Wednesday, 10 January 2018
From the announcement of a new version of Confide, a “confidential messenger” app:
ScreenShield is a patent-pending technology that allows you to
view an app’s content on your screen but prevents you from taking
a screenshot of it. If you try to take a screenshot on Confide,
you will now simply capture a blank screen¹. ScreenShield also
protects against other forms of screen capture, including iOS 11
screen recording, AirPlay screen mirroring, QuickTime screen
recording as well as taking screenshots from the app switcher or
by using Xcode.
We initially developed ScreenShield for Confide, but quickly
realized that it could be used in a large number of apps — far
more than we could build ourselves. That’s why we created
ScreenShieldKit — to offer the ScreenShield technology to
3rd-party developers for use in a variety of different apps and
While there’s a lot of technology under the hood that makes
ScreenShield possible, the great news is that there are no strange
gimmicks for users (e.g., it doesn’t require them to hold their
finger on the screen) — it just works as expected. And
ScreenShieldKit is simple for developers to integrate into their
iOS apps, providing easy to use replacements for UITextView and
It’s an interesting puzzle trying to figure out how they’re doing this. Detecting that a screenshot has been taken is easy — iOS has an API that apps can use to get notified when the screen is recorded in any way. But ScreenShield is detecting it before the screenshot gets taken, so they can blank out the content in their text and image views.
I’d never heard of Confide before, but I downloaded it and kicked the tires, and the screenshot prevention works as advertised. Confide also sends a notification to whomever you’re messaging with to warn them that you tried to take a screenshot, a la Snapchat, and they immediately delete the message you tried to capture (I presume so that you can’t try to capture it another way, like, say, by taking a photo of the screen — see below).
My best guess as to how they’re doing this is that they’re using AVPlayer and somehow using FairPlay Streaming to block screenshots and recording. (Where by “my” best guess I mean the best guess of a smart friend who poked around the Confide app bundle.) Have you ever noticed how you can’t take screenshots of streaming video content in apps like Netflix and HBO Go/Now? That’s a feature in iOS (and MacOS — try taking a screenshot of Netflix video playing in Safari) for skittish video providers who don’t want us to capture even a still frame of their precious content. I think ScreenShieldKit is somehow using this to prevent screenshots or video captures of text or images.
If anyone out there has a better or more informed guess, please let me know.
If I’m reading their application correctly, Confide has also filed for a patent for a way to identify when you’re using another device to take a photo of your screen. ★
Pop-Up Mobile Ads Surge as Sites Scramble to Stop Them ★
Lily Hay Newman, reporting for Wired:
These redirects can show up seemingly out of the blue when you’re
in a mobile browser like Chrome, or even when you’re using a
service like Facebook or Twitter and navigating to a page through
one of their in-app browsers. Suddenly you go from loading a news
article to wriggling away from an intrusive ad. What enables these
ad redirects to haunt virtually any browser or app at any time,
rather than just the sketchy backwaters in which they used to
roam? Third-party ad servers that either don’t vet ad submissions
or get duped by innocent-looking ads that hide their sketchy code. […]
An ad hijacking your browser like that isn’t technically a hack,
in the sense that it doesn’t exploit a software vulnerability.
Instead, it relies on the attacker’s ability to submit and run ads
critical threat to web users yet, redirecting mobile ads could
create a jumping off point for attackers. And since you encounter
the redirects while browsing on even prominent, legitimate sites,
there’s nowhere to hide. Sometimes the ads are even designed to
block your “Back” button, or keep redirecting when you try to
close them, making it difficult to escape without having to
restart the browser.
“I do think it’s new that the ads are so pervasive and are on
first-tier publishers,” says Anil Dash, CEO of the software
engineering firm Fog Creek. “These things used to be relegated to
garbage sites, now it’s happening on the New York Times.”
Google Announces Plan to Improve URLs for AMP Pages, But Even If It Happens, Which Remains Uncertain, AMP Will Still Suck ★
Malte Ubl, tech lead for the AMP Project at Google
Based on this web standard AMP navigations from Google Search can
take advantage of privacy-preserving preloading and the
performance of Google’s servers, while URLs remain as the
publisher intended and the primary security context of the web,
the origin, remains intact. We have built a prototype based on
the Chrome Browser and an experimental version of Google Search
to make sure it actually does deliver on both the desired UX and
performance in real use cases. This step gives us confidence that
we have a promising solution to this hard problem and that it
will soon become the way that users will encounter AMP content on
The next steps are moving towards fully implementing the new web
standard in web browsers and in the Google AMP Cache. Our goal is
that Web Packaging becomes available in as many browsers as
possible (after all Web Packaging has exciting use cases beyond
just AMP such as offline pages, ES6 module loading, and resource
bundling). In particular, we intend to extend existing work on
WebKit to include the implementation of Web Packaging and the
Google Chrome team’s implementation is getting started.
We’re super excited about getting this work under way and we
expect the changes to first reach users in the second half of
2018. Thanks for all of your feedback on the matter and we will
keep you all updated on the progress right here in this blog!
A bunch of readers have forwarded this story to me, based on my previous criticism of AMP. This announcement isn’t bad news, and might be good news, but at this point it’s all conjecture, particularly for browsers other than Chrome. Even if it all works out, it only solves one problem: URLs. It doesn’t solve the deeper problem of content being hosted on Google’s servers, rather than publishers’ own servers. In addition to ceding independence, think about what this means for search engines other than Google. One of AMP’s foundational tenets is that Google Search is the one and only search engine.
And at a technical level AMP still sucks:
I’m on the
as being strongly opposed to AMP simply on the grounds of
publication independence. I’d stand by that even if the
implementation were great. But the implementation is not great —
it’s terrible. Yes, AMP pages load fast, but you don’t need AMP
for fast-loading web pages. If you are a publisher and your web
pages don’t load fast, the sane solution is to fix your fucking
website so that pages load
fast, not to throw your
hands up in the air and implement AMP.
But other than loading fast, AMP sucks. It implements its own
scrolling behavior on iOS, which feels unnatural, and even worse,
it breaks the decade-old system-wide iOS behavior of being able to
tap the status bar to scroll to the top of any scrollable view.
AMP also completely breaks Safari’s ability to search for text on
a page (via the “Find on Page” action in the sharing sheet).
Google has no respect for the platform. If I had my way, Mobile
Safari would refuse to render AMP pages. It’s a deliberate effort
by Google to break the open web.
Seven months later and still none of these things work properly for AMP pages displayed on Mobile Safari. And I forgot to mention back in May that Mobile Safari doesn’t automatically show/hide its browser chrome as you scroll, like it does for any normal web page. AMP pages are also incompatible with Safari Reader mode, making them harder to read for some people, and impossible to read for others.
Sharing canonical URLs rather than google.com/amp URLs is just one of many problems with AMP, and the “fix” proposed here requires updated versions of every web browser in the world to work.
North Carolina Congressional Map Ruled Unconstitutionally Gerrymandered ★
Alan Blinder, reporting for The New York Times:
A panel of federal judges struck down North Carolina’s
congressional map on Tuesday, declaring it unconstitutionally
gerrymandered and demanding that the Republican-controlled General
Assembly redraw district lines before this year’s midterm
The ruling was the first time that a federal court had blocked a
congressional map because the judges believed it to be a partisan
gerrymander, and it deepened the political chaos that has
enveloped North Carolina in recent years.
More good news on the voting front.
New Bill Aims to Eliminate Paperless Voting Machines ★
Timothy B. Lee, writing for Ars Technica:
“With the 2018 elections just around the corner, Russia will be
back to interfere again,” said co-sponsor Sen. Kamala Harris
So a group of senators led by James Lankford (R-Okla.) wants to
shore up the security of American voting systems ahead of the 2018
and 2020 elections. And the senators have focused on two major
changes that have broad support from voting security experts.
The first objective is to get rid of paperless electronic voting
machines. Computer scientists have been warning for more than a
decade that these machines are vulnerable to hacking and can’t be
meaningfully audited. States have begun moving away from paperless
systems, but budget constraints have forced some to continue
relying on insecure paperless equipment. The Secure Elections Act
would give states grants specifically earmarked for replacing
these systems with more secure systems that use voter-verified
I don’t know of a single voting or computer security expert who is in favor of paperless voting machines. The sooner we get rid of them, the better.
Update: Electronic voting machines in the U.S. are far less regulated and easier to rig than slot machines in Las Vegas.
Regarding This Open Letter From Two Investor Groups to Apple Regarding Kids’ Use of Devices ★
David Gelles, reporting for The New York Times:
Now, two of the biggest investors on Wall Street have asked
Apple to study the health effects of its products and to make it
easier for parents to limit their children’s use of iPhones and
Jana, an activist hedge fund, wrote its letter with Calstrs, the
California State Teachers’ Retirement System, which manages the
pensions of California’s public-school teachers. When such
investors pressure companies to change their behavior, it is
typically with the goal of lifting a sagging stock price. In this
case, Jana and Calstrs said they were trying to raise awareness
about an issue they cared deeply about, adding that if Apple was
proactive about making changes, it could help the business.
This open letter is getting a lot of attention, but to me, the way to limit your kids’ access to devices is simply, well, to limit their access to devices. I’m sure iOS’s parental controls could be improved (and in a statement, Apple claims they have plans to do so), but more granular parental controls in iOS are no substitute for being a good, involved parent.
See also: the open letter from Jana and Calstrs.
AT&T Drops Huawei’s New Smartphone Amid Security Worries ★
Paul Mozur, reporting for The New York Times:
AT&T walked away from a deal to sell the Huawei smartphone, the
Mate 10, to customers in the United States just before the
partnership was set to be unveiled, said two people on Tuesday
familiar with the plans, who spoke on the condition of anonymity
because the discussions were not public. The Wall Street Journal
reported earlier that AT&T had changed plans.
The reasons that led to AT&T’s shift were not entirely clear. But
last month, a group of lawmakers wrote a letter to the Federal
Communications Commission expressing misgivings about a potential
deal between Huawei and an unnamed American telecommunications
company to sell its consumer products in the United States. It
cited longstanding concerns among some lawmakers about what they
said are Huawei’s ties to the Chinese government.
The letter, which was reviewed by The New York Times, said
Congress has “long been concerned about Chinese espionage in
general, and Huawei’s role in that espionage in particular.”
This sounds bad, but without any specific accusations regarding what Huawei might actually be doing to collaborate with the Chinese government — let alone actual evidence — I’m not sure what to make of this.
Ad Tracking Companies Complain About Safari’s Intelligent Tracking Prevention ★
Alex Hern, in a decidedly-pro-ad-industry report for The Guardian:
Internet advertising firms are losing hundreds of millions of
dollars following the introduction of a new privacy feature from
Apple that prevents users from being tracked around the web.
Advertising technology firm Criteo, one of the largest in the
industry, says that the Intelligent Tracking Prevention (ITP)
feature for Safari, which holds 15% of the global browser market,
is likely to cut its 2018 revenue by more than a fifth compared to
projections made before ITP was announced.
With annual revenue in 2016 topping $730m, the overall cost of the
privacy feature on just one company is likely to be in the
hundreds of millions of dollars.
If this is accurate, it goes to show the outsize influence Safari has. Criteo is claiming that a new feature in Safari, a browser with only 15 percent of global share, resulted in more than a 20 percent drop in their revenue. This, despite the fact that Intelligent Tracking Prevention — the feature in question — doesn’t block ads per se. It only prevents certain methods of privacy-invasive tracking. I fail to see how this is a bad thing.
Thursday, 28 December 2017
Occasionally I notice a burst of traffic to Daring Fireball from Hacker News. It’s always short-lived, because for reasons I’ve never seen explained, Daring Fireball articles always get blacklisted from Hacker News once they hit their front page. It’s apparent that a lot of HN readers do not like my work on the basis that they see me as a shameless Apple shill, but it’s a shame the articles get deleted because I like reading the comments. I feel like it keeps me on my toes to read the comments from people who don’t like Daring Fireball.
Even after being blacklisted from the Hacker News homepage, though, the comment threads still exist. I went through the Hacker News comments on my iPhone X review today, and a few comments about how Apple Pay works on the iPhone X caught my attention:
Apple made some interactions so unintuitive that even I was
confused. One example is purchasing an app. Pre-X, you’d tap the
“get” button and place your finger on the home button or enter
your password. With the X you have to tap the button, look at your
device, and then follow the most unintuitive animation to actually
press the physical side button.
I’ve had the X for a few days now. The animation to press the
physical button totally had me stumped the first few times!
Overall I’m a fan (such as great camera and great screen) but some
of the new interactions are taking some getting used to.
Yeah the explanation for the side button tap should be considered
a straight up bug — I had to google what to do.
These remarks caught my attention because a technically-savvy family member was confused by the same thing the first time they tried to buy an app on their new iPhone X. They showed me the phone with the “Double Click to Pay” animation1 and asked me, “What am I supposed to double click here? It doesn’t work.” What they had tried was double tapping on the “Double Click to Pay” label on screen. When I explained that the animation was pointing to the physical side button, the proverbial light bulb turned on.
This is an interesting design dilemma. The reason why Apple requires you to press the physical side button to confirm a purchase with Apple Pay or in the App Store is because pressing the side button can’t be faked by an app. If it was an on-screen button, a nefarious app could present a fake Apple Pay button. With any normal app, clicking the side button once will always lock the screen, and double-clicking will put you in Apple Pay mode. Only Apple’s own software can override the side button like this. Double clicking the side button to confirm a purchase effectively guarantees that it was a legitimate payment experience.
But: people naturally expect everything they do on an iPhone to be done on screen. The screen is the phone — and that’s even more true with the iPhone X. Even with an animation pointing to the side button on screen, it doesn’t occur to people that they need to do something off-screen to authorize the transaction. They think the affordance on the side of the screen is the button they’re supposed to double tap (and they don’t notice the verbal distinction between “click” and “tap”).
I’m not sure what the solution here is, but I think Apple needs to come up with a better indication — perhaps something more explicit, the first time you encounter it — that you need to click the hardware button, not tap something on screen.
Update: This problem is not new to Face ID. Touch ID has a similar problem. Here’s a note I got today from a friend:
FWIW, Touch ID has been out for four years, and I still see people
try to press the fingerprint icon that shows up in the middle of
the screen. Can’t count the number of times just in the past six
months. I don’t think the X’s initial double-click confusion is a
@jtregear @daringfireball Father in law repeatedly said his Touch
ID wasn’t working. He was putting his thumb to the finger print
icon on screen rather than the home button.
Iván Cavero Belaunde:
@daringfireball Not entirely a new problem. First time my mom was
asked for her fingerprint for iTunes purchases with TouchID, the
thought she had to put her finger on the fingerprint on-screen
image, not on the home button.
Update 2: Some more commentary.
Yes! On-screen language just needs to be rewritten with an arrow
pointing right. I suggest: “Press the damn side button twice. It’s
on the damn right edge of the phone.”
John R. Kirk:
Mock me if you will, but I went weeks without understanding how to
confirm payments on the iPhone X. I kept double-tapping the
screen. I had to google and read an article before I was able to
figure it out.
Apple got this UI wrong. Very wrong.
This was my main crit of @gruber’s otherwise great review — the
side-button double-press is really, really, really bad.
Unintuitive but more damningly — it’s not fun!
This is in large part because the
power-button-across-from-volume-rockers has always felt like a
fundamentally wrong design decision. Double-press aside, I take
5-10 unintentional screenshots a day. At least they’re in their
own folder now.
The best part of the iPhone X experience really is just how fun it
feels — how it’s so totally tactile and responsive and fluid in a
way iPhones have never been. ★
Thursday, 28 December 2017
Apple: “A Message to Our Customers About iPhone Batteries and Performance”:
We’ve been hearing feedback from our customers about the way we
handle performance for iPhones with older batteries and how we
have communicated that process. We know that some of you feel
Apple has let you down. We apologize. There’s been a lot of
misunderstanding about this issue, so we would like to clarify and
let you know about some changes we’re making.
First and foremost, we have never — and would never — do
anything to intentionally shorten the life of any Apple product,
or degrade the user experience to drive customer upgrades. Our
goal has always been to create products that our customers love,
and making iPhones last as long as possible is an important part
of that. […]
To address our customers’ concerns, to recognize their loyalty and
to regain the trust of anyone who may have doubted Apple’s
intentions, we’ve decided to take the following steps:
Apple is reducing the price of an out-of-warranty iPhone battery
replacement by $50 — from $79 to $29 — for anyone with an
iPhone 6 or later whose battery needs to be replaced, starting
in late January and available worldwide through December 2018.
Details will be provided soon on apple.com.
Early in 2018, we will issue an iOS software update with new
features that give users more visibility into the health of
their iPhone’s battery, so they can see for themselves if its
condition is affecting performance.
This is a terrific response, both in terms of explaining what has actually been going on, and in terms of the steps they’re taking going forward. Reducing the price of authorized battery replacements to $29 is really great.
The upcoming update to iOS 11 with more information on the state of the device’s battery is good news too. Right now, the Battery section inside the Settings app will warn you about the state of your battery — but only if the battery is in truly dire condition. What iOS should do — and it sounds to me like this is what Apple plans to do — is tell you about the state of your battery as soon as its condition drops beneath the threshold at which the performance throttling features kick in.
The funny thing about Apple is that their communication problems tend to happen only when they don’t communicate at all. This whole iPhone battery controversy erupted only because Apple had never explained what was going on, which opened them up to accusations of nefarious intent. When they do communicate, they do so with clarity, plain language, and honesty. And, when called for — as in this case — humility. ★