Month: February 2021

A no-bullshit look at Facebook’s and Apple’s privacy propositions – Part 1

Post author By Rahul
Post date 2021-02-08

Facebook is guilting people who use their iPhone app. iOS 14’s App Tracking Transparency now requires app makers to explicitly get people’s assent to be tracked. If the phone user declines, iOS only sends generic information that’s really hard to trace back to any identifiable person.

Obviously, this works against Facebook’s interests. It’s built a seven-hundred-billion-dollar company over fifteen years on the back of a sophisticated, extremely aggressive data collection and ad display business.

Facebook’s tried public pressure and PR to lobby against this intervention, arguing that this opt-in hurts not it, but small businesses, who rely on Facebook ads to target would-be customers.

Now Facebook’s building that argument right into its app, with a full-screen appeal to its users to allow themselves to be tracked in detail, so that small businesses may thrive. First reported by CNBC, here is what the screen supposedly looks like (left, before Apple’s prompt to the right):

Facebook’s CEO has said publicly that the company sees Apple as a competitor because “has every incentive to use their dominant platform position to interfere with how our apps and other apps work, which they regularly do to preference their own… Now Apple may say that they’re doing this to help people, but the moves clearly track their competitive interests.”

Now, Facebook’s straight-up ‘gaslighting’ people into voluntarily overriding Apple’s protections.

(Part 2 – comparing how Facebook and Apple talk about people’s data)

Products and Design The Next Computer Wellness when Always-On

Disturb by default

Post author By Rahul
Post date 2021-02-07

This Hacker News thread asks an interesting question: When did “disturb” become the default mode for devices? Specifically,

A few days ago I took a nap and set the DND –do not disturb– on a timer for 1h. Once the timer finished it went by default to “Turn off DND”, which is the same as “disturb me please”… Because of this I was wondering when did the “disturb” mode became (sic) the default? This applies to my phone as well, which I always have with DND turned on. How is it that we have to turn on DND. Shouldn’t it be “turn on disturb mode”?

Some of the answers I found worth sharing:

people generally want to be disturbed by notifications. Just consider how many people don’t keep their phone in silent mode. I don’t think it’s the ideal way to live, but people love running over to their phone to see if it’s a new WhatsApp message that cause the ping.

At the beginning of the smartphone era, there just weren’t that many disruptions to warrant a DND mode. Most notifications were interesting. And we didn’t have wearable devices tethered to phones or computers either. The normalization of distraction kind of got us by surprise, society-wide, and it’s only now that new UX patterns are developing to help people manage it.

My theory would be that that:

> “disturbable by default” is a carry-over from landline-only time
calls where rarer in landline-only time because they (sometimes) cost money
> calls where rarer in particular times (eg late at night) because of a social norm
> calls in the middle of the day where probably rarer, but also much easier to ignore because you were not at home and your phone simply run in the void
> calls were mostly done by human beings
Now, the “phone calls from a human being who respects social norms or that I simply never hear” have been replaced by “automated notifications from bots in a piece of plastic that’s constantly in my pocket, or text messages from people that expects me to be reachable at any time.”

Products and Design The Next Computer

iPhone home screen, February 2021 – widgets-only, again

Post author By Rahul
Post date 2021-02-06

(Previously:August, September, October, November, December, January home screens)

Little has changed from my home-screen-less, widgets-only setup from a couple of months ago. It’s likely going to stay this way until iOS 15 or later introduces something new.

A couple of comments, though:

I use the App Library as one way to launch my apps [1]. iOS do a good job of surfacing the most used apps in any App Library folder. But muscle memory forms pretty quickly, and I can now locate my most-used applications without even thinking about it. The brain just know, spatially, where they are on the App Library screen

There are two search bars, and it’s annoying. One is Spotlight, activating by swiping down on any screen. The second is the App Library search, activated by swiping down in the same way on the App Library screen.

Because I’ve deleted all home screens but the mandatory one, I have two screens that both reveal a search bar with the same action – but the search bars are totally different. Not just visually, but one searches files, contents in apps, Shortcuts, the web. The other lists apps.

Often I’m not consciously aware of which screen I’m on, I’ll search for some data in the App Library search bar and get no results. When I realise, after a second, that this isn’t the right screen, I need to abandon the search, switch to another screen or swipe down all the way from the top to invoke Spotlight, then type my text all over again.

I’m sure there’s a good reason for designing things this way [2], but it annoys me at least once a day.

[1] Siri Suggestions when swiping down to reveal Spotlight is another.

[2] Most people have a problem of too many home screens, not too few. Apple intended App Library to be a seldomly-used repository for apps that don’t need to live on a home screen or in a folder, but still need to be accessible. I use App Library as my only home screen, the opposite of what Apple designed it for.

Privacy and Anonymity Wellness when Always-On

Freedom from looking over your shoulder

Post author By Rahul
Post date 2021-02-05

The trope is if you don’t have anything to hide, why do you want stuff to be private?

Ask yourself this:

Can you say what your want, even 1:1, without fearing someone will attack you?

Can you search for and browse whatever you want. Without fear of being watched or found out?

Can you store whatever you want? (don’t break laws) Without fear of being flagged by someone’s policy?

Chances are, the answer to these is at least partially no. That should make clear why you need privacy.

Data Custody

“I don’t mind being locked in”

Post author By Rahul
Post date 2021-02-04

… The system provided by Hey for managing and organizing incoming email is what sets it apart from the competition, and it’s so good I don’t mind being locked into a proprietary service.
– Federico Viticci, Macstories

Famous last words, uttered by countless computer users over the last fifty years, to their inevitable regret.

Privacy and Anonymity The Next Computer Wellness when Always-On

Federated learning, cookies and keeping it simple when it comes to privacy

Post author By Rahul
Post date 2021-02-03

Google’s building what the company says is an alternative to cookies that collect interest-based information based on a person’s browsing pattern. Called federated learning of cohorts or FLOC, the project has made some code available on the code-sharing service github. From that page:

The browser uses machine learning algorithms to develop a cohort based on the sites that an individual visits. The algorithms might be based on the URLs of the visited sites, on the content of those pages, or other factors. The central idea is that these input features to the algorithm, including the web history, are kept local on the browser and are not uploaded elsewhere — the browser only exposes the generated cohort. The browser ensures that cohorts are well distributed, so that each represents thousands of people.

Google also created a comic to explain Federated Learning in general, which can be applied to projects other than displaying ads on web pages:

It’s a far, far cry from the one Google made over twelve years ago when it announced the then-revolutionary Chrome browser.

As someone with a computer science background, I am interested in learning about and following the progress of FLOC. As someone who cares about privacy and has invested thousands of hours helping spread awareness, I will avoid information collection for the purposes of displaying ads, period. Whether it’s through cookies or fingerprinting or the supercookies we read about recently, or through federated learning.

FLOC will be rolled out in Chrome in 2021, to people who are logged in to the Chrome browser. My advice from the point of view of privacy is to avoid this altogether. Just follow good hygiene when connected to the Internet on your phone or computer (which is all the time):

Use Firefox, not Chrome. On iOS, Safari is fine. On Android, just switch to Firefox for Android.
Do not stay logged in to any site – use private mode for that, or a separate browser
Use privacy plugins like Privacy Badger and uBlock Origin
Use an on-device VPN like Adblock or Adguard
Run your DNS requests through a Pi-hole, either running on a raspberry pi on your home network, or running in the cloud.

Other than point #2, it’s all setup and forget. Do it.

Products and Design The Next Computer

Paradigm Change and Personal Status

Post author By Rahul
Post date 2021-02-02

A change-oriented mindset, especially for technology, is one where you force yourself to let go of the models you developed for how things work and learn new approaches. Re-wiring yourself and letting go of that muscle memory and those patterns that often took years to develop and perfect is incredibly difficult in a technical sense. It is also difficult emotionally. So much of our own sense of empowerment comes from mastery of the tools we use and so changing or replacing tools means we are no longer masters but back to being on equal footing with lots of people. No one likes resetting their station on the tech hierarchy.
– Steven Sinofsky, “My Tablet Has Stickers”

Data Custody Privacy and Anonymity

Wishing away the laws of mathematics

Post author By Rahul
Post date 2021-02-01

From the encrypted email service Protonmail’s response to the Council of the EU calling for an update to laws governing encryption in internet applications:

While it’s not explicitly stated in the resolution, it’s widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors. However, the resolution makes a fundamental misunderstanding: encryption is an absolute. Data is either encrypted or it isn’t; users have privacy, or they don’t. The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizen’s home and might begin a slippery slope towards greater violations of personal privacy.

“Either data is encrypted or it isn’t” is right. As we have discussed before on the site, we’d need a fundamentally different type of algorithm in order to encrypt data such that it’d both be secure from decryption attacks but also be able to be unlocked by specific keys owned by a set of people. Today’s algorithms just don’t have this selective encryption. If the private key is with the user (or on their device, as in the case of the Secure Enclave on iOS devices), then it’s with no one else. You can’t have a bunch of private keys, one with the user and another with law enforcement. And even if you could, it raises the Q of keeping that key secure, and so on and on.

The debate between personal privacy and societal security is one we will be forced to have and settle at a public level quite soon. But lawmakers need to appreciate technology, even if they don’t understand it. As a memorable quote from a former Australian prime minister goes,

“The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”

The twenty first century cannot afford this.