What is a JSON feed? Learn more

JSON Feed Viewer

Browse through the showcased feeds, or enter a feed URL below.

Now supporting RSS and Atom feeds thanks to Andrew Chilton's feed2json.org service


Daring Fireball


[Sponsor] Retool

Permalink - Posted on 2021-09-21 00:24

Programming has gotten surprisingly hard. Building a simple form to POST data back to your API means wrangling with redux and thunks. Oh, and debouncing that submit button. Everything but solving the business problem.

Retool is a new approach: we’ve unified the ease of visual programming with the power and flexibility of real code. Drag and drop a form together, and have it POST back to your API in minutes. Deploy instantly with access controls and audit logs.

Allbirds uses Retool to measure billboard efficacy. Amazon uses Retool to handle GDPR requests. You, too, can use it to build business-critical applications fast.

Start building for free today.

Link: retool.com/?utm_source=sponsor&utm_medium=newsletter&utm…

Listen Notes

Permalink - Posted on 2021-09-18 18:26

My thanks to Wenbin Fang for sponsoring this week at DF to promote Listen Notes, a podcast search engine. He sponsored DF to share his story of how listening to podcasts has largely replaced Wikipedia as an informal learning resource for him, personally.

Fang has used Listen Notes to help himself listen to about 5,000 podcast episodes in the past 4 years. (!) In his blog post, he explains his own idiosyncratic methods for podcast discovery and consumption.

If you want to jumpstart your own podcast project, try the Listen Notes podcast API, or if you want to find all podcast interviews of a person, just search for their name on listennotes.com. Just a website, really well done.

Link: listennotes.com/blog/why-podcasts-are-my-new-wikipedia-the…

The Talk Show: ‘It Was More Arial Than Helvetica’

Permalink - Posted on 2021-09-18 18:17

Rene Ritchie returns to the show for a recap of this week’s “California Streaming” Apple Event: the iPhones 13, Apple Watch Series 7, and new iPads. Also, last week’s decision in the Apple v. Epic lawsuit.

Brought to you by these fine sponsors:

  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • Hello Fresh: America’s #1 meal kit.
  • Away: Designed to last for life.

Link: daringfireball.net/thetalkshow/2021/09/18/ep-322

★ Various Single-Paragraph Thoughts and Observations Regarding Yesterday’s ‘California Streaming’ Apple Event for the iPhones 13, Apple Watch Series 7, and New iPads

Permalink - Posted on 2021-09-15 23:40, modified on 2021-09-16 09:41

The Event

Staging-wise, I’m not sure I get Apple’s “let’s make this all about California” strategy. The footage from various scenic locations across the state was beautiful, but I don’t get why it mattered for this particular event. Apple’s always been in California, they’ve always been proud of being from California. My best guess is that it’s as simple as needing a theme of some sort, and “California scenic beauty” was as good as any, for yet another COVID era event that couldn’t be held inside with an audience. Joz presented outside at Apple Park, and Cook was on stage in the Steve Jobs theater, but I get the feeling they wanted to break away from Apple Park as the set dressing for the whole show, too.

To that point, I thought Kaiann Drance’s segment introducing the iPhone 13 and 13 Mini was the most stunning. Standing on stage, alone, at the San Diego Symphony’s outdoor theater, in front of all those empty seats. It was both beautiful and an instant reminder of what we’re all missing.

The iPhones 13

Last year, the iPhone 12 and 12 Pro — the two “regular” sized new iPhones — shared the exact same protective cases. This year, there are different cases for the iPhone 13 and 13 Pro. I think that’s because the three-lens camera module on the back of the iPhone 13 Pro is bigger than the two-lens module on the iPhone 13. The width, height, and depth of the 13 Pro and regular 13 are identical.

Last year, the 12 Pro Max had a better camera system than the 12 Pro. Only the 12 Pro Max had the sensor shift optical image stabilization, and only the 12 Pro Max had a 2.5× (as opposed to 2×) telephoto lens. This year, both Pro models have identical camera systems. (And, like last year, the regular iPhone 13 and 13 Mini share the same camera system as each other.)

The iPhone 13 Pro camera modules are entirely different from the non-Pro 13 and 13 Mini, though. Not just the existence of the new 3× telephoto, but the 1× (wide) and 0.5× (ultra wide) cameras are better on the Pro models. The 1× Pro camera has a maximum aperture of ƒ/1.5; the 1× non-Pro camera is ƒ/1.6. (Lower values for aperture let in more light; photographer lingo is that they’re “faster”.) The 0.5× Pro camera has a fast ƒ/1.8 aperture; the 0.5× non-Pro camera is ƒ/2.4.

Macro photography is a Pro-only feature, I believe because the 13 Pro 0.5× ultra wide camera has autofocus, and the non-Pro 0.5× camera is fixed-focus.

The front-facing camera on all iPhone 13 models appears to be the same, but only the Pro models can shoot in the ProRes format. (Not sure why anyone would want to shoot ProRes with the front-facing camera, though. But I guess why not enable it?)

The AI-driven automatic focus changes in Cinematic Mode video seem too good to be true. Very futuristic feature, if it works as promised.

I really missed having a hands-on experience with the new devices, if only to consider their colors. “Starlight” appears to be silver with a slight hint of gold. I’m tempted to say champagne, but maybe that implies too much gold. “Midnight” isn’t quite neutral dark gray or near-black — it has a hint of blue or indigo. (Blue is seemingly the color of the year. Anecdotally, it seems like a lot of people I know are planning to get the Pro models in Sierra Blue.)

Apple Watch Series 7

A bigger screen, with a brighter always-on display mode, and faster charging are OK year-over-year improvements. But clearly Series 7 is a minor, not major, refresh. That’s fine, and inevitable for a maturing product. You’re not supposed to buy a new $500 Apple Watch every year, and while I know a lot of people who buy a new iPhone each year (including yours truly), I don’t know anyone, even devout fitness enthusiasts, who buys a new Apple Watch annually. Even every other year feels pretty frequent. A Series 5 or Series 4, purchased new, should still be a really great Apple Watch. [Update: I should have known my audience better. A bunch of you buy a new Apple Watch every year. I think we can all admit it’s atypical, though — and that developers who buy a new one every year for testing are an edge case.]

Quinn “Snazzy Labs” Nelson flagged Apple for an unfair comparison, regarding just how much more text the larger Series 7 displays can show at a time. The font was the same size, but the line spacing was quite a bit tighter in the Series 7 screenshot. I would also argue that Apple chose text that line-wrapped inefficiently on the Series 6 display, but the difference in line heights is clearly unfair. Apple doesn’t usually play games like that in comparisons. Yellow card issued.

The entry model $199 Apple Watch remains the now-kinda-long-in-the-tooth Series 3. I was really hoping for the Series 4 to take that spot in the lineup. I know developers of WatchOS apps were too. The Series 3 has an outdated screen size that developers are going to have to support for years to come.

New iPad Mini and 9th-Generation Just-Plain iPad

The iPad Mini has always been on a unique upgrade cycle. It goes years between refreshes, but when Apple does update it, they tend to bring it up to current specs. The new iPad Mini has the same A15 SoC as the iPhones 13 — in fact, it has the 5-core GPU like the iPhone 13 Pro models, not the 4-core GPU like the iPhone 13 and 13 Mini. The previous iPad Mini had the A12.

The iPad Mini is really more like an iPad Air Mini. The new regular “iPad” still has a home button and sharp-cornered display. The Mini has the modern round-cornered display, no home button, and a Touch ID sensor on the power button — just like the current iPad Air. Also like the iPad Air, the new Mini has a USB-C port instead of Lightning. The volume buttons for the Mini are on the top of the device — a first for iPad. I’m guessing that decision was mainly about supporting the magnetic Pencil 2 along the long side of the device where the volume buttons traditionally go for iPads.

TV+ and Fitness+

One thought that occurred to me is that it’s good to see Apple pushing forward on their own original service products. Even putting aside the legal and legislative attention regarding the App Store — big things to put aside, at the moment — I just don’t think it’s healthy for Apple to depend on rent-seeking to grow Services revenue. Getting 30 percent of the revenue from subscriptions to other company’s services is a fine business, financially, but it’s like junk food for any company’s culture. Apple is a great company because they make great original things that people want to pay for. TV+ and Fitness+ are exactly that. Collecting 30 percent of another company’s in-app subscription revenue is not.

Yours Truly on CNBC This Morning

Permalink - Posted on 2021-09-15 23:39

I enjoy that I’m credited in the headline simply as “expert”. I’ll take that.

Link: cnbc.com/video/2021/09/15/john-gruber-apple-embracing-work…

The Old Last-Minute Hardware Design Switcheroo

Permalink - Posted on 2021-09-15 16:51

Killian Bell, writing at Cult of Mac:

Apple Watch Series 7 is not the upgrade most of us expected to see from Tuesday’s Apple event. The new model doesn’t sport the big design refresh multiple sources said was coming. It doesn’t even pack a new chip.

Is this the upgrade Apple wanted to deliver this year? Or is it a last-minute substitution that Cupertino had to settle on because the refresh it really wanted to deliver just wasn’t ready to roll out?

Based on the evidence, we’re going to say it’s the latter.

The only way this could be funnier is if Bell included the theory that perhaps Apple changed the hardware at the last minute because the flat-edge designs leaked.

This is not how hardware works. These designs are set long in advance. In fact, from what I’ve heard, the flat-edge watch designs might be legitimate leaks, but they’re next year’s designs. That’s how far in advance Apple works on hardware — they were already in the advanced stages of designing the 2022 Apple Watches months ago. (Aesthetically, I am not sold on a flat-edge design for the watch. The round edges are iconic and organic.)

You can argue that Series 7 is a marginal upgrade over Series 6, but with an all-new screen (brighter and bigger), all-new crystal (more durable), and 33 percent faster charging, there are upgrades, and none of them could be slapped together.

Link: cultofmac.com/752777/apple-watch-7-last-minute-substitution…

NSO Group iMessage Zero-Click Exploit Captured in the Wild, Patched by Apple

Permalink - Posted on 2021-09-15 16:20, modified at 16:22

Citizen Lab:

In March 2021, we examined the phone of a Saudi activist who has chosen to remain anonymous, and determined that they had been hacked with NSO Group’s Pegasus spyware. During the course of the analysis we obtained an iTunes backup of the device.

Recent re-analysis of the backup yielded several files with the “.gif” extension in Library/SMS/Attachments that we determined were sent to the phone immediately before it was hacked with NSO Group’s Pegasus spyware.

Because the format of the files matched two types of crashes we had observed on another phone when it was hacked with Pegasus, we suspected that the “.gif” files might contain parts of what we are calling the FORCEDENTRY exploit chain.

Citizen Lab forwarded the artifacts to Apple on Tuesday, September 7. On Monday, September 13, Apple confirmed that the files included a zero-day exploit against iOS and MacOS. They designated the FORCEDENTRY exploit CVE-2021-30860, and describe it as “processing a maliciously crafted PDF may lead to arbitrary code execution.”

The files with the “.gif” extension weren’t actually GIF files — they were carefully-crafted malformed PSD and PDF files that triggered image processing bugs. What makes attacks like this particularly dastardly is that the victim apparently doesn’t even see anything. It’s invisible.

Link: citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero…

iPhone 13 Claim Chowder: Satellite Connectivity

Permalink - Posted on 2021-09-14 22:59, modified at 23:00

Sascha Segan, writing for PCMag:

Well, that was bogus.

Both prominent analyst Ming-chi Kuo and extremely reliable Apple reporter Mark Gurman got seemingly taken in this year by a rumor that the new iPhone 13 line would talk to satellites, something that completely didn’t happen during the company’s iPhone 13 announcement on Tuesday.

In fact, the iPhone 13 doesn’t even feature 5G band n53, the ground-based 5G band owned by satellite operator Globalstar, which I had speculated was the grain of truth in the rumors. So I was wrong, too. […]

We may never know what really caused those rumors to spark, but I wonder darkly if it has to do with some sort of stock pump-and-dump situation. Satellite provider Globalstar’s stock jumped after Kuo’s report, and now it’s crashing back to earth.

It’s possible that the iPhones 13 do contain a satellite-connectivity-compatible chip, but Apple made no mention of it as a feature. Gurman was circumspect about whether the feature would actually ship, but Kuo seemingly reported it as fact.

Link: pcmag.com/opinions/that-whole-iphone-satellite-thing-was…

Norm Macdonald Dies at 61, After Long Battle With Cancer

Permalink - Posted on 2021-09-14 19:32

Jordan Moreau, reporting for Variety:

Norm Macdonald, the deadpan comedian, actor, writer and “Saturday Night Live” star, has died after a private battle with cancer, Variety has confirmed. He was 61.

Macdonald’s cancer diagnosis was kept secret from the public, but he battled it for nine years.

Terrible news. Fuck cancer, man.

It’s hard to pick one favorite Macdonald bit, but his portrayal of Turd Ferguson on Celebrity Jeopardy makes me laugh every damn time I watch it.

Link: variety.com/2021/tv/news/norm-macdonald-dead-dies-snl…

Flat-Edged Apple Watch Series 7 Claim Chowder

Permalink - Posted on 2021-09-14 19:24, modified on 2021-09-15 16:31

May 19:

The upcoming Apple Watch Series 7 will feature a flat-edged design, similar to the iPhone 12 and iPhone 12 Pro, and the addition of a new green case color option, according to Apple leaker Jon Prosser.

Bonus points to Prosser for commissioning 3D renders of a fictional design.

Mark Gurman, two weeks ago:

While last year’s upgrade centered on the blood-oxygen sensor, this year’s is all about a new design with a flatter display and edges, a faster processor and slightly larger screens.

Ming-Chi Kuo, four days before Apple’s event:

The new device will introduce the “most significant change in the design of the Apple Watch ever.” […] Kuo echoes those claims, stating that the device will feature “flat-edge and narrow bezel designs.”

Today: A big nope on those flat edges. No always-on display mode for any of the new iPhones, either.

Link: macrumors.com/2021/05/19/prosser-apple-watch-series-7…

[Sponsor] Why Podcasts Are My New Wikipedia  — the  Perfect Informal Learning Resource

Permalink - Posted on 2021-09-14 17:45, modified at 23:54

As of September 2021, there are over 2.6 million RSS-based podcasts and more than 113 million episodes on the internet.

Basically, there’s a podcast for that. You can learn any topic by listening to podcasts. And it seems that every domain expert has already done some podcast interviews.

Podcasts have become my primary informal learning resource. And I built a podcast search engine (listennotes.com) to help myself listen to ~5,000 podcast episodes in the past 4 years! In this blog post, I’ll share with you my quirky way of podcast discovery and consumption :)

Link: listennotes.com/blog/why-podcasts-are-my-new-wikipedia-the…

New Data From CDC Shows That COVID-19 Remains a Pandemic Only Among the Unvaccinated

Permalink - Posted on 2021-09-13 16:55, modified at 16:59

The vaccinated line in these new charts does show a small bump for getting COVID among the vaccinated, but hospitalization and death are spiking only for the unvaccinated.

Link: fastcompany.com/90675524/delta-variant-vaccinated-vs…

NXLog Enterprise Edition

Permalink - Posted on 2021-09-12 16:53

My thanks to NXLog for sponsoring last week at DF.

NXLog is able to capture logs directly from Apple’s Unified Logging System, can collect Endpoint Security logs natively, and offers powerful log aggregation capabilities. NXLog gives you complete visibility over your MacOS security logging with a native solution. It is by far the most configurable and versatile log collection solution for the Mac.

Link: nxlog.co/collecting-logs-from-macos?ci=7011v0000017mUS

‘Fear and Loathing in America’

Permalink - Posted on 2021-09-12 15:53, modified at 15:54

You’ll read nothing better — or more prescient — about 9/11 than Hunter S. Thompson’s column for ESPN, written 24 hours after the attack:

The towers are gone now, reduced to bloody rubble, along with all hopes for Peace in Our Time, in the United States or any other country. Make no mistake about it: We are At War now — with somebody — and we will stay At War with that mysterious Enemy for the rest of our lives.

It will be a Religious War, a sort of Christian Jihad, fueled by religious hatred and led by merciless fanatics on both sides. It will be guerrilla warfare on a global scale, with no front lines and no identifiable enemy. Osama bin Laden may be a primitive “figurehead” — or even dead, for all we know — but whoever put those All-American jet planes loaded with All-American fuel into the Twin Towers and the Pentagon did it with chilling precision and accuracy. The second one was a dead-on bullseye. Straight into the middle of the skyscraper.

Nothing — even George Bush’s $350 billion “Star Wars” missile defense system — could have prevented Tuesday’s attack, and it cost next to nothing to pull off. Fewer than 20 unarmed Suicide soldiers from some apparently primitive country somewhere on the other side of the world took out the World Trade Center and half the Pentagon with three quick and costless strikes on one day. The efficiency of it was terrifying.

We are going to punish somebody for this attack, but just who or what will be blown to smithereens for it is hard to say. Maybe Afghanistan, maybe Pakistan or Iraq, or possibly all three at once. Who knows? Not even the Generals in what remains of the Pentagon or the New York papers calling for WAR seem to know who did it or where to look for them.

The good Dr. Thompson’s voice is sorely missed today.

Link: espn.com/espn/page2/story?id=1250751

The Bizarre Decline of Common Sense in COVID Reporting at The New York Times

Permalink - Posted on 2021-09-11 15:24

Apoorva Mandavilli, reporting for The New York Times back on August 18:

Together, the new studies indicate overall that vaccines have an effectiveness of roughly 55 percent against all infections, 80 percent against symptomatic infection, and 90 percent or higher against hospitalization, noted Ellie Murray, an epidemiologist at Boston University.

“Those numbers are actually very good,” Dr. Murray said. “The only group that these data would suggest boosters for, to me, is the immunocompromised.” […]

Dr. Murray said a booster shot would undoubtedly boost immunity in an individual, but the added benefit may be minimal — and obtained just as easily by wearing a mask, or avoiding indoor dining and crowded bars.

This is like saying we don’t need air bags in addition to seat belts, because the equivalent increase in safety during car crashes could be “obtained just as easily” by limiting cars to a maximum speed of 15 miles per hour. It’s not factually incorrect, but it defies common sense. It’s the difference between intelligence and wisdom. Wearing masks sucks. People want to eat indoors and go to crowded bars. People want to drive faster than 15 miles per hour.

The Times misses Donald McNeil’s reporting dearly. The above nonsense isn’t going to earn them a Pulitzer like McNeil’s excellent reporting did last year. Meanwhile, writing on his own, rather than telling people to mask indefinitely and stay home, he’s got it right:

Nonetheless, data from Israel suggests that mRNA vaccines start waning after six months. Israel is already offering booster shots to everyone over 60. We must do the same. (And ultimately not just to seniors — early hints suggest that the passage of time lowers everyone’s protection.)

We need to get over the current “pretty please?” phase of this fight. Vaccination mandates change everything. Think how different our lives would be if smallpox vaccine was never invented and, every 20 years or so, one third of our children died. That was life before vaccines.

In this country, 99 percent of Covid deaths are now among the unvaccinated. Data doesn’t get more convincing than that.

Death has a false-positive rate of zero.

Link: nytimes.com/2021/08/18/health/covid-cdc-boosters-elderly…

Unvaccinated People Are 5× More Likely to Catch Delta Variant of COVID, 10× More Likely to be Hospitalized, 11× More Likely to Die

Permalink - Posted on 2021-09-11 14:51, modified at 15:01

Beth Mole, reporting for Ars Technica:

COVID-19 vaccines are largely holding up against the hyper-transmissible delta coronavirus variant, particularly when it comes to preventing severe disease and death, according to three studies published Friday by the Centers for Disease Control and Prevention. […]

In terms of infections, fully vaccinated people were about 11 times less likely to get an infection in the pre-delta period, compared with the unvaccinated (with a 95 percent confidence interval of 7.8 to 15.8). That ratio dropped to 4.6 less likely in the post-delta period (with a 95 percent confidence interval of 2.5 to 8.5).

For hospitalizations prior to delta, fully vaccinated people were 13 times less likely to wind up in the hospital than the unvaccinated (confidence interval of 11.3 to 15.6). After delta, that ratio dropped slightly to 10 times less likely (confidence interval of 8.1 to 13.3). The fully vaccinated were 16.6 times less likely to die of COVID-19 prior to delta (confidence interval of 13.5 to 20.4) and 11.3 times less likely to die after delta (confidence interval of 9.1 to 13.9).

Donald McNeil — the award-winning science reporter formerly of The New York Times — writing a month ago:

Confusion about mask rules is now so great that enforcement anywhere but on airplanes will be impossible. Requiring weekly tests as a substitute for vaccination is doomed to fail because the Delta variant can turn someone from healthy to superspreader in less than four days.

The key to saving lives is vaccine. The key to reopening offices and factories is vaccine. The key to reopening schools is vaccine. The key to keeping bars and restaurants open in cold weather is vaccine. The key to travel and shopping is vaccine. Vaccine in everybody.

Link: arstechnica.com/science/2021/09/unvaccinated-are-5x-more…

Judgment in Epic Games, Inc. v. Apple Inc.

Permalink - Posted on 2021-09-10 23:10

Judge Yvonne Gonzalez Rogers ruled today on the Epic v. Apple case. It seems pretty clear to me that Apple got a huge victory, and Epic was served an even huger loss. But read for yourself. There are three documents:

  • A one-page judgment, finding for Epic only on the issue of Apple’s anti-steering provision in the App Store Guidelines, and for Apple on all other counts. The judgment also says Epic owes Apple 30 percent of the $12 million Fortnite for iOS garnered while they were using their own in-app payment processing between August and October 2020, and that Epic and Apple must both pay their own legal fees.

  • A one-page injunction against the aforementioned anti-steering guideline, the meat of which is this:

    1. Apple Inc. and its officers, agents, servants, employees, and any person in active concert or participation with them (“Apple”), are hereby permanently restrained and enjoined from prohibiting developers from (i) including in their apps and their metadata buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to In-App Purchasing and (ii) communicating with customers through points of contact obtained voluntarily from customers through account registration within the app.
  • A 185-page ruling, containing all the findings of fact, etc.

Link: courtlistener.com/docket/17442392/814/epic-games-inc-v…

Microsoft Will Require Vaccines for ‘All Employees, Vendors, and Any Guests Entering Microsoft Buildings’

Permalink - Posted on 2021-09-10 22:25, modified at 22:26

Paul Roberts, reporting for The Seattle Times:

In a sign of growing momentum for vaccine mandates, Microsoft has reversed course and will now require employees to be fully vaccinated to enter the company’s U.S. offices and other worksites, starting next month.

The Redmond-based tech giant told employees Tuesday it will “require proof of vaccination for all employees, vendors, and any guests entering Microsoft buildings in the U.S.”

The company also said it will have a process to accommodate employees “who have a medical condition or other protected reason, such as religion, which prevent them from getting vaccinated.”

Accommodations for medical conditions that preclude being vaccinated are common sense. But fuck these “religious” exemptions. If your “religion” forbids you from being vaccinated, that’s not a religion, that’s a cult.

So where’s Apple on this? Why isn’t Apple requiring proof of vaccination for employees, including for retail employees and customers? Why reserve courageous decisions only for removing headphone jacks?

Link: seattletimes.com/business/microsoft/microsoft-reverses…

Biden Issues Sweeping New Vaccine Mandates for 100 Million Americans

Permalink - Posted on 2021-09-09 23:26, modified on 2021-09-10 00:51

Zeke Miller, reporting for the Associated Press:

In his most forceful pandemic actions and words, President Joe Biden on Thursday announced sweeping new federal vaccine requirements affecting as many as 100 million Americans in an all-out effort to increase COVID-19 vaccinations and curb the surging delta variant.

Speaking at the White House, Biden sharply criticized the roughly 80 million Americans who are not yet vaccinated, despite months of availability and incentives.

“We’ve been patient. But our patience is wearing thin, and your refusal has cost all of us,” he said, all but biting off his words. The unvaccinated minority “can cause a lot of damage, and they are.”

More like this, please. Mandate COVID-19 vaccinations for everything. For getting on a flight, for going to school, for eating in a restaurant, for keeping your job. Yes, mandating anything is an extraordinary use of authority, but this pandemic is clearly the most extraordinary crisis most of us have ever lived through. It’s exactly why the federal government has the far more extraordinary power to draft men into the armed services and send them to war: for the greater good.

Link: apnews.com/article/joe-biden-business-health-coronavirus…

L.A. School District Will Mandate Vaccines for Students

Permalink - Posted on 2021-09-09 23:20

Dana Goldstein, reporting for The New York Times:

Los Angeles is the first major school district in the United States to mandate coronavirus vaccines for students 12 and older who are attending class in person.

With the Delta variant ripping across the country, the district’s Board of Education voted, 6-0, to pass the measure on Thursday afternoon. The Los Angeles Unified School District is the second largest in the nation, and the mandate would eventually apply to more than 460,000 students, including some enrolled at independent charter schools located in district buildings.

More like this, please.

Link: nytimes.com/2021/09/09/us/la-vaccine-mandate-students…

Bloomberg Reports That Kevin Lynch — Who, It Turns Out, Is Not a Bozo but Was Just Being a Solid Team Player for Adobe Back When He Was Staunchly Defending Flash in the Face of the Obvious Fact That Flash Was Crap Technology Holding Back the Entire Web — Is Taking Over All of Project Titan

Permalink - Posted on 2021-09-09 22:15, modified on 2021-09-10 16:55

Mark Gurman, reporting for Bloomberg:*

Lynch, an Adobe Inc. veteran who joined Apple in 2013 to run the software group for the company’s smartwatch and health efforts, replaced Doug Field as the manager in charge of the car work, according to people with knowledge of the matter.

The executive first started working on the project earlier this year when he took over teams handling the underlying software. Now he is overseeing the whole group, which also includes hardware engineering and work on self-driving car sensors, said the people, who asked not to be identified because the move isn’t public.

I think it’s fair to say that Lynch is second only to Craig Federighi software-wise at Apple, and the two initiatives he’s led in the eight years he’s been at Apple — WatchOS and Health — have been huge successes. Apple Watch is a hit product, WatchOS has gotten steadily better every single year, and a large part of what makes Apple Watch so popular — utterly dominant in a still-growing category — is its integration with Health.

I take this not just as a sign that Lynch is a star at Apple, but that Lynch sees a light at the end of the Project Titan tunnel — something that might actually ship, my jokes be damned. It’s also a sign that WatchOS has largely matured. No platform is ever done until it’s dead, so I’m not saying WatchOS won’t continue iterating year-over-year, but the “shaping and steering a new platform from launch through maturity” period is over.

It feels, however, like Project Titan is somehow cursed. Smart people at Apple believe it’s solvable with the right approach, but the project keeps “pivoting” every few years, and that takes a toll on confidence and stamina. The thrill of shipping is the reward for years of hard work, and to date no one who’s devoted serious effort to Titan has gotten even a hint of that reward.

* Bloomberg, of course, remains the outfit that shit its journalistic pants with The Big Hack — a blockbuster report that no one, including Bloomberg, has ever produced a single shred of evidence to back up — yet not only never retracted it but in fact still “stands behind” it even though it’s rather clear they hope everyone just forgets about it. So take anything they publish with a Big Hack-sized grain of salt, even though Gurman’s reporting on the Apple beat has been nonpareil of late.

Link: bloomberg.com/news/articles/2021-09-09/apple-s-watch…

★ Why iPhone Names Have Numbers and Most Other Apple Product Names Don’t

Permalink - Posted on 2021-09-09 18:40, modified on 2021-09-10 22:15

I conducted a poll on Twitter this week asking what people think the new iPhones presumably being introduced next week will be named. With over 4,600 votes, the results were:

  • iPhone 13: 70%
  • iPhone 12S: 12%
  • iPhone (no more numbers): 15%
  • Other: 3%

I probably asked a few days too late — there was a credible leak purporting to show the packages for “iPhone 13 Pro Max” silicone cases from Apple over the weekend.

What intrigued me were the number of folks responding on Twitter who said that while they voted for “iPhone 13” as what they would be named, they wish that Apple would drop the numbers and just go with iPhone, iPhone Mini, iPhone Pro, and iPhone Pro Max, with implicit model years to tell them apart from new models in subsequent years. That’s basically how Apple names its other products — with the notable exception of Apple Watch (see below).

But just plain “iPhone” wouldn’t work for iPhones, because iPhones are different. When Apple introduces a new iPad Pro, it replaces the previous iPad Pro. You can’t go into an Apple Store and buy a new 2018 iPad Pro. But you can buy a new iPhone XR from Apple today — a model that was introduced in 2018. (I’d wait until next Tuesday before doing that.) Apple Watch is the only other product that’s sold like iPhones, with previous “series” sticking around for years at lower prices.1

Apple wants people who are buying new iPhones that were first introduced 2–3 years ago to feel like they’re getting a new iPhone. They should, because they are — they’re great devices at lower prices, and will be supported for years to come. But if the iPhone XR were named “iPhone (2018)”, it’d feel old.

I get it: it seems odd that in 10 years we might be awaiting the introduction of the iPhone 23 lineup, but at the moment, I don’t see this changing. The NFL just keeps counting Super Bowls — at least Apple only used Roman numerals for the X and XS/XR years.

  1. The Apple Watch numbering scheme is simple: new year, new series, incremented by one. The iPhone numbering scheme is not simple. There was no iPhone 2 — the second iPhone was named iPhone 3G. Thanks to the 3GS, the iPhone 4 was in fact the fourth model year. But then came the other “S” years: 4S, 5S, 6S, XS. And Apple skipped “iPhone 9” entirely. If Apple had stuck to a numbering scheme as simple as Apple Watch’s, next week’s new iPhones would be the iPhones 15. ↩︎

Philadelphia’s Plastic Bags Ban

Permalink - Posted on 2021-09-09 18:04, modified at 19:11

From the city’s website:

Philadelphians use almost 1 billion plastic bags each year, which litter our streets, waterways, and commercial corridors. Plastic bags account for over 10,000 hours of lost staff time and pose a danger to workers at recycling facilities because they get caught in the equipment. Banning plastic bags will make our city cleaner, reduce waste and save money.

I’ve been reading Millions, Billions, Zillions by Brian Kernighan (who is apparently a computer scientist of some renown). It’s a great book ($11 in hardcover from Amazon; BookShop.org link to indie booksellers), and Kernighan’s writing style is as buttery smooth as ever. One of the things he does is encourage back-of-the-envelope math on numbers like the above, when you encounter them. Does it make sense that Philadelphians use 1 billion plastic bags per year?

Philly has about 1.6 million residents. 1 billion divided by 1.6 million is 625 plastic bags per person per year, about 12 bags per person per week, or 1.7 bags per person per day. When I consider how often stores double-bag anything vaguely heavy, that seems plausible. (There’s also the fact that Philly gets many tourists, and in normal times there are many non-residents who commute into the city daily for work. Feel free to bump 1.6 million to a higher number, but for ballpark “does this figure make sense” purposes, I think the Census figure is fine.)

10,000 annual hours of lost staff time is high, but seems plausible too: That’s about 192 hours per week, or about 5 full-time employees.

Link: phila.gov/2021-06-23-what-you-need-to-know-about-the-citys…

Anker’s $20 Nano Pro 20W Charger

Permalink - Posted on 2021-09-09 17:21, modified at 17:50

Speaking of stuff you can buy from Amazon — with affiliate links that could make me rich — I highly recommend Anker’s small 20-watt Nano chargers. Basically, they’re the size of Apple’s classic 5-watt chargers, and thus fit almost anywhere, but they charge at the same speed as Apple’s much-larger new 20-watt chargers. These new models from Anker come in four colors: white, black, lavender, and sissy blue. If you or anyone you know is getting a new iPhone soon, I would strongly recommend one of Anker’s chargers over Apple’s — same speed, same price, much smaller, and a few color options to top it off.

Another Anker charger I’ve been meaning to recommend is the Atom PowerPort III Slim. It’s a 30-watt charger currently on sale for $19, and what makes it different is that it’s, well, very slim (including folding prongs). This charger will fit behind furniture that’s pushed up against the wall. It’s small and lightweight too — here’s mine next to a matchbox for comparison.

Link: amazon.com/Anker-Charger-Durable-Compact-Included/dp…

‘Every Streaming Company Not Named Apple Receives a Lousy Grade on Privacy’

Permalink - Posted on 2021-09-09 17:00, modified on 2021-09-10 02:51

Karl Bode, writing for TechDirt:

While streaming providers and hardware companies see significantly higher consumer satisfaction rates than traditional cable TV, their privacy practices still leave something to be desired. That’s according to a new breakdown of streaming service privacy policies by Common Sense Media, which doled out terrible grades to pretty much everybody not named Apple:

Our privacy evaluations of the top 10 streaming apps indicate that all streaming apps (except Apple TV+) have privacy practices that put consumers’ privacy at considerable risk including selling data, sending third‐party marketing communications, displaying targeted advertisements, tracking users across other sites and services, and creating advertising profiles for data brokers.

This privacy report focuses on streaming services, not hardware platforms, but related to the previous post re: Amazon’s new Fire TV Omni Series, it’s also the case that Apple TV is the only platform that makes privacy a priority and doesn’t put ads on your screen.

Link: techdirt.com/articles/20210901/07342847477/every-streaming…

Amazon Introduces Omni Series Fire TV Sets

Permalink - Posted on 2021-09-09 16:54

New line of LED TV sets from Amazon, with Fire TV and Alexa built-in. The high-end 65- and 75-inch models ($830 / $1,100) come with Dolby Vision support; the lesser models (43-inch for $410, 50-inch for $510, 55-inch for $560) do not. All models are LED, not OLED.

Link: amazon.com/dp/B08T6J1HG8/?tag=df-amzn-20

‘Mr. November’

Permalink - Posted on 2021-09-08 18:04

Mike Lupica, writing for MLB.com:

Jeter was a part of the last Yankee dynasty. His Yankees won four World Series in five years and nearly made it five in six. In the middle of all the winning in the late ‘90s for the Yankees of Joe Torre — the man Jeter calls “Mister Torre” — I was with Jeter one day at his locker at the old Yankee Stadium.

The Yankees were getting ready for another October, and I said to him, “You know, this isn’t going to last forever.”

He looked up at me and quietly said, “Why not?”

This was before he made The Flip to get Jeremy Giambi at the plate in Oakland to save a Yankees season, and before he went 5-for-5 on the day he got to 3,000 hits with a home run off David Price. But Jeter was already the player that kids wanted to be. There were other great Yankees at that time. Still: No. 2 was the one.

And the moment I will always remember best for Jeter, as big and important and memorable as any he ever had and the old Stadium ever had, came at the end of Game 4 of the 2001 World Series, in the middle of three extraordinary nights in the shadow of 9/11, three nights when the Yankees made a wounded city cheer.

Worth it just for the video clip with Michael Kay’s call: “See ya! See ya! See ya!” Gets you right there.

Link: mlb.com/news/derek-jeter-s-top-moment-was-mr-november

Derek Jeter, Hall of Fame Shortstop

Permalink - Posted on 2021-09-08 17:58

Tyler Kepner, writing for The New York Times, on Derek Jeter’s entry to the Baseball Hall of Fame today:

The next season would end much differently for Jeter: at shortstop in Yankee Stadium, celebrating his team’s first World Series title in 18 years. It would ingrain in Jeter a demanding but matter-of-fact standard, that a season is only successful if it ends in a championship.

Jeter’s fans loved him for that mentality, and more. […]

He also learned to never make excuses, a lesson embedded in the Yankee experience. With each passing championship, Jeter said, Yogi Berra would remind him that he had won a record 10 as a player. It is tougher to win now, Jeter would protest, citing modern playoff rounds, but Berra would cut him off.

“His response was: ‘You can come over to my house and count the rings anytime you want,’” Jeter said. “So I always felt as though you’re trying to chase something.”

Billy Crystal: “Jeter, simply put, was a winner.”

Link: nytimes.com/2021/09/07/sports/baseball/derek-jeter-hall-of…

Ford Hires Doug Field, Who Had Been Leading Project Titan at Apple

Permalink - Posted on 2021-09-07 22:26, modified at 22:29

Michael Wayland, reporting for CNBC:

Ford Motor said Tuesday it hired former Tesla and Apple executive Doug Field to lead its emerging technology efforts, a key focus for the automaker under its new Ford+ turnaround plan.

Field — who led development of Tesla’s Model 3 — most recently served as vice president of special projects at Apple, which reportedly included the tech giant’s Titan car project.

The hire is a major addition for Ford and a big hit to Apple and its secret car project, which the company has yet to confirm exists.

Maybe it’s as simple as Field wanting to work on something that’s actually going to ship?

Link: cnbc.com/2021/09/07/ford-hires-ex-tesla-apple-executive…

Breakthrough COVID Cases for the Vaccinated Remain Very Rare

Permalink - Posted on 2021-09-07 22:19, modified at 22:20

David Leonhardt, writing for The New York Times:

The estimates here are based on statistics from three places that have reported detailed data on Covid infections by vaccination status: Utah; Virginia; and King County, which includes Seattle, in Washington state. All three are consistent with the idea that about one in 5,000 vaccinated Americans have tested positive for Covid each day in recent weeks.

The chances are surely higher in the places with the worst Covid outbreaks, like the Southeast. And in places with many fewer cases — like the Northeast, as well as the Chicago, Los Angeles and San Francisco areas — the chances are lower, probably less than 1 in 10,000. That’s what the Seattle data shows, for example. (These numbers don’t include undiagnosed cases, which are often so mild that people do not notice them and do not pass the virus to anyone else.)

Here’s one way to think about a one-in-10,000 daily chance: It would take more than three months for the combined risk to reach just 1 percent.

Breakthrough cases for the vaccinated are far more rare than many people have been led to believe through clickbait headlines.

Link: nytimes.com/2021/09/07/briefing/risk-breakthrough…

Pymnts Survey: Only 6 Percent of People With iPhones Use Apple Pay In-Store

Permalink - Posted on 2021-09-07 22:16, modified at 22:28

Karen Webster, writing for the oddly-named Pymnts:

Seven years post-launch, new PYMNTS data shows that 93.9% of consumers with Apple Pay activated on their iPhones do not use it in-store to pay for purchases.

That means only 6.1% do.

That finding is based on PYMNTS’ national study of 3,671 U.S. consumers conducted between Aug. 3-10, 2021. After seven years, Apple Pay’s adoption and usage isn’t much larger than it was 2015 (5.1%), a year after its launch, and is the same as it was in 2019, the last full year before the pandemic.

It doesn’t really make sense to me that adoption isn’t much higher than it was in 2015, and if these survey results are accurate, I find them surprisingly low. I’d have guessed somewhere in the 15–20 percent range. If it’s true adoption is this low, I think one factor could be first impressions — my wife got turned off by Apple Pay in the earlier years because so many retail terminals that supposedly accepted it were so finicky. Using an old-fashioned credit card was more reliable. Also, habits. But I use Apple Pay today whenever I can, and I find it more reliable than tap-and-pay with a physical card.

Nick Heer, writing at Pixel Envy:

This survey shows an approximately flat use rate from 2019 through 2021, down slightly from 2018. Webster writes that the pandemic ought to have “changed the trajectory of Apple Pay” as “contactless and touchless have become the consumer’s checkout mantra”. But anyone with a Face ID-equipped iPhone can tell you that wearing a mask requires you to authenticate by using your passcode, so it has been far easier for the past eighteen months to simply tap a card. That is probably true generally, as well; Apple Pay may have better privacy and security, but it is no easier to use than a card that supports tap to pay, even without the added complication of pandemic precautions.

Apple Pay with Apple Watch works well while wearing a face mask, but using your iPhone sucks.

Link: pymnts.com/apple-pay-tracker/2021/7-years-later-6pct-people…

‘California Streaming’ — Apple Event Next Tuesday

Permalink - Posted on 2021-09-07 17:00, modified at 21:37

A virtual event — which is not the least bit surprising but still a bit of a bummer. No guess from me as to what, if anything, the invitation means. Here’s Greg Joswiak’s tweet, which has a brief video teaser.

Update: And there’s another nifty AR Easter egg on Apple’s main events page, viewable from an iPhone.

Link: sixcolors.com/post/2021/09/apple-will-be-california…

Hurricane Ida Flooding in Philly

Permalink - Posted on 2021-09-06 21:55

A bunch of readers have reached out to ask if we made it through Ida OK, with all the flooding in Philly. We were very lucky. Some neighborhoods very close to us, not so much. I was out all afternoon Thursday, snapping pictures, and here are some showing the damage.

Link: flickr.com/photos/gruber/albums/72157719837668640/with…

Morning Brew

Permalink - Posted on 2021-09-05 23:31

My thanks to Morning Brew for sponsoring last week at DF. There’s a reason over 3 million people start their day with Morning Brew — it’s the daily email that delivers the latest news from Wall Street to Silicon Valley. Unlike traditional news, Morning Brew knows how to keep you informed and entertained. Check it out — I’ve been subscribed for two years and enjoy it every day.

Link: morningbrew.com/daily/subscribe?utm_campaign=daringfireball…

‘There Goes a Truly Great Drummer’

Permalink - Posted on 2021-09-05 16:10, modified at 16:12

Nick Cave on Charlie Watts. Love this story.

Link: theredhandfiles.com/do-you-work-out-before-you-go-on-tour/

Wirecutter’s ‘Best’ Drip Coffee Makers Pooh-Poohs the Two Best Drip Coffee Makers

Permalink - Posted on 2021-09-03 22:32, modified on 2021-09-04 21:42

Here’s a perfect example of what I was talking about in the previous item, about The Wirecutter institutionally fetishizing price over quality. And within “quality” I include design aesthetics, which, let’s face it, almost always goes hand-in-hand with price.

From their current list of “best” drip coffee makers, which is topped by OXO’s $200 Brew 9-Cup:

You can find a number of expensive, stylish coffee makers made in small quantities for enthusiast audiences. Clive Coffee’s Ratio Eight and the Chemex Ottomatic are two prominent examples. They’re all made for connoisseurs who are willing to spend a lot on a high-end machine. The main draw of these coffee makers is that they brew similarly to manually making a batch of pour-over — pre-infusing the grounds and evenly pouring the hot water. For the price, however, it’s hard to see any concrete benefits to these machines, and they’re also less widely available than our top picks.

The Ratio Eight costs $495, and the Chemex Ottomatic $350. They don’t just brew coffee similarly to pour-over, they brew pour-over. The difference is only that they’re automatic. And pour-over coffee tastes better than the stuff regular drip coffee makers brew.

The “concrete benefits” to these machines is that they make better-tasting coffee and they look better on your kitchen counter. Yes, $350/495 is significantly more than $200, but many coffee lovers gladly spend $5 a cup every day for pour-over coffee from a good coffee shop. Many people pay close to that for drip coffee from not-so-good coffee shops.

I was recently at a friend’s house who owns the Ratio Eight and it’s a splendid device. Me, I’ll stick with my manual pour-over method, if only for the ritual, but if I were going to buy a machine to automate it, I don’t think I’d consider anything other than a Ratio. Also, Ratio makes the best thermal carafe I’ve ever seen — I ordered one of those. I expect to use it for a decade, if not longer.

And what’s the deal with using “less widely available” as an excuse not to recommend them? A list of “The Best Coffee Makers You Can Definitely Get Delivered This Week” or “The Best Coffee Makers You Can Find on the Shelf If You’re Reading This Review While Standing in the Coffee Maker Aisle at Target” is very different from a list of “The Best Coffee Makers”. A coffee maker is the sort of item I’d research the heck out of, and get on a waitlist to buy, so that I could get one that would most delight me every morning for years to come.

Wirecutter’s description of these two coffee makers is criminal. But at least they did mention them. In many other categories, superior but more-expensive products don’t even get a mention from Wirecutter. I think there’s a huge market opportunity here for a quality-and-design-first rival.

Link: nytimes.com/wirecutter/reviews/best-drip-coffee-maker/

Wirecutter Goes Behind The New York Times’s Paywall

Permalink - Posted on 2021-09-03 21:17

The New York Times:

The New York Times Company announced today that Wirecutter, its product recommendation service, will institute a metered paywall, asking its frequent users to subscribe for unlimited access to its research and recommendations. New York Times All Access digital and home delivery subscribers will continue to receive unlimited access to Wirecutter’s 1,200+ product reviews, deals coverage and other guides to help them shop confidently online with their existing subscription. A standalone subscription to Wirecutter is available for $5 every four weeks or $40 annually.

This makes sense, and in my opinion, the Times’s paywall rules are among the best in the industry, in terms of offering a generous number of free reads to non-subscribers. But it’s one less “free for everyone to read” high-quality site.

(I have always enjoyed Wirecutter, going back to when they debuted (and had a leading The), but I wish they had a rival that focused less on price. Wirecutter recommendations are very often skewed to the best low-priced product, not the best product in a category, period. I want domain experts to tell me the best products — I can make up my own mind on how much I want to spend.)

Link: nytco.com/press/the-new-york-times-company-launches-digital…

Twitter Super Follows Are Implemented as Discrete SKU’s to Work With Apple’s IAP System

Permalink - Posted on 2021-09-03 20:34, modified at 21:01

Jane Manchun Wong:

Each Super Follow is an In-App Purchase on the App Store, but because there are too many IAPs for the Twitter app, the App Store only shows 10 instead of the full list.

Her tweet includes this screenshot. The gist is, each Twitter user offering Super Follows gets its own distinct IAP. If there are 1,000 users offering Super Follows, there are 1,000 discrete IAPs in the App Store. If there are 10,000 users offering them, 10,000 IAPs. If there are 100,000, our heads explode.

This is incredible. Ostensibly, Twitter is doing what Apple wants them to do. Right now Super Follows payments are even exclusive to iOS. (Once you pay on iOS, you can see Super Follow content on Twitter’s Android and web clients, too, but the only way to pay is on iOS through IAP.) But Apple’s IAP system is so brittle that Twitter has to make a discrete SKU for each and every Super Follow user, and pay Apple 30 percent of the price for the privilege. (Twitter, per its published terms, takes just 3 percent of the first $50,000 in lifetime earnings, then 20 percent after that.) Also, because Apple’s IAP listings in the App Store rank IAP offerings by popularity, Twitter is being forced to reveal data that they quite likely would prefer to keep to themselves.

Link: twitter.com/wongmjane/status/1433372120080261120

No-Quote Attribution of the Day

Permalink - Posted on 2021-09-03 19:46

Reed Albergotti, reporting for The Washington Post on Apple’s postponement of the new child safety features for iMessage and iCloud Photos:

Apple spokesman Fred Sainz said he would not provide a statement on Friday’s announcement because The Washington Post would not agree to use it without naming the spokesperson.

Fair enough, I suppose, but Albergotti’s blinders have become rather obvious.

Link: washingtonpost.com/technology/2021/09/03/apple-delay-csam…

Apple Delays Rollout of Controversial Child Safety Features

Permalink - Posted on 2021-09-03 19:44, modified at 19:46

Apple, in a statement to the media this morning:

Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.

Accepting feedback and considering that feedback is exactly why they announced these two initiatives in advance, with details, rather than just launching them. Neither of these initiatives should be rushed.

Link: macrumors.com/2021/09/03/apple-delaying-rollout-of-child…

Vintage 2016 Claim Chowder: ‘It’s Official: Google Is the New Apple’

Permalink - Posted on 2021-09-03 18:58

Funny how this didn’t work out, at all, because I thought that when Inc. declared something “official” it was official.

Link: inc.com/justin-bariso/its-official-google-is-the-new-apple…

Three New Jersey Cops Swept Away in Flooding, Clung to Trees for Hours, Fired Guns to Signal for Help

Permalink - Posted on 2021-09-03 17:54

Kevin Shea, reporting for NJ.com:

The call was for a vehicle in floodwaters on Route 518 in Hopewell Township — one of many rescue calls in New Jersey Wednesday evening as storms from Hurricane Ida flooded the state. Police Officer James Hoffman went to check it out.

Moments after arriving in the area, east of Route 31 at about 8:30 p.m., Hoffman turned into a victim.

His patrol car started taking on water, then started floating away — sliding sideways about 100 yards into deeper water. Hoffman ditched his bulky duty vest, climbed through a window and started swimming. He found a tree and held on.

Amazing story.

Link: nj.com/weather/2021/09/nj-weather-miraculous-rescue-after-3…

Surgical Masks Reduce COVID-19 Spread, Large-Scale Study Shows

Permalink - Posted on 2021-09-03 17:10, modified at 19:32

Stanford Medicine:

A large, randomized trial led by researchers at Stanford Medicine and Yale University has found that wearing a surgical face mask over the mouth and nose is an effective way to reduce the occurrence of COVID-19 in community settings.

It also showed that relatively low-cost, targeted interventions to promote mask-wearing can significantly increase the use of face coverings in rural, low-income countries. Based on the results, the interventional model is being scaled up to reach tens of millions of people in Southeast Asia and Latin America over the next few months.

You might be tempted to file this under “Duh”, but it’s essential to actually study things like this rigorously. It was just 18 months ago, at the outset of the pandemic, when the CDC and other health organizations were saying people shouldn’t bother with face masks.

(Via Taegan Goddard at Political Wire.)

Link: med.stanford.edu/news/all-news/2021/09/surgical-masks-covid…

‘Oh My Fucking God, Get the Fucking Vaccine Already, You Fucking Fucks’

Permalink - Posted on 2021-09-03 15:14, modified at 15:16

Wendy Molyneux, writing eloquently for McSweeney’s:

You think vaccines don’t fucking work? Oh, fuck off into the trash, you attention-seeking fuckworm-faced shitbutt. This isn’t even a point worth discussing, you fuck-o-rama fuck-stival of ignorance. Vaccines got rid of smallpox and polio and all the other disgusting diseases that used to kill off little fucks like you en masse. Your relatives got fucking vaccinated and let you live, and now here you are signing up to be killed by a fucking disease against which there is a ninety-nine-percent effective vaccine. You fucking moron. Go in the fucking ocean and fuck a piranha. Fuck. Fuck that. Fuck you. Get vaccinated.

Link: mcsweeneys.net/articles/oh-my-fucking-god-get-the-fucking…

★ Initial Details on Using Driver’s Licenses and State ID’s in Apple Wallet

Permalink - Posted on 2021-09-01 23:50, modified on 2021-09-04 00:44

Apple Newsroom:

Apple today announced that it is working with several states across the country, which will roll out the ability for their residents to seamlessly and securely add their driver’s license or state ID to Wallet on their iPhone and Apple Watch. Arizona and Georgia will be the first states to introduce this new innovation to their residents, with Connecticut, Iowa, Kentucky, Maryland, Oklahoma, and Utah to follow. The Transportation Security Administration (TSA) will enable select airport security checkpoints and lanes in participating airports as the first locations customers can use their driver’s license or state ID in Wallet. Built with privacy at the forefront, Wallet provides a more secure and convenient way for customers to present their driver’s licenses and state IDs on iPhone or Apple Watch.

There’s a lot of information about exactly how this will work in the Newsroom post, including screenshots. I got to talk with Apple about this today, and I’m impressed. A few important details:

Driver’s licenses and state IDs in Wallet are only presented digitally through encrypted communication directly between the device and the identity reader, so users do not need to unlock, show, or hand over their device.

This is a super key point. Of course no one wants to hand over their phone to anyone. More importantly, no one should ever hand their phone to a police officer, and that goes a hundredfold if it’s unlocked.1 The Wallet system Apple has designed for ID is very much like Apple Pay. When you pay with a physical credit card, you often hand your card to an employee. When you pay with Apple Pay, you never hand your phone to an employee. It wouldn’t even work, because no one else can authorize an Apple Pay transaction without your biometric authentication. This ID feature for Wallet is exactly like that: it doesn’t work without your biometric authentication, and your phone does not unlock when you use it.

An interesting sidenote: when using a Touch ID iPhone with Apple Wallet’s ID feature, you must register one and only one finger when you add your ID to your Wallet, and whenever you verify your ID in Wallet, you’ll need to use that same finger. Apple has never recommended allowing your spouse or partner to register one of their fingers on your iPhone, but many people do that. This feature is designed to ensure that the same person who enrolled their state ID in Wallet is the same person verifying it biometrically. (This is not an issue with Face ID, obviously.)

To use your ID in Wallet, you tap your phone (or watch) against an NFC terminal, and you get an Apple Pay-like sheet showing you who is asking for your ID (e.g., TSA), and exactly which details from your ID they’re asking for (e.g., name, photo, date of birth — but perhaps not other embedded details like your blood type or your home address). So if you’re just buying booze, say, and the clerk or server needs to check your age, they could prompt only to verify that you’re 21 or older, without even seeing your exact birthdate, let alone any other details from your ID. It is exceedingly more private than handing over a physical ID card, perhaps even more so than using Apple Pay compared to handing over a physical credit card.

Also, it’s an open standard:

Apple’s mobile ID implementation supports the ISO 18013-5 mDL (mobile driver’s license) standard which Apple has played an active role in the development of, and which sets clear guidelines for the industry around protecting consumers’ privacy when presenting an ID or driver’s license through a mobile device.

Apple announced Apple Pay 7 years ago. It worked at few places at first. Soon, though, it started being accepted at more establishments, as businesses upgraded older terminals with new card readers for modern chip-enabled cards. But two years in, the impatient gimme-that-one-cookie-now-I-don’t-care-if-I-can-just-wait-a-few-minutes-and-get-a-whole-bunch-of-cookies-later geniuses at Business Insider were running headlines like “Apple Pay Is Struggling to Catch On”.

You don’t see headlines like that any more. Nor do you see many headlines about Google Pay “catching up” — it’s not and maybe never will.

These things take time, partnerships, evangelism, planning, and diligent hard work. There were a lot more complaints asking why Apple Pay didn’t work almost everywhere circa 2016 than there are kudos now that it does work almost everywhere. Patience and focus are essential to winning a long game, but success can be rather thankless. Apple excels at thankless long games. Other companies, not so much.

I expect a similar timeline for using ID through Apple Wallet: a year or two where it seems like we can’t really use it anywhere, another few years where we start using it more and more, and then, when we start getting close to a decade down the road, without much fanfare, it’ll be our default method of presenting ID.2

  1. Seriously, never ever hand your phone to a cop or anyone vaguely cop-like, like the rent-a-cops working for TSA. If they tell you that you must, refuse. If you really need to hand it over, they’ll take it from you. Also, and this is really important, something you should internalize now, so you don’t have to try to remember it in a moment of stress or panic: how to hard-lock your iPhone.

    With a Face ID iPhone, you hard-lock your iPhone by pressing and holding the side button and either volume button. Two seconds or so — just long enough to make the “Slide to power off” screen appear. (That screen also has sliders for Medical ID and Emergency SOS.) With a Touch ID iPhone, you just press and hold the power button.

    Once you do this, your iPhone will require your passcode to unlock. You can’t use Face ID or Touch ID to unlock until after you’ve unlocked with your passcode. That means even if someone confiscates your phone by force, they cannot unlock it by pointing it at your face or by forcing your finger onto the Touch ID sensor. Remember to put your iPhone into this mode every time you’re separated from it as you go through the magnetometer at any security checkpoint, especially in the airport.

    Don’t just memorize this, internalize it, so you can do it without even thinking. Make it something you know the way you know your own middle name. By design, it’s an action you can perform surreptitiously while your iPhone remains in your pocket or purse.

    Another action to remember: If you click the power button five times in a row, your iPhone will immediately sound a klaxon and will initiate an Emergency SOS call in three seconds. This will also hard-lock your phone, but, by design, it is the opposite of surreptitious. ↩︎

  2. I’ll tell you what would be some nice icing on the cake: if Apple can convince state DMVs to let Apple design the digital cards in Wallet. My driver’s license is so goddamned ugly — mostly typeset in Arial (of-fucking-course), with a script font for “Pennsylvania” that looks like it came on a clip art CD included free with every Compaq PC in 1994 — that if it were a design project for a class I was teaching, I’d pull the student aside and make them this offer: take an F for the project, or, promise to change majors and I’ll give them a gentleperson’s C on their way out the door of design school. Most other states don’t do much better. ID cards should be beautiful and inspiring objects, a source of pride. Help us Apple-Wan Kenobi, you’re our only hope. ↩︎︎

★ Let’s Consider Some of the Implications of Third-Party Payment Processing for In-App Purchasing on iOS and Android

Permalink - Posted on 2021-09-01 01:24, modified on 2021-09-02 00:27

Apple, in a statement to MacRumors (and other media outlets), regarding South Korea’s just-passed “Google power-abuse-prevention law” which will forbid Apple and Google from requiring the use of their respective in-app purchasing systems:

The Telecommunications Business Act will put users who purchase digital goods from other sources at risk of fraud, undermine their privacy protections, make it difficult to manage their purchases, and features like “Ask to Buy” and Parental Controls will become less effective. We believe user trust in App Store purchases will decrease as a result of this legislation — leading to fewer opportunities for the over 482,000 registered developers in Korea who have earned more than KRW8.55 trillion to date with Apple.

Apple defines in-app purchases as “App Store purchases”, which I disagree with. I see a clear difference between purchasing an app or game from the App Store and making an in-app purchase within an app or game after having installed it. My understanding of the new South Korean law is that it only pertains to in-app purchases, so the distinction, I believe, is more than just semantics.

I think the latter half of Apple’s statement is true — user trust in in-app purchases will decline. The gist of these legislative proposals — like this month’s “Open App Markets Act” from U.S. Senators Richard Blumenthal (D-CT), Marsha Blackburn (R-TN), and Amy Klobuchar (D-MN) — is, effectively, to require iOS and Android to be, to some degree, more like Mac and Windows. Setting aside the specific details, that’s what these laws are saying: phones should work like PCs in terms of loosening the control of the platform owners (Apple and Google) over what software can be installed, and what that software can do.

You may like the sound of that, or you may not. But there’s no denying that the result of any of these laws would be to make iOS and Google’s Android more like Macs and PCs. There’s also no denying that people make far more digital purchases and install far more apps on their mobile devices (iOS or Android) than their PCs (Mac or Windows).

In my experience, only two specific types of people want their phones to work significantly more like PCs, permission-wise. The first group is comprised of the technically-savvy — like many of you reading this — who feel confident in their own ability to gauge the trustworthiness of third-party software. The second group is business-minded people, who are thinking only about what percentage of purchases goes to whom, and are only thinking about the money. (I believe the legislators behind these proposals are swayed entirely by the business arguments, and do not understand the technical implications at all.)

But I am confident that the overwhelming majority of typical users are more comfortable installing apps and making in-app purchases on their iOS and Android devices than on their Mac and Windows PCs not despite Apple and Google’s console-like control over iOS and Android, but because of it. And if these measures come to pass and iOS and Android devices are forced by law to become pocket PCs, I think there’s a high chance it’ll prove unpopular with the mass market. The masses are not clamoring for the app stores to be opened up. These arguments over app stores are entirely inside baseball for the technical and business classes. I’ve had non-technical friends and relatives complain to me about all sorts of things related to their iPhones over the last 10 years, but never once have any of them said to me, “Boy, I sure wish iPhone apps and games could ask me for my credit card number to make purchases, and that the overall experience of using apps was more like the anything-goes nature of using the web or my desktop computer.” Never. It doesn’t just seem that the unintended consequences of such legislation is being under-considered; it seems as though it’s not being considered or acknowledged at all.

Perhaps I’m wrong, and it’ll all work out just fine. Anyone who claims to know how such a scenario will turn out is full of shit.

But from what I’ve seen over the last few decades, the quality of the user experience of every computing platform is directly correlated to the amount of control exerted by its platform owner. The current state of the ownerless world wide web speaks for itself.

The part of Apple’s statement about “Ask to Buy” and parental controls, though, I think is sophistry. It’s certainly true that the “Ask to Buy” feature currently wouldn’t work with third-party in-app payment processing, but that’s because nothing in iOS is built to support outside payment processing for in-app purchases. If required to support third-party payment processing, Apple could and should create APIs to support them through the existing “Ask to Buy” process, and the App Store guidelines could and should be expanded to require supporting all parental control APIs regardless of how payments are processed.

Most kids don’t have credit cards, either, when you think about it. I suppose a workaround for a wily kid could be to use cash to purchase a prepaid debit card, then use that debit card to make in-app purchases. Keep in mind too that apps which act as stores for physical goods only use third-party payment processing. When you sell physical goods through an app, not only can you process credit cards without going through Apple and Google’s in-app processing, you have to. Neither Apple nor Google allow in-app purchasing to be used for physical goods, because it wouldn’t even make sense for any retailer to pay a 30 percent processing fee for physical goods. This state of affairs for purchasing physical goods through apps doesn’t seem to have caused any problems for parents different from what kids can do purchasing physical goods on the web.

But the main thing to keep in mind about the South Korean legislation is that it has nothing to do with sideloading or third-party app stores, which would enable the sidestepping not just of all parental controls, but of all privacy controls — for children and adults alike — system-wide.

Adding support for third-party payment processing for in-app purchases in no way prevents Apple and Google from providing robust parental controls to approve kids’ in-app purchases. The rules that are enforced by policy matter, and in large part have worked.

My biggest concern regarding third-party payment processing for IAP is subscriptions, which I think Apple’s statement hints at only obliquely, with the phrase “[will] make it difficult to manage their purchases”.

The best feature of Apple’s in-app subscription system is that subscriptions are easy for users to manage, and impossible for developers to hide. In iOS, go to Settings → Your iCloud Account → Subscriptions. On the Mac, it’s somewhat less obvious. From the Music (née iTunes) app, go to Account → View My Account, and scroll down. Subscriptions is listed under Settings on the Account Information page. Or, in the App Store app, go to Store → View My Account, then click “View Information” in the window header. That gets you to the same Account Information page as in Music.

On either iOS or Mac, you can also get to the subscription management page by going to this Apple support document and tapping/clicking the prominent “See or cancel subscriptions” button at the top, which is currently just a link to https://apple.co/2Th4vqI — but I’m not sure how permanent that URL is. Apple has had several such URLs to bounce you to the subscription management page on your current device over the years.

Once on this page, you get a comprehensive list of every active subscription you’ve made through Apple. You can manage each subscription (switching, say, from monthly to yearly), or, most essentially, easily cancel any of them without one iota of undue hassle.

My go-to counterexample is The New York Times. To cancel a subscription to The New York Times, you need to call them on the phone or engage in an online chat with a “customer service representative” whose full-time job is convincing people not to cancel their subscription. And the Times makes it easier to cancel a subscription than many other publications and services do.

Apple’s subscription system makes it easy to track all of your subscriptions in a single list that isn’t hard to find, and makes it easy to cancel any of them. (Google Play offers something similar: in the Play Store app, tap your account avatar → Payments & Subscriptions → Subscriptions.) I can think of ways to improve this list for the benefit of users,1 but even as it stands it is exemplary compared to the alternative of managing each and every subscription — each publication, each streaming service, each subscription-based app — on a provider-by-provider basis, wherein each subscription provider can make cancellation or downgrading as hidden, obfuscated, and dark-patterned as they choose.

Apple’s subscription system is so useful, so trustworthy, and so beneficial to my peace of mind that as a general rule I only subscribe to anything through it. Of course I make exceptions, but only for subscription providers whom I inherently trust.2 I just pored through my list, and of 27 active subscriptions from third-party services (i.e. not counting Apple’s own service like Apple One), I would at most have subscribed to only 9 of them. And I’m being generous; there are a few of those 9 that I’d have thought long and hard about subscribing to outside the App Store. In many cases it’s not about trusting the app developer, per se, but simply my reluctance to subscribe to something I’m likely to lose track of and forget about.

If3 Apple winds up acceding to these demands for third-party in-app payment providers — whether nation-by-nation as legislation passes, or by washing their hands of the entire controversy and making a worldwide policy change — I really hope they add APIs and mandate the use of them such that however you pay in-app, any subscription made in-app must show up in this list, and the provider must support no-hassle cancellation from within the system interface. Renewal receipts and upcoming renewal reminders should be mandatory, too.

Otherwise, this would be a huge loss for users — and one that never seems to be considered in debates over legislation such as South Korea’s.

  1. To name a few: (1) the list of subscriptions should display how much you’re paying — as it stands you have to tap into each subscription to see the amount; (2) the sort order varies by device — on some of my devices the list is sorted by renewal/expiration date, but on others, the order is seemingly random; (3) there are some really weird bugs in how the list is displayed; (4) the list is really slow to load. ↩︎

  2. I can’t not mention my own Dithering podcast, cohosted with Ben Thompson, and Thompson’s own Stratechery newsletter. We only sell subscriptions directly. To name one reason: because we don’t have (or want to have) apps through which to sell in-app subscriptions. Unsubscribing from Dithering (and/or Stratechery) is very easy (but, admittedly, I don’t recommend it). Substack, too, makes managing subscriptions easy and obvious. In general, the larger and more corporate a publication, the harder they tend to make it to unsubscribe. ↩︎︎

  3. I still say it’s a big if as to whether Apple and Google wind up acceding to this law in South Korea, at least as it seems to be intended. Just spitballing ideas, I think they’d be compliant if they made “Allow third-party payment processing for in-app purchases” an off-by-default preference in the system-wide security settings, with warnings that must be OK’d when enabled, a la the options on MacOS and Android to allow installing apps from outside the platforms’ respective app stores. That’s actually not a bad middle ground, in my opinion, but it sure as shit is not what, say, Epic is looking for. ↩︎︎

★ Charlie Watts

Permalink - Posted on 2021-08-28 20:49, modified on 2021-08-30 04:01

Some sad news this week: Rolling Stones drummer Charlie Watts died at age 80. I don’t know much about how music is made but I know what I like, and I’ve loved the Stones ever since I can remember. The first time I can remember being asked my favorite band, my answer was The Stones. 40-some years later, my answer is unchanged. In all those years, I’ve never heard a musician who does understand the mechanics of playing rock-and-roll do anything but positively rave about Charlie Watts’s talent, and his central role in the Stones’ sound and success. And by all accounts, he was a good person and a dear and loyal friend. He was also the best-dressed man in all of rock and roll.

Mick Jagger — one of the most poetic, eloquent writers the world has known — had no words. Nor did Keith Richards (whose photo I cribbed, below). Ronnie Wood had but a few. The band’s homepage is just a lovely portrait — reminiscent of what Apple did a decade ago when Steve Jobs died. I slag on social media frequently, and though Instagram has its problems, when it works, it works, and of all the major social platforms, it remains the one that’s primarily about sharing good thoughts and good feelings. It’s a mere token, but it feels good to press Like on posts like these, just to express, in some small way, that we miss Charlie too.

Yesterday the band posted this lovely short video tribute — set to, of course, the perfect song.

Charlie Watts’s drum kit, on stage, with a “closed” sign hanging from it.

★ Apple’s New ‘Child Safety’ Initiatives, and the Slippery Slope

Permalink - Posted on 2021-08-07 02:12, modified on 2021-08-13 16:15

Apple yesterday announced three new “Child Safety” initiatives:

First, new communication tools will enable parents to play a more informed role in helping their children navigate communication online. The Messages app will use on-device machine learning to warn about sensitive content, while keeping private communications unreadable by Apple.

Next, iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy. CSAM detection will help Apple provide valuable information to law enforcement on collections of CSAM in iCloud Photos.

Finally, updates to Siri and Search provide parents and children expanded information and help if they encounter unsafe situations. Siri and Search will also intervene when users try to search for CSAM-related topics.

(CSAM stands for Child Sexual Abuse Material — a.k.a. child pornography. People familiar with the lingo seem to pronounce it see-sam. Another acronym to know: NCMEC — nick-meck — the National Center for Missing and Exploited Children. That’s the nonprofit organization, founded and funded by the U.S. government, that maintains the database of known CSAM.)

The third initiative — updates to Siri and Search — is the easiest to understand and, I think, uncontroversial. The first two, however, seem not well-understood, and are, justifiably, receiving intense scrutiny from privacy advocates.

My first advice is to read Apple’s own high-level description of the features, which ends with links to detailed technical documentation regarding the encryption and techniques Apple is employing in the implementations, and “technical assessments” from three leading researchers in cryptography and computer vision.

The Messages feature is specifically only for children in a shared iCloud family account. If you’re an adult, nothing is changing with regard to any photos you send or receive through Messages. And if you’re a parent with children whom the feature could apply to, you’ll need to explicitly opt in to enable the feature. It will not turn on automatically when your devices are updated to iOS 15. If a child sends or receives (and chooses to view) an image that triggers a warning, the notification is sent from the child’s device to the parents’ devices — Apple itself is not notified, nor is law enforcement. These parental notifications are only for children 12 or younger in a family iCloud account; parents do not have the option of receiving notifications for teenagers, although teenagers can receive the content warnings on their devices.

It’s also worth pointing out that it’s a feature of the Messages app, not the iMessage service. For one thing, this means it applies to images sent or received via SMS, not just iMessage. But more importantly, it changes nothing about the end-to-end encryption inherent to the iMessage protocol. The image processing to detect sexually explicit images happens before (for sending) or after (for receiving) the endpoints. It seems like a good feature with few downsides. (The EFF disagrees.)

The CSAM detection for iCloud Photo Library is more complicated, delicate, and controversial. But it only applies to images being sent to iCloud Photo Library. If you don’t use iCloud Photo Library, no images on your devices are fingerprinted. But, of course, most of us do use iCloud Photo Library.

I mentioned above that Apple’s “Child Safety” page for these new features has links to technical assessments from outside experts. In particular, I thought the description of Apple’s CSAM detection from Benny Pinkas — a cryptography researcher at Bar-Ilan University in Israel — was instructive:

My research in cryptography has spanned more than 25 years. I initiated the applied research on privacy preserving computation, an area of cryptography that makes it possible for multiple participants to run computations while concealing their private inputs. In particular, I pioneered research on private set intersection (PSI).

The Apple PSI system solves a very challenging problem of detecting photos with CSAM content while keeping the contents of all non-CSAM photos encrypted and private. Photos are only analyzed on users’ devices. Each photo is accompanied by a safety voucher that includes information about the photo, protected by two layers of encryption. This information includes a NeuralHash and a visual derivative of the photo. Only if the Apple cloud identifies that a user is trying to upload a significant number of photos with CSAM content, the information associated with these specific photos can be opened by the cloud. If a user uploads less than a predefined threshold number of photos containing CSAM content then the information associated with all of photos of this user is kept encrypted, even if some of these photos contain CSAM content. It is important to note that no information about non-CSAM content can be revealed by the Apple PSI system. […]

The design is accompanied by security proofs that I have evaluated and confirmed.

For obvious reasons, this feature is not optional. If you use iCloud Photo Library, the images in your library will go through this fingerprinting. (This includes the images already in your iCloud Photo Library, not just newly-uploaded images after the feature ships later this year.) To opt out of this fingerprint matching, you’ll need to disable iCloud Photo Library.

A big source of confusion seems to be what fingerprinting entails. Fingerprinting is not content analysis. It’s not determining what is in a photo. It’s just a way of assigning unique identifiers — essentially long numbers — to photos, in a way that will generate the same fingerprint identifier if the same image is cropped, resized, or even changed from color to grayscale. It’s not a way of determining whether two photos (the user’s local photo, and an image in the CSAM database from NCMEC) are of the same subject — it’s a way of determining whether they are two versions of the same image. If I take a photo of, say, my car, and you take a photo of my car, the images should not produce the same fingerprint even though they’re photos of the same car in the same location. And, in the same way that real-world fingerprints can’t be backwards engineered to determine what the person they belong to looks like, these fingerprints cannot be backwards engineered to determine anything at all about the subject matter of the photographs.

The Messages features for children in iCloud family accounts is doing content analysis to try to identify sexually explicit photos, but is not checking image fingerprint hashes against the database of CSAM fingerprints.

The CSAM detection for images uploaded to iCloud Photo Library is not doing content analysis, and is only checking fingerprint hashes against the database of known CSAM fingerprints. So, to name one common innocent example, if you have photos of your kids in the bathtub, or otherwise frolicking in a state of undress, no content analysis is performed that tries to detect that, hey, this is a picture of an undressed child. Fingerprints from images of similar content are not themselves similar. Two photographs of the same subject should produce entirely dissimilar fingerprints. The fingerprints of your own photos of your kids are no more likely to match the fingerprint of an image in NCMEC’s CSAM database than is a photo of a sunset or a fish.

The database will be part of iOS 15, and is a database of fingerprints, not images. Apple does not have the images in NCMEC’s library of known CSAM, and in fact cannot — NCMEC is the only organization in the U.S. that is legally permitted to possess these photos.

If you don’t use iCloud Photo Library, none of this applies to you. If you do use iCloud Photo Library, this detection is only applied to the images in your photo library that are synced to iCloud.

Furthermore, one match isn’t enough to trigger any action. There’s a “threshold” — some number of matches against the CSAM database — that must be met. Apple isn’t saying what this threshold number is, but, for the sake of argument, let’s say that threshold is 10. With 10 or fewer matches, nothing happens, and nothing can happen on Apple’s end. Only after 11 matches (threshold + 1) will Apple be alerted. Even then, someone at Apple will investigate, by examining the contents of the safety vouchers that will accompany each photo in iCloud Photo Library. These vouchers are encrypted such that they can only be decrypted on the server side if threshold + 1 matches have been identified. From Apple’s own description:

Using another technology called threshold secret sharing, the system ensures the contents of the safety vouchers cannot be interpreted by Apple unless the iCloud Photos account crosses a threshold of known CSAM content. The threshold is set to provide an extremely high level of accuracy and ensures less than a one in one trillion chance per year of incorrectly flagging a given account.

Even if your account is — against those one in a trillion odds, if Apple’s math is correct — incorrectly flagged for exceeding the threshold, someone at Apple will examine the contents of the safety vouchers for those flagged images before reporting the incident to law enforcement. Apple is cryptographically only able to examine the safety vouchers for those images whose fingerprints matched items in the CSAM database. The vouchers include a “visual derivative” of the image — basically a low-res version of the image. If innocent photos are somehow wrongly flagged, Apple’s reviewers should notice.

All of these features are fairly grouped together under a “child safety” umbrella, but I can’t help but wonder if it was a mistake to announce them together. Many people are clearly conflating them, including those reporting on the initiative for the news media. E.g. The Washington Post’s “never met an Apple story that couldn’t be painted in the worst possible lightReed Albergotti’s report, the first three paragraphs of which are simply wrong1 and the headline for which is grossly misleading (“Apple Is Prying Into iPhones to Find Sexual Predators, but Privacy Activists Worry Governments Could Weaponize the Feature”).

It’s also worth noting that fingerprint hash matching against NCMEC’s database is already happening on other major cloud hosting services and social networks. From The New York Times’s report on Apple’s initiative:

U.S. law requires tech companies to flag cases of child sexual abuse to the authorities. Apple has historically flagged fewer cases than other companies. Last year, for instance, Apple reported 265 cases to the National Center for Missing & Exploited Children, while Facebook reported 20.3 million, according to the center’s statistics. That enormous gap is due in part to Apple’s decision not to scan for such material, citing the privacy of its users.

The difference going forward is that Apple will be matching fingerprints against NCMEC’s database client-side, not server-side. But I suspect others will follow suit, including Facebook and Google, with client-side fingerprint matching for end-to-end encrypted services. There is no way to perform this matching server-side with any E2EE service — between the sender and receiver endpoints, the server has no way to decrypt the images with end-to-end encryption.

Which in turn makes me wonder if Apple sees this initiative as a necessary first step toward providing end-to-end encryption for iCloud Photo Library and iCloud device backups. Apple has long encrypted all iCloud data that can be encrypted,2 both in transit and on server, but device backups, photos, and iCloud Drive are among the things that are not end-to-end encrypted. Apple has the keys to decrypt them, and can be compelled to do so by law enforcement.

In January 2020, Reuters reported that Apple in 2018 dropped plans to use end-to-end encryption for iCloud backups at the behest of the FBI:

Apple Inc. dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.

Whether Reuters’s report that Apple caved to FBI pressure on E2EE iCloud backups is accurate or not, I don’t know, but I do know that privacy advocates (including myself) would love to see Apple enable E2EE for everything in iCloud, and that law enforcement agencies around the world would not. This fingerprint matching for CSAM could pave the way for a middle ground, if Apple unveils end-to-end encryption for iCloud photos and backups in the future. In such a scenario, Apple would have no cryptographic ability to turn your backups or entire photo library over to anyone, but they would be able to flag and report iCloud accounts whose photo libraries exceed the threshold for CSAM database fingerprint matches, including the “visual derivatives” of the matching photos — all without Apple ever seeing or being able to see your original photos on iCloud.

It’s also possible Apple has simply permanently shelved plans to use end-to-end encryption for all iCloud data. No surprise: they’re not saying. But it feels very plausible to me that Apple views this privacy-protecting CSAM detection as a necessary first step to broadening the use of end-to-end encryption.

In short, if these features work as described and only as described, there’s almost no cause for concern. In an interview with The New York Times for its aforelinked report on this initiative, Erik Neuenschwander, Apple’s chief privacy engineer, said, “If you’re storing a collection of CSAM material, yes, this is bad for you. But for the rest of you, this is no different.” By all accounts, that is fair and true.

But the “if” in “if these features work as described and only as described” is the rub. That “if” is the whole ballgame. If you discard alarmism from critics of this initiative who clearly do not understand how the features work, you’re still left with completely legitimate concerns from trustworthy experts about how the features could be abused or misused in the future.

What happens, for example, if China demands that it provide its own database of image fingerprints for use with this system — a database that would likely include images related to political dissent. Tank man, say, or any of the remarkable litany of comparisons showing the striking resemblance of Xi Jinping to Winnie the Pooh.

This slippery-slope argument is a legitimate concern. Apple’s response is simply that they’ll refuse. Again, from Jack Nicas’s report for The Times:

Mr. Green said he worried that such a system could be abused because it showed law enforcement and governments that Apple now had a way to flag certain content on a phone while maintaining its encryption. Apple has previously argued to the authorities that encryption prevents it from retrieving certain data.

“What happens when other governments ask Apple to use this for other purposes?” Mr. Green asked. “What’s Apple going to say?”

Mr. Neuenschwander dismissed those concerns, saying that safeguards are in place to prevent abuse of the system and that Apple would reject any such demands from a government.

“We will inform them that we did not build the thing they’re thinking of,” he said.

Will Apple actually flatly refuse any and all such demands? If they do, it’s all good. If they don’t, and these features creep into surveillance for things like political dissent, copyright infringement, LGBT imagery, or adult pornography — anything at all beyond irrefutable CSAM — it’ll prove disastrous to Apple’s reputation for privacy protection. The EFF seems to see such slipping down the slope as inevitable.

We shall see. The stakes are incredibly high, and Apple knows it. Whatever you think of Apple’s decision to implement these features, they’re not doing so lightly.

  1. Albergotti’s opening, verbatim:

    Apple unveiled a sweeping new set of software tools Thursday that will scan iPhones and other devices for child pornography and text messages with explicit content and report users suspected of storing illegal pictures on their phones to authorities.

    Wrong. The only photos that might be reported to authorities are those being sent to iCloud. “Scan” is a misleading verb. And the entire “text messages” feature is only for children in shared iCloud family accounts. Albergotti’s alarmist lede makes it sound like all content for all users in Messages will be “scanned”, whereas in fact nothing sent to or from an adult user in Messages will ever be “scanned” — unless an image is saved from Messages to Photos and iCloud Photo Library is enabled.

    The aggressive plan to thwart child predators and pedophiles and prohibit them from utilizing Apple’s services for illegal activity pitted the tech giant against civil liberties activists and appeared to contradict some of its own long-held assertions about privacy and the way the company interacts with law enforcement.

    As announced, none of these features contradict any of Apple’s “long-held assertions”.

    The move also raises new questions about the nature of smartphones and who really owns the computers in their pockets. The new software will perform scans on its users’ devices without their knowledge or explicit consent, and potentially put innocent users in legal jeopardy.

    None of this raises any questions about who owns your iPhone. It does assert that Apple owns iCloud’s servers, but no images on an iPhone that isn’t syncing to iCloud Photo Library will ever be fingerprinted. The Messages content warnings for children are explicitly opt in, as is syncing to iCloud Photo Library. Unless Apple’s cryptographic math is catastrophically wrong, it is exceedingly unlikely that innocent users’ photos will ever be flagged, and even if they are flagged for exceeding the threshold for CSAM fingerprint matches, there’s a manual review by Apple before anything is reported to law enforcement.

    It’s hard to imagine a three-paragraph lede that is more histrionically misleading than Albergotti’s in this report.


  2. The exception is IMAP email, which is encrypted in transit between client and server but is not stored encrypted on the server, because that’s how IMAP was designed. Long story short, email is probably the least secure messaging service you use. If you wouldn’t put it on paper and send via postal mail, don’t send it via email. ↩︎︎