By John Gruber
1Password — Secure every sign-in for every app on every device.
Kevin Roose wrote a column for The New York Times last week under the headline “Did Apple Just Kill Social Apps?”, about which Jason Snell quipped, “It’s rare that a story is worse than its provocative headline, but this one manages it.” The gist of it is Roose positing that Apple’s new fine-grained controls over contact-sharing in iOS 18 are somehow controversial. Roose himself writes:
For years now, the way contact sharing has worked on iOS devices is that an app can trigger a message called a “data access prompt,” asking for access to a user’s contacts.
If the user agreed, the app developer got a list of all the contacts in that user’s address book, along with other information stored in the user’s contact cards, such as phone numbers and email addresses. App developers could then use that information to build out a user’s social graph, or suggest other accounts for the user to follow.
In iOS 18, however, users who agree to give an app access to their contacts are shown a second message, allowing them to select which contacts to share. Users can opt to share just a handful of contacts by selecting them one by one, rather than forking over their entire address book.
Apple’s stated rationale for these changes is simple: Users shouldn’t be forced to make an all-or-nothing choice. Many users have hundreds or thousands of contacts on their iPhones, including some they’d rather not share. (A therapist, an ex, a random person they met in a bar in 2013.) iOS has allowed users to give apps selective access to their photos for years; shouldn’t the same principle apply to their contacts?
The obvious answer is yes, the same principle should of course apply to contacts. But Roose presents the change as controversial and anticompetitive, on the grounds that burgeoning social networks have, over the last 15 years, used that all-or-nothing access to users’ contacts to great effect building out their social graphs, and pointing out that Apple’s own first-party apps like Messages and Mail aren’t faced with these restrictions.
Nick Heer wrote a splendid response to Roose’s piece at Pixel Envy — “I Do Not Care About Impediments to a Creepy Growth Hacking Technique” — the entirety of which is worth your full attention, but this paragraph sums up my first thought:
The surprise is not that Apple is allowing more granular contacts access, it is that it has taken this long for the company to do so. Developers big and small have abused this feature to a shocking degree. Facebook ingested the contact lists of a million and a half users unintentionally — and millions of users intentionally — a massive collection of data which was used to inform its People You May Know feature. LinkedIn is famously creepy and does basically the same thing. Clubhouse borrowed from the TBH playbook by slurping up contacts before you could use the app. This has real consequences in surfacing hidden connections many people would want to stay hidden.
My other thought is that new restrictions are inevitably resented by those who were abusing the newly-restricted resource. Polluters resent new regulations that force them to cease dumping chemicals into rivers and lakes, or pumping them into the air. Coal mines and factories resented child labor laws a century ago (and some still resent them today). If iOS had debuted in 2007 with per-contact sharing controls exactly like those in iOS 18 today, no one serious would ever have complained that this was wrong or unfair.1 But Apple adding these controls only now makes it different. They’re not just giving users control they previously didn’t have, they’re taking something away from companies that seek to exploit, as Heer aptly describes it, a creepy growth-hacking technique. Writ large, this psychology explains why granting social equality to minority groups feels to some in the majority group, the small-minded and bigoted, like a loss of privilege and a downgrade in status.2
As for Roose’s contention that it’s even somewhat controversial that Apple’s own apps aren’t subject to these address book restrictions:
Some developers also pointed out that the iOS 18 changes don’t apply to Apple’s own services. For example, iMessage doesn’t have to ask for permission for access to users’ contacts the way WhatsApp, Signal, WeChat and other third-party messaging apps do. They see that as fundamentally anticompetitive — a clear-cut example of the kind of self-preferencing that antitrust regulators have objected to in other contexts.
To the first party go the first-party spoils. It’s absurd to consider a cell phone that doesn’t make the user’s full address book available to the built-in phone-call and messaging apps. All phones offer similar system-level integration between such core apps. But for Apple in particular, broad and deep integration is the company’s modus operandi. People choose to use Apple platforms because of the integration, not despite it. As I wrote last month in “The iOS Continental Drift Widens”:
Safari isn’t just a web browser that just happens to be Apple’s. It’s the web browser designed by Apple to do things the iOS way on iOS (and the Macintosh way on MacOS). If, as a user, you do things the Apple way — owning multiple Apple devices, using iCloud for sync, using Safari as your web browser — you get an integrated experience, with access on device A to the tabs open on device B, shared browsing history and bookmarks between all devices, and support for systemwide services and features. The default apps from Apple on a factory fresh iPhone are designed to work together and present themselves consistently. That’s not to say no one should use third-party apps that are alternatives to Apple’s own. Of course not. Surely almost every reader of Daring Fireball uses one or more third-party apps that are alternatives to Apple’s. I use several. But the built-in Apple apps, taken together, constitute the Apple-defined experience. Those really are the apps most non-expert users should use. And the best third-party alternatives — like Fantastical (calendar), Cardhop (contacts), Overcast (podcasts), and Bear (notes) — fit seamlessly within that overall Apple experience. They’re third-party apps that feel integrated with the first-party experience.
Cardhop is a particularly apt example, as its entire purpose is to serve as a full alternative to the system Contacts app. It wouldn’t be able to do so if it needed per-entry permission to each contact, so it has a special entitlement that allows full address book read/write access because the entire point of the app is that it’s a full address book. A new social media network is not an address book.
Also, even putting aside the fact that first-party apps necessarily have certain advantages third-party apps do not (otherwise, there’d be no distinction), apps from the same developer have broad permission to share data and resources via app groups. Gmail can talk to Google Calendar, and Google Calendar has full access to Gmail’s address book. It’s no more “fundamentally anticompetitive” for Messages and Apple Mail to have full access to your Contacts address book than it was for Meta to launch Threads by piggybacking on the existing accounts and social graph of Instagram. If it’s unfair, it’s only unfair in the way that life in general is unfair.
The question to ask is, “Is this what users want and expect?” Sometimes it really is that simple. I’m not sure it’s ever worth asking “Is this what growth-hacking VC-backed social-media app makers want?” ★
This is hard to believe now, but until iOS 6 in 2012, there were no access restrictions on address book data at all. All apps simply had unfettered access to all of your contact data, with no permission prompt nor any indication that they were accessing it. This came to a head with a massive controversy over the defunct social app Path’s uploading to its servers the entire address books of all its user. ↩︎︎
This sentiment has never been described more searingly than by Gene Hackman in this scene from the great film Mississippi Burning. A 1988 film about 1964 murders that, alas, captures our political moment today. ↩︎
Given that Calvin and Hobbes is almost certainly the best (and almost more certainly, the most beloved) comic strip ever, it’s devilishly hard to pick a favorite. But this might be mine. I thought about it often as I raised my own son.
Update: I sent this one to my son, and he sent me this one back. My boy gets me.
Lawrence Abrams, reporting for Bleeping Computer:
Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.
The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql”. The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
As if that weren’t enough to make for a bad week for the Internet Archive — a seemingly irreplaceable stalwart resource of the web — they’re also under a DDoS attack. Jason Scott, archivist at Internet Archive, on Mastodon:
Someone is DDOSing the internet archive, so we’ve been down for hours. According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.
Bethany Bongiorno, on X:
- insane battery life (17 hours with profiled usage)
- calendar recall
- speak in over 50 languages — in your own voice
- vision gesture for quick multi-modal questions
- playlist support
- timers, alarms, world clock
- touchcode gesture unlock
- pinpoint — locate your pin!
Sometimes all you can do is put your nose to the grindstone and keep plugging. But man, I don’t even hear jokes about the AI Pin any more. (Full change log.)
Kind of crazy to create an alarm clock in this era of bedside phones, but like just about everything from Nintendo, it does seem fun. (Would seem a bit more appealing if it could serve as a Bluetooth audio speaker.)
Mark Gurman, reporting for Bloomberg:
Apple Inc.’s Dan Riccio, who oversaw the company’s push into mixed-reality headsets and previously served as its hardware engineering chief, is retiring.
The veteran executive, a vice president who reports to Chief Executive Officer Tim Cook, is leaving Apple this month, according to people with knowledge of the move. Employees in Riccio’s Vision Products Group, which includes a couple thousand engineers working on headsets and related technology, were told they would become the responsibility of John Ternus, Apple’s hardware boss.
Mike Rockwell, Riccio’s current lieutenant, will continue to lead the Vision Products Group on a day-to-day basis, said the people, who asked not to be identified because the changes aren’t public.
Gurman’s framing here in his lede could leave casual readers with the impression that Riccio is perhaps leaving because of the tepid consumer response to Vision Pro, but as Gurman subsequently mentions, this timeline was seemingly in the cards ever since Riccio stepped down as senior vice president of all hardware (a role now filled by John Ternus) in 2021.
A new website/newsletter from Om Malik and Fred Vogelstein:
Both of us together have followed Silicon Valley’s innovation engine for more than 50 years. We’ve seen a lot. But one observation stands out: The best ideas — the ones that launch meaningful companies — need to seem crazy and stupid at first.
Amazon, Google and Facebook are among the most powerful companies in the world today, but each of them seemed absolutely preposterous when launched. When Jeff Bezos started Amazon as an online bookstore 30 years ago, most didn’t even know what the internet was. Larry Page and Sergey Brin founded Google in 1998 when most believed search was going nowhere. In the 2000s, Mark Zuckerberg bet Facebook could fundamentally change the way billions of people used the internet — to share everything back when most were terrified about sharing anything.
It’s this messianic belief in a vision that makes many entrepreneurs so quirky — and so interesting. It takes a unique personality to spend years saying “I’m right” when most around you say “That’s wrong.”
Love this statement of purpose.
Many Tricks:
Moom 4 is only available directly from Many Tricks; it is not available on the Mac App Store. If it were our choice, it would also be in the Mac App Store, but it’s not our choice.
Why isn’t it in the Mac App Store? Because the Mac App Store does not allow apps that aren’t sandboxed. And Moom 4 cannot be sandboxed, as its use of the Accessibility API makes that impossible. So how was Moom 3, which also uses the Accessibility API, on the Mac App Store? Simple: Moom 3 was in the store before Apple required all Mac App Store apps to be sandboxed, so it was allowed to remain in the store, as long as we never added new features.
If Apple ever changes the rules, we will submit Moom 4 for Mac App Store review, but until/unless those rules change, you can only get Moom 4 directly from us.
What a perfect example of the shortcomings of the Mac App Store. MacOS 15 Sequoia adds new window-tiling features that, on the surface, you might think Sherlock Moom — a longstanding Mac utility that automates window resizing/arranging. But Moom does so much more than Sequoia’s tiling features. It’s a fabulous utility from a great developer, but Many Tricks isn’t allowed to offer it through the Mac App Store.
Zac Bowden, writing for Windows Central:
The Surface Duo 2 has just received its likely final security update, marking an end to Microsoft’s brief return to the smartphone market. The company originally launched Surface Duo 2 in October 2021, and promised to support the product with software updates for three years. Microsoft was only able to deliver one major Android version update in that time, a pitiful number for a $1,500 device.
It wasn’t that Microsoft was only able to deliver one major Android version update in 3 years. They’re Microsoft, for chrissakes. It’s that they could only be bothered to deliver one major upgrade. Commitment is vastly underestimated in the hardware game.
Fun Halloween-themed teaser.
Chance Miller, writing for 9to5Mac:
According to multiple 9to5Mac readers and reports across social media, Home Depot has also recently started rolling out Apple Pay support. Home Depot has been a major Apple Pay holdout, resisting pressure from its customers to add support for Apple’s tap-to-pay platform. Notably, Lowe’s — Home Depot’s biggest competitor — began rolling out Apple Pay support last December. It certainly seems possible that this move by Lowe’s put pressure on Home Depot to change its strategy.
Home Depot hasn’t commented on this change in policy, and the details of the rollout aren’t explicitly clear. It appears to be a very gradual rollout that started at a small number of locations over the summer and has recently picked up momentum. Your mileage may vary for the time being, though.
I could be completely wrong, but I don’t think Home Depot was ever opposed to Apple Pay. I just think they bought into a weird point-of-sale system that didn’t support it. They’re weird terminals. And I suspect what’s happening now isn’t a come-to-Jesus moment regarding Apple Pay in particular, but a replacement of those crummy POS terminals with new ones that do support Apple Pay.
Walmart is still the biggest Apple Pay holdout by a wide margin, and the company has shown no signs of changing its tune.
With Walmart, I do think it’s strategic that they don’t support Apple Pay. I think it’s wrongheaded though, and they’ll change their minds sooner (probably) or later. Walmart, just a few years ago, was spearheading the dumbass CurrentC “pay via QR code” system. Apple Pay, from a user’s perspective, is just a private way to pay via credit or debit card — no more, no less. Whatever strategic reasons Walmart has to oppose it — which I think boil down to wanting customers to instead use a Walmart-proprietary digital payment system — aren’t worth it.
Todd Heberlein:
Cozy mysteries are a genre of crime fiction where the stories take place in small, socially intimate communities, and any violence is limited or happens offscreen. Yesterday, I experienced a “Cozy WWDC,” and it was wonderful!
The event took place in an intimate setting with about 170 developers. There were no highly produced skits, no jabs at the competition, no speculative non-existent products designed to make the media and influencers lose their shit, and no media. The event, titled “Envision the Future: Build Great Apps for visionOS,” was held at the Apple Developer Center in Cupertino on October 2nd.
It focused solely on visionOS and spanned just one day.
The presenters were live. Many wrote code and showed the results live. Sometimes demos didn’t work the first time.
I have heard from a few other attendees that this was an excellent and very productive little event.
Panic:
Well, Google has a new set of policies that require apps that connect to Google Drive to go through expensive, time-consuming annual reviews, and this has made it extremely difficult for us to reasonably maintain Google Drive access. You may have seen iA Writer’s announcement that they are stopping development of their Android version for similar reasons. Our experience was different, but our circumstances are similar. [...]
Between the weeks of waiting, submitting the required documentation and the process of scanning the code, it took a significant amount of time from our engineers. For example, Google provided a Docker image for running the scanner, but it didn’t work. We had to spend more than a week debugging and fixing it. And because the scanner found no problems, it didn’t result in any improvements to Transmit. No one benefitted from this process. Not Google, not Panic, and not our users. [...]
But then… a couple of months later, Google completely removed the option for us to scan our own code. Instead, to keep access to Google Drive, we would now have to pay one of Google’s business partners to conduct the review. They promised a discounted minimum price, but no maximum price. We realized that either we’d most likely be paying someone else a chunk of cash to run the same scanner we were running, or our bill would end up much higher.
Never been gladder that I don’t use Google Drive for anything.
Peter Baker and Dylan Freedman, reporting for The New York Times, with the conspicuous absence of Maggie Haberman from that shared byline:
Former President Donald J. Trump vividly recounted how the audience at his climactic debate with Vice President Kamala Harris was on his side. Except that there was no audience. The debate was held in an empty hall. No one “went crazy,” as Mr. Trump put it, because no one was there.
Anyone can misremember, of course. But the debate had been just a week earlier and a fairly memorable moment. And it was hardly the only time Mr. Trump has seemed confused, forgetful, incoherent or disconnected from reality lately. In fact, it happens so often these days that it no longer even generates much attention.
He rambles, he repeats himself, he roams from thought to thought — some of them hard to understand, some of them unfinished, some of them factually fantastical. He voices outlandish claims that seem to be made up out of whole cloth. He digresses into bizarre tangents about golf, about sharks, about his own “beautiful” body. He relishes “a great day in Louisiana” after spending the day in Georgia. He expresses fear that North Korea is “trying to kill me” when he presumably means Iran. As late as last month, Mr. Trump was still speaking as if he were running against President Biden, five weeks after his withdrawal from the race.
Better late than never, but if it were Joe Biden who had rambled on about “the audience going crazy” at a debate that had no audience, the New York Times would have been all over it the next day, not a month later.
I don’t think Donald Trump was ever hooked up right. But he’s clearly losing the few marbles he ever had to dementia, just like his father did. The signs were clear during his 2017–2021 term in office:
John F. Kelly, his second White House chief of staff, was so convinced that Mr. Trump was psychologically unbalanced that he bought a book called “The Dangerous Case of Donald Trump,” written by 27 mental health professionals, to try to understand his boss better. As it was, Mr. Kelly came to refer to Mr. Trump’s White House as “Crazytown.”
Of course the Times had to both-sides this story, and this is who they found to do it:
Sam Nunberg, a former Trump political adviser, said he still talked with people who see him almost daily, and had not heard of any concerns expressed about the former president’s age. “I don’t really see any major difference,” he said. “I just don’t see it.”
Nunberg is the guy who showed up shitfaced drunk on half a dozen cables news appearances at the height of the Robert Mueller investigation. That’s the guy saying, sure Trump is OK in the head today.
If you haven’t watched Trump speak in a while — because you’re on team “fuck that guy”, like any sane voter — you should watch the video clips the Times culled for this piece. Like I said, I don’t think the guy was ever hooked up right, but it’s very clear he’s in serious decline today.
My suggestion to the Harris campaign is that they should repeatedly describe Trump as “an 80-year-old”, and force Trump surrogates to correct them that he’s “only” 78.
Joe Rossignol, writing for MacRumors:
The latest video of what could be a next-generation MacBook Pro was shared on YouTube Shorts today by Russian channel Romancev768, just one day after another Russian channel shared a similar video. The clip shows a box for a 14-inch MacBook Pro that is apparently configured with an M4 chip with a 10-core CPU and a 10-core GPU, 16GB of RAM, 512GB of storage, three Thunderbolt 4 ports, and a Space Black finish. [...]
The source of these leaks is unclear. Last week, “ShrimpApplePro” claimed that at least one of the unannounced 14-inch MacBook Pro units was apparently being offered for sale in a private Facebook group. In a follow-up post on X on Sunday, the leaker claimed that he saw someone online who was apparently advertising 200 of the unannounced 14-inch MacBook Pro units for sale, leading him to believe this leak originates from a warehouse. It is unclear if these details are accurate, but this whole situation is clearly very sketchy.
It’s somewhat weird that the box art is identical to that of last year’s M3 MacBook Pros, but I lean toward thinking these are real. Best guess is that someone stole 200 of these from China and some or all of them wound up in Russia? No sympathy for Apple here if that’s what happened — if you assemble your products in a dictatorship, stuff like this is bound to happen. Kinda surprising it hasn’t happened with iPhones, which would garner far more attention and value a month ahead of launch. That it hasn’t happened with iPhones probably indicates that Apple puts more security around them than they do MacBook Pros.
Juli Clover, MacRumors:
In the release notes for the sixth beta of the macOS Sequoia 15.1 update, Apple says that users aren’t going to see as many popups for apps they regularly use.
Applications using our deprecated content capture technologies now have enhanced user awareness policies. Users will see fewer dialogs if they regularly use apps in which they have already acknowledged and accepted the risks.
Why in the world didn’t Apple take regular use of a screen-recording app into account all along?
Tyler Stalman joins the show to discuss the iPhone 16 lineup’s cameras, and the state of iPhone photography.
Sponsored by:
Sean Hollister, writing for The Verge:
Google’s Android app store is an illegal monopoly — and now it will have to change. Today, Judge James Donato issued his final ruling in Epic v. Google, ordering Google to effectively open up the Google Play app store to competition for three whole years. Google will have to distribute rival third-party app stores within Google Play, and it must give rival third-party app stores access to the full catalog of Google Play apps, unless developers opt out individually.
These were Epic’s biggest asks, and they might change the Android app marketplace forever — if they aren’t immediately paused or blocked on appeal. And they’re not all that Epic has won today. Starting November 1st, 2024, and ending November 1st, 2027, Google must also:
- Stop requiring Google Play Billing for apps distributed on the Google Play Store (the jury found that Google had illegally tied its payment system to its app store)
- Let Android developers tell users about other ways to pay from within the Play Store
- Let Android developers link to ways to download their apps outside of the Play Store
- Let Android developers set their own prices for apps irrespective of Play Billing
If this ruling holds on appeal, it’s a real loss for Google, not a token loss.
Update: Regarding the bit in the first paragraph above, about rival app stores getting access to all apps in the Play Store unless the developers opt out, I was originally confused how this could possibly work. I should have read the injunction first. It states:
For a period of three years, Google will permit third-party Android app stores to access the Google Play Store’s catalog of apps so that they may offer the Play Store apps to users. For apps available only in the Google Play Store (i.e., that are not independently available through the third-party Android app store), Google will permit users to complete the download of the app through the Google Play Store on the same terms as any other download that is made directly through the Google Play Store. Google may keep all revenues associated with such downloads. Google will provide developers with a mechanism for opting out of inclusion in catalog access for any particular third-party Android app store. Google will have up to eight months from the date of this order to implement the technology necessary to comply with this provision, and the three-year time period will start once the technology is fully functional.
This is far less radical a dictum than Hollister’s description led me to believe. What Judge Donato is demanding is effectively pass-through to the actual Play Store listing for any apps and games that aren’t available in a third-party app store. So if you search in the Brand X app store for “FooApp” but FooApp isn’t available in the Brand X store, Brand X’s store app can let you install and download FooApp from the Play Store. But that counts as a regular Play Store installation. It’s just a way to encourage users of third-party stores to search those stores first, even though the vast majority of apps will likely remain exclusively in the Play Store.
Sarah Krouse, Dustin Volz, Aruna Viswanatha, and Robert McMillan, reporting for The Wall Street Journal:
For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.
The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said. [...]
The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.
This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse. Law enforcement is supposed to be hard work.
We should rightfully blame China first for this attack — and the U.S. government ought to start treating such attacks by China as part of the second Cold War that they are, and retaliate in big ways — but secondary blame must go to Congress for passing the Communications Assistance for Law Enforcement Act (CALEA) in 1994, and to the FCC for broadening its interpretation a decade later. Verizon, AT&T, and the other companies whose networks were breached were — and remain — required by law to provide the back doors that the Chinese hackers exploited.
John Naughton, writing for The Guardian:
Once the use of RSS feeds had become common, someone had the idea that audio files could be attached to them, and Dave implemented the idea with a nice geeky touch — attaching a song by the Grateful Dead. Initially the new technology was called audio blogging, but eventually a British journalist came up with the term “podcasting” and it stuck.
So Dave was present at the creation of some cool stuff, but it was blogging that brought him to a wider public. “Some people were born to play country music,” he wrote at one stage. “I was born to blog. At the beginning of blogging I thought everyone would be a blogger. I was wrong. Most people don’t have the impulse to say what they think.” Dave was the exact opposite. He was (and remains) articulate and forthright. His formidable record as a tech innovator meant that he couldn’t be written off as a crank. The fact that he was financially secure meant that he didn’t have to suck up to anyone: he could speak his mind. And he did. So from the moment he launched Scripting News in October 1994 he was a distinctive presence on the web.
One of Winer’s numerous aphorisms that resonates deeply with me: People return to places that send them away.
Dave Winer:
Today is the 30th anniversary of this blog. Hola!
I did a roundup of thoughts when this blog turned 25. I stand by what I wrote then, but I’d add this. My blog started because I needed content to test a script I had written that sent emails on my Mac using Eudora, which was an early scriptable app and I had a nice scripting system that worked with it. I looked around for something to send (30 years ago today), and shot out an email to the people whose business cards I had collected at various tech conferences. It was a thrill, so I did it again, and again and three more times, before I realized hey I could use this thing to get my own ideas out there. And thus began this thing that I still do to this day. Look at the two posts I wrote about WordPress in the last few days. There may be hope to find a blogosphere buried somewhere in there. And it may be possible to give them some sweet new writing tools so they can get excited about writing on the web the way we did all those years ago. I actually am kind of optimistic about that. Maybe we can stand up something in the midst of the noise. When we booted up podcasting, approx 20 years ago, we had a slogan — “Users and developers party together.” It worked! That is still the way I want to build stuff, it’s the only way I know how to do it. Blogging started out as a programming adventure and eventually became a form of literature. How about that. I’m up for doing more of that if you all are. But please expect to make contributions, don’t expect it all to come to you for free, because as we know nothing really is free.
Winer is rightfully renowned for his technical achievements — outliners as an application genre, RSS in general, and RSS in the specific context of podcasting in particular — but what’s kept me reading Scripting News for the entirety of Scripting News’s 30-years-and-counting run is his writing. He has such a distinctive writing voice that is impossible to imagine in any medium other than the web. But I think that’s because he helped define what writing not just on the web, but for the web, even meant.
Thanks for it all, Dave.
Aaron Vegh and Ben Rice McCarthy (of Obscura renown) have teamed up to create Croissant, a new app — currently iPhone-only — for cross-posting to Mastodon, Threads, and Bluesky. 15 years ago I wrote “Twitter Clients Are a UI Design Playground” and that piece stands up, but it’s not Twitter/X in particular (certainly not anymore — X support is conspicuously omitted from Croissant’s current lineup up supported platforms), but tweet-like platforms in general. Croissant proves that this domain remains a UI playground. It’s both visually distinctive and intuitively familiar, with a fun and fluid UI. It’s the sort of app that I want to find reasons to use.
Free to download and try with a single account; $3/month, $20/year, or $60 as a one-time purchase for multi-account support, which is where Croissant really shines.
See also: Dan Moren at Six Colors, John Voorhees at MacStories, and Nick Heer at Pixel Envy.
My thanks to WorkOS for, once again, sponsoring the week at Daring Fireball. WorkOS is a modern identity platform for B2B SaaS. Start selling to enterprise customers with just a few lines of code. Ship complex features like SSO and SCIM (pronounced skim) provisioning in minutes instead of months.
Today, some of the fastest growing startups are already powered by WorkOS, including Perplexity, Vercel, and Webflow.
For SaaS apps that care deeply about design and user experience, WorkOS is the perfect fit. From high-quality documentation to self-serve onboarding for your customers, it removes all the unnecessary complexity for your engineering team.
Another good overview of the Automattic/WP Engine saga, this one from Ari Levy at CNBC:
Mullenweg may be openly enthusiastic and grateful for the employees he still has on board, but the WordPress community is a mess. Many WP Engine customers are suffering, and Automattic is gearing up for a legal fight against a private equity firm with over $100 billion in assets.
Hard not to be reminded, somewhat, of the righteous indignation fueling Steve Jobs’s end of life crusade against Google for creating Android. Some big fundamental differences, of course. WordPress is GPL open source and iOS isn’t open at all. It’s the righteous fervor of the founder/leader of the company that’s reminiscent.
Emma Roth does the yeoman’s work of summarizing the complex and fast-moving legal feud between WordPress’s commercial arm and WP Engine, a major WordPress hosting provider:
Over the past several weeks, WordPress cofounder Matt Mullenweg has made one thing exceedingly clear: he’s in charge of WordPress’ future.
Mullenweg heads up WordPress.com and its parent company, Automattic. He owns the WordPress.org project, and he even leads the nonprofit foundation that controls the WordPress trademark. To the outside observer, these might appear to be independent organizations, all separately designed around the WordPress open-source project. But as he wages a battle against WP Engine, a third-party WordPress hosting service, Mullenweg has muddied the boundaries between three essential entities that lead a sprawling ecosystem powering almost half of the web.
To Mullenweg, that’s all fine — as long as it supports the health of WordPress long-term.
See also: Mullenweg’s “alignment” offer to Automattic’s nearly 1,900 employees.
Taegan Goddard, writing at Political Wire:
It’s worth recalling that a major reason Trump won in 2016 was that, just before the election, news broke about emails related to a closed investigation into Hillary Clinton’s emails being found on Anthony Weiner’s computer, the estranged husband of a top Clinton aide.
In the end, nothing came of this discovery, but the extensive news coverage of it almost certainly swayed the election. It was the top story in every major newspaper.
But this new evidence presented against Trump wasn’t even the lead story in the New York Times or Washington Post this morning. And it didn’t even make the front page of the Wall Street Journal or USA Today.
It’s true that millions of words have already been written about Trump’s attempt to overturn the 2020 election. But there was plenty of new information included in this filing which is directly relevant to the biggest news story this month.
This, I think, is entirely explained by the conventional wisdom that the U.S. news media is “liberal”, a decades-long work-the-refs strategy from Republicans. The truth is the news media is effectively in the tank for Trump, sanewashing his literal nonsense, outright lies, and violence-inspiring hate speech against even legal immigrants. But our major political news media remains so hyper-focused on appearing not to favor one political side over the other that it’s completely lost sight of what ought to be their north star: the truth. If the truth favors one party over the other, so be it. That’s the job of reporting the news.
The difference between how these same publications treated Hillary Clinton’s “but her emails” nonsense in 2016 compared to Jack Smith’s motion this week could not be more stark.
Update: If you prefer, imagine if a special counsel appointed by the Attorney General submitted a brief alleging any crimes at all committed by Kamala Harris. Let’s say personal tax evasion — crimes, but insignificant compared to multiple attempts to overthrow the results of the last presidential election. The major U.S. newspapers and cable channels would have covered nothing else in the days since. Yet for this brief laying out copious evidence that Trump attempted the worst crime imaginable against U.S. democracy itself, it’s relative crickets chirping and shoulder shrugs. Remember too that Trump is already a convicted felon. If Harris had been convicted of a felony this year, do you think it would be mentioned more frequently in news stories than it actually is for Trump? If you don’t, I have a bridge to sell you.
I missed this announcement from MLB a month ago:
Major League Baseball today announced a new multi-year international partnership with European workwear leader STRAUSS that makes the German company the Official Workwear Partner of MLB. The partnership marks STRAUSS’ first league-wide deal in the United States. STRAUSS entered the U.S. market in late 2023, and American brand awareness is the cornerstone of its marketing efforts. The new partnership also affords STRAUSS marketing rights with MLB across Canada, Mexico and Europe. As part of the deal, STRAUSS’ name and logo will adorn MLB batting helmets during the Postseason and regular season games in Europe, as well as MiLB batting helmets all season long, beginning in 2025.
But I couldn’t miss it watching postseason games on TV this week: there’s a ridiculous-looking “Strauss” on both sides of every player’s batting helmet now, as prominent as the team logo on the front. It looks even more desperate and obsequious on the helmets than it does printed in all-caps in MLB’s bootlicking press release. This is the sort of gimmick you expect from a struggling independent minor league team, not Major League Baseball.
They should’ve put the rights to these on-helmet ads up for public auction. I’d have chipped in for a fan-backed initiative to buy that on-helmet ad space to affix this slogan: “FIRE ROB MANFRED”.
Victoria Gomelsky, reporting with absurd credulity for The New York Times:
Hodinkee, the watch enthusiast website based in Manhattan that has helped spread the gospel of mechanical watchmaking since its founding in 2008, has a new owner.
On Friday, the Watches of Switzerland Group, one of the world’s largest watch retailers with more than 220 multibrand and brand stores in Britain and the United States, announced that it had acquired the media company, which includes a website, a magazine, a brand partnerships division and an insurance business. Neither company would disclose the terms of the deal. [...]
Both Mr. Clymer and Mr. Hurley said Hodinkee’s staff, which now totals about 35 people, would remain intact and that its editorial team would remain independent of Watches of Switzerland oversight.
“But at a point in time,” Mr. Hurley said, “when you click on the Hodinkee Shop, you will see the full range of the product that WatchesofSwitzerland.com carries. We are going to do some work over the next several months to make that effectively seamless.”
There is a name for a publication that is owned by a retailer: catalog. I’d love to be proven wrong and see Hodinkee return to excellence, but that seemed far more likely as an independent website than as a subsidiary of the world’s largest premium watch retailer. For years I read Hodinkee daily; for the last few years I largely stopped reading it at all. Here’s Clymer’s own column announcing the acquisition (“joining forces”) and his return to day-to-day leadership of the site.
An important follow-up to yesterday’s item about Russia demanding Apple remove VPN apps from the Russian App Store: you can use a VPN on iOS without an app. It just requires some futzing in Settings and a VPN provider that supports it. Presumably, this technique remains available to iPhone users in Russia. Here are instructions from one such VPN provider, ForestVPN:
- Access Settings:
- Open the Settings app on your iPhone.
- Tap on General and scroll to VPN & Device Management.
- Add VPN Configuration:
- Select Add VPN Configuration.
- Choose your desired protocol, such as L2TP or IKEv2.
- Enter VPN Details:
- Fill in the necessary fields like Description, Server, Remote ID, and Local ID. These details can be found on the ForestVPN website.
- Save and Connect:
- Tap Done to save your configuration.
- Enable the VPN by toggling the switch next to your newly created profile.
VPN apps remove complexity from this process, but it’s worth noting that VPN access doesn’t require an app.
Chili Palmer, reporting for HighSpeedInternet:
Starlink announced on Oct. 2 it will offer one month of free internet in Hurricane Helene disaster areas. The free service will be available to new customers who order through the Starlink website and to customers who activate a kit they already have, whether it was donated or purchased at a retail store. Existing customers may also be eligible.
The announcement comes after more than 500 Starlink kits were distributed throughout the disaster area by private relief organizations.
It’s hard to overstate how differently Elon Musk would be perceived if he weren’t a whackjob on political and cultural issues.
Ryan Christoffel, writing for 9to5Mac:
Hurricane Helene has caused massive damage and taken over 100 lives across several US states. Many thousands of people are without power and/or cell service. But in the wake of the storm, reports have surfaced about a key iOS 18 feature that has been a lifeline for survivors: Messages via satellite.
Apple added Messages via satellite to millions of iPhones via its recent iOS 18 update. And now, according to reports on social media, it seems the feature arrived just in time. Here are a few tweets highlighting how useful the feature has proven.
It’s great that iOS 18 shipped before Helene hit, but a shame that it’s so new that most users haven’t yet upgraded. And once Helene hit and knocked out all comms in the most severely-hit areas, it was too late. (Apple hasn’t yet pushed iOS 18 to the majority of users whose devices are set to install updates automatically, and typically doesn’t do so with new iOS versions until the .1 release in October or November.) Some heads-up people were specifically recommending that iPhone 14 and 15 users in Helene’s path update to iOS 18 before it hit specifically to get this feature. But still: the feature is already making a huge difference.
Cool Hunting:
We love getting into the nerdy details of design innovations and the iPhone 16‘s new Camera Control button presented a perfect opportunity to dig in. For this first podcast of our new Design Tangents series aptly named Nerdy Details we sit down with Johnnie Manzari from the Apple Human Interface team and Rich Dinh, Senior Director of Product Design, to talk about cameras and photography through the lens of the new control on “the world’s most popular camera.”
You don’t often get to hear Apple employees speak about their work. When you do, it’s often largely about trying to get the feel right.
Zac Hall, 9to5Mac:
iPhone users are being notified about an excessive heat weather event through Apple’s Weather app on iPhone. While the weather event is happening in the Santa Clara Valley region of California, the alert says that the occurrence is happening in an area nearby regardless of where you live.
Hall had a good theory — that the warnings were being to delivered to people who live nowhere near Santa Clara Valley because Apple includes Cupertino as a default location for the Weather app — but in an update acknowledges that the warning notification is being received by users who don’t have any saved locations near the heat wave. (I’ve gotten the notification on multiple devices, and don’t have Cupertino saved as a Weather location.)
What a weird bug.
The United States Attorney’s Office for the District of Columbia:
Haotian Sun, 34, and Pengfei Xue, 34, both Chinese nationals, were sentenced today for participating in a sophisticated scheme to defraud Apple Inc. out of millions of dollars’ worth of iPhones. U.S. District Court Judge Timothy J. Kelly sentenced Sun to 57 months in prison, and sentenced Xue to 54 months in prison. [...]
According to the government’s evidence, between May 2017 and September 2019, Sun, Xue, and other conspirators defrauded Apple Inc. by submitting counterfeit iPhones to Apple Inc. for repair to get Apple to exchange them with genuine replacement iPhones. Sun and Xue received shipments of inauthentic iPhones from Hong Kong at UPS mailboxes throughout the D.C. metropolitan area. They then submitted the fake iPhones, with spoofed serial numbers and/or IMEI numbers, to Apple retail stores and Apple Authorized Service Providers, including the Apple Store in Georgetown. Trial evidence and evidence developed after trial showed that members of the conspiracy submitted more than 6,000 inauthentic phones to Apple during the conspiracy, causing an intended loss of approximately $3.8 million and an actual loss of more than $2.5 million.
This seems like a scam you might expect to get away with a few times. Maybe more than a few, if you keep taking the counterfeit iPhones to different stores. But 6,000?
Novaya Gazeta Europe:
Apple removed nearly 60 additional virtual private network (VPN) apps from its Russia App Store between July and September, significantly more than the 25 acknowledged by the Russian authorities, according to a report published on Tuesday by the Apple Censorship Project, which campaigns for greater transparency from Apple over such moves.
According to researchers at GreatFire, an organisation which monitors online censorship in China, data indicates that Apple silently removed nearly 60 VPN services from the Russia App Store between 4 July and 18 September, bringing the total number of VPN apps now unavailable in the country to 98.
The report suggests that the scale of online censorship in Russia is much greater than was previously acknowledged when Roskomnadzor, Russia’s media regulator, announced in early July that it would be blocking 25 VPN apps in the Russian App Store, including some of the world’s most popular services such as NordVPN, ExpressVPN and Proton VPN.
The kneejerk criticism to purges like this is to fault Apple for complying. But of course they have to comply. If Apple responded to this demand from the Russian government with “Nah, we’re not going to comply”, the Russian government would shut down the App Store in Russia. It’s the same reason Apple can’t just say “Nah” to complying with the DMA in the EU even though the company staunchly disagrees with the entirety of the DMA’s requirements. The law’s the law, whether the country is a brutal dictatorship or a liberal democracy.
The correct criticism to target at Apple is that this is the best argument against the App Store as the sole distribution channel of software for iOS. VPN software is still available for the Mac in Russia, and, I presume, is still available via sideloading for Android phones. When you create a choke point, you can be choked.
Christian Selig:
For those not aware, a few months ago after reaching out to me, YouTube contacted the App Store stating that Juno does not adhere to YouTube guidelines and modifies the website in a way they don’t approve of, and alludes to their trademarks and iconography.
I don’t personally agree with this, as Juno is just a web view, and acts as little more than a browser extension that modifies CSS to make the website and video player look more “visionOS” like. No logos are placed other than those already on the website, and the “for YouTube” suffix is permitted in their branding guidelines. Juno also doesn’t block ads in any capacity, for the curious.
I stated as much to YouTube, they wouldn’t really clarify or budge any, and as a result of both parties not being able to come to a conclusion I received an email a few minutes ago from Apple that Juno has been removed from the App Store.
This, to say the least, sucks. Juno is a wonderful VisionOS app — one of the very best third-party apps for the platform. It turns YouTube video watching from a totally meh experience inside Safari into a totally wow experience as a native app. It’s not like Juno was keeping people from using YouTube’s own native app because, famously, there isn’t one. A YouTube spokesperson told Nilay Patel at The Verge back in February that “a Vision Pro app is on our roadmap”, but as I wrote at the time, “given the design quality and adherence to platform design idioms of Google’s iOS apps (poor), I’m not sure they’re even capable of making a Juno-quality app.”
I still stand by that. I don’t expect to see YouTube launch a native VisionOS app soon, and even if they do, I doubt it’ll be anywhere near as good as Juno. What I was obviously wrong about in that February post was thinking that YouTube wouldn’t care about Juno’s existence, given that Juno did not block ads. All it did was make the YouTube experience great on Vision Pro.
This makes Selig — one of the most gifted indie developers working on Apple’s platforms today — 2 for 2 on getting hosed by big platforms for which Selig created exquisitely well-crafted clients. (The first, of course, was his beloved Reddit client Apollo.) If he goes 3 for 3, Phil Schiller should grant him a “trifecta” lifetime exemption from App Store commission fees.
The AP:
Technology reporter Taylor Lorenz said Tuesday that she is leaving The Washington Post, less than two months after the newspaper launched an internal review following her social media post about President Joe Biden.
Lorenz, a well-regarded expert on internet culture, wrote a book “Extremely Online” last year and said she is launching a newsletter, “User Mag,” on Substack.
Well-regarded by whom? Lorenz is a hack — a self-proclaimed social media expert done in by her own “private” Instagram post describing President Joe Biden as a “war criminal” that she subsequently lied about having posted. She didn’t “exit” the Post. She was obviously and rightfully fired.
This video from “MTT” warmed my heart. And that takes a lot. I learned Pascal on this keyboard. I absolutely loved this keyboard when I first encountered it. But, today, man, what a weird keyboard it is. I mean the arrow-key layout is one thing (up, down, left, right — arranged horizontally). But how about putting the backslash (\) key on the right of the space bar and the backtick (`) key on the left? I mean that’s just crazy. I recall absolutely loving the feel of this keyboard as a teenager but I’ve never bothered chasing one down in my adult life because I know today I could never bear the weird layout. But MTT didn’t just do the lazy thing (buy an ADB-USB adapter), he went the whole nine yards and designed and soldered his own custom parts to turn this 1986 gem into a modern day Bluetooth keyboard. Masterful.
Jason Snell returns to the show to discuss Apple’s September product announcements, and Meta’s Orion prototype AR glasses. Absolutely no baseball talk, almost.
Sponsored by:
Allen Pike:
As I understand it, my first experience in a self-driving car was typical:
- Minute 1: “How safe is this? Will it notice that cyclist? What about those construction cones?”
- Minute 10: “This is wild. It’s driving so calmly and safely. I love it.”
- Minute 20: (Bored, checking my email in the back seat.)
It was like a firmware update to my brain.
Imagine how exhilarating subways must have been a century ago — zipping across cities in high-speed underground trains. All technology becomes mundane quickly. It’s kind of amazing when you notice it happening with yourself.
Om Malik, after Apple’s September 9 “It’s Glowtime” event at Steve Jobs Theater:
I decided to become a fly on the wall and chronicle the spectacle unfolding in front of me. I focused on those who were there to create content about the devices, not the devices themselves. It was fun to just float among the crowds with my Nikon Zf and a 40mm lens.
It was a wonderful spectacle — just to bask in this new kind of raw media energy. Content for the sake of content. Events for the sake of content. Fog of content. It’s the new way of the world. As a student of media, I love this chaos and change — because from chaos and change comes the future.
I’m linking to this photo essay despite, not because of, the fact that it includes a portrait of yours truly dicking around on his phone in the small room where the media wait for post-event briefings. Steve Jobs Theater is a beautiful and unique space, but there are aspects of the space that are hard to capture in photos. Om’s collection here captures the feel of it.
I tried to return the favor by photographing the photographer.
See also: Om’s thoughts on the event and announcements.
I’ll link first to The Verge’s “Everything Announced at Meta Connect 2024” roundup because Meta still hasn’t posted today’s keynote address on YouTube; best I’ve found is this recording of the livestream, starting around the 43m:20s mark. I watched most of the keynote live and found it engaging. Just 45 minutes long — partly because it was information dense, and partly because Mark Zuckerberg hosted the entire thing himself. He seems very comfortable, confident, and natural lately. Nothing slows an on-stage keynote down more than a parade of VPs. There was clearly no political infighting at Meta for stage time in this keynote. The keynote was Zuck’s, and because of that, it was punchy and brisk.
In terms of actual products that will actually ship, Meta announced the $300 Quest 3S. That’s more than an entire order of magnitude lower-priced than Vision Pro. Vision Pro might be more than 10× more capable than Quest 3S, but I’m not sure it’s 10× better for just playing games and watching movies, which might be the only things people want to do with headsets at the moment. They also launched a 7,500-unit limited edition of their $430 actually-somewhat-popular Ray-Ban Wayfarer “smart” glasses made with translucent plastic, iMac-style. It’s been a while since someone made a “look at the insides” consumer device. That’s fun, and a little quirky, too.
The big reveal was Orion, a working prototype of see-through AR glasses. Meta themselves are describing them as a “dev kit”, but not only are they not available for purchase, they’re not available, period. They’re internal prototypes for Meta’s own developers, not outside developers. They do seem interesting, for a demo, and I’m hearing from our Dithering correspondent on the scene in Menlo Park that using them is genuinely compelling. There can be no argument that actual glasses are the form factor for AR.
The Verge’s Alex Heath opened his piece on Orion today with this line:
They look almost like a normal pair of glasses.
That’s stretching the meaning of “almost” to a breaking point. I’d say they look vaguely kinda-sorta like a pair of normal glasses. Both the frames (super chunky) and the lenses (thick, prismatic, at times glowing) are conspicuous. They look orthopedic, like glasses intended to aid people whose vision is so low they’re legally blind. It really is true that Meta’s Ray-Ban Wayfarers are nearly indistinguishable from just plain Wayfarers. Orion isn’t like that at all. If you went out in public with these — which you can’t, because they’re internal prototypes — everyone would notice that you’re wearing some sort of tech glasses, or perhaps think you walked out of a movie theater without returning the 3D goggles. But: you could wear them in public if you wanted to, and unlike going out in public wearing a VR headset, you’d just look like a nerd, not a jackass. They’re close to something. But how close to something that would actually matter, especially price-wise, is debatable. From Heath’s report:
As Meta’s executives retell it, the decision to shelve Orion mostly came down to the device’s astronomical cost to build, which is in the ballpark of $10,000 per unit. Most of that cost is due to how difficult and expensive it is to reliably manufacture the silicon carbide lenses. When it started designing Orion, Meta expected the material to become more commonly used across the industry and therefore cheaper, but that didn’t happen.
“You can’t imagine how horrible the yields are,” says Meta CTO Andrew Bosworth of the lenses. Instead, the company pivoted to making about 1,000 pairs of the Orion glasses for internal development and external demos.
Snap recently unveiled their new Spectacles, which they’re leasing, not selling, for $1,200 per year. Snap’s Spectacles are so chunky they make Orion look inconspicuous in comparison. But the race to bring AR glasses to market is clearly on.
See Also: Heath’s interview with Zuckerberg for Decoder.
Next-Day Addendum: I woke up this morning with the following competitive back-and-forth in my head:
It’s a lot of back-and-forth volleying, which is what makes the early years of a new device frontier exciting and highly uncertain. Big bold ideas get tried out, and most of them wind up as dead ends to abandon. Compare and contrast to where we’ve been with laptops for the last 20 years, or the pinnacle we appear to have reached in recent years with phones. ★
A swing-and-a-miss from MKBHD. Criticism of the app is on two separate levels, but they’re being conflated. Level 1: the app is not good. Level 2: a paid wallpaper app? — LOL, wallpapers are free on Reddit. That second form of criticism — that there shouldn’t even exist a paid wallpaper app — is annoying and depressing, and speaks to how many people do not view original art as worth paying for. But it also speaks to the breadth of Brownlee’s audience, which I think is more tech-focused than design-focused. Scott Smith, on Mastodon, observed:
It’s really interesting to compare the reaction from the indie iOS community of @Iconfactory’s Wallaroo to the mainstream tech community’s reaction to @mkbhd’s Panels. I know they are not the same by any means but it sheds light on how many people in mainstream tech circles are still flabbergasted at paying for artwork.
So there’s that, and it is what it is. To some extent that freeloading cheapskate perspective can be ignored. If one’s argument is that all wallpapers ought to be free, that’s not a valid starting point for criticism of a paid wallpaper app/service.
The problem is, Panels is not a good app:
It crashed on me during first run on iPhone.
The UI is big and bulbous, and while it looks almost the same on iOS and Android (which is probably why it’s so crude), it looks native on neither platform. It looks and feels more like the interface to a game than an app. If anything, it looks and feels more Android-y than iOS-y, if only because “doesn’t really look native anywhere” is more of an Android thing. If Brownlee is down with how this app looks and feels, it explains quite a bit (more) about how he’s willing to spend large stretches of time daily-driving Android phones.
Totally subjective, but I don’t think the wallpapers themselves are good. I mean like none of them. They feel like user-generated content, not professional content curated by a trusted tastemaker like Brownlee.
The app has a crummy privacy report card, including using your general location for tracking, and on iOS brings up the “Ask App Not to Track” dialog. It’s even worse on Android. Not premium. (Panels doesn’t ask for GPS location access, but it uses your IP address for tracking, which Apple classifies as “location”. Apple ought to clarify that distinction in App Store privacy report cards — asking for GPS is not the same thing at all as IP-based geolocation — but it’s a bad look for the app.)
“SD” (1080p) wallpapers are free to download from some creators but require watching a minute or two of video ads. Not premium.
Subscribing costs $50/year or $12/month ($144 a year!) — which are, to say the least, premium prices. (Wallaroo is a far better app with — subjectively — far better wallpapers and costs $20/year or $2/month.)
It’s entirely plausible for a premium wallpaper app to justify a price of $50/year. But Panels isn’t a premium app. Premium apps don’t ask to track you across apps. Premium apps don’t make you watch ads to get to their free content. Premium apps look and feel native to their platforms. Premium apps don’t have sketchy privacy report cards. As it stands, Panels is incongruous and incoherent. ★