Pixel Envy

Written by Nick Heer.

AT&T CEO Randall Stephenson Complains About Net Neutrality Laws Passed By States

Jon Brodkin, Ars Technica:

AT&T CEO Randall Stephenson yesterday urged Congress to pass net neutrality and consumer data privacy laws that would prevent states from issuing their own stricter laws.

“There are a number of states that are now passing their own legislation around privacy and, by the way, net neutrality,” Stephenson said in an interview at a Wall Street Journal tech conference (see video). “What would be a total disaster for the technology and innovation you see happening in Silicon Valley and elsewhere is to pick our head up and have 50 different sets of rules for companies trying to operate in the United States.”

Stephenson is right: net neutrality regulations would be simpler to comply with if they were implemented nationwide instead of on a per-state basis.

Amazon Selects Locations for Three New Offices

Amazon PR:

Amazon today announced that we have selected New York City and Arlington, Virginia, as the locations for our new headquarters. Amazon will invest $5 billion and create more than 50,000 jobs across the two new headquarters locations, with more than 25,000 employees each in New York City and Arlington. The new locations will join Seattle as the company’s three headquarters in North America. In addition, Amazon announced that it has selected Nashville for a new Center of Excellence for its Operations business, which is responsible for the company’s customer fulfillment, transportation, supply chain, and other similar activities. The Operations Center of Excellence in Nashville will create more than 5,000 jobs.

Scott Galloway:

Amazon’s HQ2 search was not a contest but a con. Amazon will soon have 3 HQs. And guess what? The Bezos family owns homes in all 3 cities. And, you’ll never believe it, the new HQs (if you can call them that) will be within a bike ride, or quick Uber, from Bezos’s homes in DC and NYC. The middle finger on Amazon’s other hand came into full view when they announced they were awarding their HQ to not one, but two cities. So, really, the search, and hyped media topic, should have been called “Two More Offices.” Only that’s not compelling and doesn’t sell. Would that story have become a news obsession for the last 14 months, garnering Amazon hundreds of millions in unearned media?

Both New York and Virginia have agreed to not charge the second highest-valued public company on Earth billions of dollars in taxes and give them ridiculous and unnecessary incentives, despite the already-strained infrastructure in those cities. This, just a year after Wisconsin did the same to attract a Foxconn plant which, ultimately, will fall far short of economic expectations used to justify tax breaks and subsidies there, because of course it will.

See Also: Derek Thompson in an article for the Atlantic arguing for a law prohibiting, as he puts it, “this sort of corporate bribery”.

Update: Benjamin Freed:

Under agreement between Amazon and Virginia, the commonwealth will give the company written notice about any FOIA requests “to allow the Company to seek a protective order or other appropriate remedy”.

Even for the high level of incentives that could be expected for Amazon’s PR stunt, concessions like these are extraordinary and set a highly dangerous precedent.

Apple Confirms That the T2 Chip Can Lock Macs With Invalid Logic Board or Touch ID Repairs

Nick Statt, the Verge:

The T2 is “a guillotine that [Apple is] holding over” product owners, iFixit CEO Kyle Wiens told The Verge over email. That’s because it’s the key to locking down Mac products by only allowing select replacement parts into the machine when they’ve come from an authorized source — a process that the T2 chip now checks for during post-repair reboot. “It’s very possible the goal is to exert more control over who can perform repairs by limiting access to parts,” Wiens said. “This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don’t know.”

It’s unfortunate that those are the only two possibilities in Wiens’ mind: either Apple is being a dictator or an autocrat. “We just don’t know”. Is there any reason that could be less insidious and headline-grabbing, and more justifiable?

Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the new repair requirements for T2-equipped Macs. But Apple could not provide a list of repairs that required this or what devices were affected. It also couldn’t say whether it began this protocol with the iMac Pro’s introduction last year or if it’s a new policy instituted recently.

Apple is requiring that repairs involving security-sensitive components use genuine Apple parts and are verified after completion — I know that’s a somewhat less attention-grabbing story, but it is a more accurate take on what the company is doing here. That’s not to defend this practice, by the way. It’s understandable, given the prevalence of badly-made fake components that could compromise security, but I wish there were alternatives for those who don’t live close to an Apple Store.

Also, for what it’s worth, I think it’s slightly irresponsible to be quoting Wiens at length for stories like these without disclosing fully that iFixit sells replacement parts and servicing tools. I know that’s fairly widely-known, but journalists should disclose financial interests or other conflicts-of-interests that their sources might hold. I don’t think there’s anything shameful or untrustworthy about putting quotes in context.

Sam Rutherford’s Flexible Phone Pricing Standards

Sam Rutherford of Gizmodo, shortly after Apple announced their new iPhone lineup in September:

The new iPhones are here, and with them, Apple has once again pushed the price of smartphones even higher — especially the iPhone Xs Max which starts at $1,100 and goes all the way up to a staggering $1,450 if you upgrade to 512GB of storage.

This isn’t unusual for Rutherford; when the iPhone X was launched last year, he described its price as “eye-watering” and “outrageous”.

Rutherford today, reacting to the rumoured price of Samsung’s experimental foldable screen phone, in an article with the headline “Samsung’s First Flexible Phone Could Cost $1,700, and That Price Seems Totally Reasonable”:

That’s because Samsung’s flexible screen device — which has been dubbed the Galaxy F for now — may cost around 2 million won (about $1,760 U.S.) when it goes on sale in the first half of 2019, according to an estimate from Golden Bridge Investment published by the Korea Times.

That price may come as a major downer for people who have been searching for alternatives to the boring glass bricks we’ve been living with for the past decade or so. But if you consider the state of smartphones today, 2 million won doesn’t actually seem that outlandish.

Rutherford does a bunch of math based on guesses — like an assumption that the screen will withstand wear and tear for years — still ends up $350 short of the rumoured price of the flexible phone, and somehow just hand-waves that away.

I have absolutely no problem with anyone trying to justify to themselves the high price of a product they want. But you can bet that, if Apple were the ones launching an $1,800 phone that has two folding screens, Rutherford’s commentary would not be so glowing.

I don’t mean to pick on just one person, either. I just think it’s quite weird that it’s somehow less justifiable to charge a high price for a well-made and proven product that people actually want than it is for an experimental and gimmicky product.

An Unzipping Shortcut for iOS

Dr. Drang:

I’ve been planning to write a post about the new Apple products for over a week, but I keep getting distracted. Today, I went to Apple’s PR pages for the MacBook Air, the Mac mini, and the iPad Pro to download images and went off on another tangent. As usual, I will inflict that tangent on you.

Apple provides the product images as zipped archives, so when I clicked on the link in the press release, I was confronted with this “what do I do?” screen in Safari.

The efficient thing would have been to walk ten feet over to my iMac and download the zip files there, where they can be expanded with almost no thought. But I took the procrastinator’s way out, deciding to solve the problem of dealing with zip files on iOS once and for all.

This is one of those iOS things that has always driven me nuts, especially on my iPad. MacOS has unarchiving built into it; iOS pretends that it just doesn’t know what to do with any archive format.

iOS 11 slightly improved upon this with the introduction of the Files app. You can tap the “Preview Content” button and then tap the list button to see the contents of the archive.1 Then you can select each file individually and then tap the share button to save each file individually. That’s not very efficient at all.

There are some unarchiving apps in the store, but they’re all pretty ropey. Drang’s shortcut is probably the best solution I’ve found so far, but this is one of those things that iOS should just be able to handle.

  1. Also, Files apparently thinks that “1” is followed by “10”, unlike the MacOS Finder. ↩︎

Inside Apple’s New Macs

iFixit opened up Apple’s new MacBook Air and Mac Mini and there are some notable changes to the assembly methods of each. The Mini now has user-replaceable RAM, reversing Apple’s decision in 2014 to solder it directly to the board, while the Air differs from recent MacBook Pro models by allowing the battery to be replaced independently of the top case. Yes, storage is still mounted directly on the logic board, but it’s understandable from a security perspective — it is closely linked to the T2’s hardware encryption. (See update below.) Overall, these are small but welcome improvements to repair-averse recent production techniques.

Update: It doesn’t appear that the security features of the T2 necessarily prevent a Mac from having changeable internal storage — at least, not according to the security guide and, more tellingly, iFixit’s teardown of the iMac Pro.

Carrot Weather is the Best Weather App

Ben Brooks:

For a while now I have been bouncing back and forth between using Dark Sky and Hello Weather as my tools of choice. Then a few months ago, after seeing some new features (at the time) of CARROT Weather, I decided to give the quirky app a try. The thing about CARROT is that the entire aesthetic and tone of the app makes it seem like it’s not a serious app.

However, I’ve found that it is perhaps the best weather app. Allow me to explain why.

I’ve bounced around between a lot of weather apps, but Carrot has stuck with me for a long time now. It’s not just well-illustrated and hilarious — particularly if you turn the “personality” setting to “overkill”, as I immediately did upon finding said setting — it is information-dense and customizable, too. If you haven’t tried it yet, consider giving Carrot a shot.

How to Find and Manage App Subscriptions on iOS

In the wake of several apps abusing subscriptions, Charles Arthur put together a well-illustrated guide to finding the app subscriptions management screen on iOS. It isn’t in the App Store, nor can you search for it in Settings because it’s inside of a web view. Ryan Jones previously registered a single-serving domain that redirected to the subscription management screen, but Apple legal didn’t like that.

This needs to be easier. Subscriptions are an increasingly-relevant revenue model. It has been two years since Apple revised the terms of subscriptions to make them more developer-friendly, but the management UI for users has simply never been easily-found.

Ars Technica Interviews Anand Shimpi and Phil Schiller About the A12X

Samuel Axon, Ars Technica:

If you’ve read our iPad Pro review, you know most of those claims hold up. Apple’s latest iOS devices aren’t perfect, but even the platform’s biggest detractors recognize that the company is leading the market when it comes to mobile CPU and GPU performance—not by a little, but by a lot. It’s all done on custom silicon designed within Apple—a different approach than that taken by any mainstream Android or Windows device.

But not every consumer—even the “professional” target consumer of the iPad Pro—really groks the fact this gap is so big. How is this possible? What does this architecture actually look like? Why is Apple doing this, and how did it get here?

After the hardware announcements last week, Ars sat down with Anand Shimpi from Hardware Technologies at Apple and Apple’s Senior VP of Marketing Phil Schiller to ask. We wanted to hear exactly what Apple is trying to accomplish by making its own chips and how the A12X is architected. It turns out that the iPad Pro’s striking, console-level graphics performance and many of the other headlining features in new Apple devices (like FaceID and various augmented-reality applications) may not be possible any other way.

Every passing year that Intel drops the ball is another reinforcement that Apple’s $278 million purchase of P.A. Semi ten years ago was the deal of the century, especially when they announce that they’re building a MacBook on their own architecture.

AT&T to Cut Off Some Customers’ Service in Piracy Crackdown

Sara Fischer and David McCabe, Axios:

AT&T will alert a little more than a dozen customers within the next week or so that their service will be terminated due to copyright infringement, according to sources familiar with its plans.


AT&T owns a content network after its purchase of Time Warner earlier this year, an entity now called WarnerMedia. Content networks are typically responsible for issuing these types of allegations to internet service providers (ISPs) for them to address with their customers.

A source said it’s unclear whether WarnerMedia was involved directly in issuing piracy allegations in these instances, although it’s possible.

Studios and record labels have been fighting for ages to get users disconnected for copyright infringement. Many of them must be thrilled to now be owned by the same people who control internet access — frequently with little competition, leaving users with few or no alternatives.

The 2018 Mac Mini

Apple wisely seeded Marco Arment with a Mac Mini review model:

It’s the same size as the old one, which is the right tradeoff. I know zero Mac Mini owners who really need it to get smaller, and many who don’t want it to get fewer ports or worse performance.

The point of the Mac Mini is to be as versatile as possible, addressing lots of diverse and edge-case needs that the other Macs can’t with their vastly different form factors and more opinionated designs. The Mac Mini needs to be a utility product, not a design statement. (Although, even as someone tired of space-gray everything, I have to admit that the Mini looks fantastic in its new color.)

This new Mini is one of the best updates Apple has shipped recently for the Mac. I know it’s more expensive than the previous model, but I really think that this is a clear instance of “we don’t ship junk”. I say that not necessarily because it’s more powerful in CPU benchmarks than any other Mac, save the iMac Pro and the highest-end Mac Pro configuration — though that’s very nice — but because it’s a product that is very capable in almost every aspect. The only exception to that is graphics performance; but, if that’s important to your workflow, you can pick up an external GPU for maximum power in that regard and have a truly excellent, albeit highly modular, system. I don’t mean this as a slight: I hope the next update is not also four years in the making.

The biggest downside to the new Mac Mini, to my eyes, is that there are simply no good Thunderbolt 5K displays out there. That market just doesn’t exist yet.

An In-Depth Look at Apple’s New Map Data

A new post by Justin O’Beirne is an immediate must-read for me, and this latest one is no exception. In fact, it’s maybe the one I would most recommend because it’s an analysis of the first leg of a four-year project Apple unveiled earlier this year. Here’s what Matthew Panzarino wrote at the time for TechCrunch:

The coupling of high-resolution image data from car and satellite, plus a 3D point cloud, results in Apple now being able to produce full orthogonal reconstructions of city streets with textures in place. This is massively higher-resolution and easier to see, visually. And it’s synchronized with the “panoramic” images from the car, the satellite view and the raw data. These techniques are used in self-driving applications because they provide a really holistic view of what’s going on around the car. But the ortho view can do even more for human viewers of the data by allowing them to “see” through brush or tree cover that would normally obscure roads, buildings and addresses.


Regardless of how Apple is creating all of its buildings and other shapes, Apple is filling its map with so many of them that Google now looks empty in comparison. […]

And all of these details create the impression that Apple hasn’t just closed the gap with Google — but has, in many ways, exceeded it…


But for all of the detail Apple has added, it still doesn’t have some of the businesses and places that Google has.


This suggests that Apple isn’t algorithmically extracting businesses and other places out of the imagery its vans are collecting.

Instead, all of the businesses shown on Apple’s Markleeville map seem to be coming from Yelp, Apple’s primary place data provider.

Rebuilding Maps in such a comprehensive way is going to take some time, so I read O’Beirne’s analysis as a progress report. But, even keeping that in mind, it’s a little disappointing that what has seemingly been prioritized so far in this Maps update is to add more detailed shapes for terrain and foliage, rather than fixing what places are mapped and where they’re located. It isn’t as though progress isn’t being made, or that it’s entirely misdirected — roads are now far more accurate, buildings are recognizable, and city parks increasingly look like city parks — but the thing that frustrates me most about Apple Maps in my use is that the places I want to go are either incorrectly-placed, not there, or have inaccurate information like hours of operation.

Flickr Announces That It Will Only Keep Newest 1,000 Photos for Free Accounts Starting February 5, Alongside Service Improvements

SmugMug is making lots of changes to Flickr, which they acquired in April from Verizon, via Oath, via Yahoo. Yesterday, they announced that they would be supporting wide colour gamuts and move to Amazon Web Services from Yahoo’s data centres; today, they said that they would — finallydisconnect from Yahoo’s account and login system.

But perhaps the biggest Flickr news of today is the discontinuation of the virtually-unlimited terabyte of storage offered to free accounts. Andrew Stadlen, Flickr’s VP of product:

Beginning January 8, 2019, Free accounts will be limited to 1,000 photos and videos. If you need unlimited storage, you’ll need to upgrade to Flickr Pro.


Second, you can tell a lot about a product by how it makes money. Giving away vast amounts of storage creates data that can be sold to advertisers, with the inevitable result being that advertisers’ interests are prioritized over yours. Reducing the free storage offering ensures that we run Flickr on subscriptions, which guarantees that our focus is always on how to make your experience better. SmugMug, the photography company that recently acquired Flickr from Yahoo, has long had a saying that resonates deeply with the Flickr team and the way we believe we can best serve your needs: “You are not our product. You are our priority.” We want to build features and experiences that delight you, not our advertisers; ensuring that our members are also our customers makes this possible.

This decision is understandable, but it is a little confusing: what happens to your pictures if you, like I, have an account that exceeds the thousand-photo limit? A footnote on Flickr’s announcement page goes partway towards explaining:

Free members with more than 1,000 photos or videos uploaded to Flickr have until Tuesday, January 8, 2019, to upgrade to Pro or download content over the limit. After January 8, 2019, members over the limit will no longer be able to upload new photos to Flickr. After February 5, 2019, free accounts that contain over 1,000 photos or videos will have content actively deleted — starting from oldest to newest date uploaded — to meet the new limit.

It sounds like they’re just going to literally delete older photos past the limit, which is pretty wild. It’s not every day that a company tells its users that, in the near future, it’s going to start deleting their data.

But what remains unanswered is if they are truly erasing old photos or if they’re just hiding them from public and user view. I would assume that, if you do pay for a Pro subscription after the February 5 deadline, these photos would once again be visible, but I don’t know that for sure. It is also unclear if there are changes for users with expired pro subscriptions. I’ve reached out to SmugMug and will update this post if I hear back with answers.

In the interim, my suggestion is to download your photos and videos, just to be safe. Head to your Flickr settings and click the button to request your account data.

Facebook’s Political Ad Transparency Efforts Are Woefully Poor

William Turton, Vice:

One of Facebook’s major efforts to add transparency to political advertisements is a required “Paid for by” disclosure at the top of each ad supposedly telling users who is paying for political ads that show up in their news feeds.

But on the eve of the 2018 midterm elections, a VICE News investigation found the “Paid for by” feature is easily manipulated and appears to allow anyone to lie about who is paying for a political ad, or to pose as someone paying for the ad.

To test it, VICE News applied to buy fake ads on behalf of all 100 sitting U.S. senators, including ads “Paid for by” by Mitch McConnell and Chuck Schumer. Facebook’s approvals were bipartisan: All 100 sailed through the system, indicating that just about anyone can buy an ad identified as “Paid for by” by a major U.S. politician.

Allen Tan:

Feature built to curb abuse relies on… people and organizations using it in good faith.

If you can’t trust organizations trying to manipulate elections by preying on individuals’ trust in apparently honest discourse at this tense time in the world, who can you trust?


There’s a lot to discuss following today’s Apple event in New York, but one thing, in particular, that I’d like to highlight is how they promoted external display capabilities as one reason for the change on the new iPad Pro to a USB-C connector from Apple’s proprietary Lightning connector. It’s something John Ternus mentioned a few times onstage but, oddly, this capability is only shown in the video on the iPad Pro’s marketing webpages and it has barely been given a passing mention in the company’s press release.

Even with the limited information available, I think this speaks to Apple’s greater ambitions for the iPad as much — or even more than — the power and software improvements they’ve made over the past few years. The future of the computer probably looks a lot like plugging a display into an iPad and using a connected keyboard and perhaps a trackpad with a different UI.

This isn’t entirely revolutionary; Microsoft has been pursuing a similar strategy with their Surface line for years. The critical difference, I think, is that the Surface was borne of a desktop-and-laptop world, while the iPad was derived from a smartphone. In 2012, I wrote a piece where I proposed — poorly — that that the reason the iPad was selling well where Microsoft’s tablet efforts, at the time, were not was because the common criticism of the iPad as a bigger iPhone was actually an advantage.

If there is a smartphone-to-desktop continuum, with the tablet somewhere in the middle, Microsoft has long approached it as skinning Windows with touch drivers and bigger buttons, while Apple chose to start by making a touchscreen phone and build up from there.

The vestiges of these differing approaches are clearly evident today. There are still plenty of examples of Windows feeling like a desktop operating system even when running on a tablet; and there are lots of places throughout iOS that feel like upscaled smartphone interfaces.

Looking beyond that, though, at what is plausibly within reach in the next few years is a culmination of efforts to overhaul the way we think about computers. Apple has, for years, been touting the iPad as the computer of the future — the pioneer in the post-PC era. But the product has not necessarily matched the company’s rhetoric, largely because it’s still trying to grow out of the smartphone-based constraints that are primarily exposed in software; that’s the root of where most of its limitations still lie.

If the scenario I outlined above is, indeed, the way Apple sees the future of this product line, there’s still a long way to go: multitasking isn’t there yet, the keyboard remains an afterthought, an iPad isn’t as information-dense because its controls still need to be touch-friendly, and so on. But there are clues that Apple is very serious about the iPad as a replacement computer. USB-C and the singling-out of external display support is one such indicator, I feel; iOS 11 brought the Dock to the iPad, which makes it feel much faster for switching between apps; and there are some iPad-specific Springboard improvements destined for iOS 13 that ought to shake things up.

Taking a step back, I think it’s worth addressing how far the iPad’s software has felt compared to the hardware, as far as telling a complete and elegant story about using it as a full Mac replacement. The new iPad Pro models look wildly impressive — like pure slabs of magic internet-connected glass. But the software has evolved far slower. A big reason for this is, I believe, that using iOS as the basis for the future of personal computers has required a rethink of every system paradigm taken for granted on the Mac. I don’t think it has been universally successful. But I do truly believe that by building iOS up as opposed to breaking MacOS down — that is, adding functionality within a made-for-touch framework rather than glomming touch onto MacOS — will prove to be a wise choice in the coming years.

iOS 12’s Security Improvements Impede GrayKey Passcode Cracking Functionality

Thomas Brewster of Forbes broke the news of the existence of GrayKey in March, and has been covering it brilliantly since:

Now, though, Apple has put up what may be an insurmountable wall. Multiple sources familiar with the GrayKey tech tell Forbes the device can no longer break the passcodes of any iPhone running iOS 12 or above. On those devices, GrayKey can only do what’s called a “partial extraction,” sources from the forensic community said. That means police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures.

Previously, GrayKey used “brute forcing” techniques to guess passcodes and had found a way to get around Apple’s protections preventing such repeat guesses. But no more. And if it’s impossible for GrayKey, which counts an ex-Apple security engineer among its founders, it’s a safe assumption few can break iPhone passcodes.

That last sentence requires two more words: “for now”. That’s how it works. After a security threat is revealed, it is patched; repeat constantly until the end of time. The biggest difference here is that there’s an enormous market for iOS vulnerabilities due to its high grade of security and its popularity, so it is not in the best interests of those who find these vulnerabilities to report them to Apple or disclose them publicly.

That, in part, is why the method by which Apple prevented GrayKey from working is just as mysterious as the means by which GrayKey worked in the first place. It’s also why it is plausible that there is a vulnerability just as insidious in every iOS device out there that won’t get reported to Apple for fixing if it’s good enough for Grayshift or Cellebrite to buy.

Hundreds of Popular Android Apps Part of Multimillion-Dollar Ad Fraud Scheme

Craig Silverman, Buzzfeed:

Last April, Steven Schoen received an email from someone named Natalie Andrea who said she worked for a company called We Purchase Apps. She wanted to buy his Android app, Emoji Switcher. But right away, something seemed off.


Schoen had a Skype call with Andrea and her colleague, who said his name was Zac Ezra, but whose full name is Tzachi Ezrati. They agreed on a price and to pay Schoen up front in bitcoin.

“I would say it was more than I had expected,” Schoen said of the price. That helped convince him to sell.

A similar scenario played out for five other app developers who told BuzzFeed News they sold their apps to We Purchase Apps or directly to Ezrati. (Ezrati told BuzzFeed News he was only hired to buy apps and had no idea what happened to them after they were acquired.)

Giant klaxons are already blaring in my head and this doesn’t even concern the actual — you know — fraud part of the story. The ability to migrate apps and their entire user bases to different developers is an alarming security risk, particularly with the broad use of automatic update mechanisms. This reminds me of when the Stylish browser extension was sold to a new owner that immediately saddled it with spyware. Users should be made fully aware of an ownership change and some sort of action on the user’s ought to be required for them to update to a newer version of the software.


One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app’s human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News’ request.

This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems.


App metrics firm AppsFlyer estimated that between $700 million and $800 million was stolen from mobile apps alone in the first quarter of this year, a 30% increase over the previous year. Pixalate’s latest analysis of in-app fraud found that 23% of all ad impressions in mobile apps are in some way fraudulent. Overall, Juniper Research estimates $19 billion will be stolen this year by digital ad fraudsters, but others believe the actual figure could be three times that.

In other forms of advertising, spots are pre-sold for a specific fee based only on an estimated audience. If yet another vacuum-packed mattress company buys ads in an episode of a podcast, it doesn’t matter whether that episode is downloaded ten thousand times or a hundred thousand times — the mattress company will have paid the same price for that spot. Sponsoring later episodes might cost them more if there are an increasing number of listeners, or the podcaster may cut them a deal for multiple sponsorships, but there isn’t a real-time bidding scheme. It’s the same for print and television. Effectiveness in terms of action taken is harder to measure directly, but that encourages advertisers and creative firms to make something eye-catching and memorable.

For most online advertising, though, this is completely backwards: advertisers are charged and ad placements are paid out based on how many views or clicks there have been, not how many there are expected to be. This makes it much harder to differentiate fraudulent behaviour from honest views. It typically requires more tracking in order to be able to model real human behaviour — something that was defeated in this case. And, according to a recent report produced for Radiocentre — a trade group for British commercial radio stations — online ads of all types are completely ineffective (PDF).1

In general, the incentives of online advertising encourage fraud, clickbait, and spyware. This will continue to be the case so long as these ads are behaviourally targeted, and are paid for based directly on the number of views and clicks.

  1. One side effect of the ineffectiveness of online ads is that a huge industry has been built on the basis of creating ads that don’t look like ads. Social media “influencers”, native advertising, and content marketing all fall into this bucket. They’re generally just as unmemorable as other online advertising, but with the added bonus of feeling scummier and more manipulative because they aren’t obviously ads. ↩︎

Apple News’ Reliance on Human Editors Reduces Misinformation in the App

Apple granted Jack Nicas of the New York Times a rare glimpse inside its Apple News team’s editorial discussions:

Apple has waded into the messy world of news with a service that is read regularly by roughly 90 million people. But while Google, Facebook and Twitter have come under intense scrutiny for their disproportionate — and sometimes harmful — influence over the spread of information, Apple has so far avoided controversy. One big reason is that while its Silicon Valley peers rely on machines and algorithms to pick headlines, Apple uses humans like [editor in chief Lauren Kern].


That approach also led Apple News to not run an ABC News bombshell in December about Robert Mueller’s investigation into the Trump campaign’s ties to Russia. The story alleged that former national security adviser Michael Flynn was prepared to testify that Mr. Trump had directed him to contact Russian officials during the 2016 campaign. It rocketed across the internet, boosted by Google, Facebook and Twitter, before ABC News retracted it.

Ms. Kern said she and her team did not run the story because they didn’t trust it. Why? It’s not a formula that can be baked into an algorithm, she said.

“I mean, you read a story and it doesn’t quite pass the smell test,” she said.

There has been a rush to make much of the world driven by machine learning because we now can do that, but seemingly few of the people who are a position to make decisions about this have actually questioned whether we should be letting algorithms replace thought. Apple’s solution is imperfect, but it certainly helps reduce the likelihood of embarrassing blunders — even Apple itself can learn from that.

Tim Cook Speaks About Privacy at ICDPPC

Jon Brodkin, Ars Technica:

Apple CEO Tim Cook today called on the US government to pass “a comprehensive federal privacy law,” saying that tech companies that collect wide swaths of user data are engaging in surveillance.

Speaking at the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Brussels, Cook said that businesses are creating “an enduring digital profile” of each user and that the trade of such data “has exploded into a data-industrial complex.”

“This is surveillance,” Cook said. “And these stockpiles of personal data serve only to enrich the companies that collect them. This should make us very uncomfortable.”

Apple is, of course, imperfect in this regard: while they try to restrict the ways in which app developers may collect sensitive data, there are plenty of apps that still ask for access to your contact list, ostensibly to allow you to find friends using the same app or service, but without clearly indicating how they will treat that list over a long term; and, as others have mentioned, they have retained Google as the default search provider in Safari on all platforms. The latter is particularly hard to reconcile — last year, they changed web searches made through Siri or Apple Search from Bing to Google. Google reportedly paid Apple $9 billion in 2018 for this privilege, which feels a little bit like a bribe to collect Safari users’ personal information.

On the other hand, Apple has made strides to reduce users’ dependency on Google. The website suggestions that appear as you type in the address bar are not driven by Google, but by Apple’s own web crawler; the suggestions in Search on iOS for things like the weather and sports scores are also not powered by Google. Apple has also continued to roll out privacy protections in Safari with features like Intelligent Tracking Prevention.

Natasha Singer of the New York Times, on Twitter:

It’s much easier to be a privacy hawk when your business doesn’t depend on surveillance-based advertising. Even so, Tim Cook’s critique of the “data industrial complex” is a watershed for tech industry discourse.

It’s also much easier to not build a business dependent on surveillance when you are a privacy hawk.

Cook’s speech reads to me as an honest representation of his own stance and Apple’s ideals about how data ought to be collected and stored. Privacy does not seem like an add-on, but an integral part of the company’s development processes. It is a principled stance.

iPhone XR Reviews Roundup

Embargoes for reviews of the iPhone XR were lifted this morning and John Voorhees of MacStories collected some of the more notable excerpts. Based on everything I’ve read, it sounds like you’re getting virtually all of the experience of an iPhone XS Max in a slightly smaller, far more colourful, and vastly less-expensive device with a not-as-spectacular-but-still-excellent display. All of that sounds great.

But there is one thing eating at me with this new iPhone lineup: the starting price for a current model year iPhone is now $50 more than last year, and $100 more than two years’ prior. It’s as though they’ve dropped the entry-level model and are starting at what was previously Plus model pricing. In Canada, the difference is even more pronounced — for the first time, you cannot get a current model year iPhone for under $1,000. The iPhone XR might be the least-expensive iPhone Apple launched this year, but it is by no means a budget device.

That’s not to say that it’s necessarily the wrong move from a unit sales perspective. Presales of the XR seem strong, and every indication — including the rapidly-rising average selling price — indicates that the iPhone X and XS models have sold very well indeed. It is arguably indicative of how much we value our smartphones compared to any other consumer electronics device. But it also means that getting into the iPhone ecosystem at the base model flagship level has become markedly more pricey.

There are two ways of looking at this: Apple has made more affordable the iPhone X design and features, and Apple has dramatically increased the base price of an iPhone.

Other News Organizations Have Tried But Are Not Able to Corroborate Bloomberg’s Story

Erik Wemple, Washington Post:

According to a [Bloomberg] company source, editorial staff has been “frustrated” that competing news organizations haven’t managed to match the scoop. Sources tell the Erik Wemple Blog that the New York Times, the Wall Street Journal and The Post have each sunk resources into confirming the story, only to come up empty-handed. (The Post did run a story summarizing Bloomberg’s findings, along with various denials and official skepticism.) It behooves such outlets to dispatch entire teams to search for corroboration: If, indeed, it’s true that China has embarked on this sort of attack, there will be a long tail of implications. No self-respecting news organization will want to be left out of those stories. “Unlike software, hardware leaves behind a good trail of evidence. If somebody decides to go down that path, it means that they don’t care about the consequences,” Stathakopoulos says.

In the face of challenges to the story’s veracity, Bloomberg has commissioned additional reporting to reinforce its initial findings. One of the story’s reporters, for example, contacted a former Apple employee on Oct. 10 seeking information on the alleged purge of Supermicro servers, according to correspondence reviewed by the Erik Wemple Blog. We asked Bloomberg about any additional reporting on the alleged hack. “We do not comment on our unpublished newsgathering, editorial processes, or plans for future reporting,” replied a company spokeswoman.

Michael Riley, one of the reporters on the story, quickly asserted after the story’s publication that the physical evidence assured that corroborating stories would soon be published. Not only has that not happened, it’s the inverse that has: source after source raising doubts about the accuracy of the story’s core arguments. This isn’t just embarrassing, it’s toxic to Bloomberg’s credibility and the often-necessary use of sources speaking only on background.

In Interview With Buzzfeed News, Tim Cook Calls for Retraction of Bloomberg ‘Big Hack’ Story

John Paczkowski and Joseph Bernstein, Buzzfeed:

The result has been an impasse between some of the world’s most powerful corporations and a highly respected news organization, even in the face of questions from Congress. On Thursday evening, an indignant Cook further ratcheted up the tension in response to an inquiry from BuzzFeed News.

“There is no truth in their story about Apple,” Cook told BuzzFeed News in a phone interview. “They need to do that right thing and retract it.”

This is an extraordinary statement from Cook and Apple. The company has never previously publicly (though it may have done so privately) called for the retraction of a news story — even in cases where the stories have had major errors or were demonstratively false, such as a This American Life episode that was shown to be fabricated.

What’s wild to me is, if Bloomberg’s story is completely true, no other news organization has been able to independently corroborate it — even in part. Reporters at the New York Times, Wall Street Journal, and Financial Times all have terrific sources within the tech companies concerned, the Chinese supply chain, and the American government. Surely, if the story is as Bloomberg describes, one of those publications ought to be able to use the story as a starting point to confirm either an ongoing investigation or the existence of the suspicious components, right? Or how about well-connected infosec and supply chain experts — why haven’t they, as Buzzfeed reports, been able to echo any of Bloomberg’s claims?

This is one of the most baffling sagas I can remember. Either the supply chain is hosed and companies like Apple and Amazon really have no idea, they do know and their executives are covering it up in flagrant violation of the law, or an esteemed news organization fucked up to an immense degree. If it’s the latter, Bloomberg is doing themselves no favours by continuing to stand by its increasingly dubious reporting.

How did Bloomberg get this so wrong?

Apple Announces October 30 Event in New York

I think these invitations are great. Many companies have strict guidelines that prohibit any transformation of their logo but, because of the ubiquity and simplicity of the Apple logo, they’re able to produce dozens of variations — some more successful than others.

The opera house at the Brooklyn Academy of Music is an interesting venue choice, largely because it’s not in the Bay Area. With the creative theme of the invitations and the venue, new iPad Pros seem like a given for this event. I’m also hoping for new desktop Macs: a refreshed iMac and a completely new Mac Mini seem like safe bets. I wouldn’t expect to hear anything about the Mac Pro or new displays at this event.

Update: If that rumoured Retina display-equipped MacBook Air is slated for this event as well, I’m interested to see how that’s pitched.

Chartbeat: Social Media Referrals Are Down, but Direct Traffic Is Up

Sara Fischer, Axios:

The big picture: Since January 2017, per Chartbeat…

  • Twitter and Facebook have declined in their share of traffic sent to news sites.

  • Facebook traffic to publishers is down so much (nearly 40%) that according to Chartbeat, “a user is now more likely to find your content through your mobile website or app than from Facebook.”

  • Google Search on mobile has grown more than 2x, helping guide users to stories on publishers’ owned and operated channels.

  • Direct mobile traffic to publishers’s websites and apps has also steadily grown by more than 30%.

The declining influence of social networks is a promising sign, but their dominance over publishers’ business decisions should be heeded as a warning — particularly with the rising influence of Google Search, Google News, and Apple News.

Lawsuit Alleges Facebook Inflated Video Ad Viewing Times for Over a Year

Rachel England, Engadget:

It all comes down to the way Facebook initially reported the average viewing time of video ads. During the original investigation, it was found that the company only counted video views that lasted more than three seconds when calculating its “average duration of video viewed” metric. Views under three seconds weren’t factored in, thereby inflating the average length of a view. Facebook disclosed the issue in 2016, claiming it had “recently discovered” the error.

After reviewing some 80,000 pages of internal Facebook records, obtained as part of court proceedings, Crowd Siren now claims that Facebook had not only known about the issue for over a year, but had massively underestimated its miscalculations. The company told some advertisers it overestimated average time spent watching videos by 60% to 80%. The plaintiffs, however, believe that figure is much larger, and that average viewership metrics had been inflated by as much as 900%.

This occurred at roughly the same time a bunch of publishers decided to “pivot to video” — that is, to lay off reporters, writers, and editors and hire a bunch of video producers in their place. Over a longer term, it became clear that this change was driven by ad dollars rather than audience interest, to great detriment to the industry.

It’s a terrible idea to be dependent on traffic from platforms beyond a publisher’s control; it is also awful that Facebook — allegedly — failed to correct the effectiveness of their video platform for a year while paying publishers to buoy it.

See Also: Laura Hazard Owen, Nieman Lab:

It’s impossible to say whether media executives felt the way we did, or whether they actually did watch a lot of news video and truly believed it was the future. What is clear, however, is that plenty of news publishers made major editorial decisions and laid off writers based on what they believed to be unstoppable trends that would apply to the news business.

Concerns Linger About MacBook Pro Keyboards

Casey Johnston, the Outline:

[…] Every time I described the 2017 MacBook Pro I sold because I couldn’t stand its non-functional keyboard and asked an Apple store employee if the new one would screw me over the same way, each assured me that Apple had changed the keyboards so that that would never happen again. I described my issues with “dust” to one shop associate at the Apple Store at the World Trade Center and asked if the new computers were any better. “Yeah, yeah, they fixed that problem… it was a BIG problem,” she told me. “So it doesn’t happen at all?” I asked. “No, it shouldn’t happen,” she said. Maybe the bad days were finally over.

But checking around online, it appears the new keyboards have the same old issues. They may be delayed, but they happen nonetheless. The MacRumors forum has a long thread about the the “gen 3 butterfly keyboard” where users have been sharing their experiences since Apple updated the design. “How is everyone lse’s keyboard doing? I rplaced th first one because ‘E’ and ‘O’ gave double output. The replacment ither eats “E”, “O”, “I” and “T”, or doubles them,” wrote one poster. “I didn’t correct the typos above on purpose.”

It’s pretty wild that the Apple Store employee would admit to anyone that this was a “big problem”, given how often Apple has emphasized that it was a small percentage of users and that the silicone membrane in the 2018 models is just for quieter typing — though, in service documentation, they copped to its debris-fighting intention.

This is my favourite quoted response from that MacRumors thread:

“That’s just plain reckless,” responded a third. “I mean he took a laptop from a closed apartment to a balcony. It was probably an open balcony. Does he think that a laptop is a portable computer or what?!?”

The nature of online reviews and Mac enthusiast forum users, in general, tends to draw out negative experiences in a sort of shared commiseration experience. There aren’t loads of people who will chime in with their flawless keyboard experience. But, even if a smaller number of 2018 MacBook Pro owners are finding their computers susceptible to dust-induced keyboard failures compared to 2016 or 2017 model year users, these problems are still unique to the ultra low profile “butterfly” mechanism used in these models and are not present in previous generations of keyboards. This a serious regression of one of its single most critical components. These are not good keyboards.

Johnston’s thoughts on the current Apple notebook lineup echo my own:

[…] The MacBook is aesthetic but underpowered; the Air is an outdated design paradigm, a “thin and light” notebook that has the worst performance-to-weight-to-cost tradeoff of all the computers Apple makes, but the only one left with a decent keyboard; the MacBook Pro fails at being a Pro in a number of ways (a small number of ports that almost always require dongles, garbage battery life), not least of which is that the keyboard stops working after a couple of months for many people. Every laptop offering has serious tradeoffs, none of them are compellingly priced, and most are just old.

The MacBook today fills the same slot as the MacBook Air of 2008, and vice-versa. Neither represents a massive upgrade for me over my mid-2012 MacBook Air for my changed workflow. The MacBook Pro has a worrisome keyboard, and it’s extremely expensive: a base 15-inch PowerBook in 2004 cost $2,649 in Canada, the 2007 15-inch MacBook Pro started at $2,199, and the Retina 15-inch MacBook Pro started at $2,449 in 2015. But the new 15-inchers start at $3,199. That’s a big leap; Apple’s 15-inch portables haven’t been that expensive since the early 2000s.

More than anything I’m confused by the current Mac lineup. It feels all out of sorts — almost as if each model were handled by a separate team with its own shipping deadline and requirements. There isn’t a clear rubric. I don’t think the lineup needs to go back to the Jobs quadrant, but it ought to be easier to buy a computer than the current lineup permits.

Facebook Acknowledges That Contact Details of Twenty-Nine Million Users Were Stolen

Guy Rosen of Facebook followed up on their earlier disclosure of their security breach in a post euphemistically titled “An Update on the Security Issue”. They have to use the indefinite article “the security issue”, never “our security issue”.1 Anyway:

The attackers used a portion of these 400,000 people’s lists of friends to steal access tokens for about 30 million people. For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information.

A portion of users have also had their Facebook Messenger conversation names and contacts compromised, and if they were an admin of a page, any messages to that page might also be compromised as well. Katie Notopoulos and Nicole Nguyen of Buzzfeed have put together a great article on how to tell if you’re one of the users impacted.

Earlier this week, Facebook launched an always-on microphone with an attached camera.

  1. I feel a little gross for interpolating Fight Club↩︎

Google Has Continued Its Growth in Europe Post-GDPR, While the Prevalence of Other Trackers Has Been Cut

Natasha Lomas, TechCrunch:

For the GDPR analysis, the team compared the prevalence of trackers one month before and one month after the introduction of the regulation, looking at the top 2,000 domains visited by EU or US residents.

On the tracker numbers front, they found that the average number of trackers per page dropped by almost 4% for EU web users from April to July.

Whereas the opposite was true in the US, with the average number of trackers per page rose by more than 8 percent over the same period.


Summing up their findings, Cliqz and Ghostery write: “For users this means that while the number of trackers asking for access to their data is decreasing, a tiny few (including Google) are getting even more of their data.”

This builds upon and somewhat echoes earlier reporting that GDPR would actually help Google and Facebook compared to their smaller competitors. That’s not surprising: GDPR requires individual companies to get an explicit opt-in from users for ad targeting and tracking, and that’s a lot easier to do when you’re Google or Facebook. It’s also something that can be addressed through greater antitrust enforcement, if the E.U. wishes to pursue more direct targeting of the mass surveillance business models of those two companies.

The Anatomy of a Click

As part of my morning review of news headlines, I like to read Charles Arthur’s excellent Overspill link roundup. In today’s edition, he linked to a fascinating-looking piece by James Ball in the Huffington Post called “The Anatomy of a Click” about programmatic advertising and all of the automated bidding that happens when you click. So I did.

I was greeted first by the burdensome opt-in advertising screen for Oath, the Huffington Post’s parent company. GDPR may require website owners to give visitors choices, but this is just egregious, and shows the scale of Oath’s operation. They don’t make it easy to simply opt-out of all targeting and tracking. This is why ad blockers are popular.

Then I noticed the URL, which now contained all sorts of referral information and tracking data.

The article itself is part of a section called “Digital Life”, which is sponsored by Microsoft — a company that runs a targeted programmatic advertising platform and allows Oath ads on its platforms, including in Windows. That what the people who make the big money call “synergy”, or “synchronicity”, or whatever.

If you look in your Web Inspector, you’ll notice that the article phones home to several trackers and contains loads of programmatic advertising. That makes it especially rich when you read to the bottom of what is generally a well-written explanation of how the market works:

The whole situation is summarised by data protection expert and privacy advocate Johnny Ryan.

“Every single time a person loads a page on a website that uses ‘programmatic’ advertising, information about what they are reading and the device they use is broadcast to a large number of adtech companies, who then do God knows what with it,” he explains.


“In GDPR terms, this “programmatic advertising” is a vast and ongoing data breach, and it means that everyone involved can be subject to an investigation by Elizabeth Denham, the Information Commissioner, and can be taken to court by Internet users.”

I’m not completely stupid; I understand why many websites — including this one — have analytics software and ads. But it is worth pointing out, and not solely to toot my own horn, that there is a vast difference between a “dumb” ad plus one or two analytics packages that do their best to anonymize traffic and respect Do Not Track, compared to the monstrosities created by companies like Oath and the Huffington Post that collect and distribute your browsing history on behalf of dozens of third parties in ways that are beyond your control.

You may, quite rightly, point out that the Huffington Post is not the pinnacle of journalism. But I would argue that the standards of the web should not be so low that we ought to tolerate privacy-invasive behaviour from anyone. And, for what it’s worth, practitioners of great journalism like the Washington Post and the Financial Times also have an egregious record when it comes to online tracking. It is their responsibility to give readers the best possible information, written as well as they can, and publish it on the safest and most reader-friendly platform available.

Two Angles on Apple Product Repairs

Joe Rossignol, MacRumors:

Due to advanced security features of the Apple T2 chip, iMac Pro and 2018 MacBook Pro models must pass Apple diagnostics for certain repairs to be completed, according to an internal document from Apple obtained by MacRumors.

For the 2018 MacBook Pro, the requirement applies to repairs involving the display, logic board, Touch ID, and top case, which includes the keyboard, battery, trackpad, and speakers, according to the document. For the iMac Pro, the requirement only applies to logic board and flash storage repairs.

If any of these parts are repaired in an iMac Pro or 2018 MacBook Pro, and the Apple diagnostics are not run, this will result in an inoperative system and an incomplete repair, according to Apple’s directive to service providers.

Apple’s diagnostic suite is limited to internal use by Apple Stores and Apple Authorized Service Providers, as part of what is called the Apple Service Toolkit. As a result, independent repair shops without Apple certification may be unable to repair certain parts on the iMac Pro and 2018 MacBook Pro.

Adam O’Camb of iFixit:

This service document certainly paints a grim picture, but ever the optimists, we headed down to our friendly local Apple Store and bought a brand new 2018 13” MacBook Pro Touch Bar unit. Then we disassembled it and traded displays with our teardown unit from this summer. To our surprise, the displays and MacBooks functioned normally in every combination we tried. We also updated to Mojave and swapped logic boards with the same results.

That’s a promising sign, and it means the sky isn’t quite falling — yet. But as we’ve learned, nothing is certain. Apple has a string of software-blocked repair scandals under its belt, including the device-disabling Error 53, a functionality-throttling Batterygate, and repeated feature-disabling incidents. It’s very possible that a future software update could render these “incomplete repairs” inoperative, and who knows when, or if, a fix will follow.

FUD aside, this is pretty good reporting: Apple’s repair guides say that, for security reasons, many of the components of the iMac Pro and 2018 MacBook Pro must pass a software diagnostics check after replacement; iFixit tested this and found it not to be the case that the product becomes inoperable, even though Apple’s guidance suggests that it will.

Maintaining the security of components like the keyboard, Touch ID sensor, and logic board seems completely fair to me. Even if Bloomberg’s recent report on compromised Supermicro servers from China turns out not to be exactly as described, it’s completely plausible for cheap parts to contain malicious components — HP’s laptops had a keylogger preinstalled, and there were reports last year that inexpensive replacement phone screens could track a user’s touch input.

But I also completely understand the value of right-to-repair legislation. Sometimes, a Genius Bar appointment is difficult to make either because they’re fully booked or there isn’t an Apple or Apple-certified store in your area. Other times, Apple’s retail staff may suggest needlessly expensive replacements when a simpler fix could be found by more experienced independent technicians.

Rather than compromising the security and privacy of their products, I’d like to see more progress made on certifying independent technicians and making Apple’s official tools more accessible. The security threat model isn’t the same as it once was; your phone probably has a lot more information on it than your computer of ten years ago. Yes, it’s more complicated to replace parts now, but it’s not entirely because companies like Apple want to lock out independent repair shops. Apple’s diagnostic tools could play a great role in this: imagine if you could take a printed report of a successful repair and type in a serial number on Apple’s website to verify that your device was serviced with genuine parts and passed Apple’s testing.

For a different story, Wayne Ma at the Information has a look inside the world of iPhone repair fraud in China. It’s paywalled, but Benjamin Mayo of 9to5Mac has a good summary. Ma:

Five years ago, Apple was forced to temporarily close what was then its only retail store in Shenzhen, China, after it was besieged by lines of hundreds of customers waiting to swap broken iPhones for new devices, according to two former Apple employees who were briefed about the matter. In May 2013, the Shenzhen store logged more than 2,000 warranty claims a week, more than any other Apple retail store in the world, one of those people said.

After some investigation, Apple discovered the skyrocketing requests for replacements was due to a highly sophisticated fraud scheme run by organized teams. Rings of thieves were buying or stealing iPhones and removing valuable components like CPUs, screens and logic boards, replacing them with fake components or even chewing gum wrappers, more than a half-dozen former employees familiar with the fraud said. The thieves would then return the iPhones, claiming they were broken, and receive replacements they could then resell, according to three of those people. The stolen components, meanwhile, were used in refurbished iPhones sold in smaller cities across China, two of the people said.

These criminals were so sophisticated that they resorted to bribing employees and acquiring the serial numbers of iPhones in China to support this scheme.

Ma’s report also helps explain my frustrating support experience at my local Apple Store:

To slow down fraud at its retail stores — a main point of vulnerability — Apple developed a reservation system, which required customers to make appointments online with proof of ownership before they could file claims, according to more than 10 former Apple employees. However, the system was soon swamped with hackers who exploited vulnerabilities in its website to snap up the time slots, one of the people said.

It’s unfortunate that many of the things that used to make Apple’s stores a completely different retail experience — the virtually untethered demo units, easy-to-access support, “surprise and delight”, and a comparatively relaxed staff presence — is being watered down either by crime or for what can often feel like financial reasons.

Assorted Updates Regarding Bloomberg’s ‘Big Hack’ Story

I was going to split these updates into several posts, but there are so many and they all fit around similar narratives that it makes more sense to bundle them together. Previously, I wrote a little about Bloomberg’s massive report and tech companies’ responses. After that came government corroboration of the companies’ statements, as well as a report from Buzzfeed that indicated that senior Apple executives were confused by Bloomberg’s findings.

Yesterday, George Stathakopoulos, Apple’s vice president of information security, sent a letter to congress once again reiterating their claim that they have not found malicious hardware planted in their servers, and that the FBI has not been contacted nor have they been contacted by the FBI about these concerns — this is clearly contrary to Bloomberg’s specific claim that “two of the senior Apple insiders say the company reported the incident to the FBI”. I cannot find any wiggle room in either statement on that matter.

One of the few sources in Bloomberg’s story that was willing to be named has now appeared on a podcast where he expresses concern over how his hypothetical ideas about how a piece of hardware like this might work have seemingly been entirely realized in the final article.

The team of Jordan Robertson and Michael Riley have a new article out today in Bloomberg that claims that a U.S. telecommunications company found manipulated Supermicro hardware in their possession two months ago:

The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.

Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data centers belonging to the telecommunications company. Bloomberg is not identifying the company due to Appleboum’s nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said.

Robertson and Riley stress that this is not an identical manipulation to the type described in their earlier story, but it tracks closely: hardware on a Supermicro board that could be used to siphon or reroute data.

However, Jason Koebler, Joseph Cox, and Lorenzo Franceschi-Bicchierai of Vice contacted American telecom companies and, so far, all are denying that Bloomberg’s report could possibly describe them. A source at Apple also told them that they launched another internal investigation after the story was published and they still can’t find any evidence of what Robertson and Riley are claiming.

For what it’s worth, I don’t want Robertson and Riley to have egg on their faces. I hope the story is not entirely as described because, if it is, it is truly one of the biggest security breaches in modern history — Supermicro has supplied a lot of servers to industry giants. But I don’t want the reporters to be wrong; Bloomberg has a great reputation for publishing rigorously-researched and fact-checked longform stories; I don’t want to have lingering doubts about their future reporting. And I’m not defending the biggest corporations in the world out of loyalty or denial — they have PR teams for that, and should absolutely be criticized when relevant. And I think the central point of the article — that the supply chain of a vast majority of the world’s goods is monopolized by an authoritarian and privacy-averse government is a staggering risk — is absolutely worth taking seriously.

But something about this story is not adding up. It doesn’t make sense as-is. I want to see more evidence and a corroborating third-party judgement. Bloomberg — and Michael Riley, in fact — appear to have gotten stories like this one wrong before. I hope that isn’t the case here, despite the terrifying reality if it is, indeed, completely true.

Update: Robert M. Lee was previously contacted by the same journalists regarding other stories while working at the NSA. He thought they were well-meaning, but duped by unsupported theories that didn’t withstand technical scrutiny.

Apple Releases iOS 12.0.1

This update fixes some WiFi, Bluetooth, and iPhone XS charging bugs; but, the best fix is this, documented by John Voorhees at MacStories:

iOS 12.0.1 includes a small design change on the iPad too. With the iOS 12 update, the ‘.?123’ key was moved. With version 12.0.1, that key has been restored to its previous position on the software keyboard.

For the first few days of running the iOS 12 beta, I didn’t notice this change. I did, however, notice the effects of this change. I couldn’t work out why I was suddenly inserting a lot more emoji into anything I was writing on my iPad until I looked at an old screenshot and figured out that the key for symbols and punctuation had been swapped with the emoji key. Presumably, this was changed for consistency with the 12.9-inch iPad Pro, but it upset seven years of iPad typing muscle memory.

Anyway, now that’s fixed and I can delete from my still-in-progress iOS 12 review the three paragraphs I spent pointing out what a terrible change this was.

Google Exposed Data of Half a Million Users Until March but Didn’t Disclose It Because They Feared ‘Regulatory Interest’

Douglas MacMillan and Robert MacMillan, Wall Street Journal:

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.

As part of its response to the incident, the Alphabet Inc. unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. and is widely seen as one of Google’s biggest failures.

A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.

Chief Executive Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, the people said.

That this disclosure wasn’t made until today — seven months after this breach was noticed — is unconscionable. But it is outrageous that the reason for not disclosing it in the first place was because they wanted to hide it from the law and that Pichai knew about it.

By the way, because Google tried so hard to make Google Plus work, it’s possible that your Google account — if you have one — is a Google Plus profile. You can disconnect it; Google calls it “downgrading”.

This is a fitting end to a bad product managed by people who were almost explicit in their intention for it to collect boatloads more information for advertisers.

Update: Brian McCullough:

Has anyone made this point yet? Pichai refused to testify to congress because he couldn’t. He would have either had to perjure himself or reveal this bug in real time before the committee.

I thought it was just strategic brilliance to let Facebook take all the heat. No, it was next level cowardice. One wonders if they really though they could whistle past the graveyard on this. In which case, also next level hubris.

Pichai is now scheduled to testify before Congress in November.

Update: Jack Wellborn:

I can’t help but think that by taking 7 months to publically disclose this breach, this incident makes Google seem somewhat hypocritical given their strict Project Zero policy to disclose vulnerabilities 90-days when patches aren’t released.

After a Year of Stories Confirming the Logical Consequences of Collecting All of Your Personal Information, Facebook Introduces an Always-Listening Assistant With a Video Camera

Nicole Nguyen, Buzzfeed:

Today, Facebook — which is still reeling from the fallout of the Cambridge Analytica data scandal and last month’s massive security breach — announced a voice-activated gadget with a screen, always-listening microphone, and camera designed for video chat called Facebook Portal. It’s like an Amazon Echo Show for Facebook Messenger.

There are two models: a small 10-inch Portal ($199) and a larger 15-inch Portal+ ($349), which can rotate to portrait or landscape orientations.

Saying a simple command, “Hey Portal,” and then the name of the person you’d like to call, starts a video chat. The camera has the ability to track people when they enter the room, and it can pan, widen, and zoom automatically. The devices also include the always-listening Alexa, Amazon’s voice assistant, and can be used to control smart home devices and offer weather information.

Nobody should buy this product. Moreover, it’s absurd that Facebook would think that now would be a terrific time to introduce an always-listening box with a camera — no matter how many reassuring bullet points they slap on a marketing webpage.

Apple Insiders Say Nobody Internally or at the FBI Knows What’s Going on With Bloomberg’s Story

John Paczkowski and Charlie Warzel, Buzzfeed:

Reached by BuzzFeed News multiple Apple sources — three of them very senior executives who work on the security and legal teams — said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them.


Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation — Bloomberg wrote that Apple “reported the incident to the FBI.” A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA or any government agency in regards to the incidents described in the Bloomberg report. This person’s purview and responsibilities are of such a high level that it’s unlikely they would not have been aware of government outreach.

Guy Faulconbridge and Joseph Menn, Reuters:

Apple’s recently retired general counsel, Bruce Sewell, told Reuters he called the FBI’s then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer Inc , a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips.

“I got on the phone with him personally and said, ‘Do you know anything about this?,” Sewell said of his conversation with Baker. “He said, ‘I’ve never heard of this, but give me 24 hours to make sure.’ He called me back 24 hours later and said ‘Nobody here knows what this story is about.’”

Reuters also reports that a division of GCHQ, Britain’s signals intelligence agency, does not presently doubt Apple and Amazon’s denials. Here’s the score so far:

  • Bloomberg is sticking by its reporting that modified circuit boards with potentially devastating security concerns were found by Apple and Amazon in servers of theirs supplied by and made for Supermicro. They also stand by the existence of cooperation between the tech companies and the FBI in an investigation that has been going on for years.

  • Apple and Amazon have both denied specific allegations in Bloomberg’s story, and have refuted its overall premise. Amazon’s chief information security officer and, now, Apple’s former senior-most legal counsel have put their names behind categorical denials of finding manipulated hardware in their data centres and having any knowledge of an FBI investigation, respectively.

  • Apple’s former legal representative has also said that a senior contact at the FBI told him that they didn’t know anything about this story.

  • British intelligence says that they believe Apple and Amazon’s statements at this time.

  • The U.S. administration has seized upon Bloomberg’s report to continue their campaign of criticism of the Chinese government.

That’s a lot of reputable organisations — and the American government — who have staked their credibility on widely varying accounts of the veracity of this story.

Update: Now the U.S. Department of Homeland Security is echoing the British viewpoint in support of the ostensibly affected companies’ statements, even while the Vice President is using Bloomberg’s report for political purposes.

Thinking About Bloomberg’s Report on Hardware Vulnerabilities in Servers Made in China

Jordan Robertson and Michael Riley of Bloomberg today published a startling report alleging that servers made in China for Supermicro and used by — amongst others — Apple, Amazon, and U.S. federal government agencies have been found to surreptitiously carry tiny chips, likely for backdoor access by the Chinese government, and installed without the knowledge of the companies through deep infiltration into the electronics supply chain. The report also states that individuals at Apple and Amazon discovered this several years ago, did not immediately make changes to their infrastructure, and are working with law enforcement and intelligence agencies, but none of this has been previously disclosed.

If these allegations are true, this would represent one of the most significant national security breaches in decades. Its effects could extend beyond current U.S. sanctions in place on Chinese-made electronic components to the entire electronics supply chain, the vast majority of which is based in China. It would also imply that massive amounts of Apple and Amazon customer data may have been at risk without public acknowledgement, though the report states that “[no] consumer data is known to have been stolen”.

Robertson and Riley:

As recently as 2016, according to DigiTimes, a news site specializing in supply chain research, Supermicro had three primary manufacturers constructing its motherboards, two headquartered in Taiwan and one in Shanghai. When such suppliers are choked with big orders, they sometimes parcel out work to subcontractors. In order to get further down the trail, U.S. spy agencies drew on the prodigious tools at their disposal. They sifted through communications intercepts, tapped informants in Taiwan and China, even tracked key individuals through their phones, according to the person briefed on evidence gathered during the probe. Eventually, that person says, they traced the malicious chips to four subcontracting factories that had been building Supermicro motherboards for at least two years.

As the agents monitored interactions among Chinese officials, motherboard manufacturers, and middlemen, they glimpsed how the seeding process worked. In some cases, plant managers were approached by people who claimed to represent Supermicro or who held positions suggesting a connection to the government. The middlemen would request changes to the motherboards’ original designs, initially offering bribes in conjunction with their unusual requests. If that didn’t work, they threatened factory managers with inspections that could shut down their plants. Once arrangements were in place, the middlemen would organize delivery of the chips to the factories.

The investigators concluded that this intricate scheme was the work of a People’s Liberation Army unit specializing in hardware attacks, according to two people briefed on its activities. The existence of this group has never been revealed before, but one official says, “We’ve been tracking these guys for longer than we’d like to admit.” The unit is believed to focus on high-priority targets, including advanced commercial technology and the computers of rival militaries. In past attacks, it targeted the designs for high-performance computer chips and computing systems of large U.S. internet providers.

These allegations are precise, comprehensive, and are clearly based on tremendous investigative reporting. However, the comments issued by Apple and Amazon have been uncharacteristically detailed as well.

Apple published their un-bylined responses to Bloomberg’s questions at various times throughout the reporting process:

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers; Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers have ever been found to hold malicious chips.

This response unequivocally refutes specific allegations made in the Bloomberg report. This isn’t one of those stories where Apple’s PR team is being cagey or not commenting; they’re calling the story flat-out false. And the same is true for Amazon’s statement:

The article also claims that after learning of hardware modifications and malicious chips in Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This claim is similarly untrue. The first and most obvious reason is that we never found modified hardware or malicious chips in Elemental servers. Aside from that, we never found modified hardware or malicious chips in servers in any of our data centers. And, this notion that we sold off the hardware and datacenter in China to our partner Sinnet because we wanted to rid ourselves of SuperMicro servers is absurd. Sinnet had been running these data centers since we launched in China, they owned these data centers from the start, and the hardware we “sold” to them was a transfer-of-assets agreement mandated by new China regulations for non-Chinese cloud providers to continue to operate in China.

This statement was attributed to Steve Schmidt, Amazon’s chief information security officer and a former FBI section chief.

Supermicro and the Chinese government also issued denials of Bloomberg’s report. The cynical response is something like: of course these companies are denying an extremely sensitive report, whether because it’s embarrassing or due to a law enforcement requirement. But neither situation appears to be the case here. Apple confirmed in their statement that they are not under any sort of gag order that would prevent them from being able to comment on this.

Furthermore, Apple and Amazon are publicly-traded companies and, as a result, lying in public statements such as these would be an SEC violation. These aren’t the typical if-you-squint-it-could-be-seen-as-accurate statements that big companies’ PR teams typically release as damage control. They are wholesale rejections of key arguments in Bloomberg’s reporting: Bloomberg says that hardware modifications and malicious chips were found by Amazon and Apple in their servers; Amazon and Apple say that no hardware modifications or malicious chips were found in their servers. There’s not a lot of room for ambiguity.

This story has been rattling around my head all day today. My early thought was that perhaps the Bloomberg reporters did a Judith Miller. Maybe their government sources had a specific angle they wished to present to create a political case against China or in favour of further sanctions — or actions far more serious — and needed a credible third-party, like a news organization, to create a story like this. But Robertson and Riley’s seventeen sources include several individuals at Amazon and Apple with intimate knowledge of the apparent discovery of unauthorized hardware modifications, something they later confirmed in a statement to Alex Cranz of Gizmodo. This doesn’t seem likely.

Zack Whittaker in TechCrunch points to a couple of ways that these statements may technically be accurate, and how the reporting may be true as well:

Naturally, people are skeptical of this “spy chip” story. On one side you have Bloomberg’s decades-long stellar reputation and reporting acumen, a thoroughly researched story citing more than a dozen sources — some inside the government and out — and presenting enough evidence to present a convincing case.

On the other, the sources are anonymous — likely because the information they shared wasn’t theirs to share or it was classified, putting sources in risk of legal jeopardy. But that makes accountability difficult. No reporter wants to say “a source familiar with the matter” because it weakens the story. It’s the reason reporters will tag names to spokespeople or officials so that it holds the powers accountable for their words. And, the denials from the companies themselves — though transparently published in full by Bloomberg — are not bulletproof in outright rejection of the story’s claims. These statements go through legal counsel and are subject to government regulation. These statements become a counterbalance — turning the story from an evidence-based report into a “he said, she said” situation.

Indeed, Kieren McCarthy of the Register did a fine job parsing each company’s statements, albeit with his usual unique flair. But, though there is absolutely some wiggle-room in each denial, there are remarks made by each company that, were they found to be wrong, would be simple lies.

There are aspects of Robertson and Riley’s reporting that are consistent with previously-acknowledged problems and security concerns with Supermicro’s servers. Early last year, Amir Efrati of the Information reported that Apple was removing Supermicro’s servers from its data centres after a compromised firmware update the previous year. Robertson and Riley are reporting tonight that a Supermicro software update server was infiltrated in 2015; the same report also reiterates that Apple found hardware vulnerabilities on their servers.

This is a complicated story and apparently just the first in a series. My hope is that we’ll know more details soon, and a clearer picture of the truth will emerge. Right now, however, the credibility of a news organization and two trillion-dollar companies is on the line. But the nugget of this story — that outsourced and complex supply chains are prone to abuse due to bad actors and lack of oversight — is a known problem that isn’t taken anywhere near as seriously as it should be. In the garment industry, it’s at least partially responsible for deadly yet preventable incidents. In electronics, the prospect of compromised parts was once science fiction; it may now be reality.

Jason Koelber and Joseph Cox, Vice:

In 2005, the Pentagon warned in a report that outsourcing electronics manufacturing to China could become a problem for America, because of the risk of hardware “tampering.” America has largely lost the ability to create many of the electronics we use everyday — Donald Trump famously asked Apple CEO Tim Cook why the iPhone isn’t made in America, but it’s not clear that the United States is even capable of making iPhones in America at any sort of scale.

China’s cheap, skilled labor, manufacturing infrastructure, and vast rare Earth mineral-mining operations around the world have secured its spot as the high-tech manufacturing hub of the world. This of course has had many benefits for the United States and American companies, but it’s also a great risk.

There is a clear theoretical lesson in all of this, which is that monopolization of anything is extraordinarily risky and often self-destructive. Witness, for example, the ongoing debate over how much moderation power should be exerted by Facebook over posts made on the platform — it’s a difficult question to answer with any certainty in large part because it’s a decision that affects billions of users and a large chunk of worldwide communications. In the case of an apparently-compromised electronics supply chain with decades of highly-specialized knowledge and located in a country governed by an oppressive regime, any resolution is going to be painfully difficult. Outsourcing has deep flaws; even Bloomberg’s website is witness to that. Either manufacturing of these components becomes increasingly diversified or, more likely, far greater control and oversight is required by companies and end-client governments alike.

Mainstream Advertising is Still Showing Up on Conspiracy and Extremist Websites

Craig Timberg, Elizabeth Dwoskin and Andrew Ba Tran, Washington Post:

Jihadi rapists. Muslim invaders. Faked mass shootings. Pizzagate.

Somebody browsing highly partisan websites in recent weeks could have seen articles about all of these subjects — and on the same pages seen cheerful green ads for the Girl Scouts, bearing the slogan “Helping Girls Change the World!”

Such juxtapositions, documented by a Washington Post review of advertising on hundreds of websites, are more than simply jarring. They are products of online advertising systems that regularly put mainstream ads alongside content from the political fringes — and dollars in the pockets of those producing polarizing and politically charged headlines.

Because this is the Post, they use a rather mild description of the kind of horseshit they found mainstream advertisers implicitly supporting. Jeep, Hertz, and the Girl Scouts wouldn’t sponsor a Ku Klux Klan rally; if an ad agency supporting them put their banners up at an extremist’s event, they would be fired. Yet Google somehow has poor control over which websites may use AdSense, especially at the scale at which they operate:

Google says it does not serve ads on sites that feature hate speech, including bullying, harassment or content deemed derogatory or dangerous, and it prohibits publishers that misrepresent their identities. Last year, Google removed 320,000 publishers from the ad network for policy violations and blacklisted nearly 90,000 websites and 700,000 mobile apps, it said.

Those are huge numbers, but so are the numbers in their quarterly earnings report (PDF). I’m not suggesting that Google should be a non-profit, but they certainly can afford more moderators to review what websites are allowed to be in the AdSense program.

As it stands now, advertisers must manually blacklist websites and categories of sites that they don’t wish to see their ads on. If Steven Black’s hosts file is any guidance, that’s a lot of properties that must be blacklisted. Surely it would be more efficient for Google, instead, to quarantine every domain on that list that’s part of their AdSense program.

Update: The unwillingness for ad networks to be more judicious about where their ads may be used might have something to do with how hard it is for them to be held accountable by non-technical users. Think about how hard it is to know — without looking at a site’s markup — which ad network is supporting a website.

I imagine if every placement were required to have visible attribution, ad networks would be a lot more careful about which sites would be allowed. The first time “Powered by Google” appeared on some freelance propagandist’s website or a crank doctor’s bad advice on vaccinations, you know that users would notice.

MacOS Mojave Archaeology

“Uluroo” collected a series of examples of oddities and legacy support in MacOS. My favourite — other than the continued availability of a degauss function in Mojave — is their commentary on Dashboard:

Dashboard is still skeuomorphic. This surprises Uluroo a lot, given that iOS 7 killed skeuomorphism completely on the iPhone five years ago.

Many of Dashboard’s built-in widgets have a refreshingly retro, though inconsistent, aesthetic: Stocks, Dictionary, Weather, Calculator, Calendar, and more all look like they’ve gone untouched since the days of Scott Forstall. The World Clock widget’s second hand moves in the same way as a real clock, rather than moving in a smooth, uninterrupted motion like in iOS and watchOS. Apple still has a built-in “Tile Game” widget. Uluroo wonders if Dashboard will ever be updated to behave more like the Mac’s version of Control Center, or if Apple just doesn’t care much about it anymore.

The surprising thing, for me, about Dashboard is not that it continues to be skeuomorphic; it’s that it exists at all without a single update for years. What was once a top-line feature of Tiger has become abandonware.

(Via Michael Tsai.)

Increased Exclusivity Arrangements Correlates With the Reversal of a Downward Trend of File Sharing

Cam Cullen of Sandvine, a network management and analytics company:

In the first Global Internet Phenomena Report in 2011, file sharing was huge on fixed networks and tiny on mobile. In the Americas, for example, 52.01% of upstream traffic on fixed networks and 3.83% of all upstream mobile traffic was BitTorrent. In Europe, it was even more, with 59.68% of upstream on fixed and 17.03% on mobile. By 2015, those numbers had fallen significantly, with Americas being 26.83% on the upstream and Europe being 21.08% on just fixed networks. During the intervening year, traffic volume has grown drastically on the upstream, with more social sharing, video streaming, OTT messaging, and even gaming on it.

That trend appears to be reversing, especially outside of the Americas. In this edition of the Phenomena report, we will reveal how file sharing is back.

From the report (PDF):

We will talk quite a bit about video in this report, but it is important to highlight the diversity of video streaming traffic around the world. Although Netflix and YouTube are still the largest names in streaming (as you will see in the reports) there is an ever growing number of other streaming providers capturing consumer screen time.

This video diversity trend has led directly to the continued relevance of file sharing, which is still a major source of internet traffic. Consumers that cannot afford to subscribe to all of the different services turn to file sharing to get the latest content, even as governments attempt to shut down sharing sites.

At about $10 per month — give or take — per subscription, those costs begin to add up quickly, especially if users are only choosing a service or channel for one or two shows. This doesn’t seem realistic or sustainable as a long-term industry plan.

Vice News’ Interview With Tim Cook

Elle Reeve of Vice sat down with Tim Cook at Apple’s Grand Central Terminal store to discuss privacy, regulation, and the company’s decision to kick Alex Jones’ extremist fact-free fairy tales off its platforms. There’s one exchange I’d like to highlight, regarding Apple in China:

Reeve: In terms of privacy as a human right, does that apply to how you do business in China?

Cook: It absolutely does. Encryption, for us, is the same in every country in the world. We don’t design encryption […] for the U.S., and do it differently everywhere else. It’s the same. [So] if you send a message in China, it’s encrypted, [and] I can’t produce the content. I can’t produce it in the United States either. If you lock your phone in China, I can’t open it.

The thing in China that some people have confused is certain countries — and China is one of them — has a requirement that data from local citizens has to be kept in China. We worked with a Chinese company to provide iCloud. But the keys, which is the “key”, so to speak — pardon the pun — are ours.

Reeve: But haven’t they moved to China? Meaning: it’s much easier for the Chinese government to get to them.

Cook: Now, I wouldn’t get caught up in where’s the location of it?. I mean, we have servers located in many different countries in the world. They’re not easier to get data from being in one country versus the next. The key question is [sic]: how does the encryption process work? and who owns the keys, if anyone?. In most cases, for us, you and the receiver own the keys.

Apple’s executives are generally plainspoken and direct. Cook injects more corporate speak into his interview responses than, for example, Steve Jobs or Phil Schiller, but he still generally says what he means and avoids obfuscating. So it’s noticeable — and notable — when any Apple executive is cagey, as is the case here.

Cook’s response to Reeve’s second question sidesteps the comparative ease with which Chinese authorities can now demand access to users’ data because they no longer have to go through the stricter legal system of the United States. That appears to be a pretty significant concern to simply gloss over. Of similar concern is that the Chinese company that Apple partnered with to offer iCloud in the country is owned and operated by the Guizhou provincial government.

I don’t think it’s fair to say that Chinese users’ privacy is not subject to compromise. The actual method of encryption may not be any different or weaker than in other countries, but the requirement to store keys in the country behind weaker legal protections for users makes it, in practice, less strong. It is not a product of Apple’s own doing, and the only way they would be able to wipe their hands clean is to entirely discontinue iCloud and other internet services in China. I don’t know that it would be right — it’s likely that the replacement services chosen by users would be far worse for privacy — but it would mean that the company has no implicit connection to complying with a regime that has a piss-poor track record on human rights.

U.S. Justice Department Sues Hours After California Signs Strong Net Neutrality Law

Jazmine Ulloa, Los Angeles Times:

News that the governor signed the ambitious new law was swiftly met with an aggressive response from Justice Department officials, who announced soon afterward that they were suing California to block the regulations. The state law prohibits broadband and wireless companies from blocking, throttling or otherwise hindering access to internet content, and from favoring some websites over others by charging for faster speeds.


The bill’s August passage in the Legislature capped months of feuding between tech advocates and telecom industry lobbyists. Telecom giants such as AT&T and Verizon Communications poured millions into killing the legislation, while grass-roots activists fought back with crowdsourced funding and social media campaigns.

After Comcast and Verizon asked, the FCC was only too happy to prevent states from enacting their own net neutrality legislation. As far as I can tell, the DoJ hasn’t tried to block Washington’s similar law yet.

See Also: Jerri-Lynn Scofield’s summary and overview; Cecilia Kang’s reporting.

And Also: Karl Bode at TechDirt.

New Zealand Customs Authorities Can Now Demand Device Passwords, and May Copy and Review Data

Asha McLean, ZDNet:

The New Zealand Customs Service this week received new powers at the country’s borders, including the ability demand a password off a passenger to search their “electronic device”.

Customs officers have always been able to search a passenger’s laptop or phone, but the changes to the Customs and Excise Act 2018 now specifies that passengers must hand over their password.


Customs now also has the right to copy, in addition to review, the data stored on the device, and can also confiscate it to conduct a further search.

New Zealand isn’t the first place I’d think of as becoming a draconian country for visitors, but I was clearly myopic. If you’re travelling these days, it’s advisable — if you have the means — to travel with devices containing nothing more than their operating systems, and use a well-secured cloud service to store any files you might need while in transit, including your keychain. While New Zealand’s revised customs act does not permit them to download remote data, they could obtain a copy of your keychain which is typically encrypted with the same user account password you would have provided.

You can change your keychain password to be different if you wish, but you will likely need to reenter its password frequently, and it likely won’t protect you against legislation like this — but, alas, I am not a lawyer.

A Deep Exploration of the iPhone XS Camera System

Sebastiaan de With, writing on the Halide blog:

An iPhone XS will over- and underexpose the shot, get fast shots to freeze motion and retain sharpness across the frame and grab every best part of all these frames to create one image. That’s what you get out of the iPhone XS camera, and that’s what makes it so powerful at taking photos in situations where you usually lose details because of mixed light or strong contrast.

This isn’t the slight adjustment of Auto HDR on the iPhone X. This is a whole new look, a drastic departure from the “look” of every iPhone before it. In a sense, a whole new camera.

I don’t think this different look is a regression by any means — in fact, all of the photos I’ve seen from the iPhone XS indicate that this is a massive upgrade — but it is different. The rear cameras have large enough sensors and lenses that they are able to compensate for the higher noise created by faster shutter speeds through more intense noise reduction while preserving detail. When it comes to the front-facing camera’s much smaller sensor, though, it appears that the noise reduction is tuned to be a little more aggressive than expected, and it sounds like Apple is tweaking it.

One tip for RAW shooters:

To add insult to injury, iPhone XS sensor’s noise is just a bit stronger and more colorful than that of the iPhone X.

This isn’t the kind of noise we can easily remove in post-processing. This isn’t the gentle, film-like grain we previously saw in iPhone X and iPhone 8 RAW files.

As it stands today, if you shoot RAW with an iPhone XS, you need to go manual and under-expose. Otherwise you’ll end up with RAWs worse than Smart HDR JPEGs. All third-party camera apps are affected. Bizarrely, RAW files from the iPhone X are better than those from the iPhone XS.

With its bigger sensor, you should be able to get more detail out of an iPhone XS RAW image. But because this camera system is tuned to merge multiple exposures, it’s not quite as straightforward. This is a great piece for iPhone photographers.

At Least Fifty to Ninety Million Facebook User Accounts’ Access Tokens Compromised

Julia Carrie Wong, the Guardian:

Nearly 50m Facebook accounts were compromised by an attack that gave hackers the ability to take over users’ accounts, Facebook revealed on Friday.

The breach was discovered by Facebook engineers on Tuesday 25 September, the company said, and patched on Thursday. Users whose accounts were affected will be notified by Facebook. Those users will be logged out of their accounts and required to log back in.


The security breach is believed to be the largest in Facebook’s history and is particularly severe because the attackers stole “access tokens”, a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time. Possessing a token allows an attacker to take full control of the victim’s account, including logging into third-party applications that use Facebook Login.

Lorenzo Franceschi-Bicchierai and Jason Koebler, Vice:

“Parts of our site use a mechanism called single sign-on that creates a new access token,” Guy Rosen, Facebook’s vice president of product management, told reporters on a press call. “The way this works is: let’s say I’m logged into the Facebook mobile app and it wants to open another part of Facebook inside a browser, what it will do is use that single sign-on functionality to generate an access token for that browser, so that means you don’t have to login again on that window.”

The hackers took advantage of three distinct vulnerabilities chained together in order to steal the tokens, Rosen said.

The vulnerabilities have existed since at least July 2017 and were related to Facebook’s “View As” tool, which allows you to view your own profile as if you were someone else (this is a privacy feature—it allows, for example, you to check whether your ex, or grandma, or anyone who you want to hide things from can see certain posts on your page.)

Brian Krebs:

Facebook said it was removing the insecure “View As” feature, and resetting the access tokens of 50 million accounts that the company said it knows were affected, as well as the tokens for another 40 million users that may have been impacted over the past year.

Who thought it was a good idea to allow basically one company, for which the most infamous slogan is “move fast and break things”, to grow to unprecedented scale with the personal information of billions of users and non-users with little to no regulation or oversight?

Silly Selfie Surreptitious Skin Smoothing Scandal

I guess that’s what the “S” in “iPhone XS” stands for.

Kif Leswing of Business Insider dedicated the vast majority of an article to an apparent controversy surrounding the images coming off the iPhone XS’ front-facing camera:

According to Apple, the selfie camera system on the iPhone X uses faster sensors, improved chips, and “advanced algorithms” to make your photos look better with a feature called “Smart HDR.”

But some people who have received the new iPhone XS say that the new selfie camera makes them look too good — so good that they think Apple must have added a “beauty mode” filter to the camera’s algorithms to smooth the subject’s skin.

Beauty mode is a feature on a lot of phones and apps that are popular in Asia, like Samsung devices or apps like Meitu or FaceTune. It smooths out and brightens your skin so you look a little more polished on social media.

Several quotes from Lewis Hilsenteger — the Unbox Therapy guy — and Twitter embeds presented without skepticism later, Leswing gets to a more rational reason:

Apple declined to comment on the record when reached by Business Insider, but some people on the Reddit and MacRumors threads say the effect people are seeing isn’t a beauty filter, but is instead part of the new iPhone noise reduction capabilities.


This suggests that perhaps if a photo is taken with more light, the smoothing would appear less prominent. A test run on Thursday in natural daylight did show a less pronounced smoothing effect.

So, despite several uncritically-presented social media posts and giving a –gate-suffixed name to this whole thing, it’s nothing? I am, of course, shocked by Business Insider’s apparent lack of journalistic scruples.

Oh, but Leswing couldn’t just leave it at that:

Apple is unlikely to force a so-called “beauty mode” on iPhone camera users — after all, if people really want to apply filters like that to a photo, they can download any number of apps that do it, like FaceTune, which is one of the best-selling paid apps in the App Store.

Still, beauty filter features are popular in Asia, a region where Apple needs to excel to justify its $1 trillion valuation, even if the effects from apps like Meitu are far more pronounced than what online observers say is happening on iPhones.

Why must there be a storyline and a contrived justification for Apple’s overly-aggressive noise reduction? People generally like smoother pictures because they give the impression of clarity, and will tolerate a lack of detail at typical viewing sizes more than they will a grainy photo. That’s basically it. I wouldn’t be surprised if Apple dials that back if they receive enough complaints that it’s too aggressive, but the idea that this is Apple’s big new controversy over this year’s iPhones is patently ridiculous.

Reading the Tea Leaves

In contrast to most WWDCs I can remember, the mood surrounding this year’s conference seemed more anxious, with developers’ excitement for learning the future of Apple’s platforms muted by a blockbuster Mark Gurman report late last year:

Starting as early as next year, software developers will be able to design a single application that works with a touchscreen or mouse and trackpad depending on whether it’s running on the iPhone and iPad operating system or on Mac hardware, according to people familiar with the matter.

What that meant nobody seemed to know. I think Gus Mueller reflected on it well:

What about the crux of the article, that Apple is working on a shared UI framework between iOS and MacOS? I wouldn’t find it surprising. I could also see it being written completely in Swift (though personally I’d rather it be in Obj-C for maximum interop with existing frameworks).

But history is filled with cross platform UIs and write once run anywhere dreams. None of them turned out insanely great.

John Gruber corrected the latter sentence:

My only quibble with Mueller’s piece is that “None of them turned out insanely great” is way too generous a description of write-once/run-anywhere application frameworks. Most of them are terrible; none of them are good. Or at least none of them are good from the perspective of what makes truly native Mac and iOS apps good — which isn’t everyone’s perspective, but is certainly Apple’s.

Then, in a discussion on Rene Ritchie’s Vector podcast, Gruber said:

We don’t know if it’s good news or bad news. Bad news would be literally just like being able to run the equivalent of what you see in the iOS simulator. Just have a little rectangle shape of an iPhone or an iPad that runs in a window. Every click is like a simulated touch, and that’s it.

Anybody who’s ever tried running an app, like an iPhone app, in the Xcode simulator, it’s a great feature for debugging, but it’s horrible for using. It’s because it just doesn’t mesh with the mouse-and-keyboard paradigm of the Mac. It never feels right to do that.

In a gradient of garbage-to-great, that’s at the rotten end of the scale: a Mac app that’s a simulated iOS app — one that feels like it’s simply running on the wrong platform.

The best possible iteration of shared code between iOS and Mac apps is something that would be invisible to users. It would feel entirely native when running on either platform: an NSButton becomes a UIButton on iOS, for example; perhaps a UISplitViewController turns into a NSSplitView on MacOS. Save and open commands trigger the iOS equivalents instead of MacOS sheets. Stuff like that. It should be something that makes life easier for developers building cross-platform apps, and which users simply do not see any more than whether an app is built with Objective-C or Swift.

On the Mac side, especially, that means building software that adheres to well-established platform expectations. Becky Hansmeyer published a terrific and lengthy list, and I’ve excerpted a few items from it here:

  • Touch Bar support

  • Contextual menus

  • Tooltips

  • Multiple windows

  • File system access

  • Scroll bar elasticity

  • Drag and drop support

These — and many others — are the ingredients that make a true Mac app. But there’s something not on Hansmeyer’s list that I think is just as important, which is the feel of an app. That is: an app could, theoretically, support all of the ingredients on Hansmeyer’s list and still not feel like a Mac app — though I can’t think of an app off the top of my head like that. It is likely that you may find an app that somehow doesn’t feel right on MacOS and only then discover that it’s missing one or more of the features on this list.

The inverse can also be true and, I think, is more likely: an app may be missing a few of the things on Hansmeyer’s list, but it may still have that feeling of a good Mac app. Cultured Code’s Things, for example, doesn’t really allow user interaction with the file system, but it has long felt like the most polished todo app for the Mac. Aperture still feels like more of a Mac app than Lightroom ever will. All of Panic’s Mac apps feel like the best possible iteration of an app for the genres in which they reside.

A cross-platform framework must somehow preserve this Mac-specific quality for MacOS apps, even if the underlying code is shared with an iOS version. Each version of an app should be completely correct on each platform, even if they have shared code. To make an odd comparison, it’s sort of like tea. Now, I’m not a big tea drinker but, as best as I understand it, white, green, and black tea all come from the exact same plant. The differences in colour and flavour are based on when the tea is picked and how long it is aged, but it’s still the same leaf. Ideally, that’s what cross-platform apps are: individual, but with shared origins.

The first four apps that Apple has brought to end users based on their UIKit-for-Mac framework are nothing like this ideal. At their absolute best, they are passably lazy ports of their iOS equivalents; at their worst, as with Home, they sit comfortably near the ass-end of that garbage-to-great scale.

Actually, that’s a little unfair of me. Home, on my Mac, shows exactly the same inescapable error as it does on iOS. I cannot fully judge it. However, screenshots of the app in Andrew Cunningham’s review of Mojave clearly display an iOS app in a MacOS window frame, right down to the spinning “tumbler”-style picker controls. Its full screen view is completely hilarious.

The other three apps Apple has ported from iOS so far — Stocks, News, and Voice Memos — are slightly better, but not by much. They are, quite literally, scaled up and then scaled back down iOS apps, with a handful of MacOS-converted controls. The scaling is noticeable, particularly in text and fine-lined graphics like sharing icons; it looks cut-rate and sloppy. Touch Bar support is reportedly non-existent. These apps do not look or feel at all like real Mac apps. Recall that Notes and Reminders were brought to the Mac in Mountain Lion after being on iOS for years: both look like their iOS counterparts, but fit reasonably well in the MacOS environment — Notes far more than Reminders. Or look at Photos for a more robust and capable app that started life on iOS.1

But that’s not what was shipped in the public version of Mojave. I didn’t want to complain about the state of these apps prior to release because I didn’t think that was fair — plenty of bugs were fixed as the release date drew nearer. Unfortunately, they didn’t become any more Mac-like. That would be fine if these were one-offs, but Apple is planning on releasing this framework to developers just next year, and the initial results are not promising. They remind me of the janky apps you’ll find at the top of the free chart in the Games section of the Mac App Store. I worry that this will be increasingly common now that directly porting an app from iOS is something that is seemingly officially sanctioned, and I’m not the only one. These apps are not ready.

Or, here’s an even worse situation: maybe Apple does consider these apps ready. Surely they figured they were good enough to bundle preinstalled in the latest public update to MacOS. Are these the model apps for third-party developers to aspire to when they get to start porting their apps next year? I certainly hope not.

To be completely fair to the engineers who clearly worked hard on this framework, cross-platform porting probably does represent the future of a segment of Mac apps, unfortunately, and these particular examples are absolutely functional. But they’re still pretty much just tech demos — proofs of concept. Maybe these apps were shipped to an impossible deadline. I’ll tell you who I absolutely feel bad for, though: all of the hardware engineers who worked tirelessly to cram bright, high-resolution, and battery-friendly displays into Apple’s notebook lineup, only to see them draw a bunch of blurry text and horribly-scaled graphics.

Whatever the case, the fact is that these apps have now shipped, and they’re awful examples for the rest of the developer community to follow next year. Maybe — hopefully — this framework will become far more robust and closer to the ideal or, perhaps, start something new. I dread the possibility of a day a few years from now where we must navigate Mac apps this poor the way we do for Electron apps today and Java apps a decade ago. This piece is not about that future, though; it’s about today and the four apps brand new to the Mac. They are no good.

  1. Photos even implemented something like a rudimentary version of this cross-platform framework by way of UXKit. Whether that was part of the same development track or parts of it made their way into the framework that will be released to developers, I don’t know. ↩︎

Facebook Is Allowing Ad Targeting Based on Contact Information You Have No Control Over

Kashmir Hill of Gizmodo, reporting on a new paper (PDF) by Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove:

You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

Facebook denied to Hill last year that they allowed targeting based on this information; after this paper was published, they admitted to doing so.

Even for Facebook’s low standards, this is exceptionally unethical: you haven’t given them permission to use this information; someone you know or someone you purchased products from has done that for you, probably with consent buried in an opaque privacy policy. There’s no way to opt out. And there are few-to-no regulations governing this.

Safari’s “Siri Suggested” Search Results Highlighted Conspiracy Sites

Charlie Warzel, Buzzfeed:

Apple’s Safari, one of the internet’s most popular web browsers, has been surfacing debunked conspiracies, shock videos, and false information via its “Siri Suggested Websites” feature. Such results raise questions about the company’s ability to monitor for low-quality information, and provide another example of the problems platforms run into when relying on algorithms to police the internet.

This isn’t a case where Google-suggested autocompletions are finding their way into Safari; I see the same results as Warzel and I have DuckDuckGo as my Safari search engine. This is just as toxic as Google suggesting the wrong voter registration dates or stating a bunk answer for who invented email — something they’re still doing, by the way.

Unfortunately, while Google provides a small “feedback” button for users to report problematic results, Apple’s procedure is, well, much worse:

“Siri Suggested Websites come from content on the web and we provide curation to help avoid inappropriate sites. We also remove any inappropriate suggestions whenever we become aware of them, as we have with these. We will continue to work to provide high-quality results and users can email results they feel are inappropriate to applebot@apple.com.”

It’s pretty quaint that a trillion-dollar company suggests you report problems to them by sending a direct email — to an address that, for what it’s worth, I did not know existed. As of writing, DuckDuckGo returns no results for it, while Google’s results almost entirely consist of answers that contain “applebot.apple.com”. There is one mention of that address on Apple’s website in this sole knowledgebase article.1

  1. By the way, I’m disappointed with the search results from both search engines. DuckDuckGo failed to find an Apple knowledgebase article containing my exact query on freakin’ Apple dot com, while Google flat-out disobeyed my use of quotation marks and suggested a bunch of stuff that is explicitly not what I was looking for. ↩︎

Instagram’s Co-Founders Are Leaving Amid Frustrations With Facebook

Mike Isaac of the New York Times got the scoop:

Kevin Systrom and Mike Krieger, the co-founders of the photo-sharing app Instagram, have resigned and plan to leave the company in the coming weeks, adding to the challenges facing Instagram’s parent company, Facebook.

Mr. Systrom, Instagram’s chief executive, and Mr. Krieger, the chief technical officer, notified Instagram’s leadership team and Facebook on Monday of their decision to leave, said people with direct knowledge of the matter, who spoke on condition of anonymity because they were not authorized to discuss the matter publicly.

Mr. Systrom and Mr. Krieger did not give a reason for stepping down, according to the people, but said they planned to take time off after leaving Instagram. Mr. Systrom, 34, and Mr. Krieger, 32, have known each other since 2010, when they met and transformed a software project built by Mr. Systrom into what eventually became Instagram, which now has more than one billion users.

Kurt Wagner, Recode:

Instagram co-founders Kevin Systrom and Mike Krieger are resigning from the company they built amid frustration and agitation with Facebook CEO Mark Zuckerberg’s increased meddling and control over Instagram, according to sources.


It’s not uncommon for founders to leave after selling their company. But Systrom and Krieger stayed longer than many would have guessed, and remained influential throughout their tenure. Systrom was the product visionary and was hands-on even after bringing in other product execs to do more of the day-to-day execution.

Krieger, meanwhile, was actively running Instagram’s engineering team, and was seen by many internally as the company’s “heart and soul.”

Instagram has been one of the few apps you could hold up as an example that being acquired by a massive and deeply unethical company might not necessarily be ruinous. Under Facebook, Instagram launched a reasonably complete website version, underwent a major rebrand, bookmarking, a better “Explore” tab that is a genuine improvement over the old search function, more tasteful filters, way better editing tools, and lots more. It has resisted a Facebook-ization; at its core, it still feels like Instagram.

But, now, I’m worried. The kinds of — ugh — growth hacking techniques that Facebook likes in its own apps are surely just around the corner. I don’t think that the Instagram many of us have stuck with and generally like is here for much longer.

Ars Technica’s Review of MacOS 10.14 Mojave

Andrew Cunningham continues John Siracusa’s tradition of publishing the best reviews of MacOS updates. This year’s is well worth reading because, in addition to obvious visual changes in MacOS Mojave, there are plenty of non-obvious but more consequential updates below the surface:

Mac OS X began life as a 32-bit operating system, but a slow, steady transition to 64-bit hardware and software has been happening for over 15 years. Today’s Macs — and any Mac running Mojave or any version of the operating system going all the way back to Mountain Lion — have been all-64-bit, barring a handful of first-party apps and background services and a steadily shrinking list of third-party apps. Still, 32-bit apps run just as well as they did when Snow Leopard shipped on 32-bit Intel Macs back in 2006.

That doesn’t change in Mojave, but this is the last version of macOS that will run those 32-bit apps at all.

There are also plenty of updates to the security and privacy features introduced in MacOS over the past few years:

[…] In High Sierra, Gatekeeper controls access to Location Services, Contacts, Calendars, Reminders, and Photos — any app that wants access to any of that data needs to ask for it and be granted permission first, and the app should fail over gracefully (i.e. not crash) when that permission is denied.

In Mojave, that access control extends to several other areas: access to Mail, Messages, Safari browsing data, HTTP cookies, call history, iTunes device backups, and Time Machine backups all require permission now. And like in iOS, macOS apps now need to ask permission to use any webcam or microphone attached to the system (Apple says this includes the built-in hardware plus any device that uses macOS’ default drivers, which covered both my Logitech C920 webcam and Scarlett Solo USB audio interface).

These changes have not been easy in certain specialized cases; but, for average users — and bugs aside — ought to be worthwhile protection.

I’ve been using MacOS Mojave about 50% of the time since July, and full-time for over a week. Generally speaking, it’s an excellent update: the new Desktop Stacks feature is brilliant and everything Stacks should have been in the first place; the enhanced iPad-inspired Dock is terrific; and the entire system feels rock solid and even a little faster. I’m not necessarily saying you should upgrade right away, but I, personally, did not have the same feeling of trepidation as the past couple of MacOS updates.

Update: One thing I forgot to mention is in regards to the new autofilling two-factor authentication code behaviour, similar to that which is in iOS 12. Here’s how Cunningham describes it:

When you receive two-factor authentication codes via SMS (and when you’ve got your iPhone configured to forward SMS messages to your Mac), Mojave will offer to insert those codes for you in Safari or any other app updated to target Mojave.

Unfortunately, Apple’s own two-factor authentication codes do not autofill because they are not sent over SMS.

Matt Birchler’s Review of WatchOS 5

I don’t think anyone does WatchOS reviews as well as Matt Birchler, and this year’s is no exception. I’ve been running the beta all summer, because I am a demonstrably stupid person, and I learned a few of the more hidden updates to WatchOS in Birchler’s review. For example, the Siri watch face now supports automatic sports alerts:

This is kind of a weird one, but I’m happy to see cards about my favorite sports teams appear on the Siri watch face. It’s weird because your favorite teams are set up in the…TV app. You’d think this might be in the main settings app or something, but yeah, any teams you have set as favorites in the TV app will show on your Siri watch face when they have games going on.

So, to recap: Apple’s house-brand TV shows are available in Apple Music, and Apple Watch alerts for sports are set up in the TV app on your iPhone.

My favourite new feature in WatchOS 5 is probably automatic workout detection. Birchler:

Usually it just takes a few minutes of working out for it to notice that you’re doing something and present the notification. The good news is that it gives you credit for the entire workout, not just from when you confirm you are indeed working out. So when it asks you 5 minutes into a run if you are indeed in a workout, you get credit for the time, distance, and calories burned for those 5 minutes. It’s pretty slick.

The sensitivity of workout detection has been fine-tuned throughout different builds and I think Apple hit a sweet spot by the time WatchOS 5 shipped. Every so often, it doesn’t detect my twenty minute walk to or from work until I’m about halfway, but it doesn’t matter because it typically gives me credit for most of that journey. However, I’ve found it’s not always terrifically accurate at figuring out what kind of workout I’m doing: instead of an outdoor walk, it often thinks I’m running and, a couple of days ago, it thought I was using an elliptical machine.

Updating an Apple Watch is still a gigantic pain in the ass — though the overnight update mechanism, new in WatchOS 5, does help with that — but it’s totally worth it for this version of the software. If you haven’t updated yet, I strongly suggest you do. Apple is honing in on what the Watch is good at, and making it truly excel in those areas.

A Look at How the New Fire, Water, and Vapour Apple Watch Faces Were Made

There aren’t many companies that would construct enormous scaled-up shells of a product to create custom videos specifically for it. Also, consider that each of these effects had to be created a second time with a different model, because these faces behave completely differently on pre-Series 4 watches. It looks like there’s an older-model Apple Watch rig at about twenty-five seconds into this video.

Joint CBC and Toronto Star Investigation Finds Ticketmaster Complicit in Ticket Scalping

Dave Seglins, Rachel Houlihan, and Laura Clementson, CBC News:

In July, the news outlets sent a pair of reporters undercover to Ticket Summit 2018, a ticketing and live entertainment convention at Caesars Palace in Las Vegas.

Posing as scalpers and equipped with hidden cameras, the journalists were pitched on Ticketmaster’s professional reseller program.

Company representatives told them Ticketmaster’s resale division turns a blind eye to scalpers who use ticket-buying bots and fake identities to snatch up tickets and then resell them on the site for inflated prices. Those pricey resale tickets include extra fees for Ticketmaster.

“I have brokers that have literally a couple of hundred accounts,” one sales representative said. “It’s not something that we look at or report.”

Not only does Ticketmaster ignore scalpers’ tactics, this report reveals that the company effectively encourages them to exploit potential buyers with its TradeDesk software. The software’s description in the App Store indicates that it’s built for high-volume resellers, with features like bulk price adjustments and large-scale inventory management.

This is why Ticketmaster does such a terrible job at stopping automated purchases: the fee that they get from direct sales is large, but the commission they get from the reseller platforms that they own is extraordinary. Meanwhile, artists get none of the markup, their fans get bilked into paying obscene ticket prices, and Live Nation — Ticketmaster’s parent company — has a near-monopoly on large-scale tours, events, and venues. That’s not right.

Alternative Influence

Here’s a fascinating new report (PDF) by Rebecca Lewis. From its executive summary:

This report presents data from approximately 65 political influencers across 81 channels. This network is connected through a dense system of guest appearances, mixing content from a variety of ideologies. This cross-promotion of ideas forms a broader “reactionary” position: a general opposition to feminism, social justice, or left-wing politics.


When viewers engage with this content, it is framed as lighthearted, entertaining, rebellious, and fun. This fundamentally obscures the impact that issues have on vulnerable and underrepresented populations — the LGBTQ community, women, immigrants, and people of color. And in many ways, YouTube is built to incentivize this behavior. The platform needs to not only assess what channels say in their content, but also who they host and what their guests say. In a media environment consisting of networked influencers, YouTube must respond with policies that account for influence and amplification, as well as social networks.

When I was in elementary and junior high during the early days of the World Wide Web, I was reminded regularly not to trust poorly-sourced or single-sourced information I found on the web. The situation now is completely different: these videos feature ostensibly intelligent and well-sourced individuals interviewed in a slick style aping that of legitimate news shows.

Similarly, earlier this month, Chris Hayes started a short thread on Twitter about how a simple query about the Federal Reserve quickly leads YouTube viewers down a conspiratorial tunnel.

John Gruber’s Review of the iPhones XS

Many of the iPhone XS reviews I’ve read today have repeated effectively the same thing: it’s an “S” year; this is an incremental update; the big one is really big. Well, yeah.

But John Gruber has, as usual, the best review of the new iPhones — largely because of his explanation of why the new camera system is so different despite seemingly-identical tech specs. And, as a bonus, it includes new information:

[…] I checked, and Apple confirmed that the iPhone XS wide-angle sensor is in fact 32 percent larger. That the pixels on the sensor are deeper, too, is what allows this sensor to gather 50 percent more light. This exemplifies why more “megapixels” are not necessarily better. One way to make a sensor bigger is to add more pixels. But what Apple’s done here is use the same number — 12 megapixels — and make the pixels themselves bigger. 12 megapixels are plenty — what phone cameras need are bigger pixels.

I think what makes this 32 percent increase in sensor size hard to believe, especially combined with a slightly longer lens, is that by necessity, this combination means the sensor must be further away from the lens. This basic necessity of moving the lens further from the sensor (or film) is why DSLRs are so big compared to a phone. But the iPhone XS is exactly the same thickness as the iPhone X, including the camera bump. (Apple doesn’t publish the bump thickness but I measured with precision calipers.) So somehow Apple managed not only to put a 32 percent larger sensor in the iPhone XS wide-angle camera, but also moved the sensor deeper into the body of the phone, further from the lens.

You can see the results of the bigger sensor and better HDR performance in Rafael Zeier’s comparison between the iPhone X and iPhone XS. Judging by the reviews I’ve seen so far, it looks like the result of that is, in part, more detail in images, though I’m not sure how much of that can be attributed solely to the larger sensor and not it in combination with adjusted noise reduction. I bet you’ll get some killer RAW photos on this thing.

Many reviewers are advising readers to wait for the iPhone XR, coming next month. I totally get that — in part, because it’s much less expensive, but also because you’ll get nearly everything that the iPhone XS has. But one thing you won’t get is the telephoto camera. I’ve used that camera for probably half of the pictures I’ve taken on my iPhone X since I got it, and I don’t think I could go back to a single-camera phone. If I were upgrading this year, I’d go for the XS in a heartbeat — just because it has a telephoto camera. In fact, I’d be comfortable with a single-camera iPhone that only had an approximately 56mm-equivalent camera. But that’s just me.

Also, it looks like most, if not all, writers received gold review units. I’m not sure the saturated colour of the steel frame fits my taste, but the cream-coloured back is gorgeous.

A History of Infinite Loop Told in Anecdotes

With the move of Apple’s headquarters from the Infinite Loop campus to Apple Park, Steven Levy interviewed several current and former Apple employees — including high-ranking individuals like Tim Cook, Phil Schiller, Eddy Cue, and Scott Forstall — about their memories of Infinite Loop. This one’s pretty good:

[Tony Fadell]: When I arrived in 2001 [to lead the iPod project], it still felt like a campus that wasn’t filled. There were all these empty offices everywhere in every building. All of the furnishings and everything had not been updated since it opened.

Cook: It was an awful time. The stock crashed, it goes down by 60 to 70 percent. We get a call from Ted Waitt, founder of Gateway. He wants to talk about acquiring Apple. Steve and I went to a meeting with Waitt and their CEO, and it’s a different Steve. Very calm, listening to the comments they made, how they’d probably keep the Apple brand. I was sitting there feeling like my organs were being cut out. Then they said maybe they could come up with a role for Steve, and I’m thinking—he’s going to blow! He’s going to blow any minute! Then they start talking about price. And Steve looks at them—he could look at you with eyes that just penetrated your soul—and says, “Who do you think is worth more, Apple or Gateway?” The meeting lasted only two or three minutes more. And in a few weeks they had some accounting scandal, and their stock crashed.

It’s odd to reflect that many of the products that have defined Apple’s renaissance and Steve Jobs’ legacy were created at a campus that he had no part in designing and, according to this profile, he disliked. Now, Apple is based out of a campus that was his dream; yet, he’s not around to take advantage of it, or be a physical part of this chapter in the company’s legacy.

The MacStories Review of iOS 12

As has become a bit of a tradition around here, I have a review of iOS 12 coming; however, it won’t be out today. Turns out trying to find an apartment in Calgary right now is difficult and time consuming.

In the interim, please read Federico Viticci’s excellent deep dive into iOS 12. It’s far more detailed than mine will ever be and, as the iOS automation expert, he’s uniquely gifted in explaining this update’s improvements to Siri and the new Shortcuts app.

Google China Prototype Links Searches to Phone Numbers

Ryan Gallagher, the Intercept:

Sources familiar with the project said that prototypes of the search engine linked the search app on a user’s Android smartphone with their phone number. This means individual people’s searches could be easily tracked – and any user seeking out information banned by the government could potentially be at risk of interrogation or detention if security agencies were to obtain the search records from Google.


Sources familiar with Dragonfly said the search platform also appeared to have been tailored to replace weather and air pollution data with information provided directly by an unnamed source in Beijing. The Chinese government has a record of manipulating details about pollution in the country’s cities. One Google source said the company had built a system, integrated as part of Dragonfly, that was “essentially hardcoded to force their [Chinese-provided] data.” The source raised concerns that the Dragonfly search system would be providing false pollution data that downplayed the amount of toxins in the air.

If this reporting is correct, there’s simply no other way to cut this: Google is exploring a deeper entry into the Chinese market by agreeing to assist in that government’s oppression and misinformation. I wonder how Google will respond the first time a report is released that implicates them in the imprisonment of an activist or a journalist in China, especially as it’s completely incongruous with their publicly-stated positions. It’s not a perfect comparison, but do you remember how “outraged” they were after reporting in the Washington Post implied that the NSA had a backdoor into their infrastructure? They responded by increasing their use of encryption within their own network over time.

Instead of fighting government surveillance, Google is apparently trying to be of assistance, and they’re dragging their employees into this mess. How many Google employees want to have such a toxic product on their resume? Apparently, several staffers, including senior engineers, have decided that this is too much to bear, and have consequently quit.

China is, of course, an enormous potential market for Google. By not being there, they’re leaving potentially billions of dollars of revenue on the table. However, they would also not be complicit in human rights abuses. How much is that worth? For a company with strict values and some semblance of ethics and morals, it should be a no-brainer.

Amassed Memories in Keychain Access

Earlier this year, I linked to a Twitter discussion started by Marcin Wichary about UIs that amass memories — consider, for example, your WiFi network connection history, or the “Open Recent” menu in applications you don’t use very often.

Anyway, I’m cleaning out my Keychain right now and it reminded me of this idea. I came across login items for websites I don’t visit any more, and accounts I created for a specific purpose long ago. But I also found my login details for websites that were a huge part of my online life for a long time and no longer exist, like dznr and FFFFOUND. I have real memories tied to many of these accounts — even tangible products, in some cases: I created a Club Monaco account to buy a pair of boots that I still wear, but I haven’t used the account since.

It’s striking how something as simple as a list of websites and user names can trigger a similar level of nostalgia as, for example, a photograph.

Goodbye, iPhone SE

Thomas Brand:

As someone who doesn’t value his cell phone as much as the next Apple nerd, the iPhone SE has been an important product for me because of its price. The iPhone SE kept me invested in the iOS ecosystem, and enabled me to purchase a Apple Watch without approaching the ~$700 iPhone ASP I normally attribute to laptop computers. Now that an updated iPhone SE is no longer an option, I am evaluating alternative cell phone platforms. I am sure I am not alone.

The smallest and cheapest iPhone that Apple now sells is the iPhone 7, which is a 4.7-inch device that fills out a typical pants pocket and starts at $449. But, as a two-year-old iPhone, it’s likely that it will support three more years’ worth of software updates (iOS 12 supports up to the five-year-old iPhone 5S). To be clear, that’s more than you can expect of practically any Android phone, but it’s also less than you might expect of an iPhone purchased today.

I’ve seen a lot of people on Twitter and across the web unhappy with the discontinuation of the iPhone SE. For a lot of people, it was a perfectly-sized device — the last one that many people could comfortably reach with their thumbs across the entire display without doing a little shimmy with their hand, and the last one with flattened sides that made it easier to hold for photos. The SE was a really good product, and it’s unfortunate that Apple has chosen to stop making it instead of releasing a successor. It’s one of the few bum notes from yesterday’s event, but it is perhaps the loudest.

Initial Thoughts on the iPhone XS, iPhone XR, and Apple Watch Series 4 Event

If you were paying attention to rumour blogs prior to today’s event, you knew the names of the products announced today as well as what the iPhone XS and new Watch looked like. Those were not surprises; yet, even so, today’s event managed to pack in a lot of big news.

First up, the Apple Watch Series 4, with a bigger display, richer faces, and — amazingly — an FDA-certified electrocardiogram on the sapphire and ceramic back, which now appears on all models.

There are also a bunch of new faces that they say “react uniquely with the curved edges of the case”. This is curious to me because the Apple Watch HIG and the overall design of WatchOS has generally created the impression that there is no boundary around the display. For instance, the “honeycomb” home screen treats app icons almost like bubbles that float against a black backdrop and aren’t cut off. Or, recall the way Jony Ive described, in its introductory video, that “you can’t determine a boundary between the physical object and the software”. Much like the notch on the iPhone, it appears that they’re embracing the limitations of the hardware, which feels more honest to me.

I remember having an initially negative reaction to the Apple Watch when it was introduced. Now that I have owned the product for a few years and Apple has made radical improvements to the software, though, it’s one of my favourite personal technology things that I own, but neither the Series 2 nor the Series 3 compelled me to upgrade. Based on what I’ve seen so far, I’m sold on this new one. It is to the Apple Watch what the iPhone 4 is to the history of that product: a culmination of several years of learning, and leaving everything else in the dust.

My only concern is with the electrocardiogram feature. It’s only going to be available in the United States — presumably for certification and regulation reasons — and Apple says that it won’t be enabled until later this year.

Then there’s the iPhone XS and XS Max. Both are a substantial upgrade from the iPhone X, but — more importantly, as most people probably don’t upgrade every year — a huge leap from the iPhone 7 and 7 Plus: a faster processor, better Face ID, better displays, dual SIM capabilities, better battery life, and better camera processing. The Max model should satisfy those who are aching for an even bigger variant with features specific to it, like split views in some apps.

Finally, they launched the iPhone XR, which is a fascinating product once you get past Apple’s naming foibles. Apart from Apple employees, nobody is actually going to pronounce it “ten-arr”; likewise, most people are probably going to say “excess” rather than “ten-ess”. Also, it turns out that the “R” — and “S”, for that matter, in “iPhone XS” — is neither uppercase nor lowercase but, rather, small caps, because Apple’s marketing team apparently hates everyone who writes about their products. They will be “XS” and “XR” here.

The XR sits at the bottom end of Apple’s pricing range; but, at 6.1 inches diagonally, it’s in the middle of the 5.8-inch iPhone XS and 6.5-inch iPhone XS Max. Its display is an LCD at 326 pixels per inch — exactly the same pixel density as the iPhone 8, and with very similar technical specifications.1 However, its introduction means that Apple’s new iPhone lineup entirely follows the modern gesture-driven design language started by the iPhone X. Unlike the iPhone X and XS, it has some of the same software capabilities as iPhones with Plus- or, now, Max-sized displays, such as split screen in supported apps.

The iPhone XR also marks the first iPhone launched since the SE without 3D Touch. Instead, it has something they’re calling “Haptic Touch”, which appears to simply be haptic feedback triggered by long presses in certain 3D Touch-like contexts.2

I have complaints about that.

For a start, it’s confusing: there are maybe eight people on Earth who can adequately articulate the differences between Haptic Touch, 3D Touch, and Force Touch, which is still what Apple calls the display on the Apple Watch. In the keynote presentation, Phil Schiller compared it to the trackpad in the MacBook Pro, but that’s marketed as a Force Touch thing. I might be an idiot, but this is unfathomable.3

Second, it’s conceptually muddy. There seemed to be specific rules Apple was adhering to with their use of 3D Touch on past iPhones — it opens app menus on the home screen, for instance, or allows you to preview something in a list before opening it. But this indicates that there’s either no difference between a long press and a Force/3D/Haptic Touch press, or there’s no consistency in Apple’s application of it. If Apple doesn’t know what the standards should be, users can’t even begin to understand what they should be doing. I like 3D Touch a lot, but if Apple continues to be confused by their own technology after it has been on the market for three years, I don’t think they should keep it around.

Inside, it features the same A12 SoC as the iPhone XS and XS Max and has a similar wide angle camera, but it does not have a telephoto camera. Even so, it can apparently do the same Portrait Mode and three of the five Portrait Lighting effects.

Its body is made of aluminum, and it’s offered in six gorgeous colours. I’m looking forward to seeing these in person — the vibrant peach-like “Coral” colour, in particular, looks beautiful. I bet these will be hot sellers: they’re colourful, they have the gesture-driven design, and they start at $250 less than the XS. They don’t go on sale until next month, however.

There’s always a catch — in this case, there are three. This iPhone lineup no longer includes the headphone jack adaptor; all iPhones still come with a five-watt charger; and all iPhones still ship with only a USB-A cable instead of a USB-C cable. I don’t get it.

Apple also announced today that they will be updating the HomePod on Monday with multi-timer support, the ability to make phone calls, and the ability to use Siri Shortcuts.

While many of the announcements today were revealed early, one surprise is that there was absolutely no mention of the AirPower. There’s nothing about it on the new iPhone marketing pages, and John Gruber tweeted that nobody at Apple is talking about it. Something clearly went deeply wrong in its development and Apple seems to have no idea when — or if — it will be launched.

  1. Apple bills this display as a “Liquid Retina” display but, even after watching the keynote and reading all about it, I still have no idea what this means or what sets it apart. The only reason to give it a cool marketing name, that I can think of, is if it’s going to be used repeatedly. So, I expect to see references to a “Liquid Retina” display in upcoming iPad marketing materials as well. ↩︎

  2. I also think we’ll see this “Haptic Touch” language used in new iPad marketing materials. ↩︎

  3. Also, they call it “Haptic Touch” but it’s powered by the “Taptic Engine”. Gah↩︎

European Parliament Gives Approval to Over-Broad Copyright Reform Bills

Natasha Lomas, TechCrunch:

The European Parliament has just voted to back controversial proposals to reform online copyright — including supporting an extension to cover snippets of publishers content (Article 11), and to make platforms that hold significant amounts of content liable for copyright violations by their users (Article 13).


BEUC, the European Consumer Organisation, also denounced the result of the plenary vote, warning that if the plans MEPs backed today become EU law the “benefits of the Internet for consumers will be at risk”.

“It is beyond comprehension that time and again EU policy makers refuse to bring copyright law into the 21st century. Consumers nowadays express themselves by sampling, creating and mixing music, videos and pictures, then sharing their creations online. MEPs have decided to thwart this freedom of expression which is dangerous for creativity and innovation,” said Monique Goyens, director general of BEUC, in a statement.

I understand the impetus for stricter adherence to copyright law by forcing platforms to be responsible for users’ uploads, but it’s hard to see how rights-holders will actually benefit from these new laws. A smarter way to update copyright law for the internet wouldn’t look like a giant filter between users and platforms, nor would it charge a fee for merely linking to or citing news stories.

However, this legislation isn’t the law yet:

While the parliament has now agreed its position on the reform the process is not yet over. There will be trilogue negotiations with Member State representatives, via the European Council, and a final vote — likely early next year.

If you live in the E.U., please call or write your local representative and urge them to find a way to make these reforms — since they are likely to pass — less stupid.

Release Types Now Organized Differently in Apple Music

A promising update on an issue surfaced earlier this year. Federico Viticci, MacStories:

While the old artist page design of Apple Music mixed albums, singles, EPs, live albums, and more under the same ‘Albums’ section, the new Apple Music features separate sections for different types of music releases. The new sections include singles and EPs, live albums, essential albums recommended by Apple Music editors, compilations, and appearances by an artist on other albums. As pictured above, Apple Music now also highlights an artist’s latest or upcoming release at the top of the page.

Separation between albums and other releases isn’t a new idea. Beats Music, the streaming service Apple acquired in 2014 and subsequently relaunched as Apple Music in 2015, featured separate views for albums, EPs, and compilations. Three years after its relaunch, it appears Apple has implemented most of Beats Music’s organization of artist releases, which was arguably one of the original service’s most useful and innovative functionalities.

There’s an interesting little side story regarding this news and the last three Nine Inch Nails releases. All three are about half an hour long but, while the first two are classified as EPs — as you might expect for five-track sets — the most recent, released in June, is listed as an LP. The reason for that, according to NIN frontman Trent Reznor, is because streaming services treat EPs as “lesser” albums. Beats Music, which Reznor was heavily involved in the design of, used to do that, but Apple Music didn’t until just recently.

And, strangely, all three recent NIN releases are classified as “Albums” in Apple Music; in Spotify, the two EPs are buried as “Singles”.

EPs are often just as important to an artist’s repertoire as LPs. While I think separating them can be beneficial from a categorization perspective, I would hate to see an artist’s recent release buried just because it’s listed as an EP.


I’d still like to see better grouping options for different editions of the same album: while Beats Music used to group explicit, remastered, and re-issued albums under a single sub-section, these versions aren’t grouped by Apple Music yet.

While we’re at it, I would love to be able to hide clean releases across Apple Music, and have Siri default to the explicit — read: canonical — version of any request.

A Profile of Mark Zuckerberg

This is a long profile by Evan Osnos in the New Yorker and, while it paints a well-researched vignette of Zuckerberg, it’s also confirmation of what you had already probably seen or expected. For example, it catalogues Facebook’s internal belief that if they launch a new feature that has negative reactions, users will eventually come around, even on issues of privacy — the withdrawal of Beacon being one notable exception where user feedback was actually listened to. And on the Alex Jones debacle:

Facebook relented, somewhat. On July 27th, it took down four of Jones’s videos and suspended him for a month. But public pressure did not let up. On August 5th, the dam broke after Apple, saying that the company “does not tolerate hate speech,” stopped distributing five podcasts associated with Jones. Facebook shut down four of Jones’s pages for “repeatedly” violating rules against hate speech and bullying. I asked Zuckerberg why Facebook had wavered in its handling of the situation. He was prickly about the suggestion: “I don’t believe that it is the right thing to ban a person for saying something that is factually incorrect.”

Jones seemed a lot more than factually incorrect, I said.

“O.K., but I think the facts here are pretty clear,” he said, homing in. “The initial questions were around misinformation.” He added, “We don’t take it down and ban people unless it’s directly inciting violence.” He told me that, after Jones was reduced, more complaints about him flooded in, alerting Facebook to older posts, and that the company was debating what to do when Apple announced its ban. Zuckerberg said, “When they moved, it was, like, O.K., we shouldn’t just be sitting on this content and these enforcement decisions. We should move on what we know violates the policy. We need to make a decision now.”

This confirms reporting by Charlie Warzel and Dylan Byers that Apple’s decision was the impetus for Facebook, among other companies, to make a move. Last week, Apple also banned Jones’ company from the App Store. “De-platforming” — as it is known — works, and it’s a decision that Apple, Facebook, and other companies should have made a long time ago.

This irks me:

For many years, Zuckerberg ended Facebook meetings with the half-joking exhortation “Domination!” Although he eventually stopped doing this (in European legal systems, “dominance” refers to corporate monopoly), his discomfort with losing is undimmed. A few years ago, he played Scrabble on a corporate jet with a friend’s daughter, who was in high school at the time. She won. Before they played a second game, he wrote a simple computer program that would look up his letters in the dictionary so that he could choose from all possible words. Zuckerberg’s program had a narrow lead when the flight landed. The girl told me, “During the game in which I was playing the program, everyone around us was taking sides: Team Human and Team Machine.”

I’m a hundred percent sure this was done in good fun. Nevertheless, it reminds me of something that has been rattling around in my head for a while. I’m a competitive person and I want to win at board games; but, I also want to have fun. I like playing with people who also make an effort to win, because it challenges me. Even when I know I’m going to lose, I still have a great time. But I dislike playing with people who need to win. They’re the kind of people who deliberately block all your routes in Ticket to Ride, or buy up one of every property colour in Monopoly. It’s not wrong to do those things, but it doesn’t actually make the game any good. People who have a problem with losing or being wrong sometimes are, generally speaking, destructive assholes.

Rhett Jones, Gizmodo:

The New Yorker can spill thousands of words probing Zuckerberg’s psyche and speaking to colleagues about how he’s growing in his unprecedented role of social media Pope to 2.2 billion users, but it’s still the same Zuckerberg who would apparently rather think about scaling and “community” than real-world consequences his company might be involved in.

Facebook has been aware of its role in violence and ethnic cleansing in Myanmar since at least 2014. It entered a market that it knew little about, where traditional media to inform the public was extremely limited, and found that it had built the perfect weapon for organizing mob violence and propaganda. We’ve seen similar situations in Sri Lanka, Libya, the Philippines, and India. One Sri Lankan official characterized the situation to the New York Times, “The germs are ours, but Facebook is the wind.”

But Zuckerberg keeps repeating the same talking points about being “slow” to recognize the problem and how it’s going to take time to fix it. He told the New Yorker that he plans to have 100 people working on translating and moderation in Myanmar by the end of the year. The fact that a company can connect 2 billion people in a little over a decade but can’t hire 100 people over the course of a few years is telling. But the real issue is scale, and the inability of current technology to keep up with that scale.

Facebook can’t play dumb here. According to Osnos’ profile, the “growth” team was the most celebrated and admired inside the company, and their goals were the company’s goals. If they wanted to “dominate” — as Zuckerberg half-jokingly closed every meeting with — they have no excuse for being bad at it when they actually started to do so, and continuing to be terrible years later.

Purported Security Apps in the Mac App Store Found to Be Stealing User Data

Thomas Reed of Malwarebytes, with a small collection of apps available on the Mac App Store that exfiltrate user data:

It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be. I’ve been saying this for several years now, as we’ve been detecting junk software in the App Store for almost as long as I’ve been at Malwarebytes. This is not new information, but these issues reveal a depth to the problem that most people are unaware of.

We’ve reported software like this to Apple for years, via a variety of channels, and there is rarely any immediate effect. In some cases, we’ve seen offending apps removed quickly, although sometimes those same apps have come back quickly (as was the case with Adware Doctor). In other cases, it has taken as long as six months for a reported app to be removed.

In many cases, apps that we have reported are still in the store.

These are exactly the kinds of things I expect the app review process should catch before apps like these and the aforementioned Adware Doctor make it into the store. The Mac App Store should, if nothing else, be a place for any user to find safe software. Ideally, it’s also one with high-quality, useful, top-tier apps, but security and privacy ought to be the baseline.

(Thanks to Anthony Reimer.)

“Does Anyone’s Ideal World Have Social Media?”

Lauren Oyler in the Baffler:

There’s an argument to be made about social media as a force for political mobilization — or, say, making friends, whom I may speak to multiple times a week but see only two or three times a year, if ever; research shows shared hatreds are more binding than shared interests — but first I’d like to talk a little bit more about myself. When I wake up every morning I look at my phone to see what has transpired in the night, the final waking moment of which is usually the last time I looked at my phone. This is bad for my sleep cycle, I know, and for the nerves in my hands — I refuse to get one of those knobs you can put on the back of your phone to make it easier to hold, which I see as not just admitting I have a problem but resigning myself to it, as well as broadcasting to strangers who see me using my phone in public that I am a Phone Person (worse: a Phone Woman) — but more important, it is just bad. What I dislike about my life are not the facts of it but its texture, the false tension and paranoia and twitchiness. I exist in a state of “might always be checking something,” and along with being unpleasant, it’s embarrassing.

The sentence I quoted for this link’s title comes in the last paragraph of this essay, but it’s not exactly in the context as you might expect from an essay questioning the substantive value of constant connection. It’s very good.

Apple Removes Adware Doctor From Mac App Store for Covertly Sharing User Browser History

Nicole Nguyen, Buzzfeed:

[Security researcher Patrick Wardle], who shared his findings with TechCrunch, found that Adware Doctor requested access to users’ home directory and files — not unusual for an anti-malware or adware app that scans computers for malicious code — and used that access to collect Chrome, Safari, and Firefox browsing history, and recent App Store searches. The data is then zipped in a file called “history.zip” and sent to a server based in China via “adscan.yelabapp.com.” Two independent security researchers confirmed to Motherboard that Wardle’s report was accurate.

In his blog post, Wardle noted, “The fact that application has been surreptitiously exfiltrating users’ browsing history, possibly for years, is, to put it mildly, rather f#@&’d up!”

Security researcher Privacy 1st tweeted that they initially contacted Apple about the Adware Doctor issue on Aug. 12.

One of the theoretical advantages of the Mac App Store — or any app marketplace with a review process — is that spyware like this could be caught before it is published. Yet Adware Doctor has been in the Mac App Store for years and it could have been pilfering user data for any amount of that time. Apple was even notified about it last month, but it was not removed until today. Either Apple dropped the ball hard here, or there’s something missing to explain why it was apparently not a high priority investigation.

For Second Time in Three Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Brian Krebs:

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

This kind of software is pretty gross to begin with. I’m not a parent, so I might be completely off-base here, but it seems to me that there’s an extraordinary amount of risk that is assumed in collecting everything your kid does relative to the actual benefits you might get out of doing so. Spying on your partner — or, potentially, employees — seems completely unethical.


Shah said when he tried to alert mSpy of his findings, the company’s support personnel ignored him.

“I was chatting with their live support, until they blocked me when I asked them to get me in contact with their CTO or head of security,” Shah said.

KrebsOnSecurity alerted mSpy about the exposed database on Aug. 30. This morning I received an email from mSpy’s chief security officer, who gave only his first name, “Andrew.”

This is a chickenshit response. Regardless of the ethical implications of mSpy’s spyware, a report of a security breach should be treated with more gravity than this. Why wouldn’t they prioritize this? Are they so afraid of making mistakes that they evade acknowledging, fixing, or apologizing for them?

In general, it is appalling to me the lengths that individuals and organizations alike will go to in order to cover up or hide from a mistake or a controversy. If you have any integrity whatsoever, you own your values and your actions. If they are seen as problematic, you try to understand why. If you want to stand by those actions, you should be able to produce evidence for your defence. But change can also be cathartic for everyone involved. There is no honour or benefit in trying to hide from actions that are being questioned.

Shooting and Editing Photos With Halide and Darkroom

The editors over at the Sweet Setup asked me to write a short piece on taking pictures with Halide and editing them in Darkroom. It’s the first thing I’ve written in which I specifically recommend not trespassing, so I think it’s worth reading for those curious about jumping beyond the built-in Camera and Photos apps for shooting and editing.

Google Purchased Bulk Transaction Data from Mastercard to Link Online Ads and Offline Purchases

Mark Bergen and Jennifer Surane, Bloomberg:

Alphabet Inc.’s Google and Mastercard Inc. brokered a business partnership during about four years of negotiations, according to four people with knowledge of the deal, three of whom worked on it directly. The alliance gave Google an unprecedented asset for measuring retail spending, part of the search giant’s strategy to fortify its primary business against onslaughts from Amazon.com Inc. and others.


Through this test program, Google can anonymously match these existing user profiles to purchases made in physical stores. The result is powerful: Google knows that people clicked on ads and can now tell advertisers that this activity led to actual store sales.

Google is testing the data service with a “small group” of advertisers in the U.S., according to a spokeswoman. With it, marketers see aggregate sales figures and estimates of how many they can attribute to Google ads — but they don’t see a shoppers’ personal information, how much they spend or what exactly they buy. The tests are only available for retailers, not the companies that make the items sold inside stores, the spokeswoman said. The service only applies to its search and shopping ads, she said.

This appears to be part of the data set that the Washington Post previously reported was being used to attribute purchases to ads.

Initially, Google devised its own solution, a mobile payments service first called Google Wallet. Part of the original goal was to tie clicks on ads to purchases in physical stores, according to someone who worked on the product. But adoption never took off, so Google began looking for allies. A spokeswoman said its payments service was never used for ads measurement.

Since 2014, Google has flagged for advertisers when someone who clicked an ad visits a physical store, using the Location History feature in Google Maps. Still, the advertiser didn’t know if the shopper made a purchase. So Google added more. A tool, introduced the following year, let advertisers upload email addresses of customers they’ve collected into Google’s ad-buying system, which then encrypted them. Additionally, Google layered on inputs from third-party data brokers, such as Experian Plc and Acxiom Corp., which draw in demographic and financial information for marketers.

This entire program — but particularly these two paragraphs — indicates so much about how all of these companies view the consumer landscape. The solution to not-quite-precise-enough numbers has been to collect more data, and the response to privacy concerns is to fuzz that data a little bit when it’s shared between companies. Based on the actions the surveillance capitalism industry has taken, they have not chosen the correct response of collecting less data.

It is worth noting that privacy was one of Apple’s goals for the design of Apple Pay. According to this Bloomberg report, the complete opposite was true of Google Wallet. As much as we view decisions by any companies as financially-motivated, we should remember to also think of Google’s moves — and those of credit card companies, data brokers, and so forth — as inherently creepy, invasive, and also likely not in the best interests of consumers.

The Outline Lays Off Support Staff and Remaining Staff Writers

Cale Guthrie Weissman, Fast Company:

The Outline, the Joshua Topolsky-founded culture website, laid off the last of its two remaining staff writers today. On Twitter, one staff writer, Paris Martineau, announced the shakeup. I’ve confirmed that the other full-time staff member, Ann-Derrick Gaillot, has also been let go. And other non-editorial employees seem to be impacted too. Editors appear to be the only full-time editorial staff the site has left.

John Bonazzo, the Observer:

The source also noted that The Outline plans to slash its freelance budget despite the dearth of staff writers. The site will likely move from its current Lower East Side office to an undisclosed WeWork location.

The Outline had ambitious goals, launching with 26 employees from companies like Vox, Vice and BuzzFeed. Most recently, it completed a $5 million funding round in May.

These are worrying signs — an online magazine without writers is hardly encouraging. I hope they can recover; the Outline is a particularly interesting publication, and Martineau was one of my favourite writers there.

Mozilla to Block Slow and Cross-Site Trackers in Firefox

Nick Nguyen of Mozilla:

Anyone who isn’t an expert on the internet would be hard-pressed to explain how tracking on the internet actually works. Some of the negative effects of unchecked tracking are easy to notice, namely eerily-specific targeted advertising and a loss of performance on the web. However, many of the harms of unchecked data collection are completely opaque to users and experts alike, only to be revealed piecemeal by major data breaches. In the near future, Firefox will — by default — protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites.

This will be rolled out in two stages: Firefox 63 — two major releases away from the current build — will start blocking slow-loading trackers, while Firefox 65 will block cross-site tracking. The latter sounds a little bit like Safari’s Intelligent Tracking Prevention feature. However, instead of blocking scripts based on behaviour, Firefox will rely upon a list of trackers created by Disconnect Me.

Mozilla’s Asa Dotzler:

When pop-ups got out of control in the early ’00s Firefox took a stand and killed them all dead. Now Firefox is taking a stand against tracking on the web because it too has gotten out of control.

Firefox also spearheaded the renaissance of web standards over the past fifteen years or so, but I’m not sure whether it has the kind of sway it once did. Even so, the combination of Apple’s and Mozilla’s prioritization of user privacy is a formidable one.

Of course, Google still makes the world’s most popular browser. There’s simply no way they can join the club of companies that actually care about user privacy with their current business model.

9to5Mac Obtains Promotional Photos of Apple Watch Series 4, iPhone XS

You’ve probably seen the images of the new Apple Watch and iPhones published by 9to5Mac. Unlike most leaks, these aren’t parts or sketchy spy photos, nor are they firmware or operating system leaks — these are promotional images designed to be used on Apple’s website and in marketing materials. They’re also noteworthy for another reason: neither Zac Hall nor Guilherme Rambo disclosed their source for these images in any capacity.

The American Press Institute:

Transparency means show your work so readers can decide for themselves why they should believe it.

  • Don’t allow your audience to be deceived by acts of omission — tell them as much as you can about the story they are reading.

  • Tell the audience what you know and what you don’t know. Never imply that you have more knowledge than you actually do.

  • Tell the audience who your sources are, how they are in a position to know something, and what their potential biases might be.

In other words, reporters are obligated to tell readers what they know, and also how they know it. It is only in very rare cases that this guideline will be broken. I don’t see anyone doubting the veracity of these images, and I certainly am not, so their validity is entirely driven by the credibility of the reporters.

Rambo is uniquely gifted at picking through Apple’s software releases for information about forthcoming products, but these images didn’t come from software. These are graphics that you can expect on Apple’s marketing webpages for these products, and I don’t think it’s a coincidence they were leaked on the same day as the company announced the event where they will, presumably, officially unveil these products. This is entirely speculative; I don’t have any more specific information directly about these graphics. It’s just an especially curious situation because Apple’s marketing team pretty much never leaks.1 Final product names are only known by a relatively small group of people until they’re said on stage, and they, too, almost never leak. The team at 9to5Mac is reasonably confident that “iPhone Xs” is the name of the next iPhone.2 My guess is that these images were loaded onto an obscure-but-unprotected CDN and someone told 9to5Mac or Rambo, directly, where to look — perhaps not even an Apple employee, but someone very well-placed.

I’m not trying to out a source here. I’m curious about the way such a surprisingly thorough leak could occur. I’m also trying to understand why other forthcoming products, like the rumoured 6.1-inch LCD-based iPhone and the new all-screen iPad Pro, were not leaked at the same time.

Recall that 9to5Mac first made waves by leaking a marketing image of the third-generation iPod Nano in 2007.

Update: I was wrong. Rambo just guessed the URLs.

  1. A noteworthy exception to this was when Power Mac G5 specs were published on Apple’s website a couple of weeks prior to its announcement. ↩︎

  2. Per my house style, I won’t be lowercasing the s↩︎

NetNewsWire Transferred Home to Brent Simmons From Black Pixel

Brent Simmons:

You probably know that I’ve been working on a free and open source reader named Evergreen. Evergreen 1.0 will be renamed NetNewsWire 5.0 — in other words, I’ve been working on NetNewsWire 5.0 all this time without knowing it!

It will remain free and open source, and it will remain my side project. (By day I’m a Marketing Human at The Omni Group, and I love my job.)

Black Pixel will stop selling their versions of the app, and will turn off the syncing system and end customer support — all of which is detailed in their announcement. (Important note: I will not get any customer data from them, nor will I be doing support for Black Pixel’s NetNewsWire.).

I’ve been using Evergreen for about a year now and it feels similar to how NetNewsWire felt when I first started using it in 2007. It’s vibrant, exciting, and makes RSS feel appropriately simple. This announcement feels completely right to me.

An Excerpt From a CNBC Interview with Nilay Patel and Jason Koebler

There’s some good discussion in this video, but this part from Nilay Patel is wonderful:

I think one of the major things we need to shift our thinking about is [that] regulating individual pieces of speech is very difficult. Regulating behaviour is probably a better approach, where you can say “well, these people are consistently behaving in a way that goes against our values, and we don’t have to, like, write A.I. that finds words. We can actually look holistically at behaviour.” None of the platforms seem to be ready to do that. They are not willing to articulate strong values that they stand for — Twitter, in particular, seems to be very hands-off. Mark Zuckerberg is talking about a Facebook court.

Those are all very legalistic interpretations. I think they’re not going to work unless these companies have strong values that they believe in, and the government decides it wants to pursue a non-discriminatory approach. […]

The most awful corners of Twitter have gotten very good at evading automatic detection of targeted harassment and discriminatory language, even though it’s clear that their behaviour, as a whole, is harassing and discriminatory. When you report a user to Twitter for this kind of behaviour, they ask that you add up to five relevant tweets even when their entire account is a problem. Twitter’s rules prohibit targeted abuse, but you can still find plenty of users who reference who reference the “fourteen words” and “blood and soil” in their bios, or any of the other coded language used in the context of white supremacy and white nationalism.

Banning Nazism is, for me, the baseline of good platform moderation — if a company can’t or won’t prioritize removing Nazis from their platform, who will they remove?

Firmware Update Available for AirPort Express With AirPlay 2 Support

Juli Clover, MacRumors:

Apple in April announced that its entire AirPort wireless router lineup, AirPort Express included, had been discontinued. Apple sold the AirPort Express until available stock ran out, but it is no longer available for purchase at this time.

Because the AirPort Express was discontinued, it wasn’t clear if it would indeed gain AirPlay 2 support because Apple’s AirPort unit was disbanded, but Apple did indeed opt to introduce support for customers who are still using the AirPort Express units.

According to John Voorhees over at MacStories, this only works for the second-generation AirPort Express that looks like a white Apple TV, and it needs to be added manually to the Home app — that is, you can’t just scan it to add it. But, all told, it apparently works quite well. Kudos to Apple for continuing to support a discontinued product, though it raises the question — for me, at least — as to why they decided to no longer build a great and inexpensive combination of an AirPlay 2 receiver and a WiFi signal repeater.

Panic and House House Announce 2019 Launch of Untitled Goose Game

From the Steam page:

Untitled Goose Game is a slapstick-stealth-sandbox, where you are a goose let loose on an unsuspecting village. Make your way around town, from peoples’ back gardens to the high street shops to the village green, setting up pranks, stealing hats, honking a lot, and generally ruining everyone’s day.

This speaks to me in a way no other video game ever has.

Americans’ Views on News Content From Internet Companies

Holly Wolf of Gallup:

This representative survey of U.S. adults found that most Americans are concerned with the prospect of internet companies tailoring news to users based on their interests and behavior. Seventy-three percent of U.S. adults prefer that companies show all people the same set of news topics, rather than tailor topics based on their interests, past browsing details or search history. Further, 80% think the choice of news organizations’ stories they show people should be similar, rather than varying news organization stories based on a person’s past internet activity.

These findings are bizarre because, in most cases, users self-select what information they see by following specific news organizations or aggregators. Furthermore, the idea that internet companies can provide neutral news information without editorializing it is preposterous — neutrality is, itself, an editorial decision.

Even though Americans express concerns about major internet companies playing a news editorial function, they tend not to believe those companies are endorsing a story’s message or its accuracy when it appears on their website or app. Forty-three percent of U.S. adults equate an internet companies’ displaying content on its platforms as an endorsement of it, while 55% do not. A minority of Democrats (27%) compared to a majority of Republicans (62%) believe that internet companies are endorsing the news stories that they display.

The question, as asked in the survey (PDF), was: “When a major internet company like Google, Facebook or Yahoo displays a particular news item on your news feed, do you believe that they are endorsing that news item — that is, telling you they believe it is accurate and that they agree with its message?”

It is remarkable that even 43% of respondents answered “yes” to that.

Cryptocurrency Mining Now Accounts for Approximately One Percent of the World’s Energy Consumption

Drew Millard, the Outline:

It is well-established established that Bitcoin mining — aka, donating one’s computing power to keep a cryptocurrency network up and running in exchange for a chance to win some free crypto — uses a lot of electricity. Companies involved in large-scale mining operations know that this is a problem, and they’ve tried to employ various solutions for making the process more energy efficient.

But, according to testimony provided by Princeton computer scientist Arvind Narayanan to the Senate Committee on Energy and Natural Resources, no matter what you do to make cryptocurrency mining hardware greener, it’s a drop in the bucket compared to the overall network’s flabbergasting energy consumption. Instead, Narayanan told the committee, the only thing that really determines how much energy Bitcoin uses is its price. “If the price of a cryptocurrency goes up, more energy will be used in mining it; if it goes down, less energy will be used,” he told the committee. “Little else matters. In particular, the increasing energy efficiency of mining hardware has essentially no impact on energy consumption.”

The creation of every single conventional currency does not consume one percent of the world’s power production today. According to the power generation stats provided by the International Energy Agency and figures on the environmental impact of gold mining from Coinbase — which, by the way, includes the worst example of a “life cycle” diagram I’ve seen in a long time — it’s possible that gold mining is a more energy-efficient industry than cryptocurrency creation.

Theophite on Twitter:

Imagine if keeping your car idling 24/7 produced solved Sudokus you could trade for heroin.

What a terrific analogy.

Moderating the Planet

Jason Koebler and Jordan Cox of Vice penned a blockbuster investigation into Facebook’s content moderation practices that’s worth your time. They interviewed “dozens” of sources, including several on-the-record conversations with Facebook employees in charge of their moderation efforts:

The thing that makes Facebook’s problem so difficult is its gargantuan size. It doesn’t just have to decide “where the line is” for content, it has to clearly communicate the line to moderators around the world, and defend that line to its two billion users. And without those users creating content to keep Facebook interesting, it would die.

Size is the one thing Facebook isn’t willing to give up. And so Facebook’s content moderation team has been given a Sisyphean task: Fix the mess Facebook’s worldview and business model has created, without changing the worldview or business model itself.

“Making their stock-and-trade in soliciting unvetted, god-knows-what content from literally anyone on earth, with whatever agendas, ideological bents, political goals and trying to make that sustainable—it’s actually almost ridiculous when you think about it that way,” Roberts, the UCLA professor, told Motherboard. “What they’re trying to do is to resolve human nature fundamentally.”

In that sense, Facebook’s content moderation policies are and have always been guided by a sense of pragmatism. Reviewing and classifying the speech of billions of people is seen internally as a logistics problem that is only viable if streamlined and standardized across the globe.

Maya Kosoff, Vanity Fair:

The problem, of course, is Facebook’s tireless drive to expand. Until recently, for example, the company reportedly had few moderators who spoke Burmese, allowing the platform in Myanmar to be infiltrated by anti-Muslim hate speech. (Facebook’s hate-speech detecting A.I., it said, hadn’t yet learned Burmese.) But instead of treating the issue as the result of a choice to expand into a country where it knew it couldn’t adequately evaluate and police what was posted, Facebook viewed the issue as a failure of technology. “We still don’t know if it’s really going to work out, due to the language challenges,” Guy Rosen, V.P. of product management at Facebook, told Motherboard. “Burmese wasn’t in Unicode for a long time, and so they developed their own local font, as they opened up, that is not compatible with Unicode.” In the meantime, United Nations human-rights experts have cited Facebook’s struggle to remove hate speech as playing a role in a possible genocide in the country.

Facebook may be a publicly-traded company that is trying to do right by its shareholders — and the best thing for them, it perceives, is conquering the world. But this is an abhorrent dereliction of ethical responsibility. Kosoff is entirely correct: it is a choice for them to expand to places they don’t fully comprehend. It is arrogant, and demonstrates a lack of sensitivity in attempting to merge American values with those in every region they operate. I don’t think that’s possible.

Google Is Highlighting the Wrong Voter Registration Deadline for Several States

On Twitter, Kate Rabinowitz noted that Google displays the wrong date in its Featured Snippets box when searching for Texas voter registration deadline. I tried with all other states, and a similar issue is also present when searching for the deadline in Alabama, Delaware, Georgia, Illinois, Indiana, Kentucky, New Hampshire, Oklahoma, Tennessee, and Washington.

Oh, yeah, and Featured Snippets still says that Shiva Ayyadurai was the inventor of email.

Facebook Removes Onavo VPN From App Store After Apple Says It Violates Data Collection Policies

Juli Clover, MacRumors:

Facebook today removed VPN app Onavo Protect from the iOS App Store after Apple decided that it violates App Store data collection policies, reports The Wall Street Journal.

Apple earlier this month told Facebook officials that the Onavo app, which serves as a virtual private network, violates June App Store rules that prevent apps from harvesting data to build advertising profiles or contact databases.

Recall that Facebook uses Onavo — which is still available on the Google Play store for Android — to find trending apps to either acquire or copy by spying on usage. Ultimately, Apple shouldn’t have to police this; regulators should have a better handle on unscrupulous developers burying the true purpose of their apps in turgid legal policies.

The History of Aperture

Stephen Hackett wrote a great retrospective for MacStories of Aperture, one of my all-time favourite applications:

In short, Aperture was designed to let photographers import a mountain of large RAW files, sort them, perform light editing, and then export them to Finder, the web, or prints. If a user needed to carry out additional editing, Aperture included the ability to round-trip an image to Photoshop and back with just a click. If that all sounds like pro-level stuff, it was, and Aperture’s $499 price point reflected that fact.

I didn’t use Aperture until I got my mid-2007 MacBook Pro, but I remember it working pretty well for my circumstances. I knew there were plenty of satisfied Lightroom users, but its workflow just didn’t match how I edit pictures. Even today, I am a reluctant Lightroom user; I can’t tell you how much I wish Aperture were still around, with support for iCloud Photo Library. For all its faults and bugs, I always got a kick out of editing my photos in Aperture. In Lightroom, it feels like a chore.

Thousands of Stores Will Soon Use Facial Recognition Without Consent

Anis Heydari, CBC News:

Cadillac Fairview says they’ve been using facial recognition software in their mall directories since June to track shoppers’ ages and genders without telling them.

The company now says they are suspending use of the cameras inside mall maps, including at Chinook Centre and Market Mall in Calgary.

The move comes after both the Alberta and federal privacy commissioners announced they were launching investigations into the use of facial recognition technology without the public’s consent.

When news of this first spread late last month, I asked Cadillac Fairview, Mappedin — which created the software that was being used at these malls — and the Privacy Commissioner of Alberta for comment. Mappedin denied to comment and told me to ask Cadillac Fairview; a Cadillac Fairview spokesperson told me that, because no photos or videos of shoppers were stored, they did not need to ask permission. The Privacy Commissioner’s office declined to comment even generally about whether this interpretation of the law was correct.

The Cadillac Fairview spokesperson also did not comment on whether the age and gender estimates they were creating through this facial recognition system were being associated with other data, like search queries on the mall directory or device tracking.

Leticia Miranda, Buzzfeed:

Retailers are turning to facial recognition software to identify potential thieves by comparing scanned images of shoppers’ faces against a database of known shoplifters. But as more retail stores consider using the technology, privacy advocates and industry stakeholders are debating how the technology should be regulated and how shoppers should be informed about when their faces are scanned.


Shoppers don’t have a say about whether or not the software scans them. That’s because companies are not legally required to get consent from shoppers to collect so-called biometric data like face images, except in Illinois where it has been illegal to collect biometric data without written consent since 2008.

It’s shocking to me that, in the U.S. and Canada at least, there is little oversight for the collection of this kind of data. Pretty much every retailer and mall has security cameras and there are notices at entrances that notify visitors. But there is a big difference between using those cameras to monitor for shoplifters and continually processing video feeds for behavioural analytics purposes.

Prevalence of Third-Party Cookies Reduced Across European News Websites

Shan Wang, Nieman Lab:

A prequel report from RISJ, released a few weeks before the General Data Protection Regulation came into effect May 25, found that some news sites researchers looked at were worse than popular non-news websites when it came to third-party content. These news sites averaged 40 different third-party domains per page and 81 third-party cookies per page, compared to an average of 10 and 12, respectively, for other popular non-news websites. (Researchers collected the data in the first three months of this year.)

This time around, researchers found declines in cookie prevalence on the 200-plus news sites they tracked, across several categories, from cookies related to advertising and marketing to ones related to design optimization (they looked at the difference between the sites in April and then the sites in July). On average, total cookies related to design optimization dropped 27 percent; cookies relating to advertising and marketing dropped 14 percent.

I’m not surprised by these findings. With GDPR warnings in place, collectors of lots of data can do one of two things: ask visitors for permission, or reconsider just how much data they need to collect. Conversely, without GDPR, it’s unlikely that data collectors would do either.

The Landowner and the Apartments

Over ten years ago, there was this big piece of land that was carefully landscaped and prepared by the landowners for lots of people to use. We could take up any spot on that land that we would like. Forward-thinking as they were, the landowner built in various hookups for utilities and amenities. It was nice.

Very quickly, some enterprising people began building apartments on the land. These apartments often offered new amenities that made use of the existing infrastructure established by the landowner; sometimes, new infrastructure was built to better provide amenities that the landowner had not considered. Eventually, we had a great deal of choice of apartments. There were a couple of boutique buildings that people could live in, a few bigger ones that were a little nicer, or — for those who had the ability — enterprising residents were welcome to build our own block and lease it to anyone who wanted to stay in it.

Then, the landowner decided to buy one of the nicest apartment buildings on the site. And, slowly, residents of that apartment started to notice little changes being made. It began to receive new amenities, some of which were unavailable to anyone else on the land. Many people found that to be irritating but, as they were the owners, understandable.

More changes were made to the very nice apartment building. Over time, it stopped feeling like the original apartment, and the owners decided to tear it down and build a new one. It looked pretty nice, but suffered from some shoddy materials and craft. They put billboards on the side of it, and began pestering everyone to meet their neighbours and their friends’ neighbours. They started giving different amenities to different people, like some sort of science experiment to see which residents would crack first. Even so, most people wanted to live in that apartment because it had all of the amenities, and it had the landowner’s name on it, so it felt more official.

But there were still lots of other apartments for people to live in if you didn’t like some of the strange experiments happening in the big, popular apartment, and could live without a few nice amenities. The landowner mostly left these places alone because residents were still contributing to the community, and all of those apartments were disproportionately contributing to the value of the land.

One day, though, the owners decided to set a limit on the number of people who could live in each apartment building. They also very quietly began telling the management of each building that they didn’t want apartments on their land any more, but didn’t tell management when they would be making the final call on that. They also acknowledged just how important these apartments are to the overall community, and pledged to keep the plumbing and electricity hooked up indefinitely. Those mixed signals made management concerned but, as no decision was made, each apartment kept being maintained and renovated.

And then, out of the blue, the landowner made the call. They decided to charge apartment companies lots of money per resident to stay on the land, and they said that they would be turning off some of the utilities at a later date. Some of the renters saw the writing on the wall and decided to move into the big apartment run by the landowner, and they were happy. Others tried moving in only to find it gaudy and horrible, and moved right back into their old place. Management at these apartment pleaded with the landowner to help them figure this out for their tenants, but the landowners didn’t budge.

The day came for the landowner to turn off some of the less essential utilities to all of the smaller apartments. Some people stuck around – even with limited amenities, they still preferred living in those apartments to the popular-but-tacky one. A few people decided to find some new land, because the landowner was clearly only interested in putting all of their resources behind the apartment they also owned. There was little disagreement on their right to do so — it’s their land, of course. But by pretending that the land’s value was due to the big apartment rather than the overall community, the landowner made many residents question whether they knew what they were doing with their land. That feeling was deepened when the landowner also let a bunch of actual, literal Nazis stay on their land and call up any of the residents whenever they felt like it. That seemed like a bad idea.

Today, the landowner is spending much of their time attempting to convince the community to move out of their independently-managed apartments and into the big one. As they also keep saying that they want to help with the upkeep of the indie apartments, it’s very difficult to know what residents ought to do if they would like to remain in the community. And, given the poor communication from the landowner, it’s unclear what their next steps are and how it will affect the community in the months and years to come.

Much appreciation and credit to Joshua Arnao and Josh Calvetti for the inspiration.

Twitter Deprecates Parts of Their API, Forcing Third-Party Clients to Remove Key Features

John Voorhees, MacStories:

Whichever app you use, the biggest changes are to timeline streaming and push notifications. Twitterrific used to allow you to live-stream your timeline over WiFi, which is no longer possible. Instead, your timeline will refresh every two minutes or so over WiFi or a mobile data connection when the app is running. Tweetbot doesn’t support streaming anymore either, but it too will periodically refresh your timeline when the app is open.

Notifications are more limited as well. Tweetbot and Twitterrific used to allow users to turn on notifications for mentions, direct messages, retweets, quote tweets, likes, and follows, but don’t anymore.


How these changes shake out for third-party clients remains to be seen. I’ve used the beta update for Tweetbot over the past week, and the elimination of its Stats and Activity section has left me feeling like there is something missing from the app. I still prefer it to the official app, but the removal of that section is a meaningful loss. A similar hole will be left in Twitterrific when the Today section no longer works. Both apps have also lost their Apple Watch apps and live-streaming. If those are critical features to your use of Twitter, you may want to give the official client another try.

I’ve been using Twitter pretty much constantly for about eleven years,1 and I don’t think I’ve ever spent any time regularly using their first-party client on my phone. At a previous job, I used their Mac client, but that’s the extent of my first-party experience for my entire time using the platform. I started with Twitterrific on the desktop and phone, used a bunch of other third-party apps while there was a sincere market for them, and then settled on Tweetbot several years back.

I wanted to be fair, so I gave the official client another shot this week. It still isn’t my jam. It isn’t the ads that are a problem — they’re distracting, of course, but they’re a known kind of distraction. It’s something about the app that makes Twitter, as a concept, feel heavy and burdensome. It’s not solely the prompts to follow other accounts, or the strange reversal of the reverse-chronological timeline when a self-replying thread appears, or the real-time updates to retweet and like numbers — it’s a combination of all of those things, and many more. When I use the first-party client, I feel like I’m being played around with for business reasons.

Tweetbot makes Twitter feel light and friendly to me. I’m still using it for this reason; you may feel differently, and using the first-party client may be totally fine with you, which is great. But, for a long-time user, it’s a hard adjustment to make; and, it’s one that I worry I’ll have to make sooner rather than later, because I don’t see Twitter continuing to support third-party clients for much longer.

  1. This is probably not good for my health. ↩︎

FCC Under Ajit Pai Resists Proposal to Raise American Broadband Standard

Karl Bode, Vice:

For example, in early 2015 the FCC voted to upgrade the standard definition of broadband from a paltry 4 Mbps down, 1 Mbps up — to a more respectable 25 Mbps down, 3 Mbps up.

At the time, giant ISP executives, lobbyists, and numerous, ISP-loyal Senators whined incessantly about the changes. Commissioner Ajit Pai (who hadn’t yet been promoted to agency head) was quick to vote against the effort, joining alongside cable lobbying organizations who lamented the changes as “unrealistic and arbitrary.”


And once again, Ajit Pai is hoping to keep the broadband definition bar set at ankle height.

In a Notice of Inquiry published last week, Pai’s FCC proposed keeping the current 25/3 definition intact, something that riled his fellow Commissioner Jessica Rosenworcel.

An FCC report in February based on data collected until the end of 2016 found that barely over half of American census blocks had two or more options for 25/3 broadband in their area, and 15% have a choice of 100/10 providers. Those numbers are almost certainly better now, but it’s past time that the definition of “broadband” ought to be much higher.

The Competition Bureau of Canada is in the process of conducting a broadband availability study, too. In 2016, the CRTC ruled that a 50/10 broadband connection was a basic service; the CRTC’s own glossary, however, still defines broadband as a connection supporting a miserable 1 Mbps download speed.

Lifting All USB-C Boats

Chris Hannah (via Matt Birchler):

What would happen if Apple added a USB C port to the iPad?

It would, of course, have to be alongside the Lightning port in my opinion. But that would open up a whole new bunch of possibilities:


It would boost the USB C world just slightly more. Or at least move in the direction of having a single port that’s available on all Apple devices. For example, you’d get one external drive, and maybe an external display, but you’d be able to connect your Mac or iPad. It sounds super simple, but that’s what it should be.

I don’t see a circumstance with Lightning and USB-C ports on the same device; Apple has always favourited reducing the number and type of ports, and their functionality would be largely duplicative. I also doubt the handful of rumours that have been floating around claiming that next year’s iPhones will replace the Lightning port with a USB-C port.

However, this is the best argument I’ve heard yet for why Apple could be interested in switching. The USB-C market so far has been lacklustre, not to mention confusing. Remember how fast airport convenience stores and knick-knack shops started selling products with the Lightning connector? Apple is selling about 50% more iPhones than they did when the iPhone 5 was released, so that’s huge incentive for peripheral makers.

I’m still not convinced that this is what will happen. I believe there are technical reasons why the current crop of iPhones couldn’t fit a USB-C port, too. This is just the best argument I’ve heard yet for why it might be beneficial.1

  1. I think it’s more likely that an updated Lightning port could be adopted as a USB standard. ↩︎

Turning Off Location History in Google Maps Does Not Prevent Google From Keeping a History of Your Location

Ryan Nakashima, AP:

For the most part, Google is upfront about asking permission to use your location information. An app like Google Maps will remind you to allow access to location if you use it for navigating. If you agree to let it record your location over time, Google Maps will display that history for you in a “timeline” that maps out your daily movements.

Storing your minute-by-minute travels carries privacy risks and has been used by police to determine the location of suspects — such as a warrant that police in Raleigh, North Carolina, served on Google last year to find devices near a murder scene. So the company will let you “pause” a setting called Location History.

This may be a minor quibble, but this is some pretty strange framing for an otherwise well-reported story. The privacy risks of giving your real-time location to a targeted advertising company are glossed over; the implication is that the reason you may wish to disable this feature is because you might be doing criminal activity.

Moving on:

Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking. (It’s possible, although laborious, to delete it .)


To stop Google from saving these location markers, the company says, users can turn off another setting, one that does not specifically reference location information. Called “Web and App Activity” and enabled by default, that setting stores a variety of information from Google apps and websites to your Google account.

These settings appear to only be available in Google’s My Account section; I couldn’t find the same settings in the Google Maps app on my iPhone. I did, however, find a setting, under “About, Terms & Privacy”, called “Location Data Collection”, which was switched on; I disabled it.

My account’s settings were the inverse of what I expected, too: “Web and App Activity” was turned off, but “Location History” was switched on; I turned it off, too.

The Creepy Ten-Year History of Facebook’s ‘People You May Know’ Feature

Kashmir Hill, Gizmodo:

Facebook didn’t come up with the idea for PYMK out of thin air. LinkedIn had launched People You May Know in 2006, originally displaying its suggested connections as ads that got the highest click-through rate the professional networking site had ever seen. Facebook didn’t bother to come up with a different name for it.

“People You May Know looks at, among other things, your current friend list and their friends, your education info and your work info,” Facebook explained when it launched the feature.

That wasn’t all. Within a year, AdWeek was reporting that people were “spooked” by the appearance of “people they emailed years ago” showing up as “People They May Know.” When these users had first signed up for Facebook, they were prompted to connect with people already on the site through a “Find People You Email” function; it turned out Facebook had kept all the email addresses from their inboxes. That was disturbing because Facebook hadn’t disclosed that it would store and reuse those contacts. (According to the Canadian Privacy Commissioner, Facebook only started providing that disclosure after the Commission investigated it in 2012.)

Because about one in three people on Earth use a Facebook product, it’s almost a certainty that your contact details have been uploaded by one or more of your contacts, and that the company has the capability to map out at least part of your real-life social network — even if you are not a Facebook member and have never consented to this. There appear to be few laws against this practice despite its obviously devastating privacy impact.

A Generation Grows Up in China Without American Internet Giants

Li Yuan, New York Times:

A generation of Chinese is coming of age with an internet that is distinctively different from the rest of the web. Over the past decade, China has blocked Google, Facebook, Twitter and Instagram, as well as thousands of other foreign websites, including The New York Times and Chinese Wikipedia. A plethora of Chinese websites emerged to serve the same functions — though they came with a heavy dose of censorship.

Now the implications of growing up with this different internet system are starting to play out. Many young people in China have little idea what Google, Twitter or Facebook are, creating a gulf with the rest of the world. And, accustomed to the homegrown apps and online services, many appear uninterested in knowing what has been censored online, allowing Beijing to build an alternative value system that competes with Western liberal democracy.

It’s easy to see why China is able to do this where no other country can: the population there is big enough to support a gigantic isolated ecosystem. For context, all of the regions that major American tech companies tend to optimize for — the United States, the European Union, Canada, Australia, and New Zealand — have a combined population that is about the same as China’s alone.

I see no problem with American tech companies finding it difficult to conquer other countries — there should be healthy skepticism about the risk of having much of the world’s information on platforms operated largely by people on the west coast of the United States. China is a very special case, though, as it is one of the world’s most oppressive administrations, and Yuan’s reporting indicates that a new generation of people has grown up not being fully aware of the degree to which all the information they see is being censored and controlled by an authoritarian regime.

Some Wireless Audio Equipment Rendered Obsolete By Reallocated RF Spectrum — Again

I know the headline of this link sounds esoteric and boring, but this is actually a fascinating story from David Zweig in Wired:

Random Farms, and tens of thousands of other theater companies, schools, churches, broadcasters, and myriad other interests across the country, need to buy new wireless microphones. The majority of professional wireless audio gear in America is about to become obsolete, and illegal to operate. The story of how we got to this strange point involves politics, business, science, and, of course, money.


The upheaval around wireless mics can be traced to the National Broadband Plan of 2010, where, on the direction of Congress, the FCC declared broadband “a foundation for economic growth, job creation, global competitiveness and a better way of life.” Two years later, in a bill best known for cutting payroll taxes, Congress authorized the FCC to auction off additional spectrum for broadband communications. In 2014, the FCC determined it would use the 600 MHz band — where most wireless microphones operate — to accomplish that goal.

According to Zweig, this is the second time in ten years that part of the RF spectrum used for wireless audio equipment has been reallocated; so, for many users, this is the second time in recent memory they’re having to spend thousands of dollars on new gear. And there appears to be no indication that the FCC will cordon off a specific spectrum for these kinds of devices to operate on, which is foolish.

Apple Responds to Congressional Questions About User Privacy

Marrian Zhou, CNet:

Apple’s iOS system encrypts location information and doesn’t associate that information with any name or Apple ID. The iOS operating system also permanently deletes data from an iPhone if the phone doesn’t connect to Wi-Fi or power for seven days.

iPhones without SIM cards will send a limited amount of information about cellular towers and Wi-Fi hotspots to Apple if the user has enabled location services. The information will be encrypted and isn’t used for targeting advertising. If location services are turned off, the iPhone won’t send any data to Apple.

And from Apple’s response itself:

Consistent with Apple’s view that privacy is a fundamental human right, we impose significant privacy-related restrictions on apps that are made available through the App Store. The App Store is a marketplace for third party apps and, when a customer chooses to download an app to an Apple device, the customer and app developer enter into a direct contractual relationship with one another governed by the terms of the developer’s end user license agreement and privacy policy. Apple is not a party to these relationships; rather developers are fully responsible for the content and services they provide in their apps. Notwithstanding the developer’s responsibilities and direct relationship with customers, Apple requires developers to adhere to privacy principle, including consumer choice, and has implemented technical- and policy-level controls to help ensure those principles are respected.

However, as Sarah Frier points out at Bloomberg, Apple has no control over data use after a user has agreed to share their data with a third-party developer:

Apple has built in two direct consumer controls: one, when you agree to share your contact information with the developer; and the other, when you toggle the switch in your settings to deny that permission. But neither is as simple as it seems. The first gives developers access to everything you’ve stored about everyone you know, more than just their phone numbers, and without their permission. The second is deceptive. Turning off sharing only blocks the developer from continued access — it doesn’t delete data already collected.

Notwithstanding that users can, of course, also deny permission when first prompted, there is no mechanism for them to pull their data completely using a simple toggle switch or similar. It’s more likely that they will need to ask the company specifically to remove their historical data, and they will only have legal standing to demand it in Europe — thanks to GDPR — and other companies with strong privacy protections.

Apple probably can’t — and, arguably, should not — police user data in the hands of third-party developers when permission has been granted for its use. They would end up having to regulate any number of companies that are notoriously bad stewards of user data, like Facebook and Google. Users shouldn’t be required to read the excessive and overly-permissive contracts in every app. That’s something governments ought to regulate instead, and we should be expecting them to do a better job.

First Amendment Experts Warn Facebook Banning InfoWars Could Set Completely Reasonable Precedent For Free Speech

The Onion:

Acknowledging the widespread repercussions from the act of corporate censorship, first amendment experts warned Monday that Facebook’s decision to ban InfoWars could set a completely reasonable precedent for free speech. “If we allow giant media platforms to single out individual users for harassing the families of murdered kindergarteners, it could lead to a nightmare scenario of measured and well-thought-out public discourse,” said Georgetown law professor Charles F. Abernathy, cautioning that it was sometimes very easy for private organizations to draw a line between constitutionally protected free speech and the slanderous ravings of a bloated lunatic hawking snake oil supplements. […]

There’s no reason any platform should feel compelled to carry this unique brand of paranoia-based propaganda.

Update: Steve Kovach, CNBC:

Apple was the first major tech company to make a move against Alex Jones of Infowars on Sunday night by removing his podcast from iTunes.

But the Infowars iPhone app, which hosts some of the same content and themes found on the podcast, still lives on in the company’s App Store. In fact, the app had skyrocketed from below the top 10 to become the fourth most popular app in the news category — beating out the CNN and Fox News apps — by Tuesday morning. The boost was likely caused by increased downloads given the news Monday that Infowars was banned from several tech platforms.

It’s genuinely remarkable and alarming that such a garbage source is the fourth most popular free news app on the App Store right now, even in Canada.

But why is it still there? Apple clearly doesn’t want to index Jones’ hours of supplement sales radio interspersed with paranoia-driven intimidation and outrageous commentary, so why would it host an app that provides the same? The same is true of Google — the app is still available in the Google Play store, despite Jones being banned from YouTube.

Google Maps’ Influence on Neighbourhood Names

Jack Nicas, New York Times:

For decades, the district south of downtown and alongside San Francisco Bay here was known as either Rincon Hill, South Beach or South of Market. This spring, it was suddenly rebranded on Google Maps to a name few had heard: the East Cut.


The swift rebranding of the roughly 170-year-old district is just one example of how Google Maps has now become the primary arbiter of place names. With decisions made by a few Google cartographers, the identity of a city, town or neighborhood can be reshaped, illustrating the outsize influence that Silicon Valley increasingly has in the real world.


The service has also disseminated place names that are just plain puzzling. In New York, Vinegar Hill Heights, Midtown South Central (now NoMad), BoCoCa (for the area between Boerum Hill, Cobble Hill and Carroll Gardens), and Rambo (Right Around the Manhattan Bridge Overpass) have appeared on and off in Google Maps.

I wanted to know if this was widespread, so I opened Google Maps and found one straight away: apparently, Calgary has a community called Grandview which, so far as I can tell, doesn’t actually exist — the area Google Maps designates as Grandview is entirely in Ramsay. Even the area I grew up in, West Hillhurst, is called Upper Hillhurst in Google Maps, which is just north of Westmount, another neighbourhood that doesn’t exist. It’s easy to verify all of this because the municipal government publishes a list (PDF) of every neighbourhood in the city, and none of these areas are on it.

A Low-Power Mode for the Mac

Marco Arment:

Laptop battery life is decreasingly relevant to me as more airplanes offer power outlets. But sometimes you lose that lottery, as I did on my latest 8-hour daytime flight.

Apple’s “Up to 10 hours” claim doesn’t apply to my work, which is usually a mix of Xcode, web browsing, and social time-wasting, so I knew I’d have to seriously conserve power.

Sometimes, you just need Low Power Mode: the switch added to iOS a few years ago to conserve battery life when you need it, at the expense of full performance and background tasks.

I’ve long wanted something like this in MacOS, and not just for battery life. All too often, I find myself in a hotel or at a public WiFi hotspot and MacOS will still try to upload photos or download a software update. Many Canadian ISPs also have monthly bandwidth caps, and it would be rude to gobble up their monthly allowance with my giant RAW files. You can disable all of these things individually, but it’s a pain; I’d rather have a single toggle to temporarily reduce my computer’s resource use.

Update: Tully Hansen reminded me about TripMode, a third-party app that allows you to restrict bandwidth on a per-app basis.

Sarah Jeong Joins the New York Times, Finds Herself the Subject of Coordinated Harassment

The New York Times Company:

What would it be like if we all deleted Facebook? What does the future of online privacy look like?Why can’t the tech industry diversify? Are monkeys allowed to sue over copyrights? And what in the world is #cockygate?

To answer questions like these, the editorial board will soon be turning to Sarah Jeong, who will join us in September as our lead writer on technology. Sarah will also collaborate with Susan Fowler Rigetti, our incoming tech op-ed editor, and Kara Swisher, our latest contributor on tech issues.

Jeong is one of my favourite writers; this is terrific news. Unfortunately, some goblins dug up old — and mostly funny — tweets that she posted, and deliberately took them out of context to imply that she’s racist. There are understandable contextual differences between her tweets and, for example, Rosanne Barr’s.

The Verge, Jeong’s current employer, published an editor’s note admonishing this reprehensible abuse campaign:

Online trolls and harassers want us, the Times, and other newsrooms to waste their time by debating their malicious agenda. They take tweets and other statements out of context because they want to disrupt us and harm individual reporters. The strategy is to divide and conquer by forcing newsrooms to disavow their colleagues one at a time. This is not a good-faith conversation, it’s intimidation.

So we’re not going to fall for these disingenuous tactics. And it’s time other newsrooms learn to spot these hateful campaigns for what they are: attempts to discredit and undo the vital work of journalists who report on the most toxic communities on the internet. We are encouraged that our colleagues at The New York Times are standing by Sarah in the face of feigned outrage.

This is a good statement, but I agree more with Libby Watson of Splinter:

The New York Times really fucked this one up. Instead of ignoring this ridiculous complaint and letting it die — which it would have, because who the fuck cares what The Gateway Pundit is doing — they have validated it. (At least they didn’t fire her, you might say, but even responding to this garbage sets a terrible precedent and legitimizes a completely illegitimate, bad faith campaign to discredit Jeong and the Times itself.)

Now, according to the Times, it is fair to say that being rude about white people serves “to feed the vitriol that we too often see on social media,” and that her tweets represent a “type of rhetoric” at all and not just… jokes, nothingnesses, completely mundane and honestly quite boring observations that have no wider importance or meaning. Do we think Sarah Jeong actually enjoys chasing down and bullying old white men for fun? Do we think she earnestly wants to “cancel” white people? No, because that doesn’t mean anything — “cancel” doesn’t mean “do genocide to.”

Fringe trolls only have this kind of power if it is granted to them.

I look forward to reading Jeong’s columns in the Times starting next month.

Apple Removing iOS and Mac App Sales From Affiliate Program on October 1

This is the email everyone in Apple’s affiliate program received this afternoon:

Thank you for participating in the affiliate program for apps. With the launch of the new App Store on both iOS and macOS and their increased methods of app discovery, we will be removing apps from the affiliate program. Starting on October 1st, 2018, commissions for iOS and Mac apps and in-app content will be removed from the program. All other content types (music, movies, books, and TV) remain in the affiliate program.

Followed by some boilerplate stuff about the affiliate program and — in my copy, at least — a Japanese translation, but only a Japanese translation. Strange.

Stephen Hackett:

I can’t help but feel that Apple is waving off the wide array of sites that help consumers find apps as being unnecessary in light of Apple’s new editorial content within the App Store. I simply don’t believe that to be the case. The App Store is massive, and the crop of websites that have come to make a name for themselves comparing and reviewing apps add value to the ecosystem.

Federico Viticci:

Apple killing the affiliate program for apps feels downright hostile and petty.

Marco Arment:

Anyone still waiting for Apple to decrease its 30% cut?

One of the things that Apple has done fairly well is to encourage and cultivate a community of users who care deeply about the Apple products they use — not because they’re from Apple specifically, but because it’s a community of people who appreciate the tools that are essential components in their lives. Part of that community manifests as websites and blogs that focus on different aspects of the company: rumours, product reviews, retail stores,1 and new software.

A move like this is a frustrating kick in the teeth to that community. There are great websites that are built, in large part, on this revenue stream. It feels especially like a dick move coming just one day after Apple announced their highest-ever quarterly revenue from services and biggest third financial quarter in the company’s history. Is it for financial reasons? Is it because there are bad actors abusing the program? Nobody outside Apple knows for certain, but it feels like it’s dismissive of the greater Apple community.

  1. I’m reminded of Gary Allen’s IFO Apple Store every time I see an article about a new store “Town Square” opening. I miss him. ↩︎