By John Gruber
Instabug: Application Performance Monitoring Built for Mobile Apps
In my piece yesterday about email tracking images (“spy pixels” or “spy trackers”), I complained about the fact that Apple — a company that rightfully prides itself for its numerous features protecting user privacy — offers no built-in defenses for email tracking.
A slew of readers wrote to argue that Apple Mail does offer such a feature: the option not to load any remote resources at all. It’s a setting for Mail on both Mac and iOS, and I know about it — I’ve had it enabled for years. But this is a throwing-the-baby-out-with-bath-water approach. What Hey offers — by default — is the ability to load regular images automatically, so your messages look “right”, but block all known images from tracking sources (which are generally 1×1 px invisible GIFs).
Typical users are never going to enable Mail’s option not to load remote content. It renders nearly all marketing messages and newsletters as weird-looking at best, unreadable at worst. And when you get a message whose images you do want to see, when you tell Mail to load them, it loads all of them — including trackers. Apple Mail has no knowledge of spy trackers at all, just an all-or-nothing ability to turn off all remote images and load them manually.
Mail’s “Load remote content in messages” option is a great solution to bandwidth problems — remember to turn it on the next time you’re using Wi-Fi on an airplane, for example. It’s a terrible solution to tracking. No one would call it a good solution to tracking if Safari’s only defense were an option not to load any images at all until you manually click a button in each tab to load them all. But that’s exactly what Apple offers with Mail. (Safari doesn’t block tracking images, but Safari does support content blocking extensions that do — one solution for Mail would be to enable the same content blocker extensions in Mail that are enabled in Safari.)
How does Hey know which images are trackers and which are “regular” images? They can’t know with absolute certainty. But they’ve worked hard on this feature, and have an entire web page promoting it. From that page:
HEY manages this protection through several layers of defenses. First, we’ve identified all the major spy-pixel patterns, so we can strip those out directly. When we find one of those pesky pixels, we’ll tell you exactly who put it in there, and from what email application it came. Second, we bulk strip everything that even smells like a spy pixel. That includes 1x1 images, trackers hidden in code, and everything else we can do to protect you. Between those two practices, we’re confident we’ll catch 98% of all the tracking that’s happening out there.
But even if a spy pixel sneaks through our defenses (and we vow to keep them updated all the time!), you’ll have an effective last line of defense: HEY routes all images through our own servers first, so your IP address never leaks. This prevents anyone from discovering your physical location just by opening an email. Like VPN, but for email.
Apple should do something similar: identify and block spy trackers in email by default, and route all other images through an anonymizing proxy service.1 And, like Hey, they should flag all emails containing known trackers with a shame badge. It’s a disgraceful practice that has grown to be accepted industry-wide as standard procedure, because the vast majority of users have no idea it’s even going on. Through reverse IP address geolocation, newsletter and marketing email services track not just that you opened their messages, but when you opened them, and where you were (to the extent that your IP address reveals your location).
Don’t get me started on how predictable this entire privacy disaster was, once we lost the war over whether email messages should be plain text only or could contain embedded HTML. Effectively all email clients are web browsers now, yet don’t have any of the privacy protection features actual browsers do. ↩︎︎
I don’t generally write about features in beta versions of iOS. In fact, I don’t generally install beta versions of iOS, at least on my main iPhone. But the new “Unlock With Apple Watch” feature, which kicks in when you’re wearing a face mask, was too tempting to resist.
First things first: to use this feature, you need to install iOS 14.5 on your iPhone and WatchOS 7.4 on your Apple Watch (both of which are, at this writing, on their second developer betas). So far, for me, these OS releases have been utterly reliable. Your mileage may vary, and running a beta OS on your daily-carry devices is always at your own risk. But I think the later we go in OS release cycles, the more stable the betas tend to be. Over the summer, between WWDC and the September (or October) new iPhone event, iOS releases can be buggy as hell. The x.1 releases are usually the stable ones, and the releases after that tend to be very stable in beta — Apple uses these releases to fix bugs and to add new features that are stable. If anything, I think iOS 14.5 is very stable technically, and only volatile politically, with the new opt-in requirement for targeted ad user tracking.
After using this feature for a few weeks now, I can’t see going back. As the designated errand runner in our quarantined family, it’s a game changer. Prior to iOS 14.5, using a Face ID iPhone while wearing a face mask sucked. Every single time you unlocked your phone, you needed to enter the passcode/passphrase. The longer your passcode, the more secure it is (of course), but the more annoying it is to enter incessantly.
“Unlock With Apple Watch” eliminates almost all of that annoyance. It’s that good. It’s optional (as it should be), and off by default (also as it should be, for reasons explained below). It’s easy to turn on in Settings on your iPhone: go to Face ID & Passcode, enter your passcode, and scroll down to the “Unlock With Apple Watch” section, where you’ll find toggles for each Apple Watch (running WatchOS 7.4 or later) paired with your iPhone.
Here is how the feature seems to work.
Does Face ID work normally? I.e. is the face in front of the phone you, the owner, and are you not wearing a mask? If so, unlock normally. Normal non-mask Face ID is unchanged when this feature is enabled.
If Face ID fails, is there a face wearing a mask in front of the phone? If so, is an authorized Apple Watch in a secure state (i.e. the watch itself is unlocked and on your wrist) and very close to the iPhone? If so, unlock, and send a notification to the watch stating that the watch was just used to unlock this iPhone. The notification sent to the watch includes a button to immediately lock the iPhone.
Because it’s a two-step process (step #1 first, then step #2), it does take a bit longer than Face ID without a mask (which is really just step #1). But it works more than fast enough to be a pleasant convenience experience. Regular Face ID is so fast you forget it’s even there; “Unlock With Apple Watch” is slow enough that you notice it’s there, but fast enough that it isn’t a bother.
It’s important to note that in step #2, it works with any face wearing a mask. It’s not trying to do a half-face check that your eyes and forehead look like you, or anything like that. My iPhone will unlock if my wife or son is the face in front of my iPhone — but only if they’re wearing a mask, and only if my Apple Watch is very close to the phone. I’d say less than 1 meter — pretty much about what you would think the maximum distance would be between a watch on one wrist and an iPhone in the other hand.
When this feature kicks in, you always get a wrist notification telling you it happened, with just one button: “Lock iPhone”. If you tap this button, the iPhone is immediately hard-locked and requires your passcode to be re-entered even if you take your mask off. (It’s the same hard-locked mode you can put your iPhone into manually by pressing and holding the power button and one of the volume buttons — a good tip to remember when going through a security checkpoint or any other potential encounter with law enforcement.)
I’m not sure if anyone will be annoyed by this mandatory wrist notification, but they shouldn’t be, and it shouldn’t be optional. You want this notification every time to prevent anyone from surreptitiously unlocking your iPhone near you, just by putting a face mask on.
Also, if your Apple Watch is in Sleep mode (the bed icon in WatchOS’s Control Center), the feature does not work.
It’s occasionally slow. And two or three times, I got a message on my iPhone that my watch was too far away for the feature to work, even though I raised my watch-wearing wrist next to the phone. These hiccups were rare, and to my recollection, I only ran into them with iOS 14.5 beta 1, not beta 2.
Even in the worst case scenario, where the feature doesn’t work, you’re no worse off than you were before the feature existed: you simply have to manually enter your phone’s passcode.
Last but not least, the “Unlock With Apple Watch” feature very specifically seems to be looking for a face wearing a face mask. The feature does not kick in if Face ID fails for any other reason — like, say, if you’re wearing sunglasses with lenses that Face ID can’t see through. (I wish they’d make this work with sunglasses, too.)
Throwing Shade: There seems to be some confusion over what I’m asking for w/r/t sunglasses. Face ID has always supported an option to turn off “Require Attention for Face ID”. When off, Face ID will work even if it doesn’t detect your eyes looking at the screen. (It’s an essential accessibility feature for people with certain vision problems.) If you own sunglasses that the iPhone’s TrueDepth camera system can’t “see” through, you can disable “Require Attention for Face ID” to allow Face ID to work while you’re wearing your shades.
This is far from ideal though, because it weakens Face ID all the time, not just when you’re wearing sunglasses. What’s nice about the new “Unlock With Apple Watch” feature is that it only applies when you’re wearing a mask and your Apple Watch. What I’m saying I’d like to see Apple support is an extension of “Unlock With Apple Watch” that would do the same thing for sunglasses that it currently does for face masks. I’ve heard from readers who have trouble with Face ID when wearing their motorcycle helmets, too, and I’m sure there are other examples. Basically, I’d like to see Apple add the option of trusting your Apple Watch to unlock your iPhone in more scenarios where your face can’t be recognized. My request is very different from, and more secure than, the existing “Require Attention” feature.
(Speaking of which, while wearing a mask, “Unlock With Apple Watch” does not check for whether your eyes are looking at the display, regardless of your setting for “Require Attention for Face ID”. Again, this makes sense, because it’s not Face ID — “Unlock With Apple Watch” is an alternative authentication method that kicks in after Face ID has failed.)
Apple Pay: I didn’t mention the fact that “Unlock With Apple Watch” does not work with Apple Pay. This makes sense, because however secure “Unlock With Apple Watch” is (and I think it’s quite secure), it’s not as secure as Face ID authenticating your actual face. For payments, you obviously want the highest level of secure authentication.
Also, for Apple Pay, if you’re wearing your Apple Watch (a requirement for “Unlock With Apple Watch”), you can just use your Apple Watch for Apple Pay.
It also doesn’t work with apps that use Face ID for authentication within them. Banking apps, for example, or unlocking locked notes in Apple Notes. But this makes sense too — the feature is specifically called “Unlock With Apple Watch”. It unlocks your phone, that’s it. Anything else that requires Face ID for secure authentication still requires Face ID. ★
Germany’s Volkswagen is not concerned by any Apple plans for a passenger vehicle that could include the iPhone maker’s battery technology, its chief executive Herbert Diess said. […]
“The car industry is not a typical tech-sector that you could take over at a single stroke,” Diess was quoted as saying an interview with Frankfurter Allgemeine Sonntagszeitung. “Apple will not manage that overnight,” he added.
While Apple’s plans are not public, Diess said its intentions as such were “logical” because the company had expertise in batteries, software and design, and that it had deep pockets to build on these competencies.
“Still, we are not afraid,” he said.
I’d like to think that no one has made more hay over Ed Colligan’s infamous “PC guys are not going to just figure this out. They’re not going to just walk in” quote — just a few weeks before the unveiling of the iPhone — than yours truly. So I feel like I’m in a position to declare that these remarks by Herbert Diess are not an Ed Colligan moment. Ed Colligan, as the CEO of Palm, should have known that in 2006, the future of phones was gadget-like computers, not the computer-like gadgets the industry (including Palm) had been making until then. The iPod proved that Apple was the best designer and maker of gadget-like computers in the world. (They’ve only increased their lead in the intervening years.) Colligan should have been fearful of an Apple phone — any Apple phone, even an iPod phone, let alone the pocket-sized Unix computer with a gorgeous touchscreen interface they actually managed to make.
Apple hasn’t shown anything that suggests they’ll be good at designing and producing cars. The dashboard interface? Sure. But the car part of the car? Nothing Apple has ever done is like that. I’m not betting against them, but I don’t think Diess’s remarks are the least bit clueless.
I mean, what do you want him to say? That Volkswagen executives are soiling their lederhosen at the thought that Apple might enter the car market? That they’ll just pack up their bags and call it quits if Apple does?
I would have suggested adding something along the lines of “I welcome Apple as a competitor, and I’m sure they’ll bring some interesting new ideas to the market.” Like coaches of sports teams, who inevitably talk their next opponent up, not down. “They’re a tough team with some really talented players”, says every coach playing the hapless New York Jets the next week.
The part of Diess’s remarks that jumps out at me isn’t the “We are not afraid” bit, but the “take over at a single stroke” bit. No market gets taken over overnight. The iPod spent its first two years as a Mac-only peripheral with a FireWire port. The iPhone took three years just to overtake the iPod in sales. In 2011, four years after launching, Business Insider’s Henry Blodget declared the iPhone “dead in the water”. Even as late as 2013, the consensus on Wall Street was that Samsung was going to eat Apple’s lunch in the phone market. (That was the year of Phil Schiller’s “Can’t innovate any more, my ass” remark at WWDC.)
Then there’s Apple Watch. Circa 2017, there were plenty of articles like this one by Mike Murphy at Quartz: “Two Years After Its Launch, the Apple Watch Hasn’t Made a Difference at Apple”.
Even if Apple indeed enters the car market, and its cars prove to be so stunningly innovative and popular as to do to the car market what they did to the phone market — a hypothetical best-case scenario — it will take many years. Probably more years than the phone, because people hold onto their cars longer than they do their cell phones. That’s the best case scenario. There are a lot of less-than-best-but-still-good scenarios for a hypothetical Apple car where it takes even longer to declare it a success. Or where Apple winds up with a hugely successful business, but never redefines the industry.
There is no such thing as a “typical tech-sector that you could take over at a single stroke”. That Diess seems to think that’s how any of the markets where Apple currently competes work — that’s the thing that would worry me if I were at Volkswagen.
Postscript: This tweet from Robert Cassidy sums it up perfectly:
Apple doesn’t do overnight. They walk into your market, and a few years in you realize they’ve quietly redefined your market and now you’re years behind.