Pixel Envy

Written by Nick Heer.

Boston Startup Develops Worst Imaginable Way to Get a Cup of Coffee

Albert Burneko, Defector:

In other words, just to get to the point at which your freezer has a Cometeer-brand flash-frozen puck of concentrated brewed coffee in it, some number of coffee beans must be subjected to the absolute most sophisticated, technologized, circuitous, wasteful process for making coffee in the entire history of life of earth. More experience and equipment are required to create a cup of Cometeer coffee than any other halfway plausible cup of coffee, literally ever. (You can tell the MIT, Apple, and Tesla scientists and Princeton-educated coffee-masters did a good job of brewing your coffee with proprietary machinery in Gloucester, Mass., flash-freezing it in liquid nitrogen, packing it in dry ice, and shipping it to your home for you to store in your freezer, because it tastes like you spent five minutes making it yourself using techniques that predate the advent of antibiotics.)

This process makes Keurig — also rightly criticized by Burneko — look like an environmental dream. What is wrong with the myriad methods of brewing coffee today that requires a ground-up reinvention? Sometimes, it is worth trying new things; other times, you end up pitching the virtues of a cryogenic brick of coffee.

On the Much Improved State of Macintosh Hardware

Quentin Carnicelli, of Rogue Amoeba:

I’m not sure who exactly deserves the credit at Apple for all these improvements, but my hat is off to you, whoever you are.1 In 2018, we couldn’t recommend buying a single current Macintosh model. Now? You almost can’t go wrong. That turnaround deserves a round of applause.

2018 was a bad year to be in the market for a new Mac. I would know: I was last in the market for a new Mac at that time. I do not know how much of that is attributable to Intel’s woes and how much blame should be placed on Apple, but it resulted in a compromised Mac lineup.

Today’s line is the exact opposite. There are simply no bad Macs — other than, perhaps, the still weird 13-inch MacBook Pro.

I see some people attributing this to Jony Ive’s retirement — including in the footnote of this article — but I still think that is overly simplistic and probably inaccurate. There was always a team working on Apple’s products, and Ive has been involved in those launched after he left the company. Put it this way: if Ive still worked at Apple, I bet the MacBook Pro models announced this week would be exactly the same.

FTC Staff Report Finds Many U.S. ISPs Collect and Share a Wealth of Customer Usage Data

From the U.S. Federal Trade Commission

Many internet service providers (ISPs) collect and share far more data about their customers than many consumers may expect — including access to all of their Internet traffic and real-time location data — while failing to offer consumers meaningful choices about how this data can be used, according to an FTC staff report on ISPs’ data collection and use practices.

This report is alarming, yet painfully obvious to anyone who has been paying attention to the behaviour of American internet providers. Because they are conglomerates operating in many markets, they have a uniquely comprehensive view of Americans’ lives, which they pitch as an advantage in the miserable world of targeted advertising. And it is a mutually beneficial market.

From the report (PDF):

Second, there is a trend in the ISP industry to buy consumer information from third party data brokers, which many ISPs in our study use for advertising purposes. One reported using data from data brokers to market their own products to new customers only. For example, they might get lists of new homeowners in a particular geographic area. A sizable number of the ISPs in our study also buy data from data brokers about their existing customers. For example, an ISP might send the data broker subscriber names and addresses, which the data broker would then append with demographic information (e.g., gender, age range, race and ethnicity information, marital status, parental status) and interest data (e.g., hiking, biking, gardening, bodybuilding, high-end spirits) for those subscribers. Or, for those ISPs that do not want to share their customers’ names and contact information with third-party data brokers, the ISP might send persistent identifiers (e.g., cookies, advertising identifiers, or hashed or encrypted account numbers or telephone numbers) associated with their subscribers to third party “matching services.” These matching services then sync these identifiers with similar identifiers they receive from other sources and provide the list of identifiers to the ISP. Once the ISP has the synced list of identifiers, the ISP can then check with data brokers to request demographic and interest data 94 associated with all of those identifiers, without sharing consumers’ name and contact information.

The data brokerage industry is vile. For comparison, here in Canada, internet providers are prohibited from using subscriber information for auxiliary business purposes without express permission. Bell, one of the big telecom providers in Canada, runs a “tailored marketing program” that requires subscribers to opt into receiving ads based on their Bell-provided services. I still think it is gross, but at least it is off by default and requires explicit permission.

Because it is opt-in, I bet this business is tiny. I asked Bell for more information about it, including the number of subscribers, and have not heard back. But I imagine very few people agree to allow the use of their web activity and television habits to serve them ads, probably because most people do not think the privacy tradeoffs are worth it. iOS’ App Tracking Transparency feature has similarly low opt-in rates. Even though many apps do not respect it, this indicates that most people do not want their activities recorded for the milquetoast reason of making ads a little bit more relevant.

U.S. service providers should respect those kinds of wishes. Unfortunately, while mainstream attention has finally turned to the egregious privacy practices of companies like Facebook and Google, ISPs have not been treated with similar scrutiny. This is as true for the press as it is for regulators. The CEOs from tech companies have spent hours over the past few years testifying before Congress about their privacy practices, but telecom CEOs have not been asked to do the same. Reports about lobbying have highlighted how much money is being spent by technology companies, without acknowledging similarly huge spending by telecoms.

I know this is not a new observation, but: these egregious violations of user privacy will not change without regulation, but rules protecting consumers’ personal data are unlikely to materialize when lawmakers are earning so much from the businesses they are supposed to regulate.

The Design of TV Key Art

Rex Sorgatz, for the Why Is This Interesting? newsletter (via Jason Kottke):

One neglected characteristic ties all these images together: They are all horizontal.

It sounds trivial, but going wide helped differentiate TV key art as its own medium, distinct from book covers and movie posters. And because these images appear on streaming platforms, they are unencumbered by other marketing copy, like taglines, cast and credits, and multifarious blurbs.

There is a simple purity to key art.

I remember scouring the web for key art when I used Plex over ten years ago. It is such a specific category of design — bracingly simple and evocative — and this is a great post and collection from Sorgatz. I hope this is not yet another thing to add to the list of creative pursuits A/B tested to death.

Mega Meta Domain Sales

Raymond Hackney, writing last week at TLD Investors:

Meta as an exact keyword has made some impressive sales in keywords no one ever discusses or even knew existed.

Meta.LC is a great example, Namepros member Makbliss sold Meta.LC for $20,000. on Afternic. He had just hand regged the name on August 7th of this year. Most don’t even know it’s the country code for Saint Lucia.

Nikul Sanghvi of Hypernames.co hit a monster home run 6 days ago with the $149,000 sale of Meta.so. He registered it in April. It was the second 6 figure Meta name this year. Meta.io sold for $100,000.

In the midst of Facebook’s endless scandals, I appreciate their ability to create a pleasant distraction before that big investigation drops.

The Verge: Facebook Is Rebranding

Alex Heath, the Verge:

Facebook is planning to change its company name next week to reflect its focus on building the metaverse, according to a source with direct knowledge of the matter.

The coming name change, which CEO Mark Zuckerberg plans to talk about at the company’s annual Connect conference on October 28th, but could unveil sooner, is meant to signal the tech giant’s ambition to be known for more than social media and all the ills that entail. The rebrand would likely position the blue Facebook app as one of many products under a parent company overseeing groups like Instagram, WhatsApp, Oculus, and more. A spokesperson for Facebook declined to comment for this story.

At best, this can be seen as Facebook doing as Google did with Alphabet, but several observers have compared it to the Philip Morris’ Altria rebrand. Is it an attempt at insulating WhatsApp, Oculus, and future products from Facebook’s tainted name, or is it merely acknowledging the company’s expansion and new ventures? I guess that depends on your perspective. Regardless, I am skeptical of this buzzword-heavy “metaverse” direction.

Heath, who broke this news, says the new name is a “closely-guarded secret” — which, of course, began the attempts to figure out what it could be.

Kali Hays, Insider:

Facebook, through its lawyers, has filed seven new trademarks since February, the USPTO database shows. The most recent include a new symbol, shown below, and a new name, “Stories,” both with broad descriptions of what they would be applied to.


What the trademarks don’t mention is whether they are a new name or logo for the whole company, as is coming soon, according to The Verge. While speculation of what the new name may be has so far centered on “Meta” and “Horizon,” neither are linked to Facebook filings with the USPTO. A Facebook spokesperson declined to comment.

A trademark would be a typical step by any company before it begins using a new name, logo, or, in many instances, a tagline for advertising. But it is possible that an entity or person can simply start using a term and claim that it did so first, leaving it to claim a trademark by “first use” and file for registration later.

I also began by searching the USPTO and found the same registrations, but I am not sure they apply to this rebrand. While a trademark could point to a future direction, it is not true that Facebook would need to file a U.S. trademark to claim ownership. Companies like to register in other countries, like Jamaica, where searching the trademark database is more complicated. That way, they can claim new product names but keep them more-or-less secret.

My search for Facebook’s new name took a slightly different path. I ended up using a DNS search engine to find domains that have the same name servers and email servers as Facebook’s corporate entities. And there are a lot — over four thousand domains use the a.ns.facebook.com name server — but I did not see an obvious rebrand among them. There are the domains of several companies acquired by Facebook, like Wit, Egg, and Scape, that might be fine enough names, but none stood out to me. I also found out that Facebook owns oceaniaramen.com for some reason.

So, a dead end. But perhaps a clue: I did see that meta.com, which is already owned by the Chan Zuckerberg Initiative, was last updated yesterday and, until today, redirected to meta.org. It has since stopped redirecting.

Mashable: Monday’s Product Launch Was the ‘Worst Apple Event Ever’

Chris Taylor, in a Mashable article that will age with all the grace of a freshly cut avocado:

But the fun came to a screeching halt during Monday’s Apple event, in which there was precious little to announce (new Apple Music price tier, new HomePod colors, barely new AirPods) and enough tech specs from a confusing couple of laptop chips to send a Mac nerd like me to sleep. The $19 screen cleaner — this year’s iPod socks — didn’t even rate a mention. And not for lack of time. The keynote lasted 50 minutes, making it Apple’s shortest ever, and didn’t so much end as gave up the ghost.

This isn’t about entertainment value; it’s an indicator that the company is running out of creative steam. Apple was widely criticized, even by the Macworld faithful, for having little actual new technology to wow us with at September’s iPhone 13 launch event. But at least it covered that fact up with a vibrant love letter to the state that birthed it. A month later, the marketing department has nothing left in the tank. If I was an investor looking for signs of the company’s long-term health, this would be a troubling one.

Try to get past the factual errors in this piece, like Taylor’s claim that Craig Federighi showed up at an Apple event for the first time since 2020 with “under a minute of screen time”, despite playing a starring role in the WWDC 2021 keynote. Pay no attention to the widespread praise for the new MacBook Pro lineup, and demand so strong it made Apple’s online store creak under the pressure. Forget that this is Taylor’s sixth review of a pandemic-era Apple event and is resorting to the same cynical tropes. Never mind that the memorably vacant WWDC 2007 keynote contained some of the most unpleasant moments of the modern Apple era.

The thing that got me is that Taylor already wrote this article back in 2016. Taylor’s complaint was that the then-new iPhone SE was just recycling bits — that Apple was doing nothing new or innovative, just reconfiguring iOS in different boxes and selling it as something new.

As Taylor said this year, “get some new material”, which is just a different way of saying that his articles need something, as he said in 2016, “truly, categorically new”.

Exile From Dongletown

Jason Snell reacts to Apple’s newfound port generosity:

If Mac laptops come in eras, one just ended.

It started in 2016 with the release of MacBook Pro models featuring butterfly keyboards, the Touch Bar, and a minimal selection of USB-C ports. It ended on Monday with the announcement of new MacBook Pro models that roll back most of the major changes introduced in 2016, putting the MacBook Pro in a new state of grace that recalls the middle of the last decade.

I have no need for one of these new MacBook Pros, but if I had to replace my nearly ten year old MacBook Air, the 14-inch model would be hard to resist — in silver, please. Its industrial design is a modern unibody interpretation of the Titanium PowerBook, Apple says it is ludicrously powerful, and it rights a bunch of the wrongs of the Touch Bar-era MacBook Pro lineup. MagSafe makes a much-appreciated return; its inclusion in my old Air saved it from falling off the counter just this week. For my money, the best port making its return is the SD card slot.


SD slot: Apple’s argument for getting rid of the SD slot was that the future would be wireless, and we wouldn’t need to use cards to transfer data anymore. It wasn’t true back in 2016, and it’s still not true. Sure, some devices equipped with SD cards now offer wireless data transfer, but let me tell you — it’s not as fast or reliable as just plugging in a card and transferring the data! And a lot of our non-Apple devices still rely on slow USB ports to transfer data if you have to copy the data directly. The SD slot is just convenient whether you’re a pro transferring photos, audio, or video.

My MacBook Air is my travel computer, and I use the SD card slot constantly. In 2016, Phil Schiller attempted to justify its removal to the Independent’s David Phelan:

Because of a couple of things. One, it’s a bit of a cumbersome slot. You’ve got this thing sticking halfway out. Then there are very fine and fast USB card readers, and then you can use CompactFlash as well as SD. So we could never really resolve this – we picked SD because more consumer cameras have SD but you can only pick one. So, that was a bit of a trade-off. And then more and more cameras are starting to build wireless transfer into the camera. That’s proving very useful. So we think there’s a path forward where you can use a physical adaptor if you want, or do wireless transfer.

Schiller paints a picture of a future that we are still waiting on in 2021. Sure, some cameras have wireless transfer modes, but most everyone I know still transfers images via a cable connected to the camera or by inserting the SD card into their computer. And if the “cumbersome” qualities of the reader were unacceptable, it is hard to believe that the alternative could be described as elegant or simple.

As far as general peripheral ports, there is still only a series of USB-C/Thunderbolt 4 ports. Thankfully, the USB-C device landscape is almost standardized. It has taken several years and most people still need a USB-A dongle from time to time, but it is so much better than it used to be. All of the other changes show that Apple really is listening to the users who are most drawn to the MacBook Pro’s capability and portability. This Mac is a sensation: I noticed Apple’s preorder page crawled to a halt for several hours after yesterday’s launch.

Truth be told, while I wish I could get one of the new 14-inch MacBook Pro models, I have no need for its power. I hope that some of these features will trickle down to the MacBook Air, and that the Air will be available in iMac colours. That is my perfect notebook. When this Air somehow stops working, it is what I will order — in teal.

Defaults Matter

Joanna Stern, of Wall Street Journal, in an article about the importance of default settings:

Facebook offers a “Recent” or chronological feed, but despite company efforts to improve it, the setting, on my iPhone, is still more buried than tulip bulbs. Tap the menu in the bottom right of your iPhone app, then See More > Recent & Favorites. At the top of your feed you’ll now see the Recent feed option. What happens next is maddening: As soon as you close the app and reopen it, the feed reverts to its old algorithmic self.

A Facebook spokesman didn’t tell me why, but pointed to a company page that explained how algorithms help people find what is most valuable to them.

As Stern writes, Twitter also allows users to toggle between a reverse-chronological timeline and an algorithmic one. Like Facebook’s, it sometimes reverts to the algorithmic feed after a while — though it does persist across app sessions, it is unclear to me what triggers it to automatically switch back. Twitter is currently experimenting with a clearer toggle, which I see in my @pxlnv account but not my (much older) @nickheer account, and it works fine.

It does not matter whether you prefer an algorithmic feed or one sorted only by time. Both are good ways to use social media apps for different reasons. If a platform owner would prefer to only have an algorithmic timeline, I think that is fine, too. But if a choice is presented — which I prefer — the service should at least respect that preference and maintain it.


Instagram doesn’t even offer a chronological-feed alternative. An Instagram spokesman gave me a similar answer to the one I got a few months ago: With the old chronological feed, people missed 70% of their posts. Algorithms can serve up more content from friends, he said.

Two days ago, I asked Instagram what percent of posts users miss when they use the algorithmic feed instead, but I have not heard back.

Benjamin Button Reviews the New MacBook Pro

Maciej Cegłowski:

Gone is the gimmicky TouchBar, gone are the four USB-C ports that forced power users to carry a suitcase full of dongles. In their place we get a cornucopia of developer-friendly ports: two USB 3.0 and Thunderbolt 2 ports, a redesigned power connector, and a long-awaited HDMI port.

Photographers will rejoice at the surprising and welcome addition of an SDXC card reader, a sign that Apple might be thinking seriously about photography.

The new MagSafe connector is a bit of Apple design genius. The charging cord stays seated securely, but pops right off if you yank on it. No more worries about destroying your $2k laptop just by accidentally kicking a cord.

Make a few small adjustments, remove a few sentences, and this 2016 post reads like it was written yesterday.

Safari 15 Watch: Old Tabs Edition

Jason Snell:

It’s official: As of the latest macOS Monterey beta — version 12.0.1, which makes me wonder if they’ve locked version 12.0 on the new MacBook Pro models and everyone else will jump straight to 12.0.1 — Safari tabs have been reverted to their original “tab” appearance, instead of being a bunch of floating lozenges.

I share Snell’s sympathy for a team that obviously worked hard to try something new, but I am thrilled there is a choice between a more compact tab interface and one that actually looks like tabs. That is true for Monterey, it is true for iPadOS, and I imagine a new seed of Safari 15 will be released for Big Sur to complete the set.1

While the capsule layout shipped, I am glad to see that it was reverted. I wish that were done earlier, but the result is the same. Today is a good day.

  1. The Safari 15 build for Catalina has not received the “compact” layout, nor — thankfully — does it have the option to use the weird capsule tab format. ↩︎

Facebook Teases Upcoming Investigation Into Documents Leaked From Facebook

Facebook’s John Pinette, VP of communications, in a Twitter thread:1

Right now 30+ journalists are finishing up a coordinated series of articles based on thousands of pages of leaked documents. We hear that to get the docs, outlets had to agree to the conditions and a schedule laid down by the PR team that worked on earlier leaked docs.

Tech companies love to announce bad news when industry press is distracted by an ongoing Apple product launch. I guess this is today’s attempt: Facebook is trying to get ahead of what seems to be a comprehensive investigation by journalists. I am looking forward to that.

Edward Ongweso Jr, Vice:

It is common for various entities to distribute information to journalists on the condition that they don’t publish before a certain time. This doesn’t mean that the information is somehow suspect by default, or that it will be reported on in an uncritical manner. Facebook surely knows what an embargo is, because it regularly issues them, expects reporters or outlets to adhere to them, and will quickly ignore reporters who break them. If you see a lot of news outlets publish detailed articles about a specific thing at a specific time, is it likely they were subject to an embargo. This practice is controversial but extremely common. On one hand, it’s a way for companies to control the spread of information and to gatekeep who has access to it. On the other, embargoes allow journalists time to report out a story before it “breaks,” often resulting in more detailed and thorough articles.

Journalists from multiple outlets working together under disclosure rules have been responsible for several groundbreaking investigations into tax avoidance by businesses and wealthy people. This is nothing new, and it is unclear to me who Pinette is trying to intimidate by tweeting about it.

  1. If only Facebook had a website where it could publish statements from its communications team. ↩︎

Apple Introduces a Siri-Only Apple Music Plan

Maybe the oddest thing Apple introduced today is this $5 per month Siri-only Apple Music plan:

The Apple Music Voice Plan will be available later this fall in 17 countries and regions, including Australia, Austria, Canada, China, France, Germany, Hong Kong, India, Ireland, Italy, Japan, Mexico, New Zealand, Spain, Taiwan, the United Kingdom, and the United States.

This is the same list of regions where Apple sells the HomePod Mini. If you have a HomePod and, I guess, only listen to music on that device and no other, perhaps this is a compelling offering? I am not sure I buy that. Along similar lines, I wondered if this was perhaps a low-cost way to encourage Spotify users to try Apple Music on their HomePods, but even though it is possible, Spotify still has not added HomePod support.

Whatever the case, I cannot imagine saving $5 per month is worth having to use Siri.

Update: Looks like this plan is a direct competitor for Amazon Music’s “Unlimited Single Device” plan (hat tip to Mitsuhara Mussina).

Visual Studio and Teams Get More Native

Faisal Khan:

The senior vice president of Microsoft Teams announced that Teams would be moving to their own Edge Webview2 Rendering Engine ditching Electron for seeking performance gains. It is marketed that Teams would consume 2x less memory as a result of the transition. It would be called Teams 2.0 and might ship with Windows 11 in late 2022.


Webview2 cannot be thought of as a replacement to Electron; It is not a wrapper like Electron to rapidly ship web apps on the desktop platform. The original Webview (Webview1 for namesake) used Microsoft’s Edge rendering engine while the Webview2 uses the Chrome rendering engine. Webview2 is already used by Outlook as a part of Microsoft’s “One Outlook” project.

Via Michael Tsai:

I’m not sure this makes much difference for Mac users, since it’s still built on Web technologies with a bundled browser engine.

If this is anything like the browser engine used in OneDrive, it might be worse. OneDrive regularly consumes nearly a gigabyte of RAM on my Mac while idling — several times more than the already bloated Electron-powered Dropbox client. When OneDrive syncs files, it helps itself to an entire Intel i7 CPU core and causes the fans to come on.

These issues are well documented, but Microsoft has no incentive to make improvements because anyone who has to rely on OneDrive or Teams for work has no alternative.

I am sure much of that behaviour is not attributable to the choice of browser engine. But I am worried I will soon have two apps I must keep running in the background that monopolize computer resources for trivial tasks.

‘The Problem With Jon Stewart’

Maybe it is reflective of my age, but Jon Stewart’s interpretation of the “Daily Show” has always held a special place for me. Not one of the shows it inspired has resonated in my brain the same way.

So when Apple announced “The Problem with Jon Stewart”, I was excited. Two episodes have now aired and, well, it is different than I was expecting — but I like it.

It does not feel like the “Daily Show”, which is an advantage. That would not be fair to Trevor Noah, current host of the “Daily Show”, nor do I think it makes sense for there to be yet another show with a comedian sat behind an anchor desk. That conceit has been worn out.

Unfortunately, its model of a more in-depth look at a single topic each show is an arena crowded with many “Daily Show” alumnus. There’s John Oliver’s “Last Week Tonight”, which uses that format every week; Samantha Bee’s “Full Frontal”, which does something similar from time to time; and Netflix carried “Patriot Act with Hasan Minhaj” for several seasons.

“The Problem” is not like those shows. Instead of trying to jam in a joke every thirty seconds, Stewart is comfortable leaving space and holding a relaxed conversation with guests. Its biweekly release schedule seems to reflect that slower pace, too. I appreciate that, but I feel like Stewart’s monologue at the top of the show could benefit from tighter editing. It is clear that he is as sharp as ever, but there was an almost musical beat to the way the “Daily Show” was edited that is missing here. It still feels like it is finding its footing.

Amazon Displays Its Own Brands Ahead of Better-Rated Products

Adrianne Jeffries and Leon Yin, the Markup:

An investigation by The Markup found that Amazon places products from its house brands and products exclusive to the site ahead of those from competitors — even competitors with higher customer ratings and more sales, judging from the volume of reviews.


By creating more than a hundred trademarked brands, most without an obvious connection to the company, Amazon can preserve its reputation if one of its homegrown products flops. This happened in 2015 when customer reviews for its newly launched Amazon Elements diapers included complaints about leaks and “sagginess.” Amazon pulled the products after just seven weeks to make “design improvements.”

Beyond the confusing language choices, Amazon seems to be doing its damndest to create a post-brand world. One where the company from which you bought a set of headphones or a refrigerator or a shirt simply did not exist the next day, like a Three-Card Monte dealer skipping town. Some companies still like to stand behind the quality of their products and thrive on that reputation, but that requires more effort.

Missouri Governor Vows Criminal Prosecution of Reporter Who Found SSNs Exposed in Public Website Source

Josh Renaud, St. Louis Post-Dispatch:

The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials. The department removed the affected pages from its website Tuesday after being notified of the problem by the Post-Dispatch.

Based on state pay records and other data, more than 100,000 Social Security numbers were vulnerable.


Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved.

The Post-Dispatch did the right thing when its reporters found this boneheaded privacy flaw in the website: it notified the department responsible, and held off disclosing the problem until it had been fixed just a couple days later. Job done, right?


Jason Hancock, Missouri Independent:

But by Thursday, Gov. Mike Parson was labeling the Post-Dispatch reporter a “hacker” and vowing to seek criminal prosecution.

“The state does not take this matter lightly,” Parson said Thursday at a hastily called press conference. He refused to take questions afterward.

On Twitter, Parson elaborated:

Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.

We notified the Cole County prosecutor and the Highway Patrol’s Digital Forensic Unit will investigate.

“Decoding” HTML — what a concept.

The state should be sending these reporters a “thank you” card and an Edible Arrangement, not charging them as criminals for viewing the public source code of the website.

Reminds me a little of that incident last month with a vaccination status app, and its fragile CEO. If anyone finds a security vulnerability and responsibly discloses it, they should be thanked publicly and paid. That goes for small businesses, large corporations, and governments alike.

Frances Haugen Changed the Conversation About Facebook by Focusing Her Criticism

Charlie Warzel:

If you pay close attention to this stuff, what she’s talking about is Platforms 101. But most people don’t pay close attention to this stuff. And what Haugen is doing here is articulating a very powerful point that many Facebook users still take for granted: What you see on Facebook is not organic presentation of information. It is the result of decisions made for you by the company’s software, which follows its leaders’ directives.

This is a powerful sentiment because it gives every Facebook user a tangible example of how the platform deprives them of a certain kind of agency. In 2018, when the Cambridge Analytica scandal was in its second week, I wrote that it would have staying power because it reminded regular users how platforms have “stripped us of the agency to dictate what happens with our most personal information.” I think Haugen’s testimony (and the documents that help back it up) will do something similar for people who may have not realized that Facebook is not a pure reflection of what’s happening in the lives of their friends and families — it is a highly curated one. Talking about Facebook from the perspective of user agency has the potential to be effective. The company isn’t all powerful and platforms aren’t mind controllers, but they do exert influence on how information is amplified. And that’s a responsibility to be held accountable for.

Facebook did not do itself any favours when, in 2014, it announced it had manipulated the emotions of hundreds of thousands of users for a week two years prior.

Reuters: Amazon Copied Products and Rigged Search Results, Documents Show

Aditya Kalra and Steve Stecklow, Reuters:

In sworn testimony before the U.S. Congress in 2020, Amazon founder Jeff Bezos explained that the e-commerce giant prohibits its employees from using the data on individual sellers to help its private-label business. And, in 2019, another Amazon executive testified that the company does not use such data to create its own private-label products or alter its search results to favor them.

But the internal documents seen by Reuters show for the first time that, at least in India, manipulating search results to favor Amazon’s own products, as well as copying other sellers’ goods, were part of a formal, clandestine strategy at Amazon – and that high-level executives were told about it. The documents show that two executives reviewed the India strategy – senior vice presidents Diego Piacentini, who has since left the company, and Russell Grandinetti, who currently runs Amazon’s international consumer business.

Earlier this year, Mother Jones cited several journalists who, in the words of one, claimed that Amazon is “the only company [they have] dealt with that has directly lied to me”. Several reporters used that word, “lie”, or said the company was deceitful in its responses to journalists — that it goes far beyond a typical carefully worded corporate message.

It would make sense if that reputation carried through to its dealings with lawmakers. World leaders are mostly deferential to executive wrongdoing. What consequences would be faced by Jeff Bezos or any of the managers named in this article if these allegations were proven true, if only for their false public statements?

Clearview Is Now Saying It Can Identify People Based on Synthetic Facial Features

Will Knight, Wired:

The company’s cofounder and CEO, Hoan Ton-That, tells WIRED that Clearview has now collected more than 10 billion images from across the web — more than three times as many as has been previously reported.


Some of Clearview’s new technologies may spark further debate. Ton-That says it is developing new ways for police to find a person, including “deblur” and “mask removal” tools. The first takes a blurred image and sharpens it using machine learning to envision what a clearer picture would look like; the second tries to envision the covered part of a person’s face using machine learning models that fill in missing details of an image using a best guess based on statistical patterns found in other images.

I am stunned Clearview is allowed to remain in business, let alone continue to collect imagery and advance new features, given how invasive, infringing, and dangerous its technology is.

Sometimes, it makes sense to move first and wait for laws and policies to catch up. Facial recognition is not one of those times. And, to make matters worse, policymakers have barely gotten started in many jurisdictions. We are accelerating toward catastrophe and Clearview is leading the way.

Ex-Ozy Employees Say Company Used Dubious Tactics to Build Email Subscribers

One of the reasons I linked to coverage of the Ozy meltdown at the end of last month is because I was apparently one of its email subscribers, but I could not remember registering. But I did notice that my earliest emails from the company were co-branded with Wired, which I was subscribed to at the time. Is that a coincidence?

Jemima McEvoy, Forbes:

Ozy Media boasts that it has more than 26 million subscribers for its newsletters, but former employees say this is another example of deceptive tactics at the embattled digital media company, with most of the email addresses on its newsletter lists either purchased, taken from other companies without their permission or added back to the lists after the recipients unsubscribed — a potentially illegal act (representatives from Ozy have not responded to Forbes’ repeated requests for comment).


Among the companies they say Ozy collectively accumulated millions of email addresses from were the McClatchy newspaper chain and the technology magazine Wired, according to two of the former employees (McClatchy and Conde Nast, the parent company of Wired, did not respond to requests for comment from Forbes).

It is not a coincidence.

TikTok Talk

Evelyn Douek, the Atlantic:

Recent Senate hearings — convened under the banner of “Protecting Kids Online” — focused on a whistleblower’s revelations regarding what Facebook itself knows about how its products harm teen users’ mental health. That’s an important question to ask. But if there’s going to be a reckoning around social media’s role in society, and in particular its effects on teens, shouldn’t lawmakers also talk about, um, the platforms teens actually use? The Wall Street Journal’s “Facebook Files” reports, after all, also showed that Facebook itself is petrified of young people abandoning its platforms. To these users, Facebook just isn’t cool.

So TikTok is not a passing fad or a tiny start-up in the social-media space. It’s a cultural powerhouse, creating superstars out of unknown artists overnight. It’s a career plan for young influencers and a portable shopping mall full of products and brands. It’s where many young people get their news and discuss politics. And sometimes they get rowdy: In June 2020, TikTok teens allegedly pranked then-President Donald Trump’s reelection campaign by overbooking tickets to a rally in Tulsa, Oklahoma, and then never showing.

TikTok is an unmitigated sensation, and the best argument made by those who insist that Facebook’s acquisitions of Instagram and WhatsApp have not meaningfully diminished competition in the social media space.

Its privacy and moderation policies are also worrying. Though similar to policies for platforms created in the U.S. and elsewhere, TikTok moderators have also censored videos, and there is more (emphasis mine):

[…] The platform’s content moderation is opaque, but there are plenty of reasons to be concerned: It has suppressed posts of users deemed ugly, poor, or disabled; removed videos on topics that are politically sensitive in China; and automatically added beauty filters to users’ videos. The “devious licks” challenge, which prompted kids to remove soap dispensers in schools, might sound comical, but school administrators aren’t laughing. Connecticut’s attorney general wants to know what’s going on with the “slap a teacher” dare, although TikTok says that’s not its fault.

The last claim is something that appears to be invented or at least exaggerated by a media that cannot get enough of the latest teen trend.

One thing that is certainly concerning is TikTok’s ability to steer users deeper into niche video categories. Like many other things here, this is not unique to TikTok — YouTube is notorious for a recommendation system that used to push users down some pretty dark paths.

An investigation by the Wall Street Journal this summer found that TikTok primarily uses the time spent watching each video to signal what users are most interested in. That weighting is a clever decision in its simplicity. Interacting with something on any platform by liking it, re-sharing it, or commenting on it requires a deliberate effort, and it is often public. Those actions tell a recommendation algorithm what we are comfortable showing other people what we are interested in. But the amount of time we spend looking at something is a far more valuable metric about what captivates us most.

Which is kind of creepy when you think about it.

The fact that our base instincts are revealed by how often we rubberneck at the site of a car accident will, unsurprisingly, create pathways to mesmerizing but ethically dubious videos. A Journal investigation last month found that demo user accounts that appeared to be aged 13–15 were quickly directed to videos about drinking, drug use, and eating disorders, as well as those from users who indicated their videos were for an adult audience only.

I get why this is alarming, but I have to wonder how different it is from past decades’ moral panics. Remember the vitriol expressed against Marilyn Manson in the 2000s for his music? Parents ought to have saved up that anger for now, when it really matters. Rap and hip hop have been blamed for all kinds of youth wrongdoing, as have MTV, television, and the internet more broadly. Is there something different about hearing and seeing this stuff in video form instead of in song lyrics or on message boards?

I think this recent Media Matters study by Olivia Little and Abbie Richards is a better illustration of the social failure of TikTok’s recommendations engine:

After we interacted with anti-trans content, TikTok’s recommendation algorithm populated our FYP [For You Page] feed with more transphobic and homophobic videos, as well as other far-right, hateful, and violent content.

Exclusive interaction with anti-trans content spurred TikTok to recommend misogynistic content, racist and white supremacist content, anti-vaccine videos, antisemitic content, ableist narratives, conspiracy theories, hate symbols, and videos including general calls to violence.

That looks like a pathway to radicalization to me, especially for users in balkanized and politically fragile regions, or places with high levels of anxiety. That seems to describe much of the world right now.

Google Is Moving Its iOS Apps Toward Platform UI Conventions and Away From Material Design

Jeff Verkoeyen runs Google’s design team for products on Apple’s platforms:

So at the beginning of this year, my team began a deep evaluation of what it means to build a hallmark Google experience on Apple platforms by critically evaluating the space of “utility” vs key brand moments, and the components needed to achieve either.

Does a switch really need to be built custom in alignment with a generic design system? Or might it be sufficient to simply use the system solution and move on?

Via Jason Snell who writes:

This is good news. It’s good for Google’s developers, who no longer have to build that custom code. And more importantly, it’s good for people who use Google’s apps on iOS, because with any luck they’ll be updated faster, work better, and feel more like proper iOS apps, not invaders from some other platform.

Good. I hope Google considers this for the apps it ships on other non-Google platforms, too.

Update: I keep thinking about this tweet in Verkoeyen’s thread:

It’s now been almost ten years now since we set out on this journey, and many of the gaps MDC [Material Design Components] had filled have since been filled by UIKit — often in ways that result in much tighter integrations with the OS than what we can reasonably achieve via custom solutions.

I would love to know what specifically has changed in UIKit that would only now make it possible to build Google’s apps with native components, compared to many years ago.

Social Networks Should Be Interoperable

Dan Froomkin:

The concept is known in tech circles as “interoperability,” “competitive interoperability,” or “adversarial interoperability.”

It doesn’t require the government to regulate speech. It doesn’t require you to delete Facebook, disconnect from your friends, or migrate your data. It doesn’t require there to be one algorithmic solution to all things.

It’s an appropriately decentralized, open-sourced, technologically elegant way of fixing the problem.

You or I could focus on the specific details of why this may not be a slam-dunk solution — money, probably — but I think it has legs. It is worth exploring, at least.

You can get a glimpse of this with Twitter. It remains one of the few big social networks that allows third-party clients. If you like and use the official Twitter app, that is cool, but you can choose from other ones for specific reasons. I use Twitterrific on my Mac and Tweetbot on my iPhone because they feel nicer to me, and always default to a reverse-chronological view.

But there are plenty of clients that do more than reproduce the Twitter experience: I use another app called Macaw to see great tweets from people with my orbit.1 But Nick, you may say, the official Twitter client does that too. The difference is that it is deliberate and separated. I can choose the experience I want — sometimes it is the first-party client, but most of the time I prefer these discrete third-party apps. And there are other Twitter clients for specific purposes: I have found some that only allow you to post and not read tweets, some that only allow the reverse, and one that is a client for direct messages only.

Every so often, I will see some tech commentator say that, actually, algorithmically sorted feeds are good. I get where they are coming from; I do not think they are wrong. But I want to be able to make that choice. I get to make that decision with my Twitter browsing experience and I am happier for it, and I would be less happy if I could only use the first-party client. Here’s another example: Instagram’s website is a better browsing experience than Instagram’s app since it shows photos from everybody I follow, instead of just the ones it thinks I will engage with.

The thing is that we have tried decentralized and interoperable networks before and, aside from email, none have amassed the user base of something like Facebook or YouTube. Historically, that could be due to the nascent days of the web only representing a small audience. There used to be websites that listed every other website on the web — that is how small it was. Now, it could be because networks like Mastodon and Pixelfed are built by technologists for technologists or, at least, a technically savvy niche audience.

But it could also be due to the network effects of massive siloed platforms. One way we can find out is to turn them into protocols.

  1. I just found out that Macaw is being integrated into a product called Clay. Watch it get shut down like Nuzzel and all the other apps for finding great tweets. ↩︎

ExpressVPN’s CIO Hacked Into the Accounts of Activists and Journalists on Behalf of the UAE

David Gerwitz, reporting for ZDNet in mid-September:

The first item is that Kape Technologies has announced plans to acquire ExpressVPN for $986 million. I do have concerns about this because Kape was once considered a malware provider. I’ll talk more about this in a bit.

The second item is a report in Reuters indicating that ExpressVPN CIO Daniel Gericke is among three men fined $1.6 million by the US Department of Justice for hacking and spying on US citizens on behalf of the government of the UAE (United Arab Emirates).

I’ll discuss each of these reports individually, and then share with you some thoughts about how these situations might impact your decision to use (or not use) ExpressVPN.

From that Reuters report by Joel Schectman and Christopher Bing:

The operatives — Marc Baier, Ryan Adams and Daniel Gericke — were part of a clandestine unit named Project Raven, first reported by Reuters, that helped the UAE spy on its enemies.

At the behest of the UAE’s monarchy, the Project Raven team hacked into the accounts of human rights activists, journalists and rival governments, Reuters reported.

This is a more comprehensive look at ExpressVPN’s sketchy history and its ownership that leave me with the impression that the world of VPNs is mostly bullshit. The honest take is that these products help users circumvent geographic restrictions, particularly for things like streaming services. I am convinced that, if streaming companies and media rightsholders were less concerned with nit-picking contracts and more focused on providing a great experience, there would be far less demand among everyday users for VPNs. By no means am I blaming streaming services for creating this sleazy market, but they certainly have not helped.

Some Popular VPNs and VPN Review Sites Are Owned by the Same Company, Kape Technologies

Brian X Chen, New York Times:

I learned this the hard way. For several years, I subscribed to a popular VPN service called Private Internet Access. In 2019, I saw the news that the service had been acquired by Kape Technologies, a security firm in London. Kape was previously named Crossrider, a company that had been called out by researchers at Google and the University of California for developing malware. I immediately canceled my subscription.

In the last five years, Kape has also bought several other popular VPN services, including CyberGhost VPN, Zenmate and, just last month, ExpressVPN in a $936 million deal. This year, Kape additionally bought a group of VPN review sites that give top ratings to the VPN services it owns.

The rest of Chen’s article is worth reading — VPNs are often marketed for their security and privacy promises, but it probably does not make sense for most people to route their web browsing through some third-party company — but these shady review sites caught my eye.

According to a May 2021 Restore Privacy report, Kape bought Webselenese and its vpnMentor and Wizcase review websites. Both websites aggressively push their top three picks which, funny enough, are all owned by Kape. Wizcase also publishes reviews of security software, and picks Intego as the best antivirus software for the Mac; Kape also owns Intego.

But if you were browsing either review website, you would probably miss Kape’s ownership. While a legitimate news organization would typically display conflicts of interest in immediate context, the word “Kape” appears nowhere in the on-page text, nor does it appear on the dedicated ExpressVPN review page. Wizcase’s “About” page says that the review site “believe[s] in transparency” and the footer on every page claims that it is an “independent review site”. vpnMentor says that its “reviews are not based on advertising” and its claims of honesty make it a “powerful transparency tool for the internet”.

There is only one place where a reader could find traces of Kape’s ownership on each site. You must find the small text reading “Ownership” at the top of a review page. On Wizcase’s website, it does not look like a link and it is a terribly low-contrast shade of grey — vpnMentor’s text link is blue — but, if you click on it, the site’s parentage is acknowledged.

This reminds me of those mattress review sites financed by Casper and the defunct tech review site owned by Verizon. It is not a new idea to create advertising masquerading as unbiased reviews, but it is wildly unethical. I wonder if the FTC would agree that the tiny disclosures on Kape’s review sites are adequate.

Zuckerberg Zags

Shortly after the Wall Street Journal began publishing “The Facebook Files” last month, a series of articles based on leaked internal research documents, the paper confirmed that two U.S. lawmakers were in touch with the whistleblower who leaked the files. Not only was the research in the possession of the Journal’s reporters and the SEC, the lawmakers said that they were hoping the whistleblower would speak publicly.

Yesterday, they got their wish. For three hours, Frances Haugen, who worked on misinformation policies at Facebook, testified before a Senate sub-committee. Not long after she finished speaking, Facebook’s communications department sought to discredit her — and, bizarrely, so did Glenn Greenwald, since Haugen was not the right type of whistleblower and must be regarded as suspicious for not saying what Greenwald thinks she should be saying — and then Mark Zuckerberg responded.

Zuckerberg’s letter is behind Facebook’s login wall; since I do not have an account, I cannot access it. Thankfully, the Verge has reproduced it in full for those of us who think that the public statements of the CEO of a major company should be, you know, public.

I obviously do not know more about Facebook than its founder and CEO. But I think it would be worthwhile to compare Zuckerberg’s comments against the reporting so far, so we can see what may be omitted, taken out of context, or misrepresented. Skipping over a perfunctory introduction and a brief reflection on Monday’s companywide outage, here is Zuckerberg’s comment on Haugen’s congressional appearance:

Second, now that today’s testimony is over, I wanted to reflect on the public debate we’re in. I’m sure many of you have found the recent coverage hard to read because it just doesn’t reflect the company we know. We care deeply about issues like safety, well-being and mental health. It’s difficult to see coverage that misrepresents our work and our motives. At the most basic level, I think most of us just don’t recognize the false picture of the company that is being painted.

Many of the claims don’t make any sense. If we wanted to ignore research, why would we create an industry-leading research program to understand these important issues in the first place? If we didn’t care about fighting harmful content, then why would we employ so many more people dedicated to this than any other company in our space — even ones larger than us? If we wanted to hide our results, why would we have established an industry-leading standard for transparency and reporting on what we’re doing? And if social media were as responsible for polarizing society as some people claim, then why are we seeing polarization increase in the US while it stays flat or declines in many countries with just as heavy use of social media around the world?

These are quite the paragraphs, with the latter being particularly misleading. Let’s look at each rhetorical question:

If we wanted to ignore research, why would we create an industry-leading research program to understand these important issues in the first place?

This premise is obviously false. Just because there exists a well-funded corporate research team, it does not mean their findings cannot be ignored — or worse. Researchers at oil companies were aware of the environmental harm caused by their products for decades before the general public; instead of doing something about it, they lied and lobbied.

If we didn’t care about fighting harmful content, then why would we employ so many more people dedicated to this than any other company in our space — even ones larger than us?

Of all the rhetorical questions in this paragraph, this one is framed around a wishy-washy straw man argument, so any response is going to be similarly vague. Framed as a binary choice of caring versus not caring, I suppose the presence of any platform moderation could be seen as caring. But perhaps this does not demonstrate an adequate level of care, even with the most contractors — not employees — compared to its competitors.

That premise is not the claim made by Haugen or the reporting on the documents she released, however. On September 16, the Journal published an analysis of moderation-related documents indicating that the company prioritizes growth and user retention, and is reluctant to remove users. The reporting portrays this as a systemic moderation problem that can be similarly attributed to greed and incompetence. As user growth has been driven almost exclusively (PDF) by the “Asia-Pacific” and “Rest of World” categories for years, platform moderation has not kept pace with language and regional requirements.

I bet Facebook’s staff and contractors, at all levels, are horrified to see the company’s platforms used to promote murder, drug cartels, human exploitation, and ethnicity-targeted violence. What the Journal’s reporting indicates is they struggle to balance those problems against profits, to which anyone with a conscience might wonder why there is a need for a touch so cautious they are reluctant to ban cartel members.

If we wanted to hide our results, why would we have established an industry-leading standard for transparency and reporting on what we’re doing?

Just a few weeks ago, Facebook acknowledged it omitted roughly half of all U.S. users from the research it provided to social scientists and other researchers. In August, Facebook suspended ad targeting researchers. In April, the team running the Facebook-owned CrowdTangle analytics tool was broken up. Is this an “industry-leading standard for transparency”?

And if social media were as responsible for polarizing society as some people claim, then why are we seeing polarization increase in the US while it stays flat or declines in many countries with just as heavy use of social media around the world?

This is, no kidding, an honest-to-goodness question worth asking, though it seems like the answer may be fairly straightforward: platforms like Facebook may not be wholly to blame for polarization, but they seem to exacerbate existing societal fractures, according to the Brookings Institute. Regions that are already polarized or have more fragile democracies are pulled apart further, while reducing time spent on these platforms decreases animosity and hardened views.


At the heart of these accusations is this idea that we prioritize profit over safety and well-being. That’s just not true. For example, one move that has been called into question is when we introduced the Meaningful Social Interactions change to News Feed. This change showed fewer viral videos and more content from friends and family — which we did knowing it would mean people spent less time on Facebook, but that research suggested it was the right thing for people’s well-being. Is that something a company focused on profits over people would do?

I am confused why Zuckerberg would choose to illustrate this by referencing Meaningful Social Interactions, the topic of one of the first pieces of reporting from the Journal based on Haugen’s document disclosures. The summary Zuckerberg paints is almost the opposite of what has been reported based on Facebook’s internal research. It is so easy to fact-check that it seems as though Zuckerberg is counting on readers not to. From the Journal:

Company researchers discovered that publishers and political parties were reorienting their posts toward outrage and sensationalism. That tactic produced high levels of comments and reactions that translated into success on Facebook.

“Our approach has had unhealthy side effects on important slices of public content, such as politics and news,” wrote a team of data scientists, flagging Mr. Peretti’s complaints, in a memo reviewed by the Journal. “This is an increasing liability,” one of them wrote in a later memo.

They concluded that the new algorithm’s heavy weighting of reshared material in its News Feed made the angry voices louder. “Misinformation, toxicity, and violent content are inordinately prevalent among reshares,” researchers noted in internal memos.

This change may have reduced time spent on the site, but internal researchers found it made Facebook a worse place to be, not a better one. The Journal also says Zuckerberg was worried about its impact on engagement after this algorithm change was launched and asked for changes to reduce its impact.

In response to Zuckerberg’s question this week, “is that something a company focused on profits over people would do?”, I say “duh and/or hello”.


The argument that we deliberately push content that makes people angry for profit is deeply illogical. We make money from ads, and advertisers consistently tell us they don’t want their ads next to harmful or angry content. And I don’t know any tech company that sets out to build products that make people angry or depressed. The moral, business and product incentives all point in the opposite direction.

Once again, I think there is a subtle distinction that Zuckerberg is avoiding here to make an easier argument. The internal documents collected by Haugen indicate the company profits more when people are engaged more, that engagement rises with incendiary materials, and that engagement is prioritized in the News Feed. These documents and reporting based on them do not indicate the company is intentionally trying to make people angry, only that it is following a path to greater profit that, incidentally, stokes stronger emotions.

Buzzfeed data scientist Max Woolf, in a thread on Twitter, illustrated another problem with Zuckerberg’s claims. In posts where discriminatory perspectives are framed as defiant or patriotic, the most common responses are “likes” and “loves”, not angry reactions. Would it be fair to say these are positive posts? If you only look at their reactions without looking at the context, that is the impression you might get.

Zuckerberg also reflects on some of the reporting on the effects of Facebook’s products on children and youth, but ends up passing the buck:

Similar to balancing other social issues, I don’t believe private companies should make all of the decisions on their own. That’s why we have advocated for updated internet regulations for several years now. I have testified in Congress multiple times and asked them to update these regulations. I’ve written op-eds outlining the areas of regulation we think are most important related to elections, harmful content, privacy, and competition.

In testimony earlier this year, Zuckerberg said that he would support changing Section 230 of the Communications Decency Act, but in a specific way that benefits Facebook and other large companies. In a vacuum and without existing social media giants, I think his proposal makes sense. But, today, it would be toxic for the open web. Increasing liability for websites that allow public posting of any kind would make it hard for smaller businesses with lower budgets to compete. Contrary even to Haugen’s limited reform scope, it seems likely that changes to Section 230 — without antitrust action — will, like many other laws, be easily absorbed by massive companies like Facebook while disadvantaging upstarts.


That said, I’m worried about the incentives that are being set here. We have an industry-leading research program so that we can identify important issues and work on them. It’s disheartening to see that work taken out of context and used to construct a false narrative that we don’t care. If we attack organizations making an effort to study their impact on the world, we’re effectively sending the message that it’s safer not to look at all, in case you find something that could be held against you. That’s the conclusion other companies seem to have reached, and I think that leads to a place that would be far worse for society. Even though it might be easier for us to follow that path, we’re going to keep doing research because it’s the right thing to do.

It is not every day you get an honest-to-goodness mafioso threat out of a CEO. I almost admire how straightforward it is.

Zuckerberg concludes:

When I reflect on our work, I think about the real impact we have on the world — the people who can now stay in touch with their loved ones, create opportunities to support themselves, and find community. This is why billions of people love our products. I’m proud of everything we do to keep building the best social products in the world and grateful to all of you for the work you do here every day.

Today, the Verge released the results of its latest Tech Trust Survey. Of the U.S.-representative 1,200 people polled in August, 31% think Facebook has a negative impact on society, 56% do not trust it with their personal information, and 72% think the company has too much power. 48% said they would not miss Facebook if it went away. Respondents were more positive about Instagram, but even more of them — 60% — said they would be okay if it disappeared. That is not a promising sign that people “love” the company’s offerings. All of this is after several years of critical coverage of Facebook, but before Haugen’s disclosures.

I do not think the Journal’s stories this month about Facebook revealed much new information that will swing those numbers much in either direction. What these leaks show is the degree to which Facebook is aware of the harmful effects of its products, yet often prioritizes its earnings over positive societal influence. If you read that sentence and thought like every company, Nick, I think we have found common ground on broader questions of balancing business desires with the public good.

Mike Masnick, Techdirt:

So if you’ve been brought up to believe with every ounce of your mind and soul that growth is everything, and that the second you take your eye off the ball it will stop, decisions that are “good for Facebook, but bad for the world” become the norm. Going back to my post on the hubris of Facebook, it also feels like Mark thinks that once Facebook passes some imaginary boundary, then they can go back and fix the parts of the world they screwed up. It doesn’t work like that, though.

And that’s a problem.

The incentives are all screwed up here. While Zuckerberg may claim that advertisers will refuse to spend on platforms that regularly spew hate, spread misinformation, and sow division, the last three quarters have been the most financially successful in its history. Repeated negative press stories have not correlated with advertising spending or Facebook’s value to investors.

It is not surprising this is the case: Facebook runs two of the world’s most successful personalized advertising platforms. Regardless of what advertisers say, it is not like many of them will actually go anywhere else, because where else is there to go? If they are being honest, none of the senators before which Haugen testified will stop their millions of dollars spent on Facebook ads either.

The policies that will require Facebook to reform in big, meaningful ways are those that improve privacy and restrict the use of behavioural information. Facebook’s incentives are aligned with exploiting that data, and the company’s paranoia pushes it to stretch acceptable boundaries. It is long past time to change those incentives.

Google AMP Links are Currently Not Appearing for iOS 15 Users Because of a ‘Bug’

Jeff Johnson:

For the past several days at least, Google search results have not included AMP links on iOS 15, but they still include AMP links on iOS 14. I’ve determined that Safari’s User-Agent makes the difference.


I’ve received a statement from Danny Sullivan, Google’s public search liaison: “It’s a bug specific to iOS 15 that we’re working on. We expect it will be resolved soon.”

Sometimes, the bug is the solution.

A Decade Later, Steve Jobs Is Still Paving Apple’s Path to Success

Steve Jobs died ten years ago yesterday. Jason Snell wrote a particularly nice piece for Macworld acknowledging the anniversary:

The fact that so much of Apple’s growth has happened since Jobs’s departure hasn’t reduced him at all. It would be relatively easy to argue that the success of Tim Cook’s Apple suggests that, despite everyone’s concern in the late days of 2011, the company actually could go on without Jobs at the helm. But that’s not what anyone thinks. Instead, Jobs is credited for putting Apple on the path that led to it becoming what it is today.

The acquisition of NeXT — a technology company with subdued success — by Apple Computer Inc. in 1997, a once-influential company that was weeks away from bankruptcy, is one of the greatest business success stories of all time. On paper, it is the merger of a niche company and a has-been; in practice, it changed the world — mostly because of Jobs.

I think Marco Arment put it well:

He wasn’t taken from us after a long, complete life — he was taken in his prime.

He had so much more to offer the world.

True. Yet his impact is so great that Jobs still offers the world more, long after his death.

A Dependency on Facebook in Developing Nations is the Company’s Strategy

Vittoria Elliott, Rest of World:

Facebook’s products are more than just a social network for hundreds of millions of people globally. Beyond being communication tools, the company’s platforms are e-commerce resources, storefronts, and health and emergency aids. In some regions, Facebook is the internet. Seven users from around the world described the impact of the seven-hour shortage to Rest of World, and a user from Nigeria said, “It’s painful.”

Facebook’s reach and dominance in much of the world is largely by design. As part of its strategy for exponential growth, the company has made internet access in the Global South — through the use of Facebook products — a priority.

It is easy to criticize a dependence on Facebook’s products from the perspective of someone who sees them as lightweight social apps, interchangeable with many others. But many of these regions engrained WhatsApp into their commerce systems before it was acquired by Facebook, and found the company digging deeper as it scored preferential treatment by local providers for its Basics product.

When WhatsApp Was Down, It Halted the Worlds of Many

Amy Cheng, Washington Post:

WhatsApp has emerged as a popular alternative to text messages, especially in developing nations where telecommunications services can be prohibitively expensive. But it is more than just a messaging platform: In Lebanon, for instance, coronavirus tests can be ordered — and results received — via WhatsApp. A Philippine diplomatic mission in the United Arab Emirates operates a WhatsApp hotline to communicate with its citizens in that country. And users in Brazil can use an in-app business directory to search for thousands of food and retail providers.

I am not sure the people snarking yesterday about Facebook’s outage fully recognize how deeply integrated WhatsApp is in the day-to-day commerce of so many countries. We can argue about the wisdom of dependency on single points of failure, but the lack of any warranty or guarantee on the infrastructure we use every day seems similarly flawed.

Facebook Releases More Details About the Cause of Yesterday’s Six-Hour Outage

Santosh Janardhan, VP of engineering and infrastructure at Facebook:

This was the source of yesterday’s outage. During one of these routine maintenance jobs, a command was issued with the intention to assess the availability of global backbone capacity, which unintentionally took down all the connections in our backbone network, effectively disconnecting Facebook data centers globally. Our systems are designed to audit commands like these to prevent mistakes like this, but a bug in that audit tool didn’t properly stop the command.

This change caused a complete disconnection of our server connections between our data centers and the internet. And that total loss of connection caused a second issue that made things worse.

These sorts of posts always go through legal and public relations teams, so it is hard to know how complete an accounting of yesterday’s outage it is. But what is written here is pretty embarrassing for Facebook — not the outage itself, but that a routine maintenance misconfiguration took out a single point of failure that rendered the entire company’s infrastructure inaccessible. Whether this actually makes sense as presented is something best judged by networking professionals operating at Facebook’s scale.

That said, I think it is commendable that Facebook issued an explanation for its outage under a VP’s name. It could have had its communications team issue a typically pissy statement attributed only to the company. When Google services were down in December, it was similarly transparent. I wish this could be the standard rather than the exception. It builds confidence.

For comparison, as I write this, Apple’s System Status page shows a resolved outage in Apple Pay and Wallet. For over seven hours yesterday, “users were not able to add, suspend, or remove existing cards to Apple Pay”, and this issue has simply been marked as “Resolved” but there are no more details. This explanation-free status update has been the standard for every iCloud-related outage, including serious incidents. It does not build confidence.

Siri’s Ten-Year Anniversary Is a Reminder of Apple’s Wasted Head Start

James Vincent, the Verge:

A decade later, the sheen has worn off Siri’s star. “It is such a letdown,” was how Schiller described the promise of voice interfaces past, and such a description could easily be applied to Apple’s contribution to the genre. Everyone who uses Siri has their own tales of frustration — times when they’ve been surprised not by the intelligence but the stupidity of Apple’s assistant, when it fails to carry out a simple command or mishears a clear instruction. And while voice interfaces have indeed become widespread, Apple, despite being first to market, no longer leads. Its “humble personal assistant” remains humble indeed: inferior to Google Assistant on mobile and outmaneuvered by Amazon’s Alexa in the home.

Looking back on a decade of development for Apple’s personal assistant, there’s one question that seems worth asking: hey Siri, what happened?

Siri in iOS 15 is not without its improvements, but it is still frustratingly limited. It refuses to maintain context, it took until iOS 14.5 — released this April — to fix that thing where you tell Siri to remind you of something “at three” and it sets a reminder for 3:00 in the morning, and it has regressed in some areas.


When Schiller introduced Siri in 2011, he stressed time and time again that Siri would understand users — that it knows what they are saying, just like a real person. This set the bar too high for Siri’s functionality. If you treat voice interfaces as if they have the same level of fluency and knowledge as a human being, you will always be disappointed. We speak, and they stumble. We guess what they’re capable of, and they disappoint. Usually because they don’t support the app or command we thought they would. Each failed interaction then teaches users: don’t trust this feature. By comparison, screens and displays tell us clearly what we can and cannot do. They offer menus, directions, and buttons. A voice offers only itself and our projections of intelligence. For Siri, users have been guided by Apple’s flair for the theatrical. They expect too much, and Apple delivers too little.

That is where I am at. Every Siri command — beyond adding Reminders and setting timers — feels like a tightrope walk I should attempt rarely. Sometimes, I am rewarded, like when I told Siri to add something to an existing note titled “Sept 26” and it completed the task successfully. But those moments of delight are often paired with feelings of failure and punishment, like when I told Siri to add something to an existing note titled “Oct 3” and it responded that no such note existed or, on a second attempt, that it could not do that. Why should I try repeatedly if it feels like a waste-of-time crapshoot?

Apple has improved Siri immensely by tying it to Shortcuts. You can build entirely custom Siri commands that are tailored just for your usage; I have created a few for myself. But being able to build your own is no match for a mythical version of Siri that built upon the momentum of the one revealed on this day a decade ago.

A few years ago, I tried a bunch of the commands shown in the original Siri demo video from before Apple acquired the company. It did poorly. I ran through the same commands just now, and saw broadly similar results as I did then:

  • “I’d like a romantic place for Italian food near my office” now seems to be parsed more-or-less correctly. Siri shows five restaurant suggestions that match the search, and it seems to consistently prioritize ones near my work’s address. When I change the command to “… near my home”, the sort order changes. Good.

  • “I’d like a table for two at Il Fornaio in San Jose tomorrow night at 7:30”, when converted for a restaurant in Calgary that I know uses OpenTable, now simply shows a Maps result with a checkmark indicating that reservations are accepted. Tapping on it brings me to the Maps entry, and if I tap the “Reserve” button, I see an OpenTable card with a preselected date of tomorrow, and a table for two people. The 7:30 time was not selected, but I thought Siri had this one licked.

    That is, until I tried changing the request to a table for four on Friday night. Going through the same flow still showed an OpenTable card for a table for two tomorrow night. I was also unable to complete this task using only my voice and a “hey, Siri” command.

  • “Where can I see Avatar in 3D IMAX?”, swapping “Avatar” for a currently-playing film, just showed me web results. Similar queries for theatre showtimes near me also just displayed a web search.

  • “What’s happening this weekend around here?” thankfully no longer displays news headlines, but it also returned a web search. Three suggestions were displayed: the first two websites were generic event aggregator pages not specific to Calgary, and the third result was for event listings in Ottawa, on the other side of the country. The location indicator in my iPhone’s status bar was solid, so I assume Siri was aware of my physical location, yet chose to ignore it.

  • “Take me drunk I’m home” still suggests calling a taxi.

Siri’s development cycle seems defined by a geological time scale. I know I just recently complained about bugginess in Apple’s current software releases that seems to be driven by a relentless and speedy release cycle but, from the outside, Siri languishes for exactly the opposite reason.

Users Can Now Report Scams and Frauds in the App Store

Earlier this year, I was among many people who reacted to Kosta Eleftheriou’s documentation of App Store scams. Remember X-Gate VPN? Well, in linking to that, I documented the nonexistent mechanisms for reporting fraudulent or scam apps. Well, Apple has finally remedied that problem.

Sean Hollister, the Verge:

As Richard Mazkewich and scam hunter Kosta Eleftheriou point out on Twitter, the [Report a Problem] button has not only returned to individual app listings for the first time in years, it now includes a dedicated “Report a scam or fraud” option in the drop-down menu.

Truly, the scantest sign of effort, but a good step forward.

Frances Haugen Reveals Herself as the Facebook Whistleblower

In a remarkable and, I think, poetic coincidence, Facebook spent hours today being completely unreachable, just one day after the whistleblower exposing new information about the company’s wrongdoing went public and one day before she is set to testify before Congress. I really do think it was coincidental, for what it is worth. Facebook’s problems also brought Instagram and WhatsApp down, and all of these are critical infrastructure in different parts of the world by default. We should probably reconsider having mostly private and mostly American companies running the world’s internet, but that is a matter for another time.

At any rate, Facebook is back, so let’s talk about it.

Scott Pelley, correspondant for CBC News’ 60 Minutes:

Her name is Frances Haugen. That is a fact that Facebook has been anxious to know since last month when an anonymous former employee filed complaints with federal law enforcement. The complaints say Facebook’s own research shows that it amplifies hate, misinformation and political unrest—but the company hides what it knows. One complaint alleges that Facebook’s Instagram harms teenage girls. What makes Haugen’s complaints unprecedented is the trove of private Facebook research she took when she quit in May. The documents appeared first, last month, in the Wall Street Journal. But tonight, Frances Haugen is revealing her identity to explain why she became the Facebook whistleblower.

Frances Haugen: The thing I saw at Facebook over and over again was there were conflicts of interest between what was good for the public and what was good for Facebook. And Facebook, over and over again, chose to optimize for its own interests, like making more money.

“The Social Dilemma” may have been oversimplified, but these documents and interviews with Haugen indicate its broad strokes are closer to the truth than not. Facebook has historically optimized for engagement metrics and, as also reported by Karen Hao for MIT Technology Review earlier this year, changes that reduce engagement are kneecapped internally. During the 2020 U.S. election, Facebook adjusted its News Feed algorithm to preference links to reputable news sources over bullshit, but it rolled back that change shortly afterward. Kevin Roose of the New York Times, who first reported the rollback, noted that this reversal was likely because prioritizing newsworthiness either hurt partisan publishers, or because it reduced key usage figures.

The documents sourced by Haugen seem to reinforce this narrative. One interpretation is that engagement is so deeply-engrained into Facebook’s culture that it robs the company of its social responsibility. I think this is very possible — likely, even.

But Hanlon’s Razor instructs us not to assume malicious intent when ignorance or incompetence explains the same — or, perhaps, fear. That is more-or-less what Times reporter Kevin Roose argues these documents illustrate:

It has become fashionable among Facebook critics to emphasize the company’s size and dominance while bashing its missteps. In a Senate hearing on Thursday, lawmakers grilled Antigone Davis, Facebook’s global head of safety, with questions about the company’s addictive product design and the influence it has over its billions of users. Many of the questions to Ms. Davis were hostile, but as with most Big Tech hearings, there was an odd sort of deference in the air, as if the lawmakers were asking: Hey, Godzilla, would you please stop stomping on Tokyo?

But if these leaked documents proved anything, it is how un-Godzilla-like Facebook feels. Internally, the company worries that it is losing power and influence, not gaining it, and its own research shows that many of its products aren’t thriving organically. Instead, it is going to increasingly extreme lengths to improve its toxic image, and to stop users from abandoning its apps in favor of more compelling alternatives.

The thing is that Facebook, the company, may be “for old people”, as a kid responded in internal research. But older people are still people, and much of the world’s communications still depend on the stability of Facebook as a company. I do not think it is as fragile as Roose believes, but it is awfully defensive and sensitive for being one of the most valuable companies ever to exist.

Safari Bookmarks, History, and iCloud Tabs Are All End-to-End Encrypted

SoleSolace on Reddit, via Sami Fathi of MacRumors:

Safari Bookmarks are now listed as end-to-end encrypted on Apple’s iCloud security overview. Previously, only Safari History and iCloud Tabs were. The update was between September 19 and September 25 (presumably with the iOS 15 release).

Via Michael Tsai:

It’s not clear to me when the history became end-to-end encrypted. I’ve heard that this was mentioned at WWDC 2019 for iOS 13 and macOS Catalina. Apple’s iCloud Security Overview also now says iOS 13, but it wasn’t updated to say that until March 2020, long after iOS 13 shipped.

I missed that history and tabs became end-to-end encrypted last year — Apple is not great at communicating these things — but it is long past time all of these things were given the highest privacy protections. Apple treats iCloud syncing of Safari data as an all-or-nothing affair, which has long meant that Apple held unencrypted copies of the complete browsing history of everyone who enabled Safari syncing features, private windows aside. There is no evidence, best I can tell, of any nefarious use or intent, but it is the principle that matters. Safari does a lot to protect users against inherently creepy trackers; it should also, itself, be as secure and private as possible.

And it should have better-designed tabs.

In SEC Filing, Telecom Router Syniverse Reveals Its Security Was Breached for Five Years

Lorenzo Franceschi-Bicchierai, Vice:

Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected, but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.


“Syniverse has access to the communication of hundreds of millions, if not billions, of people around the world. A five-year breach of one of Syniverse’s main systems is a global privacy disaster,” Karsten Nohl, a security researcher who has studied global cellphone networks for a decade, told Motherboard in an email. “Syniverse systems have direct access to phone call records and text messaging, and indirect access to a large range of Internet accounts protected with SMS 2-factor authentication. Hacking Syniverse will ease access to Google, Microsoft, Facebook, Twitter, Amazon and all kinds of other accounts, all at once.”

A failure of security with potentially staggering consequences for years to come. Syniverse did not disclose any of this publicly, and was apparently closed in May 2021. It was only revealed in an SEC filing last week as the company prepares to go public. This breach occurred under its current ownership by the Carlyle Group, a private equity firm.

Great reporting from Franceschi-Bicchierai, and a cowardly response from Syniverse.

Update: I recommend reading Matt Stoller’s piece, which you may remember from earlier this year, about how private equity’s financialization of industries squeezes their contingency planning in favour of easier profits.

There Is a Multibillion-Dollar Market for Your Phone’s Location Data

Jon Keegan and Alfred Ng, the Markup:

In an effort to shed light on this little-monitored industry, The Markup has identified 47 companies that harvest, sell, or trade in mobile phone location data. While hardly comprehensive, the list begins to paint a picture of the interconnected players that do everything from providing code to app developers to monetize user data to offering analytics from “1.9 billion devices” and access to datasets on hundreds of millions of people. Six companies claimed more than a billion devices in their data, and at least four claimed their data was the “most accurate” in the industry.


Companies like Adsquare and Cuebiq told The Markup that they don’t publicly disclose what apps they get location data from to keep a competitive advantage but maintained that their process of obtaining location data was transparent and with clear consent from app users. 

“It is all extremely transparent,” said Bill Daddi, a spokesperson for Cuebiq.

Aside from Amazon, Foursquare, and Oracle, have you heard of any of the forty-seven companies identified by the Markup? Some of them likely have your phone’s location if you use third-party apps, and there are effectively no restrictions on how they collect it or who they share it with. This is what the ad tech industry calls “transparent”.

Food Publishers Harm Users’ Experiences With Too Much Advertising and Affiliate Linking

Mark Stenberg:

The world of digital media works in predictable patterns, and the rise of g-commerce is simply the latest iteration of a familiar phenomenon. When a new technology allows for a new kind of ad placement, publishers tend to over-indulge.

If you strain your ear, you can practically hear the drool dropping from the salivating mouths of boardroom financiers:

“You mean we can monetize … everything? From the equipment, to the ingredients, to the grocery delivery itself? Yes … yes must have it. We must!”

(“G-commerce” is the nauseating term for “grocery commerce”.)

Complaints about lengthy stories preceding recipes are so common they have become a cliché, but I wish more people would be complaining about the phenomenon described by Stenberg. This is why I rely on apps like Paprika and new favourite Mela: I get just the recipe, sans referral nonsense and online grocery shopping widgets that do not work outside of the U.S.

Most often, though, I just use a printed cookbook, which continues to offer the best user experience of any medium.

Siri Regressions and Bugs in iOS 15


Starting with the customer release of iOS 15, iPadOS 15, macOS Monterey, tvOS 15, and watchOS 8 this fall, some SiriKit intent domains will be deprecated and will no longer be supported in all new and existing OS releases. If a user makes a request that leverages one of these APIs after it’s been removed, Siri will reply that it can’t support the request.

Benjamin Mayo, 9to5Mac:

Affected Siri domains include ride booking, configuration of vehicles via Siri over CarPlay, and third-party Photo Search. Many of these SiriKit intents were introduced when third-party Siri support was first added to the system back in iOS 10. Apple didn’t provide a reason for their abrupt removal.

Since the initial implementation of SiriKit, Apple has integrated Shortcuts workflows into iOS and these can be invoked via Siri using keywords. However, interactions with the native SiriKit intents was always more sophisticated and supported a much wider range of natural language as input.

SiriKit also works using common language patterns and keywords if you have installed a supported app, while Shortcuts requires manual configuration.

Juli Clover, MacRumors:

Several Siri commands that provide details on phone calls, voicemails, and sending emails no longer appear to be working. The following commands used to be functional, but have recently been removed.

  • Do I have any voicemails?

  • Play my voicemail messages

  • Check my call history

  • Check my recent calls

  • Who called me?

  • Send an email

  • Send an email to [person]

As Clover reports, these omissions were first documented by users on the AppleVis forums who support disabled people who use iPhones. This may be a bug — the behaviour is also present in iOS 14.8 — but it amounts to a regression until it is fixed.

Allow me a brief tangent: I found iOS 15’s beta cycle to be, all things considered, pretty stable. Aside from a redesign of Safari, seemingly in real-time, it was otherwise a minimally-disruptive experience — but I am not a heavy Shortcuts user.

Federico Viticci:

Unfortunately, the Shortcuts experience in iOS and iPadOS 15 is hindered by a variety of severe UI and performance bugs that have made this update the least stable and reliable one in recent memory. I believe Apple is aware of these bugs and is actively working on fixing them, but that doesn’t change the core problem: the Shortcuts app shipping with iOS and iPadOS 15.0 is buggy, crashes often, and gets in the way of power users with SwiftUI-related issues that prevent interactions with the editor.

As my professional and personal technology experiences increasingly revolve around the software-as-a-service model, I have recently been thinking a lot about the lack of stability as a priority. We are on the receiving end of a firehose of changes, redesigns, new features, and reimplementations of existing products. Yet the threshold for problems that will prevent a product from being shipped seems to be getting stricter.

What Viticci describes is an application that Apple shipped — in a production release of its most popular operating system — in an entirely unusable state. It is not a solitary case, nor is Apple the only software vendor to rush something out the door. But stuff like these Shortcuts problems — some of which are UIKit problems — and Siri regressions are profoundly disruptive to frequent users. And because they offer more niche functionality — compared to, say, Messages or Mail — it is almost worse: the people who are heavy users of Shortcuts or Siri need these specific functions to work well.

I know: issues like these get raised pretty much every year; this is a x.0 release; there are bigger problems to worry about. I know. I hope there is a day when stability and quality will be incentivized to the same degree as new features, but I cannot see that happening. At the very least, however, apps should not ship in a broken state, and deprecations should be clearly communicated to users as well as developers. Am I asking too much for companies to stand behind the products they ship?

Ozy Ozy Ozy

Speaking of fragile CEOs, if you have not yet read this week’s Ben Smith column in the New York Times, I promise it is worth making time for. In a nutshell, there’s this media company called Ozy that believes it is more popular than there is any evidence for to an egregious degree. There might be an FBI investigation into a specific incident where its cofounder apparently impersonated a YouTube executive. It is, if nothing else, an entertaining article.

Ozy CEO Carlos Watson claims this piece is a “ridiculous hitjob”. But while he says the impersonation incident was a result of a mental health issue, he offers little counterpoint to the seemingly trumped-up audience metrics.

Joshua Benton, of Nieman Lab, used the article as a jumping-off point to examine Ozy’s frequent claim that it finds up-and-coming talents before anyone else. This, too, seems to be bullshit — and, as Benton shows, it is alarming how often the company’s claims seem to be approvingly echoed by others — but I wanted to explore one tangental detail:

Let me twist my media decoder ring for a second. “Subscribers” is a term that can mean two things: “people who pay for regular access to your product” or “people whose email address we have.” Ozy’s number isn’t the former. They now claim 25 million “subscribers,” meaning they have a database with that many email addresses.

Watson twice claims 26 million in the same email that he claims 25 million, but never mind. I spend a lot of time on the web and also could not remember the last time one of its articles made its way into my orbit. I searched my Pinboard and could only find a single link I had saved from the site: a story about the then-author of Merriam Webster’s Twitter account.

The reason I am mentioning this is, despite its near-irrelevance in my head, the Ozy brand still rung a bell. I could not figure out why until I saw a tweet from Mike Masnick sharing Smith’s story:

This story is absolutely bonkers. Separately, I’ll note that until I read this story I had never even heard of OZY, but I just checked and somehow I’m subscribed to what appears to be all of its email newsletters (all routed directly into my spam folder).

I also checked and found that I was subscribed to email from Ozy between 2015 and 2018. I do not remember subscribing or unsubscribing, but I found that the earliest emails I received were co-branded with Wired. And I do remember subscribing to Wired. I wonder if this helps explain how Ozy built its list of 25–26 million subscribers.

Portpass App for Vaccination Proof May Have Exposed Hundreds of Thousands of Users’ Personal Data

Sarah Rieger, CBC News:

Private proof-of-vaccination app Portpass exposed personal information, including the driver’s licences, of what could be as many as hundreds of thousands of users by leaving its website unsecured. 

On Monday evening, CBC News received a tip that the user profiles on the app’s website could be accessed by members of the public.

CBC is not sharing how to access those profiles, in order to protect users’ personal information, but has verified that email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licences and passports can easily be viewed by reviewing dozens of users’ profiles.

The Portpass app, created by a Calgary-based team, came recommended by the parent company of our sports franchises because our official vaccination proving mechanism is built terribly. If the provincial government did not have its head stuck so firmly in the ground and were actually prepared for proving vaccination status instead of making international headlines for its incompetence, Portpass would not need to exist.


Earlier in the day, the Calgary-based company’s CEO Zakir Hussein had denied the app had verification or security issues and accused those who raised concerns about it of breaking the law.


“Someone that’s out there is trying to destroy us here, and we’re trying to build something good for people,” he said.

Imagine being so self-absorbed or insecure that you cannot admit to your company’s failure to implement rudimentary security and privacy safeguards.

There is a trickle-down effect to the decisions that have defined this fourth wave. This is the same sort of stance that our government has held while other provinces continue mitigation efforts, even as our health system is in dire straits. The last two months of pandemic response in this province has been a tiramisu of incompetence, and it feels like it is about to collapse.

I Guess People Really Hate AMP

Amplosion, which launched last week with the release of iOS 15, has reached the top paid app position in the App Store’s Utilities category.

More notable, I think, is that it is the third most popular paid app of any kind in the Canadian App Store as I write this, sitting just behind Procreate Pocket and well ahead of Facetune, Wolfram Alpha, and at least four moose hunting apps. People are willing to spend three dollars on an app so they never have to see an AMP page again. That says two things:

  1. Google’s attempt to replace HTML was a bad experiment that abused the company’s power and dominance, and I hope it goes away forever.

  2. Amplosion is a great app with a great icon.

What Happens When the Experience of Celebrity Becomes Universal?

Chris Hayes, writing in the New Yorker:

But as the critic Leo Braudy notes, in his 1987 study, “The Frenzy of Renown,” “As each new medium of fame appears, the human image it conveys is intensified and the number of individuals celebrated expands.” Industrial technology — newspapers and telegraphs, followed by radio, film, and TV — created an ever-larger category of people who might be known by millions the world over: politicians, film stars, singers, authors. This category was orders of magnitude larger than it had been in the pre-industrial age, but still a nearly infinitesimal portion of the population at large.

All that has changed in the past decade. In the same way that electricity went from a luxury enjoyed by the American élite to something just about everyone had, so, too, has fame, or at least being known by strangers, gone from a novelty to a core human experience. The Western intellectual tradition spent millennia maintaining a conceptual boundary between public and private — embedding it in law and politics, norms and etiquette, theorizing and reinscribing it. With the help of a few tech firms, we basically tore it down in about a decade.

As I read this, I was reminded of the concept of the digital garden, which I linked to in June. In essence, the digital garden requires us to assume the best in each other, regardless of how beautiful or incomplete our “garden” may seem. But Hayes’ piece reflects on the reverse of that: we are all famous on the internet and, so, are treated with the same scrutiny that used to be reserved for a select few.

I thought this was wise, too:

The ability to surveil was, for years, almost exclusively the province of governments. […]

Well, guess what? We have now all been granted a power once reserved for totalitarian governments. A not particularly industrious fourteen-year-old can learn more about a person in a shorter amount of time than a team of K.G.B. agents could have done sixty years ago. […]

In retrospect, it shocks me that new accounts on most social media networks are set to public by default. Pew Research says that, as of July 2019, only 13% of Americans have private Twitter accounts. I wonder how many people would have made theirs public if the default was different, or if there were a free and unforced choice when registering.

Charlie Warzel Interviews Shoshana Wodinsky About the Ad Tech Ecosystem

I have been enjoying Charlie Warzel’s Galaxy Brain newsletter generally, and I think this issue from last Thursday — I am still catching up — is a particularly good example.

Shoshana Wodinsky writes the advertising technology and privacy beat at Gizmodo. I have repeatedly linked to her effective coverage of these issues, including stories about a priest using Grindr and TikTok’s ownership. I recommend this interview in Galaxy Brain because it illustrates the depths of this reporting beat: there are so many layers to privacy-abusing ad technologies, and the industry is incentivized to pursue more because there are few guardrails.

Why Does the iPhone Still Use Lightning?

John Gruber:

The sub-head on Gartenberg’s piece is “The iPhone doesn’t have USB-C for a reason”. Putting that in the singular does not justice to the complexity of such decisions. There are numerous reasons that the iPhones 13 still use Lightning — and there are numerous reasons why switching to USB-C would make sense. The pro-USB-C crowd, to me, often comes across as idealogical. I’m not accusing Gartenberg of this — though it is his piece with the sub-head claiming there’s “a” singular reason — but many iPhones-should-definitely-use-USB-C proponents argue as though there are no good reasons for the iPhone to continue using Lightning. That’s nonsense.

I thought this was a fair look at reasons why the iPhone continues to have a Lightning connector and, adjacently, how the E.U.’s mandated USB-C proposal fails to consider more nuanced arguments.

I think this also helps explain why Apple’s “Magic” accessories — keyboard, mouse, and trackpad — and the Siri Remote continue to use Lightning. Lots of people have lots of Lightning cables laying around. But accessories are designed to last for years and it does not seem as interruptive to switch those over to USB-C as it would be for iPhones.

Apple Watch Series 7 Has a Mysterious 60.5GHz Wireless Data Transfer Frequency

Joe Rossignol, MacRumors:

Apple Watch Series 7 models are equipped with a new module that enables 60.5GHz wireless data transfer, according to FCC filings viewed by MacRumors, but this functionality may be reserved for Apple’s internal use only for now.


It’s unclear how fast the Apple Watch’s wireless data transfer would be, but our understanding is that USB 2.0 speeds up to 480 Mbps might be possible. It’s also unclear if the technology will ever be made available as a consumer-facing feature on the Apple Watch or other Apple products in the future, such as a long-rumored portless iPhone.

I am getting way ahead of myself here, but I am perplexed by the rumoured goal of an iPhone without external connectors. Wireless audio is something I get: AirPods are, for most people, nicer to use with an iPhone than wired headphones. But I still have not picked up either a Qi charging pad or any MagSafe accessory for my iPhone. I still have not been convinced.

I hope this is not simply a way to require that people purchase a separate MagSafe charging puck — $39 in the U.S. — and wall plug — $19 in the U.S. — to boost the average selling price of a new iPhone order. That is especially true as we learned this week that the iPhone 13 Pro’s giant camera bump makes it sit awkwardly on the MagSafe Duo, a product released less than a year ago.

Anyway, all that is speculative and for later. What is news now is that the Apple Watch Series 7 has this mysterious extremely high frequency data transfer. I am sure we will learn more when these models begin shipping. That will likely be around October 15, since preorders begin Friday, October 8. Mark your calendars. (Thanks to Josh Calvetti for the tip.)

Study by Lockdown Privacy Finds Big-Name Apps Like DoorDash, Peacock TV, and Yelp Ignore Tracking Opt-Outs

Johnny Lin and Sean Halloran:

When it comes to stopping third-party trackers, App Tracking Transparency is a dud. Worse, giving users the option to tap an “Ask App Not To Track” button may even give users a false sense of privacy: users who would have otherwise been more cautious with giving their data to an app might let their guard down, thinking that they’re “safe” from third-party tracking. Furthermore, we found that some apps didn’t even bother to show the ATT dialog, despite contacting numerous third-party trackers.

The core problem is that App Tracking Transparency is entirely based on the honor system, so it suffers the same fatal flaw as Apple’s “Privacy Nutrition Facts”. App developers can choose whether or not to be honest about tracking, and if all their competitors are lying, why would they choose to be honest? Since the App Store has millions of apps, slipping by the rules is not only easy, but as our testing showed, it’s the norm.

Contrast the tantrum thrown by privacy-hostile ad tech companies after App Tracking Transparency was announced against the results of this study: a tiny reduction in the amount of tracking in selected high-profile apps. Lin and Halloran say Peacock TV tried to track 57 times when permission was granted and 15 times when it was not — the biggest drop by percentage I could see — while there was no difference in many apps, and a few apps actually initiated tracking more times when the user declined. Private information was still being sent to third-party trackers even when tracking was denied.

But App Tracking Transparency is being blamed for some loss in tracking fidelity, according to Alex Kantrowitz, writing in his Big Technology newsletter:

“Just completely running blind” is how Aaron Paul, a performance Facebook marketer, described it. Paul said his company, Carousel, moved from spending millions of dollars each day on Facebook to a few hundred thousand dollars. Before the iOS changes, Facebook generated 80% of the traffic Carousel sent to its product pages. Now it accounts for 20%.

Apple’s iOS changes may lead to irreparable harm to Facebook’s ad business. This moment has demonstrated to Paul and his fellow performance buyers that relying on one channel (albeit a very effective one) is risky. So they’re looking to diversify their ad spend. Paul said he’s moved his ad budget elsewhere, including “Snapchat and TikTok, but also silent killers like email.” On Twitter, Facebook marketers discussing Apple’s changes almost unanimously agreed they needed to follow suit.

The disconnect in these findings may be explained by the many apps that are following the rules, particularly those from smaller or independent developers — who cannot afford to incur the wrath of App Review — and from really big developers where it would be obvious if they did not comply. In the middle lies this assortment of apps not quite notable enough to attract attention — at least, until this study came out.

I do not think it is surprising there are bad actors ignoring or abusing this feature. The nature of this feature is such that it is impossible to guarantee that apps will respect users’ privacy and choices. Groups of developers have already tried to create workarounds, though Apple has said that it would block any attempt to use them. What will Apple’s response be to this selection of apps?

Lin and Halloran:

In the Settings app, Apple needs to be extremely clear that iOS currently does not and cannot stop third-party tracking. Before iOS 14.5, every app permission (Camera, Contacts, etc) in the Privacy panel has always been enforced by iOS, ensuring that certain apps can or can’t access certain features. iOS 14.5’s Tracking permission breaks this ten-year-old iOS pattern and misleads users into thinking that it’s enforced like every other permission. In fact, iOS even claims something completely untrue here: that “new app tracking requests are automatically denied.”

A quick correction: the quote at the end refers to the dialog box that asks whether an app is allowed to track. If you have “Allow Apps to Request to Track” switched off, you will never see a tracking prompt, and all will be treated as though you tapped “Ask App Not to Track”. I do not think that it is “untrue”.

That aside, I do think the similarities between other permission prompts and the one for app tracking could be misleading. I do not think this is deliberate. But I can see how many people could view their effects similarly, even though the negative option is to “ask” for the app to comply with the user’s request instead of simply disallowing permission.

Visual Lookup With Siri Knowledge in Photos Is Only Available in the U.S., Which Is Something I Learned Earlier Today

Until this evening, I had mostly forgotten about Visual Lookup, the feature where you can take a picture of something and Siri will tell you what is in the photo. But I spotted a tree today that I wanted to know more about, and was disappointed when Siri refused to identify it. Then I noticed that it had not identified anything at all: not plants, not landmarks, not any type of bird.

I thought I had somehow misconfigured a zero-configuration feature, so I tweeted about it. It turns out that Visual Lookup is only available in the United States — but you will have a hell of a time figuring that out from Apple’s website.

If you visit the iOS 15 webpage, the only footnote pertaining to Visual Lookup is that it is “available on iPhone with A12 Bionic and later”, and my iPhone 12 Pro checks that box. Live Text is available in Canada, so I falsely assumed the same should be true for Visual Lookup. There is a general footnote indicating that “some features, applications, and services may not be available in all regions or all languages”, but there is no link to a more specific page, nor is there one on the feature list page.

I found the feature availability page by searching the web. And then you have to know that it is called Visual Lookup and that it is not indexed under “Photos” or “Siri”. Only then will you learn that it is only available in the U.S.

In fairness, Apple’s Canadian marketing page does not have a Visual Lookup section, which ought to have clued me in. But Apple’s marketing is worldwide, and its press release in Canada did not give any indication that it was a feature only for iPhones that speak American.1

Anyway, I changed the language on my phone about half an hour ago, plugged it in, and have now learned through Siri the tree I spotted is a horse chestnut or buckeye. Neat.

  1. One side effect of all tech companies being based in the U.S. is that feature availability typically means U.S.-first, followed by the rest of the world, which is where I and billions more people happen to live. ↩︎

iOS 15 is ‘Also Available’

Kirk McElhearn and Joshua Long writing at Intego’s Mac Security blog:

Apple released iOS 15 and iPadOS 15 on Monday, September 20, and, as usual, many people updated their iPhones, iPads, and iPod touches to the new operating systems. But unlike in the past, Apple is not pushing people to make the upgrade. For the first time, Apple is going to maintain the previous operating system for users who don’t want to upgrade. You can choose to remain on iOS 14, and still get essential security updates, if you’d rather not move to iOS 15. (When I mention iOS in this article, I also include iPadOS.) This is similar to the way Apple manages macOS; you can upgrade to the new version, or continue to receive security updates on the previous version.

When Apple announced it would be creating two update tracks, I assumed that minor updates to the existing operating system would be listed in the “Also Available” section. But it turns out that is not the case: new versions of iOS 14 are given top billing in the software update screen, and iOS 15 is in the secondary area, kind of like Apple is shy about its availability. This is a much quieter notification than in years’ past.

‘How Important Is Night Photography?’

Brian X. Chen, New York Times:

So in summary, the iPhone 13 cameras are slightly better than those of last year’s iPhones. Even compared with iPhones from three years ago, the cameras are much better only if you care about taking nice photos in the dark.

Just how important is night photography? I posed the question to Jim Wilson, a longtime staff photographer for The New York Times, as he was taking pictures of the new iPhones for this review. He said it would be a crucial feature for people like him, but not as important for casual shooters.

“Sometimes I wait until the night to make an ordinary scene look different and exciting,” he said. “But for most people who aren’t professional photographers, this is of no consequence.”

Via Nilay Patel on Twitter:

The NYT does not believe regular people stand to benefit from better iPhone photos in the dark. I live for this review from another planet every year.

The Times called the iPhone 13 “the most incremental upgrade ever”, which is certainly one way to frame noticeable improvements in battery life and camera quality. Chen does not mention the former, and seems unimpressed with the latter. This review includes a picture of a dog shot with an iPhone XS that is basically unusable. While I agree that most people should hold onto their phones for a few years — I plan on hanging onto my iPhone 12 Pro for at least another year’s worth of revisions, if not longer — someone coming from an iPhone XS would find lots of changes to love in the iPhone 13 line.

Also, better low-light capability undoubtably improves the whole camera system. Smartphone sensors are tiny; to them, anything sub-daylight is a lower-light situation. Hardware and software improvements that benefit performance in poor lighting conditions — aside from something specific like Night Mode — will also show benefits in mediocre lighting conditions.

I am not saying that Chen ought to have given a more positive review to these phones. I have not touched them; I have no idea. But his piece seems out of step with every other review I have read. I do not get it.

Bain Brains Take Pains to Ascertain Gains in Mains’ Reign

As part of its second annual Technology Report, Bain & Company published a study yesterday that reframes large acquisitions by tech companies — anything over $300 million — as inconsequential or even beneficial for competition. In an environment of increasing wariness of massive conglomerates, this raised my eyebrows, especially since it was being promoted by the CEO of a tech company lobbying organization.

It is not my place to assess the economics or business acumen of this study. I went to art school, which is sort of an anti-education in those kinds of fields. Usually, I would stay out of this sort of commentary since my reaction probably means that I am missing something non-obvious. But there are several things in this study that, so far as I can tell, do not require an economics degree to see that the conclusions drawn do not match the evidence presented.

The first case study is Amazon’s acquisition of Whole Foods in 2017. Bain produced three graphics. One shows that Whole Foods’ “pricing premium” over standard grocery store chains fell in the two years after Amazon bought the company. That is great, except Bain draws the conclusion that this “[made] healthy, fresh food more affordable for consumers”. That is an absurd summary. Last I checked, regular grocery stores had fresh, healthy food too, and at lower prices than the 13% premium Whole Foods charges, according to Bain’s own chart.

The second and third charts show that there was a modest increase in online grocery purchases between 2015 and 2019, followed by an explosion of the same in 2020. A similar trajectory is shown for delivery, in a graphic comparing 2016 to 2020 and carrying the headline “acquisition intensified pressure to adopt delivery”.

I am wondering if you, reader, can think of anything else beginning in 2020 that may have encouraged many more people to shop for groceries online and have them delivered. Anything at all?


Amazon’s 2013 expansion into grocery delivery with Amazon Fresh added pressure on US grocery retailers to begin offering online ordering and delivery services, and that pressure only intensified after Amazon acquired Whole Foods. Now, every major US grocery retailer offers online ordering and delivery services, either managed in-house or via partnerships. This was true even before the Covid-19 pandemic.

I buy the basic thrust of this argument. Amazon is a classic conglomerate, but many of its innovations have been in logistics. It is unsurprising that the biggest online retailer in the U.S. would be able to extend those logistics capabilities to a grocery store, and it is arguably beneficial for consumers, particularly persons with disabilities.

But there are reasons beyond stagnation why supermarkets in the U.S. have been reluctant to embrace delivery. It is dependent on delivery drivers and, without the artificially low pay structure of gig workers, it is prohibitively expensive because of its inherent inefficiencies. But because the gig economy is now a reality, grocery delivery has become a practical option, initiated — if anything — by Instacart, which launched in 2013 months before Amazon’s effort.

The benefits Bain describes can also be attributed to scale. Amazon also offers perks like free shipping in its online store, which small businesses struggle to compete against. Lower prices and free shipping are the kinds of consumer benefit derived from massive scale, but they must be weighed against the benefits of retailer choice and local businesses.

I am getting into the weeds here and away from the point I think we ought to focus on: Bain asserts that Amazon’s acquisition of Whole Foods was a key reason we now have widespread grocery delivery. It seems far more likely to me that grocery delivery was yet another industry where startups could underpay gig workers to do tasks that were previously economically unviable, and Amazon was well-positioned to hop on that ride. Instacart was in an even better place when Amazon bought Whole Foods, since grocery stores saw it as a lesser evil.

Another case study in the Bain report looks at the acquisition of WhatsApp by Facebook. The authors point to the effect this acquisition ostensibly had on SMS prices in the U.S., producing a chart that showed — in two-year increments — the average cost of an SMS.

I have reproduced that sole data series here and I would like you to point to the spot on this line of average SMS prices where WhatsApp was acquired:

Illustration based on Bain & Company chart.
Illustration based on Bain & Company chart

Is it not obvious?

Here is the full chart they presented:

Source: Bain & Company “Regulate with Care: The Case for Big Tech M&A” report.
Source: Bain and Company Regulate with Care: The Case for Big Tech M and A report

This chart shows that the biggest drop in SMS costs came before app-based messaging went mainstream, even before iMessage launched in 2011. The price of voice calls also catered around the same time. 2010 was about when carriers realized that charging people for texts was unnecessary since data was the new gravy train.

The story presented in Bain’s series of charts is really the story of switching from a protocol to several platforms. SMS, for all its faults, is a platform-agnostic messaging protocol that requires nothing extra. Now, we have a bunch of messaging applications that compete, but also silo our communications. My conversations span seven different messaging apps, and it is a good thing I am not an Android user or I would be struggling. Is it inherently good that we have many different messaging clients now? I appreciate the many features these platforms provide, but it seems to have come at the expense of interconnectedness. Imagine if we had many different telephone protocols that were platform-specific and incompatible with each other.

One more example from this Bain report is Google’s acquisition of YouTube. Here’s how the authors explain that:

In video streaming, YouTube helped fuel the proliferation of “over the top” (OTT) video providers such as Hulu, Sling, and Disney+. Now, YouTube competes for advertising dollars both with other OTT providers and traditional television companies.

The reason people were not consuming streaming video as much in 2006 — or 2001, when Blockbuster and Enron launched their own streaming service — is not because Google did not own YouTube at that time. Widespread broadband connections are a far more likely reason people are consuming more streaming video now.

More to the point, there simply is not another YouTube. I ran a poll last week — which, with only 43 respondents, is not some kind of robust study — in which I asked Twitter followers how many pre-roll ads YouTube could run before it sees a decline in viewership. 65% thought three pre-rolls was the cap, but I think it could be pushed way higher. If there were suddenly five or six pre-roll ads before the first video you watched that day, and then three or four on subsequent videos, do you really think people would stop watching? Where would they go?

The most robust user-generated video competitor, according to Bain’s charts, is Twitch. The Amazon-owned site is not really a YouTube competitor aside from in specific verticals and, as Ryan said in response to my poll, it is also running several ads before streams. These platforms are both terrible for users, and they know they can be increasingly horrible because they have no replacement.

I can continue to nitpick, but near the end, the study veers from mixing up cause and effect to being almost deceptive (“hyperscalers” is what Bain calls Alphabet, Amazon, Apple, Facebook, and Microsoft):

The common narrative is hyperscalers are acquiring disruptive competitors. But their M&A activity is only a small piece of the overall landscape, representing just 5% of total tech start-up exits last year (see Figure 5).

Switching from the value of acquisitions — which is mostly what the preceding paragraphs are all about — to their quantity masks their impact. Facebook’s acquisition of WhatsApp or Apple’s purchase of Beats is not equal to a small tech company merging with another small tech company. That is an obviously unfair comparison.

The impression I get from this study is that an acquisition by a big company of something else can be a wider indication of the value of that market, hopefully creating competition in that space. But that is not what much of this data shows. There are so many examples here of “hyperscalers” hopping onto an existing market trend that it is hard to see that case being made. The closest the authors get is with Instacart’s boom following Amazon’s purchase of Whole Foods — but “Instacart” appears nowhere in this study.

It is a frustrating article where I am sure I am missing a great deal. I wish I could read the authors’ references or see their analysis in more detail. But all we get is this lightweight summary that does not prove its case.

Federico Viticci on Safari in iOS 15

Federico Viticci of MacStories has published his annual longform review of the iOS and iPadOS updates, and it is typically comprehensive and carefully constructed. Given my criticisms of Safari’s redesign this summer, I wanted to highlight his impressions:

And here’s the thing: the way I see it, this year’s Safari is an excellent upgrade over iOS 14, with desktop-class features that are finally making their way to mobile devices and a design direction that paves a new path for Apple to follow over the coming years. I have some reservations, particularly regarding the iPad version of Safari. But overall, I feel like the struggles with Safari’s design earlier this summer were necessary for Apple to end up in a much better place than iOS 14’s Safari.

The new Safari, especially on iPhone, may take a while to get used to, but I’m a convert, and I wouldn’t want to go back to Safari’s older look on iPhone now. Let’s take a look.

I feel entirely the same. There is a setting for reverting to the previous layout, but I urge you to give this new version a fair shake.

The one annoyance I continue to have on iOS is when I trigger the tab bar when I mean to drag the home indicator, and vice-versa. These gestures are all very clever but they tend to collide on an iPhone’s relatively small display.

On my iPad — and on my Mac, where I have been running beta versions of Safari 15 for weeks — I still think this redesign is a mess. It is unnecessarily cramped, it is visually unappealing, and there are usability problems even if you enable the separate tab bar to mimic previous versions. The best updates to Safari 15 on iPad and Mac will be those that make it look and work more like Safari 14.

But everything else works pretty well, at least. Tab Groups have made it easier for me to keep several projects organized, I am glad to see extensions in iOS and iPadOS, and I like the improved Safari start page.

Amplosion for iOS

If you have updated to iOS 15, you get to take advantage of Safari Extensions on your iPhone. A great place to start is with Christian Selig’s Amplosion, which automatically redirects bad Google AMP links to good normal links. Even if you like Google AMP links for whatever bizarre inhuman reason — who am I to judge? — Amplosion is worth getting just for its beautiful set of icons.

Remember beautiful and fun icon design? Those were the times.

Do not miss Selig’s announcement video.

Alberta’s Proof-of-Vaccination Program Begins Today

Natalie Valleau, CBC News:

The Alberta government launched its COVID-19 immunization record on Sunday so vaccinated individuals can print out a card-sized copy — but it turns out getting your name on one isn’t difficult.

After the site launched, many took to Twitter to exclaim that the PDF was not locked and that virtually anyone can edit the information on it if they have access to Adobe Reader.

I get the concern, but a home-printable copy of a Helvetica-typeset list of vaccinations is not some unforgeable document. It is trivial to unlock PDFs, too. This is apparently a stopgap measure until QR code-based authentication rolls out later, and it sure feels half-assed. It is not even the size of something you can easily fit in your wallet.

I think it is pretty objectionable they launched this program at a separate URL — albertavaccinerecord.ca — instead of a subdomain of alberta.ca. The first time I saw the address, I had to visit the Alberta Government’s website to verify that it was a legitimate address. I bet very few people did the same. This teaches terrible security practices.

Monotype Acquires Hoefler&Co, and Jonathan Hoefler Is Leaving


Monotype today announced that it has acquired Hoefler&Co, the prominent type foundry based in New York City. Hoefler&Co is one of the most iconic names in type design, having designed the fonts that give voice to many of the world’s foremost institutions, publications, causes, and brands.

Jonathan Hoefler on the Hoefler&Co website:

In the meantime, I’ll be stepping down from my role in the company, to finally make the time to recharge, reflect, and explore some new ideas. In these past few years, participating in a documentary and using typography to help elect a president have been potent reminders of just how many ways there are for type to make a difference, and just how many people are moved by the splendor of typography.

I hope Monotype will be a good steward of the Hoefler&Co collection, but it is always a little bit disappointing to see a seemingly successful independent business get swallowed up by some giant.

In a Story About Increasing Activism at Apple, the New York Times Offers No Credit to the Verge

Apple held an all-hands meeting with employees earlier today. We know this because Zoë Schiffer, of the Verge, reported it on Twitter and live tweeted through it. Schiffer has been a go-to reporter on internal activism efforts at Apple, breaking story after story about employees’ complaints.

But you would not know that if you only read today’s piece from Jack Nicas and Kellen Browning of the New York Times. The article is mostly a retread of ground already covered by Schiffer, but without a single attribution to Schiffer’s work. The Times Guidelines on Integrity document is clear what the reporters ought to be doing:

Our preference, when time and distance permit, is to do our own reporting and verify another organization’s story; in that case, we need not attribute the facts. But even then, as a matter of courtesy and candor, we credit an exclusive to the organization that first broke the news.

Nicas and Browning certainly have their own sources within Apple. Given the number of employees present during today’s all-hands, its contents were certain to leak to someone on the Apple beat. The Times says it has a recording of the meeting, too.

But Schiffer was first to report on all of these stories. The Times should be giving credit.

Facebook’s Design at Scale Means Every Decision Has Extraordinary Consequence

Charlie Warzel:

I’ve come to believe that arguments weighing Facebook’s good and bad outcomes are probably a dead end. What seems rather indisputable is that as currently designed (to optimize scale, engagement, profit) there is no way to tweak the platform in a way that doesn’t ultimately make people miserable or that destabilizes big areas of culture and society. The platform is simply too big. Leave it alone and it turns into a dangerous cesspool; play around with the knobs and risk inadvertently censoring or heaping world historic amounts of attention onto people or movements you never anticipated, creating yet more unanticipated outcomes. If there’s any shred of sympathy I have for the company, it’s that there don’t seem to be any great options.

I think there are plenty of overwrought claims about Facebook that are really not about Facebook and mostly about scoring political points. It can feel performative when people say things like “Facebook is not compatible with democracy.” But I do believe that Facebook, at its current scale and in its current design, is not really compatible with humanity.

Working through the Wall Street Journal’s Facebook Files series this week has been an educational experience. These articles are chock full of evidence from inside the company effectively proving what has long been assumed externally: that it has all of the research and data to show the dangers of its platform, yet attempts to control for them are either shot down for profit reasons or, if implemented, cause unintended consequences that are just as bad. The world coalesced around Facebook’s properties as a primary communications channel and we are worse for it — but we struggle to turn away.

Police Mine Tech Companies for Individuals’ Information With Broad Warrants

Johana Bhuiyan, the Guardian:

Geofence location warrants and reverse search warrants such as the ones McCoy dealt with are increasingly becoming the tool of choice for law enforcement. Google revealed for the first time in August that it received 11,554 geofence location warrants from law enforcement agencies in 2020, up from 8,396 in 2019 and 982 in 2018.

It’s a concerning trend, argue experts and advocates. They worry the increase signals the start of a new era, one in which law enforcement agencies find ever more creative ways to obtain user information from data-rich tech companies. And they fear agencies and jurisdictions will use this relatively unchecked mechanism in the context of new and controversial laws such as the criminalization of nearly all abortions in Texas.

If this topic sounds familiar to you, thank you for being a regular reader. I think this is a critical topic to understand since how law enforcement, which is generally prohibited from monitoring large groups of people indiscriminately, is able to work around pesky restrictive laws by subpoenaing advertisers and data brokers. Byron Tau of the Wall Street Journal has covered this extensively, and so has Joseph Cox of Vice and reporters at Buzzfeed News. In some cases, law enforcement is able to collect information without a warrant, as Tau revealed in an article earlier this week.

Where I think this article jumps the rails is in its attempt to tie Apple’s proposed CSAM detecting efforts to the above warrantless data collection methods:

For tech companies that count advertising among their revenue streams – or as a major source of revenue, as is the case for Google, there’s no real technical solution to curbing government requests for their data. “It would be technically impossible to have this data available to advertisers in a way that police couldn’t buy it, subpoena it or take it with a warrant,” Cahn said.

That’s why Apple’s now-postponed plan to launch a feature that scans for CSAM caused such a furor. When the FBI in 2019 asked Apple to unlock the phone of the suspect in a mass shooting in San Bernardino, California, Apple resisted the request arguing the company couldn’t comply without building a backdoor, which it refused to do. Once Apple begins scanning and indexing the photos of anyone who uses its devices or services, however, there’s little stopping law enforcement from issuing warrants or subpoenas for those images in investigations unrelated to CSAM.

While I understand the concern, this is simply not how the proposed feature would work.

For one thing, Apple is already able to respond to warrants with photos stored in iCloud. The CSAM detection proposal would not change that.

For another, photos are not really being scanned or indexed, but compared against hashes of known CSAM photos and flagged with information about whether a match was found. These would only be for photos stored in iCloud, so someone could disable the feature by disabling iCloud Photo Library.

Perhaps I am missing something key here, but Bhuiyan’s attempt to connect this feature with dragnet warrants seems tenuous at best. When law enforcement subpoenas Apple, they ask for information connected to specific Apple IDs or iCloud accounts. That is very different from the much scarier warrants issued based on the devices connected to a location, or the users that are connected with search queries.

Ad tech companies and data brokers have so much information about individual users that their databases can be used as a proxy for mass surveillance — that is a more pressing ongoing concern.

The iPhone 13 Pro’s Camera Bump Is News in Big

It seems like so long ago that the iPhone 6 launched and, with it, the ”really very pragmatic optimization” of the camera bump, and even longer still since the original iPhone presentation where Steve Jobs barely acknowledged that it had a “two megapixel camera built in”. Now look at the camera. It is less of a bump and more of a boulder.

Apple’s accessory design guidelines have not been updated with these phones yet. But if the webpage rendering is anything to go by, the bump is now over 50% of the width of the back glass and over 25% of its height. This is not a complaint, per se, as I appreciate the technical achievements of building so much camera into so little space. But I have to wonder how much farther this can go. Will a not-too-distant iPhone model just make the whole phone as thick as the camera bump, as if for the cycle to start anew?

Ex S

What’s in a name?

Apple is a company of shifting patterns. For years, it has been content with a tick-tock cycle in iPhone hardware. In one year, the flagship model will have a new visual design language with modest under-hood improvements. The following year, they will be replaced at the top end by phones that have a similar — if not identical — industrial design, but with bigger improvements to the processor, cameras, and other hardware elements.

Rinse and repeat annually until you have one the most successful businesses the world has ever seen.

But we have not seen an S-branded iPhone since the XS of 2018. Its successor models — the 11 and 11 Pro — seem to have set a template for the iPhones of today: a shared industrial design language with subtle differences between the two product lines — and also some changes that set them apart from last year’s models — with one line that is more consumer-oriented, and another that has better cameras and nicer materials.

The iPhone 13 and iPhone 13 Pro models introduced today seem like a continuation of that pattern.1 But as you read through the press release or launch coverage, one thing that seems apparent is how much of the changes are on the inside. Sure, they have slightly smaller notches and the cameras on the back of the 13 are orientated differently — for technical reasons, Apple says — but the improvements are otherwise entirely about what the hardware can do, not what it looks like.

In the past, a faster processor, a radically improved camera system, a new display, and some new colours would surely have encouraged an “iPhone 12S” moniker. But the S-branded models generally receive worse coverage purely because of their looks. Instead of being seen as new iPhones, their updates are treated as more modest — even though their technical improvements have often eclipsed comparable changes in non-S models.

I still find it hilarious how the wise tech commentariat of Twitter and the mainstream press alike yawn at S-branded iPhones despite their internal improvements. It reveals so much about the often ridiculous way we consume products. But that reaction is no good for Apple. It wants people to pay as much attention to its iPhone events even when it is not creating an entirely new industrial design language. Just look at the Cinematic mode in these new models, which allows users to change video focus after capturing it. If it works as well as we saw today, that is a huge leap forward.

From a marketing rationale, I think the S-branded models are gone for good. The question is whether we can now expect the numerical branding to continue incrementing for the foreseeable future. The iPhone naming scheme is uniquely cumbersome for an Apple product, but it is hard to see how the company could change it without messing up its pricing strategy. In the U.S., base iPhone models are priced from $399 all the way up to $1,099 — and that is before you change storage options. There are nearly no gaps in the base price of an iPhone; the biggest jump is $200, between the 13 and the 13 Pro.

As long as Apple wants to continue offering such a wide range of prices while including previous years’ models, I think it will stick with this naming scheme. Dropping the “S” naming convention simplifies the line further: an S-branded phone means nothing, but it is implicit that a higher number means a better model. And, if it means less chance of people minimizing it as a tweaked version of last year’s phone, that is even better for Apple.

  1. I am glad the Mini is sticking around for another year, too. ↩︎

SEC Charges App Annie With Securities Fraud in $10 Million Settlement

Issie Lapowsky, Protocol:

The Securities and Exchange Commission announced Tuesday that it’s charging App Annie, the mobile app data provider, with securities fraud, accusing the company of “engaging in deceptive practices” and misrepresenting the origins of its data. App Annie will pay a $10 million settlement, according to the announcement, although the company has not admitted to any of the SEC’s findings.

The ability for companies to settle charges like these without admitting fault is a fascinating piece of legal spin I would love to learn more about. I looked at all of the press releases issued by the SEC since July 1. About one-third of them contained some variation of the phrase “without admitting or denying the SEC’s findings” — including for settlements for inflated income reporting by Kraft Heinz, misreporting a security breach of Pearson, auditing interference by Ernst & Young, and UBS failing to control for risky investments. Allegedly.

We all have to use the word “allegedly” because none of the above companies — including App Annie — admitted guilt, nor were found guilty. They all get to pretend as though they have not broken the law. This settlement process may be less expensive than taking these cases to trial, but the result is that fraud and systemic abuse is treated as a business expense. And remember: these press releases are all from the last ten weeks.

Anyway, all of that is surely beyond the scope of this little website. I wanted to look at that App Annie settlement in more detail and got sidetracked. Here:

[…] The order finds that App Annie and Schmitt understood that companies would only share their confidential app performance data with App Annie if it promised not to disclose their data to third parties, and as a result App Annie and Schmitt assured companies that their data would be aggregated and anonymized before being used by a statistical model to generate estimates of app performance. Contrary to these representations, the order finds that from late 2014 through mid-2018, App Annie used non-aggregated and non-anonymized data to alter its model-generated estimates to make them more valuable to sell to trading firms.

A reminder that App Annie’s data collection practices, like other similar companies, are horrible and creepy.

Video From Today’s ‘California Streaming’ Apple Event

John Voorhees at MacStories has posted copies of all of the videos from today’s “California Streaming” launch of the iPhone 13 lineup, Apple Watch Series 7, and new iPad and iPad Mini models. Apple did not launch new AirPods — which is a bit embarrassing for me — but at least I was not peddling rumours about a big Apple Watch redesign or satellite connectivity in the iPhone.

To find these videos, you may have to look at little harder than simply visiting YouTube and searching for “Apple”. Right now, the top-ranked video for that query is a live stream of a cryptocurrency scam. When I checked earlier, over fifteen thousand people were watching, and the channel broadcasting it somehow has over a million subscribers. As of writing, it is still live, and the Bitcoin and Ethereum addresses associated with the scam have received over $170,000 in just a few hours today.

Google has not responded to my questions about how easy it is to hijack an obviously popular brand term on YouTube with a commonplace scam like this one.

Update: A Google spokesperson confirmed the channel was terminated.

Some Epic v. Apple Post-Decision Followup

How was your weekend? Mine was pretty quiet. I made a peach crumble that I daresay turned out real nice, even though my baking skills are terrible — which is why I make crumbles instead of pies.

Epic Games’ lawyers, on the other hand, were hard at work. The company paid its court-ordered six million dollar penalty — which CEO Tim Sweeney announced with a low-resolution Apple Pay logo for some reason — and filed its expected appeal.

Sarah Perez, TechCrunch:

The appellate court will revisit how Judge Gonzalez Rogers defined the market where Epic Games had argued Apple was acting as a monopolist. Contrary to both parties’ wishes, Gonzalez Rogers defined it as the market for “digital mobile gaming transactions” specifically. Though an appeal may or may not see the court shifting its opinion in Epic Games’ favor, a new ruling could potentially help to clarify the vague language used in the injunction to describe how Apple must now accommodate developers who want to point their customers to other payment mechanisms.

After some catch-up reading today, I think my takeaway on Friday stands. This ruling was well-written and well-articulated; but, while the intention of the injunction was implied, its implications for Apple and developers are still unclear.

I generally agree with Marco Arment’s imagined result:

As a developer, I’d love to see more changes to Apple’s control over iOS. But it’s hard to make larger changes without potentially harming much of what makes iOS great for both users and developers.

Judge Gonzalez Rogers got it right: we needed a minor course correction to address the most egregiously anticompetitive behavior, but most of the way Apple runs iOS is best left to Apple.

I still think there are more things that regulators ought to be looking into when it comes to the expansive offerings of companies like Apple, Google, and Microsoft. But I think Arment makes a good case for the almost status quo.

(Update: I keep thinking about the likelihood of the sideloading doomsday scenarios that Arment writes about. This next part of the parenthetical will only make sense if you read his post: I could see Facebook creating its own app marketplace for iOS, but I am unclear why developers would need to submit their apps to multiple marketplaces, so long as Apple gets to keep its first-party App Store. An adjacent anxiety is the piecemeal way application marketplaces are being regulated. If Apple would like to retain some level of control over the way the iOS app model works around the world, I hope it sees what regulators are looking into and is able to work with them to assuage their concerns, because a Facebook app marketplace is a worrisome prospect indeed.)

I also appreciated Ben Thompson’s take summarizing some of the court’s definitions and legal justifications; here, quoting Judge Gonzalez Rogers’ decision:

If Apple could no longer require developers to use IAP for digital transactions, Apple’s competitive advantage on security issues, in the broad sense, would be undermined and ultimately could decrease consumer choice in terms of smartphone devices and hardware…to a lesser extent, the use of different payment solutions for each app may reduce the quality of the experience for some consumers by denying users the centralized option of managing a single account through IAP. This would harm both consumers and developers by weakening the quality of the App Store to those that value this centralized system.

That was a lot of legalese, but this is the takeaway: IAP is distinct intellectual property from developer tools broadly; it is the entire set of app management tools, not just a payment processor; and Apple has legitimate competitive justification to require IAP be used for in-app purchases.

Interesting days ahead for the App Store. This modest corrective action is, I think, a good step toward a store that improves users’ experiences while opening up new possibilities. I still hope Apple takes greater advantage to simultaneously release regulatory pressure and the hostility felt by developers.

Apple Issues Software Updates to Patch at Least One Vulnerability Exploited by NSO Group

Apple today released iOS 14.8, iPadOS 14.8, WatchOS 7.6.2, and MacOS updates to patch two vulnerabilities exploited in the wild, including one by NSO Group. Bill Marczak, et al., of Citizen Lab:

Because the format of the files matched two types of crashes we had observed on another phone when it was hacked with Pegasus, we suspected that the “.gif” files might contain parts of what we are calling the FORCEDENTRY exploit chain.

Citizen Lab forwarded the artifacts to Apple on Tuesday, September 7. On Monday, September 13, Apple confirmed that the files included a zero-day exploit against iOS and MacOS. They designated the FORCEDENTRY exploit CVE-2021-30860, and describe it as “processing a maliciously crafted PDF may lead to arbitrary code execution.”

The exploit works by exploiting an integer overflow vulnerability in Apple’s image rendering library (CoreGraphics). We are publishing limited technical information about CVE-2021-30860 at this time.

NSO Group’s spyware is almost always deployed in a highly targeted way but, now that some knowledge about this vulnerability is public, it is only a matter of time before it is exploited more broadly. Update your software today.

Nearly Six Million High-Profile Facebook Users Are Effectively Exempt From Platform Rules

Jeff Horwitz, Wall Street Journal:

Mark Zuckerberg has publicly said Facebook Inc. allows its more than three billion users to speak on equal footing with the elites of politics, culture and journalism, and that its standards of behavior apply to everyone, no matter their status or fame.

In private, the company has built a system that has exempted high-profile users from some or all of its rules, according to company documents reviewed by The Wall Street Journal.

The program, known as “cross check” or “XCheck,” was initially intended as a quality-control measure for actions taken against high-profile accounts, including celebrities, politicians and journalists. Today, it shields millions of VIP users from the company’s normal enforcement process, the documents show. Some users are “whitelisted” — rendered immune from enforcement actions — while others are allowed to post rule-violating material pending Facebook employee reviews that often never come.

I do not think it is surprising that moderation of high-profile accounts is treated differently than that of average users, nor do I necessarily think it is wrong. Social media is all grown up, with celebrities and organizations treating it as an official broadcast system. The U.S. Securities and Exchange Commission treats Facebook posts as adequate investor disclosure.

But what Facebook has built, according to Horwitz, is not a system to protect the integrity and security of Facebook users with a large audience. It is an over-broad attempt to ward off what employees call “PR fires” — a side effect of which being that the users with the biggest megaphones are given another channel by which to spread whatever information they choose with little consequence.

Also, nearly six million users are enrolled in this thing?


The documents that describe XCheck are part of an extensive array of internal Facebook communications reviewed by The Wall Street Journal. They show that Facebook knows, in acute detail, that its platforms are riddled with flaws that cause harm, often in ways only the company fully understands.

Moreover, the documents show, Facebook often lacks the will or the ability to address them.

This is the first in a series of articles based on those documents and on interviews with dozens of current and former employees.

I recently finished “An Ugly Truth”. If you have been paying attention to reporting on Facebook recently, you likely will not be surprised by its contents, but it is worthwhile to have so much encapsulated in a single work.

“An Ugly Truth” is a deliberate summary of about the last five years of Facebook’s internal practices and external controversies. In a way, that is fair: some of the most consequential actions in the company’s history were made from the 2016 U.S. presidential election onward. But many of the problems raised by the book have their roots in decisions made years prior, when mainstream publications — like the one its authors work at — were more comfortable extolling the assumed virtues of connecting as many people on a single discussion platform.

The outcome of that election caused many publications to question those assumptions, as acknowledged by the book’s authors, and I think it tainted some of the investigations critical of Facebook as merely being “anti-Trump”. As much as he singlehandedly tested the limits of platform moderation, that should not be the case. Privacy advocates were raising similar concerns about Facebook for years before that election and, when mainstream outlets got more involved, they were able to use more resources to dig deeper.

Aside from the new information that may be uncovered in this Journal series, it may also be able to present it in a way that could seem less politically charged. I welcome that.

A Security Researcher Accidentally Deleted All Shared Shortcuts Because of ‘Inconsistent’ Security Controls in CloudKit

Remember how, back in March, all links to Shortcuts just stopped working? I had a lot of guesses about why that was — an internal software update went poorly, perhaps? Or maybe a single server’s problems cascaded across an entire data centre? The truth is, as always, far more wild than you might expect.

Frans Rosén of Detectify:

Quite early on I noticed that a lot of Apple’s own apps used a technology called CloudKit and you could say it is Apple’s equivalent to Google’s Firebase. It has a database storage that is possible to authenticate to and directly fetch and save records from the client itself.


It was quite complex to understand all different authentication flows, and security roles, and this made me curious. Could it be that this was not only complex for me to understand, but also for teams using it internally at Apple? I started investigating where it was being used and for what.

The climax of this post is a screenshot of an email Rosén sent to Apple’s security team with the subject line “Urgent – CloudKit issue, access misconfiguration with com.apple.shortcuts, accidentally deleted whole public _defaultZone and now gallery and all shared shortcuts for all users are gone”. I guess the answer to the earlier question is “yes”.

What a story.

An Open Letter to Tim Cook on Why Apple Should Compromise With Antitrust Regulators

Roger McNamee, in an open letter in Time:

At this point, antitrust intervention in Europe, the U.S., or both is almost certain. By refusing to engage with the legitimate concerns of policymakers, Apple is risking its core security and privacy brand to protect business practices that are not essential to its future.


It is a strategic error for Apple’s lobbyists and surrogates in Washington to argue against every new antitrust law targeting the tech industry. Apple has made itself a target by being incredibly successful and by adopting communications strategies that mimic tech giants whose anticompetitive behavior is substantially more damaging. Apple is almost certain to lose something, but there is still room to protect your most valuable assets. There may also be an opportunity to gain competitive advantage. Google’s Android operating system has roughly 85% global share in smartphones and smart devices, so robust antitrust intervention against Google may give Apple an opportunity to gain market share in its most important business.

This was published yesterday; even though the judgement in Epic Games v. Apple was handed down today, I think it holds up well.

If there is some ambiguity as to what rules the permanent injunction permits Apple to create around in-app purchases, my hope is that the company uses this as an opportunity to ease off a little. I am not saying that I expect this to happen — today’s judgement indicates that Apple has little reason to stop pursuing its existing App Store strategy, with only the aforementioned exception. But a world in which Apple is not in an antagonistic role with developers is a better one for everyone, assuming that Apple can maintain or improve upon iOS’ privacy and security reputation. These fights are just noise.

Judgement Issued in Epic Games v. Apple

A couple of weeks before WWDC this year, arguments wrapped in Epic Games v. Apple. Judge Yvonne Gonzalez Rogers took the summer to sort through the mountain of testimony, emails, and contracts and now, just a few days before Apple is set to launch new models of iPhone, Apple Watch, and AirPods, the judgement has been handed down.

You know what the weirdest thing about it is? The nearly two hundred page order is very readable and well-written, but the injunction ordering Apple to scrap the last sentence of the first bullet in App Store rule 3.1.1 leaves plenty of ambiguity over what developers can do and what Apple must allow. This will undoubtably be clarified with time, but it is the only part of the result that creates more questions than it answers. Apple is apparently interpreting it as requiring the company to, in effect, apply its settlement with the Japan Fair Trade Commission to all apps, not just Apple’s “reader” app category. That means the anti-steering App Store policies will be removed within three months. But it may not mean that Apple must permit alternative in-app purchase options.

It is strange to see many stories framing this result as a win for Epic Games, too. It is undoubtably big news that Apple’s anti-steering rules are going away, but that seems like a moderate sacrifice for the company to retain the vast majority of its App Store model— a real cut off the nose to spite the face result. Apple is calling it an affirmation of the App Store’s success.

Sara Morrison, Recode:

As for Epic’s other claims, Gonzalez Rogers said the company “overreached” and couldn’t prove that Apple was a monopolist. That doesn’t necessarily mean that Apple isn’t a monopoly, nor that another plaintiff couldn’t make a better argument that it is. Gonzalez Rogers added: “The trial record was not as fulsome with respect to antitrust conduct in the relevant market as it could have been.” The 30 percent commission Apple takes on most subscriptions and in-app purchases, she said, “appears inflated” and was “potentially anticompetitive.” But, since Epic wasn’t challenging the amount of the commission (only the fact that there was one), she wasn’t able to rule on it.

I will repeat what I wrote in May: Epic was a bad plaintiff. It did what plaintiffs do: go for the biggest plausible case and hope to settle somewhere in the middle. But Epic did not gamble well, and is unsatisfied with this ruling — understandably, as it now owes Apple several million dollars. I understand there are many developers who were hoping for an outcome more favourable to them, but a better case needs to be made.

The judge’s order shows the limitations in how competition law is currently interpreted by the courts. Apple may be operating almost entirely within those laws, but lawmakers seem increasingly keen to reduce the power of companies like Apple and Google. Expect more on this front, and not just because Epic will appeal this ruling.

WhatsApp Encryption Hullabaloo

Earlier this week, ProPublica caught some flak for an article it published about WhatsApp’s message flagging processes. In summary, ProPublica argued that WhatsApp’s marketing promises about end-to-end encryption were misleading because messages are forwarded to contract moderators when users report a chat. That obviously does not require encryption to be broken or undermine the promises of it being “end-to-end”, but the muddy messaging travelled.

After publications as respected as the Daily Mail picked up the poor interpretation, ProPublica issued what it deemed an “update” but which some Twitter users demanded be called a “retraction” of the original article. I had not read the original story at that point — I have a day job, you know — so I had to wonder how significant the differences were. Using FileMerge, I compared the earliest version in the Wayback Machine to the latest.

I think ProPublica is accurate in calling this a clarification and not a retraction. Most of its original story remains intact, and the little that did change only emphasizes that the moderators only see and review messages that are reported. That detail was present in the original, but it was buried in a longer paragraph.

That is one of the problems with the story as a whole, in fact: it is, in the words of Ted Han, “trying to do too much”. Almost none of the story is about the encrypted contents of messages; instead, it is about their unencrypted metadata:

WhatsApp metadata was pivotal in the arrest and conviction of Natalie “May” Edwards, a former Treasury Department official with the Financial Crimes Enforcement Network, for leaking confidential banking reports about suspicious transactions to BuzzFeed News. The FBI’s criminal complaint detailed hundreds of messages between Edwards and a BuzzFeed reporter using an “encrypted application,” which interviews and court records confirmed was WhatsApp. “On or about August 1, 2018, within approximately six hours of the Edwards pen becoming operative — and the day after the July 2018 Buzzfeed article was published — the Edwards cellphone exchanged approximately 70 messages via the encrypted application with the Reporter-1 cellphone during an approximately 20-minute time span between 12:33 a.m. and 12:54 a.m.,” FBI Special Agent Emily Eckstut wrote in her October 2018 complaint. Edwards and the reporter used WhatsApp because Edwards believed the platform to be secure, according to a person familiar with the matter.

But that is just one of the many stories in this rather dense article. ProPublica’s reporters on this story — Peter Elkind, Jack Gillum, and Craig Silverman — seek to tie together: WhatsApp’s moderation practices, including detecting child exploitation; the company’s privacy policy changes since it was acquired by Facebook; Gen. Michael Hayden’s statement that the U.S. government “kill[s] people based on metadata”; Apple’s CSAM detection efforts; and Facebook’s attempts to improve the privacy of its other services while also expanding its WhatsApp business possibilities. That is a lot to cover in a single article and, predictably, nothing really sticks.

The strange thing is that there has long been a glaring privacy loophole in WhatsApp’s systems that these reporters could have touched on: chat backups are not encrypted. While an investigator with a search warrant may not be able to see the contents of WhatsApp messages from Facebook, they can absolutely gain access through Apple or Google. But that is changing soon with some news Facebook announced today.

Manish Singh and Zack Whittaker, TechCrunch:

In the “coming weeks,” users on WhatsApp will see an option to generate a 64-digit encryption key to lock their chat backups in the cloud. Users can store the encryption key offline or in a password manager of their choice, or they can create a password that backs up their encryption key in a cloud-based “backup key vault” that WhatsApp has developed. The cloud-stored encryption key can’t be used without the user’s password, which isn’t known by WhatsApp.

A reminder that iMessages may be end-to-end encrypted, but iCloud Backups contain the key to decrypt stored messages. A good rule of thumb remains that cloud storage should not be treated the same way you treat a local hard drive. If you have reason to be concerned that your cloud backups might be compromised — this does not have to be for illegal or nefarious reasons — use local backups only.

Facebook and Ray-Ban Collaborated on Some ‘Smart’ Glasses


Today we’re excited to launch Ray-Ban Stories: Smart glasses that give you an authentic way to capture photos and video, share your adventures, and listen to music or take phone calls — so you can stay present with friends, family, and the world around you. Starting at $299 USD and available in 20 style combinations, the smart glasses are available for purchase online and in select retail stores in the US as well as Australia, Canada, Ireland, Italy, and the UK.

Katie Notopoulos reviewed them for Buzzfeed News:

To make it clear to bystanders that you’re taking a video with your camera glasses, there’s a small white LED light in the frame corner that lights up whenever the camera is on. However, the tiny light is far less obvious than Snapchat’s version, which had a larger swirling light ring while filming.

Although you can’t turn off the light on the glasses or through the app, I was able to do this the old fashion way: I put a tiny piece of masking tape over the LED light and colored the tape black with a Sharpie. It covered it up perfectly.


Alex Himel, VP of AR at Facebook Reality Labs, informed me over a Zoom chat that taping over the LED light was a violation of the terms of service of the glasses, which prohibit tampering with the device. Be warned.

I love the idea that the terms of service are a law or some kind of incantation that Facebook can recite to prevent people from doing obviously creepy things with these glasses.

Notopoulos reports that Facebook added the LED That Must Not Be Covered on the advice of privacy advocates. Apparently, this was not a thought that had independently occurred to those developing the product. Facebook is not a company that values privacy, and its internal culture reflects that.

Facebook launched a dedicated site that more-or-less acknowledges these risks by pleading with users to “wear [their] smart glasses responsibly” and turn them off in locker rooms and doctor’s offices. Maybe there is a certain amount of personal responsibility here, but maybe there is some corporate responsibility as well. For all of the benefits these kinds of glasses may create, they also make the world creepier for anyone who is not using them. Just because a camera can now fit into the frame of a pair of Wayfarers, that does not mean it should. I know that you can buy spy glasses, but there is a big difference when a corporate giant markets them as a headphone-like everyday gadget. This recontextualizes them in a way that denudes their invasive properties, and transforms them from an illicit-like purchase into something more socially acceptable.

All Facebook had to do was not include a camera.

Every Streaming Company Not Named Apple Receives a Lousy Grade on Privacy

Common Sense Media recently completed an assessment of ten streaming video services and five dedicated devices, and has some concerns (PDF):

Many viewers know that free streaming apps are most likely selling their personal information, but most viewers may not know that most paid subscription streaming apps are also selling users’ data. Even more expensive streaming plans with “no ads” or “limited ads” still collect viewing data from use of the app to track and serve users advertisements on other apps and services across the internet. Also, data brokers buy and sell users’ data and share it with other companies for data recombination purposes.


Our privacy evaluations of the top 10 streaming apps indicate that all streaming apps (except Apple TV+) have privacy practices that put consumers’ privacy at considerable risk including selling data, sending third‐party marketing communications, displaying targeted advertisements, tracking users across other sites and services, and creating advertising profiles for data brokers.

It is the same story for devices, too.

Via Karl Bode, Techdirt:

Some of the failures were downright ugly, like making no real exceptions for the data collection of children. Many of the issues revealed weren’t the end of the world, but they make it repeatedly clear that companies aren’t being transparent about what is collected, and often enjoy making opting out of data collection and monetization as cumbersome and annoying as possible.

Also remember that smart televisions are among the worst offenders of user privacy. Even if you use an Apple TV box and watch shows through Apple TV Plus, your television may still be automatically recognizing everything you watch.

How to Squander a Medical Miracle

Christopher Ingraham, of the Why Axis newsletter:

The net result of this relentless pressure: even in the midst of a variant surge that’s proven especially lethal in conservative areas, nearly 40 percent of Republicans say they’re either unwilling to get the vaccine or uncertain about it, compared to just 15 percent of Democrats.

But the Republican turn against vaccines didn’t happen in a vacuum. The anti-vax movement has been laying the groundwork for decades, and it’s useful to think of both Republicans’ hesitancy and Democrats’ squeamishness over vaccine mandates as the fruits of a sustained campaign to sow doubt about the benefits of inoculation.

This is U.S. specific, but it is a similar — though slightly less alarming — story here in Canada. A recent survey from Angus Reid and an online-first study published in the Lancet show a much lower willingness to vaccinate in Canada’s most conservative provinces. You can see the results in national coverage maps: in British Columbia, Manitoba, Ontario, and Quebec, three-quarters of all eligible people are fully vaccinated; in Alberta and Saskatchewan, the rate is under seventy percent, with predictable and often tragic results. There are many reasons for anti-vaccination beliefs, but let us not pretend that the overlap with certain political beliefs is coincidental.

On a related note, I highly recommend Harris Brewis’ lengthy video about the anti-vaccination movement.

‘Fulfillment’ by Alec MacGillis

Today, I rushed to finish Alec MacGillis’ Fulfillment. Partly, that is because it is a riveting series of vignettes ostensibly about the distorting effects of Amazon in America; partly, that is because the library needs this copy back to lend to someone else.

I cannot recommend this book highly enough. Do your best to set aside any thoughts you may have about antitrust and the kinds of big theoretical questions that a massive company like Amazon engenders. Try to read these stories as presented: many, many people who have found their lives turned upside down by the extraordinary influence of Amazon working in concert with lawmakers at all levels, for the economic advancement of the few. It is devastating.

I bet it is available at your local bookstore or library. But, if you cannot find it there and you enjoy living a life of irony, it is also available on Amazon.

Ford Hires Doug Field After Apple and Tesla Stints

Michael Wayland, CNBC:

Ford Motor said Tuesday it hired former Tesla and Apple executive Doug Field to lead its emerging technology efforts, a key focus for the automaker under its new Ford+ turnaround plan.

Field — who led development of Tesla’s Model 3 — most recently served as vice president of special projects at Apple, which reportedly included the tech giant’s Titan car project.

Last we heard — “we” being those of us who are not disclosed Apple employees — Field was reporting to John Giannandrea, who took on Project Titan after Bob Mansfield’s retirement.

Field said he decided to join Ford after speaking with company executives and realizing there’s a “deep desire” to remake the automotive industry, specifically with connected vehicles.

Connected vehicles are a key part to Ford’s new turnaround plan that’s designed to reposition the automaker to generate more recurring revenue through software services.

Hey, remember when you could just buy something? And you could just, like, own it, in perpetuity, without making monthly payments? It sounds like science fiction, but that is how the world used to work — really!

PYMNTS Survey Finds Apple Pay Is the Most Popular Mobile Wallet, Yet Only About 6% of People With iPhones Use It In‍-‍Store

Karen Webster of PYMNTS:1

Seven years post-launch, new PYMNTS data shows that 93.9% of consumers with Apple Pay activated on their iPhones do not use it in-store to pay for purchases.

That means only 6.1% do.

That finding is based on PYMNTS’ national study of 3,671 U.S. consumers conducted between Aug. 3-10, 2021.

After seven years, Apple Pay’s adoption and usage isn’t much larger than it was 2015 (5.1%), a year after its launch, and is the same as it was in 2019, the last full year before the pandemic.

If you had asked me, before I read this article, how many iPhone users I thought make payments in stores using Apple Pay, I am not sure what I would have guessed — but I think it would have been more than six percent. PYMNTS’ own stats from last year indicate that about eight percent use Apple Pay in-store. Either way, it seems remarkably low, especially for U.S. consumers. But there are some interesting takeaways from this survey, especially if you pair it with an analysis last February showing that around five percent of all card transactions worldwide were being made through Apple Pay.

This survey shows an approximately flat use rate from 2019 through 2021, down slightly from 2018. Webster writes that the pandemic ought to have “changed the trajectory of Apple Pay” as “contactless and touchless have become the consumer’s checkout mantra”. But anyone with a Face ID-equipped iPhone can tell you that wearing a mask requires you to authenticate by using your passcode, so it has been far easier for the past eighteen months to simply tap a card. That is probably true generally, as well; Apple Pay may have better privacy and security, but it is no easier to use than a card that supports tap to pay, even without the added complication of pandemic precautions.

If U.S. consumers are using Apple Pay infrequently, how does that square with the study from last year showing huge numbers of card transactions flowing through the service? Well, the PYMNTS survey does not cover the use of Apple Pay on websites or in apps, and I bet the latter represents an overwhelming volume. I would love to see a similar survey for online purchases.

The last mystery for me in the PYMNTS survey was the discrepancy between the number of users who have set up Apple Pay compared to the number who are actually using it. That can be explained by the iPhone’s setup process, which prompts users to add a credit card to Apple Pay. Given how much emphasis the screen’s design puts on setting up Apple Pay and how much iOS bugs you later if you do not add a card, I would not be surprised if many people set it up just to shut it up.

  1. What a silly name. It is like they hate vowels or something, he wrote at pxlnv.com. ↩︎

Apple Delays the Launch of Its CSAM Detection Features as It Makes Changes

Apple sent this statement to media today — alas, not yours truly — and has now posted it at the top of its Child Safety webpage:

Previously we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them and to help limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.

Brian Barrett and Lily Hay Newman, Wired:

It’s unclear at this point what specific changes Apple could make to satisfy its critics. Green and Pfefferkorn both suggest that the company could limit its scanning to shared iCloud albums rather than involving its customers’ devices. And Stamos says the NeuralHash issues reinforce the importance of incorporating the research community more fully from the start, especially for an untested technology.

Others remain steadfast that the company should make its pause permanent. “Apple’s plan to conduct on-device scanning of photos and messages is the most dangerous proposal from any tech company in modern history,” says Evan Greer, deputy director of digital rights nonprofit Fight for the Future. “It’s encouraging that the backlash has forced Apple to delay this reckless and dangerous surveillance plan, but the reality is that there is no safe way to do what they are proposing. They need to abandon this plan entirely.”

I doubt that this thing will be entirely scrapped, especially if — as Green hopes — Apple is on a path toward end-to-end encryption for iCloud storage. If you think Apple lacks the backbone to resist political pressure for expanding the CSAM matching database, you definitely cannot hope for wholly encrypted iCloud storage without any way of detecting abuse.

I am curious about the company’s next steps, though. This has been a contentious proposal — one that I have covered extensively and, as a result, found myself going from concerned to cautiously optimistic. I still think Apple bungled this announcement; its Child Safety page still reads as though these are finished products that will ship in this form, with the exception of the notice added today. This was a big public push that even media trained executives struggled to explain in a clear way, and relied too much on trust in Apple at a time when tech companies are facing increased public skepticism. I look forward to a solution that can alleviate many researchers’ concerns, but I suspect — as with the App Store — trust has been burned. Only Apple can rebuild it.

iWork’s Small, Monochromatic Toolbar Icons

Fabien Marry on Twitter:

Using Keynote.app for the first time since macOS Big Sur. Boy, the shift to smaller all monochrome icons is a big usability loss.

Guess what, these cones in your eye are great things, you should use them.

I think about this every time I have opened the iWork apps in Big Sur. The icons in the toolbars are smaller, they are monochromatic, the button click target is barely bigger than the icon, and the click target only shows on hover after a delay. It is like this in every iWork app.

The change from the glossy and dimensional era of the Keynote toolbar to the post-Yosemite flatter appearance was a question of taste. This transformation is a usability regression.

Moiré No More

Marcin Wichary:

And so I asked the friendly nerds of Twitter. I showed the original typewriter car scan, added my blurred-then-sharpened photo as a pathetic comparison, and asked: what is the latest in demoireing? Is there some new tech that could help me?

I didn’t get any obvious machine learning hints. Many people responded with downright resignation: what you did is still the best out there. But a friend of mine – a neuroscientist from Utah – had an answer I didn’t expect.

“You don’t need ML,” Bryan said. “What you need is inverse FFT.”

This is such a wonderful story about learning how to work with old technologies. I appreciated every word of this.

‘Reader’ Apps Will Be Allowed to Link Externally for Account Creation Beginning Next Year

I know that Apple announced some stuff about storing your driving license in the Wallet app today. But that has only been announced for two American states so far, and the chances of it being immediately relevant to me for the foreseeable future are slim.

Here is something that will apply to most users. Apple:

Apple today announced an update coming to the App Store that closes an investigation by the Japan Fair Trade Commission (JFTC). The update will allow developers of “reader” apps to include an in-app link to their website for users to set up or manage an account. While the agreement was made with the JFTC, Apple will apply this change globally to all reader apps on the store. Reader apps provide previously purchased content or content subscriptions for digital magazines, newspapers, books, audio, music, and video.

Anyone who says that public pressure on government officials does not produce results must have really crappy officials or does not know how to apply pressure.

On its face, this is excellent news, though it is still limited. Apple’s definition of “reader” apps is media-centric, so it seems like this would preclude an app like Hey from offering a link to create a paid account on the web. It also does not apply to in-app purchases generally, so this would not resolve Apple’s dispute with Epic Games over Fortnite. But it should mean that Netflix and Spotify will be able to remove the error messages Apple has required to be vague. I see progress.

There is something else about this press release that I find fascinating. Last week, Apple settled a lawsuit in the U.S., which it referenced in today’s press release:

This update follows a number of changes to the App Store announced last week, which give developers more flexibility and resources to reach their customers, tailor their price points, and grow their businesses. Last week, Apple also launched the News Partner Program to support local journalism and help news organizations on the App Store.

There were, in fact, very few changes made last week. Apple said it would add more pricing tiers, it clarified some language — and that is about all. But Apple’s press release struck a triumphant tone that was smug even by the standards of a company that has just prevailed in a lawsuit, and completely disproportionate to the conditions of the settlement.

Today’s announcement is, as far as I can tell, a much bigger deal. But the press release is more sober — almost understated.

Hands-On With Apple’s Weather App for iPad

Zac Hall, writing at 9to5Mac in June:

Something else unique about the Weather app for iPad is a neat tidbit about UPS. According to the Weather app for iPad, you can save 50% on global shipping with code REACH from now through July 19. I couldn’t find this curious but helpful data point on the Weather app for iPhone. Now I’m worried folks who check the weather on their iPhone are overpaying for shipping.


Some of Apple’s Weather app for iPad is particularly not very Apple-y, but this is definitely Apple’s Weather app for iPad. It launches every time you tap the Weather widget, and that’s just how widgets work. It also mentions data vendors and controlling your data. Apple is all about empowering you to own your data and preventing companies from profiting from your information.

M.G. Siegler:

Yes, I know there is no shortage of third party weather apps. Some of them are great. But the devil is always in the defaults. And that default Weather widget is about to land on tens of millions of iPad screens with the launch of iPad OS 15 this fall. And with that, Apple will be sending tens of millions of dollars (maybe more?) indirectly to weather.com — which, incidentally is now owned by IBM. *Insert the Steve Jobs giving the finger image here.*

A native Apple weather app on the iPad is long overdue, but that also goes for MacOS. The weather widget in Big Sur is, as far as I know, the only widget that opens a webpage instead of an app when you click on it.

What We Talk About When We Talk About Privacy

I would hate to begin any post here in the way that some first-year college student would start an essay: with a definition. But the meaning of “privacy” so variable that I invite you to see how different entities explain it. NIST has a few different explanations, while the NTIA has a much longer exploration. PC Magazine’s glossary entry is pretty good, too, and closely mimics Steve Jobs’ thesis.

So, with so much understanding of what privacy represents — at least in a kind of abstract sense — parts of this article by Benedict Evans come across as hollow even as it makes several great arguments. I’m going to start by quoting the second paragraph, because it begins “first”:

First, can we achieve the underlying economic aims of online advertising in a private way? Advertisers don’t necessarily want (or at least need) to know who you are as an individual. As Tim O’Reilly put it, data is sand, not oil – all this personal data actually only has value in the aggregate of millions. Advertisers don’t really want to know who you are – they want to show diaper ads to people who have babies, not to show them to people who don’t, and to have some sense of which ads drove half a million sales and which ads drove a million sales. […]

Already, I find myself wondering if Evans is being honest with himself. The argument that advertisers want to work in bulk more often than at the individual level is an outdated one in an era of ads that can be generated to uncanny specificity. Even conceding that Facebook’s influence on the 2016 election was overstated, the Trump campaign was “running 40,000 to 50,000 variants of its ads” every day. This ain’t the world of high-quality, thoughtful advertising — not any more. This is a numbers game: scaled individualization driven by constant feedback and iteration. If advertisers believe more personal information will make ads more effective, they will pursue that theory as far as they can take it.

Evans acknowledges that consumer demands and Apple’s industry influence have pushed the technology industry to try improving user privacy. On-device tracking systems are seen, he says, as a more private way of targeting advertising without exposing user data to third parties.


This takes me to a second question – what counts as ‘private’, and how can you build ‘private’ systems if we don’t know?

Apple has pursued a very clear theory that analysis and tracking is private if it happens on your device and is not private if [it] leaves your device or happens in the cloud. Hence, it’s built a complex system of tracking and analysis on your iPhone, but is adamant that this is private because the data stays on the device. People have seemed to accept this (so far), but acting on the same theory Apple also created a CSAM scanning system that it thought was entirely private – ‘it only happens your device!’ – that created a huge privacy backlash, because a bunch of other people think that if your phone is scanning your photos, that isn’t ‘private’ at all. […]

I will get back to the first part of this quoted section at the end of this response because I think it is the most important thing in Evans’ entire piece.

For clarity, the backlash over CSAM scanning seems less about privacy than it does about device ownership and agency. This is, to some extent, perhaps a distinction without a difference. Many of the definitions I cited in the first paragraph describe privacy as a function of control. But I think there is a subtle point of clarity here: Apple’s solution probably is more private than checking those photos server-side, but it means that a user’s device is more than a mere client connected to cloud services — it is acting as a local agent of those services.

Continued from above:

[…] So is ‘on device’ private or not? […]

This feels like a trick question or a false premise, to which the only acceptable answer is “it depends”. In general, probably, but there are reasonable concerns about Google’s on-device FLoC initiative.

On / off device is one test, but another and much broader one is the first party / third party test: that it’s OK for a website to track what you do on that website but not OK for adtech companies to track you across many different websites. This is the core of the cookie question, and sounds sensible, and indeed one might think that we do have a pretty good consensus on ‘third party cookies’ – after all, Google and Apple are getting rid of them. However, I’m puzzled by some of the implications. “1p good / 3p bad” means that it’s OK for the New York Times to know that you read ten New York Times travel pieces and show you a travel ad, but not OK for the New Yorker to know that and show you the same ad. […]

This is where this piece starts to go off the rails. I have read the last sentence of this quoted paragraph several times and I cannot figure out if this is a legitimate question Evans is asking.

If we engage with it on its premise, of course it is not okay for the New Yorker to show an ad based on my Times browsing history. It is none of their business what I read elsewhere. It would be like if I went to a clothing store and then, later at a restaurant, a waiter told me that I should have bought the other shirt I tried on because they think it looked better. That would be creepy! And if any website could show me ads based on what I viewed somewhere else, that means that my web browsing history is public knowledge. It violates both the first- and third-party definition and the on- and off-device definition.

But the premise is wrong — or, at least, incomplete. The New Yorker contains empty frames that can be filled by whatever a series of unknown adtech companies decide is the best fit for me based on the slice of my browsing history they collect, like little spies with snippets of information. If it were a direct partnership to share advertising slots, at least we could imply that a reader of both may see them as similarly trustworthy organizations, given that they read both. But this is not a decision between the New Yorker and the Times. There may be a dozen other companies involved in selecting the ad, most of which a typical user has never heard of. How much do you, reader, trust Adara, Dataxu, GumGum, MadHive, Operative, SRAX, Strossle, TelMar, or Vertoz? I do not know if any of them have ever been involved in ad spots in the New Yorker or the Times, but they are all real companies that are really involved in placing ads across the web — and they are only a few names in a sea of thousands.

At this point one answer is to cut across all these questions and say that what really matters is whether you disclose whatever you’re doing and get consent. Steve Jobs liked this argument. But in practice, as we’ve discovered, ‘get consent’ means endless cookie pop-ups full of endless incomprehensible questions that no normal consumer should be expected to be understand, and that just train people to click ‘stop bothering me’. Meanwhile, Apple’s on-device tracking doesn’t ask for permission, and opts you in by default, because, of course, Apple thinks that if it’s on the device it’s private. Perhaps ‘consent’ is not a complete solution after all.

Evans references Jobs’ consent-based explanation of privacy that I cited at the top of this piece — a definition which, unsurprisingly, Apple continues to favour. But an over-dependency on a consent model offloads the responsibility for privacy onto individual users. At best, this allows the technology and advertising industries to distance themselves from their key role in protecting user privacy; at worst, it allows them to exploit whatever they are permitted to gather by whatever technical or legal means possible.

The Jobs definition of privacy and consent is right, but it becomes even more right if you expand its scope beyond the individual. As important as it is for users to confirm who is collecting their data and for what purpose, it is more important that there are limits on the use and distribution of collected information. This sea of data is simply too much to keep track of. Had you heard of any of the ad tech companies mentioned above? What about data brokers that trade and “enrich” personal information? Even if users affirm that they are okay with an app or a website tracking them, they may not be okay with how a service that app relies on ends up reselling or sharing user data.

Good legislation can restrict these industries. I am sure Canada’s is imperfect, but there has to be a reason why the data broker industry here is, thankfully, almost nonexistent compared to the industry in the United States.

But the bigger issue with consent is that it’s a walled garden, which takes me to a third question – competition. Most of the privacy proposals on the table are in absolute, direct conflict with most of the competition proposals on the table. If you can only analyse behaviour within one site but not across many sites, or make it much harder to do that, companies that have a big site where people spend lots of time have better targeting information and make more money from advertising. If you can only track behaviour across lots of different sites if you do it ‘privately’ on the device or in the browser, then the companies that control the device or the browser have much more control over that advertising (which is why the UK CMA is investigating FLoC).

With GDPR, we have seen the product of similarly well-intentioned privacy legislation that restricts the abilities of smaller companies while further entrenching the established positions of giants. I think regulators were well aware of that consequence, and it is a valid compromise position between where the law existed several years ago and where it ought to be going.

As regulations evolve, these competition problems deserve greater focus. It is no good if the biggest companies on the planet or those that are higher up the technology stack — like internet service providers — are able to use their position to abuse user privacy. To make sure smaller companies ever have a chance of competing, it would be a mistake loosen policies on privacy and data collection. Regulations must go in the other direction.

And, as an aside, if you can only target on context, not the user, then Hodinkee is fine but the Guardian’s next landmark piece on Kabul has no ad revenue. Is that what we want? What else might happen?

This is not a new problem for newspapers. Advertisers have always been worried that their ads will be placed alongside “hard news” stories. You can find endless listicles of examples — here’s one from Bored Panda. In order to avoid embarrassing associations, it is commonplace for print advertisers to ask for exceptions: a car company, for example, may request their ad not be placed alongside stories about collisions.

This has been replicated online at both ends of the ad buying market. The New York Times has special tags to limit or remove ads on some stories, while advertisers can construct lists of words and domains they want to avoid placement alongside. But what is new about online news compared to its print counterpart is that someone will go from the Guardian story about Kabul to Hodinkee without “buying” the rest of the Guardian, or even looking at it. This is a media-wide problem that has little to do with privacy-sensitive ad technologies. If serving individualized ads tailored based on a user’s browsing history were so incredible, you would imagine the news business would be doing far better than it is.

All of this leads to the final paragraph in Evans’ piece, which I think raises worthwhile questions:

These are all unresolved questions, and the more questions you ask the less clear things can become. I’ve barely touched on a whole other line of enquiry – of where all the world’s $600bn of annual ad spending would be reallocated when all of this has happened (no, not to newspapers, sadly). Apple clearly thinks that scanning for CSAM on the device is more private than the cloud, but a lot of other people think the opposite. You can see the same confusion in terms like ‘Facebook sells your data’ (which, of course, it doesn’t) or ‘surveillance capitalism’ – these are really just attempts to avoid the discussion by reframing it, and moving it to a place where we do know what we think, rather than engaging with the challenge and trying to work out an answer. I don’t have an answer either, of course, but that’s rather my point – I don’t think we even agree on the questions.

Regardless of whether we disagree on the questions or if you — as I — think that Evans is misstating concerns without fully engaging, I think he’s entirely right here. Questions about user privacy on the web are often flawed because of the expansive and technical nature of the discussion. We should start with simpler questions about what we hope to achieve, and fundamental statements what “privacy” really looks like. There should be at least some ground level agreement about what information is considered personal and confidential. At the very least, I would argue that this applies to data points like non-public email addresses, personal phone numbers, dates of birth, government identification numbers, and advertiser identifiers that are a proxy for an individual or a device.

But judging by the popularity of data enrichment companies, it does not appear that there is broad agreement that anything is private any more — certainly not among those in advertising technologies. The public is disillusioned and overwhelmed, and it is irresponsible to leave it to individuals to unpack this industry. There is no such thing as informed consent in marketing technologies when there is no corresponding legislation requiring the protection of collected data. These kinds of fundamental concerns must be addressed before moving on to more abstract questions about how the industry will cope.

Primephonic Will Be Shut Down September 7 After Apple Acquisition


Apple today announced it has acquired Primephonic, the renowned classical music streaming service that offers an outstanding listening experience with search and browse functionality optimized for classical, premium-quality audio, handpicked expert recommendations, and extensive contextual details on repertoire and recordings.

With the addition of Primephonic, Apple Music subscribers will get a significantly improved classical music experience beginning with Primephonic playlists and exclusive audio content. In the coming months, Apple Music Classical fans will get a dedicated experience with the best features of Primephonic, including better browsing and search capabilities by composer and by repertoire, detailed displays of classical music metadata, plus new features and benefits.

Existing Primephonic users have been given only a week’s notice of the service’s impeding shuttering. But this sure is an interesting development. All major streaming services suck at classical music. I would like to see one of them crack this nut and, if it happens to be the service I subscribe to, even better.

Mark Gurman:

I can’t imagine why Apple would build a standalone classical music app unless they were planning to charge extra for it (on top of usual Apple Music subscription). Primephonic on its own now is $8 or $15.

Perhaps, but Apple added lossless streaming free of charge even though Tidal charges an extra $10 per month. I think it is more likely that classical music needs a completely different presentation. Works and movements and composers are not displayed very well in any of Apple’s current music apps.

Hopscotch Update Baselessly Rejected by App Review

Hopscotch co-founder and CEO Samantha John published a Twitter thread yesterday documenting her experiences with the rejection of a minor app update. I recommend reading the whole thing, but I am quoting the conclusion:

Hopscotch is a small company, I’m the CEO, AND I write code. And that’s how a lot of the best apps work! My time is limited and precious to me. The way that Apple wasted my energy, gaslighted me, and sucked my time away made me furious.

There’s a lot of talk about the 30% tax that Apple takes from every app on the App Store. The time tax on their developers to deal with this unfriendly behemoth of a system is just as bad if not worse.

Hopscotch is not some scrappy single-developer app with a dozen users. It is a hugely popular learning tool targeted at children that has been selected by Apple as an “Editors’ Choice”. That is not to say that this runaround experience would be appropriate for any developer, but it is defeating to see this is how Apple continues to treat longtime high-profile developers. John is not the only one; scroll through the quote tweets and you will see plenty of people sharing similar stories.

Panic co-founder Cabel Sasser:

Also, sorry, one more rant. With the exception of maybe Uber and Airbnb, App Review isn’t kidding when they say they treat all developers the same, as every good app in the App Store, no matter how beloved, has at least five horror stories just like this […]

The semi-open qualities of iOS are a constant strain on developers’ time and morale. It is not an insular console-type system, nor is it a free-for-all — developer policies for iOS sit in an awkward middle ground that demands far more attention that is poorly rewarded.

Stuff like this is why yesterday’s too-proud announcement of a proposed class action settlement read like a slap in the face to so many developers. It was apparent to me that the settlement was basically inconsequential for Apple, but I missed the condescending tone that the release struck. Its headline spells out who did not win:

Apple, US developers agree to App Store updates that will support businesses and maintain a great experience for users

Still not a great experience for developers, though.

In Proposed Settlement, Apple Agrees to Allow Developers to Mention Other Purchase Options Outside of Apps


Following a productive dialogue, Apple and the plaintiffs in the Cameron et al v. Apple Inc. developer suit reached an agreement that identifies seven key priorities shared by Apple and small developers, which has been submitted to the judge presiding over the case for her approval.

This suit dates back to 2019. Among the priorities:

To give developers even more flexibility to reach their customers, Apple is also clarifying that developers can use communications, such as email, to share information about payment methods outside of their iOS app. As always, developers will not pay Apple a commission on any purchases taking place outside of their app or the App Store. Users must consent to the communication and have the right to opt out.

I wonder if this means App Review will be less strict if developers’ websites contain some non-in-app-purchase payment methods that may, somehow, be accessible inside their apps. I doubt it; the proposed settlement is narrow and precludes, for instance, the use of push notifications to mention external purchasing options. But developers are now permitted to contact users by the email they provided within the app and prompt them to subscribe elsewhere.

Apple also says that it will maintain the Small Business Program for at least three years, publish an annual report on App Review, and allow for more pricing tiers. It sounds like Apple’s concessions are pretty minor, especially since developers are still not allowed to mention alternative purchase avenues within apps.

Update: Hagens Berman, the law firm representing the class of iOS developers affected by this suit, clarifies that even the weak commitments Apple made only apply to U.S. developers. This settlement is a walkover for Apple and a sweet payday for the lawyers involved, but gives developers next to nothing.

The History of Google Messaging Apps

Ron Amadeo, Ars Technica:

Google’s 16 years of messenger wheel-spinning has allowed products from more focused companies to pass it by. Embarrassingly, nearly all of these products are much younger than Google’s messaging efforts. Consider competitors like WhatsApp (12 years old), Facebook Messenger (nine years old), iMessage (nine years old), and Slack (eight years old) — Google Talk even had video chat four years before Zoom was a thing.


Because no single company has ever failed at something this badly, for this long, with this many different products (and because it has barely been a month since the rollout of Google Chat), the time has come to outline the history of Google messaging. Prepare yourselves, dear readers, for a non-stop rollercoaster of new product launches, neglected established products, unexpected shut-downs, and legions of confused, frustrated, and exiled users.

Perhaps the most striking thing about this lengthy history lesson is that Google — despite being synonymous with web services for fifteen years — has never had a single clear messaging strategy. Around it, as Amadeo recalls, every other internet company seemed to be doing okay with its own version of instant messaging. Even Apple, a company that has a long and embarrassing history of failed online services, figured out a decent messaging product ten years ago.

Meanwhile, Google has launched three-and-a-half chat apps this year. What is going on in Mountain View?

Simultaneous Theatrical and Streaming Releases Have Been a Boon for High-Quality Pirate Rips

R.T. Watson and Erich Schwartzel, Wall Street Journal:

Millions of people are watching high-quality, pirated online versions of Hollywood’s top movies sooner than ever after their releases, undermining potential ticket sales and subscriber growth as the industry embraces streaming.

Copies of several of the year’s most popular films, from “The Suicide Squad” and “Godzilla vs. Kong” to “Jungle Cruise” and “Black Widow,” shot up almost immediately after their premieres to the top of the most-downloaded charts on piracy websites such as the Pirate Bay and LimeTorrents, according to piracy-tracking organizations.


“Pirates behave like consumers do,” said Carnegie Mellon University professor and piracy expert Michael D. Smith. “If you make it sufficiently hard for them to get something free, they’ll pay for it.”

The reverse seems as likely to be true: people will seek alternative channels when it is unnecessarily difficult for them to spend money on a new release. Sure, not all of those who downloaded ripped copies of these movies would have paid for them if the ripped version was somehow not available. But I think a lot of them would be happy to watch it on the streaming service of their choice. Because studios are so desperate to re-create the cable television experience through exclusivity demands and siloed libraries, piracy is appealing again.

Despite Sketchy Promises, Sketchy Software Companies Are Doing Business With Sketchy Governments

The marketplace for exploits and software of an ethically questionable nature is a controversial one, but something even I can concede has value. If third-party vendors are creating targeted surveillance methods, it means that the vast majority of us can continue to have secure and private systems without mandated “back doors”. It seems like an agreeable compromise so long as those vendors restrict their sales to governments and organizations with good human rights records.

NSO Group, creators of Pegasus spyware, seems to agree. Daniel Estrin, reporting last month at NPR:

NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries. It says in recent years, before the media reports, it blocked its software from five governmental agencies, including two in the past year, after finding evidence of misuse. The Washington Post reported the clients suspended include Saudi Arabia, Dubai in the United Arab Emirates and some public agencies in Mexico.

Pegasus can have legitimate surveillance use, but it has great potential for abuse. NSO Group would like us to believe that it cares deeply about selling only to clients that will use the software to surveil possible terrorists and valuable criminal targets. So, how is that going?

Bill Marczak, et al., Citizen Lab:

We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. Some of the activists were hacked using two zero-click iMessage exploits: the 2020 KISMET exploit and a 2021 exploit that we call FORCEDENTRY.


At least four of the activists were hacked by LULU, a Pegasus operator that we attribute with high confidence to the government of Bahrain, a well-known abuser of spyware. One of the activists was hacked in 2020 several hours after they revealed during an interview that their phone was hacked with Pegasus in 2019.

As Citizen Lab catalogues, Bahrain’s record of human rights failures and internet censorship should have indicated to NSO Group that misuse of its software was all but guaranteed.

NSO Group is just one company offering software with dubious ethics. Remember Clearview? When Buzzfeed News reported last year that the company was expanding internationally, Hoan Ton-That, Clearview’s CEO, brushed aside human rights concerns:

“Clearview is focused on doing business in USA and Canada,” Ton-That said. “Many countries from around the world have expressed interest in Clearview.”

Later last year, Clearview went a step further and said it would terminate private contracts, and its Code of Conduct promises that it only works with law enforcement entities and that searches must be “authorized by a supervisor”. You can probably see where this is going.

Ryan Mac, Caroline Haskins, and Antonio Pequeño IV, Buzzfeed News:

Like a number of American law enforcement agencies, some international agencies told BuzzFeed News that they couldn’t discuss their use of Clearview. For instance, Brazil’s Public Ministry of Pernambuco, which is listed as having run more than 100 searches, said that it “does not provide information on matters of institutional security.”

But data reviewed by BuzzFeed News shows that individuals at nine Brazilian law enforcement agencies, including the country’s federal police, are listed as having used Clearview, cumulatively running more than 1,250 searches as of February 2020. All declined to comment or did not respond to requests for comment.


Documents reviewed by BuzzFeed News also show that Clearview had a fledgling presence in Middle Eastern countries known for repressive governments and human rights concerns. In Saudi Arabia, individuals at the Artificial Intelligence Center of Advanced Studies (also known as Thakaa) ran at least 10 searches with Clearview. In the United Arab Emirates, people associated with Mubadala Investment Company, a sovereign wealth fund in the capital of Abu Dhabi, ran more than 100 searches, according to internal data.

As noted, this data only covers up until February last year; perhaps the policies governing acceptable use and clientele were only implemented afterward. But it is alarming to think that a company which bills itself as the world’s best facial recognition provider ever felt comfortable enabling searches by regimes with poor human rights records, private organizations, and individuals in non-supervisory roles. It does jibe with Clearview’s apparent origin story, and that should be a giant warning flag.

These companies can make whatever ethical promises they want, but money talks louder. Unsurprisingly, when faced with a choice about whether to allow access to their software judiciously, they choose to gamble that nobody will find out.

Documents Unsealed in Epic Games’ Case Against Google Reveal Exclusivity Agreements

Thomas Claburn, the Register:

For example, the documents explain how Google employs revenue-sharing and licensing agreements with Android partners (OEMs) to maintain Google Play as the dominant app store. One filing describes “Anti-Fragmentation Agreements” that prevent partners from modifying the Android operating system to offer app downloads in a way that competes with Google Play.

“Google’s documents show that it pushes OEMs into making Google Play the exclusive app store on the OEMs’ devices through a series of coercive carrots and sticks, including by offering significant financial incentives to those that do so, and withholding those benefits from those that do not,” the redlined complaint says.

These agreements allegedly included the Premiere Device Program, launched in 2019, to give OEMs financial incentives like 4 per cent, or more, of Google Search revenues and 3-6 per cent of Google Play spending on their devices in return for ensuring Google exclusivity and the lack of apps with APK install rights.

There seems to be some overlap in what is claimed in Epic’s filing and what we know from a different lawsuit. Last month, a group of thirty seven attorneys general sued Google for abusing its power over Android OEMs to cement the Play Store’s dominance in Android app distribution. At the time, Google’s Wilson White responded:

We also built an app store, Google Play, that helps people download apps on their devices. If you don’t find the app you’re looking for in Google Play, you can choose to download the app from a rival app store or directly from a developer’s website. We don’t impose the same restrictions as other mobile operating systems do.

So it’s strange that a group of state attorneys general chose to file a lawsuit attacking a system that provides more openness and choice than others. This complaint mimics a similarly meritless lawsuit filed by the large app developer Epic Games, which has benefitted from Android’s openness by distributing its Fortnite app outside of Google Play.

White claims that “most Android devices ship with two or more app stores preloaded”, and cites Samsung’s Galaxy Store as an example. But Epic’s lawyers claim, beginning on page 45, that Google pressured Samsung into only allowing the Google Play and Samsung Galaxy Store on its phones, thereby scuttling a distribution deal with Epic for its own app store. This was a shift away from what the suit describes as Google’s intent since 2011 to altogether prevent Samsung from running its own app marketplace.

The results of Google’s deals with Samsung allegedly became part of “Project Agave”, thus forming the basis for the suit filed by the attorneys general this year.

Remember when Google used to put some effort into pretending that Android was open? Those were the days.

Tying Together Some Loose Threads

One of the curious side effects of a sprawling lawsuit like Epic Games v. Apple is that documents surface which can clarify past reporting.

Take, for example, a 2010 email from Steve Jobs to Apple’s executive team that was first disclosed during Apple’s lawsuit against Samsung. It described the agenda for Apple’s 2011 “Top 100” meeting. In that version, there was one bullet point that was redacted, but contained second-level items like “cost goal” and “show model”. We now know that line read “iPhone Nano plan”.

The amount of exhibits released can also create newsworthy items of its own. Sean Hollister at the Verge assembled a large list of interesting tidbits. One of those items was a February 2020 iMessage discussion between Eric Friedman and Herve Sibert. Friedman is responsible for Apple’s Fraud Engineering Algorithms and Risk team, while Sibert manages Security and Fraud. From that discussion, Hollister snipped this back-and-forth:

Friedman The spotlight at Facebook etc is all on trust and safety (fake accounts, etc). In privacy, they suck.

Friedman Our priorities are the inverse.

Friedman Which is why we are the greatest platform for distributing child porn, etc.

Sibert Really? I mean, is there a lot of this in our ecosystem? I thought there were even more opportunities for bad actors on other file sharing systems.

Friedman Yes

The snippet Hollister posted ends there, and it formed the basis for articles by John Koetsier at Forbes and Ben Lovejoy at 9to5Mac. Both writers seized on the third text Friedman sent and quoted it in their headlines.

But this is clearly only a segment of a conversation — a single page glimpse into a much longer iMessage discussion. Page 17 of 31, as it turns out, in this exhibit document. Given how incendiary Friedman’s statement was, even in the context of a casual chat, I think it is worth being precise about its context.

In preceding messages, Friedman writes about a presentation the two managers have been working on to be shown to Eddy Cue later that morning. Friedman shows a slide describing features within iOS that have revealed fraud and safety issues. The two relevant concerns are reports of child grooming in social features — like iMessages and in-app chat — and in App Store reviews, of all places. Subsequent messages indicate that this is partly what Friedman was referring to.

Here’s the transcript beginning immediately after Friedman responded “Yes” in the above quote:

Friedman But — and here’s the key — we have chosen to not know in enough places where we really cannot say.

Friedman The NYTimes published a bar graph showing how companies are doing in this area. We are on it, but I think it’s an undererport. [sic]

Friedman Also, we KNOW that developers on our platform are running social media integrations that are inherently unsafe. We can do things in our ecosystem to help with that. For example “ask to chat” is a feature we could require developers to adopt and use for U13 accounts.

Sibert There are also lots of rapidly changing trends in public focus

Friedman Let the parents make a decision

Sibert Yes

Friedman We could introduce a fine distinction between malware and software that is behaviorally fraught, guiding parents to have a conversation with kids about their choices.

Friedman discusses how this could be implemented through families set up in iCloud, which sounds similar to one of Apple’s child safety initiatives. But this discussion is not limited to Apple’s first-party features; it appears to cover a range of vectors through which childrens’ safety could be at risk.

I raise this subtle distinction because the simplified, headline-friendly version gave rise to a bizarre line of questioning in Lovejoy’s article:

Eric Friedman stated, in so many words, that “we are the greatest platform for distributing child porn.” The revelation does, however, raise the question: How could Apple have known this if it wasn’t scanning iCloud accounts… ?

One possibility not raised in Lovejoy’s article is that Friedman was typing imprecisely in this iMessage thread. But this seems to me like a reasonable guess made by the head of fraud and risk at Apple — one of the world’s biggest providers of cloud storage and maker of some of the most popular third-party developer platforms. Even though Apple has not been checking iCloud Photos or iCloud Drive against a CSAM hash list, it is reasonable to speculate that a billion active devices will — sad to say — involve a lot of CSAM in those cloud services.

But Friedman is right: Apple has almost certainly been underreporting because of the current design of its systems. According to the National Center for Missing and Exploited Children, many companies made millions of reports of CSAM uploaded by users, but Apple does not even appear on the chart the Times created. Given the types of services Apple offers, this is certainly a lack of detection rather than a lack of material.

But Apple does make some reports to NCMEC. So, if it is not scanning its cloud storage services — yet — where are those reports coming from?

Thomas Brewster, writing for Forbes in February 2020:

But in Apple’s case, its staff is clearly being more helpful, first by stopping emails containing abuse material from being sent. A staff member then looks at the content of the files and analyzes the emails. That’s according to a search warrant in which the investigating officer published an Apple employee’s comments on how they first detected “several images of suspected child pornography” being uploaded by an iCloud user and then looked at their emails. (As no charges have been filed against that user, Forbes has chosen to publish neither his name nor the warrant.)

Apple also confirmed to Lovejoy this week that it has automatically checked hashes of email attachments against known CSAM since 2019.

I was able to find the warrant referenced here by Brewster — but, for the same reasons, I will not link to it — and I was struck by the similarities between its existing CSAM protocol and the description of its forthcoming child safety projects. In both cases, when there is a hash match, someone at Apple verifies the legitimacy of the match before submitting a report.

I hope Apple does not offload this emotionally damaging work onto some minimum wage contractor.

Apple’s announcement two weeks ago set up a high-stakes reorientation of the balance between the privacy of its users and the risks created by its hardware, software, and services. Those risks were also identified by Friedman and Sibert in the iMessage chat above, along with some loose ideas for countermeasures. Whether Apple’s recently-proposed projects are a good compromise is still the topic of rigorous debate. But it seems some of the exhibits exposed in this lawsuit combined with great reporting from Brewster creates a fuller picture of the nascent days of these child safety efforts, and how Apple’s current processes might scale.

FDA Approves Pfizer-BioNTech COVID-19 Vaccine

From the FDA:

Today, the U.S. Food and Drug Administration approved the first COVID-19 vaccine. The vaccine has been known as the Pfizer-BioNTech COVID-19 Vaccine, and will now be marketed as Comirnaty (koe-mir’-na-tee), for the prevention of COVID-19 disease in individuals 16 years of age and older. The vaccine also continues to be available under emergency use authorization (EUA), including for individuals 12 through 15 years of age and for the administration of a third dose in certain immunocompromised individuals.

Fantastic news, and something that may sway a handful of people worried about receiving this vaccine and will pave the way for mandates. But I doubt that this will move the needle for the truly anti-vaccine crowd, and I am bemused that some media outlets are surprised that the goalposts have been moved.

One of the theories that has gained favour among some anti-vaccine people is that Bill Gates was involved in COVID vaccines in order to upload every individual’s conscience to the cloud so that bankers can control your transactions. This is not an exaggeration or a misrepresentation. Though not all those who are anti-vaccine believe everything this extreme, it is a mainstream view among a non-mainstream group of people. Anyone who thinks that FDA approval will change minds set in these kinds of beliefs is only kidding themselves.

Anyone who can get vaccinated must do so, and as quickly as possible. If you can, do your best to convince the unconvinced. But there are some who simply will not accept that COVID-19 is real, and that widespread vaccination is good public health policy. I cannot imagine how difficult it would be to reorientate someone’s entire perception of the world back to reality.

Counterpoints to the FTC’s Facebook Redux Suit

Earlier this week, the FTC took a second crack at accusing Facebook of criminal anticompetitive behaviour:

“Facebook lacked the business acumen and technical talent to survive the transition to mobile. After failing to compete with new innovators, Facebook illegally bought or buried them when their popularity became an existential threat,” said Holly Vedova, FTC Bureau of Competition Acting Director. “This conduct is no less anticompetitive than if Facebook had bribed emerging app competitors not to compete. The antitrust laws were enacted to prevent precisely this type of illegal activity by monopolists. Facebook’s actions have suppressed innovation and product quality improvements. And they have degraded the social network experience, subjecting users to lower levels of privacy and data protections and more intrusive ads. The FTC’s action today seeks to put an end to this illegal activity and restore competition for the benefit of Americans and honest businesses alike.”

The FTC filed the amended complaint today in the U.S. District Court for the District of Columbia, following the court’s June 28 ruling on the FTC’s initial complaint. The amended complaint includes additional data and evidence to support the FTC’s contention that Facebook is a monopolist that abused its excessive market power to eliminate threats to its dominance.

I am looking forward to seeing what comes out of this case; I hope for an outcome that reduces Facebook’s overwhelming market power. But, as a non-lawyer, I find it illuminating to look at the counterarguments.

Mike Masnick, Techdirt:

That said, there is more evidence in this complaint that Facebook deliberately sought to undermine competition at a variety of different points. And if the FTC can convince the court that (1) the market definition it has is correct, and (2) that Facebook has monopolistic power in that market, perhaps it can move the case forward. But, again, the complaint focuses heavily on the Instagram and WhatsApp acquisitions, both of which happened many years ago — at a time when Facebook was nowhere near as big or powerful as it is today. And, importantly, there aren’t really examples of them doing the same thing recently. Indeed, we keep seeing new entrants showing up in the social media market — including Snap, TikTok, and Clubhouse. Those all undermine the argument that Facebook can stop competitors.

Of the three competitive companies here, Snap is the most successful. I would be surprised if Clubhouse is enduring rather than fleeting.

Meanwhile, the FTC defines the product category that Facebook’s brands occupy in a way that excludes TikTok, and I think there is a reasonable argument for that. TikTok is not really designed for following close sets of friends and family members in the same way that Facebook and WhatsApp are, but which Instagram is increasingly not.

The FTC seems to be arguing that acquiring Instagram and WhatsApp reduced competition in the social networking space they have defined, and that they cemented Facebook’s position. But Masnick points out a couple of internal inconsistencies in the FTC’s reasoning.

Eric Seufert, Mobile Dev Memo:

I don’t have a law degree, so I feel unqualified to assess the legal merits of the FTC’s market definition.

But what I can capably assess is the FTC’s arguments around Facebook’s control of advertising prices on its platform. Multiple times throughout the complaint, the FTC declares that Facebook’s monopoly control over the market for personal social networking resulted in unnaturally high “advertising prices.” This is simply incorrect, and it reveals a lack of understanding of the digital advertising ecosystem and how advertising inventory is priced.

This seems like a pretty significant error for making the case that Facebook’s market position is an economic concern. But if the FTC’s complaint is mostly about how Facebook has used its size and power to disadvantage competitors, I wonder if it matters. Regardless, it is worrying that the FTC seems to not fully understand the arguments it is making.

Elon Musk Unveils His Funniest Vaporware Yet

Matt Novak, Gizmodo:

Musk’s “robot” was just a person dancing around in a skintight full-body suit, but he promises that his electric car company really is working on something. And he really wants you to believe him this time.

“The Tesla bot will be real,” Musk said emphatically, trying to usher his fake robot off-stage on Thursday.

Almost as funny: the credulous media coverage that dutifully repeated all of Musk’s claims.

My guess is that Tesla realized earlier this week that it did not have enough to talk about at its “A.I. Day” presentation. It hastily assembled some drawings, hired a company to render a few surfaces, and made an intern put on a full body suit and dance for a few seconds. There is no reason to believe this is a real project.

Facebook Shelved an Earlier ‘Widely Viewed Content’ Report Because It Looked Bad

Of the many questions raised by Facebook’s “Widely Viewed Content” report, released Wednesday, one was about timing: why did Facebook choose to release a report covering April through June? Why start now rather than, say, in January?

Davey Alba and Ryan Mac, New York Times:

Facebook had prepared a similar report for the first three months of the year, but executives never shared it with the public because of concerns that it would look bad for the company, according to internal emails sent by executives and shared with The New York Times.

In that report, a copy of which was provided to The Times, the most-viewed link was a news article with a headline suggesting that the coronavirus vaccine was at fault for the death of a Florida doctor. The report also showed that a Facebook page for The Epoch Times, an anti-China newspaper that spreads right-wing conspiracy theories, was the 19th-most-popular page on the platform for the first three months of 2021.

Given the widespread mockery of what ended up being released, it makes me wonder if Facebook will scrap the very concept of this report rather than commit to a quarterly release schedule. Its goal seems to be creating a counterpoint to reporting that Facebook enables the spread of conspiracy theories and disinformation, but nobody seems to be convinced. Why would Facebook prepare an update to this in three months’ time — especially if, like the draft from the first quarter of this year, it will spur another round of bad press?