By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: June 17, 2019

Monday, 17 June 2019

Introducing Guardian Firewall for iOS ★

Guardian Firewall, from Will Strafach, who’s long been at the forefront of investigating iOS security and privacy issues:

Starting over 2 years ago, we embarked on an ambitious mission: Build a tool that allows any electronic device owner in the world to take back control of their digital privacy. This tool needed to be incredibly easy to use, straightforward, and must allow a user to “set it and forget it” if they did not want to apply any customizations.

We could have cut plenty of corners and shipped an acceptable tool. Instead we took our time and did things right, putting together the most powerful tool and dataset we were capable of building. Why? Because we are working towards a broader set of goals: Make surveillance capitalism an untenable business model. Degrade the quality of shadow profiles maintained on every user of an internet connected device. Methodically expose every bad actor we can find. The electronic devices you bought and own should not be snitching on you at regular intervals. Something has gone very wrong, and the course must be corrected to prevent pervasive data collection from becoming an acceptable norm. It’s time for war. No stone will be left unturned.

They have a very clear privacy policy, and a business model to match:

For the lifetime of our company, Guardian Firewall will utilize a simple tried-and-true business model: Accepting currency for a product that people find valuable. Full stop. We will never track our users. We will never collect personal information about our users. We consider user data to be a liability. Each and every technical design decision is built around that concept.

I’ve been running the current version since I met with one of Guardian’s engineers at WWDC. “Set it and forget it” is exactly the experience.

Update: For now, Guardian Firewall is only available to those who pre-ordered it. It’s set for release to everyone in July.

Google’s RCS Rollout ★

Dieter Bohn, writing at The Verge:

We’ve been hearing about RCS, the replacement for SMS texting, for over a year now, but actually using the next-generation service has been nearly impossible due to complicated carrier and phone maker politics. But now Google is taking over: later this month, Android users in the UK and France will be able to opt in to RCS Chat services provided directly by Google instead of waiting for their carrier to support it.

That seems like yet another minor status check-in on the service meant to replace SMS, but in fact it’s a huge shift in strategy: as Google rolls this offering out to more countries, it should eventually mean that RCS will become universally available for all Android users.

Regarding RCS’s lack of end-to-end encryption, Sanaz Ahari, Google’s product management director overseeing Android Messages, gave Bohn an anodyne statement:

We fundamentally believe that communication, especially messaging, is highly personal and users have a right to privacy for their communications. And we’re fully committed to finding a solution for our users.

I hope Google can pull that off, but I don’t see how it’s possible with the carriers’ role in RCS. I wouldn’t bet on RCS ever coming to fruition, period, let alone with genuine E2E encryption. I’d bet $10 that a year from now, Google says “Forget about RCS, here’s something else.”

Charlie Warzel: ‘You Care More About Your Privacy Than You Think’ ★

Charlie Warzel, writing for The New York Times:

Svirsky ran a series of tests where he had participants fill out online surveys for money and made them decide whether to share their Facebook profile data with a survey taker in exchange for a bonus (in some cases, 50 cents). In a direct trade-off scenario, Svirsky found that 64 percent of participants refused to share their Facebook profile in exchange for 50 cents and a majority were “unwilling to share their Facebook data for $2.50.” In sum: Respondents generally sacrificed a small bonus to keep from turning over personal information.

But things changed when Svirsky introduced the smallest bit of friction. When participants were faced with what he calls “a veiled trade-off,” where survey takers had to click to learn whether taking the survey without connecting to Facebook would be free or cost them 50 cents, only 40 percent ended up refusing to share their data.

Friction is largely underrated in user experience design. Some of the people who understand friction’s effect best, alas, are those purposely designing privacy controls to make them even just a bit harder to use, understand, or discover.

The lack of friction in the Sign In With Apple experience — especially using a device with Face ID or Touch ID — is a key part of why I expect it to be successful. It’s not just more private than signing in with Google or Facebook, it’s as good or better in terms of how few steps it takes.

Designers need to design for what people will do, not what people should, in theory, do.

What a Remarkable Comeback ★

Nolan O’Brien, writing for Twitter’s engineering blog on using Catalyst to port Twitter’s iOS app to the Mac:

Mac users are some of the most engaged people on Twitter, and we are thrilled to introduce them to a new fully native Mac app that has full feature parity with our other platforms plus amazing new features. Expect great things like resizable windows with dynamic content, multiple windows support, native notifications, drag & drop and keyboard support. There may even be a few new exciting features we haven’t been able to build for mobile devices that we’re excited to share in the fall!

Resizable windows, drag and drop support, keyboard support. Wow! What a great testimony to Catalyst that Mac users can expect such advanced features. Maybe we’ll even be able to copy and paste text.

Facebook’s New Study App Pays Adults for Data After Teen Scandal ★

Josh Constine, writing for TechCrunch:

Facebook shut down its Research and Onavo programs after TechCrunch exposed how the company paid teenagers for root access to their phones to gain market data on competitors. Now Facebook is relaunching its paid market research program, but this time with principles — namely transparency, fair compensation and safety. The goal? To find out which other competing apps and features Facebook should buy, copy or ignore.

Today Facebook releases its “Study from Facebook” app for Android only. Some adults 18+ in the U.S. and India will be recruited by ads on and off Facebook to willingly sign up to let Facebook collect extra data from them in exchange for a monthly payment. They’ll be warned that Facebook will gather which apps are on their phone, how much time they spend using those apps, the app activity names of features they use in other apps, plus their country, device and network type.

Gee, I wonder why it’s Android-only?

Huawei Will Delay Foldable Mate X Launch Until September ★

CNBC:

Huawei said its foldable phone will launch in September, slightly later than it was reportedly set to, as it does extra tests following the debacle Samsung went through with its rival device.

I love how Huawei is trying to blame their own product’s delay on Samsung. It makes no sense. Although I guess it didn’t make any sense that Samsung went ahead and sent out review units of their foldable phone, either.

In Court, Facebook Blames Users for Destroying Right to Privacy ★

Sam Biddle, reporting for The Intercept:

Representing Facebook before U.S. District Judge Vince Chhabria was Orin Snyder of Gibson Dunn & Crutcher, who claimed that the plaintiffs’ charges of privacy invasion were invalid because Facebook users have no expectation of privacy on Facebook. The simple act of using Facebook, Snyder claimed, negated any user’s expectation of privacy. […]

At one point Chhabria asked, seemingly unable to believe Snyder’s argument himself, “If Facebook promises not to disseminate anything that you send to your hundred friends, and Facebook breaks that promise and disseminates your photographs to a thousand corporations, that would not be a serious privacy invasion?”

Snyder didn’t blink: “Facebook does not consider that to be actionable, as a matter of law under California law.”

Like I wrote a few weeks ago, get these Facebook fuckers in court and all of a sudden they tell the truth.

Genius Catches Google Copying Song Lyrics ★

Robert McMillan, reporting for The Wall Street Journal:

“Over the last two years, we’ve shown Google irrefutable evidence again and again that they are displaying lyrics copied from Genius,” said Ben Gross, Genius’s chief strategy officer, in an email message. The company said it used a watermarking system in its lyrics that embedded patterns in the formatting of apostrophes. Genius said it found more than 100 examples of songs on Google that came from its site.

Starting around 2016, Genius said, the company made a subtle change to some of the songs on its website, alternating the lyrics’ apostrophes between straight and curly single-quote marks in exactly the same sequence for every song.

When the two types of apostrophes were converted to the dots and dashes used in Morse code, they spelled out the words “Red Handed.”

I love the technique Genius came up with here. It’s like one of the tricks from the old Encyclopedia Brown books I so loved as a kid. It’s preposterous that Google is denying that they did anything wrong here. They truly were caught red-handed.

What I love about this too is that it preys on Google’s institutional lack of attention to typography. All Google would have had to do to avoid getting caught by this scheme is notice that the lyrics they were copying had inconsistent apostrophes. Straight quotes are bad enough, but a seemingly random mix of straight and curly quotes should stick out to anyone paying any attention to the details.

Samsung Advises Smart TV Owners to Periodically Check for Viruses ★

Samsung, in a now-deleted tweet:

Scanning your computer for malware viruses is important to keep it running smoothly. This also is true for your QLED TV if it’s connected to Wi-Fi!

Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks. Here’s how.

Television sets infected with malicious software sounds like something straight out of 1980s dystopic sci-fi.

Makes me wonder how much debate there was within Apple about partnering with Samsung to put iTunes on these things.