You Are The Product

John Lanchester for the London Review of Books, with an amazing deconstruction of Facebook's malignant business model:

What this means is that even more than it is in the advertising business, Facebook is in the surveillance business. Facebook, in fact, is the biggest surveillance-based enterprise in the history of mankind. It knows far, far more about you than the most intrusive government has ever known about its citizens. It’s amazing that people haven’t really understood this about the company. I’ve spent time thinking about Facebook, and the thing I keep coming back to is that its users don’t realise what it is the company does. What Facebook does is watch you, and then use what it knows about you and your behaviour to sell ads. I’m not sure there has ever been a more complete disconnect between what a company says it does – ‘connect’, ‘build communities’ – and the commercial reality. Note that the company’s knowledge about its users isn’t used merely to target ads but to shape the flow of news to them. Since there is so much content posted on the site, the algorithms used to filter and direct that content are the thing that determines what you see: people think their news feed is largely to do with their friends and interests, and it sort of is, with the crucial proviso that it is their friends and interests as mediated by the commercial interests of Facebook. Your eyes are directed towards the place where they are most valuable for Facebook.

Interview: Apple’s Craig Federighi answers some burning questions about Face ID

Matthew Panzarino has a great interview with Apple VP Craig Federighi, well worth reading. Bottom line:

The fact of the matter is that there is likely an outsized amount of skepticism about Face ID because other manufacturers like Samsung have shipped versions of facial recognition that are, frankly, crap. If it can be fooled by a simple photo, what the hell are you doing shipping it at all?

Face ID is not a simple image recognition system. It looks at a three-dimensional model of your entire face, recognizing features at a level of detail high enough that Apple is confident that masks will not fool it. It’s a different ballgame entirely.

The rewards for making security (a passcode) incredibly easy for people to implement and use on a daily basis are enormous. The vast majority of people still use common passwords and don’t enable two-factor authentication on any of their devices. The amount of work that Touch ID has done and Face ID will do to improve the security of regular users is huge.

You can safely ignore all of the hot takes coming out on Face ID -- that Apple stores a picture of your face, that it won't work, that you can fool it easily, etc -- it's all garbage. This is a game-changer for individual privacy and security.

Ad industry “deeply concerned” about Safari’s new ad-tracking restrictions

Statement from the ad industry, on Safari's new Intelligent Tracking Prevention feature:

The infrastructure of the modern Internet depends on consistent and generally applicable standards for cookies, so digital companies can innovate to build content, services, and advertising that are personalized for users and remember their visits. Apple's Safari move breaks those standards and replaces them with an amorphous set of shifting rules that will hurt the user experience and sabotage the economic model for the Internet. Apple's unilateral and heavy-handed approach is bad for consumer choice and bad for the ad-supported online content and services consumers love. Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful.

Apple's interests -- that is, the privacy of Apple's users -- are diametrically opposed to the ad industry's interests. Apple's promoting user privacy being "bad for consumer choice" reminds me of the taxi cartel's disingenuous objection to ride-sharing services: "It's bad for passenger safety". 

Apple's response:

“Apple believes that people have a right to privacy — Safari was the first browser to block third party cookies by default and Intelligent Tracking Prevention is a more advanced method for protecting user privacy.
Ad tracking technology has become so pervasive that it is possible for ad tracking companies to recreate the majority of a person’s web browsing history. This information is collected without permission and is used for ad re-targeting, which is how ads follow people around the Internet. The new Intelligent Tracking Prevention feature detects and eliminates cookies and other data used for this cross-site tracking, which means it helps keep a person’s browsing private. The feature does not block ads or interfere with legitimate tracking on the sites that people actually click on and visit. Cookies for sites that you interact with function as designed, and ads placed by web publishers will appear normally.”

Translation: Go f*** yourselves.

Of the 5 tech giants (Apple, Microsoft, Facebook, Google, and Amazon), Apple (and to some extent Amazon) is the only one not financially conflicted in this fight. Facebook and Google are obviously the biggest enablers of the ad industry. Microsoft sells ads on Bing, LinkedIn, Windows 10, Xbox, and elsewhere.

Here's former Microsoft exec Steven Sinovsky on Microsoft's response when they tried to improve privacy measures in Internet Explorer:

These Are the Technology Firms Lining Up to Build Trump’s “Extreme Vetting” Program

Sam Biddle and Spencer Woodman, for The Intercept:

ICE’s hope is that this privately developed software will help go far beyond matters of legality to matters of the heart. The system must “determine and evaluate an applicant’s probability of becoming a positively contributing member of society, as well as their ability to contribute to national interests” and predict “whether an applicant intends to commit criminal or terrorist acts after entering the United States.” Using software to this end is certainly in line with Trump’s campaign rhetoric — during a rally in Phoenix, he described how “extreme vetting” would make sure the U.S. only accepts “the right people,” using “ideological certification to make sure that those we are admitting to our country share our values and love our people.”

Consumer Reports: Microsoft Surface is Dead Last for Reliability

Paul Thurrott:

According to a Consumer Reports survey of over 90,000 tablet and laptop owners, an estimated 25 percent of those with Microsoft Surface devices will experience “problems by the end of the second year of ownership.” This failure rate is the worst in the industry by far among mainstream PC makers, the publication says, and as a result, it is pulling its “recommended” designation for all Surface products.
“If you are very concerned about how long your products are going to last, it might be better for you to go with a brand that has a higher predicted reliability,” Consumer Reports electronics editor Jerry Beilinson told Reuters. “Laptops and tablets … made by Microsoft were significantly less reliable than most other brands.”

I've had a lot of clients ask about getting a Surface instead of a traditional Dell/Lenovo/HP business laptop. Hardware is hard to do well, and Microsoft just got in the game. Building a supply chain to consistently produce reliable hardware at scale takes numerous iterations and years of trial and error.

If you're an early-adopter and want bleeding-edge, it'll come at a cost. If you need reliability, stick with the guys who've been doing this forever.

Monday Morning Reads

Why the Scariest Nuclear Threat May Be Coming from Inside the White House

Michael Lewis, writing for Vanity Fair on the Department of Energy and the massive risks it confronts and manages every day, has this jaw-dropping anecdote about a hydrogen bomb that fell off a B-52 bomber over North Carolina:

Right away we have a problem. At the very top of his list is an accident with nuclear weapons, and it is difficult to discuss that topic with someone who doesn’t have security clearance. But the Trump people didn’t have it, either, I point out, so he’ll just need to work around it. “I have to be careful here,” he says. He wants to make a big point: the D.O.E. has the job of ensuring that nuclear weapons are not lost or stolen, or at the slightest risk of exploding when they should not. “It’s a thing Rick Perry should worry about every day,” he says.
“Are you telling me that there have been scares?”
He thinks a moment. “They’ve never had a weapon that has been lost,” he says carefully. “Weapons have fallen off planes.” He pauses again. “I would encourage you to spend an hour reading about Broken Arrows.”
“Broken Arrow” is a military term of art for a nuclear accident that doesn’t lead to a nuclear war. MacWilliams has had to learn all about these. Now he tells me about an incident that occurred back in 1961, and was largely declassified in 2013, just as he began his stint at D.O.E. A pair of four-mega-ton hydrogen bombs, each more than 250 times more powerful than the bomb that destroyed Hiroshima, broke off a damaged B-52 over North Carolina. One of the bombs disintegrated upon impact, but the other floated down beneath its parachute and armed itself. It was later found in a field outside Goldsboro, North Carolina, with three of its four safety mechanisms tripped or rendered ineffective by the plane’s breakup. Had the fourth switch flipped, a vast section of eastern North Carolina would have been destroyed, and nuclear fallout might have descended on Washington, D.C., and New York City.

Friday Afternoon Reads

Petya/NotPetya Roundup

Amazon’s New Customer

Ben Thompson explains Amazon/Whole Foods:

This is the key to understanding the purchase of Whole Foods: to the outside it may seem that Amazon is buying a retailer. The truth, though, is that Amazon is buying a customer — the first-and-best customer that will instantly bring its grocery efforts to scale.
Today, all of the logistics that go into a Whole Foods store are for the purpose of stocking physical shelves: the entire operation is integrated. What I expect Amazon to do over the next few years is transform the Whole Foods supply chain into a service architecture based on primitives: meat, fruit, vegetables, baked goods, non-perishables (Whole Foods’ outsized reliance on store brands is something that I’m sure was very attractive to Amazon). What will make this massive investment worth it, though, is that there will be a guaranteed customer: Whole Foods Markets.
In the long run, physical grocery stores will be only one of the Amazon Grocery Services’ customers: obviously a home delivery service will be another, and it will be far more efficient than a company like Instacart trying to layer on top of Whole Foods’ current integrated model.
I suspect Amazon’s ambitions stretch further, though: Amazon Grocery Services will be well-placed to start supplying restaurants too, gaining Amazon access to another big cut of economic activity. It is the AWS model, which is to say it is the Amazon model, but like AWS, the key to profitability is having a first-and-best customer able to utilize the massive investment necessary to build the service out in the first place.

Thursday Afternoon Reads

Why smartphone security is a luxury for those who can afford it

Selena Larson for CNN:

More malware is written for Androids than iPhones. On top of that, almost half of the top 50 Android devices didn't have the most recent security updates by the end of 2016, according to Google. Even if your phone is only a year or two out of date, it's vulnerable to some very simple hacks, says Nathan Freitas, a fellow at Harvard's Berkman Center for Internet and Society. "It doesn't take much for your adversary to get into your [Android] device, and that's a big problem."
When Google releases an update to Android, it takes a while to get to consumers, unless you have a Google-branded phone like the Pixel. Carriers and device makers customize Android with different apps and services, and there are at least 11 different versions of Android. Each customized version has to be updated separately by the carrier or device maker before rolling out to consumers.

The whole article is worth reading, but this perfectly explains why I always recommend iPhone over Android for our clients. Android as a platform is still a complete cluster and can't be trusted for basic security.

The Second Coming Of iPad

John Paczkowski interviewed Apple's Phil Schiller and Craig Federighi on the new iPads:

Similarly, since the iPad is a touch device first, touch interactions — be they via finger or Apple’s Pencil stylus — should be instantaneous, alive. And on the new iPad Pros they get pretty damn close, thanks to one of those world-of-pure-imagination innovations Apple is willing to spend years concocting. This one’s called ProMotion, and it doubles the number of times per second an image can be refreshed on the the iPad Pro’s display. Like most all mobile devices, the first-generation iPad Pro had a refresh rate of 60Hz. The new iPad Pro can ramp up to a refresh rate of 120Hz that’s more typical of 4K TVs.
Courtesy of Apple What that means in practice is that anything that moves on the device’s screen — whether it be video or a line drawing or a photo zoom — appears smoother and more detailed. Some touch interactions are dramatically more responsive; you get the sense that Apple is speeding iPad toward finger-into-puddle-of-water levels of responsiveness.

 

Apple News Roundup

13 Friday Afternoon Reads

1Password launches 'Travel Mode' for protecting data at the border

Absolutely fantastic new feature from the creators of the most indispensable app in my life, 1Password:

Let’s say I had an upcoming trip for a technology conference in San Jose. I hear the apples are especially delicious over there this time of year. :) Before Travel Mode, I would have had to sign out of all my 1Password accounts on all my devices. If I needed certain passwords with me, I had to create a temporary travel account. It was a lot of work and not worth it for most people.
Now all I have to do is make sure any of the items I need for travel are in a single vault. I then sign in to my account on 1Password.com, mark that vault as “safe for travel,” and turn on Travel Mode in my profile. I unlock 1Password on my devices so the vaults are removed, and I’m now ready for my trip. Off I go from sunny Winnipeg to hopefully-sunnier San Jose, ready to cross the border knowing that my iPhone and my Mac no longer contain the vast majority of my sensitive information.
After I arrive at my destination, I can sign in again and turn off Travel Mode. The vaults immediately show up on my devices, and I’m back in business.