By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: May 18, 2020

Monday, 18 May 2020

Inadvertently Prescient ★

Yours truly, back on 28 February, regarding China banning a pandemic simulation game:

Real shocker that a country without a free press is having trouble containing the outbreak. Coronavirus is not a PR problem, it’s a medical problem, and accurate up-to-date information reported to the public is essential in containing it. Any country that treats it as a PR problem is in trouble.

So it turns out that China was able to contain the outbreak. But I was right that a country treating it as a PR problem is in trouble.

Thinking Through the Manifold Ramifications of Collecting Smartphone Data for Contact Tracing  ★

Kieran Healy, on Twitter, regarding my piece Friday on the Washington Post’s atrociously one-sided and shortsighted report on Apple and Google’s joint exposure notification project:

I think half the academics and health people quoted in this story @gruber rightly drubs are so annoyed at being denied some extremely nice data that they forget the thing they want would be immediately repurposed by bad actors and put to ends they’d abhor.

It’s an unpleasant truth that personalized, fine-grained tracking data at scale is attractive to scientists for much the same reasons that it’s attractive to government snoops. The fact that the ends differ isn’t a sufficient differentiator.

This is exactly where many health officials around the world have gone awry. Their intentions are admirable: they want maximal data so they can do maximal analysis. But the sources for the Post’s story seemingly have no awareness whatsoever of the privacy ramifications of the data they claim to want Apple and Google to collect — and in some cases report automatically to the government.

Nor have they seemingly paused to consider the fact that Apple and Google have extensive experience in this regard.

Healy quotes the following from a piece he wrote back in 2006, on the NSA’s massive database of domestic phone calls:

Scientists and spies are not so different. The intelligence community’s drive to find the truth, to uncover the real structure of things, is similar to what motivates natural or social scientists. For that reason, I can easily understand why the people at the NSA would have been drawn to build a database like the one they have assembled. The little megalomaniac that lives inside any data-collecting scientist (“More detail! More variables! More coverage!”) thrills at the thought of what you could do with a database like that. Think of the possibilities! What’s frightening is that the NSA is much less constrained than the rest of us by money, or resources, or — it seems — the law. To them, Borges’ map must seem less like a daydream and more like a design challenge. In Kossinets and Watts’ study, the population of just one university generated more than 14 million emails. That gives you a sense of how enormous the NSA’s database of call records must be. In the social sciences, Institutional Review Boards set rules about what you can do to people when you’re researching them. Social scientists often grumble about IRBs and their stupid regulations, but they exist for a good reason. To be blunt, scientists are happy to do just about anything in the pursuit of better knowledge, unless there are rules that say otherwise. The same is true of the government, and the people it employs to spy on our behalf. They only want to find things out, too. But just as in science, that’s not the only value that matters.

In short, the privacy implications of using phones for contact tracing are very complicated. The limited scope of Apple and Google’s joint project is the best effort to date to balance those trade-offs.

The Pernicious Persistence of Bullshit Once It’s Been Reported by a Major, Ostensibly Trustworthy Outlet ★

From a piece today at The Washington Post by Rachel Lerman and Jay Greene, on “tech giants” being in no rush to return employees to office work:

Even the big five tech firms haven’t been able to keep all their workers at home. Amazon has continued to require warehouse staff during the pandemic, and faced backlash over accusations of dangerous working conditions. Facebook is offering financial incentives to lure content moderators back to the office, because many of the jobs can’t be done remotely.

One big exception to the extended work-from-home timeline among tech giants appears to be Apple, a company that has already been hard hit by the pandemic and was forced to temporarily slow manufacturing in China and shutter its retail stores in the U.S. — though both are reopening now. Apple declined to comment on its plans to bring workers back to the office. Bloomberg News reported that the company plans to start bringing workers back in phases starting this month.

That’s the entirety of this Post story’s reporting on Apple. Apple “appears” to be a “big exception to the extended work-from-home timeline” because of Mark Gurman’s report at Bloomberg last week, which I called bullshit on.

And they put this “exception” right after a paragraph about employees at other companies who can’t work remotely. There’s nothing exceptional about Apple’s stance on employees returning to campus. No one at Apple is returning to the office except for tasks that can only be done at the office. Even for those employees, they’re not being forced to do so — only those employees who are comfortable doing so are returning to the workplace in any capacity. Many (most?) of the employees in Apple’s “phase one” haven’t been back to the office once yet, and don’t know when they will be. Being in the first phase simply means their key cards grant them access if they need it.

If anything, it sounds like Amazon (with warehouses) and Facebook (with moderators) are the exceptions, pushing employees back to workplaces. But the Post flags Apple, because of Bloomberg.

Again, a careful reading of Bloomberg’s report does not claim anything to contradict the fact that all Apple employees who can work from home will remain at home until further notice, and those who must go to the office are doing so as little as possible, and are coordinating with their teammates to remain isolated. But it’s all painted with the slant that some Apple employees who could entirely work from home are being pushed back to work. They are not. That is not happening.

You may have noted that as juicy as the Bloomberg slant on this story is, there has yet to be a single corroborating report, let alone one with quotes from anyone at Apple who objects to how Apple is dealing with this. But now that Bloomberg has reported it, outlets like the Washington Post accept the slant at face value.

How Signal Integrates With Giphy While Preserving Privacy ★

Joshua Lund, writing for the Signal blog back in 2017:

In order to hide your search term from GIPHY, the Signal service acts as a privacy-preserving proxy. When querying GIPHY:

1. The Signal app opens a TCP connection to the Signal service.

2. The Signal service opens a TCP connection to the GIPHY HTTPS API endpoint and relays bytes between the app and GIPHY.

3. The Signal app negotiates TLS through the proxied TCP connection all the way to the GIPHY HTTPS API endpoint.

Since communication is done via TLS all the way to GIPHY, the Signal service never sees the plaintext contents of what is transmitted or received. Since the TCP connection is proxied through the Signal service, GIPHY doesn’t know who issued the request.

The Signal service essentially acts as a VPN for GIPHY traffic: the Signal service knows who you are, but not what you’re searching for or selecting. The GIPHY API service sees the search term, but not who you are.

I believe this is basically how Apple’s Giphy search in Messages on iOS (through the built-in “#images” app) works. But if anyone knows for sure, let me know.

Stanley Black & Decker’s Consolidation of the Power Tools Market ★

I can’t say I follow the power tools market closely, so it was complete news to me that Stanley Black & Decker now owns all of the power tool brands I’ve ever heard of. Scroll down on this post at ToolGuyd to see a chart of their brands: Irwin, Porter Cable, Bostitch, Craftsman (!), Lenox, DeWalt, and more. All owned by the same company. I’ll be honest, I’m so out of touch with this market I didn’t realize Stanley and Black & Decker had merged. (Via Nilay Patel.)

Update: More here on the consolidation of brands in the tool industry: “Power Tool Manufacturers and Who Really Owns Them”.