The Quip Electric Toothbrush 

My thanks to Quip for sponsoring last week’s DF RSS feed to promote their electric toothbrush. Created by dentists and designers, Quip guides good habits that help improve oral health. To help you brush longer, Quip has a nifty 2-minute timer. And to help you freshen old, worn out bristles, Quip delivers new brush heads every 3 months (as dentists recommend). Not only does this make Quip incredibly simple, it’s also effective with a Seal of Acceptance from the American Dental Association.

Refresh your routine with the quip electric toothbrush, starting at just $25.

Apple Promotes Free Month of Upgraded iCloud Storage to Non-Paying Users 


As seen in the image above, provided by AppleInsider reader Vin, Apple is advertising free one month trials of its premium iCloud storage plans to Apple device owners not currently paying for a subscription and who have reached their 5GB limit.

When these users attempt to perform an iOS device backup, a pop-up message appears promoting the step-up 50GB plan. A similar notification without mention of the free trial has long been part of iOS.

“You do not have enough space in iCloud to back up your iPhone. A 50 GB plan gives you plenty of space to continue backing up your iPhone. Your first month is free and it’s just $0.99 each month after.”

Great idea. My fingers are still crossed that they’ll increase the storage capacity of the free tier at WWDC, though.

Apple Has Rejected iOS Version of Valve’s Steam Link App 

Kyle Orland, writing for Ars Technica:

“On Monday, May 7, Apple approved the Steam Link app for release,” Valve said in a statement sent to Ars. “On Wednesday, May 9, Valve released news of the app. The following morning, Apple revoked its approval citing business conflicts with app guidelines that had allegedly not been realized by the original review team.”

Valve says it appealed that decision on the basis that “the Steam Link app simply functions as a LAN-based remote desktop similar to numerous remote desktop applications already available on the App Store.” That includes an official Windows Remote Desktop app from Microsoft, third-party apps from LogMeIn and GoToMyPC, and many more. There are even streaming apps for iOS which use Nvidia’s GameStream technology to remotely play titles running on a PC, just like the Steam Link app.

There are two parts to this story, both of which make Apple look bad. First, Steam Link is more or less equivalent to a VNC client. It doesn’t stream games from Valve’s servers — it streams them from a Mac or PC on your local network. As Ars points out, there are plenty of other VNC/remote desktop apps in the App Store.

The second part is the yanking of the carpet out from under Valve’s feet, by first accepting Steam Link, leading Valve to announce it officially, before rescinding the acceptance.

Apple hasn’t explained its decision (yet?), but it seems pretty obvious they’re objecting to it on the grounds that it’s a competitor to the App Store for buying games, cutting out Apple’s 30 percent cut of purchases. I think that would be true if Steam Link were a way to stream games from Valve’s servers, but I don’t think it is for a LAN-based app.

Steve Kerr on the NFL’s New Stance on the National Anthem 

Couldn’t say it better myself; agree with every word of this.

ACLU Report: Detained Immigrant Children Subjected to Widespread Abuse by Officials 

Richard Gonzales, reporting for NPR on a new report from the ACLU:

Among the allegations, U.S. officials are said to have:

  • Denied a pregnant minor medical attention when she reported pain, which preceded a stillbirth.
  • Subjected a 16-year-old girl to a search in which they “forcefully spread her legs and touched her private parts so hard that she screamed.”
  • Left a 4-lb. premature baby and her minor mother in an overcrowded and dirty cell filled with sick people, against medical advice.
  • Threw out a child’s birth certificate and threatened him with sexual abuse by an adult male detainee.
  • Ran over a 17-year-old with a patrol vehicle and then punched him repeatedly.

Customs and Border Protection said the ACLU report “equates allegations with fact” and ignores reforms that have been made recently.

Widespread abuse of children.

Amazon’s Explanation for the Alexa Eavesdropping Scandal 

Jason Del Ray, reporting for Recode:

Asked for more details, Amazon provided Recode with the following explanation:

Echo woke up due to a word in background conversation sounding like “Alexa.” Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, “[contact name], right?” Alexa then interpreted background conversation as “right”. As unlikely as this string of events is, we are evaluating options to make this case even less likely.”

I mean, that all does sound pretty unlikely. But the fact that Alexa can interpret background conversation as a confirmation is a big problem.

Unlikely though it sounds, this does seem like the most likely scenario.

I do have a few Echo devices, but I never granted them access to my contacts and never enabled “Calling and Messaging”. If you did, and now wish to disable it, you need to call Amazon on the phone. Not joking.

Illustration in the App Store 

Khoi Vinh, writing at Subtraction:

Apple’s dramatically redesigned App Store got a decent amount of attention when it debuted last year with iOS 11, but its unique success as a hybrid of product design and editorial design has gone little noticed since. That’s a shame, because it’s a huge breakthrough.

I myself paid it scant attention until one day this past winter when I realized that the company was commissioning original illustration to accompany its new format. If you check the App Store front page a few times a week, you’ll see a quietly remarkable display of unique art alongside unique stories about apps, games and “content” (movies, TV shows, comics, etc.). To be clear: this isn’t work lifted from the marketing materials created by app publishers. It’s drawings, paintings, photographs, collages and/or animations that have been created expressly for the App Store.

We don’t see this particular flavor of artistic ambition from many companies today, especially tech companies.

The new iOS 11 App Store really is run like an editorial-driven publication. They write articles and features, and as Vinh rightly celebrates here, commission great custom artwork. One of the things I’m most looking forward to next month at WWDC is seeing this sort of treatment on the Mac App Store, too.

Google Didn’t Pay for Stock Footage Used in Video 

Vlad Savov, writing for The Verge:

The Selfish Ledger is a troubling, near-future concept video produced within Google in late 2016, which we revealed on this website a week ago. It uses plenty of stock footage to illustrate its premise, which the BBC now reports wasn’t properly licensed by Google. British filmmaker Philip Bloom expressed his dismay to the BBC at seeing his footage used in The Selfish Ledger without any license or authorization from him. He reports that Google lifted 73 seconds from seven of his videos, and when he got in touch with the company he was offered no compensation. Google, in response, indicates that the video was only for internal use, which Bloom counters by noting that many other companies have previously licensed his work for internal use only.

It’s bad enough Google didn’t pay for the footage up front, as they should have. But to refuse to pay now is outrageous. Who runs PR for Google? A generous payment to Bloom after he contacted them and this never even would have been a story.

Bloomberg: ‘Andy Rubin Puts Essential Up for Sale, Cancels Next Phone’ 

Mark Gurman and Alex Barinka, reporting for Bloomberg:

Essential Products Inc., a startup co-founded by Android creator Andy Rubin that launched last year to great fanfare, is considering selling itself and has canceled development of a new smartphone, according to people familiar with the matter.


The original phone immediately struggled as buyers complained about poor camera capabilities, issues with the touchscreen and problems making phone calls. It also didn’t sell well. The phone’s initial price was $699, the same as an iPhone viewed as a competitor. At that price, the company sold as few as 20,000 units across its website and third-party distribution partners, one of the people said. Last October, Essential lowered the price by $200, which boosted sales. The company has sold at least 150,000 to date, according to the person familiar with the company.

To put that in context against Essential’s closest competitor, IDC estimates Google sold around 3.9 million Pixel and Pixel 2 phones in 2017.

‘Weird, Odd, a Dumpster Fire’: Trump’s North Korea Summit Coin Ridiculed 

Benjamin Haas, reporting for The Guardian from Seoul:

Stony faced, Donald Trump stares down a smiling Kim Jong-un in a high-stakes scene, unfolding entirely on the surface of a coin.

The commemorative piece was minted by the White House Military Office, which typically designs coins for Trump’s trips abroad, before an expected summit between the two leaders in Singapore on 12 June. The coin describes the meeting as “peace talks”, in English and Korean.

Not only was this coin premature, not only does it get Kim’s title wrong, not only does it bestow upon Kim legitimacy he’s long sought but does not deserve, but worse than all that, the outer rim of text is set in Arial.

Woman Says Her Amazon Device Recorded Private Conversation, Sent It Out to Random Contact 

Gary Horcher, reporting for KIRO 7 News in Seattle:

But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. “The person on the other line said, ‘unplug your Alexa devices right now,’” she said. “‘You’re being hacked.’”

That person was one of her husband’s employees, calling from Seattle.

“We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house,” she said. “At first, my husband was, like, ‘No you didn’t!’ And the (recipient of the message) said ‘You sat there talking about hardwood floors.’ And we said, ‘Oh gosh, you really did hear us.’”

Danielle listened to the conversation when it was sent back to her, and she couldn’t believe someone 176 miles away heard it too.

It’s a bit maddening that they don’t say how this was sent. As an attachment in an email? Who was the email from? We don’t get to hear the recording, either.

Danielle says she unplugged all the devices, and she repeatedly called Amazon. She says an Alexa engineer investigated.

“They said ‘Our engineers went through your logs, and they saw exactly what you told us, they saw exactly what you said happened, and we’re sorry.’ He apologized like 15 times in a matter of 30 minutes and he said we really appreciate you bringing this to our attention, this is something we need to fix!”

But Danielle says the engineer did not provide specifics about why it happened, or if it’s a widespread issue.

This seems like a very strange bug path. Why would the Echo record anything, and why is there even the capability of sending a recording to a contact? You can’t make a recording and send it to a contact even if you want to with Alexa (as far as I know), so why is it even possible for it to happen inadvertently.

This confirms the worst fears of those skeptical about the privacy implication of these voice assistants.

Update: So it turns out Alexa can send a voice recording to a known contact. This must be the feature that went haywire in this incident.

Today Mac OS X Is as Old as the Classic Mac OS 

Jason Snell, writing at Six Colors:

Here’s a bit of numerology for you. Today marks 17 years, one month, and 29 days since Mac OS X 10.0 was released on March 24, 2001. That’s a strangely odd number — 6269 days — but it also happens to be the exact length of time between January 24, 1984 (the launch of the original Macintosh) and March 24, 2001.

As Jason notes, it’s a bit mushy, given that Mac OS X had been out for a while in beta form prior to 10.0 being released, and perhaps more importantly, a majority of Mac users were relying on Mac OS 9 for several years after Mac OS X was released — including yours truly. But, still, a notable milestone. Classic Mac OS being anything other than a very fond memory feels like a long time ago.


If you’ve got a soft spot for vintage ’80s vector-graphic video games like Star Wars and Battlezone, you’re going to love this new short film by Stu Maschwitz. So great. Also, a fantastic 20-minute video on how it was made.

FBI Repeatedly Overstated Encryption Threat Figures to Congress, Public 

Devlin Barrett, reporting for The Washington Post:

The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order.

The FBI first became aware of the miscount about a month ago and still does not have an accurate count of how many encrypted phones they received as part of criminal investigations last year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.

Even if the accurate number really was 7,800, it wouldn’t change the fact that adding backdoors to phones would be a disaster for security and privacy. The number really doesn’t matter. But the fact that they overstated it by a factor of 6 makes the FBI look really bad. I’m not saying they lied, but I think it’s unlikely they would have undercounted the number of phones by a factor of 6.

Yammering on One More Time Regarding Google’s Duplex Recordings

Let me just reiterate up front that my suspicions surrounding Google’s Duplex recordings are not suspicions regarding the idea of Duplex itself. If I had to bet on who will be the first to create an AI voice system that passes for human, even within the limited constraints of a single well-defined task like booking reservations, it would be Google. If Vegas had a betting line on this, Amazon would probably have decent odds too, but surely Google would be the favorite.

We can all hear for ourselves how well Google Assistant works today. I’m not alleging that these recordings are complete fabrications, or betting against Google being further ahead in this effort than anyone else.

But everything about the way Google announced this — the curious details of the calls released so far, the fact that no one in the media has been allowed to see an actual call happen live — makes me suspect that for one or more reasons, the current state of Duplex is less than what Sundar Pichai implied on stage. His words before the first recording was played: “What you’re going to hear is the Google Assistant actually calling a real salon to schedule an appointment for you. Let’s listen.” And after the second recording: “Again, that was a real call.”

You can parse those words precisely and argue that Pichai never said they were unscripted or un-coached, or that the recordings are unedited. But that’s like saying Bill Clinton was technically truthful with his “I did not have sexual relations with that woman” statement. The implication of Clinton’s statement was that he wasn’t involved sexually with his intern, and that wasn’t true. The implication of Pichai’s statement was that right now, today, Google has a version of Duplex in its lab that can call a real restaurant or hair salon and book a reservation and sound truly human while doing so. Not soon, today. Look at the news coverage from the announcement — Mashable, The Guardian, The Verge, The Evening Standard — all of those reports on Duplex’s announcement are written in the present tense, as though it’s something Google has working, as heard, with no or very minimal editing, today.

If a few months or more from now Google can demonstrate a real Duplex call, live, that wouldn’t disprove my suspicion that they can’t do it right now in May 2018 — even though Sundar Pichai clearly implied last week that they can. If I’m wrong — if stories come out in the next week or two from journalists granted behind-the-scenes access to listen to Duplex make live calls (and watch them be parsed correctly, creating calendar events and notifications of the reservation dates and times), and those calls sound every bit as realistically human as the recordings Google has released so far — my suspicion will be proven false. And I’d be delighted by that. Part of the reason I’m so focused on Duplex is that if it really works like it does in these recordings, it’s one of the most amazing advances in technology in years.

But Google hasn’t done that, and the more I think about it, and the longer Google stonewalls on press inquiries about Duplex, the more suspicious I get that they can’t. Even if Duplex still has a low success rate, it would be amazing if, say, half its calls worked as well and sounded as good as these recordings. That would be perfectly understandable for a technology still in development.

But Pichai also said “This will be rolling out in the coming weeks as an experiment.” On the one hand, that makes me feel like maybe I am off my rocker for being so skeptical. Why in the world would Pichai say that if they weren’t at a stage in internal testing where Duplex works as the recordings suggest? But on the other hand, if they are that close, why haven’t they invited anyone from the media to see Duplex in action?

They did invite Richard Nieva from CNet to a behind-the-scenes preview before I/O, but all he got to hear were recordings, too:

In a building called the Partnerplex on Google’s sprawling campus in Mountain View, California, I’ve been invited to hear a 51-second phone recording of someone making a dinner reservation. […]

As I listen to what sounds like a man and a woman talking, Google’s top executives for Assistant, the search giant’s digital helper, watch closely to gauge my reaction. They’re showing off the Assistant’s new tricks a few days before Google I/O, the company’s annual developer conference that starts Tuesday.

Turns out this particular trick is pretty wild.

That’s because Person 2, the one who sounds like a man, isn’t a person at all. It’s the Google Assistant.

Why not let Nieva hear it live? Why not let Nieva answer the phone and book the reservation himself, as though he works at the restaurant? If it’s “weeks” away from rolling out in a limited beta to the public, that should be possible.

The job of journalists is to verify these things, not just to take a company’s word for it. Here’s Om Malik, linking to Dan Primack’s Axios story on Google’s stonewalling:

Om Malik:

“Google may well have created a lifelike voice assistant…Or it was partially staged. Or something else entirely. We just don’t know, because Google won’t answer the questions.” @danprimack doing what journalists are supposed to do. Verify and dig deeper!

Dave Winer, in the same thread:

Finally journalism starts asking obvious questions of tech.

Tech journalism has never asked basic questions like “how did you do this?”

Apple once used my software to demo their tech, which wasn’t ready.

Reporters refused to ask about this.

“How did you do this?” is a necessary question. But even broader, when you’re only shown a recording, the question is “How do we know this is real?”

Maybe Duplex, today, works just as well and sounds just as human as these recordings suggest. But maybe it doesn’t work as well as they claimed, or doesn’t sound so human,1 or takes pauses that were edited out of the clips they’ve released. We don’t know, because Google hasn’t allowed anyone to verify anything about it. It’s like a card trick where the magician, rather than an audience member, picks the card and shuffles the deck.

It’s the difference between, say, watching video of a purported self-driving car versus watching — or even better, riding as a passenger in — an actual self-driving car.

The headlines last week should have been along the lines of “Google Claims Assistant Can Make Human-Sounding Phone Calls”, not “Google Assistant Can Make Human-Sounding Phone Calls”. There’s a difference.

A recording is not a demo. You can demo hardware and software that isn’t shipping yet — most companies do, because that’s when the products are still under wraps and can make for a surprise. But there’s an obligation to be clear about the current state of the product, and to demo what you currently have working “for real”. Showing it privately to select members of the media is another acceptable strategy. Just to cite one famous example from Apple: in January 2007 the original iPhone was six months away from shipping and still needed a lot of work. But what Steve Jobs showed on stage was real — early stage software running on prototype hardware. Everything demoed was live, not a recording. And then to further prove that, after the keynote, select members of the media, including Jason Snell, Andy Ihnatko, and David Pogue, got up to 45 minutes of actual hands on time with a prototype, even though the software was at such an early stage that some of the default apps only showed screenshots of what they were supposed to look like.

That’s how you prove to the world that a demo was what you said it was. It is damn curious that Google won’t do that with Duplex. 

  1. Google now claims their plan all along has been to have Duplex identify itself to humans. I don’t understand how that squares with the efforts they clearly went through to make Duplex sound convincingly human. It seems clear that they only started thinking about disclosing Duplex as a bot to humans in response to the ethical outcry after the keynote. Ethics aside though, what makes the promise of Duplex so tantalizing as a technology is its seeming humanness. ↩︎

Computer History Museum Releases Eudora’s Source Code 

Len Shustek, writing for The Computer History Museum:

Eventually many email clients were written for personal computers, but few became as successful as Eudora. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of happy users. Eudora was elegant, fast, feature-rich, and could cope with mail repositories containing hundreds of thousands of messages. In my opinion it was the finest email client ever written, and it has yet to be surpassed.

I still use it today, but, alas, the last version of Eudora was released in 2006. It may not be long for this world. With thanks to Qualcomm, we are pleased to release the Eudora source code for its historical interest, and with the faint hope that it might be resuscitated. I will muse more about that later.

I still miss classic Eudora in a lot of ways.

Here are some telling statistics:

The Windows version of Eudora is written in C++. The source tree consists of 8,651 files in 565 folders, taking up 458 MB. There are both production (“Eudora71”) and test (“Sandbox”) versions of the code.

The Macintosh version of Eudora is an entirely different code base and is written in C. The source tree consists of 1,433 files in 47 folders, taking up 69.9 MB.

Amazon Teams Up With Law Enforcement to Deploy New Face Recognition Technology 

Matt Cagle, writing for the ACLU:

The company has developed a powerful and dangerous new facial recognition system and is actively helping governments deploy it. Amazon calls the service “Rekognition.”

Marketing materials and documents obtained by ACLU affiliates in three states reveal a product that can be readily used to violate civil liberties and civil rights. Powered by artificial intelligence, Rekognition can identify, track, and analyze people in real time and recognize up to 100 people in a single image. It can quickly scan information it collects against databases featuring tens of millions of faces, according to Amazon.

Amazon is marketing Rekognition for government surveillance.

This strikes me as a bad idea in general, but an especially bad idea for a company that sells consumer devices with built-in cameras.

Two Americans Were Detained by a Border Patrol Agent After He Heard Them Speaking Spanish 

Amy B. Wang, reporting for The Washington Post:

“We were just talking, and then I was going to pay,” Suda told The Washington Post. “I looked up [and saw the agent], and then after that, he just requested my ID. I looked at him like, ‘Are you serious?’ He’s like, ‘Yeah, very serious.’ ”

Suda said she felt uncomfortable and began recording the encounter with her cellphone after they had moved into the parking lot. In the video Suda recorded, she asks the agent why he is detaining them, and he says it is specifically because he heard them speaking Spanish.

“Ma’am, the reason I asked you for your ID is because I came in here, and I saw that you guys are speaking Spanish, which is very unheard of up here,” the agent can be heard saying in the video.

They were detained for nearly an hour for speaking Spanish. This guy should lose his job over this; I worry he’ll get a promotion.

Bitcoin Estimated to Use Half a Percent of the World’s Electric Energy by End of 2018 


In the first rigorously peer-reviewed article quantifying Bitcoin’s energy requirements, a Commentary appearing May 16 in the journal Joule, financial economist and blockchain specialist Alex de Vries uses a new methodology to pinpoint where Bitcoin’s electric energy consumption is headed and how soon it might get there. […]

His estimates, based in economics, put the minimum current usage of the Bitcoin network at 2.55 gigawatts, which means it uses almost as much electricity as Ireland. A single transaction uses as much electricity as an average household in the Netherlands uses in a month. By the end of this year, he predicts the network could be using as much as 7.7 gigawatts — as much as Austria and half of a percent of the world’s total consumption.

This is not going to end well.

EPA Bars AP, CNN From Summit on Contaminants 

The Associated Press:

The Environmental Protection Agency is barring The Associated Press, CNN and the environmental-focused news organization E&E from a national summit on harmful water contaminants. The EPA blocked the news organizations from attending Tuesday’s Washington meeting, convened by EPA chief Scott Pruitt. […]

Guards barred an AP reporter from passing through a security checkpoint inside the building. When the reporter asked to speak to an EPA public-affairs person, the security guards grabbed the reporter by the shoulders and shoved her forcibly out of the EPA building.

Early stage autocracy.

Update: After the ensuing outcry, the EPA relented and allowed all news media to attend the second half of the summit.

Is Facebook a Platform or a Publisher? 

From a profile of Irish attorney Paul Tweed for The New York Times, by David Kirkpatrick:

In a February debate over revenge porn televised on the Irish national broadcaster, Mr. Tweed squared off against Niamh Sweeney, Facebook’s policy chief for Ireland. Ms. Sweeney said that one way Facebook was trying to address the issue was by inviting individuals to preemptively submit naked or other embarrassing pictures of themselves so the company’s software could block efforts to post the images. (A pilot program is underway in Australia.)

What could possibly go wrong with this scheme?

Quartz: ‘The Apple Watch Has Found a Surprisingly Useful Home With Everyone That Works on Their Feet’ 

Mike Murphy, writing for Quartz:

Quartz spoke with airline attendants, bartenders, waiters, baristas, shop owners, and (very politely) TSA employees who all said the same thing: The Apple Watch keeps them in touch when they can’t be on their phones at work. Apple has increasingly been pushing the watch as a health device, and seems to have moved away from marketing it as one that offers more basic utility, as Apple continues do with the iPhone. But given that roughly 23% of the US labor force works in wholesale or retail operations, perhaps it’s a market Apple should reconsider.

Interesting, but I don’t think it should be considered surprising. Apple has focused more on fitness features in its advertising this year, but this sort of convenient unobtrusive use of Apple Watch for communicating and receiving notifications was one of the core features right from the start.

The Last Days of Time Inc. 

Sridhar Pappu and Jay Stowe, writing for The New York Times:

An oral history of how the pre-eminent media organization of the 20th century ended up on the scrap heap.

It was once an empire. Now it is being sold for parts.

Walter Isaacson on the heyday:

There were gentlemen writers and editors and women researchers who stayed up late and often had affairs. People just stayed in the office and would make drinks, or people would go out to long dinners. You felt like you were in some movie version of an elegant magazine.

It’s really hard to believe how far Time Inc. and its flagship magazines have fallen. Up until just 10-15 years ago it’s hard to overstate how influential Time and Sports Illustrated were, or how staggeringly profitable People was. What an ignominious end to a once-great company.

‘Too Inconvenient’ 

Eliana Johnson, Emily Stephenson, and Daniel Lippman, reporting for Politico:

The president uses at least two iPhones, according to one of the officials. The phones — one capable only of making calls, the other equipped only with the Twitter app and preloaded with a handful of news sites — are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications.

While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was “too inconvenient,” the same administration official said.

I don’t get it — surely it wouldn’t be inconvenient at all for Trump. It’s not like he’d be the one setting up the new phones.

Anyway, I’m sure everyone who was outraged by Hillary Clinton’s email practices will be just as outraged by this.

Teen Phone Monitoring App Leaked Thousands of User Passwords 

Zack Whittaker, reporting for ZDNet:

The mobile app, TeenSafe, bills itself as a “secure” monitoring app for iOS and Android, which lets parents view their child’s text messages and location, monitor who they’re calling and when, access their web browsing history, and find out which apps they have installed. […]

The database stores the parent’s email address associated with TeenSafe, as well as their corresponding child’s Apple ID email address. It also includes the child’s device name — which is often just their name — and their device’s unique identifier. The data contains the plaintext passwords for the child’s Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data.

What a fiasco. Looks like TeenSafe pulls data from iCloud backups — that’s at least one of the reasons they require you to give them iCloud passwords.

60 Minutes on Google’s Search Monopoly 

Steve Kroft, reporting for 60 Minutes:

This past week the Federal Trade Commission was asked to investigate the data collected by Google on its Android operating system, which powers most of the world’s smartphones. It was a tiny blip in the news cycle but another sign of Washington’s and Europe’s growing concerns about the enormous, largely unchecked power accumulated by tech giants like Facebook, Amazon and Google over the last two decades. Of the three, Google, which is part of a holding company called Alphabet, is the most powerful, intriguing, and omnipresent in our lives. This is how it came to be.

Succinct, compelling case that Google is abusing its search monopoly to promote its own products. Yelp founder Jeremy Stopplelman:

Jeremy Stoppelman: If I were starting out today, I would have no shot of building Yelp. That opportunity has been closed off by Google and their approach.

Steve Kroft: In what way?

Jeremy Stoppelman: Because if you provide great content in one of these categories that is lucrative to Google, and seen as potentially threatening, they will snuff you out.

Steve Kroft: What do you mean snuff you out?

Jeremy Stoppelman: They will make you disappear. They will bury you.


My thanks to Kolide for once again sponsoring this week’s DF RSS feed to promote their new Kolide Cloud “User Focused Security” concept. Last year, Netflix blogged about a great internal tool called Stethoscope which helped their security team communicate the key settings they expect their employees to manage instead of relying on intrusive enforcement. They termed this concept “User Focused Security”.

Kolide recently released Kolide Cloud, which enables you to roll out this User Focused Security strategy and effectively communicate your organization’s Mac security best-practices to your users.

Additionally, Kolide Cloud can detect and alert you about situational security concerns in your Mac fleet that often lead to serious compromises. Kolide looks for improperly stored 2FA backup codes, evidence of unencrypted backups, browser extensions that subvert the privacy of your users, and a litany of other issues that you will want to shut down immediately.

Kolide Cloud is free for your first 10 devices and you can sign up today.

Does Google’s Duplex Violate Two-Party Consent Laws? 

Devin Coldewey, writing for TechCrunch:

“It may be possible with careful design to extract the features you need without keeping the original, in a way where it’s mathematically impossible to recreate the recording,” Kortz said.

If that process is verifiable and there’s no possibility of eavesdropping — no chance any Google employee, law enforcement officer, or hacker could get into the system and intercept or collect that data — then potentially Duplex could be deemed benign, transitory recording in the eye of the law.

That assumes a lot, though. Frustratingly, Google could clear this up with a sentence or two. It’s suspicious that the company didn’t address this obvious question with even a single phrase, like Sundar Pichai adding during the presentation that “yes, we are compliant with recording consent laws.” Instead of people wondering if, they’d be wondering how.

This is one scenario I’m imagining for Google’s complete refusal to answer any questions related to the Duplex phone calls it has released — that they were actual Duplex calls to actual businesses (the one to Hong’s Gourmet almost certainly was, in my opinion), recorded without consent. Someone who works at the one restaurant we know Duplex called told Mashable they weren’t aware in advance.

This wouldn’t send anyone to prison, but it would be a bit of an embarrassment, and would reinforce the notion that Google has a cavalier stance on privacy (and adhering to privacy laws).

Rebecca Solnit: ‘The Coup Has Already Happened’ 

Rebecca Solnit, in a compelling essay for Literary Hub:

The current situation of the United States is obscene, insane, and incredible. If someone had pitched it for a thriller novel or film a few years ago, they would’ve been laughed out of whatever office their proposal made it to because fiction ought to be plausible. It isn’t plausible that a solipsistic buffoon and his retinue of petty crooks made it to the White House, but they did and there they are, wreaking more havoc than anyone would have imagined possible, from environmental laws to Iran nuclear deals. It is not plausible that the party in control of the federal government is for the most part a kleptomaniac criminal syndicate.

Washington Post: ‘Trump Administration Preparing to Hold Immigrant Children on Military Bases’ 

Nick Miroff and Paul Sonne, reporting for The Washington Post this week:

The Trump administration is making preparations to hold immigrant children on military bases, according to Defense Department communications, the latest sign the government is moving forward with plans to split up families who cross the border illegally.

According to an email notification sent to Pentagon staffers, the Department of Health and Human Services (HHS) will make site visits at four military installations in Texas and Arkansas during the next two weeks to evaluate their suitability to shelter children.

The bases would be used for minors under 18 who arrive at the border without an adult relative or after the government has separated them from their parents. HHS is the government agency responsible for providing minors with foster care until another adult relative can assume custody.

Let’s not mince words. What they’re describing here are called concentration camps. For children, forcibly separated from their parents.

Samsung Compares Galaxy S9 to Very Slow iPhone 6 in New Ad 

Two thoughts on this Samsung ad trying to get iPhone 6 users to upgrade to a Galaxy S9:

  • I’m glad they’re making fun of the notch rather than copying it, like every other Android maker. Samsung should go all-in on anti-notch-ism. It’ll make them stand out not just compared to the iPhone, but to their Android competitors. I don’t think this weird haircut is the way to do it, though.

  • I’m curious about the legality of using the Apple logo on the shirts worn by the employees inside the fake Apple Store. I’m not sure I’ve seen that before. There’s a long history of second bananas mocking their market-leading competitor, by name, in ads. Pepsi mocking Coke, Burger King mocking McDonald’s. But can you imagine a Burger King commercial where someone goes into a McDonald’s, including employees wearing McDonald’s-logo’d uniforms, and gets a bad hamburger? Wendy’s iconic “Where’s the Beef?” spot took place in a generic competitor, not a McDonald’s (although the narrator mentions Big Mac and Whopper at the end).

    Rather than show and mention an actual iPhone 6 and Apple Store, if I were Samsung (and were going to demean myself by doing an ad like this) I would have created a thinly veiled caricature — say, from a brand called Pineapple or Banana — and then exaggerated every aspect of the experience for comic effect. Go for actual humor, “Where’s the Beef”-style.

    Update: Reader Jay Torres points to the most obvious point of reference for Samsung to follow: Apple’s own “Get a Mac” campaign from a decade ago. The success of that entire campaign hinged upon the fact that the ads were actually funny, and that John Hodgman’s PC character was actually likable.

Federal Judge Accused ICE of Making Up Evidence to Prove That Dreamer Was ‘Gang-Affiliated’ 

This is really an extraordinary report for Slate by Mark Joseph Stern:

On Tuesday, U.S. District Judge Ricardo S. Martinez shot down the federal government’s efforts to strip Daniel Ramirez Medina of his DACA status. Immigrations and Customs Enforcement had arrested and detained Ramirez last year, then falsely claimed that he was affiliated with a gang and attempted to deport him. He filed suit, alleging that ICE had violated his due process rights. Martinez agreed. His order barred the federal government from voiding Ramirez’s DACA status, safeguarding his ability to live and work in the United States legally for the foreseeable future. What may be most remarkable about Martinez’s decision, though, is its blunt repudiation of ICE’s main claim — that Ramirez is “gang-affiliated.” The judge did not simply rule against ICE. He accused the agency of lying to a court of law.

The facts of Ramirez’s case are extremely disturbing. In February 2017, shortly after President Donald Trump unleashed immigration agents to amp up arrests and deportations, ICE agents went to Ramirez’s father’s house in Seattle to arrest him. (The father is undocumented, and brought Ramirez to the U.S. illegally as a child.) While there, they encountered Ramirez and asked him whether he was “legally here.” He responded that he was — a truthful statement given his DACA status, which he had renewed the previous May. Yet ICE officers detained him anyway. They took him to a processing center, where, once again, he told them that he had a work permit.

“It doesn’t matter,” an agent responded, “because you weren’t born in this country.”

What’s unusual about Ramirez’s case isn’t that he was falsely accused of being a gang member. That seems to be a common tactic from ICE agents seeking to strip DACA recipients of their legal status so they can be deported. What’s unusual about Ramirez’s case is that he had the means to acquire good legal representation so he could fight back. I’ll repeat: ICE, under Trump, has turned into a terrorist organization. Keep in mind that thanks to the Republican-controlled Supreme Court, these ICE agents will likely face no legal repercussions for blatantly lying like this.

Keep this in mind regarding Trump and his supporters’ argument that he wasn’t referring to Latino immigrants, in general, as “animals”, but rather only to gang members. It’s just a linguistic charade to salve over the blatant racism. They’re not going after Latinos, they say, only gang members. But as this Ramirez case shows, they just declare anyone they want to deport to be a gang member, whether there’s any truth to it or not, and most people have no means to fight back.

‘No, of Course No.’ 

Jack Morse at Mashable, following up on DF reader Jay P’s deduction of the actual restaurant where Google claims two of its employees enjoyed a meal booked via Google Duplex:

And sure, this could be some kind of coincidence. There could be two noodle places, both within a short drive of the Googleplex, that both have booths, salmon colored walls, and that same painting and frame.

That’s why I called Hongs Gourmet.

When I did, a woman answered the phone. After explaining I was a reporter with Mashable and that I was curious about Google employees eating there after using an AI to make a reservation, she told me she’d put me on the phone with Victor.

Victor got on the phone, and I explained the Google blog post and photo and asked him if the AI had made the reservation there. He replied in the affirmative.

I also asked him if Google had let him know about the planned Duplex test in advance, and he replied, “no, of course no.”

When I asked him to confirm one more time that Duplex had called Hongs Gourmet, he appeared to get nervous and immediately said he needed to go. He then hung up the phone.

Regarding Google, this raises some questions. How many real-world businesses has Google Duplex been calling and not identifying itself as an AI, leaving people to think they’re actually speaking to another human? I’m not entirely sure that’s ethically wrong, but I lean toward yes, it is wrong, especially while the product is at an experimental stage. I’m not alone. And if “Victor” is correct that Hong’s Gourmet had no advance knowledge of the call, Google may have violated California law by recording the call.

Regarding Jack Morse and Mashable, what an embarrassing pile of taking credit where credit is not due and not even understanding what exactly it’s even about this whole article is.1

  1. Mashable’s headline reads, “We Think We Got to the Bottom of the Google Duplex Mystery”, and the first 16 paragraphs make it sound as though Morse — and presumably, some of his Mashable colleagues, given the “we” in the headline — identified Hong’s Gourmet as the unnamed restaurant in the photo Google published. Only in the 17th paragraph does Morse get around to admitting he picked the whole thing up from the thread I started on Twitter. He wasn’t even involved in the Twitter thread. (He identifies me only as “longtime Apple fan John Gruber”. I’ll call my accountant tomorrow and amend my tax return with that job title.)

    And he was in such a rush to publish his “scoop” that he got significant parts of it totally wrong:

    Still, questions remained. Axios rightly wondered if Google was holding anything back. Specifically, the publication wanted to know if the entire thing was partially staged — as in the restaurant knew about the call ahead of time.

    We called what we’re pretty sure is the restaurant in question and got an answer.

    That would be Hongs Gourmet in Saratoga, California, located an approximately 20 minute drive south from the Google campus (according to Google Maps).

    Putting aside crediting Axios’s Dan Primack as the first to question the validity of Google’s recorded Duplex demos, Hong’s Gourmet (they seemingly spell it both with and without the apostrophe) has nothing to do with any recording Google played on stage at I/O. Google played two recordings of purported actual Duplex calls at I/O: a woman’s appointment for a haircut, and an attempted restaurant reservation that resulted in no reservation at all because the woman at the restaurant said they wouldn’t need one for the specified day and time — they could just walk in.

    Hong’s Gourmet is only of interest because of the caption of the photo at the bottom of the Google AI Blog announcement of Duplex: “Yaniv Leviathan, Google Duplex lead, and Matan Kalman, engineering manager on the project, enjoying a meal booked through a call from Duplex.” Google has a recording of the phone call Duplex purportedly made to book this meal, and it was not played on stage at I/O, nor did Axios reporter Dan Primack mention it.

    Regarding what clinched the deal that Hong’s was indeed the restaurant, Morse writes:

    And sure, this could be some kind of coincidence. There could be two noodle places, both within a short drive of the Googleplex, that both have booths, salmon colored walls, and that same painting and frame.

    That would be more than some kind of coincidence. It would be one hell of a coincidence. But Morse didn’t even mention the genuinely clinching evidence: Jay P’s discovery that a neighboring restaurant’s sign was legibly reflected in the glass of the picture frame over their heads.

    I have no problem with Morse (or anyone else) putting a story out regarding the Twitter thread I started. The whole point of doing it on Twitter is that it’s in public. And Morse did take it further, by calling Hong’s and getting that “No, of course no” quote from an employee on the record. But don’t try to take credit for others’ work and think you’re going to get away with it. It’s a bad look. ↩︎

The Restaurant Where Google Claims to Have Booked an Actual Meal Via Duplex

At the bottom of Google’s AI Blog announcement of Duplex (“An AI System for Accomplishing Real World Tasks Over the Phone”), they included a photo of two Duplex engineers eat a meal, with the following caption:

Yaniv Leviathan, Google Duplex lead, and Matan Kalman, engineering manager on the project, enjoying a meal booked through a call from Duplex.

As suspicions around this announcement deepen, I got to wondering if we could identify this restaurant. If we could identify the restaurant, we could ask them if they had been told in advance they would be speaking to Google Duplex, among other interesting questions.

The image is cropped somewhat tightly, but they’re clearly eating Chinese food, the bench style and wall color are distinctive, and there’s a large picture hanging over their heads. So, I did the laziest thing I could possibly do: I asked my Twitter followers if any of them recognized it.

22 minutes later, we had the answer from DF reader Jay P: Hong’s Gourmet, in Saratoga, CA. This image on Yelp shows the same bench, same wall, and same picture on the wall. Next door to Hong’s Gourmet is Masu Sushi, whose sign is legibly reflected in the glass of the picture behind the Google engineers.1

My thanks to Jay P and everyone else who contributed to the thread on Twitter. Jay deserves the credit for cracking this, by going backwards from the Masu Sushi sign in the reflection.2 All I did was ask. The fact that I had an answer to my question in just 22 minutes shows that having a large follower count on Twitter is a bit of a super power. I honestly can’t think of another way to answer this question without Google PR’s help. I suppose, without Twitter, I could have just posted the question on Daring Fireball, and I might have gotten the same answer. But the threaded, public, instant nature of Twitter allowed for multiple people to contribute — we went from “this might be the place” to “this is definitely the place” in just a handful of minutes. Remarkable, really. 

  1. One weird detail is that the image from Google of the engineers has been flipped horizontally, so the reflection of the neighboring restaurant’s sign isn’t mirrored. My only guess as to why Google flipped this image is that they wanted Leviathan, the project lead, to have his name listed first in the caption. ↩︎

  2. Solving this not from the decor of the restaurant but instead from the tiny reflection of the neighboring restaurant’s sign brings to mind one word: “Enhance.” ↩︎︎

Republican Lawmaker Says Rocks Falling Into Ocean to Blame for Rising Sea Levels 

Avery Anapol, reporting for The Hill:

A Republican lawmaker on the House Science, Space and Technology Committee said Thursday that rocks from the White Cliffs of Dover and the California coastline, as well as silt from rivers tumbling into the ocean, are contributing to high sea levels globally.

Rep. Mo Brooks (R-Ala.) made the comment during a hearing on technology and the changing climate, which largely turned into a Q&A on the basics of climate research.

I think some of those rocks fell out of his head. Remember, this isn’t just a congressman, he’s on the House Science, Space, and Technology Committee.

Update: Here’s some back-of-the-envelope math courtesy of Craig Hockenberry, to illustrate just how embarrassingly stupid this notion is: to account for half of the ocean level rise from 1993 to 2014, you’d need to dig a trench one mile wide and one mile deep (the depth of the Grand Canyon) all the way from Los Angeles to New York and dump it all in the ocean. And that only gets you halfway. Read Craig’s thread and he’ll show you the math.

Axios Looks Into Google’s Duplex Demo 

Dan Primack, reporting for Axios:

When you call a business, the person picking up the phone almost always identifies the business itself (and sometimes gives their own name as well). But that didn’t happen when the Google assistant called these “real” businesses:

When the hair salon picks up, a woman says: “Hello, how can I help you?”

When the restaurant picks up, a woman says: “Hi, may I help you?”

Axios called over two dozen hair salons and restaurants — including some in Google’s hometown of Mountain View — and every one immediately gave the business name.

The way the people answered the phone in these recordings was one of the first things that made me suspicious that these examples were either significantly edited or outright fakes. Plus, the salon only asks for a name (and only a first name at that). No phone number, no checking if the client has a request for a certain stylist.

For those defending Google along the lines that it’s acceptable for on-stage demos to be simulated, the problem is that Sundar Pichai said, “What you’re going to hear is the Google Assistant actually calling a real salon to schedule an appointment for you. Let’s listen.”

Axios asked Google for the name of the hair salon or restaurant, in order to verify both that the businesses exist and that the calls were not pre-planned. We also said that we’d guarantee, in writing, not to publicly identify either establishment (so as to prevent them from receiving unwanted attention).

A longtime Google spokeswoman declined to provide either name.

We also asked if either call was edited, even perhaps just cutting the second or two when the business identifies itself. And, if so, were there other edits? The spokeswoman declined comment, but said she’d check and get back to us. She didn’t.

Kudos to Primack for pressing Google on this.

Espresso Creator Jan Van Boghout Moves to Framer 

Longstanding Mac editor Espresso (mentioned here at DF numerous times over the years) is changing hands to the newly-founded Warewolf, and Espresso creator Jan Van Boghout is closing shop at MacRabbit to join the team at Framer. There are a lot of very talented people who’ve built many great apps over the years involved in this story. Congratulations and good wishes to all.

The End of Third-Party Twitter Clients?

“Apps of a Feather” — a joint statement from the developers of several top third-party Twitter clients:

After August 16th, 2018, “streaming services” at Twitter will be removed. This means two things for third-party apps:

  1. Push notifications will no longer arrive
  2. Timelines won’t refresh automatically

If you use an app like Talon, Tweetbot, Tweetings, or Twitterrific, there is no way for its developer to fix these issues.

We are incredibly eager to update our apps. However, despite many requests for clarification and guidance, Twitter has not provided a way for us to recreate the lost functionality. We’ve been waiting for more than a year and have had one reprieve.

This antipathy to third-party clients is especially confounding considering that Twitter recently dropped support for their own native Mac client. As far as I’m aware, once this comes to pass next month, there will be no way to receive notifications of Twitter DMs on a Mac. None. (Twitter’s website doesn’t even support Safari’s desktop notification feature.) That’s just wacky.

Twitter management obviously wants to steer people to their first-party mobile app and desktop website. I get that. But they already have that: the overwhelming number of Twitter users use exactly those products to access the service. What Twitter management seems to be missing is that many of its most influential users — including yours truly, yes — have been on the platform a long time and have a high tendency to be among those who not just use, but depend upon third-party clients.

To me this is like finding out you’re now required to access email entirely through a web browser. Sure, lots of people already do it that way and either prefer it or think it’s eh, just fine, who cares — but a lot of others hate it and find it completely disruptive to longstanding workflows.

Twitter isn’t explicitly saying that they’re shutting down third-party clients, but I don’t know that it’s feasible for them to exist if they don’t have access to these APIs. It’s like breaking up with someone by being a jerk to them rather than telling them you’re breaking up.

I urge Twitter to reconsider this decision. Third-party clients account for a relatively small part of the Twitter ecosystem, but it’s an important one. Twitter may not care about a native Mac client, but the users of these apps, and the developers who make them, certainly do. 

Simpsons Editor Taylor Allen Teaches Us How an Episode Comes Together 

I had no idea staffers at The Simpsons were such sharp dressers.


From developer Jeff Johnson:

StopTheMadness is a Safari extension for Mac that stops web sites from making Safari harder to use. Some web sites disable Mac user interface features in Safari that you normally expect to work. For example:

  • password autocomplete
  • ⌘-click to open a link in a new tab
  • ⌘-key keyboard shortcuts
  • selecting, copying, cutting, and pasting of text
  • drag and drop
  • opening contextual menus

StopTheMadness ensures that those features continue to work in Safari. With StopTheMadness enabled, the annoying web sites that deliberately make your life harder suddenly become easy to use again!

This extension works great and fixes so many little things that annoy me about websites. I just ran into a site today that somehow ate my keyboard shortcut for switching between tabs. I realized I hadn’t yet installed StopTheMadness on this Mac (I’ve been running it on my MacBook Pro for a few weeks). I installed it, restarted Safari, and boom — that website no longer eats my keyboard shortcut. This is also a great way to work around those banking sites that try to keep you from autocompleting passwords.

$5 and worth every penny.

Microsoft Previews Surface Hub 2 

Very impressive-looking successor to the current Surface Hub. I particularly like the way you can tile up to 4 of them next to each other. No pricing details yet, and it’s not shipping until sometime next year.

Facebook Closed 583 Million Fake Accounts in First Three Months of 2018 

Alex Hern and Olivia Solon, reporting for The Guardian:

In its first quarterly Community Standards Enforcement Report, Facebook said the overwhelming majority of moderation action was against spam posts and fake accounts: it took action on 837m pieces of spam, and shut down a further 583m fake accounts on the site in the three months. But Facebook also moderated 2.5m pieces of hate speech, 1.9m pieces of terrorist propaganda, 3.4m pieces of graphic violence and 21m pieces of content featuring adult nudity and sexual activity.

583 million fake accounts is a rather staggering figure. For context, Twitter’s entire active user base — which surely includes untold millions of fake accounts — is just 330 million. The population of the United States is around 325 million.

Google Lowers Prices on Storage 

Shannon Liao, writing for The Verge:

Google One will get a new $2.99 a month option that gets you 200GB of storage. The 2TB plan, which usually costs $19.99 per month, will now cost $9.99 a month. Finally, the 1TB plan that costs $9.99 a month is getting removed. The other plans for 10, 20, or 30TB won’t see any changes.

Google will also make the plan shareable within a family of up to five members, and give users access to live chat support even if you’re on the cheapest plan of $1.99 a month for 100GB. It’s the first time live support is coming to Google for users who may not have a G Suite business account.

If you want to use Google One without paying at all, the company will still offer Drive’s basic 15GB of free space option.

Apple’s monthly prices for iCloud storage (which has had family sharing since iOS 11):

  • Free: 5 GB
  • $1: 50 GB
  • $3: 200 GB
  • $10: 2 TB

So Google is now ahead on the free and $1/month tiers — but not by much — and is only matching Apple at the other tiers. I would think Google would want to kick Apple’s ass here.