Wednesday, 23 August 2017
AccuWeather issued a statement regarding the controversy over their app sending location-identifying information to a monetization firm. It’s a veritable mountain of horseshit:
Despite stories to the contrary from sources not connected to the
actual information, if a user opts out of location tracking on
AccuWeather, no GPS coordinates are collected or passed without
further opt-in permission from the user.
The accusation has nothing to do with “GPS coordinates”. The accusation is that their iOS app is collecting Wi-Fi router names and MAC addresses and sending them to servers that belong to Reveal Mobile, which in turn can easily be used to locate the user. Claiming this is about GPS coordinates is like if they were caught stealing debit cards and they issued a denial that they never stole anyone’s cash.
The accusation comes from Will Strafach, a respected security researcher who discovered the “actual information” by observing network traffic. He saw the AccuWeather iOS app sending his router’s name and MAC address to Reveal Mobile. This isn’t speculation. They were caught red-handed — go ahead and read Strafach’s original report.
GPS information is more precise, and if you grant the AccuWeather app permission to access your location (under the guise of showing you local weather wherever you are, as well as localized weather alerts), that more precise data is passed along to Reveal Mobile as well. But Wi-Fi router information can be used to locate you within a few meters using publicly available databases. Seriously, go ahead and try it yourself: plug your Wi-Fi router’s BSSID MAC address into this website, and there’s a good chance it’ll pinpoint your location on the map.
Other data, such as Wi-Fi network information that is not user
information, was for a short period available on the Reveal SDK,
but was unused by AccuWeather.
In what way is the name and MAC address of your router not “user information”? And saying the information was “unused by AccuWeather” is again sleight of hand. The accusation is not that AccuWeather itself was using the location of the Wi-Fi router, but that Reveal Mobile was. Here are Reveal Mobile’s own words about how they use location data:
By expanding the use case of location data to pre- and
post-shopping experiences, entirely new possibilities open up for
online and offline retailers. The value lies in understanding the
path of a consumer and where they go throughout the day. Traveling
from home to work to retail to soccer practice to dinner is vital
to knowing the customer, and represents the new opportunity of
mobile location data. […]
Location data also informs the home and work location of
customers. Pairing this information with existing demographic
targeting criteria allows retailers to target consumers with a
high propensity to visit based upon two of their most relevant
In other words, Reveal Mobile makes money by revealing your location to retailers (anonymously, so they claim), and AccuWeather made money from Reveal by embedding their SDK in their app.
Back to AccuWeather’s statement:
In fact, AccuWeather was unaware the data was available to it.
Accordingly, at no point was the data used by AccuWeather for any
If true, AccuWeather is seemingly claiming they embedded Reveal Mobile’s SDK in their app without knowing what it did. I believe them. But that’s a shocking admission of negligence.
AccuWeather and Reveal Mobile are committed to following the
standards and best practices of the industry.
No they’re not. If they were, they never would have sent MAC addresses and router names without the user’s consent, and implicitly, against the user’s consent in the case where they opted out of sharing location data with the AccuWeather app.
And even in the case where the user does grant the AccuWeather app permission to access Location Services (a perfectly reasonable thing to do for a weather app), I don’t think it’s a “best practice” to share this data with a retail marketing firm. I’ll bet most users of the AccuWeather app naively presume that the app only uses their location to show them localized weather conditions and alerts.
We also recognize this is a quickly evolving field and what is
best practice one day may change the next. Accordingly, we work to
update our practices regularly.
The best practices for respecting the privacy of users do not change from day to day. What they mean is that one day your app can be doing something shady unbeknownst to the world, and the next day it can be discovered and widely publicized, painting your company as untrustworthy. But that’s not about “best practices” — that’s about what you can get away with changing from one day to the next.
To avoid any further misinterpretation, while Reveal is updating
its SDK, AccuWeather will be removing the Reveal SDK from its iOS
app until it is fully compliant with appropriate requirements.
Once reinstated, the end result should be that zero data is
transmitted back to Reveal Mobile when someone opts out of
location sharing. In the meanwhile, AccuWeather had already
disabled the SDK, pending removal of the SDK and then later
With emphasis added: “the end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing”? Should be? That’s confidence inspiring.
Reveal has stated that the SDK could be misconstrued, and they
assure that no reverse engineering of locations was ever conducted
by any information they gathered, nor was that the intent.
I find this very difficult to believe. Reveal’s own description of their business is that they sell user location to retailers. Why else would be they be collecting router MAC addresses if not to use a reverse lookup to locate users?
We are grateful to have a supportive community that highlights
areas where we can optimize and be more transparent.
Translation: Fuck you, Will Strafach. ★
Tuesday, 22 August 2017
Daisuke Wakabayashi had a few scoops today regarding Apple’s Project Titan:
A notable symbol of that retrenchment is a self-driving shuttle
service that ferries employees from one Apple building to another.
The shuttle, which has never been reported before, will likely be
a commercial vehicle from an automaker and Apple will use it to
test the autonomous driving technology that it develops. […]
Apple’s testing vehicles will carry employees between its various
Silicon Valley offices. The new effort is called PAIL, short for
Palo Alto to Infinite Loop, the address of the company’s main
office in Cupertino, Calif., and a few miles down the road from
Palo Alto, Calif.
This is true. Although the name is already out of date, given that it doesn’t include Apple Park, which I believe will be part of the loop.
Even though Apple had not ironed out many of the basics, like how
the autonomous systems would work, a team had already started
working on an operating system software called CarOS. There was
fierce debate about whether it should be programmed using Swift,
Apple’s own programming language, or the industry standard, C++.
This paragraph is all a bit muddled. I don’t think anyone inside Apple refers to Project Titan’s OS as “CarOS”. As for programming languages, I would guess the Project Titan team is using good old-fashioned C,1 not Swift or C++. And I’m pretty good at guessing about stuff like this.
Last year, Apple started to rein in the project. The company
tapped Bob Mansfield, a longtime executive who over the years had
led hardware engineering for some of Apple’s most successful
products, to oversee Titan.
Mr. Mansfield shelved plans to build a car and focused the project
on the underlying self-driving technology. He also laid off some
hardware staff, though the exact number of employees dedicated to
working on car technology was unclear.
“Shelved” is an accurate word, but I think many people have interpreted it as meaning that Apple has given up on designing its own vehicles. My understanding is that it’s more like “Let’s get the autonomous shit down first, and worry about designing vehicles to put it in after that.” Eat the steak one bite at a time rather than all at once.
Over at 512 Pixels, Stephen Hackett writes:
However, I think it’s clear that Project Titan was a distraction
to the company. There’s not much in the way of hard evidence of
that, but as this has wound down, Apple’s actual products have
seemed to receive more attention. If this is indeed the case, I’m
glad to see a return to form when it comes to updating things like
I wouldn’t worry too much about this. From Wakabayashi’s NYT report:
From the beginning, the employees dedicated to Project Titan
looked at a wide range of details. That included motorized doors
that opened and closed silently. They also studied ways to
redesign a car interior without a steering wheel or gas pedals,
and they worked on adding virtual or augmented reality into
Think about the way that ARKit is focused on identifying flat surfaces like floors and table tops. Seems like exactly the sort of thing that might have first been focused on identifying, say, roads. There’s no car yet, and there may never be, but I would bet there’s good stuff coming out of Project Titan already. ★
Jackass of the Week: James Damore ★
If you’re still looking for a succinct, pin-point-accurate, easily grasped explanation for what was wrong about Google engineer James Damore’s essay arguing against Google’s efforts to address gender (and, I think implicitly, racial) diversity in its workforce, look no further than Damore himself, in this series of tweets:
Imagine your company spent $250 million on programs that assumed
Santa Claus is real.
Then you wrote a document detailing why Santa Claus is a myth,
which upset the brainwashed employees that believe in Santa Claus.
It’s your fault if you make a 3 year old cry by telling them
Santa Claus isn’t real. It’s society’s fault if that makes 30
year olds cry.
I found his original document extraordinarily tedious to read because it contained about two pages worth of ideas spread across 10 pages of a sort of academic-ese-like writing. He used that abstract, detached, wordy point-of-view to make his thesis come across as non-confrontational. I’m not against women in tech, I’m just pro facts, and here are some facts.
Now, unleashed from any pretense of evenhandedness or detachment, we get a succinct summary of his argument: the notion that women should, based on merit and talent, constitute a larger percentage of the tech industry is like believing in Santa Claus. A fantasy.
Fuck this guy.
Also, nobody cried after reading his “document”. They simply explained, often in point-by-point painstaking detail, why he was wrong and needed to be fired.
Giuseppe Stuto: US Teens Engage With iMessage More Than Any Other Social Platform ★
Giuseppe Stuto, co-founder and CEO of Fam:
The Piper Jaffrey data shows how commanding iPhones are in today’s
smartphone landscape for teens. This is in line with our various
surveying here at Fam, in which we have approximated over the past
year that 75% of US teens use iPhones. In terms of why this may be
the case, there are several factors to consider: design, iTunes,
network effects, and of course what we believe to be the most
important one, iMessage.
By no means am I commenting on what device is better, more
powerful, better looking, or any of that. Simply laying the
groundwork for this thesis at large.
iMessage IS a social platform for teens. It’s currently the center
of their immediate, social universe.
Absolutely true for my son and his friends. Apple said two years ago that iMessage was the single most-used app on iOS. And as I wrote last year, there is nothing inadvertent or lucky about iMessage’s success — and yet it is largely overlooked.
Here’s a Reddit thread chock full of anecdotes about how dominant iMessage and iPhones are among US teens.
Jack-Off Hysteria Subsided Quickly ★
Nilay Patel’s review of the iPhone 7 for The Verge last year contained 31 references to the word “headphone”. Dieter Bohn’s review this week of the headphone-jack-less Essential Phone contains three, all in one paragraph:
There is no standard 3.5mm headphone jack, which is basically a
trend now. But at least it ships with a USB-C dongle (though not
USB-C headphones). Trends be damned, I’m going to continue to be a
curmudgeon about it, if only because once this week I left both
the dongle and my Bluetooth headphones at the office, so I
couldn’t listen to music or podcasts the next day.
As I wrote last year, “Nilay’s review is going to age about as well as a 2007 review of the original iPhone that devoted the same amount of attention to the lack of a hardware keyboard.”
I think Bohn devoted exactly the right amount of attention to this — it’s certainly worth pointing out, and that’s about it. I did find it slightly curious that Bohn didn’t complain about the fact that the Essential Phone doesn’t even ship with a pair of USB-C headphones, though — you either have to use the included dongle or third-party Bluetooth headphones. Seems nickel-and-dimey for a $700 phone.
‘Tell Them That They Not Only Get to Yell at Nazis, but That Cake Will Be Served’ ★
Dan Savage devoted the first 9 minutes of his Savage Lovecast podcast this week to last week’s Charlottesville and Boston protests, and the controversy over Tina Fey’s brilliant sheet cake segment on SNL’s Weekend Update. Includes a nice reference to my piece on this.
AccuWeather Caught Sending User Location Data, Even When Location Sharing Is Off ★
Zack Whittaker, reporting for ZDNet:
Popular weather app AccuWeather has been caught sending
geolocation data to a third-party data monetization firm, even
when the user has switched off location sharing. […]
Security researcher Will Strafach intercepted the traffic from an
iPhone running the latest version of AccuWeather and its servers
and found that even when the app didn’t have permission to access
the device’s precise location, the app would send the Wi-Fi router
name and its unique MAC address to the servers of data
monetization firm Reveal Mobile every few hours. That data can be
correlated with public data to reveal an approximate location of a
We independently verified the findings, and were able to geolocate
an AccuWeather-running iPhone in our New York office within just a
few meters, using nothing more than the Wi-Fi router’s MAC address
and public data.
In other words, if you deny AccuWeather permission to use the Location Services APIs on you iPhone, they’ll go around your back and send your Wi-Fi router name and the router’s MAC address to these shitbirds at Reveal Mobile, and they maintain a database that maps Wi-Fi routers to locations.
To me this is a one strike and you’re out situation. Apple should remove this version of the AccuWeather app from the App Store, and any of you reading this who have it installed should delete it from your devices and never re-install it. How can you trust them? There are plenty of excellent weather apps in the App Store that would never blatantly abuse your privacy like this. Off the top of my head: Dark Sky, Weather Line, and Carrot, to name just three. Also, the built-in Weather app that comes with iOS is really good and has gotten a lot better in the last few years.
Android 8.0 Oreo ★
I get it, Oreos are famous. But if you like Oreos you should try Newman-O’s, which are way way better. Newman-O’s are the cookies Oreos pretend to be.
The Verge’s Essential Phone Review ★
Dieter Bohn, writing for The Verge:
It won’t be long now before we take edge-to-edge screens like the
one on the Essential Phone for granted, but for the moment it’s
still something special. There’s a cutout at the top for the
selfie camera (and a couple of sensors) shaped like a little U,
splitting the status bar in half between notifications and your
radio status icons.
That cyclops eye seems like the sort of thing that would be
distracting, but in my experience it becomes invisible almost
immediately. Ninety-five percent of the time Android doesn’t put
anything of value in that particular part of the screen anyway,
and the phone is adept at keeping apps that go truly full screen
(like video) letterboxed in. Every now and then you will have
something like an image that will be full screen and cut off by
the camera, but it’s rare. […]
Even though we’ve seen the no-bezel trick on phones like the
Galaxy S8, it still feels remarkable to have such a large display
on such a small phone. The 5.7-inch screen on the Essential Phone
is bigger than what you’ll get on an iPhone 7 Plus or a Pixel XL,
yet the phone itself is much smaller. It’s much closer in size to
the smaller counterparts of those phones, the iPhone 7 and Pixel,
and their significantly smaller displays.
It does look like a beautiful device. And it deserves kudos for lacking a camera bump. But: the camera is, in The Verge’s terms, “somewhat disappointing”. There’s one and only one reason why recent iPhones have camera bumps: to improve the quality of the images and videos shot by the camera. I hate the bump, but I’d rather have the bump and better image quality than no bump and worse image quality. Wake me up when someone figures out how to make a best-of-breed phone camera with no bump.
Update: Google’s Pixel phones don’t have a bump, and are top-tier cameras. Neglecting to mention them is an inexplicable brain fart on my behalf, given that I own a Pixel and like it far more than any other Android phone I’ve ever seen. But it’s not like the Pixel achieve a no-bump design without a significant compromise: the entire form factor of the phone is wedge-shaped — the top (the camera end) is noticeably thicker than the bottom. In some ways that’s better, and in others it’s worse. But what I want is what the iPhone SE has: no bump, no wedge — just a perfect slab with a flush camera lens. I fear the bump is here to stay, though.
Ellen Pao: ‘This Is How Sexism Works in Silicon Valley’ ★
Ellen Pao, in an excerpt at The Cut from her new book Reset:
In my own interview, when I mentioned that my colleagues had
talked about a porn star when we were on a plane together, the
investigator asked if it was Sasha Grey. I said no. He pressed the
point, saying that Sasha Grey was crossing over into legitimate
acting. At another point, the investigator asked, in a “gotcha”
tone, “Well, if they look down on women so much, if they block you
from opportunities, they don’t include you at their events, why do
they even keep you around in the first place?”
I hadn’t thought about it before. I replied slowly as the answer
crystallized in my mind: If you had the opportunity to have
workers who were overeducated, underpaid, and highly
experienced, whom you could dump all the menial tasks you didn’t
want to do on, whom you could get to clean up all the problems,
and whom you could create a second class out of, wouldn’t you
want them to stay?
It is remarkable and admirable what Pao chose to go through rather than accept a multi-million-dollar buyout and sign a non-disclosure agreement, simply so she could tell her story.
Update: One niggle: the headline on this piece ought to be “This Is How Sexism Works in the VC Industry”, not “in Silicon Valley”.
Apple’s New Instructional Videos for iPad Pro and iOS 11 ★
These are, as usual, very well done, but I’m a little curious about the timing, given that iOS 11 won’t ship to non-beta-testers until next month.
Om Malik Interviews Louis Rossetto ★
Terrific interview by Om Malik with Wired magazine co-founder Louis Rossetto. Rossetto:
Life is funny, because you’re supposed to — well, at least when I
was growing up — you were supposed to have this clear idea of the
trajectory of your life, a career that you could envision how it’s
going to turn out, and the steps that you would take along the way
to make that dream real. My life has been about serial obsessions,
which I compare to love affairs. You can’t will yourself to fall
in love, but suddenly you find yourself in love, and then it
becomes something amazing.
I think people do their best work when they’re obsessed by
something they have to work out. That’s been the story of my life.
It certainly hasn’t been linear. It’s been about following
passions along the way. Sometimes it’s been about being a
journalist, or an editor, or an entrepreneur, and other times it’s
been about being a father, or a chocolate company guy. Now it’s
about being a writer. Each of these have had their own moment;
they’ve each absorbed my full being in order to work out whatever
it was I had to deal with.
Rosetto has a new book, a novel titled Change Is Good, that is being designed and printed by Erik Spiekermann. The first edition is available exclusively through Kickstarter.
Those early years of Wired were just incredibly inspiring to me. I loved everything about the early Wired — what they wrote about, how they wrote about it, the typography and design of the magazine itself, and even the quality of the inks and papers they used. It was so good, and so perfectly captured a hard-to-capture revolution.
Friday, 18 August 2017
15 years ago this week, I started Daring Fireball with this piece on a then-new lineup of PowerMac G4’s. I groan at the use of “the Daring Fireball” in lieu of the first person, but otherwise it holds up pretty well stylistically.
A quick tally: to date I’ve written 1,173 full columns and 25,486 Linked List entries (including this one). Total word count, not including the entry titles:
- Full columns: 1,048,662 original words (1,190,759 total words, including blockquotes).
- Linked List entries: 952,854 original words (1,923,963 total words, including blockquotes).
- Combined: 2,001,516 original words (3,114,722 total words, including blockquotes).
Not bad. ★
Vice News Tonight: ‘Charlottesville: Race and Terror’ ★
Correspondent Elle Reeve goes behind the scenes with white
nationalist leaders, the Charlottesville Police, and Black Lives
Matter during the “Unite the Right” rally.
22 minutes, and worth every second. It really gives a sense of just how tense this weekend-long confrontation was, and how scary (and well-armed) these Nazi motherfuckers are. Reeve does a great job letting them speak for themselves.
Why Cloudflare Terminated Daily Stormer ★
Matthew Prince, CEO of Cloudflare:
Earlier today, Cloudflare terminated the account of the Daily
Stormer. We’ve stopped proxying their traffic and stopped
answering DNS requests for their sites. We’ve taken measures
to ensure that they cannot sign up for Cloudflare’s services
Our terms of service reserve the right for us to terminate users
of our network at our sole discretion. The tipping point for us
making this decision was that the team behind Daily Stormer made
the claim that we were secretly supporters of their ideology.
Our team has been thorough and have had thoughtful discussions for
years about what the right policy was on censoring. Like a lot of
people, we’ve felt angry at these hateful people for a long time
but we have followed the law and remained content neutral as a
network. We could not remain neutral after these claims of secret
support by Cloudflare.
Now, having made that decision, let me explain why it’s so
I’m a staunch First Amendment supporter. I believe these Nazi motherfuckers have a right to publish their garbage propaganda. But they don’t have a right to Cloudflare services. Prince’s thoughtful explanation makes clear that this was a last resort, and hopefully one-time exception, to their policy of not censoring sites over political content.
The internet really changes the way this works, though. In the print days, there was no equivalent of a distributed denial of service (DDoS) attack. There are only a handful of very large companies that can defend against a DDoS attack, and Cloudflare is one of them. Now that Cloudflare has dropped them, their web site is unreachable.
Dilution of Whisky – The Molecular Perspective ★
Interesting new paper published in Scientific Report by Björn C. G. Karlsson and Ran Friedman:
Despite the growing knowledge of the nature of water-alcohol
mixtures on a molecular level, much less is known on the
interaction of water, alcohol and small solutes. In particular,
the nature of the interaction between the solvent and
taste-carrying molecules, such as guaiacol, is not known. To
address this gap, we used MD simulations to study the distribution
of guaiacol in water-alcohol mixtures of different concentrations.
Our simulations revealed that guaiacol is present at the
air-liquid interface at ethanol concentrations that correspond to
the alcohol content of bottled or diluted whiskies. Because the
drink is consumed at the interface first, our findings help to
understand why adding water to whisky helps to enhance its taste.
I loved this line:
Overall, there is a fine balance between diluting the whisky to
taste and diluting the whisky to waste.
I got this via The Verge, who ran it with the headline “Here’s the Scientific Reason It’s Better to Drink Whiskey on the Rocks”. That headline surely turned heads (and generated clicks) because neat versus on-the-rocks is a polarizing debate, but it’s not supported by this paper. Karlsson and Friedman report only on the effects of adding water, not changing the temperature. That said, in yours truly’s humble opinion, almost all whisky tastes better with a large ice cube.
A.M. Sacconaghi Jr. Estimates That Google Is Paying Apple $3 Billion to Remain the Default Safari Search Engine ★
Todd Haselton, writing for CNBC:
“Court documents indicate that Google paid Apple $1B in 2014, and
we estimate that total Google payments to Apple in FY 17 may
approach $3B,” Bernstein analyst A.M. Sacconaghi Jr. said. “Given
that Google payments are nearly all profit for Apple, Google alone
may account for 5% of Apple’s total operating profits this year,
and may account for 25% of total company OP growth over the last
I would love to be a fly on the wall for those negotiations.
Sacconaghi said that Google might decide to back away from paying
Apple any licensing fees if it feels confident enough that its
search engine is so popular Apple won’t include any other option
On the other hand, Sacconaghi said that Apple’s iOS devices
contribute about 50 percent to Google’s mobile search revenue,
which means Google might be too afraid to walk away from its
licensing deal with Apple. In this case, it’s a win-win for Apple
If Apple was willing to dump Google Maps, they’d be willing to dump Google Search too. The differences between results from Google versus Bing or DuckDuckGo are way smaller than the differences between Google Maps and Apple Maps back in 2012. Apple is in a strong position in this relationship.
Tim Cook’s Email to Employees About Charlottesville ★
We must not witness or permit such hate and bigotry in our
country, and we must be unequivocal about it. This is not about
the left or the right, conservative or liberal. It is about human
decency and morality. I disagree with the president and others who
believe that there is a moral equivalence between white
supremacists and Nazis, and those who oppose them by standing up
for human rights. Equating the two runs counter to our ideals as
Regardless of your political views, we must all stand together on
this one point — that we are all equal. As a company, through our
actions, our products and our voice, we will always work to ensure
that everyone is treated equally and with respect.
This is where we’ve gotten to: Tim Cook felt the need to denounce Nazism — fucking Nazism — because the president of the United States won’t.
Josh Marshall: ‘The House Is on Fire’ ★
I confess I had a small degree of surprise that the events of the
weekend — as horrifying and tragic as they are — have had quite
the effect on people they seem to have had. This is not to
diminish them. It is only to say that I do not think they should
be so surprising. I don’t think they should amount to a revelation
that shifts our basic understanding of things. We have if not a
growing white supremacist movement in the US at least an
increasingly vocal and emboldened one. They both made Trump
possible and have in turn been energized and emboldened by his
success. He reacts this way because he is one of them. He is
driven by the same view of the world, the same animus and
grievances. What we’ve seen over the last five days is sickening
and awful. The house is on fire. But it was on fire a week ago.
It’s been on fire since November. The truth is indeed unimaginable
and terrifying. But we need to accept the full truth of it if we
are going to be able to save our country.
Trump Gives White Supremacists an Unequivocal Boost ★
Glenn Thrush and Maggie Haberman, reporting for The New York Times (emphasis added):
No word in the Trump lexicon is as tread-worn as “unprecedented.”
But members of the president’s staff, stunned and disheartened,
said they never expected to hear such a voluble articulation of
opinions that the president had long expressed in private. The
National Economic Council chairman, Gary D. Cohn, and the Treasury
secretary, Steven Mnuchin, who are Jewish, stood by uncomfortably
as the president exacerbated a controversy that has once again
engulfed a White House in disarray.
The President of the United States is an angry, resentful white supremacist. That’s been clear to me ever since he started campaigning. If any good comes of this terrible week, it’s that more and more people are now seeing it, and are outraged by it.