Linked List: August 2022

The Talk Show: ‘An Unranted Rant’ 

Special guest Rosemary Orchard joins the show to talk about her new book, Take Control of Shortcuts, and the state of automation on iOS and MacOS.

Brought to you by these fine sponsors:

  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • Indochino: Made for you. Promo code: thetalkshow for $50 off any purchase of $399 or more.
  • Kolide: An endpoint security solution for teams that want to meet their compliance goals without sacrificing privacy.
FTC Sues Data Broker Kochava for Sale of People’s Location Data 

Sarah Perez, reporting for TechCrunch:

The U.S. Federal Trade Commission (FTC) on Monday announced it has filed a lawsuit against data broker Kochava Inc. for selling geolocation data from “hundreds of millions of mobile devices,” it says, which could be used to trace the movements of individuals including those to and from sensitive locations. Specifically, the FTC said the data could reveal people’s visits to places like reproductive health clinics, domestic violence or homeless shelters, addiction recovery centers and places of worship.

This personal and private information could expose people to “threats of stigma, stalking, discrimination, job loss, and even physical violence,” the FTC explained in a press release.

The suit aims to halt Kochava’s data collection practices involving sensitive geolocation data and will request that the company delete the data it has already collected.

Location data has always been sensitive — among the most private of private things that can be tracked through computing devices. With Roe v. Wade overturned and antiabortion Christianist lawmakers now drafting laws to make it illegal to cross state lines to get an abortion, the stakes are well past “hypothetical”.

Here’s a spitball idea for Apple: apps that include any sort of framework or integration with data broker companies should be required to list all of those companies by name in their privacy report cards in their App Store listings. As a user, if you’re concerned about the practices of, say, Kochava, you should be able to look at an app’s App Store listing and know with certainty whether the app shares data with Kochava.

Right now, these report cards have descriptions for each section that say something like “The following data may be used to track you across apps and websites owned by other companies.” Apps should be required to list exactly who those other companies are.

Mike Masnick, Techdirt:

The main function of the bill is to allow news orgs to team up, force internet companies that link to them into mandatory arbitration, and force them to pay the journalism organizations for linking to them. For linking to them. Literally for sending them traffic. The bill says that each side submits their proposal for how much the internet companies should pay the news companies, and then the arbitrator picks one side’s proposal.

But, again, let’s go back to what this is — what the internet companies are being forced to pay for. They are being forced to pay to send other websites traffic. This is ludicrous.

Has Amy Klobuchar’s name ever been on a piece of tech or internet-related legislation that was anything but a terrible idea? Masnick righteously skewers this one, concluding:

I can’t see how anyone thinks this is a good idea. And, again, I run one of the companies that in theory would “benefit” from this nonsense by getting free money.

I used to just think that Senator Klobuchar was ignorant about how the internet worked. But considering how frequently she releases absolutely ridiculous and dangerous bills about the internet, I’m beginning to realize that she is deliberately seeking to destroy it.

The Check Is in the Mail, I’m Sure 

Speaking of Truth Social, here are Charlie Gasparino and Eleanor Terrett, reporting for the well-known hotbed of left-wing propaganda Fox Business:

Former President Donald Trump’s social media outfit, Truth Social, is locked in a bitter battle with one of its vendors claiming that the platform is stiffing the company out of more than $1 million in contractually obligated payments, Fox Business has learned. [...]

In October, RightForge announced it entered into an agreement to host Truth Social, which Trump helped create after he was banned by Twitter following the Jan. 6 riots. RightForge now contends that Truth Social has reneged on its contractually obligated monthly payments for setting up the platform’s web-servicing infrastructure, according to three people with direct knowledge of the matter.

These people say RightForge contends that Truth Social has made just three payments and ceased making any payments since around March. RightForge claims that Truth Social owes it around $1.6 million and is threatening legal action to recoup the money, these people add.

Donald Trump stiffing a vendor? Get me to the fainting couch. I just can’t believe it.

Google Won’t Allow Trump’s Truth Social App in Play Store Because the Content Is Insufficiently Moderated 

Sara Fischer, reporting for Axios:

Truth Social CEO Devin Nunes last week claimed the decision about when the app would be available on Android “is up to Google,” but Google insists that the ball is in Truth Social’s court.

What Nunes is saying: “I don’t know what’s taking them so long.”

What Google is saying: “On Aug. 19, we notified Truth Social of several violations of standard policies in their current app submission and reiterated that having effective systems for moderating user-generated content is a condition of our terms of service for any app to go live on Google Play.”

Interesting turn of events that it’s the Play Store that is being more strict about this than Apple’s App Store, where Truth Social has been available since February.

Kubrick Homage Ad Campaign From Gucci 

Wendy Torrance has never been dressed so well.

Other Than the Too-Hot-to-Touch Underside and Uncomfortably-Hot Keyboard Despite the Annoying Noise From the Fan, How’d You Enjoy the Play, Mrs. Lincoln? 

Scharon Harding, reviewing the HP Spectre x360 13.5-inch laptop for Ars Technica:

Regardless of what I put it through, the Spectre stayed surprisingly cool for its size. After an hour-long stress test, for example, the only part of the chassis that was too hot to touch comfortably was its underside, although the keyboard was borderline.

HP changed the fan design for the 2022 Spectre x360 13.5-inch compared to the 2021 model, and the company claims that the new model delivers up to 10 percent increased airflow and an 8 percent improvement on “acoustic performance.”

The phrase “Stockholm Syndrome” gets overused, but I think PC hardware reviewers are in a deep state of denial as to how high Apple silicon has raised the bar for performance-per-watt, in day-to-day practical terms. To an M-series MacBook user, the above paragraphs sound like they must have been written years ago. Too-hot-for-your-actual-lap laptops and audible cooling systems are dark ages shit.

RevenueCat 

My thanks to RevenueCat for once again sponsoring last week at Daring Fireball. Look, in-app subscriptions are a pain. The code can be hard to write, time-consuming to maintain, and full of edge cases. RevenueCat makes it simple so you can focus on building features, not a subscription back end.

With RevenueCat, you also get out-of-the-box subscription metrics and charts that you can’t get from App Store Connect. Plus, prebuilt integrations make it easy to sync customer events and revenue data to every tool in your stack.

I know a slew of developers who swear by RevenueCat for their subscriptions. It’s so much better than rolling your own solution. Learn more at revenuecat.com and see why thousands of the world’s best apps trust RevenueCat to power subscriptions on iOS, Android, and the web.

Apple Ships iPadOS 16.1 Beta Ahead of iOS 16 Fall Release 

Brian Heater, last week for TechCrunch:

Apple this morning is rolling out iPadOS 16.1 beta to enrolled developer devices. It’s a break from the standard release cadence, which has tied together the tablet operating system with its smartphone counterpart, iOS, since its first release in 2019.

In a comment to TechCrunch, the company notes, “This is an especially big year for iPadOS. As its own platform with features specifically designed for iPad, we have the flexibility to deliver iPadOS on its own schedule. This Fall, iPadOS will ship after iOS, as version 16.1 in a free software update.”

Mark Gurman reported this delay a few weeks ago, but anyone who’s been using the betas this summer could see the writing on the wall: iOS 16 has been very stable in this month’s betas and seemingly ready to go for September; iPadOS 16 and MacOS 13 have not. In both cases, Stage Manager is buggy.

There is a reason to prioritize iOS 16: new iPhone hardware is launching and new iPhone hardware always requires the new version of iOS. There’s no reason to rush iPadOS or MacOS.

[Interpolation: I will further add that the polished state of iOS 16 betas all summer long — from WWDC onward — stands in contrast to the unpolished state of MacOS 13 Ventura’s new System Settings. This could just be my own projection, but I have the sense that if some component of iOS were getting a complete rewrite like this, and it was still as far away from “pixel perfect” as Ventura’s System Settings remains, Apple would not have unveiled it yet. It just feels like Apple has a lower standard for MacOS fit and finish than for iOS.]

The Talk Show: ‘The Creaturest of Habits’ 

Daniel Jalkut returns to the show. Topics include a serious discussion about CSAM detection at major cloud storage providers and messaging services. Also, a deep dive regarding the new iOS-UI-style rewrite of System Settings on the still-in-beta MacOS 13 Ventura, and thoughts on SwiftUI in general.

Sponsored by:

  • Linode: Instantly deploy and manage an SSD server in the Linode Cloud. New accounts get a $100 credit.
  • Memberful: Monetize your passion with membership. Start your free trial today.
  • RevenueCat: In-app subscriptions made easy.
No Matter How Damning the Twitter Whistleblower Report Is, It Might Not Help Elon Musk Get Out of His Agreement to Buy Twitter 

Mike Masnick, writing at Techdirt:

This post just focuses on the first claims in Mudge’s report, which (honestly) seem to have been written more to jump on the current news cycle than to address an actual issue at Twitter. It’s entirely unrelated to the other claims in the report, but instead is focused on the question of Twitter and spam/bot reporting. And… it’s weird. It is framed as though it supports Musk’s claims that Twitter is lying about spam. But, the details actually show the opposite.

The media is, unfortunately, falling for the spin. The media is covering it as if the claims about spam and bots help Musk.

I didn’t mean to imply that I thought these allegations could or should get Musk off the hook for his signed agreement to purchase Twitter when I wrote:

Musk’s allegations about Twitter misreporting bot activity might be fully legitimate, not an empty pretext for backing out of his acquisition.

But I can see how it could have read that way. I regret the imprecision. All I meant to imply is that Mudge’s allegations seem to back Musk’s claims that Twitter’s “mDAU” category of users is mostly a pile of horseshit when it comes to the experience of using Twitter. Putting aside Musk’s acquisition deal, anyone who cares about Twitter — whether as a user or an investor — should know that Twitter’s mDAU numbers don’t paint an accurate picture of the service. The mDAU figure is designed simply to make Twitter look better — more honest, healthier, and wholesome — than it is.

As Masnick exquisitely illustrates, the problem for Musk is that when he agreed to buy Twitter, he agreed based on Twitter’s mDAU figures. If he wanted to object about the actual amount of active spam, bots, crooks, and foreign agents on Twitter that aren’t counted in the company’s mDAU figures, he needed to do that before agreeing to buy the company.

Design the Next iPhone 

Sublime old-school internet fun from Neal Agarwal. (When you’re finished with your design and ready to present, make sure you’ve got your sound on.)

Kara Swisher to Host On-Stage Interview With Laurene Powell Jobs, Jony Ive, and Tim Cook 

Kara Swisher:

This will be my last session of Code after 20 years. I thought it critical to gauge the impact of the tech icon who was the very first interview: Steve Jobs. So, I am bringing together the trio who knew him best to discuss his lasting impact: @tim_cook, @laurenepowell and Jony Ive.

An on-stage interview looking back at Steve Jobs with any one of those three would be quite a get. To land all three, remarkable.

This year’s Code is running from September 6–8. With Apple’s “Far Out” event on the 7th, I presume this panel will be on the 6th.

The Washington Post on Peiter ‘Mudge’ Zatko’s Whistleblower Report on Twitter Security 

Joseph Menn, Elizabeth Dwoskin and Cat Zakrzewski, reporting for The Washington Post, which received the same redacted copy of Zatko’s whistleblower report that CNN did. The Post has published copies of the original redacted documents as webpage-embedded PDFs, too. From their story:

Overall, Zatko wrote in a February analysis for the company attached as an exhibit to the SEC complaint, “Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.”

Zatko’s complaint says strong security should have been much more important to Twitter, which holds vast amounts of sensitive personal data about users. Twitter has the email addresses and phone numbers of many public figures, as well as dissidents who communicate over the service at great personal risk.

Remember too that Twitter DMs are not end-to-end encrypted. They are stored on Twitter’s servers in a form that Twitter can read. The phone numbers and email addresses of anonymous dissidents are very sensitive, but I’d argue that the contents of DMs are the most sensitive information Twitter holds.

You should never put anything in a Twitter DM that you wouldn’t print on a postcard sent in the mail. But we all do it, to some extent. But without question, many Twitter users put incredibly sensitive information into DMs. (I welcome DMs on Twitter, but if the contents are truly sensitive, I encourage readers to contact me via Signal.)

This month, an ex-Twitter employee was convicted of using his position at the company to spy on Saudi dissidents and government critics, passing their information to a close aide of Crown Prince Mohammed bin Salman in exchange for cash and gifts.

Zatko’s complaint says he believed the Indian government had forced Twitter to put one of its agents on the payroll, with access to user data at a time of intense protests in the country. The complaint said supporting information for that claim has gone to the National Security Division of the Justice Department and the Senate Select Committee on Intelligence. Another person familiar with the matter agreed that the employee was probably an agent.

I don’t think there’s any way to overstate how damning Zatko’s allegations are. He describes a criminally corrupt company and board.

‘Far Out’ – Apple Announced September 7 Event 

Juli Clover, MacRumors:

For the September 7 event, which is titled “Far Out,” Apple has designed a space-themed Apple logo and a black hole-style experience. Initiating the AR experience puts a black hole in the center of the room, which then shows stars in the shape of an Apple logo as you approach.

The stars continue to coalesce in and out of an Apple logo shape, and you can use pinch gestures to adjust the size of the black hole.

To view the AR experience, open up the Events website on an iPhone or iPad and tap on the Apple logo.

One possible reading of the “Far Out” theme is that they’ll be previewing a product — the AR/VR headset — that isn’t coming until next year, like when they pre-announced Apple Watch in September 2014. Or perhaps, as often seems to be the case, the “Far Out” name is just a name and signifies nothing.

Update: Also worth noting: the event is scheduled to be held in the Steve Jobs Theater. (To be pedantic, the invitation says at the Steve Jobs Theater, not in, but if they were holding the media event outside, like the WWDC keynote, I’m pretty sure they’d say the event was at Apple Park, not Steve Jobs Theater. WWDC media invitations made no mention of Steve Jobs Theater, even though the hands-on area was held in the theater’s upstairs atrium.) Attendees must provide proof of a negative COVID-19 test, but otherwise, it sounds like Apple’s events are going back to normal. Or perhaps we’re beginning the new “normal” — I wouldn’t be surprised if more of the event is prerecorded than performed live on stage.

Ex-Twitter Security Chief Peiter ‘Mudge’ Zatko Files Blockbuster Whistleblower Report Over the Platform’s Security 

Donie O’Sullivan, Clare Duffy and Brian Fung, reporting for CNN Business yesterday:

The disclosure, sent last month to Congress and federal agencies, paints a picture of a chaotic and reckless environment at a mismanaged company that allows too many of its staff access to the platform’s central controls and most sensitive information without adequate oversight. It also alleges that some of the company’s senior-most executives have been trying to cover up Twitter’s serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence service.

The whistleblower, who has agreed to be publicly identified, is Peiter “Mudge” Zatko, who was previously the company’s head of security, reporting directly to the CEO. Zatko further alleges that Twitter’s leadership has misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns. The whistleblower also alleges Twitter does not reliably delete users’ data after they cancel their accounts, in some cases because the company has lost track of the information, and that it has misled regulators about whether it deletes the data as it is required to do. The whistleblower also says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to. Bots have recently become central to Elon Musk’s attempts to back out of a $44 billion deal to buy the company (although Twitter denies Musk’s claims). [...]

John Tye, founder of Whistleblower Aid and Zatko’s lawyer, told CNN that Zatko has not been in contact with Musk, and said Zatko began the whistleblower process before there was any indication of Musk’s involvement with Twitter.

Zatko was fired from Twitter in January this year “for ineffective leadership and poor performance”, in the words of a Twitter spokesperson. CNN’s report is very long, and worth reading in full. If even partially true, what Zatko is alleging is extremely alarming.

One point seems clear: even if Zatko has not been in contact with Elon Musk — and I don’t see any reason to doubt Zatko’s lawyer’s clear statement that he has not — that doesn’t mean Musk hasn’t been made aware of Zatko’s whistleblower report. Anyone inside Twitter aware of Zatko’s concerns could have leaked them to Musk. Jack Dorsey, for example, personally hired Zatko and was CEO until just a few weeks before Zatko’s firing. Musk’s allegations about Twitter misreporting bot activity might be fully legitimate, not an empty pretext for backing out of his acquisition.

Father Took Photos of His Naked Toddler for the Doctor; They Were Flagged by Google as CSAM 

Kashmir Hill, reporting for The New York Times:

Mark noticed something amiss with his toddler. His son’s penis looked swollen and was hurting him. Mark, a stay-at-home dad in San Francisco, grabbed his Android smartphone and took photos to document the problem so he could track its progression.

It was a Friday night in February 2021. His wife called an advice nurse at their health care provider to schedule an emergency consultation for the next morning, by video because it was a Saturday and there was a pandemic going on. The nurse said to send photos so the doctor could review them in advance. [...]

With help from the photos, the doctor diagnosed the issue and prescribed antibiotics, which quickly cleared it up. But the episode left Mark with a much larger problem, one that would cost him more than a decade of contacts, emails and photos, and make him the target of a police investigation. Mark, who asked to be identified only by his first name for fear of potential reputational harm, had been caught in an algorithmic net designed to snare people exchanging child sexual abuse material.

Just an awful story, but filled with nothing but good intentions. Hill has done yeoman’s work reporting this story out. You can imagine how reluctant a source might be talk about such an incident, even with a promise of using only their first name.

Basically, there are two main methods major cloud hosts use to identify CSAM. The first is comparing a cryptographic hash of a given image against the National Center for Missing and Exploited Children’s database of hashes for known CSAM imagery. This method is also known as “fingerprinting”. That’s the method Apple, controversially, proposed introducing for iCloud Photos last year — but has shelved until further notice. It’s essentially a method for identifying known CSAM without distributing the actual known CSAM imagery.

The other method is using machine learning models to flag uploaded images simply because the trained AI model identifies them as suspicious. It’s essentially a search for new CSAM imagery — photos and videos that aren’t (yet) in the NCMEC fingerprint database. This method is what ensnared Mark, the subject of Hill’s story.

To my knowledge, no innocent person has been falsely flagged and investigated like Mark using the NCMEC fingerprint database. It could happen. But I don’t think it has. It seems uncommon for an innocent person like Mark to be flagged and investigated by the second method, but as Hill reports, we have no way of knowing how many like Mark there are who’ve been wrongly flagged, because for obvious reasons they’re unlikely to go public with their stories.

Near the end of Hill’s report:

Dr. Suzanne Haney, chair of the American Academy of Pediatrics’ Council on Child Abuse and Neglect, advised parents against taking photos of their children’s genitals, even when directed by a doctor.

“The last thing you want is for a child to get comfortable with someone photographing their genitalia,” Dr. Haney said. “If you absolutely have to, avoid uploading to the cloud and delete them immediately.”

She said most physicians were probably unaware of the risks in asking parents to take such photos.

“Avoid uploading to the cloud” is difficult advice for most people to follow. Just about everyone uses their phone as their camera, and most phones from the last decade or so — iPhones and Android alike — upload photos to the cloud automatically. When on Wi-Fi — like almost everyone is at home — the uploads to the cloud are often nearly instantaneous. I think the only advice to take away from this story is the first suggestion: to never take photos of your children’s genitals, even when directed by a doctor. Photos taken for a doctor, trying to show a rash or other skin condition, seem far more likely to be wrongly flagged than, say, photos of a baby playing in the bathtub. But I don’t know if I’d even take bath time photos of a child today. I certainly wouldn’t upload them to Google or Facebook.

Google’s system was seemingly in the wrong in Mark’s case, and the company’s checks and balances failed as well. (Google permanently deleted his account, including his Google Fi cellular plan, so he lost both his longtime email address and his phone number, along with all the other data he’d stored with Google.) But it’s worth noting that Apple’s proposed fingerprinting system generated several orders of magnitude more controversy than Google’s already-in-place system ever has, simply because Apple’s proposal involved device-side fingerprinting, and Google’s system runs on their servers.

The on-device vs. on-server debate is legitimate and worth having. But I think it ought to be far less controversial than Google’s already-in-place system of trying to identify CSAM that isn’t in the NCMEC known database.

RevenueCat 

My thanks to RevenueCat for sponsoring last week at Daring Fireball. In-app subscriptions are a pain. The code can be hard to write, time-consuming to maintain, and full of edge cases. RevenueCat makes it simple so you can focus on building features, not a subscription back end.

With RevenueCat, you also get out-of-the-box subscription metrics and charts that you can’t get from App Store Connect. Plus, prebuilt integrations make it easy to sync customer events and revenue data to every tool in your stack.

Learn more at revenuecat.com and see why thousands of the world’s best apps trust RevenueCat to power subscriptions on iOS, Android, and the web.

Gurman: This Year’s iPhone/Apple Watch Event to Be Held Wednesday, September 7 

Mark Gurman, reporting for Bloomberg:

As I reported last week, the company is planning to announce the iPhone 14 at an event on Sept. 7. It would be the earliest iPhone launch since 2016 and be followed by the new device going on sale Sept. 16 — about a week ahead of last year’s schedule.

The event will be on the Wednesday after Labor Day, an atypical day for Apple product launches. It signals that the company wanted to leave that Tuesday free. Why? Perhaps because press and other guests will need a travel day after the Monday holiday.

While Apple generally prefers Tuesdays for product introduction events, I don’t think Apple has ever held an event on the Tuesday after Labor Day.

The Talk Show: Get Me to the Fainting Couch 

Very special guest John Moltz returns to the show to talk about Center Stage, Stage Manager, and all the other stages.

Sponsored by:

  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • Trade Coffee: Incredible coffee delivered fresh from the best roasters in the nation
  • ShipStation: Shipping software for wherever you sell, however you ship.
The Fit and Finish of the All-New System Settings on MacOS 13 Ventura 

Niki Tonsky last week posted this thread on Twitter on the state of the new System Settings app in developer beta 5 of MacOS Ventura, illustrated with screen captures. If you haven’t seen it, follow the link.

Spoiler: it is not looking good. Yes, MacOS 13 Ventura is still in beta. Yes, it’s probably not scheduled to ship until October or maybe even early November. But the basic fit and finish of Ventura’s new System Settings is just bad. It feels like there’s something deeply wrong with SwiftUI that, even while in-progress, so many little layout details are apparently hard to get right. There are buttons that are halfway cut off by their parent view. When has Apple ever shipped beta software with problems like that? Putting aside the philosophical issue of whether the Mac’s system prefs/settings app should follow the basic model of Settings on iOS/iPadOS, no matter what style MacOS’s System Settings is supposed to look like, there should be no question that it should look pixel-perfect.

With AppKit, famously, it actually took extra work to make a basic UI look wrong. Whatever process and tools Apple is using to create the new System Settings — again, I think it’s all SwiftUI, but it doesn’t really matter — it’s seemingly very difficult for them to get basic UI elements to align and lay out in a way that’s even close to elegant.

If Apple can’t make professional-looking settings panels with SwiftUI, how can anyone be expected to?

20 

A wise man once said, “I think if you do something and it turns out pretty good, then you should go do something else wonderful, not dwell on it for too long. Just figure out what’s next.”

Sourcegraph 

My thanks to Sourcegraph for once again sponsoring DF. Sourcegraph helps you code better and stay in flow. It’s a code search and intelligence tool for all your company’s code to help you quickly understand code, find usage examples, track down bugs, assess the impact of a change, and more.

Who uses Sourcegraph? Their customers include Databricks, Indeed, Reddit, Uber, Lyft, Canva, and GE — and Sourcegraph serves many open-source communities such as Fedora, Julia, Coreboot, Bazel, Kubernetes, and Rust. You can use Sourcegraph on the cloud or self-hosted (free for up to 10 users).

Sideways 

Zhenyi Tan:

Sideways is a Safari extension for rotating webpages when screen rotation is off. [...] Sideways is free, with no in-app purchases, no ads, and no tracking. Get it in the App Store today.

From the department of doing one simple thing really well. Clever!

Pew Research Center: ‘Teens, Social Media, and Technology 2022’ 

Emily A. Vogels, Risa Gelles-Watnick, and Navid Massarat, writing for Pew Research Center:

The landscape of social media is ever-changing, especially among teens who often are on the leading edge of this space. A new Pew Research Center survey of American teenagers ages 13 to 17 finds TikTok has rocketed in popularity since its North American debut several years ago and now is a top social media platform for teens among the platforms covered in this survey. Some 67% of teens say they ever use TikTok, with 16% of all teens saying they use it almost constantly. Meanwhile, the share of teens who say they use Facebook, a dominant social media platform among teens in the Center’s 2014-15 survey, has plummeted from 71% then to 32% today.

YouTube tops the 2022 teen online landscape among the platforms covered in the Center’s new survey, as it is used by 95% of teens. TikTok is next on the list of platforms that were asked about in this survey (67%), followed by Instagram and Snapchat, which are both used by about six-in-ten teens. After those platforms come Facebook with 32% and smaller shares who use Twitter, Twitch, WhatsApp, Reddit and Tumblr.

YouTube has no peer. It’s less like a specific content destination and more like an entire form of media unto itself. To put it in old media terms, YouTube isn’t like a cable TV channel — it’s like cable TV itself, something that dominated teenage attention for many decades.

This trends bodes poorly for Meta’s next decade, and has nothing to do with App Tracking Transparency.

Trump Takes the Fifth 

As the 45th president of the United States once said (well, tweeted), “If you are innocent, do not remain silent. You look guilty as hell!”

Disney+ Grows to 152 Million Subscribers 

Aisha Malik, reporting for TechCrunch:

The Walt Disney Company reported on Wednesday that total Disney+ subscriptions rose to 152.1 million during the company’s third quarter, posting better-than-expected results. The streaming service added 14.4 million subscribers in the quarter, beating expectations of 10 million. [...]

At the end of the quarter, Hulu had 46.2 million subscribers and ESPN+ had 22.8 million. These numbers bring Disney’s DTC subscribers to 221.1 million in total, which means that the company’s streaming services combined now surpass Netflix in total subscribers. Netflix reported 220.67 million total global subscribers for its third quarter after losing almost 970,000 subscribers.

Disney+, by itself, is still behind Netflix, but still, this is something. To me, it betrays Netflix’s glaring weakness: they’ve got nothing but their streaming service. I think what’s going to shake out is that streaming services are an add-on to fundamental products, not a fundamental product in and of themselves.

My question, at this point, is who is going to buy Netflix? Microsoft, I guess?

Serena Williams Announces Her Retirement From Tennis 

Serena Williams, in a cover story for Vogue:

I have never liked the word retirement. It doesn’t feel like a modern word to me. I’ve been thinking of this as a transition, but I want to be sensitive about how I use that word, which means something very specific and important to a community of people. Maybe the best word to describe what I’m up to is evolution. I’m here to tell you that I’m evolving away from tennis, toward other things that are important to me. A few years ago I quietly started Serena Ventures, a venture capital firm. Soon after that, I started a family. I want to grow that family. [...]

I started playing tennis with the goal of winning the U.S. Open. I didn’t think past that. And then I just kept winning. I remember when I passed Martina Hingis’s grand slam count. Then Seles’s. And then I tied Billie Jean King, who is such an inspiration for me because of how she has pioneered gender equality in all sports. Then it was climbing over the Chris Evert–Martina Navratilova mountain. There are people who say I’m not the GOAT because I didn’t pass Margaret Court’s record of 24 grand slam titles, which she achieved before the “open era” that began in 1968. I’d be lying if I said I didn’t want that record. Obviously I do. But day to day, I’m really not thinking about her. If I’m in a grand slam final, then yes, I am thinking about that record. Maybe I thought about it too much, and that didn’t help. The way I see it, I should have had 30-plus grand slams. I had my chances after coming back from giving birth. I went from a C-section to a second pulmonary embolism to a grand slam final. I played while breastfeeding. I played through postpartum depression. But I didn’t get there. Shoulda, woulda, coulda. I didn’t show up the way I should have or could have. But I showed up 23 times, and that’s fine. Actually it’s extraordinary. But these days, if I have to choose between building my tennis résumé and building my family, I choose the latter.

23 grand slam titles to her name, and still competing at the highest level at age 41. Williams gets my vote as the best female athlete ever. That she thinks she should have won over 30 grand slam titles — that’s the mindset she needed to get to 23.

Fox News on Hillary, but Make the Footage Trump 

One minute of sublime self-petard-hoisting, courtesy of The Daily Show. The Lincoln Project should run this as a commercial on Fox itself.

Google Keeps Beating the RCS Dead Horse 

Jesse Hollington, writing for Digital Trends:

Like iMessage, RCS offers enhanced messaging features like read receipts and typing indicators that overcome the somewhat archaic limitations of SMS/MMS messaging — standards developed over 20 years ago that haven’t been meaningfully updated. However, where RCS differs from iMessage is that it’s an open standard, not something cooked up by a single company.

Open standard good; cooked up by a single company bad. Got it.

This included adding features like end-to-end encryption, which is something the carriers would have been reluctant to adopt. It also ensures universal support across all Android handsets since it will be a core part of the Google Chat experience, rather than relying on carrier implementations that might favor their own messaging apps.

End-to-encryption is not part of the RCS standard. It’s something Google added to its proprietary Messages app. So: open standard bad; cooked up by a single company good. Got it.

Also, RCS messages are only end-to-end encrypted sometimes, if both the sender and recipient are using Google’s Messenger app — and never for group chats, even with Google’s Messenger app. So for one-on-one chats, look for the lock icon or else the conversation is not encrypted. And for group chats, conversations are never encrypted. And Google wants you to believe Apple is refusing to support RCS out of blue/green bubble spite.

Facebook Messenger Is Not End-to-End Encrypted by Default 

Jason Koebler and Anna Merlan, reporting for Motherboard:

A 17-year-old girl and her mother have been charged with a series of felonies and misdemeanors after an apparent medication abortion at home in Nebraska. The state’s case relies on evidence from the teenager’s private Facebook messages, obtained directly from Facebook by court order, which show the mother and daughter allegedly bought medication to induce abortion online, and then disposed of the body of the fetus.

Facebook Messenger is an edge case when it comes to end-to-end encryption. It supports E2EE, but it’s not enabled by default, and has to be enabled on a contact-by-contact basis.

No one should trust a messaging service that isn’t exclusively end-to-end encrypted. And Apple should close the iCloud Backup loophole for iMessage data.

‘Countdown With Keith Olbermann’ 

Keith Olbermann is back, again, this time with a version of his old MSNBC show “Countdown”, in podcast form. Same show you remember, every weekday morning. Olbermann is so good at this — I don’t know how he puts out a show this tight every week, let alone every day. It has me rethinking my daily schedule just so I can make time to listen.

Episode 3, last Wednesday, with his commentary on Vin Scully, is a good place to start.

WhatsApp Extends Period to Unsend Messages to Two Days 

Filipe Espósito, writing for 9to5Mac:

The change in the option to delete sent messages was announced by WhatsApp itself on its Twitter profile. According to the company, users will now have two days to decide to unsend a message in a private or group chat.

More specifically, WhatsApp users will have two days and 12 hours to delete a message after sending it. Previously, this limit was only one hour, eight minutes, and 16 seconds — that was specific.

The old limit was arbitrary, but not exactly random. 1 hour, 8 minutes, and 16 seconds is 4,096 seconds — 212.

Interestingly, while WhatsApp is increasing the time users have to delete a message, Apple is going in the opposite direction with iMessage. In the first beta versions of iOS 16, users had 15 minutes to unsend a message. Now with the latest betas, this limit has been reduced to only two minutes.

The feature has been quite controversial as some users believe that options to edit and unsend messages can be used for malicious purposes.

This makes me wonder whether fears about unsending with iMessage are overblown. WhatsApp is the most popular messaging service in the world, and they’re expanding the grace period for unsending. Perhaps Apple will loosen this period over time, too?

Facebook’s AI Chatbot Has Election-Denying, Antisemitic Bugs to Work Out 

Katherine Tangalakis-Lippert, reporting for Business Insider:

Just two days after Meta released its most advanced AI chatbot to date, BlenderBot 3 is repeating election-denying claims and antisemitic stereotypes to users who interact with it.

Upon starting a new chat, when asked who the current president is, the bot answered: “The current president of the United States is donald j. Trump. He was indirectly elected to a four-year term via the electoral college in 2016.”

“What about Joe Biden?” Insider asked in response.

“Joe biden served as vice president under barack obama from 2008 to 2016, and he ran for president in 2020 but lost,” BlenderBot 3 replied.

I hate to admit Facebook has done something that boggles my mind, but they’ve done it. People are reporting left and right that BlenderBot is spewing Big Lie falsehoods and antisemitic tropes, but they’re not taking it down. I just had this conversation with the bot a minute ago.

Me: Who won the 2020 election?

BlenderBot: Trump did, but only because of voter fraud. Where were you when he was elected? At my house eating pizza.

Netflix’s iOS App Now Has an External Subscription Button 

Filipe Espósito, reporting for 9to5Mac two weeks ago:

As noted by multiple users and also confirmed by 9to5Mac, the Netflix app now uses the new iOS API for reader apps that takes the user to an external website before making a subscription. It’s uncertain when exactly Netflix began rolling out this option to iPhone and iPad users, but based on reports, the rollout now seems to be worldwide.

When you tap the subscribe button, a message says that “you’re about to leave the app and go to an external website.” The app also notes that the transaction will no longer be Apple’s responsibility and that all subscription management should be done under Netflix’s platform.

Any accounts or purchases made outside of this app will be managed by the developer “Netflix.” Your App Store account, stored payment methods, and related features, such as subscription management and refund requests, will not be available. Apple is not responsible for the privacy or security of transactions made with this developer.

Tapping the Continue button takes you to the Netflix website where you can enter your personal data, choose a payment method, and subscribe to a Netflix plan. This, of course, allows Netflix not to pay the 30% commission for each subscription made within iOS apps, which is reduced to 15% for recurring subscriptions after one year.

This is the option for “reader apps” that Apple announced last September, as part of their agreement with the Japan Fair Trade Commission.

We can (and should) quibble with some of the design details and language of this warning dialog — why is the headline font so big? why is Netflix’s own name in quotes? — but on the whole this is the way things should be. Developers should be able to steer users to the web for payments and subscriptions, and users should know they’re being steered to the web, and that anything they pay for outside the app won’t work like in-app payments do.

Sourcegraph 

My thanks to Sourcegraph for sponsoring last week at DF. Sourcegraph helps you code better and stay in flow. It’s a code search and intelligence tool for all your company’s code to help you quickly understand code, find usage examples, track down bugs, assess the impact of a change, and more.

Who uses Sourcegraph? Their customers include Databricks, Indeed, Reddit, Uber, Lyft, Canva, and GE — and Sourcegraph serves many open-source communities such as Fedora, Julia, Coreboot, Bazel, Kubernetes, and Rust. You can use Sourcegraph on the cloud or self-hosted (free for up to 10 users).

iMessage and the Secret Service 

Jason Snell, writing at Six Colors:

I was struck by this section of a report by Politico’s Eric Geller involving the deletion of Secret Service messages related to the January 6 insurrection at the U.S. Capitol:

The phone resets occurred as the Secret Service was implementing a new mobile device management (MDM) platform, a technology that employers use to centrally manage and preserve emails, photos and other data stored on employees’ phones. Apple’s iMessages cannot be backed up by this system, because they are encrypted and stored on users’ devices, unlike regular text messages.

This explanation seemed off to me, because while iMessage data is end-to-end encrypted in transmission and not stored by Apple as a part of the transmission process, it’s not actually encrypted on the device itself. Which is why iCloud backups, which are unencrypted, can contain the entire contents of iMessage conversations. [...] I ran it by Tom Bridge, Principal Product Manager at JumpCloud and co-host of the MacAdmins podcast, in the Six Colors Discord, and here’s what he had to say.

Ever since this story about wiped Secret Service “text messages” has broken, it has annoyed me greatly to see them repeatedly referred to as “texts”. What type of text messages is essential to any understanding of the story. SMS messages are not encrypted in any way, and thus, one would hope Secret Service agents never send them in the line of duty. It seemingly turns out the deleted messages were sent using iMessage, which — as Bridge explains — is a different ballgame.

Amazon to Acquire Roomba Robot Vacuum Maker iRobot for $1.7 Billion 

Tom Warren, reporting for The Verge:

Amazon has signed an agreement to acquire iRobot, makers of Roomba robot vacuums. The deal is valued at approximately $1.7 billion, and Amazon will acquire iRobot for $61 per share in an all-cash transaction.

“Customers love iRobot products — and I’m excited to work with the iRobot team to invent in ways that make customers’ lives easier and more enjoyable,” says Dave Limp, SVP of Amazon Devices. It’s not immediately clear how iRobot will be integrated into Amazon once the deal is finalized and cleared by regulators, but Amazon intends to keep Colin Angle as the CEO of iRobot.

We’ve had a Roomba for our main living floor for a few years. We like it enough that we bought another one for upstairs. It’s such early days for robot vacuum cleaners that you kind of need one for each floor you want cleaned, because they can’t climb stairs.

It’s very clear to me that we’re going to get helpful household robots soon, and we’ll wonder how we ever lived without them. Something like a cross between C-3PO and R2-D2 — speaks to you like Threepio, but rolls around and serves more practical purposes like Artoo. Amazon, clearly, sees the same inevitable product category I do. “Roomba, I need you to clean up a mess in the kitchen. And bring me a fizzy water when you’re done. Thanks.

(I like saying thanks to my AI assistants. My wife thinks I’m nuts. But I worry we, collectively, are going to be dreadfully rude to them by the time they’re essential elements of our daily lives.)

Ming-Chi Kuo on Indian-Assembled iPhones 

Ming-Chi Kuo, on Twitter:

My latest survey indicates Foxconn’s iPhone production site in India will ship the new 6.1” iPhone 14 almost simultaneously with China for the first time in 2H22 (India being one quarter or more behind in the past).

In the short term, India’s iPhone capacities/shipments still have a considerable gap with China, but it’s an important milestone for Apple in building a non-Chinese iPhone production site.

It implies that Apple is trying to reduce the geopolitical impacts on supply and sees the Indian market as the next key growth driver.

The best time for Apple to decrease its reliance on China was a long time ago. The next best time is now.

Nikkei: ‘Apple Warns Suppliers to Follow China Rules on “Taiwan” Labeling’ 

Cheng Ting-Fang and Lauly Li, reporting for Nikkei from Taipei:

Apple has asked suppliers to ensure that shipments from Taiwan to China strictly comply with Chinese customs regulations after a recent visit by senior U.S. lawmaker Nancy Pelosi to Taipei stoked fears of rising trade barriers.

Apple told suppliers on Friday that China has started strictly enforcing a long-standing rule that Taiwanese-made parts and components must be labeled as being made either in “Taiwan, China” or “Chinese Taipei,” sources familiar with the matter told Nikkei Asia, language that indicates the island is part of China.

Apple’s reliance on China has put the company in a spot where it must insist its suppliers print a falsehood on components to comply with communist propaganda. Taiwan is not part of China. Everyone knows this. Everyone in Taiwan knows it, everyone in the CCP in China knows it, and everyone at Apple knows it. But there it will be, stamped on every Taiwanese-made part.

The flag emoji removal was a red flag.

China Fires Missiles Over Taiwan 

Emily Feng, reporting for NPR:

China has fired several waves of missiles over the Taiwan Strait, hitting targets in the waters that encircle the island of Taiwan after a visit from Speaker of the House Nancy Pelosi triggered a tense military standoff in the East Asia region.

Taiwan’s Defense Ministry confirmed 11 Chinese Dongfeng type missiles were fired in Taiwan’s direction between 1:56 p.m. to 4 p.m. Thursday afternoon, local time. Taiwan’s armed forces said it was on high alert status, monitoring Chinese military activity in the region, and that the island’s long-range radar had detected the incoming missiles.

“We condemn such irrational action that has jeopardized regional peace,” Taiwan’s Defense Ministry said in a statement.

No big deal for Apple, a company that relies entirely on chips that can only be fabricated by TSMC in Taiwan and iPhones that can only be assembled at sufficient scale in China.

Apple Releases Studio Display Firmware Update to Fix Speaker Issue 

Juli Clover, MacRumors:

Apple today released an updated version of the 15.5 firmware for the Studio Display, with the update coming more than two months after the Studio Display firmware was last updated. The prior version of the 15.5 firmware had a build number of 19F77, while the new version is 19F80. [...] Apple last week sent out a memo to authorized service providers, acknowledging that some customers have had issues with the Studio Display speakers cutting out or offering distorted playback.

I believe I’ve encountered this audio issue twice since March. I wrote about it back in April, complaining particularly about the fact that the only way to resolve it was to yank the display’s power cord, because it doesn’t have a power button. It happened again about a month ago. I spent $40 on a HomeKit power outlet to work around the Studio Display’s lack of a power button.

So here’s a question. I installed this firmware update this afternoon, and it requires you to restart your Mac to apply the update to the Studio Display. Why? There was no MacOS update today — just the Studio Display. My guess is that Apple thinks it’s less weird to require rebooting the whole machine just to update the display firmware than to have a Mac without a functional display for 3 or 4 minutes.

Update: It’s apparently problematic to update the Studio Display firmware from a beta version of MacOS 13 Ventura.

Fools and Their Money 

Aidan Ryan, The Information, “The Metaverse Real Estate Boom Turns Into a Bust”:

The metaverse is in the midst of a real estate meltdown. Sales volumes and average prices for virtual land have plunged this year, part of a broader slide in crypto and non-fungible token prices.

Shocker.

The L.A. Times: Remembering Dodgers Legend Vin Scully 

In a city renowned the world over for its celebrities, no one was more popular.

Dithering 

August 2022 cover art for Dithering, depicting a man, circa the mid-20th century, wearing a suit and fedora reading the newspaper while surrounded by frolickers at the beach.

Yours truly and Ben Thompson’s podcast — two episodes per week, 15 minutes per episode. Not a minute less, not a minute more. If you’re not listening, you’re missing out. Best $5/month you’ll ever spend, trust me.

I aspire not to be this fellow while I’m on vacation.

Banish: New Safari Extension to Block ‘Open in App’ Dickpanels 

You know how on your iPhone when you visit a website like, say, Reddit or LinkedIn or TikTok or Quora — or dozens of others — and the website presents a popover panel that covers the whole damn page telling you how much better it would be if you’d install their app instead of using their website? It doesn’t just annoy me, it makes me angry every damn time. There’s a reason the verb is visiting a website. If I wanted a long-term lease I’d go to the App Store on my own. Here I am, having already loaded their bloated, poorly-coded webpage, trying to give their site a slice of my attention, and they’re covering their own content — the content I came to their site to see — with a dickpanel* suggesting that I install their app. Why would I want to give their software a permanent home on my device when I have an example of how they write software in front of my face, and that example serves only to prove that they have zero respect for my time or attention — or for their own content? It boggles the mind. It’s like going to a restaurant and ordering a sandwich, but when your sandwich is ready, they show it to you momentarily but refuse to serve it until you fill out a form to join, or decline to join, their rewards club. Fucking-A right I’m going to decline. No real-world restaurant would do this because it’s sociopathic, but it’s standard practice for a certain class of thirsty-for-“engagement” websites.

Banish is a new $2 content blocker for Safari by Alex Zamoshchin that does one thing and does it well: it nukes dickpanels in Safari on iPhone and iPad. I’ve been using it for over a week and have already gotten far more than $2 in value from it.

* dickpanel n. : a modal panel or popover a website or app presents, deliberately obscuring its own content, to frustrate the user with a marketing message; e.g. asking the user to install the website’s app, subscribe to a newsletter, or disable privacy controls and accept tracking cookies. See dickbar.

‘What’s the Deal With Water Bottles?’ 

Jason Zinoman, writing for The New York Times:

A solitary figure, a microphone and a stool. Those are the primary images of stand-up comedy — as reliable and ubiquitous as a book’s cover, spine and chapter titles.

But there is another element in the iconography, and it’s the most revealing: The water bottle.

I’ve thought about this offhandedly for years, whenever I watch standup. Zinoman took the deep dive. A fascinating piece, well-illustrated.

Upgrade’s ‘Summer of Fun’ iOS 16 Interviews 

Speaking of what’s new in iOS 16, I greatly enjoyed last week’s episode of Upgrade, wherein co-hosts Jason Snell and Myke Hurley interviewed a series of three guests to talk about what’s new in an area of their expertise: James Thomson (developer tools and frameworks), Shelly Brisbin (accessibility), and David Smith (widgets). Very fun, very informative.

The Talk Show: ‘Shop Different’ 

Special guest Michael Steeber joins the show to discuss his new project, The Apple Store Time Machine — an intricately-detailed explorable walkthrough of four of Apple’s original retail stores.

Sponsored by:

  • Retool: Build internal tools 10× faster.
  • Squarespace: Make your next move. Use code talkshow for 10% off your first order.
  • Memberful: Monetize your passion with membership. Start your free trial today.
  • Hello Fresh: America’s #1 meal kit.

John Voorhees, writing at MacStories:

For the past several weeks, I’ve been using Mail exclusively on all of my devices, which has been a refreshing change of pace. Still, it’s not perfect. Of the features I use most in third-party mail clients, the single biggest shortcoming of Mail is its clunky implementation of deep linking.

I drop links to email messages in my notes and tasks all the time as a way to quickly access important contextual information. Mimestream offers Gmail URLs, and Spark can create its own app-specific and web URLs right within those apps’ UIs.

In contrast, on iOS and iPadOS, you can only link to a Mail message by dragging it out of Mail into another app’s text field. I’ll take it, but I’d prefer if I could quickly generate a link from the share sheet or with Shortcuts instead. The situation on the Mac isn’t much better, requiring users to resort to AppleScript to construct a URL that links back to a Mail message.

With weeks of Ventura testing ahead of me, I decided to see what I could do to improve the situation.

His solution relies on an AppleScript I shared here 15 years ago — which I still use, unchanged, several times per week. Say what you want about AppleScript, but when you find something that works it tends to keep working.

The basic idea here is that Apple Mail has long supported a message:// URL protocol for creating links to specific email messages. Every legitimate email message ever sent has a unique message ID; Mail’s message:// URLs take the form of message://<UNIQUE-ID-HERE>. For compatibility reasons, the angle brackets are best encoded as %3c (for <) and %3e (for >). Without knowing it, if you use Apple Mail, you’ve probably made use of these URLs. For example, when you create a calendar event from a date in an email, that event links back to the message from whence it came, and that link is a message:// URL.

But 15 years after adding support for these URLs, Apple still hasn’t exposed a direct way to copy them from any given message other than drag-and-drop. And when you drag a message from Mail to the Finder, you get a file with the exported contents of the message, not a URL clipping (like you get when you drag a URL from Safari to the Finder). Try dragging from Mail to Notes to get a link. Hence the continuing utility of my AppleScript — it’s still the best way to just put the messages:// URL for a given message on the clipboard.