately audit that code and ensure it is safe for end users. It’s getting to the point where scripts like these ought to be treated as potential malware.

U.S. Rep. Marsha Blackburn Favourably Compares Internet Fast Lanes to TSA Precheck

Jon Brodkin, Ars Technica:

Congressional Republicans want to impose “net neutrality” rules that allow Internet service providers to charge online services and websites for priority access to consumers. Making the case for paid prioritization Tuesday, US Rep. Marsha Blackburn (R-Tenn.) said that paying for priority access would be similar to enrolling in TSA Precheck.

Blackburn is clearly counting on the public’s well-known admiration of the TSA to sell this proposal to them, whether it’s because they’re waiting in line for two hours, being groped by an agent, or having their knitting needles confiscated and their shampoo tossed in the trash.

Blogging Is Most Certainly Not Dead

Jason Kottke:

Social media is as compelling as ever, but people are increasingly souring on the surveillance state Skinner boxes like Facebook and Twitter. Decentralized media like blogs and newsletters are looking better and better these days…

They certainly are. I look forward to opening my RSS reader on my iPhone, even, in a way I don’t for any social media app. I even enjoy receiving the latest editions of the handful of email newsletters that I subscribe to.1 The former consists of stories from websites I trust in reverse-chronological order, and nothing more; the latter is a daily dose of links curated and placed into context by smart, reputable people.

  1. Brian Stelter’s “Reliable Sources”, Charlie Warzel’s “Infowarzel” — truly a terrific name, too — and Dave Pell’s “NextDraft”. ↩︎

The Facebook Media Backlash

Charlie Warzel, Buzzfeed:

Using publicly available information pulled from the APIs of USA Today, the New York Times, the Guardian, and BuzzFeed, researcher Joe Hovde compiled over 87,000 articles about Facebook published by the four outlets between 2006 and 2018. Then he ran a sentiment analysis on them, scoring words on a positive-to-negative scale of -5 to +5 — for example, a negative word like “fake” was scored -3, while a more positive word like “growth” was scored +2. The results were grim.

Hovde’s chart shows a steep increase in almost exclusively negative sentiment about Facebook beginning in late 2016, around the time of the presidential election. It also reveals a steady decline in positive sentiment between 2006 and 2016.

What this study seems to show is that the media is reacting solely to the remarkably shitty outcome of the 2016 American presidential election, arguably partially enabled by Facebook’s micro targeted ads. What it actually reveals is that Facebook — and Silicon Valley firms more generally — should have been covered with much more scrutiny and skepticism for years. The growing influence of algorithmically-tailored information based on mass data collection has always been worrying for now-obvious reasons, and more mainstream outlets should have explored that angle sooner and more frequently.

Dieter Bohn’s Suggestions for Improving iOS Notifications

Dieter Bohn, the Verge:

The iPhone, though… Apple and I have fundamentally different philosophies about how we should relate to notifications. I see them as a new kind of email: annoying, necessary, and ultimately super useful. I want a framework for managing notifications — just like I have a framework for managing email.

Apple seems to believe that I shouldn’t go in for all that. Notifications are fundamentally distracting, so I think Apple’s solution is to convince us to stop giving them so much attention. Turn them off, let them float by, don’t worry about reaching “notification zero” (so to speak). My colleague Vlad Savov called it “an endless scrolling list of puffy notification clouds” and I think that’s apt. The result of this philosophy, I think, is that the tools Apple provides for dealing with notifications are blunt instruments. But I also think it’s the wrong philosophy. Some notifications are actually super important, but they’re too easy to miss in that endless pile of clouds.

Via John Voorhees at MacStories:

[…] I agree with Bohn that adding the ability to jump directly to an app’s notification settings from the notification itself would go a long way on iOS. As Federico and I discussed recently on AppStories, periodically evaluating and adjusting notifications is essential to avoiding notification overload on iOS, but it’s also something that becomes a project because it requires a lot of hunting and tapping. With a system like Android’s, I can imagine making fine-tuned adjustments to notifications more frequently because doing so would be less likely to disrupt what I was doing when I’m interrupted.

More than almost anything else on the system, managing notifications on iOS can quickly become a lot of work. I think a big reason for that it because we think of notifications as varying in importance — from high-priority phone calls and iMessage conversations right down to ads — but the system treats the vast majority of notifications similarly. There are basically four levels of notification, roughly in order of attention prioritization:

  1. Screen takeover, used for things like phone calls and the timer that have the highest priority notifications.

  2. Persistent banners.

  3. Temporary banners.

  4. Icon badges.

Most apps default to using temporary banners regardless of the notification’s priority, but that style is often way too intrusive, yet not helpful enough. With the exception of badges, notifications almost always cover part of an open app, which isn’t as passive as a “puffy notification cloud” ought to be. In addition, ways to handle notifications without having to open the spawning app have been added over time, with features like inline replies and richer notifications, but many apps don’t take full advantage of these characteristics.

In my ideal world, notifications would somehow not cover what I’m looking at, would be less prone to inundating me, and would do a better job of managing themselves without my intervention. I have no idea how to get to that point, but one thing I absolutely do not want, from Bohn’s list, is the ability for apps to add themselves to the status bar. That seems like an easy recipe for clutter, particularly with the notched status bar of the iPhone X.

Gurman: Apple Plans a News Subscription Service

Mark Gurman, Bloomberg:

Apple Inc. plans to integrate recently acquired magazine app Texture into Apple News and debut its own premium subscription offering, according to people familiar with the matter. The move is part of a broader push by the iPhone maker to generate more revenue from online content and services.

The Cupertino, California company agreed last month to buy Texture, which lets users subscribe to more than 200 magazines for $9.99 a month. Apple cut about 20 Texture staff soon after, according to one of the people.

The world’s largest technology company is integrating Texture technology and the remaining employees into its Apple News team, which is building the premium service. An upgraded Apple News app with the subscription offering is expected to launch within the next year, and a slice of the subscription revenue will go to magazine publishers that are part of the program, the people said. They asked not to be identified discussing private plans. Apple declined to comment.

If this is anything like Apple Music, I’d like to think that it could offer subscribers the opportunity to explore different perspectives in journalism while ensuring each publication gets paid.

With iCloud and Apple Music already, plus Apple News and a Netflix-like service rumoured, Apple is soon to offer a lot of subscription services. Is there a point at which it makes sense for them to offer something like an all-access pass for, say, $40 a month?

Also, for some reason, Gurman asked Gene Munster for comment on this article. You know — that Gene Munster. That Gene Munster.

Update: On a related note, I certainly hope Apple News comes to users outside of the United States, United Kingdom, and Australia. Not just this rumoured subscription — though I hope that’s more widely available as well — but Apple News as an app.

Mignon Clyburn Steps Down From FCC

Kim Hart, Axios:

Clyburn, an Obama nominee, was a consistent advocate for low-income, minority and other marginalized communities. She was a strong supporter of net neutrality, media ownership reform and lowering prison phone rates. Clyburn often clashed with current chairman Ajit Pai over policy decisions.

While Clyburn’s resignation had been expected for some time, her departure leaves an open seat on the five-member commission until a replacement is nominated by President Trump and confirmed by the Senate.

The FCC is now a four-member commission with only one remaining Democrat — and, not coincidentally, only one remaining supporter of net neutrality in its policy-deciding directorship.

Fifty Shades of Grey

To be fair, Michael Steeber of 9to5Mac has catalogued only twelve shades of greys and blacks that Apple has used since 2012. Several of those variations show very minor differences; I wonder if the shades of white and even the plain anodized aluminum shades Apple has used over the same time period also show similar — albeit more subtle — variations in colour.

The Hilarious Life and Agonizing Death of Online Comedy

Alison Herman and Victor Luckerson of the Ringer wrote a fantastic look at how online comedy sites have evolved over the past couple of years, with major changes to Facebook’s News Feed algorithms, the rise of the present American administration, and — to borrow Onion editor-in-chief Chad Nackers’ term — the “Onionization” of the world. I thought this was revealing:

Newell estimates that less than 10 percent of Reductress’s traffic is direct. Most users follow a link from an external site like Facebook or Twitter rather than navigating to the site’s homepage. Social media has so fundamentally altered internet users’ behavior that it’s difficult for individual sites to overcome. “Nobody goes on their computer and types in ‘Funnyordie.com,’” says Adriana Robles, a former staff writer at Funny or Die. “You don’t type in any website like that.”

This, in turn, created a feedback loop in which companies put fewer resources into websites and other hubs that could compete with social media. “We’re now at a point where, because everyone became dependent on Facebook, we all let our websites atrophy,” Klinman says. The big Onion website redesign in 2015 was undone when the company was acquired by Univision just eight months later and, late last year, transferred all its articles to Kinja, the same aesthetically spare publishing system used by Gizmodo, Jezebel, and other former Gawker Media sites that now share a corporate umbrella with The Onion.

The Onion is now a Gawker blog,” Klinman says. “We’ve just erased the idea that things have had importance on the internet — that it’s important to have a home, that it’s important to have a place that’s distinct and is what your brand is. Instead, we’ve flattened everything out so that it will do well on Facebook’s version of the internet.” And on Facebook’s version of the internet, everything looks the same, making it difficult for individual websites to stand out and build a distinct reputation — even voicey, incisive sites like The Onion, Reductress, and Very Smart Brothas, which have a well-honed ability to announce themselves with catchy, clever headlines.

Herman and Luckerson also profile websites like McSweeney’s Internet Tendency, which have managed to adjust, stabilize, and even grow.

Previously: I wrote a little about the ruinous sameness of Kinja websites.

Techniques for Locking Down Your Privacy and Security Online

Natasha Lomas and Romain Dillet of TechCrunch have assembled a good guide on how to remain more private and secure online. If there’s one thing I took away from this list, it’s that it’s doable, but often very difficult. That doesn’t mean you shouldn’t try — you should, and you can pick-and-choose — but know that you’ll also find your newly-private browsing somewhat less convenient and straightforward.

I loved this, by the way:

Are you really getting so much value from an app that you’re happy for the company behind it and anyone else they partner with to know everywhere you go, everyone you talk to, the stuff you like and look at — even to have a pretty good idea what you’re thinking?

Think about that: how much are you actually getting out of the apps and services you use; and, how much are they getting out of you?

Personalized ‘Hey, Siri’

A new update on Apple’s machine learning blog explores their approach to speaker recognition in detecting “Hey, Siri”. It’s obviously fairly technical, but I found this bit interesting as it describes how they measure the success of the key phrase activating Siri:

The overall goal of speaker recognition (SR) is to ascertain the identity of a person using his or her voice. We are interested in “who is speaking,” as opposed to the problem of speech recognition, which aims to ascertain “what was spoken.” SR performed using a phrase known a priori, such as “Hey Siri,” is often referred to as text-dependent SR; otherwise, the problem is known as text-independent SR.

We measure the performance of a speaker recognition system as a combination of an Imposter Accept (IA) rate and a False Reject (FR) rate. It is important, however, to distinguish (and equate) these values from those used to measure the quality of a key-phrase trigger system. For both the key-phrase trigger system and the speaker recognition system, a False Reject (or Miss) is observed when the target user says “Hey Siri” and his or her device does not wake up. This sort of error tends to occur more often in acoustically noisy environments, such as in a moving car or on a bustling sidewalk. We report FR’s as a fraction of the total number of true “Hey Siri” instances spoken by the target user. For the key-phrase trigger system, a False Accept (or False Alarm, FA) is observed when the device wakes up to a non-“Hey Siri” phrase, such as “are you serious” or “in Syria today.” Typically, FA’s are measured on a per-hour basis.

I’ve been extremely impressed by the performance of “Hey, Siri” over the last couple of years. Not only does it reliably wake my device, it also does not wake my girlfriend’s — and vice-versa, when she says “Hey, Siri”.

What Siri does after that leaves much to be desired, of course.

The Other Irresponsibility

Following Mark Zuckerberg’s awkward and tedious testimony before the House and Senate came several great pieces from journalists covering it, as well as Facebook as a whole. I wanted to collect a few of the best that I found as a sort of highlight reel of irresponsibility.

Sam Biddle, of the Intercept, on Zuckerberg’s frequent claims that he didn’t know the answer to a question, :

After watching the Facebook founder and CEO’s 48-hour trip to Capitol Hill, there are two possible conclusions: either Mark Zuckerberg deliberately misled Congress, or Mark Zuckerberg knows very little about his own company. Both are bad.

Again and again, before both Senate and House committees, Zuckerberg pleaded ignorance about the company he created and has controlled for 14 years. Zuckerberg wasn’t dodging questions about obscure corners of the company or corporate minutiae, but the most plainly fundamental aspects of Facebook’s business and privacy policies. Rather than the congressional beatdown many had expected, the most striking aspect of Zuckerberg’s testimony wasn’t his painful apologias or excuse-spinning, but his ability to spend nearly 10 hours saying almost nothing. The hearings may prove to be a sea change moment for Facebook and the greater data-mining industrial complex, but it would be hard to say the public learned much of anything.

Alex Kantrowitz, Buzzfeed:

During his two-day marathon testimony in Washington this week, Facebook CEO Mark Zuckerberg looked particularly uncomfortable answering basic questions about how Facebook tracks people when they’re not using Facebook. In case you hadn’t already heard, yes, it’s true: Facebook can track your online activity even if you aren’t signed in to Facebook.

Paris Martineau, the Outline:

Facebook claims that you can download a copy of everything it has on you here. Mark Zuckerberg said the same during his testimony to the U.S. House of Representatives yesterday (“Congressman, I believe that all of your information is in that — that file.”). However, according to Facebook’s own Privacy Operations Team, both of these statements are wrong. Even better, Facebook has told users it cannot give out this information because it’s too difficult to access and package into a readable format.

Alexis C. Madrigal, of the Atlantic, expands on the same topic:

This apparent contradiction relies on the company’s distinction between the content someone has intentionally shared — which Facebook mines for valuable targeting information — and the data that Facebook quietly collects around the web, gathers from physical locations, and infers about users based on people who have a similar digital profile. As the journalist Rob Horning put it, that second set of data is something of a “product” that Facebook makes, a “synthetic” mix of actual data gathered, data purchased from outsiders, and data inferred by machine intelligence.

With Facebook, the concept of owning your data begins to verge on meaningless if it doesn’t include that second, more holistic concept: not just the data users create and upload explicitly, but all the other information that has become attached to their profiles by other means.

Gennie Gebhart, for the EFF:

Facebook’s ethos of connection and growth at all costs cannot coexist with users’ privacy rights. Facebook operates by collecting, storing, and making it easy to find unprecedented amounts of user data. Until that changes in a meaningful way, the privacy concerns that spurred these hearings are here to stay.

Andrew Ross Sorkin, New York Times:

When Google first introduced Gmail in 2004, this newspaper raised questions about the prospect of users objecting to a service that displayed advertising to them based on the content of their email: “For many, the bottom line appears to be that sifting through personal email with an eye toward making a sale is beyond the pale.”

Well, now more than 1.2 billion people have active accounts with Gmail, a service that until the end of last year sifted through your private messages. Apparently, it wasn’t beyond the pale.

For consumers, the transaction has always been pretty clear: The convenience of free service in exchange for information that allowed advertisers to specifically target us. The distinction in that equation was motivation; we figured our data was being used by benign companies seeking to sell us that pair of sneakers we wanted, not by bad actors trying to influence our political votes — or incite violence in places like in Myanmar.

These are all very good points made by astute writers in publications that I trust. Yet, most of these web properties — the EFF’s and the Intercept excluded — use some form of Facebook’s tracking scripts, whether that’s a Like or Share button, Beacon, or Pixel. That means they’re part of the problem; in a way, I am, too, by linking to them but, in my defence, Facebook’s scripts are among the web’s most popular, as are — surprise, surprise — Google’s.

The Outline uses Facebook’s Custom Audience and Pixel tracking, according to Ghostery. However, you may not be aware of that because it isn’t exactly something they advertise. To find it, you’d have to open the hamburger menu on the above linked page, click the small “Legal” link at the bottom, and look under the second section of their privacy policy where they link to a help article about the Facebook Pixel without outright stating that they’re using it.

They’re not alone; many websites don’t fully disclose their use of these trackers, and most do so only in a byzantine and buried privacy policy. The New York Times, for example, has a tiny grey “Privacy” link nestled in their footer. Then, you must scroll about halfway down the page to the “Third Parties” section, where you may “click here” to view a list of third-parties that “may be using cookies”. However, Facebook does not appear on this list despite the Times absolutely using their scripts. I was unable to find a reference on their website to the Times’ use of Facebook’s advertising and targeting scripts.

What’s absolutely clear here is that websites need to stop using Facebook’s tracking scripts — and Google’s too, while they’re at it.

For what it’s worth, users can and should make it harder for advertising companies to collect their browsing data. In iOS, under Privacy in Settings, you can switch on the Limit Ad Tracking option, and turn on Prevent Cross-Site Tracking under Safari settings. The latter option is also available for Safari on MacOS. Zack Whittaker at ZDNet has more information on opting out. You can also use a script or ad blocker to prevent tracking scripts from loading.

I completely understand that these scripts provide many advantages from a marketing and advertising perspective. I also get that the realities of the news business mean that publishers feel forced to make hard choices that increase revenue despite potentially compromising on principle. But websites that embed these scripts are contributing to these privacy-violating platforms. All web property owners — but especially highly-trafficked properties — have a responsibility to their visitors. Participating in a web-wide tracking scheme betrays that trust. It must be stopped.

Gurman: HomePod Sales Are Middling So Far

Mark Gurman, Bloomberg:

At first, it looked like the HomePod might be a hit. Pre-orders were strong, and in the last week of January the device grabbed about a third of the U.S. smart speaker market in unit sales, according to data provided to Bloomberg by Slice Intelligence. But by the time HomePods arrived in stores, sales were tanking, says Slice principal analyst Ken Cassar. “Even when people had the ability to hear these things,” he says, “it still didn’t give Apple another spike.”

During the HomePod’s first 10 weeks of sales, it eked out 10 percent of the smart speaker market, compared with 73 percent for Amazon’s Echo devices and 14 percent for the Google Home, according to Slice Intelligence. Three weeks after the launch, weekly HomePod sales slipped to about 4 percent of the smart speaker category on average, the market research firm says. Inventory is piling up, according to Apple store workers, who say some locations are selling fewer than 10 HomePods a day. Apple declined to comment. The shares gained 1.4 percent to $173.83 in early trading.

This doesn’t surprise me. I mean that in the sense that the HomePod isn’t, as far as I’m concerned, a very good product yet, but also because it’s a version one Apple product that doesn’t have a wide rollout. Some analysts were disappointed with initial Apple Watch sales, too, and it launched in nine major markets instead of the three that the HomePod is currently available in. That’s not to say that miserable sales are good or that the HomePod’s launch has been all rosy; I just wouldn’t read too much into this report.

Meanwhile, Juli Clover at MacRumors is reporting that Siri has been updated with — and you’re not going to believe this — more jokes. Truly, what we have all been waiting for.

Behind the Music

After I linked to Kirk McElhearn’s piece about Apple Music’s limited search capabilities, Erin “Syd” Sidney pointed me to a three-year-old post he wrote about the lack of detailed creator information available on the platform:

Liner notes are how my friends became walking encyclopedias who could draw a line, no matter how thin, between records that spanned genres and generations.


Songwriters whose work we could admire and follow as they provided the musical framework for artists to develop. Producers. Engineers. Humans.

Each one of these people represents an industry, one being bulldozed over by what appears to be simply a lack of attention to detail.

Music purchased via the iTunes Store has long included a PDF version of the album booklet, and went even further in 2009 with the introduction of the interactive iTunes LP format. In an amazing coincidence, Apple just recently stopped accepting new iTunes LPs in the Store.

While I don’t think the full experience of the iTunes LP format was successful, I wish elements of that could be brought into Apple Music. Hip-hop producers and a handful of rock producers are well-represented in Apple Music playlists, but imagine if you could get detailed information about any track. Lyric support, introduced in iOS 10, is a great start for listeners to begin to explore music in greater depth,1 but songwriters, engineers, musicians, and non-superstar producers regularly go uncredited.2

Note that the absence of this information isn’t necessarily a technical issue. My understanding is that major artists submit directly to streaming platforms with track metadata set according to the ID3 spec and album metadata added separately; indie artists submit this information via intermediaries like CD Baby and Tunecore. If you’ve ever edited track or album information in iTunes, you’re familiar with several of the fields ID3 supports. However, there are several fields not shown in iTunes that are also supported, including the “TIPL” field, which stands for the “involved people list”.

It would certainly be a Herculean effort to add this information to all of the tens of millions of tracks in Apple Music — an effort that, in my fantasy world, would be totally worth it. For starters, many producers and songwriters are known for particular styles; adding more of this information could make for more accurate suggestions. But, along the lines that Sidney writes, it could also encourage deeper user discovery. There’s nothing like working your way through a songwriter’s catalogue, or understanding the widely-varied engineering career of someone like Steve Albini, or grasping the scope of every album Bob Ludwig has mastered.

  1. Not only does Spotify display lyrics, they went one step further and built in Genius support to help explain the lyrics. ↩︎

  2. I wonder if this is one reason why producers like Metro Boomin and Murda Beatz frequently tag the tracks they produced with a unique vocal signature. ↩︎

The Joys of Data Hygiene

The Economist describes Europe’s new data privacy law, GDPR, set to go into effect on May 25:

The new law was mostly written by privacy-conscious Germans. Consent to collect and process personal data now has to be “unambiguous” and for “specific” purposes, meaning that catch-all clauses hidden in seldom-read terms and conditions, such as “your data will be used to improve our services”, will no longer be sufficient. “Data subjects” can demand a copy of the data held on them (“data portability”), ask for information to be corrected (“right to rectification”), and also request it to be deleted (“right to be forgotten”).


As a result the GDPR ensures that all organisations which collect and keep data will take their use (and abuse) much more seriously. Take the fines. Under the GDPR’s predecessor, an EU directive dating from 1995, fines were negligible. The upshot was that firms gave data protection little attention and few resources. But the risk of hefty penalties has raised privacy to a board-level matter. “We have support from the top down,” says Susan Bandi, who is in charge of data security and privacy at Monsanto, an agrochemicals company.

There has never been a more consumer- and person-friendly data privacy law than GDPR. We can all hope for a ripple effect where adhering to GDPR’s rules becomes the easiest solution for companies worldwide; unfortunately, that’s not likely for giants like Facebook and Google. But it is a huge step forward for Europeans, and a model of what a good personal data protection law looks like.

Updates From Indonesia

I returned recently from another trip throughout Indonesia and want to share some observations and updates since the first time I visited two and a half years ago.

When I visited in 2015, 3G service was the norm, and even in densely-populated areas of Java and Bali, it was typical to see only two or three bars. Now, strong LTE service blankets much of both islands. That’s important: the only internet connection many people have is through their smartphone.

It’s also great for battery life. The iPhone X I used on this trip has a much bigger battery than the iPhone 6S I used last time, which obviously contributes to longer battery life, but so does the quality of the cellular signal.

One of the more notable changes is that most people are now carrying one smartphone, as opposed to the two or more per person that I saw previously. There are, I suspect, several reasons for this — phones are better, there’s better balance between performance and battery now, and high-end smartphones are more expensive — but, based on what I’ve been told and what I can figure out with the limited online reporting on this, it appears that Indonesian law now requires cellular plans with voice and SMS capabilities to be associated with a national ID number when they are registered. I don’t think this means that someone can’t have two or more cell plans, but my understanding is that it’s discouraged.

For that reason, I had a data-only plan purchased for me, with no voice or SMS capabilities. This time, I didn’t need to power-cycle my phone for my Telkomsel SIM to be recognized, but a weird thing happened where, because iMessage couldn’t send and receive its authentication text messages, it was unable to complete its setup on the Indonesian number.

The pre-paid SIM offer I got is no longer available, but it cost about $10 for 11GB. Instead of being in a single bucket of bytes, my data allotment was split: 7GB of general data, 2GB for WhatsApp and BBM, and 2GB for “VideoMax”. The general 7GB bucket was also split into different amounts for 3G and LTE data, and roaming within the country — the SIM card was purchased in Surabaya, but I travelled to Lombok, Bali, and Semarang as well. It wasn’t quite clear how this data was split up; all I know is that, after two weeks, I got a text message from Telkomsel that I had zeroed out my data allotment after using just 2GB, according to iOS’ cellular settings. Data continued to flow, however, without topping up the card.

I find this plan’s separation of data into different buckets confusing and ultimately unhelpful. If I don’t use WhatsApp or BBM, I forfeit 2GB of my plan; conversely, if I were a heavy user of these services, I would have to stop after 2GB was used, even if I had a lot of data available in the general bucket.

In addition to my phone, I also brought my MacBook Air on this trip: it’s a great — and legal — backup battery, and it means that I can offload photos from my SD card every evening and back them up for safety.

Unfortunately, MacOS tends to be quite aggressive about its internet use when given the opportunity, and there are limited controls to restrict it. For example, I have automatic software updates enabled, which means that hundreds of megabytes-to-gigabytes download in the background, even on lower-bandwidth connections. This is good for my computer’s security, but it can be a bit rude when using someone else’s internet connection with a monthly bandwidth cap, or a portable wireless hotspot. Furthermore, I use iCloud Photo Library, which tends to monopolize bandwidth while it uploads all those RAW photos.

There are controls to switch these functions off individually — though the button to pause iCloud Photo Library uploads did not reliably appear for me — but I feel like there should be some sort of global option to restrict the bandwidth consumption of these system service. MacOS could also do a better job managing this automatically. A third-party app called TripMode appears to work well for this — I just didn’t discover it in time for this trip.

Last time I visited, Samsung and LG phones were everywhere, but so, too, were BlackBerrys. Still. Now, the BlackBerrys are gone and, while the two giant Korean companies remain popular, newer brands from China are on the ascendance. Everywhere I went, I saw loads of people using phones from Vivo and Oppo. It was impossible to miss the giant green Oppo banners hung outside seemingly every phone vendor’s store. Both companies make shameless iPhone clones with iOS-styled versions of Android. iPhones remain very expensive in Indonesia: a 64 GB 4.7-inch iPhone 8 is Rp 12,599,000 — about $920 USD or nearly four months of minimum wage earnings in Jakarta.

Uber wasn’t able to make inroads in Southeast Asia, but two other companies have taken Indonesia by storm: Grab, which acquired Uber’s Southeast Asian business, and Go-Jek. Both operate platforms for multiple services. Go-Jek, appropriately, offers rides for a single person on a motorbike, but they also have car drivers and a partnership with Bluebird taxis for fixed-rate fares. In addition, they provide food delivery and even have a payment service built in. Based on what I’ve read, Grab is similar, but I only used Go-Jek.

On a non-technical note, leaving Indonesia for a second time was even harder than the first. It was and remains a beautiful country full of exceptionally generous people, delicious food, beautiful weather, and a depth and breadth of culture. I can’t wait until I get to go back.

Rethinking the Apple Watch Platform

Manton Reece, reacting to stats that David Smith posted of the adoption rate of the Series 3 Apple Watch compared to prior versions:

The big difference between the Apple Watch and the original iPhone or iPad is that many people (perhaps most) do not run third-party apps on the watch. Those people are not even counted in David Smith’s numbers. Unlike the iPhone and iPad, which are significantly improved with new apps, the Apple Watch is pretty good with only the built-in Apple features.

The Apple Watch, as a product, has become very successful, and I know I use mine regularly throughout the day. But it has not been a good platform for third parties. Opening iOS up to third-party developers was instrumental in the success of the iPhone and iPad, but I’ve seen no evidence of a correlating effect between WatchOS and the Apple Watch.

An easy answer to this is that third-party WatchOS apps simply don’t need to exist, but I don’t think that’s the case either. There are plenty of instances where you might want to run a non-Apple app on your watch. I know that I would love to use Transit to know, at a glance or with a voice command, when the next train will arrive. But the platform simply isn’t there yet, and likely won’t be until Apple starts using the same tools as third-party developers.

Mark Zuckerberg’s Fourteen-Year Apology Tour

Zeynep Tufekci, writing in Wired:

Facebook’s 2 billion users are not Facebook’s “community.” They are its user base, and they have been repeatedly carried along by the decisions of the one person who controls the platform. These users have invested time and money in building their social networks on Facebook, yet they have no means to port the connectivity elsewhere. Whenever a serious competitor to Facebook has arisen, the company has quickly copied it (Snapchat) or purchased it (WhatsApp, Instagram), often at a mind-boggling price that only a behemoth with massive cash reserves could afford. Nor do people have any means to completely stop being tracked by Facebook. The surveillance follows them not just on the platform, but elsewhere on the internet — some of them apparently can’t even text their friends without Facebook trying to snoop in on the conversation. Facebook doesn’t just collect data itself; it has purchased external data from data brokers; it creates “shadow profiles” of nonusers and is now attempting to match offline data to its online profiles.

Again, this isn’t a community; this is a regime of one-sided, highly profitable surveillance, carried out on a scale that has made Facebook one of the largest companies in the world by market capitalization.

As is often the case with one of Tufekci’s pieces, this is a must-read in full. I pulled the above quote because I think it illustrates the depth and breadth of Facebook’s business model and its intrusiveness in the public sphere, even among those who are not registered users. I don’t think it’s possible to grasp the scale of their power and influence, but Tufekci comes close.

This Could Revolutionize That

Kieran Dahl, writing for the Baffler:

Hyperbolic language is nothing new in Silicon Valley, of course. But could revolutionize presents the tech media at its worst. The phrase’s juxtaposition of two contrasting words — could implies a distinct possibility of something not happening, while revolutionize means the strongest possible version of a change to something’s fundamental nature — is manipulative. No one clicks a headline that reads, “X might make an impact on Y,” no matter how intriguing the X or culturally relevant the Y. But could revolutionize is an enabler, a gateway drug into the world of false hope, hedging, and bright-eyed optimism that cyclically drive Silicon Valley into a frenzy. When could revolutionize is used in a headline, the article automatically falls Connect Four-style into one of two categories: a tepid argument for X’s tenable but ultimately minor effect on Y, or a fawning quasi-press release.

Now that privacy and security concerns and a general wariness of Silicon Valley have reached a more mainstream audience, I have to think that could revolutionize is now cause for alarm, as in: this hyped startup might carpet bomb an industry for its own short-lived success before fizzling out in the wake of a massive controversy.

Remember the Mac Mini, Too

Joe Rossignol, MacRumors:

Mac mini is three-and-a-half years old: Apple today confirmed that its revamped Mac Pro will be released in 2019. It’s an opportune time for a reminder that the Mac mini hasn’t been refreshed in three-and-a-half years as of April 16. 1,267 days ago as of today, according to our MacRumors Buyer’s Guide. We asked Apple for a comment, but it’s unlikely they’ll break silence.

Last year, the Mac Mini was upgraded from “a product in [Apple’s] lineup” to “an important part of [Apple’s] product line going forward”; Panzarino made no mention of any status change indicated during his Mac Pro briefing.

And that’s weird. Half of the Mac models Apple ships are stale. It isn’t just me who finds that strange, right? We now know that a new Mac Pro is coming next year, and we know that the likely fate of the MacBook Air is that it will be replaced by the MacBook when the latter’s price point allows it. But what’s the likely roadmap for the Mac Mini? I’m kind of intrigued that it’s unclear — maybe it will be something more like an Intel NUC, or perhaps something even smaller — but I’m also worried that it’s another product Apple won’t make minor updates to because they’re too busy reinventing it. I don’t think it’s unreasonable to expect them to do both.

The Story of Windows’ Decline

Ben Thompson:

The story of Windows’ decline is relatively straightforward and a classic case of disruption:


What is more interesting, though, is the story of Windows’ decline in Redmond, culminating with last week’s reorganization that, for the first time since 1980, left the company without a division devoted to personal computer operating systems (Windows was split, with the core engineering group placed under Azure, and the rest of the organization effectively under Office 365; there will still be Windows releases, but it is no longer a standalone business). Such a move didn’t seem possible a mere five years ago, when, in the context of another reorganization, former-CEO Steve Ballmer wrote a memo insisting that Windows was the future […]

It’s like seeing the Kübler-Ross stages of grief turned into a corporate strategy.

Apple’s Next Mac Pro Will Arrive Next Year

The headline is the bad news. While that was the implication at last year’s press briefings, we now have a year. We don’t yet have a timeframe for when in 2019, but I sincerely doubt we’ll see it before WWDC 2019.

Of course, that will mark six years since the current iteration of the product was introduced, never to be upgraded in its history. Six years without an upgrade — not just without a major upgrade, but without an upgrade at all — is an embarrassing black mark on Apple’s history of pro products. The only change made to the current product was to slide the mid-leve configuration down to the entry-level slot; that change was made last year, which is far too late.

Where things get more frustrating, from my perspective, is that it feels like the Pro is stuck in a position of not being released until it is a perfect rethinking of what a professional Mac should be.1 Matthew Panzarino of TechCrunch got to interview core members of the Mac Pro team recently, in a quasi-sequel to last year’s press briefings:

Now, it’s a year later and Apple has created a team inside the building that houses its pro products group. It’s called the Pro Workflow Team, and they haven’t talked about it publicly before today. The group is under John Ternus and works closely with the engineering organization. The bays that I’m taken to later to chat about Final Cut Pro, for instance, are a few doors away from the engineers tasked with making it run great on Apple hardware.

“We said in the meeting last year that the pro community isn’t one thing,” says Ternus. “It’s very diverse. There’s many different types of pros and obviously they go really deep into the hardware and software and are pushing everything to its limit. So one thing you have to do is we need to be engaging with the customers to really understand their needs. Because we want to provide complete pro solutions, not just deliver big hardware, which we’re doing and we did it with iMac Pro. But look at everything holistically.”

This sounds great. Apple is taking the time to really understand where professional users’ sticking points are and address them — whether in improving hardware design, fixing software bugs, or addressing incompatibilities with system components — in current products and using that understanding to guide the future Mac Pro. None of this is bad news, and Ternus even suggests that this research will also influence MacBook Pro updates as well:

“Well, it’s a need for some of them,” adds Ternus. “I want to be clear that the work that we’re doing as a part of the workflow team is across everything. It’s super relevant for MacBook Pros, it’s super relevant for iMacs and iMac Pros and in the end I think it helps us in dialogue with customers to figure out what are the right systems for you. There is absolutely a need in certain places for modularity. But it’s also really clear that the iMac form factor or the MacBook Pros can be exceptionally good tools.”

Where I think this whole saga gets very frustrating for a lot of current and potential Mac Pro customers is that Apple is describing a product — a powerful, professional-grade, modular desktop computer — that already exists: it’s the tower-style “cheese grater” Mac Pro. While Apple is working away to reinvent one of the most critical components of a professional user’s workflow, those users are stuck with product choices that may not quite fit.

Though last year’s mea culpa acknowledged the weaknesses of the current Mac Pro, I think Apple should have taken it a step further and taken the PR black eye by pulling that product from the market, replaced it with the old cheese grater in a more current configuration, and kept iterating in it while developing the new Pro. I have to think there was something technically fraught with doing so; and, now, it’s probably too late.

As it is, Pro customers that need a modular product are once again left in limbo as they await a reinvented high-end Mac. I hope it’s worth the wait, but several professional users have indicated that they don’t trust Apple to get it right.

Or, see Dr. Drang’s more succinct version of this argument:

Apple will be taking an extra year to design the only product in its lineup whose buyers don’t care about its design.

I’m optimistic that there’s a good reason to take several years to build and ship a rethought product worthy of the Mac Pro badge. But I’m also realistic: that’s a very long time to ship a revolution, when what many users want today is an evolution.

  1. There are plenty of users — yours truly included — who have expressed a desire for Apple to slow down and get things right. I don’t think you’ll find anyone who thinks that Apple is moving too quickly with the Mac Pro. Six years between updates is a lot↩︎

Facebook Says Data on Most of Its Two Billion Users Vulnerable

Sarah Frier, Bloomberg:

Facebook Inc. said data on most of its 2 billion users could have been accessed improperly, giving fresh evidence of the ways the social-media giant failed to protect people’s privacy while generating billions of dollars in revenue from the information.

The company said it removed a feature that let users enter phone numbers or email addresses into Facebook’s search tool to find other people. That was being used by malicious actors to scrape public profile information, it said.

Well, yes, of course it was. Facebook is a website that centralizes the conversion of abstract, individual pieces of personal data for over two billion people; that’s a golden opportunity for any data miner.

That’s not just me saying that with hindsight, either. Jeremy Kirk reported on this capability for PC World over four years ago. A couple of years ago, Slawomir Tulski built a proof-of-concept way to match Facebook and LinkedIn profiles using, in part, Facebook search. A quick web search will return dozens of discussions about the possibilities of using Facebook search to scrape profiles. This shouldn’t be the first time the company has realized that creating a powerful search engine for a third of the world’s population could be misused.


Facebook also said data on as many as 87 million people, most of them in the U.S., may have been improperly shared with research firm Cambridge Analytica. This is Facebook’s first official confirmation of the possible scope of the data leak, which was previously estimated at roughly 50 million. It has resulted in calls from legislators and policymakers for greater regulation of social media, helping to shave billion of dollars from the company’s market value.

Like Equifax’s massive breach last year, I’d bet good money that Facebook’s value will return to its previous high within a year or so. There’s simply no lasting consequence for not adequately containing the data of millions or billions of people when the company responsible is as entrenched and as powerful as these giants are.

Apple Hires John Giannandrea

Jack Nicas and Cade Metz, New York Times:

Apple has hired Google’s chief of search and artificial intelligence, John Giannandrea, a major coup in its bid to catch up to the artificial intelligence technology of its rivals.

Apple said on Tuesday that Mr. Giannandrea will run Apple’s “machine learning and A.I. strategy,” and become one of 16 executives who report directly to Apple’s chief executive, Timothy D. Cook.

This is a big get for Apple; Giannandrea‘s name is on a bunch of the patents that form the groundwork for Google’s “Knowledge Graph” search infrastructure. My interpretation of this is that it means that he’s familiar with making assistant-type software more understanding of user intent; however, it should also be noted that an extension of the Knowledge Graph has been a source of pain for Google as well.

As this Times story explains, Apple has been making big hires in the machine learning space, and MacStories’ John Voorhees points to over a hundred Siri-related job postings on Apple’s website. What I’ve long wondered is how much of Siri’s lacklustre qualities can be blamed on a lack of staff, how much is the fault of Siri’s managers, and how much is a product of the way the company operates. If it’s primarily the first and second, then hiring renowned leaders and additional staff across Siri’s various teams could make a positive contribution. But if it’s the third, it’s going to require more than a few key hires. What’s most interesting, I think, about Giannandrea’s hire is that he’s reporting directly to Tim Cook. Hopefully, that means a clear direction for what Siri’s capabilities ought to be, and how we should expect it to function.

Drivers Report That Google Maps Isn’t Reliable in Indonesia

Resty Woro Yuniar, writing in the South China Morning Post:

“Google Maps has often guided me farther away from my destinations. I’ve had to call my customers, which means I have to keep buying phone credit just so I can pick-up passengers or deliver their packages,” Nurani says. “My income is not that big and I can’t keep wasting my money on phone credits.”

Nurani isn’t alone. Many drivers with ride-hailing companies in the Southeast Asian nation are less likely to rely on digital navigation tools than their Western counterparts, as online maps can be full of glitches and lack short cuts for two-wheelers – a common mode of transport in the region. Weak internet connectivity also causes headaches for drivers, something that Agus Saputra, another Go-Jek driver in Jakarta, is all too familiar with.

“One time I was following Google Maps, and suddenly it just stopped because I lost the signal, I was confused because I didn’t know where I was,” Saputra said.

I’ve been travelling around Indonesia for the past couple of weeks — though not to Jakarta — and I’ve seen similar issues. Google Maps frequently doesn’t display local businesses, and it hasn’t always shown roads accurately: sometimes they exist in reality but aren’t shown on the map, while others aren’t correctly shown as one-way streets. And that’s Google Maps, in well-populated areas of a country where Android has a market share of over 90%. I’ve barely opened Apple Maps on this trip because it makes the country’s second-largest city look like a ghost town.

But, as Yuniar explains, maybe there’s an advantage to the biggest Silicon Valley firms so far failing to accurately map Southeast Asia:

The secret to Grab’s success can be traced back to two years ago when the company deployed resources to improve mapping data.

This effort resulted in more than 3,000 new, precise pick-up points across Southeast Asia.

These in-house, localised data complement existing data provided by commercial maps that Grab uses such as Google Maps, Foursquare, and Nokia’s HERE, among others. Grab also has created algorithms to help drivers obey traffic laws, for example, like an odd-even car licence plate rule in Jakarta that sees vehicles take to the road only on alternate days and a regulation in Hanoi that bars contract cars with fewer than nine seats from 11 roads during peak hours, says Ajay Bulusu, regional head of map operations at Grab.

A recurring point I’ve made on this website for a couple of years now is that giant American companies often have too much influence over other countries’ communications and web infrastructure. I still think that’s the case, but their blind spots can help encourage local development. Given the size of the largest American tech companies, though, that also makes these smaller businesses prime acquisition targets; I wouldn’t be surprised to see an offer made for Grab.

Apple Music Doesn’t Let Users Search for Composers

Kirk McElhearn:

I know, classical music is a small share of the overall music market. But it’s still an important part of the overall music landscape, and if there are currently 36 million Apple Music subscribers, that means there are at least a couple of million people who listen to classical music.

Yet you cannot search for composers.

You see some composers listed as “artists,” you see their names in the titles of albums (for a number of years, many if not most classical albums that feature music from a single composer have that composer’s name at the beginning of the title), you may see playlists with a composer’s music, you even see “songs,” but you cannot see all the music by a composer.

It’s not just composers excluded from Apple Music’s search function, either: searching Apple Music seems to be limited to title, artist, album, and genre fields. Even something as basic as the year of release cannot be searched even amongst local tracks on iOS, and I find that completely absurd. I would love nothing more than to see a modernized version of the column browser better tailored for Apple Music’s vast library.

It’s Weirdly Hard to Steal Mark Zuckerberg’s Trash

Joe Veix, in one of my favourite pieces in recent memory for the Outline:

In 2014, Mark Zuckerberg bought a new home in San Francisco’s Mission District, about a mile from where I lived at the time. Shortly after the purchase, the man who once printed business cards boasting, “I’m CEO, Bitch” began refurbishing the $10 million “fixer upper.”

I immediately biked over to the area to scope the place out. I figured that having the address of one of the richest and most powerful people in the world could be vaguely useful. Maybe if a Class War ever started, I could point an angry mob in his general direction. Or maybe I could steal his valuable trash.

After four years of stalling, I finally decided to go ahead with the latter idea. My quarter-baked plan was this: I’d drive to his Mission District pied-à-terre on trash collection day, snatch a few bags of whatever, and dig through it. I could learn more about Mark Zuckerberg’s habits and interests, creating my own ad profile of him. Then I could sell this information to brands looking to target that coveted “male, 18-34, billionaire” demographic. Think of it as a physical version of Facebook’s business model.

This is so great.

Apple Releases iOS 11.3

This update is probably going to be thought of as the “we’re sorry we didn’t tell everyone about performance throttling on iPhones with reduced battery life” version of iOS, but there are plenty of new features in it as well. I like the bigger and better Animoji selection, enhanced privacy features — likely partially encouraged by GDPR compliance — and Safari improvements designed to impede surreptitious efforts to track users via form autofill.

Notably absent from this release, however, are AirPlay 2 and Messages in the Cloud, both of which appeared in early betas before being removed from the public release. I don’t know about AirPlay 2, by Messages in the Cloud has remained buggy in every iteration I’ve tested: messages frequently take a while to sync, and occasionally appear wildly out of order. That’s the kind of thing that needs to be fixed before it’s released publicly.

At the same time, this delay isn’t going to help Apple’s recent reputation as a company that has trouble meeting its own deadlines. Bugs happen and plans change — I get that. But incidents like these build up and make it harder to rely upon other shipping promises, like those made earlier this week.

As usual, a slew of other software updates were released today, including WatchOS 4.3, tvOS 11.3, MacOS 10.13.4, and an update for the publicly-unnamed HomePod operating system.

Apple’s ‘New’ Education Strategy

Bradley Chambers:

As I rewatched the 2012 keynote and pondered the 2018 keynote, I realized that Apple is yet again trying to craft a future for education that I am not sure fits with reality.

Individual schools certainly have and will continue to take advantage of both Swift Playgrounds and Everyone Can Code. Some schools will undoubtedly take advantage of Everyone Can Create content that Apple announced yesterday.

Some teachers will look at some of the new apps that Apple has created for educators, but will 50% of teachers in the US explore new solutions? I highly doubt it. Teaching is a hard job. Apple even had a video where students talked about how hard their teacher’s job was. Being a teacher can be a thankless job. Teachers put in a lot of hours outside the classroom for a salary that is less than they deserve. I’m not sure the average teacher is getting excited about another new app to learn (and then explain to students).

This much I completely understand as a concern. I worry that Apple’s strategy simply requires too many (expensive) pieces and too many things to learn for schools to even consider adopting it.

Here’s what puzzles me about Chambers’ take:

This doctrine should apply to education as well. If Apple believes they can make a significant contribution to schools, then they should go all in to change everything about school technology. They should buy major a textbook publisher and change the purchasing model for books when you deploy iPads. They should buy (or buy back) a student information system platform and integrate it with all of their new apps.

They should build a viable alternative to G-Suite that makes it easy for schools to manage communications. They should do all of this at a price where the least affluent districts can deploy it as easily as the most affluent ones.

That seems great, but it also sounds like another world of complexity that schools simply don’t have the time or finances to implement, regardless of how inexpensive Apple makes their solution.

Also, not that textbook publishers are saints — far from it — but I’m not sure I’d like to see tech companies owning such a fundamental piece of school hardware.

Regardless, I’d love to see Apple making a bigger impact in the space. Schools, in particular, shouldn’t be relying upon technologies built by companies with a business model dependent on mass data collection.

Apple’s Education-Focused Updates

Apple introduced a good round of minor updates to its 9.7-inch base model iPad, iWork suite, and education-focused software today. There’s nothing groundbreaking here — you’ve probably seen either the keynote or the highlight reel — but today’s event was interesting to me for two reasons:

  1. it was Apple’s first education-focused event in six years; and,

  2. it was Apple’s first ever product event to be held in Chicago — at least, as far as I can figure out.

Both of these factors signified to me that Apple was likely framing this event as meaningful updates with a cohesive story, but not brand new products. If they had major products to introduce — like, say, an Apple Pencil with support for wireless charging, or an iPad with Face ID — I feel like they would choose to have this event at the Steve Jobs Theater instead.

Coincidentally, minor spec bump-like updates like these are some of my favourites. They show incremental progress that may not look as important, but indicates ongoing attention and effort.

The updated base model iPad introduced today, for example, combines the processor from an iPhone 7, the LTE capabilities from an iPhone 6S, the first-generation Touch ID sensor from the iPhone 5S, and the Apple Pencil support from iPad Pro models, all inside a body that’s basically unchanged from the first iPad Air. That’s not a complaint; the base model iPad is an exceptional value, especially now with support for the Apple Pencil. I only wish that its display were laminated, and that every iPad came with LTE as standard.

Apple’s iWork updates are also pretty solid, with the addition of more advanced ePub creation features, though Apple insists that it is not a replacement for iBooks Author — for now. There are also some sweet new drawing features in the iWork apps that make use of the Apple Pencil.

New for teachers is an app called Schoolwork. Coming in June, it appears to be Apple’s take on an LMS specifically built for iPads managed via Classroom. They also introduced a companion framework for developers called ClassKit that allows apps to offer assignments and activities for use with Schoolwork.

The combined story here is that Apple has a more compelling narrative for how they’re building their vision for the future of education. Whether they’ll be able to claw back significant influence in the space is a good question, though — budget-restricted school districts may simply be swayed by the much cheaper price of Google’s Chromebooks, regardless of the iPad’s features. But there’s a lot here to love even if you aren’t a student or teacher: Apple Pencil support on the base model iPad and updates to the iWork suite are great news regardless.

Facebook Scraped Call, Text Message Data for Years Without Users’ Explicit Consent

Sean Gallagher, Ars Technica:

This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years’ worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received.

This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us — my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata.

Facebook responded by claiming that this creepy spyware they call a “feature” is only available through Messenger and Facebook Lite with explicit user opt-in, but Gallagher is reporting that neither app was installed on the specific device he found call history for, nor does he recall consenting to Facebook tracking his messaging history. Facebook also says that they don’t record the contents of phone calls or messages, which is awfully similar to the defence repeated by the NSA after it was revealed that they were collecting the same kind of metadata. That’s probably not the kind of comparison Facebook would like to strike, but it isn’t inappropriate.

Also keep in mind that several people had to write the code that makes this possible: someone had to write the Android API that allowed these logs to be monitored, while someone else had to write Facebook’s end that made this whole thing possible. Then there were managers and quality assurance staffers who could have objected to this capability. It took years for this functionality to be stopped for third party apps on Android.

For what it’s worth, this story applies only to Android users, because of course it does; iOS has never allowed a third-party app to silently monitor call or messaging history.

Facebook’s Abdication of Responsibility

Alex Kantrowitz, Buzzfeed:

"I’m not sure we shouldn’t be regulated," Zuckerberg said in an interview with CNN’s Laurie Segall, after being asked why his company shouldn’t be regulated.

Asked how the government should regulate Facebook, Zuckerberg said "ads transparency regulation — that I would love to see." He referenced legislation that’s currently in the Senate that would require internet companies to disclose who paid for ads, a clear reference to the Honest Ads Act. The bill hasn’t gone anywhere since its introduction last fall. Zuckerberg said he didn’t believe internet companies should be less transparent than other mediums, like radio or TV.

Facebook could do this today, right now, without waiting for regulations that require them to do so. But Zuckerberg is indicating here that they won’t implement the policies of the Honest Ads Act without being obligated to legally. In addition, the Internet Association lobbying group — of which Facebook is a member — has so far campaigned against the Act. The difference between what Zuckerberg says in interviews and the actions of the company he runs is a chasm that splits universes.

Facebook Pathetica

Michael Del Moro posts on Twitter a statement from a Facebook spokesperson:

Mark, Sheryl and their teams are working around the clock to get all the facts and take the appropriate action moving forward, because they understand the seriousness of this issue. The entire company is outraged we were deceived. […]

Mark Zuckerberg in a post on Facebook:

In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against our policies for developers to share data without people’s consent, so we immediately banned Kogan’s app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.

They did not disclose this at the time, nor did they notify the fifty million users whose information was accessed by Cambridge Analytica. So their claim in their press statement that they felt deceived is bunk: they knew, and did nothing when it mattered first.

Zuckerberg continues:

Last week, we learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. We immediately banned them from using any of our services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We’re also working with regulators as they investigate what happened.

One other thing that Facebook immediately did after being notified of the forthcoming media reports is that they — and Cambridge Analytica — threatened to sue. Mike Masnick, Techdirt:

But, it’s raising a bigger question, as well, and it’s one that caused Facebook to do something that I’ll definitively call as “incredibly stupid,” which is that it threatened to sue the Guardian over its story, mainly because the Guardian story refers to this whole mess as a “data breach” for Facebook’s data.

Facebook instructed external lawyers and warned us we were making ‘false and defamatory’ allegations. Today they said it was not correct to call this a data breach. We are calling it a data breach. https://t.co/Q8wrw0FDyr

And, of course, Facebook wasn’t the only one who threatened to sue. Cambridge Analytica did too:

The Observer also received the first of three letters from Cambridge Analytica threatening to sue Guardian News and Media for defamation.

Facebook’s attitude so far is that this story has been a massive inconvenience to them, and they’d rather not think about it if that’s okay with everyone. But it isn’t okay. It’s an outrageous exploitation of data that Facebook’s business model has enabled, and they’re scared that users will figure that out.

Nick Heer Uses This

You might be familiar with Uses This, a collection of interviews by Daniel Bogan about the hardware and software tools people use to get things done. Well, Bogan asked me to tell everyone about what I use to do whatever it is that I do. It’s a collection of things that are horribly inefficient and woefully outdated, but these things work for me.

Facebook’s Surveillance Machine

Zeynep Tufekci reacts to Cambridge Analytica’s exploitation of Facebook data, in the New York Times:

If Facebook failed to understand that this data could be used in dangerous ways, that it shouldn’t have let anyone harvest data in this manner and that a third-party ticking a box on a form wouldn’t free the company from responsibility, it had no business collecting anyone’s data in the first place. But the vast infrastructure Facebook has built to obtain data, and its consequent half-a-trillion-dollar market capitalization, suggest that the company knows all too well the value of this kind of vast data surveillance.

Should we all just leave Facebook? That may sound attractive but it is not a viable solution. In many countries, Facebook and its products simply are the internet. Some employers and landlords demand to see Facebook profiles, and there are increasingly vast swaths of public and civic life — from volunteer groups to political campaigns to marches and protests — that are accessible or organized only via Facebook.

One uniquely terrible attribute that these companies share is their willingness to exploit developing nations as test beds for techniques they hope to use elsewhere. From the Times story that broke the news of the way Cambridge Analytica acquired Facebook user data in the United States:

Mr. Nix, a brash salesman, led the small elections division at SCL Group, a political and defense contractor. He had spent much of the year trying to break into the lucrative new world of political data, recruiting Mr. Wylie, then a 24-year-old political operative with ties to veterans of President Obama’s campaigns. Mr. Wylie was interested in using inherent psychological traits to affect voters’ behavior and had assembled a team of psychologists and data scientists, some of them affiliated with Cambridge University.

The group experimented abroad, including in the Caribbean and Africa, where privacy rules were lax or nonexistent and politicians employing SCL were happy to provide government-held data, former employees said.

There isn’t any evidence that Cambridge Analytica used Facebook user data in these experiments. But the way that Facebook has made itself a de facto component of the communications infrastructure of developing nations is troubling as well. Massive amounts of user data from Facebook initiatives like Internet.org is being scooped up and held by a giant company in California, largely because many in the developing world have few options for getting online. It’s exploitative and shameful.

It’s also worth pointing out that lax American privacy laws and a weak regulatory environment also enabled Facebook’s mass data collection. If Facebook were instead a European company, they would have faced much stricter limitations on what kind of data they could collect and how they could use it. That probably means they wouldn’t have been as successful, but it also means that there likely wouldn’t be a gigantic database of attributes about one-third of the world’s population in the hands of a single company. Something to think about.

‘Hey’ Used to Be for Horses

M.G. Siegler:

I live in a house with both the Echo and the Home. And I’m always testing out Siri to see what she can and cannot do in relation to the competition. It’s just so much nicer to invoke Alexa than the others. And I’m certain a part of it is not having to add that extra wake word.

It also happens to be an awful word. Hey. Every time I hear it, I think back to growing up when my parents would make the dreadful parenting joke — which was really more of a reprimand. “‘Hey’ is for horses.” These days, we’re not only letting our children say “hey”, we’re basically forcing them to.

Not only that, but with the anthropomorphization of assistant software, I think the “Hey” can be a little demeaning as well.

There’s something about all of this software that feels like it’s still a prototype. A proof of concept, and little more. It’s not just Siri — it’s everything. And, while today’s virtual assistants are better at parsing natural language commands, they’re still more verbose and far more particular than how we actually speak to other people. Alexa’s new brief mode is a step in the right direction, I think, as is its lack of a “Hey”. But there’s still so far to go.

Fifty Million Facebook Profiles Harvested for Cambridge Analytica

Matthew Rosenberg, Nicholas Confessore, and Carole Cadwalladr, New York Times:

[Cambridge Analytica] had secured a $15 million investment from Robert Mercer, the wealthy Republican donor, and wooed his political adviser, Stephen K. Bannon, with the promise of tools that could identify the personalities of American voters and influence their behavior. But it did not have the data to make its new products work.

So the firm harvested private information from the Facebook profiles of more than 50 million users without their permission, according to former Cambridge employees, associates and documents, making it one of the largest data leaks in the social network’s history. The breach allowed the company to exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump’s campaign in 2016.

Carole Cadwalladr and Emma Graham-Harrison, the Guardian:

The data was collected through an app called thisisyourdigitallife, built by academic Aleksandr Kogan, separately from his work at Cambridge University. Through his company Global Science Research (GSR), in collaboration with Cambridge Analytica, hundreds of thousands of users were paid to take a personality test and agreed to have their data collected for academic use.

However, the app also collected the information of the test-takers’ Facebook friends, leading to the accumulation of a data pool tens of millions-strong. Facebook’s “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it being sold on or used for advertising. The discovery of the unprecedented data harvesting, and the use to which it was put, raises urgent new questions about Facebook’s role in targeting voters in the US presidential election. It comes only weeks after indictments of 13 Russians by the special counsel Robert Mueller which stated they had used the platform to perpetrate “information warfare” against the US.

Both the Times and the Guardian describe this as a “data breach”, but I don’t think that’s entirely descriptive of what went on here. When I hear “data breach”, I think that a password got stolen or a system was hacked into. But Facebook VP Andrew Bosworth tweeted that there was nothing that was stolen — users willingly gave their information to an app, which went behind their backs to use the information in a somewhat sketchy way that users did not expect.

Which, when you think about it, is kind of Facebook’s business model. Maciej Cegłowski:

The data that Facebook leaked to Cambridge Analytica is the same data Facebook retains on everyone and sells targeting services around. The problem is not shady Russian researchers; it’s Facebook’s core business model of collect, store, analyze, exploit.

Facebook preempted the publication of both of these stories with a press release indicating that they’ve suspended Strategic Communications Laboratories — Cambridge Analytica’s parent — from accessing Facebook, including the properties of any of their clients.

However, the reason for that suspension is not what you may think: it isn’t because Kogan, the developer of the thisisyourdigitallife app, passed information to Cambridge Analytica, but rather because he did not delete all of the data after Facebook told him to.

Also, from that press release:

We are constantly working to improve the safety and experience of everyone on Facebook. In the past five years, we have made significant improvements in our ability to detect and prevent violations by app developers. Now all apps requesting detailed user information go through our App Review process, which requires developers to justify the data they’re looking to collect and how they’re going to use it – before they’re allowed to even ask people for it.

Of course, this kind of review process doesn’t exist for new projects created by Facebook itself, beyond the company’s blanket privacy policy.1 When Facebook starts analyzing user photos for facial recognition purposes without telling users first, that’s a similar violation of expectations and trust.

Marco Rogers:

Today, Facebook execs are going out of their way to let us know that this is the intended purpose of the platform. This isn’t unexpected. This is why they built it. They just didn’t expect to be held accountable.

Facebook can make all the policy changes it likes, but I don’t see any reason why something like this can’t happen again at some point in the future. Something will slip through the cracks and create unintended consequences of third-party companies having extraordinary access to one of the largest databases of people anywhere.

Facebook is more than happy to collect the world’s information, but it is clear to me that they have no intention for taking full responsibility for what that entails.

  1. Which users often don’t understand the implications of before accepting. ↩︎

Alexa’s New ‘Brief Mode’

Sarah Perez, TechCrunch:

Amazon confirmed it’s rolling out an optional “Brief Mode” that lets Alexa users configure their Echo devices to use chimes and sounds for confirmations, instead of having Alexa respond with her voice. For example, if you ask Alexa to turn on your lights today, she will respond “okay” as she does so. But with Brief Mode enabled, Alexa will instead emit a small chime as she performs the task.

The mode would be beneficial to someone who appreciates being able to control their smart home via voice, but doesn’t necessarily need to have Alexa verbally confirming that she took action with each command. This is especially helpful for those who have voice-enabled a range of smart home accessories, and have gotten a little tired of hearing Alexa answer back.

I would love an option like this for Siri on all of my devices. It indicates a great deal of trust Amazon has in its own product for them to reduce Alexa’s feedback to a simple audio chime. They must be convinced that users will have enough confidence in Alexa’s abilities for its feedback to be truncated to such an extreme.

Protecting Against HSTS Abuse

Brent Fulgham of the WebKit team:

HTTP Strict Transport Security (HSTS) is a security standard that provides a mechanism for web sites to declare themselves accessible only via secure connections, and to tell web browsers where to go to get that secure version. Web browsers that honor the HSTS standard also prevent users from ignoring server certificate errors.


What could be wrong with that?

Well, the HSTS standard describes that web browsers should remember when redirected to a secure location, and to automatically make that conversion on behalf of the user if they attempt an insecure connection in the future. This creates information that can be stored on the user’s device and referenced later. And this can be used to create a “super cookie” that can be read by cross-site trackers.

I already think that most trackers are installed unethically, as users frequently aren’t aware of the implications of different cookie policies and privacy settings. But this is a special level of intrusive. At what point does a company offering a user tracking solution go beyond what is reasonably expected by customers from software like that and create something downright abusive to users’ rights? I’d argue that this is pretty close.

HomePod as a Personal Apple Hub

Thoughtful article by Ryan Christoffel at MacStories:

HomePod succeeds as a music speaker, but it’s not the device we expected – at least not yet. Due to its arrival date more than three years after the birth of Alexa, we expected a smarter, more capable product. We expected the kind of product the HomePod should be: a smart speaker that’s heavy on the smarts. Apple nailed certain aspects with its 1.0: the design, sound quality, and setup are all excellent. But that’s not enough.

HomePod isn’t a bad product today, but it could become a great one.


By becoming a true hub for all our Apple-centric needs.

I love the idea of the HomePod becoming a sort of “source of truth” in the home. It could know a lot more about each family member’s devices, and perhaps use the voice “fingerprint” created for “Hey Siri” to figure out which family member is using it. Due to Apple’s unique stance on user privacy, I would even feel comfortable with keeping my tailored Siri profile, if you will — my Siri history, things I usually request, knowledge about my particular music library, and so on — in iCloud, and synced between all my devices and a HomePod or two. That’s a big ask, but something like that would make it feel more complete — more of an Only Apple can do this kind of a product.

The World Wide Web Turns Twenty-Nine

Sir Tim Berners-Lee:

The web that many connected to years ago is not what new users will find today. What was once a rich selection of blogs and websites has been compressed under the powerful weight of a few dominant platforms. This concentration of power creates a new set of gatekeepers, allowing a handful of platforms to control which ideas and opinions are seen and shared.

These dominant platforms are able to lock in their position by creating barriers for competitors. They acquire startup challengers, buy up new innovations and hire the industry’s top talent. Add to this the competitive advantage that their user data gives them and we can expect the next 20 years to be far less innovative than the last.

It’s worthwhile asking just what is needed to — *sigh* — disrupt the business of companies like Facebook, Google, and Amazon, especially if they’re simply going to buy or copy potential threats. A little part of me worries that it isn’t enough to create a different site or app to reduce the influence of today’s dominant web companies.

After Washington State Passes Net Neutrality Laws, California Proposes Its Own

Rachel La Corte of the Seattle Times, last week:

Washington became the first state Monday to set up its own net-neutrality requirements after U.S. regulators repealed Obama-era rules that banned internet providers from blocking content or interfering with online traffic.


The new law also requires internet providers to disclose information about their management practices, performance and commercial terms. Violations would be enforceable under the state’s Consumer Protection Act.

“But wait,” you may be thinking, “didn’t the FCC ban states from enacting net neutrality laws of their own, just as Comcast and Verizon asked them to do?”

Jon Brodkin of Ars Technica, in an article today about California’s tough new net neutrality proposal:

[Stanford law professor Barbara Van Schewick] argues that the FCC’s preemption claims are invalid.

“While the FCC’s 2017 Order explicitly bans states from adopting their own net neutrality laws, that preemption is invalid,” she wrote. “According to case law, an agency that does not have the power to regulate does not have the power to preempt. That means the FCC can only prevent the states from adopting net neutrality protections if the FCC has authority to adopt net neutrality protections itself.”


The California proposal is remarkably strong, by the way. It isn’t just a copy of the FCC’s 2015 rules; it’s much more comprehensive than that, mandating tight restrictions on interconnection and zero-rating. Brodkin again:

Van Schewick said the California bill is notable for prohibiting ISPs from charging “access fees” that online services would have to pay in order to send data to broadband consumers. “None of the other [state] bills have done this and it’s one of the loopholes that ISPs will use (if it’s not closed) to extract payments from edge providers,” van Schewick told Ars.

From the reporting I’ve read in Ars and other publications, this bill ticks a lot of boxes for effective legislation of ISPs as de facto common carriers.

The Information Looks at the History of Siri

Aaron Tilley and Kevin McLaughlin of the Information (this article is behind a paywall):

To determine how Apple squandered its own head start over rivals Amazon and Google in the digital assistant realm, The Information interviewed a dozen former employees who worked on various teams responsible for creating Siri or integrating it into Apple’s ecosystem. Most of them agreed to speak only on the condition that they not be named, citing non-disclosure agreements they had signed or concerns about retaliation from Apple executives.


Many of the former employees acknowledged for the first time that Apple rushed Siri into the iPhone 4s before the technology was fully baked, setting up an internal debate that has raged since Siri’s inception over whether to continue patching up a flawed build or to rip it up and start from scratch. And that debate was just one of many, as Siri’s various teams morphed into an unwieldy apparatus that engaged in petty turf battles and heated arguments over what an ideal version of Siri should be — a quick and accurate information fetcher or a conversant and intuitive assistant capable of complex tasks.

Even if you view this as a half-true gossip piece — and I don’t think it is, for what it’s worth — it’s still a fascinating look into the struggles Apple has faced with improving Siri’s capabilities.

For example, Tilley and McLaughlin report that separate teams worked on Siri and Spotlight’s suggested answers, which explains why the same query would sometimes return different results in each. On iOS, Apple rebranded some Spotlight features as Siri features: Siri App Suggestions, and Siri Search Suggestions, for example.

And then there’s Apple’s acquisition of VocalIQ two and a half years ago:

The VocalIQ team viewed Siri as a “manually-crafted system” and felt their technology could help improve it, said a former VocalIQ employee. VocalIQ’s technology is designed to continually finetune its accuracy by ingesting and analyzing data from voice interactions, he said. Apple has successfully integrated the VocalIQ technology into Siri’s calendar capabilities, sources familiar with the project said.

It’s interesting that Siri’s capabilities are set up in such a way that something like VocalIQ can be applied to just one feature. I don’t know how much this says, if anything, about why Siri often feels like its capabilities are so fragmented, but it struck me as odd.

Siri has been the responsibility of Craig Federighi since last year, transferred from Eddy Cue’s online services oversight. This year’s WWDC seems too soon to see that particular branch of discussion bear fruit; but, then again, the inconsistencies and general untrustworthiness of Siri make it feel like it cannot be soon enough for real changes to be made.

Update: The mysterious ATP Tipster:

The only thing you need to know about Siri is that the people who used to build it feel the need to absolve themselves of personal responsibility for the state that it is in. That they are doing so in the press is almost an implementation detail.


YouTube, the Great Radicalizer

Eye-opening op-ed by Zeynep Tufekci, in the New York Times:

Human beings have many natural tendencies that need to be vigilantly monitored in the context of modern life. For example, our craving for fat, salt and sugar, which served us well when food was scarce, can lead us astray in an environment in which fat, salt and sugar are all too plentiful and heavily marketed to us. So too our natural curiosity about the unknown can lead us astray on a website that leads us too much in the direction of lies, hoaxes and misinformation.

In effect, YouTube has created a restaurant that serves us increasingly sugary, fatty foods, loading up our plates as soon as we are finished with the last meal. Over time, our tastes adjust, and we seek even more sugary, fatty foods, which the restaurant dutifully provides. When confronted about this by the health department and concerned citizens, the restaurant managers reply that they are merely serving us what we want.

I’ve been paying attention to the examples of this that Tufekci has been collecting on Twitter and it’s eye-opening. Even videos about relatively mundane topics lead users down a rabbit hole of bullshit. I’m not one to play the “think of the children” card but, in this instance, I strongly believe that it’s a concern.

The Original Siri App Compared to Siri Today

In 2010, Tom Gruber created an impressive demo video of Siri, his company’s new app. It showed how someone could use relatively natural language requests to get things done on an iPhone using little more than their voice, and effectively kicked off the virtual assistant wave since.

Kevin Clark reflected on that video today:

It’s fascinating that the original Siri demo is still better than today’s Siri in a few aspects.

For fun and frustration, I tried all of the original commands featured in that eight year old video on my iPhone:

  • I’d like a romantic place for Italian food near my office”: Siri today correctly parses everything up until “near my office”, which it interprets as near me. I tried using the name of the organization that I work for instead of my office and it also interpreted that as near me.

    Then I tried asking Siri to find me restaurants near the address of my office. It interpreted that as an instruction to find restaurants in Cranbrook, BC — about 400 kilometres or four hours away. I don’t see why I should have to specify that I’m looking for restaurants in Calgary.

  • I’d like a table for two at Il Fornaio in San Jose tomorrow night at 7:30”: I tried using this exact phrasing — of course, swapping out Il Fornaio for a restaurant near me — and I was told that Siri “can’t book a table right now”. That felt like a failure until I tried rephrasing asking it “how about next Friday?”, at which point I was prompted to continue making the reservation using OpenTable. I was impressed that it kept the context intact.

    However, when I tried again with the request, “I’d like a table for two at Model Milk next Friday at 7:30”, I received the same “can’t book a table right now” error, and I can’t seem to reproduce the apparent success I had earlier. That’s frustrating; I was very impressed with the first apparent success, despite the vague error message.

  • Where can I see Avatar in 3D IMAX?”: I swapped “Avatar” for a better film but otherwise kept the request the same. Siri successfully found a theatre showing it in 3D — as far as I know, there isn’t a 3D IMAX showing near me — but I wasn’t able to buy tickets through Siri and it doesn’t check the showtimes against other calendar events, like a dinner reservation. To be fair, Siri has never allowed you to buy movie tickets in Canada because Fandango isn’t available here, but I also have the (terrible) Cineplex app installed — I wish there were some connection between the two.

    One thing I noticed when I tested several phrasings of this is that Siri only responds to full theatre names. All of the theatres near me have very long names, but nobody here actually uses the full name. For example, when I tried asking for “showtimes for Black Panther at Eau Claire”, Siri got confused. It also transcribed Eau Claire wrong most times I tried it, but that’s not necessarily relevant here. It wasn’t until I asked for “showtimes for Black Panther at Cineplex Odeon Eau Claire Market” that I got an answer. I wish it responded to fuzzier matches.

  • What’s happening this weekend around here?”: Siri interprets this as a request for news headlines, not events as in the original Siri app.

    When I tried rephrasing this question to “what events are happening this weekend”, it did a web search in Google, but without my location. It wasn’t until I asked “what events are happening in Calgary this weekend” that I got a web search with links to local event calendars.

    In the original Siri demo, they extend this by asking “how about San Francisco?”, so I did the same. It returned the weather forecast for this evening in San Francisco.

  • Take me drunk I’m home”: Today’s Siri did well here, responding “I can’t be your designated driver”, and offering to call me a taxi.

All of this may vary depending on where you’re located, what Siri localization you have, and even what device you use Siri on.

What’s clear to me is that the Siri of eight years ago was, in some circumstances, more capable than the Siri of today. That could simply be because the demo video was created in Silicon Valley, and things tend to perform better there than almost anywhere else. But it’s been eight years since that was created, and over seven since Siri was integrated into the iPhone. One would think that it should be at least as capable as it was when Apple bought it.

It’s no secret that Siri often feels like it has languished, and almost nothing demonstrates that more than the original demo. I’m sure there are domains where it performs better than the original — for example, it works, to varying extents, in countries outside of the United States. It works with more languages than just English, too. That’s all very important, but it boggles my mind that even some of the simpler stuff — like asking for restaurants near a different location — fails today, even in English.

I’d like to hear from readers who have time to attempt this same demo where they live. Please let me know if you give it a try; I would love to know the results.

Farhad Manjoo Unplugged From the Internet for His News Apart From in All of the Ways He Didn’t

Farhad Manjoo, New York Times:

This has been my life for nearly two months. In January, after the breaking-newsiest year in recent memory, I decided to travel back in time. I turned off my digital news notifications, unplugged from Twitter and other social networks, and subscribed to home delivery of three print newspapers — The Times, The Wall Street Journal and my local paper, The San Francisco Chronicle — plus a weekly newsmagazine, The Economist.

Dan Mitchell, Columbia Journalism Review:

But he didn’t really unplug from social media at all. The evidence is right there in his Twitter feed, just below where he tweeted out his column: Manjoo remained a daily, active Twitter user throughout the two months he claims to have gone cold turkey, tweeting many hundreds of times, perhaps more than 1,000. In an email interview on Thursday, he stuck to his story, essentially arguing that the gist of what he wrote remains true, despite the tweets throughout his self-imposed hiatus.

The biggest problem with Manjoo’s piece is that it is framed as “unplugging” from social media, when it’s really just a reduction in using it as a primary source for news. It’s more subtle and makes for a way less interesting headline, but it’s more honest.

By the way, I find the entire genre of tech writers writing about not using technology so trite. Beyond that, it’s 2018 — telling people not to follow news accounts on Twitter is just yelling into the wind. Want a few tips for reading the news? Here are four things I try to do, for whatever it’s worth:

  • Resist the urge to react immediately.

  • Resist the urge to refresh feeds and news sources when bored. News will happen regardless.

  • During a breaking news event, nothing makes sense to anyone, so keep that in mind when reading the first wave of reporting on it.

  • Twitter threads tend to be tedious and unnecessary.

Maybe those tips will be useful to you; maybe they won’t. Maybe they’re things you do already without thinking about it. But at least you didn’t have to pretend to stop using Twitter for two months to figure it out.

FBI Director Imagines a World of Unicorns, Dragons, and Secure Encryption That Can Be Sidestepped by Law Enforcement

Tim Cushing of Techdirt, responding to FBI Director Chris Wray:

We have a whole bunch of folks at FBI Headquarters devoted to explaining this challenge and working with stakeholders to find a way forward. But we need and want the private sector’s help. We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both. I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available. But I just don’t buy the claim that it’s impossible.

It really doesn’t matter whether or not Wray “buys” this claim. If you deliberately weaken encryption — either through key escrow or by making it easier to bypass — the encryption no longer offers the protection it did before it was compromised. That’s the thing about facts. They’re not like cult leaders. They don’t need a bunch of true believers hanging around to retain their strength.

The thing that bothers me most about Wray’s insistence that a magical “secure but accessible only by law enforcement” encryption standard is that technical experts at the FBI surely know that it isn’t possible, yet he keeps making the claim that it is. Does Wray simply not pay attention to his employees?

In Defence of Surfing the Insecure Web

Dave Winer opposes Google’s plan to effectively deprecate HTTP by discriminating against non-HTTPS websites in Chrome:

I don’t think the explosion is over. I want to make it easier and easier for people to run their own web servers. Google is doing what the programming priesthood always does, building the barrier to entry higher, making things more complicated, giving themselves an exclusive. This means only super nerds will be able to put up sites. And we will lose a lot of sites that were quickly posted on a whim, over the 25 years the web has existed, by people that didn’t fully understand what they were doing. That’s also the glory of the web. Fumbling around in the dark actually gets you somewhere. In worlds created by corporate programmers, it’s often impossible to find your way around, by design.

The web is a social agreement not to break things. It’s served us for 25 years. I don’t want to give it up because a bunch of nerds at Google think they know best.

Mozilla has indicated that they are doing the same. But Eric Mill wrote a piece a couple of years ago about this very topic, and he appreciates the deprecation of HTTP:

I understand the fear of raising the barriers to entry. As a child, I too fell in love with an internet made by everyone, and have spent my career, my volunteer work, and my hobbies trying to share what that love has taught me. I want children everywhere in the world to grow up feeling like the internet that permeates their lives is also in their service — a lego set in real life that you can buy with a week’s allowance.

Yet as an adult, I also understand that power for ordinary people is hard to come by and hard to keep. The path of least resistance for human society is for money to buy more money, and might to demand more might. Democracy is designed not so much to expand freedom as it is to give people tools to desperately hold onto the freedom they have.

Put another way: power has a way of flowing away from the varied, strange, beautiful little leaf nodes on the outer edges and into the unaccountable, unimaginative, ever-hungry center.

Mill actually uses the enforcement of HTTPS by browser vendors as a knock against big companies like Verizon and Comcast that inject ads into HTTP-served websites, and spy agencies like the NSA and the GCHQ:

What animates me is knowing that we can actually change this dynamic by making strong encryption ubiquitous. We can force online surveillance to be as narrowly targeted and inconvenient as law enforcement was always meant to be. We can force ISPs to be the neutral commodity pipes they were always meant to be. On the web, that means HTTPS.

As Mill points out in his article, there are great reasons to add an HTTPS certificate to a website that has no interactive elements beyond links. It makes sense to me to generally prefer HTTPS going forward, but I have concerns about two browser vendors working to effectively eliminate the non-HTTPS web; or, at least, to put barriers between it and users.

I like the way Firefox attempts to educate users directly adjacent to insecure password fields; I also don’t mind the way Chrome handles notifications of HTTP-only webpages today. But the changes coming in July that will mark all HTTP webpages as “not secure”, and that will make a large — if hardly-trafficked — part of the web feel like it’s diseased. And what will Google do in the future, I wonder? If they’re going to progressively increase their warnings on HTTP webpages, what’s next?

I also agree with Winer on another key point: enforcing a pseudo-mandatory policy on HTTPS makes it that much harder for someone new to this stuff to even begin to understand it. As Frank Chimero recently wrote, building stuff for the web has become vastly more complicated since even five years ago. I’m happy to keep learning new skills and growing my understanding of what the web can do, but I don’t know where to begin on this modern web. I don’t intend to hold myself up as a barometer of the complexities of modern web programming or anything — I just don’t know what’s going on any more. I’ve been doing this stuff for nearly twenty years. I don’t know how someone who is eight years old could start digging into React, or Node.js, or any of the other modern JavaScript-based ways of writing <h1>hello world</h1>.

I’m sure the kids will figure it out — they always do. However, I worry that introducing more requirements, even something as simple as HTTPS, can be discouraging. That’s the last thing HTTP/HTML web should be: discouraging. It is one of the greatest enablers of communication in human history. Let’s not allow its future to be dictated by browser vendors.

Or, in Mill’s language: let’s make sure we encourage building more leaf nodes by making their creation easier and more fun, instead of allowing a much stronger centre to form.

The Ways in Which Facebook Builds User Data Profiles for Targeted Advertising

Joanna Stern, Wall Street Journal:

A conspiracy theory has spread among Facebook and Instagram users: The company is tapping our microphones to target ads. It’s not.


I believe them, but for another reason: Facebook is now so good at watching what we do online — and even offline, wandering around the physical world — it doesn’t need to hear us. After digging into the various bits of info Facebook and its advertisers collect and the bits I’ve actually handed over myself, I can now explain why I got each of those eerily relevant ads. (Facebook ads themselves offer limited explanations when you click “Why am I seeing this?”)

Advertising is an important staple of the free internet, but the companies buying and selling ads are turning into stalkers. We need to understand what they’re doing, and what we can — or can’t — do to limit them.

Think about how quickly we’ve accepted this as the new normal, and why. Do we really prefer highly-specific advertising, as Facebook and Google say we do, or is it simply very creepy? Even if you don’t have a Facebook or Google account, you’re using Safari — which limits ad tracking by default — and have all sorts of silly settings to limit your exposure to trackers, there are still an extraordinary number of ways that your information can be acquired for highly-targeted advertising, almost always without your explicit permission.

California Becomes Eighteenth State to Introduce ‘Right to Repair’ Legislation

Jason Koebler, Vice:

“The Right to Repair Act will provide consumers with the freedom to have their electronic products and appliances fixed by a repair shop or service provider of their choice, a practice that was taken for granted a generation ago but is now becoming increasingly rare in a world of planned obsolescence,” Susan Talamantes Eggman, a Democrat from Stockton who introduced the bill said in a statement.

The announcement had been rumored for about a week but became official Wednesday. The bill would require electronics manufacturers to make repair guides and repair parts available to the public and independent repair professionals and would also would make diagnostic software and tools that are available to authorized and first-party repair technicians available to independent companies.

I’m intrigued by this wave of “right to repair” legislation — much of which has been pushed by Repair.org, a repair industry trade group — but I’m curious about what parts must be repairable, especially in consumer electronics. The full text of the California bill hasn’t been posted publicly, as far as I can see, but Minnesota’s has and it’s fairly nonspecific. I’m all for batteries being designed to be more replaceable, even if it takes popping a few screws out, but what about trickier components, like chips that are soldered to the board? Would a manufacturer be required to provide full board component repairability, or just the ability to replace the board itself?

Selfishly, I hope this legislation leads to more upgradable MacBooks, especially the Pro. I don’t think a professional notebook designed to last several years should have its internal storage capacity capped at time of purchase.

Notes on Analytics and Tracking in Onavo Protect for iOS

Will Strafach:

Recent media coverage of Onavo Protect encouraged me to investigate the code for the iOS version of their app. I wanted to determine what types of data is collected in addition to the alleged per-app-MAU tracking performed server-side.

I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook (graph.facebook.com) as the user goes about their day:

  • When user’s mobile device screen is turned on and turned off

  • Total daily Wi-Fi data usage in bytes (Even when VPN is turned off)

  • Total daily cellular data usage in bytes (Even when VPN is turned off)

  • Periodic beacon containing an “uptime” to indicate how long the VPN has been connected

If I’m reading this right, Strafach hasn’t found indications — yet? — that Onavo sends app usage data to graph.facebook.com, but we know Onavo collects that data.

What he has found so far doesn’t appear to be nearly that intrusive, but it’s also bizarre. For example, why does Facebook need to know when your phone’s display is on?

Tangentially, Onavo’s behaviour is the kind of thing I wish App Review was more strict towards. There’s perhaps a thin line between analytics packages that developers sometimes use and what Onavo does; similarly, there’s a thin line between Onavo’s data collection and Facebook’s entire business model. But this app is just skeevy — it buries its Facebook affiliation1 and data gathering behind a different brand and the promise of protecting you from phishing.

  1. The only mention of Facebook on their website is on the about page, and in the App Store, the Facebook affiliation is in a large paragraph of text in the initially hidden area of the app description. ↩︎

iTunes LP and the iPad

David Millar:

“Apple to Discontinue ‘fancy HTML in a zip file’ Format”

Michael Tsai:

I’m not quite sure whether iTunes LP was a bad idea or simply one that neither Apple (aside from Steve Jobs?) nor the music producers actually had much interest in. How else to explain that Apple never brought it to iPad?

I think iTunes LP was a fine enough idea; ultimately, though, I can’t imagine that many people went out of their way to buy iTunes LPs instead of the usually-cheaper non-LP version of the album.

They were built using an extraordinarily flexible and easy-to-use SDK by way of TuneKit, which was basically just a website. Theoretically, that simplicity should mean that they should have worked perfectly okay on the iPad that shipped just six months after iTunes LP was introduced, and that the number of iTunes LPs created should have been more than could easily be catalogued on Wikipedia. If lots of people truly cared about them, there would be an easy way to find them in a user’s iTunes library and in the iTunes Store.

Amazon Admits Alexa Is Creepily Laughing at People and Is Working on a Fix

Shannon Liao, the Verge:

Over the past few days, users with Alexa-enabled devices have reported hearing strange, unprompted laughter. Amazon responded to the creepiness in a statement to The Verge, saying, “We’re aware of this and working to fix it.”

As noted in media reports and a trending Twitter moment, Alexa laughs without being prompted to wake. People on Twitter and Reddit reported that they thought it was an actual person laughing near them, which can be scary when you’re home alone. Many responded to the cackling sounds by unplugging their Alexa-enabled devices.

Just one more thing Amazon’s virtual assistants can do that the HomePod cannot.

But why is this possible at all? Is there some sort of hidden maniacal laughter mode? Is that something people would ever want to trigger intentionally, let alone have the device invoke accidentally? Is this a prank? And could you trust Amazon’s virtual assistant to not do anything like this again?

Apple to Discontinue ‘iTunes LP’ Format

Remember iTunes LP? Here’s how a 2009 Apple press release described the then-new format:

iTunes LP is the next evolution of the music album delivering a rich, immersive experience for select albums on the iTunes Store by combining beautiful design with expanded visual features like live performance videos, lyrics, artwork, liner notes, interviews, photos, album credits and more.

At the time, Steve Jobs described it as a way to replicate an album-like experience digitally.

As of the end of this month, though, Apple will no longer accept new iTunes LP releases. Dani Deahl, the Verge:

Earlier today, UK-based website Metro claimed to have a leaked internal email from Apple sent to music producers titled “The End of iTunes LPs.” The email supposedly stated that “Apple will no longer accept new submissions of iTunes LPs after March 2018,” and that “existing LPs will be deprecated from the store during the remainder of 2018. Customers who have previously purchased an album containing an iTunes LP will still be able to download the additional content using iTunes Match.”

While iTunes LP submissions will end this month, existing iTunes LPs will not be depreciated. Not only will these iTunes LPs continue to be available, but users will still be able to download any previous or new purchases of iTunes LPs at any time via iTunes.

I have a few iTunes LPs, but I also have a ton of actual LPs. One thing that network-accessed music will always lack, whether it is streamed or purchased, is the physicality of an album. Apple’s attempt at replicating it was a good effort and allowed them to do things that you simply can’t do with album art and liner notes, like including music videos, or behind-the-scenes films of the recording process.

But, these days, those extras don’t require a specific packaged format. Videos are streamed for the one or two times most people watch them, and lyrics are just a scroll away for many Apple Music tracks. The world moved beyond iTunes LP. And the remaining things it offered — like exquisite artwork on gorgeous poet, and that sense of a packaged product — simply can’t be replicated effectively on a screen. The weight of an LP still means something, and bytes simply don’t weigh anything.

By the way, I see a lot of stories right now forecasting the end of the iTunes Store based, in part, on this announcement. The original Metro story, for example, mis-quotes the email in its headline, and Cult of Mac jumped right on that bandwagon. I wouldn’t read too much into those. If Apple were killing music sales, they would just come out and say that.

European Union Plans to Tax Tech Giants on Local Revenue

Romain Dillet, TechCrunch:

Google, Amazon, Apple and Facebook have all faced different issues when it comes to tax optimizations. They’ve been routing their revenue through Ireland, Luxembourg, the Netherlands and other countries with a low corporate tax. Sometimes the money end up in Bermuda or the tiny island of Jersey.


That’s why Europe’s economy ministers wanted to find a way to tax them properly that is easy to implement. And Le Maire confirmed that Europe will look at the overall revenue of tech giants in each country and tax them based on that figure.

This makes complete sense to me. As Tim Cook once wrote:

Taxes for multinational companies are complex, yet a fundamental principle is recognized around the world: A company’s profits should be taxed in the country where the value is created.

This is a tax that will be assessed in each country based on companies’ earnings in each country — that seems fair enough. What’s strange, though, is that the original article off which TechCrunch’s report is based indicates that this is a tax specifically on tech companies. Perhaps it’s just a lack of context created by a poor automatic translation, but that seems silly to me. As virtually all multinational companies practice various forms of tax avoidance, why not apply this strategy to all companies operating across the E.U.?

In Addition to Cellebrite, a Second Firm Offers Late-Model iPhone Unlocking Services

Thomas Fox-Brewster, Forbes:

Just a week after Forbes reported on the claim of Israeli U.S. government manufacturer Cellebrite that it could unlock the latest Apple iPhone models, another service has emerged promising much the same. Except this time it comes from an unkown entity, an obscure American startup named Grayshift, which appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer.

In recent weeks, its marketing materials have been disseminated around private online police and forensics groups, offering a $15,000 iPhone unlock tool named GrayKey, which permits 300 uses. That’s for the online mode that requires constant connectivity at the customer end, whilst an offline version costs $30,000. The latter comes with unlimited uses.

I don’t imagine Apple’s legal department is particularly thrilled that one of their ex-employees is helping crack device security measures.

At any rate, that’s now two firms that have similar intrusion capabilities using methods that they won’t report to Apple because their business models depend on their not doing so. That means that all iPhone owners are walking around with serious — albeit perhaps hard-to-exploit — vulnerabilities in their device’s security architecture. At least Apple may be able to surreptitiously acquire a copy of GrayKey and patch the vulnerabilities it uses.

Facebook Surveys Users to Find Out Whether Men Soliciting Sexual Images of Children Should Be Allowed on the Platform

Alex Hern, with one hell of a lede in the Guardian:

Facebook has admitted it was a “mistake” to ask users whether paedophiles requesting sexual pictures from children should be allowed on its website.

You don’t say.

On Sunday, the social network ran a survey for some users asking how they thought the company should handle grooming behaviour. “There are a wide range of topics and behaviours that appear on Facebook,” one question began. “In thinking about an ideal world where you could set Facebook’s policies, how would you handle the following: a private message in which an adult man asks a 14-year-old girl for sexual pictures.”

The options available to respondents ranged from “this content should not be allowed on Facebook, and no one should be able to see it” to “this content should be allowed on Facebook, and I would not mind seeing it”.

I don’t know how something like this could be possible, unless Facebook is somehow running this survey in an entirely automated way, including in writing the questions. Maybe they are, but I think someone — a human being — must have written this question and someone else must have seen it before it was published. Either there was an over-reliance in automated tools, nobody working on this survey caught such a blatantly stupid question, or someone genuinely believed this was something worth asking.

Delayed Disgratification

The Macalope, commenting on this tragedy of an article by the Motley Fool’s Ashra’s Eassa:

The phone was shipped “on time.” It was shipped when it was announced to ship and when Apple was able to meet enough demand. Your imaginary ship dates do not enter into this equation.

Eassa thinks there are people who looked at the later release date for the iPhone X and were “discouraged at having to wait until November to buy an iPhone that would ultimately be replaced by a newer, better model in about 10 months” and therefore didn’t buy an iPhone this year at all.

That seems like a very small set of people. And it’s quite likely that the 2018 release schedule will be exactly the same as the 2017 release schedule, with a base phone coming first and a higher end model coming second. So it’s a very small set of people who are very bad at evaluating choices.

Interestingly, one year ago — nearly to the day — Eassa argued that releasing the then-rumoured OLED iPhone in November was preferable:

Of course, Apple is better off delaying a product a smidgen to make sure it’s ready to go and if the redesigned fingerprint scanner meaningfully enhances the user experience, then the delay is probably worth it.

Three things about last year’s article:

  1. This was published when some rumours still claimed that the OLED iPhone would ship with a fingerprint scanner, hence that reference.

  2. Its headline frames this as “bad news”, so it sounds like Eassa is just sticking with that narrative rather than revising it in the face of facts.

  3. In interviews about the iPhone X, Apple executives have claimed that it actually shipped early — internally, they were apparently targeting a 2018 release.

Jack and the Mean Talk

Jack Dorsey:

We love instant, public, global messaging and conversation. It’s what Twitter is and it’s why we‘re here. But we didn’t fully predict or understand the real-world negative consequences. We acknowledge that now, and are determined to find holistic and fair solutions.

We have witnessed abuse, harassment, troll armies, manipulation through bots and human-coordination, misinformation campaigns, and increasingly divisive echo chambers. We aren’t proud of how people have taken advantage of our service, or our inability to address it fast enough.

That’s an extraordinarily frank admission. I admire that. So what will Twitter do about it?


Recently we were asked a simple question: could we measure the “health” of conversation on Twitter? This felt immediately tangible as it spoke to understanding a holistic system rather than just the problematic parts.

Dorsey points to an article from Cortico,1 a nonprofit firm that “aims to strengthen an American public sphere weakened by political, cultural and socioeconomic isolation“:

This experience led us to the idea that perhaps we could measure aspects of the health of the public sphere—in terms of communication exchanges between groups or tribes—grounded in data from public social media and other public media sources. As a starting point, we are developing a set of health indicators for the U.S. (with the potential to expand to other nations) aligned with four principles of a healthy public sphere:

  1. Shared Attention: Is there overlap in what we are talking about?

  2. Shared Reality: Are we using the same facts?

  3. Variety: Are we exposed to different opinions grounded in shared reality?

  4. Receptivity: Are we open, civil, and listening to different opinions?

This sounds a lot like Twitter will reference Cortico’s techniques to try to automate the hate away from conversations, but a post on Twitter’s blog indicates that they have no idea how to do this. I’m skeptical of its success. I’m concerned that Dorsey sees it as a problem, but has waited too long to do anything about it and now wants to invent a way to do it automatically, like a university student who waited to start writing their ten-thousand word essay until the night before it’s due. It seems earnest, but also a bit desperate.

I think that a better start would be to ban Nazis. I mean that literally. Flag any account where its name, handle, location, bio, or recent tweets contain allusions to Hitler normally used by white supremacist groups: “1488”, “HH”, “14 words”, and other hate symbols in context. That gives human operators the ability to sift through heaps of these accounts and ban the ones that are clearly and obviously Nazis, of which there are frighteningly many. This isn’t a perfect solution; it’s barely scratching the surface. But it would be a material change in how Twitter operates and a clear line as to what they do not tolerate. “No Nazis” should not be a controversial point of view.

  1. I had never heard of Cortico before Dorsey posted this, so I went to Wikipedia. There’s no entry for the company; there is, however, an entry for cortiço, a term used in Portugal and Brazil to describe ultra high density housing with poor sanitary conditions. I don’t know where the American firm got their name, but that’s a hell of an association. ↩︎

Twitter Launches Bookmarks

Jesar Shah, product manager at Twitter:

Today, we’re introducing Bookmarks, an easy way to save Tweets for quick access later. But wait, there’s more! Today’s update makes sharing better, too. With our new “share” icon on every Tweet, you’ll be able to bookmark a Tweet, share via Direct Message, or share off of Twitter any number of ways. Because we put all sharing actions together in one place, it’s easier to save and share privately or publicly — in the moment, or later.

This looks great. Bookmarking is easily one-third to one-half of how I use the “like” button. A key difference between the two is that bookmarks are private; likes are public and, for a few years now, followed users’ likes have been inserted at the top of the algorithmic timeline. If Twitter were driven less by juicing “engagement” metrics, this feature might not be necessary.

Unfortunately, there’s nothing in this announcement nor anything in Twitter’s documentation that suggests they’re making this available to third-party developers; I hope they do.

Forbes: Cellebrite Can Now Unlock Recent iPhones, Including the iPhone X

Thomas Fox-Brewster, Forbes:

Cellebrite, a Petah Tikva, Israel-based vendor that’s become the U.S. government’s company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. […]

On some level, this is extremely impressive. The iPhone is the gold standard in consumer smartphone security — possibly in smartphone security period — and they keep improving with every generation. A flaw that allows someone to bypass an iPhone’s hardware-enforced encryption is very rare indeed; that’s why some security firms will pay up to a million dollars for that kind of an exploit.

But it is deeply troubling as well. While we don’t know anything about Cellebrite’s technique for breaching an iPhone’s security — including whether their method has been patched in an iOS 11 update — it is notable that a security firm has found an exploit but is unlikely to tell Apple about it. It’s concerning that three-letter agencies are hoarding zero-days, but at least those agencies are ostensibly publicly accountable. That doesn’t make it right, but it does make it slightly easier to stomach than a for-profit company charging $1,500 a pop to law enforcement agencies worldwide — some of which are less reputable than others, mind you — and not disclosing vulnerabilities to software vendors is callous. It puts users worldwide at risk for their financial gain.

Update: If you are worried about the possibility of Cellebrite — or anyone else who figures out their PIN cracking methodology — breaking into your phone, Ray “Redacted” has a good tip:

If you are concerned by this then one thing you can due to mitigate it is to change your iPhone PIN from a six digit number to an alphanumeric passphrase. The cellebrite exploit involves a brute force PIN trick that allows unlimited attempts without wiping.

Like any passphrase, it should contain a mix of lowercase and uppercase letters, numbers, and symbols. It can even be of a similar length, but a greater combination of character options means a longer cracking process.

Update: Fox-Brewster has confirmed with Cellebrite that their method can unlock iPhones running up to iOS 11.2.6, the latest public release.

Timers, Reminders, and Alarms

Dr. Drang explored all the conceivable ways you can tell your Apple devices to notify you about something at a specific time, and it’s quite the mess. There are huge inconsistencies between devices, basic failures in Siri’s competence, and baffling shortcomings to nearly every approach.

One thing I wanted to draw attention to, though, was this observation:

The number of alerts that can be set was the starting point for the last post. People want multiple timers in their HomePods. That’s great, but Apple’s never had multiple timers in any iOS device, which is why I’ve always used reminders instead.

This is true. But, while I don’t think Drang is framing this as a rebuttal, per se, to critics who have pointed out that the HomePod supports only a single timer, I think it’s much more glaring on that device for a good reason: it’s an appliance. All smart speakers1 are designed to be placed on a table or a desk, and many will be used in or near the kitchen. If you have two or three different dishes on the go, you may want two or three different timers, and a smart speaker seems like it should be able to provide that. It would be nice — very nice, at that — if the iPhone supported multiple timers; it’s almost an expectation for the HomePod to. And, for what it’s worth, I think the Apple Watch also ought to do that by now.

  1. Apple can emphasize the audio quality all they like, but by putting Siri in the HomePod, they opened it up to direct comparison against the Google Home and Amazon Echo. ↩︎

Some iCloud Storage Infrastrucure Has Been Switched From Microsoft Azure to Google Cloud

Jordan Novet, CNBC:

Apple periodically publishes new versions of a PDF called the iOS Security Guide. For years the document contained language indicating that iCloud services were relying on remote data storage systems from Amazon Web Services, as well as Microsoft’s Azure.

But in the latest version, the Microsoft Azure reference is gone, and in its place is Google Cloud Platform. Before the January update, Apple most recently updated the iOS Security Guide in March.

When news of this deal first broke nearly two years ago, I was surprised that Apple was still so dependent on third parties for iCloud storage. I understand that these things take time, but iCloud is seven years old this year, and Apple has been providing various internet services for decades.

Apple maintains that they control the encryption keys and that Google cannot possibly intercept iCloud users’ data, which is true — with the possible exception of email, since it is stored unencrypted — but I don’t think that iCloud users expect their data to be stored in ways not entirely controlled by Apple, especially given the company’s emphasis on privacy.

For Chinese Users, Apple Moves to Store iCloud Keys in China

Stephen Nellis and Cate Cadell, Reuters:

When Apple Inc begins hosting Chinese users’ iCloud accounts in a new Chinese data center at the end of this month to comply with new laws there, Chinese authorities will have far easier access to text messages, email and other data stored in the cloud.

That’s because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system.

Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.

Nothing about this is good news, but it’s very hard to see what alternatives there are in this case. They could threaten to pull out of the Chinese market unless the law is changed, but that would do more damage to Apple than it would the Chinese government, with likely little effect. Also, it’s likely that iCloud not being offered in China would motivate people there to switch to a less secure alternative.

It’s difficult to reconcile this forced hand with Apple’s overall commitment to user privacy:

In a statement, Apple said it had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China. It said that while the company’s values don’t change in different parts of the world, it is subject to each country’s laws.

I’ve written several times previously about my discomfort with a handful of predominantly Californian companies controlling the flow and storage of much of the world’s data. For Chinese citizens, though, it was potentially beneficial to have the American legal system as a barrier for information requests.

See Also: Apple’s iCloud security overview, which appears to be the same in China, but also hasn’t been updated in about six months.

On the ‘Marketplace of Ideas’

Paris Martineau, the Outline:

Years of outbursts from hate group after hate group have forced these companies to realize that the laissez-faire attitude they’ve leaned on for so long doesn’t actually work, but rather, makes the entire thing rot from the inside. But the fact that platforms won’t fully commit to managing the content that people spew on these platforms leaves a vacuum of confusion and hypotheticals, which generally (like all things nowadays) lead to conspiracies and misinformation.

In all this time, no company has actually tried totally depriving bad ideas of oxygen. Trust me, this is a sentence I never thought I’d say, but in times like these, Twitter (and the tech world as a whole, really) could learn a thing or two from Medium.

Part of the reason that the marketplace of ideas often fails to return more intelligent and ethically cognizant discussions is because it is subsidizing sensationalism.

I also think one aspect of Twitter’s hesitance to ban nazis and other contemptible parties that is often ignored is that this is, in part, a side effect of the company being based in the United States, and run by ambassadors for that country’s extraordinarily permissive free speech laws. I recognize that I’m treading between broken glass here with some of my American readers, in particular, but it’s worth recognizing that unrestricted speech in all its forms is a uniquely American concept. Other developed nations also have a marketplace of ideas, but with restrictions — as in the marketplace of goods and services.

Something that is perhaps most notable about social platforms like Twitter is how they have packaged and exported the First Amendment. But the weird thing is that they don’t have to do that: they’re a private company, and they can make their own rules as they see fit. Martineau’s piece is a wise argument in favour of this.

The cynical part of me thinks that Twitter’s staunch adherence to and promotion of extremely permissive free speech is not a conscious philosophy, but simply a convenient way to avoid having to invest in moderating it.

Happy ‘International Blog Remembrance Day’, a New, Made-Up Holiday

Jason Koebler, Vice:

The general decline of the blog—not the news blog, but the BLOG BLOG—is a bummer. No offense to the many cool and worthwhile bloggers still posting to WordPress, Tumblr, XANGA(?), and good ol’-fashioned websites, but for the most part, the best blogs of our generation are being wasted in tweetstorms, Facebook rants, and reddit comments. I am not just making this up: There are entire conferences dedicated to preserving Web 1.0, back before our computers had become Facebook and Twitter machines.

On a related note, Laura Hazard Owen interviewed Jason Kottke for Nieman Lab:

[…] The way I’ve been thinking about it lately is that I am like a vaudevillian. I’m the last guy dancing on the stage, by myself, and everyone else has moved on to movies and television. The Awl and The Hairpin have folded. Gawker’s gone, though it would probably still be around if it hadn’t gotten sued out of existence.

On the other hand, blogging is kind of everywhere. Everyone who’s updating their Facebook pages and tweeting and posting on Instagram and Pinterest is performing a bloggish act.

Unlike a blog, though, the format of these posts often cannot be controlled by the author, and the author often doesn’t actually own what they’ve just published. The loss of the importance of actual blogs is a real sucker punch for the web.

The FCC’s Order Gutting Net Neutrality Is Now Official

Devin Coldewey, TechCrunch:

The FCC’s “Restoring Internet Freedom” order, which vastly curtails the agency’s 2015 net neutrality rules, has officially taken effect by being entered the Federal Register.

The order, published Thursday morning, may sound like the end of the line, but in fact this is the green light for everyone in the country, from citizens to attorney generals to governors and senators, to begin the official battle against the FCC’s ill-advised, technically backwards, and deeply unpopular rule.

Today also marks the first day that ISPs can legally discriminate against or promote any data they transmit as they wish. The day after the FCC voted to dismantle net neutrality legislation, Ajit Pai made an appearance on Fox & Friends to defend the decision he led:

John Bowden, the Hill:

Federal Communications Commission (FCC) Chairman Ajit Pai said Friday that supporters of net neutrality provisions that were repealed Thursday have been proven wrong, as internet users wake up still able to send emails and use Twitter after the regulations were struck down.

Of course, Pai isn’t stupid, and he knows that this is a completely disingenuous defence. For one thing, it will take sixty days after the repeal is published in the Federal Registry for it to take effect.

I should have written “for it to take permanent effect”.

So, now that Pai and the other Republicans on the FCC have killed net neutrality in the United States, what are companies doing on what is supposedly the first day they can invest more in their infrastructure and give consumers a better deal, as Pai repeatedly claimed?

Jacob Kastrenakes, the Verge:

AT&T has expanded its “sponsored data” program to cover customers on its prepaid wireless plans, offering them the ability to stream content from select partners without counting toward their data cap. The program was previously available to postpaid customers, but it now seems to apply to most AT&T wireless users.


Not coincidentally, the only three services I could find that support AT&T’s sponsored data are owned by AT&T: DirecTV, U-verse, and Fullscreen, all video services. If you’re an AT&T wireless customer deciding between DirecTV Now and a competitor, like Hulu or Sling TV, this program gives the AT&T-owned service a huge advantage.

What a surprise.

‘Trending’ on Social Media Is Worthless

Brian Feldman, New York magazine:

This is the other problem of “trending,” conceptually: It’s eminently gameable, but the platforms that use the term never make the rules clear. “Trending” is given the imprimatur of authority — videos or topics handed down from on high, scientifically determined to have trended — when really it’s a cobbled-together list of content being obsessively shared or tweeted about by people who love Justin Bieber. Or Logan Paul. Or who believe in crisis actors.

I increasingly believe that the code that drives social networks is built largely on an assumption of good user intentions. Yes, there are rudimentary tools to block users or report an offending post, but a lot of what makes these services so popular is that they assume that whatever you’re doing is probably okay. And there is nothing wrong with that, provided these services also aren’t: a) massively influential, and b) capable of having this philosophy exploited by bad-faith trolls, bots, and other bad actors. I don’t necessarily think that this is a naïve way to build a platform; I really do think that people are generally good, but it’s asking a lot for the handful of people who run these platforms to solve for integrity. Difficult as it may be, it’s necessary.

Bloomberg: Apple Is Negotiating the Purchase of Cobalt Directly From Miners

Jack Farchy and Mark Gurman, Bloomberg:

Apple Inc. is in talks to buy long-term supplies of cobalt directly from miners for the first time, according to people familiar with the matter, seeking to ensure it will have enough of the key battery ingredient amid industry fears of a shortage driven by the electric vehicle boom. 

The iPhone maker is one of the world’s largest end users of cobalt for the batteries in its gadgets, but until now it has left the business of buying the metal to the companies that make its batteries.

Normally, this is the kind of supply chain rumour that would put me to sleep halfway through reading the headline, but there’s a good reason why I’m sharing this.

You may remember a report from a couple of years ago about persistent child and illegal labour in the cobalt mining industry. After the Washington Post ran that story, Apple began treating cobalt similarly to the way they treat conflict minerals like tin and gold. By buying directly from the miners, Apple now has the opportunity to transparently verify the source of the cobalt they use.

Your ‘Lite’ App Should Be Your Only App

K.Q. Dreger, on the recent wave of so-called “lite” variants of increasingly-bloated apps:

What part of being fast, data conscious, and reliable is exclusive to old devices or those on poor networks? Why does Twitter Lite feel more like Twitter than anything the company’s done with their main website or app over the past few years? Are Facebook, Twitter, and Google truly so married to ads, analytics, and A/B testing frameworks that their only shot at making a reasonably sized, fast app is to start fresh? Will these lite variants actually stay that way, or will the bloat slowly creep back in?

I get the allure of building apps and operating systems that take advantage of the latest and greatest hardware, or to try to build up the app’s experience with more stuff. But maybe — just maybe — if a company feels like they need to release a “lite” version of their app to tidily deliver what they consider its core experience, maybe that app has become way too bloated.

‘Loading Accessories and Scenes’

From an Apple support document about troubleshooting HomePod setup problems:

Open the Home app on your iOS device and check that you see your accessories and scenes. If you see a message that says loading accessories and scenes, wait for the Home app to finish loading. If the Home app stays in a loading state for 30 minutes or longer, you should see an option to erase and reset the Home app.

First of all, I think the timeout for triggering this debugging mode for HomeKit accessories should be much shorter than thirty minutes.

But, as someone impacted by this problem since the developer betas of iOS 10, I kept my iPhone awake and running the Home app for half an hour. Twice. Both times, I did not see any option appear that would allow me to reset the Home app, its settings, or anything in iCloud. I also cannot find any additional options in Settings to reset any data.

Trusting Third Party Code

Felix Krause:

Third-party SDKs can often easily be modified while you download them! Using a simple person-in-the-middle attack, anyone in the same network can insert malicious code into the library, and with that into your application, as a result running in your user’s pockets.

31% of the most popular closed-source iOS SDKs are vulnerable to this attack, as well as a total of 623 libraries on CocoaPods. As part of this research I notified the affected parties, and submitted patches to CocoaPods to warn developers and SDK providers.

Last week, news broke that a third-party screen reading script often used by government and public websites was surreptitiously mining a cryptocurrency. A couple of years ago, a programmer pulled several of his scripts from a JavaScript registry; several applications that were dependent on one of these packages, in particular, subsequently failed to compile.

Even this very website has been susceptible to failures in third-party code, albeit on a minor scale: most ads are loaded from Carbon’s CDN; but, occasionally, they have served ad images from those advertisers’ servers. You may have seen the result of this when the ad image is blank, owing to the content security policy I’ve implemented here.

In response to the cryptocurrency mining screen reading script revealed last week, I wrote that we ought to treat third-party code as though it will, at some point, be carrying malware. I feel like that might be too generous. It is not realistic to tell developers to stop using third-party code, but they should not trust it.

Ad Filtering in Google Chrome

Dare Obasanjo (via Michael Tsai):

Chrome starts blocking ads unless they meet its rules. This is driving publishers to switch to “compliant” ad networks.

Would love to see stats on how many such publishers move to Google’s ad network. The strong arming so blatant.

Google’s ad network is the most popular in the world; Chrome is the most widely-used web browser.

Every so often, I get emails from readers implying that I’m treating Google’s attempts at creating silos or lock-in differently from Apple’s. I am, and there’s a very good reason for that: Google is using the web, an open platform, to strong-arm competitors and entangle users in their products. They are treating the web as though it were their private domain. We ought to reject these attempts.

AMP for Email Is a Terrible Idea

Devin Coldewey, TechCrunch:

The excuse that the mobile web isn’t fast enough is threadbare, and the solution of a special Google-designed sub-web transparently self-serving. It’s like someone who sells bottled water telling you your tap runs too slow.

AMP for email is just an extension of that principle. People leave Gmail all the time to go to airline webpages, online shops, social media, and other places. Places that have created their own user environments, with their own analytics, their own processes that may or may not be beneficial or even visible to Google. Can’t have that!

But if these everyday tasks take place inside Gmail, Google exerts control over the intimate details, defining what other companies can and can’t do inside the email system — rather than using the natural limitations of email, which I hasten to reiterate are a feature, not a bug.

If AMP is, indeed, a new thing for the open web — as Google has framed it — then it should be entirely separated from Google’s control and submitted to standards bodies for a more democratic development process. I have zero expectations of them doing so.

Chartbeat: Google AMP Traffic Has Doubled Since January 2017

Sara Fischer, Axios:

According to new data from Chartbeat, the vast majority of traffic growth publishers are seeing from platforms is now coming from Google AMP (Accelerated Mobile Pages) — or fast-loading mobile article pages on Google Search and Google News.


According to the data, mobile is driving almost all traffic growth for publishers from platforms, and has been since at least early 2017. And traffic to publishers using AMP specifically is up 100% since 2017.

Traffic to publishers from non-AMP Google referrals is nearly 65% less than traffic from AMP Google referrals. Google is digging even deeper into this proprietary format. That’s not good for the future of the web, nor is it good for the future of publishing. We’ve seen how news organizations too dependent on Facebook can see their traffic tank after an adjustment to the way News Feed works. Publishers should not tie their success to that of AMP, nor Google’s bias towards it.

Good vs. Better at Bad

Joe Cieplinski:

I say this with no small amount of respect for how hard this technology is and how far it has come recently. I’m as excited as the next geek when it comes to the future of AI and voice recognition. I think it’s all super cool.

But it’s not good. Not for most people. It’s barely past the point of being a parlor trick, if we’re being honest. Answering trivia questions? Turning on the lights? There’s a reason even early adopters generally resort to using these devices for a small set of simple tasks. That’s about all they can do reliably.

This is a fair point in the battle between virtual assistant technologies. We’re a long way from being able to treat them as actual assistants, rather than voice-based ways to add items to a list of reminders.

But I maintain that, even if Amazon and Google aren’t that much closer to a fully assistive software or hardware product, the ways in which Siri frequently fails are unacceptable. It does not maintain context; it is often disobedient, inexplicable, and incompetent. This stuff is hard, absolutely, but it also fails far too often — and inconsistently — at things that ought to be entirely trivial.

Uber Lost $4.5 Billion in 2017

Eric Newcomer, Bloomberg:

Adjusted net revenue last quarter increased 61 percent to $2.22 billion from the same period in 2016. Meanwhile, the total value of fares grew to $11 billion that quarter. It was the first full quarter under Dara Khosrowshahi, who took over the troubled business in September.

Despite a turbulent year for the ride-hailing company, sales were $7.5 billion. But the company also posted a substantial loss of $4.5 billion. There are few historical precedents for the scale of its loss.

In 2016, Pixel Envy earned $3 billion more than Uber, and I’m thrilled to report that the delta between me and Uber for 2017 was 50% greater.

A reminder that no taxi company could survive losses like those Uber has been posting; also, that the reason a fare with an Uber driver is cheaper is because it’s subsidized at below-market rates by venture capital firms; and that, despite some benefits for gig economy workers in the new tax code, Uber is among many gig-type companies that does not provide health coverage for their American drivers.

Under the Guise of Security, Facebook is Promoting Their VPN in Their iOS App

Sarah Perez, TechCrunch:

Marketing Onavo within Facebook itself could lead to a boost in users for the VPN app, which promises to warn users of malicious websites and keep information secure – like bank account and credit card numbers – as you browse. But Facebook didn’t buy Onavo for its security protections.

Instead, Onavo’s VPN allow Facebook to monitor user activity across apps, giving Facebook a big advantage in terms of spotting new trends across the larger mobile ecosystem. For example, Facebook gets an early heads up about apps that are becoming breakout hits; it can tell which are seeing slowing user growth; it sees which apps’ new features appear to be resonating with their users, and much more.

This data has already helped Facebook in a number of ways, most notably in its battle with Snapchat. At The WSJ reported last August, Facebook could tell that Instagram’s launch of Stories – a Snapchat-like feature – was working to slow Snapchat’s user growth, before the company itself even publicly disclosed this fact.

Think about that: Facebook has one of the largest platforms in the world, and is using that influence to promote a service that they control to spot and preemptively eliminate potential competitors. The reason they’re able to do all of these things is because of their size and dominance.

I understand the reluctance by many regulators and industry observers to say that Facebook ought to be broken up into smaller, unaffiliated companies, but I’m struggling to see many other ways to keep the company’s influence in check. Largely ignoring it, as has been done so far, is bad for competition. Even if you ignore potential anticompetitive issues, there’s still a question of whether users of Facebook’s VPN are adequately aware of how the company accessed and uses their data.

Google Announces AMP For Email Spec

Gmail engineer Raymond Wainman:

You may have heard of the open-source framework, Accelerated Mobile Pages (AMP). It’s a framework for developers to create faster-loading mobile content on the web. Beyond simply loading pages faster, AMP now supports building a wide range of rich pages for the web. Today, we’re announcing AMP for Email so that emails can be formatted and sent as AMP documents. As a part of this, we’re also kicking off the Gmail Developer Preview of AMP for Email — so once you’ve built your emails, you’ll be able to test them in Gmail.

Not content with bifurcating the web with the introduction of a proprietary HTML-like webpage format, Google is now trying to split email clients into Gmail and everybody else. Gmail is already an email-like product and has some of the worst CSS support of mainstream email clients.

Of course, there’s a good chance the advanced capabilities of this format won’t catch on because email clients are already pretty fragmented as things stand today. It’s an area of the web where the lowest common denominators — HTML tables and old-school tags like <font> — are used with disturbing regularity, simply because it’s the only markup that works well in all clients. It’s frustrating enough to build emails as things are; I imagine many developers will reject this because it adds yet another layer of complexity to their workflow that may not be used by a large number of recipients.

Developers shouldn’t reject this on those grounds alone, however. Google’s increasing demands to bend open formats with proprietary variations is a fantastic reason to avoid AMP in email messages.

Apple Reportedly Focusing Less on Monolithic Annual iOS Updates

Mark Gurman, Bloomberg:

Apple’s annual software upgrade this fall will offer users plenty of new features: enabling a single set of apps to work across iPhones, iPads and Macs, a Digital Health tool to show parents how much time their children have been staring at their screen and improvements to Animojis, those cartoon characters controlled by the iPhone X’s facial recognition sensor.

But just as important this year will be what Apple doesn’t introduce: redesigned home screens for the iPhone, iPad and CarPlay, and a revamped Photos app that can suggest which images to view.

These features were delayed after Apple Inc. concluded it needed its own major upgrade in the way the company develops and introduces new products. Instead of keeping engineers on a relentless annual schedule and cramming features into a single update, Apple will start focusing on the next two years of updates for its iPhone and iPad operating system, according to people familiar with the change. The company will continue to update its software annually, but internally engineers will have more discretion to push back features that aren’t as polished to the following year. 

The biggest news here is that Apple is reportedly adjusting their internal processes to try to reduce the demands of an annual update. But I’m not sure how much will change externally because this sounds a lot like the way they presently release iOS updates: still a focus on new features in the autumn, with some features debuting later in that major version’s release cycle. Apple Pay Cash, for instance, was announced at WWDC in June with the implication that it would be release with iOS 11.0, but it wasn’t launched until November with iOS 11.2.

If the changes are as modest as this report makes them out to be, how much of an improvement can we realistically expect in software quality?

Autocorrect Based on Contacts and Apps

Wil Shipley:

Imagine being in charge of an algorithm that hundreds of millions of users depend on every day and saying, “Hey, let’s take any word that’s capitalized in your contacts and just always capitalize it in text messages!”

It’s not just contact names that inform the autocorrect dictionary: any capitalized word in a contact record will be fed into the dictionary, as will installed apps. So, if you know someone who works at, say, Apple, or you have the Transit app installed, you will find yourself regularly undoing the automatic capitalization of those words when talking about fruit or the very concept of public transit. Sometimes, autocorrect will fix its aggressive capitalization after it is given more context by typing several more words; but, frequently, it does not.

A Third-Party Script Used by Government Websites Was Compromised to Mine Cryptocurrency

Scott Helme:

I had a friend of mine get in touch about his AV program throwing a warning when visiting the ICO website. The ICO bill themselves as:

The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

They’re the people we complain to when companies do bad things with our data. It was pretty alarming to realise that they were running a crypto miner on their site, their whole site, every single page.

At first the obvious thought is that the ICO were compromised so I immediately started digging into this after firing off a few emails to contact people who may be able to help me with disclosure. I quickly realised though that this script, whilst present on the ICO website, was not being hosted by the ICO, it was included by a 3rd party library they loaded.

Scary as it is, this is arguably relatively minor incident; imagine if it were a more malicious script — something like a keylogger. It would be wise for web developers reliant upon third-party scripts to treat them as though they will, at some point, carry malware.

Equifax Continues to Be Useless and Terrible at Absolutely Everything

Zack Whittaker, ZDNet:

Hackers stole more data from Equifax in a breach last year than initially thought.


A letter published Friday by committee member Sen. Elizabeth Warren (D-MA) to acting Equifax chief executive Paulino do Rego Barros summarized the senator’s five-month investigation into the Equifax breach, which said tax identification numbers (TINs), email addresses, and additional license information — such as issue dates and by which state — were not originally disclosed.

A reminder that Reuters reported earlier this month that the CFPB investigation into the Equifax breach is “on ice”.

An Apple Intern Reportedly Stole iOS Source Code and Leaked It to His Friends

Lorenzo Franceschi-Bicchierai, Vice:

According to these sources, the person who stole the code didn’t have an axe to grind with Apple. Instead, while working at Apple, friends of the employee encouraged the worker to leak internal Apple code. Those friends were in the jailbreaking community and wanted the source code for their security research.

The person took the iBoot source code—and additional code that has yet to be widely leaked—and shared it with a small group of five people.

“He pulled everything, all sorts of Apple internal tools and whatnot,” a friend of the intern told me. Motherboard saw screenshots of additional source code and file names that were not included in the GitHub leak and were dated from around the time of this first leak.

Baseband code from the same time period has also been leaked publicly.

Everything Easy is Hard Again

Frank Chimero:

If you go talk to a senior software developer, you’ll probably hear them complain about spaghetti code. This is when code is overwrought, unorganized, opaque, and snarled with dependencies. I perked up when I heard the term used for the first time, because, while I can’t identify spaghetti code as a designer, I sure as hell know about spaghetti workflows and spaghetti toolchains. It feels like we’re there now on the web.


I wonder what young designers think of this situation and how they are educating themselves in a complicated field. How do they learn if the code is illegible? Does it seem like more experienced people are pulling up the ladder of opportunity by doing this? Twenty years ago, I decided to make my own website, because I saw an example of HTML and I could read it. Many of my design peers are the same. We possess skills to make websites, but we stopped there. We stuck with markup and never progressed into full-on programming, because we were only willing to go as far as things were legible.

This essay resonated deeply with me. I wrote my first line of HTML about twenty years ago. I remember editing the Yahoo homepage in Netscape Composer around that time, and building a Geocities website not that long after. It felt easy and approachable, even if <table> syntax was often inscrutable and unpredictable. A few years later, the CSS wave hit the web and I learned about why it was appropriate to separate presentational code from the page’s markup.1 CSS has become more complicated since then, but it continues to make sense to me, even though I need to look up the flexbox syntax every time I use it.

Over the last five years or so, even the most basic website stopped being treated as a collection of documents and started being thought of as software. Over the same period of time, I have gone from thinking that I know how to build a website quickly and efficiently to having absolutely no clue where to start learning about any of this stuff. I can’t imagine being eight years old again and being interested in the web as something anyone can contribute to.

See Also: Chimero’s spoken, longer-form version of this essay, given as a talk at Mirror Conf.

  1. And, yet, the easiest way to make a few boxes side-by-side that have the same resulting height despite allowing a flexible amount of text in each remains display: table-cell. The same technique allows perhaps the easiest way to vertically centre an unpredictable amount of text. Like tables for layout purposes, it still isn’t semantically correct, but we use it anyway. ↩︎

Reports of Google’s Newfound Design Prowess Have Been Greatly Exaggerated

There is something unique about deliberately contrarian-for-the-sake-of-being-contrarian positions that irks me so much, and I’m not sure what it is. I don’t know that it’s because these arguments are poor so much as it is that they’re easily shown to be poor. Maybe it’s the author’s optimism that convinces them that their piece is worth publishing, or maybe it’s just provocative for its own sake — the latter of which is even more irritating for me because I know that my frustration with the argument is entirely the author’s intention, and I’d rather not play into that. Whatever the case, it’s the sort of thing that rattles around inside my head.

Which brings me to two pieces written by Joshua Topolsky last autumn. The first, “Apple is Really Bad at Design”, posits that Apple’s recent products no longer represent the pinnacle of design in the industry. To be fair to Topolsky, he may sincerely believe that there’s value in challenging the assumption that these products are well-designed, and I think that’s completely reasonable. It’s that article’s companion piece, “Google is Really Good at Design”, that occasionally creeps up in my mind.


The concepts inherent in Material Design — a system of literal layers that evoke the tactility of a stack of paper, but offers the flexibility of digital spaces; a responsive layout concept that assumes no two devices may be exactly the same size or shape; a bold use of typography, motion, and color — showcase a decidedly different approach than Apple has taken. Where Jony Ive and company have produced a scattered, visually unmoored solution that seems to be solving small problems bite-by-bite, Google essentially blew up what had come before and reset. This radical rethink has spread into Google’s deep web pockets, meaning that a logical system of navigation and connectivity not only informs what you see on your phone when you interact with apps and services, but what you get on the web, on a laptop, or on a TV. Gmail is Gmail is Gmail, responding to whatever screen it’s on. And sometimes, thanks to Google’s deep machine learning and natural language chops, Gmail is also the disembodied voice you talk to while you’re driving. In Google’s universe, its voice-activated Assistant isn’t middleware — it’s everyware, tapping deeply and natively into all of the company’s nodes.

Topolsky is generally right in saying that Google’s approach to user interfaces is remarkably consistent across everything, but I would argue that it represents why their products are often so frustrating and cumbersome to use.

Case in point: their new YouTube app for tvOS. The last version didn’t represent a dramatic design statement or look particularly special — it was pretty much the same as any of the default tvOS apps — but it worked, for the most part. It was the only app I’ve used on my Apple TV that would regularly kick me back to the tvOS home screen instead of the last screen in the app when I pressed the remote’s menu button while watching a video, and it had stability problems when searching, but it wasn’t terrible.

The new app, though, represents everything wrong with Google’s present UI design philosophy. It follows virtually none of the Apple TV platform conventions:

  • There’s a sidebar on the left that looks like an Android action bar.

  • Swiping to the left on the touch pad from any of the app’s menu screens will open a main menu panel, with navigation options for your subscriptions, video history, and own video library.

  • There’s also a horizontal navigation element, similar to the type that you would find in a default tvOS app.

  • None of these elements behaves as you might expect, primarily because the YouTube app doesn’t interpret swipes and scrolls like any other app. There’s no audible blip whenever you select something, and swiping around manages to be both sluggish and jerky.

    The frustratingly slow scrolling is especially pronounced on the aforementioned horizontal navigation element because swiping just a little too far to the left will open the modal main menu panel that covers a third of the screen.

    The slow scrolling is also apparent in the main menu panel. The scrolling “friction”, for lack of a better term, is such that swiping down just a little is unlikely to have any effect, and swiping down just a little bit more will move the selector down two menu items. It can be very difficult to get it to move one menu item at a time.

  • There’s no sense of transition between screens or states. Instead of fading, screens simply change; instead of smoothly sliding left or right when scrolling across thumbnails, there will often be a sudden jump to load the new set of thumbnails.

  • Swiping horizontally across the remote while a video is playing will scrub the video. This is something Apple quickly changed after the fourth-generation Apple TV debuted because of how easy it was to accidentally invoke it.

  • Tapping on the remote’s touch pad to display onscreen controls automatically selects the play/pause button instead of the scrubber, as in other tvOS apps, and there are two levels of controls in the custom player.

  • The app is also an ugly sea of mid-tone greys.

It isn’t unheard-of for an Apple TV app from a major third party to fail to adhere to platform conventions. The Amazon Prime app doesn’t look or behave anything like a native app because it’s basically a web app. Hulu and Netflix also have some pretty crappy apps that don’t really function like a tvOS app ought to.

But this also isn’t unlike Google, which has completely disregarded platform standards with their major iOS apps for years. There’s nothing wrong with making apps of a particular style — my favourite developers all have their unique quirks and styles that help identify their apps as theirs — but Google’s apps frequently feel less like they’re trying to create branded iOS apps and more like they want their Android apps to run on iOS.

This isn’t a new argument, and Google has become a moderately better citizen on iOS over the past couple of years: their sharing glyph now looks like the system standard one instead of lazily copying the shape they use on Android, for example. This new YouTube app for tvOS is a step back, however. It feels like a half-assed port. When there’s no clear effort by a huge company like Google to even try to make their products fit a different platform, it indicates a lack of care and attention to detail. It also demonstrates that users’ expectations and learned behaviours are less important than self-promotion and branding.

What it shows, ultimately, is a lack of consideration for design.

The Facebook Flattening

Matt Klinman of Funny or Die, in an interview with Sarah Aswell of Splitsider on the effect of Facebook’s algorithmic timeline changes on independent media:

This writer John Herrman writes about this a lot — he used to write for The Awl, rest in peace — he talks about how Facebook flattens everything out and makes it the same. That’s how we have a Russian propaganda problem. An article from something like, I don’t know, Rebel Patriot News written by a Macedonian teen or something looks exactly the same as a New York Times article. It’s the same for comedy websites. There’s a reason that Mad magazine looks different from Vanity Fair. They need to convey a different aesthetic and a different tone for their content to really pop. Facebook is the great de-contextualizer. There’s no more feeling of jumping into a whole new world on the internet anymore — everything looks exactly the same.

The premise of this piece is that “Facebook is killing comedy” — Funny or Die had to lay off a bunch of writers because of reduced traffic from Facebook. I’ve written about that before because, while I think websites like Funny or Die should be less dependent on traffic from any one source, but Facebook is not entirely blameless either.

This pullquote, though, is one of the best encapsulations I’ve seen of the effects of Facebook’s ecosystem, particularly its ability to erase context.

FCC Says Releasing ‘Jokes’ It Wrote About Ajit Pai Colluding With Verizon Would ‘Harm’ Agency

Dell Cameron, Gizmodo:

At its own discretion, the Federal Communications Commission has chosen to block the release of records related to a video produced last year in which FCC Chairman Ajit Pai and a Verizon executive joke about installing a “Verizon puppet” as head of the FCC.

In a letter to Gizmodo last week, the agency said it was withholding the records from the public in order to prevent harm to the agency — an excuse experts say is a flagrant attempt to skirt federal transparency law.

I’m not certain internal records are required to damage the agency’s reputation these days.

The Apple Music Long Game

Kirk McElhearn:

As streaming takes over from buying music, what’s the endgame? If Apple rolls in a major video offering – either as part of the Apple Music service, or as an add-on – then will Spotify be bought out by, say, Netflix? Amazon already has both, and there probably won’t be room for more than two or three players in that market.

Netflix doesn’t offer a free tier. Why would Apple offer one with a subscription to streaming music — and so far, at least — original video programming?

Apple’s Mysterious Search Engine Already Exists

Something fishy is going on in the world of Apple-centric websites. Yesterday, I posted a link to a silly piece arguing that Apple Music needs a free tier. Today, Dennis Sellers of Apple World Today is surprised by the idea that Apple might be working on a search engine:

A couple of years ago, Apple posted a listing to its Jobs at Apple page describing an engineering project manager position for “Apple Search.” Could the company could be working on a full-fledged search engine for use on macOS and iOS platforms?

This already exists. It’s built into Spotlight on MacOS and the iOS search function that used to be called Spotlight. It’s also baked into Safari and Siri, the latter of which Sellers notes in his article.

It’s almost like both of these pieces were written by people completely unfamiliar with Apple’s ecosystem. Maybe I’m wrong — maybe I’m just being cocky, and Apple is working on a rival to Google.com. Maybe I’m completely misguided here. But I don’t think so; both of these articles seem pretty boneheaded.

HomePod Review Roundup

Reviews of the HomePod are going live across the web this morning ahead of its release this Friday, and it seems like it’s living up to what was promised: a very good speaker with extraordinary audio engineering and limited Siri capabilities.

Nicole Nguyen, Buzzfeed:

[Kate Bergeron, vice president of hardware engineering,] was speaking to a small group of tech bloggers, including myself, last Monday in Apple’s Cupertino, CA-based audio lab, just minutes from the new Apple Park spaceship campus. About six years ago, according to Bergeron, the company began working on HomePod by attempting to answer this question: “What if we decided to design a loudspeaker that we could put in any room, and it wouldn’t affect the sound?”

This question is very different from the question the Amazon Echo and Google Home are trying to address. Those speakers’ primary aim is to offer hands-free help, by way of turning on the lights in the living room, telling you what traffic to work is like, setting timers, and playing podcasts while you’re busy cooking breakfast.

Matthew Panzarino, TechCrunch:

The sound that comes from the HomePod can best be described as precise. It’s not as loud as some others like Google Home Max or as bright (and versatile) as the Sonos Play 1, but it destroys the muddy sound of less sophisticated options like the Amazon Echo. To genuinely fill a large room you need two but anyone in a small house or apartment will get great sound from one.


While you can send texts and take notes and set reminders and handle phone calls begun on your iPhone, that’s about all of the extracurriculars and they’re all focused on single-user experiences. If you’re logged in to your iCloud account, all of the messages and calls are yours and come from you. That’s great if you’re a single dude living alone, but it completely falls apart in a family environment. Apple allows you to toggle these options off as the iCloud account owner and I recommend you do before it all ends in tears. Unless you live alone in which case Mazel, it sounds peaceful.

Joanna Stern, Wall Street Journal:

There are other problems I won’t shut up about: Many people will put a HomePod in the kitchen, yet it can’t set two simultaneous cooking timers. It can’t wake me up to “Wake Me Up Before You Go-Go,” either. Echo and Google Home can do both. Apple says it is improving Siri all the time.


Siri turns out to be quite a good butler. Through the Home app, you can set up various HomeKit-compatible smart-home devices, and the voice prompts to control them. With Philips Hue lightbulbs and three iHome smart plugs, I was quickly commanding Siri to change my nightlight to a fuchsia hue, make tea via my electric kettle and turn on the humidifier.

Brian X. Chen:

Most bizarre thing about HomePod: It didn’t play music relevant to my listening history or prefs when asked “Hey Siri, Play some music.”

Siri should be better on HomePod because it’s the primary way to control it. But yeah, it’s worse.

I don’t think it’s a mistake to question whether Siri’s lacklustre abilities will be a hindrance to the success of the HomePod. Apple may be positioning it as a great speaker first and a smart speaker second, and the market will get to tell them whether that’s a reasonable way to judge the product. And, perhaps, people will love it for a speaker alone — it’s clearly a very good one. The more damning thing to consider about Siri is not that it is poor on the HomePod, but that it is poor everywhere. Fortunately, software can be updated, so that just means that we need to see some commitment from Apple that Siri is a high priority.

Ajit Pai’s FCC Cites Obama-Era Broadband Investments

Stop me if you’ve heard this one before, but an assessment made based on the actions of the current American administration has been undermined by their complete lack of scruples.

Crazy, I know.

Earlier this year, the FCC voted to retain a faster definition of broadband established by the previous administration. As far as I could tell, the defeated proposal was simply a way to broaden the definition of broadband and give the impression in reports that access to broadband had improved for Americans without doing the work of actually, you know, investing in better networks. After it was voted down, I figured that this FCC administration would, at least, avoid resorting to ridiculous tactics to gain the impression of a policy win without any actually good policy. But I should have known better.

Jon Brodkin, Ars Technica:

Anyone who is familiar with the FCC chairman’s rhetoric over the past few years could make two safe predictions about this report. The report would conclude that broadband deployment in the US is going just fine and that the repeal of net neutrality rules is largely responsible for any new broadband deployment.

But the FCC’s actual data—based on the extensive Form 477 data submissions Internet service providers must make on a regular basis—only covers broadband deployments through December 2016. Pai wasn’t elevated from commissioner to chairman until January 2017, and he didn’t lead the vote to repeal the net neutrality rules until December 2017. And, technically, those rules are still on the books because the repeal won’t take effect for at least another two months.

The timing means that it would be impossible for Pai to present evidence today that broadband deployment is increasing as a result of the net neutrality repeal. But the report claims that’s exactly what happened anyway and says that future data will bear that out. To support its argument, the report claims that broadband deployment projects that were started during the Obama administration were somehow caused by Pai’s deregulatory policies.

Not only are they counting Obama-era — and net neutrality-era — investment plans as evidence of improved broadband deployment thanks to rules friendly to giant ISPs, they’re also citing past investments that have since been curtailed due to policies implemented by this FCC administration. That’s some bullshit anti-consumer behaviour.

In the U.S., Apple Music is Growing Faster Than Spotify in Paid Users

Michael Simon, Macworld:

According to The Wall Street Journal, Apple is on track to overtake Spotify in U.S. paid subscribers, a sign that the three-year-old music service is making serious inroads in a highly competitive landscape. The report states that Apple Music has been gaining U.S. subscribers at a 3 percent higher clip than Spotify, a trend that would give Apple’s music service a higher subscriber rate by the summer, assuming it continues.

That’s terrific news for Apple Music, especially considering that it is only available as a paid service. I wouldn’t be surprised if many users are paying more for music now than they have for a long time. You might think — quite reasonably, I believe — that this indicates that Apple’s strategy is working well.

But not Simon:

With a free Apple Music tier, Apple would not only get music fans to flock to its service in droves, it could also use it as a way to advertise HomePod as the best way to listen to Apple Music at home and AirPods as the ultimate on-the-go solution. With quick ads between songs, it would be speaking directly to a captive audience who shares a love for music. Simply put, there’s no better way to advertise.

Without trying to predict the future, I don’t think this fits the existing Apple Music strategy. The HomePod’s integration is clearly best with Apple Music, but I’m not sure that’s a reason to provide a free tier; the free trial more aptly demonstrates the advantages of subscribing to Apple Music.

More than anything, I think Simon falls into the same trap many others do: Apple isn’t setting out to build the biggest user base, but a large paying user base. A free trial accomplishes that goal; a free tier does not.

Reuters: CFPB Investigation Into Equifax ‘Put on Ice’

Patrick Rucker, Reuters:

The CFPB has the tools to examine a data breach like Equifax, said John Czwartacki, a spokesman, but the agency is not permitted to acknowledge an open investigation. “The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these,” he said.

Three sources say, though, Mulvaney, the new CFPB chief, has not ordered subpoenas against Equifax or sought sworn testimony from executives, routine steps when launching a full-scale probe. Meanwhile the CFPB has shelved plans for on-the-ground tests of how Equifax protects data, an idea backed by Cordray.

The CFPB also recently rebuffed bank regulators at the Federal Reserve, Federal Deposit Insurance Corp and Office of the Comptroller of the Currency when they offered to help with on-site exams of credit bureaus, said two sources familiar with the matter.

An investigation of this size and scope will, of course, take lots of time and may not always take a linear direction, but there should never be a question about whether it is proceeding at all. Consumers should never have to wonder whether the Bureau is operating in their best interests, especially given the impact of the Equifax breach on virtually every American adult with a credit card, mortgage, or car.

Major Publishers Are Turning Away From Facebook Instant Articles

Pete Brown, Columbia Journalism Review:

Of 72 publishers that Facebook identified as original partners in May and October 2015, our analysis of 2,308 links posted to their Facebook pages on January 17, 2018, finds that 38 publications did not post a single Instant Article — the platform’s fast-loading, native format. In the meantime, Facebook has continued to tout Instant Articles as a success among its journalism efforts. Instant Articles enjoyed rapid expansion in 2017, it says. But if many of the largest reputable outlets are falling out, which publications are driving that growth?

Do we think Facebook admits that Google AMP is winning the incredibly dumb race for proprietary news article format, that they keep trying to make Instant Articles work, or that they just give up on news altogether?