Skip to content
Thoughtful, detailed coverage of everything Apple for 29 years
and the TidBITS Content Network for Apple professionals
Show excerpts

#1476: Apple Q3 2019 Results, Equifax settlement op-ed, gooseneck tablet stand, Twitter account switching, Health in iOS 13

iPhone sales plunged in Apple’s Q3 2019, but the company still saw overall growth thanks to strong performances from its Services and Wearables categories. It turns out that no one will receive much cash in the Equifax data breach settlement—the option was too popular. In an op-ed, Adam Engst channels the frustration and powerlessness many people feel. If you struggle to watch videos on your iPad in bed or while working out, check out our review of the Tryone Gooseneck Tablet Stand. Twitter’s new design may be controversial, but Josh Centers points out one advantage: easy account switching. Finally, Scholle McFarland joins us to look at what’s coming in the Health app in iOS 13, including tools for tracking menstruation, fertility, and hearing health. Notable Mac app releases this week include Typinator 8.1, DEVONthink 3.0 Public Beta 5, macOS Mojave 10.14.6 Supplemental Update, and BBEdit 12.6.6.

Michael E. Cohen Josh Centers 11 comments

iPhone Down, Services and Wearables Up in Apple’s Q3 2019, Apple Card to Arrive in August

Reporting on its Q3 2019 financial results, Apple has announced net profits of $10 billion ($2.18 per diluted share) on revenues of $53.8 billion. The company’s revenues were up slightly at 1% compared to the year-ago quarter but net profits were down by 7% (see “Apple’s Q3 2018 Results Break Records Again,” 31 July 2018). Apple CEO Tim Cook said:

This was our biggest June quarter ever—driven by all-time record revenue from Services, accelerating growth from Wearables, strong performance from iPad and Mac and significant improvement in iPhone trends.

Apple's Q3 revenue over the past four years.

Apple’s financial picture was brightened by a successful quarter in China, which Cook pinned on the confluence of a VAT reduction in China, “pricing action” on Apple’s part, and Apple’s launch of trade-in and financing programs in its Chinese retail stores. Cook also cited strong App Store growth in China.

To no one’s surprise, Apple’s iPhone sales fell well below the sales figures posted for the same quarter last year, bringing in $25.9 billion in revenue compared to last year’s $29.5 billion, an 11.8% decrease. The iPhone accounted for only 48% of Apple’s revenues in Q3 2019, the first time since 2013 that the iPhone has accounted for less than 50% of Apple’s revenues. This decline would have been far more alarming had other revenue categories not moved in to take up the slack.

Apple’s Mac business appears to be healthier than ever. Mac sales exceeded the product line’s revenues from a year ago by 10.7%, with Apple taking in $5.82 billion compared to the $5.26 billion last year.

The company’s focus on the iPad in recent months also seems to be producing welcome revenue results, with iPad sales raking in $5.02 billion compared to the $4.6 billion in the year-ago quarter, an increase of 8.39%.

Apple’s increasingly important Services businesses continue to pay off handsomely as well. Services revenue grew 12.6% for the quarter compared to last year’s results. The category, which includes software, storage, and media revenues, brought in $11.5 billion during the quarter, more than the combined iPad and Mac revenues.

Filling in some details about the Services category’s rise, Apple CFO Luca Maestri noted that Apple now has 420 million paid subscriptions, a source of ongoing revenue that bodes well for the future. He also noted increases in the “attach rate” for AppleCare, which is also a profitable business, assuming, of course, that Apple product quality doesn’t decline significantly.

Cook took advantage of the quarterly results call to announce that Apple Card, Apple’s upcoming credit card, will arrive in August, and that it is currently being beta-tested by thousands of Apple employees. When the card becomes available to the general public, it will generate yet another stream of revenue. (See “Apple Card: More Than Just a Credit Card,” 28 March 2019)

Apple’s smallest products notched the largest percentage increases in revenues: the Wearables, Home, and Accessories product category (which includes devices like the Apple Watch, watch bands, AirPods, Apple Pencils, and all of Apple’s various cables and dongles) saw its revenue numbers soar by 48%. The $5.5 billion that the category brought in now puts it on the same level as Apple’s iPad and Mac product lines. Tim Cook noted that 75% of Apple Watch buyers last quarter were new purchasers, evidence that the device is becoming increasingly attractive to consumers, and he said that the Wearables business is now as large as a Fortune 50 company. Cook also remarked on another indication of this category’s growth: Apple TV viewership has increased 40% year-over-year, even before the slate of new Apple shows and channels arrive later this year, a sign that the streaming media device is far from languishing. (See “Apple Reveals Its Vision for TV,” 26 March 2019.)

If you’ve been following Apple’s quarterly reports over the past couple of years, the decline of Apple’s iPhone business coupled with the rise of both the Services and Wearables businesses should come as no surprise, which is why Apple has been so aggressively introducing new services like Apple News+, Apple Card, Apple TV+, and Apple Arcade.

With hardware revenue inevitably leveling off, Apple’s best recourse for growth is monetizing its existing installed base. That’s good news for Apple investors, as it shows forward-thinking leadership: many companies begin to march toward irrelevance when sales of their core products tapered off. But many Apple users may be less enthusiastic, as we will be increasingly expected to hand Apple more money on a monthly basis to get the most out of our Apple devices.

Josh Centers No comments

TipBITS: Switch between Multiple Accounts in Twitter’s Redesign

Twitter has redesigned its Web interface, and as is always the case with such radical redesigns, many people aren’t happy. If you dislike the new look, you can use the GoodTwitter extension for Chrome and Firefox to bring back a facsimile of the old interface (though I find that the fonts look wonky). Unfortunately, it’s usually best to accept the new reality and make the best of it.

On the plus side, Twitter’s redesign now makes it possible to switch between multiple accounts. If that’s something you’ve struggled with—as I do in managing both my personal account and the TidBITS account—here’s how to use this new feature:

  1. Click More in the sidebar.
    More in Twitter
  2. Click the + button in the upper-right corner of the popover.
    More in Twitter
  3. Click Add an Existing Account.
  4. Enter the login credentials for the second account and click Log In.

You can add up to five accounts. To add additional accounts after the second one, follow the instructions above, but instead of a + button, there’s a ••• button instead.

To switch between accounts:

  1. Click More in the sidebar.
  2. Click the profile picture for the account you want to switch to in the upper-right.
    Switching accounts in Twitter

Of course, alternative clients like TweetDeck offer this functionality as well, but if they’re overkill for your needs, this new multiple-account support should be welcome.

Josh Centers 3 comments

Don’t Get Bent Out of Shape Watching iPad Videos with Tryone’s Gooseneck Tablet Stand

The form factor of the iPad works well for many casual computing uses, like surfing the Web while sitting on your couch. But if you’ve ever tried to watch a video in bed with an iPad, you know how awkward it can be. Either you hold the iPad and your arms get tired quickly, or you prop it up on your chest and risk getting a crick in your neck. Even then, you will probably have to keep a hand on it to keep it balanced, and the screen will jiggle with every breath or movement.

Fortunately, the iPad’s design allows for a plethora of unusual stands. On a whim, I ordered the Tryone Gooseneck Tablet Stand on Amazon’s Prime Day. It usually retails for $18.99, but I got it on sale for about $15. This particular stand is far from unique—like many such accessories, it’s made in China, where intellectual property laws are lax and dozens of companies produce nearly identical products. A quick search on Amazon, AliExpress, or eBay will surface many similar stands. So consider this both a review of the Tryone Gooseneck Tablet Stand in particular and the category of gooseneck stands in general.

Tryone’s Gooseneck Tablet Stand has three parts: a clamp for a table or other surface to which you want to attach the stand, a thick gooseneck cable, and another clamp to hold the iPad in place, connected by a ball joint for maximum flexibility. It can hold an iPhone (and it provides holes to allow access to buttons and the Lightning port) or an iPad up to 10.5 inches.

I was initially afraid the gooseneck would sag under the weight of the 10.5-inch iPad Pro, but it works well as long as you don’t have to touch the screen too much, which causes the iPad to wobble. It also helps to make a loop in the cable for additional stability.

The Gooseneck Tablet Stand offers a lot of flexibility, both figuratively and literally. For instance, you could clamp it to your nightstand for bedtime TV viewing on an iPad.

Watching video with the Tryone stand

You could also clamp it to an exercise bike or a treadmill so you can watch videos while working out. Eat your heart out, Peloton! I particularly appreciate the way the flexible cable lets me position the iPad so the moving arms of my exercise bike don’t bump it.

An iPad mounted to an exercise bike.

You could even clamp it to your desk to use the iPad as a second screen for your Mac with an accessory like the Luna Display (see “Luna Display Turns an iPad into a Responsive Mac Screen,” 7 December 2018) or with the upcoming Sidecar feature in macOS 10.15 Catalina (see “No Mac Is an Island with macOS Catalina,” 3 June 2019). (For a more portable solution, see “Attach an iPad to Your MacBook as a Second Display with Mountie,” 22 February 2019.)

An iPad mounted to a desk.

But that flexibility comes with some tradeoffs. While the gooseneck is flexible, it also has to be stiff enough to support a heavy iPad, so it takes a fair amount of hand strength to bend it. Plus, the surface clamp is cheap plastic, so you have to be careful while adjusting the cable when it’s clamped to a table. As the manufacturer notes, presumably through machine translation:

Bend using two hands and bend just the gooseneck when adjusting the position because it is stiff. Pull the device violently when adjusting may broke the nut.

Ideally, you want to adjust the gooseneck as much as possible before clamping it down. You also have to be careful when clamping the stand to a surface, as the manufacturer warns that the plastic clamp could break if you over-tighten it.

Removing an iPad from the spring-loaded device clamp can also be tricky. You have to force it open while simultaneously getting a grip on the iPad so it won’t fall out, and you have to be careful to avoid pinching your fingers.

If my Gooseneck Tablet Stand breaks, I might try something like the all-metal AboveTEK Heavy Duty Aluminum Gooseneck iPad Holder, which is more expensive at $35 but would presumably be more sturdy. However, I could see it scratching the surface it’s clamped to.

For now, the Tryone Gooseneck Tablet Stand is an inexpensive solution to holding an iPad that has worked well for me. Have you found another solution for mounting your iPad? Let us know in the comments.

Adam Engst 20 comments

Equifax Cash Settlement Backtracking Leaves a Bad Taste

Last month, the Federal Trade Commission, in conjunction with the Consumer Financial Protection Board and all 50 US states, announced a settlement of up to $700 million with Equifax over that company’s 2017 data breach exposing personal information on 147 million Americans. This settlement was different from some previous ones, where the main benefit to victims—if there was any at all—was free credit monitoring. In this case, victims could opt for a cash payment of up to $125 instead of credit monitoring and could apply for additional financial restitution for time wasted dealing with Equifax’s negligence. The FTC said the settlement included up to $425 million to help those affected by the breach.

Unsurprisingly, this was big news, and we in the media responded by publicizing the heck out of it (see “You May Be Entitled to $125 or More in the Equifax Breach Settlement,” 26 July 2019). People responded, with millions signing up for their cash payments: $125 if you already had credit monitoring and $25 per hour for up to 20 hours that you spent dealing with the breach, plus coverage of your out-of-pocket losses up to $20,000. Sounds good, right? Finally, the people who are actually harmed in a data breach are recompensed for their trouble!

That was when the fine print got big. It turns out that the actual settlement caps the $125 alternative reimbursement payments at $31 million, and it caps the claims for lost time at another $31 million. In both cases, if the claims exceed the cap, all payments will be reduced on a prorated basis. So much for that $425 million number.

Within a few days, Robert Schoshinski, Assistant Director in the Division of Privacy and Identity Protection at the FTC, was bluntly encouraging everyone to take the free credit monitoring instead of the payments because millions of people had already signed up for the cash. The FTC also updated the FAQ in its informational page about the settlement to clarify the payment caps and the likelihood that you’d get much less than was promised.

That may be the reality of the situation, but it leaves a bad taste in the mouth for a variety of reasons.

Denial Isn’t Just a River in Egypt

Back in 2017, Equifax’s then-CEO, Richard Smith, apologized in an op-ed in USA Today. But apparently, once such an apology has been published (and the CEO who made it has been sent packing along with the chief information officer and chief information security officer), the company can negotiate a different reality.

The breach settlement site now says:

Equifax denies any wrongdoing, and no judgment or finding of wrongdoing has been made.

It grates to have Equifax—whose negligence resulted in information about 147 million Americans being exposed to criminals—pretending that it did nothing wrong. If it had done everything right, the breach never would have happened in the first place. Hackers are not an “act of god” equivalent to an earthquake or tornado. Equifax should be saying:

We messed up. We manage a vast amount of confidential, potentially damaging information about nearly all Americans, and we failed to protect it. For that, and for any inconvenience, emotional distress, or financial hardship that our negligence caused, we are truly sorry. Here’s how we’re going to make it up to you.

Making the bad taste worse is the fact that those Equifax executives got to “retire” (rather than being fired), which means that they’ll keep their unvested stock compensation. For ex-CEO Richard Smith, that was worth over $90 million.

Fines and Restitution

In the law, there is a difference between a fine and restitution. Fines go to the government prosecuting the crime, whereas restitution goes to the victims of the crime. Since we’re talking about a settlement in which Equifax gets to deny all wrongdoing, there’s apparently no crime in play. Regardless, the settlement includes both. The fines include $175 million to the states and $100 million to the Consumer Financial Protection Bureau, and the restitution is the $425 million directed to repay consumers.

Many of us are angry with the FTC’s settlement because the $31 million caps mean that the initial promise that consumers could get significant cash damages has proven to be false. The FTC should have known that the mere existence of firms like Credit Karma shows the monetary value of credit monitoring to consumers to be $0. Plus, although the credit monitoring also provides identity theft insurance and identity restoration services, Credit Karma suggests that those are not generally worth purchasing on your own. (Happily, Equifax will have to pay other companies to provide these services and can’t benefit in any way from them. So at least the fox’s failure to guard the henhouse isn’t being punished with a chicken dinner.)

The massive interest in those payments shows that the FTC utterly underestimated what consumers actually want in compensation. Perhaps the FTC will adjust its formula the next time this happens, but for now, we just have to swallow our bitter medicine.

We Are the Sausage

The final sour aspect of this situation is the fact that most people never asked to do business with Equifax. We’ve all become concerned about the spread of our personal information and how it can be used against us, but collecting and sharing data about us is Equifax’s core business (as it is for competitors Experian and TransUnion too).

At least the likes of Google and Facebook provide us with services we choose to use in exchange for our data. In comparison, the credit reporting agencies sell our data to other companies with whom we want to do business. They couldn’t care less about us because we’re just raw materials to them. It’s easy to find examples (Equifax, Experian, TransUnion) of them being sued for failing to remove incorrect information, concealing charges, and other violations of the Fair Credit Reporting Act. Dealing with pesky consumers is just a cost of doing business.

As the saying goes, if you’re not paying for it, you’re not the customer; you’re the product being sold. And if we’re not customers, there’s certainly no need for customer service.

Of course, the final reason the Equifax breach settlement leaves a bad taste in the mouth is that there’s nothing we can do about any of this other than letting the FTC know that we’re unhappy with how things worked out. Perhaps leave a comment on the agency’s blog post. I can’t see it making any difference, but it might make you feel a little better.

Scholle McFarland 14 comments

A Look at the Health App in iOS 13

My husband and I started our “fertility journey”—as infertility nightmares are euphemistically called—just before the iPhone era began. Every morning, I took my temperature with a special pink thermometer, careful not to get out of bed or move enough to alter the reading. We noted that number on a pad of paper and later transferred it to a rumpled chart. Books full of fertility advice crowded the bedside table. None of us knew then how much the iPhone would simplify even these most intimate parts of our lives.

Today all iPhones ship with a built-in app, Health, that acts as a collection point for health data. And there’s a lot of that data—the use of health and fitness apps grew more than 330% between 2015 and 2017 according to Flurry Analytics. With the release of iOS 13 (due out in a few months, but available now in public beta), Health has grown beyond being just a weak database of health-related metrics. It’s now a tool that not only tracks more types of data—including the fertility indicators I once logged by hand—but also actively helps users manage and understand that information by offering insights into their health trends.

Your Health, at a Glance

The Health app serves as a dashboard for data you enter directly or—more likely—collect using compatible apps and health devices such as smart scales, smart insulin pens, and fitness trackers (including the Apple Watch). The first thing you see when you open iOS 13’s Health app is the new, information-packed Summary view. The Favorites section shows recent entries in categories you check often, like your exercise minute count. The Highlights section offers dynamic charts, with the app analyzing current and past data to provide a historical perspective on what’s going on. This is a quick way to get feedback, for instance, if you’ve been exercising less than usual or your blood sugar levels are trending upwards.

Health Summary in iOS 13

Tap any category in the Summary view to see highlights specific to it. The more data you have, the more insight this will give you. You can filter many charts interactively by hour, day, week, month, or year. In most cases, you’ll also find basic educational material, drawn from sources like the Mayo Clinic and the National Institutes of Health, to explain the category’s significance to your health.

Educational material in iOS 13 Health

If you’re looking for something in particular, tap Browse at the bottom of the window. Enter a term in the search field or explore the list of categories shown here.

Browse in iOS 13 Health

If exercise is your main concern, you’ll find additional tools in iOS 13’s updated Activity app. It will chart your progress with key activity metrics, such as your walk and run pace, comparing the previous 90 days with the last 365 days and offering personalized challenges and coaching if you start to trend down.

Tools for Tracking Menstruation and Fertility

When Apple’s Craig Federighi first introduced the Health app back in 2014, he billed it as a dashboard where you could “monitor all of your metrics you’re most interested in” no matter what app or health device they might come from. But the Health app lacked any way to track or record data about menstrual cycles, leaving out a sizeable portion of Apple’s customer base. (You know, women.) A year later, iOS 9’s Health app added basic reproductive health tools, but iOS 13 takes things to the next level, offering more visual charting and cycle statistics, as well as prediction and notification, which makes it much more useful on a daily basis.

Using past data as its guide—whether you’ve entered it into the Health app itself or into a third-party reproductive health app like Glow or Clue—Health now predicts the likely start of your next three cycles, making it easy to get an idea what the situation will be for upcoming pool parties and romantic vacations. By default, Health also warns you at 8 PM on the day before your period is predicted so you don’t walk out the door without supplies. Likewise, if you’re trying to conceive, Health can predict when you’re nearing your “fertile window”—in other words, the time when ovulation is expected—and notify you the night before.

Cycle tracking in iOS 13 Health

To make it easier to log menstruation as well as pre- and post-menstrual symptoms like sleep and appetite changes, Apple announced that watchOS 6 (likely to ship alongside iOS 13) would include a companion app, Cycle Tracking. It will let you see predictions and notifications on your wrist, too.

Is Apple in the fitness tracker vanguard with this? Not quite. Fitbit added menstrual cycle tracking in 2018 as did Garmin, earlier this year. (Of the three, only Garmin offers specific features for menopause symptom tracking—something many women deal with for years—though you can log hot flashes with Health.)

Tools to Protect Your Ears

The number of Americans with hearing loss doubled between 2000 and 2015, according to the Hearing Health Foundation, bringing the total affected to nearly 50 million. In most cases, noise-induced hearing loss caused by continuous exposure to loud sounds (rather than a sudden explosion) is preventable. That’s where the Health app’s new hearing tools come in.

Health now tracks headphone audio levels, noting if your exposure reaches dangerous levels. That means if you regularly crank up your tunes, you can check the app to see whether you’re putting your ears at risk. (To reduce an iPhone’s maximum volume, go to Settings > Music > Volume Limit and move the slider to the left.) Likewise, if you see your headphone volume level trending up in Health’s Highlights, it might be time to see your doctor about declining hearing. Proactive notifications that nudge you to make changes would make these tools even more useful.

Hearing in iOS 13 Health

If you have an Apple Watch running watchOS 6, it will work with the Health app to warn you about the sounds around you, too, whether they come from a concert or a construction site. If the decibels get dangerous, your watch taps you on the wrist and displays a warning; a notification also appears at the top of Health’s Summary view.

You can adjust the sensitivity in the Watch app on your iPhone depending on how careful you want to be with your ears. Reaching the preset maximum, 90 dB, wasn’t difficult with Ozzy Osbourne playing full blast on a HomePod. That was also about the level that Josh Centers found lawnmowing to be (see “3M WorkTunes Headphones Make Yardwork More Tolerable,” 12 April 2019).

Noise warning in watchOS 6

From Health Hub to Health Helper

When it comes to your health, knowledge is power. Making it easy to gather data, track symptoms, and draw basic conclusions about the state of your health makes it more likely you’ll arrive at the doctor’s office with the information you need to get good care. Or, even better, perhaps this data can help you change your habits and behavior so you don’t have to schedule that doctor’s appointment in the first place.

Whether it’s protecting your ears or alerting you that the time is ripe for baby-making, iOS 13’s Health app not only gathers more of our scattered health information but also helps us use it in practical and potentially profound ways. My daughter, now 11, will likely never be able to imagine otherwise.

Watchlist

Typinator 8.1 No comments

Typinator 8.1

Ergonis has released Typinator 8.1, bringing refinements and bug fixes to the recently updated text expansion tool (see “Typinator 8.0,” 30 July 2019). Typinator now works with text entered via the built-in Accessibility Keyboard of macOS, adds the capability to paste plain text in the expansion field (using Command-Shift-V or Command-Option-Shift-V), increases the maximum zoom factor of the expansion field to 250%, fixes a cosmetic issue with truncated header items in the abbreviation list, and resolves a problem in Dark mode where description fields in input forms were not readable. (€24.99 new with a 25% discount for TidBITS members, 50%-off upgrades, free update, 6.9 MB, release notes, macOS 10.8+)

DEVONthink 3.0 Public Beta 5 No comments

DEVONthink 3.0 Public Beta 5

DEVONtechnologies has issued the fifth public beta of the DEVONthink 3 information management app, improving the transition from DEVONthink 2 Pro and Pro Office by copying the Global Inbox from the previous release on the first launch. The update also adds a Remove All Tags action to smart rules and batch processing; adds contextual menus to the Import sidebar; minimizes flickering in Dark mode when previewing EPUBs, formatted notes, and Markdown documents; resolves an issue with displaying invisible characters in plain and rich text documents; and fixes a bug that caused inserted or pasted PDF pages to be blank.

The DEVONthink 3.0 public beta is free to use, but you’ll need a valid license key after the public beta phase has ended, as well as for accessing email archiving and text recognition capabilities beyond the trial limits. ($99 new for DEVONthink, $199 for DEVONthink Pro, and $499 for DEVONthink Server with a 15% discount for TidBITS members; upgrade pricing available; 90.5 MB; macOS 10.11+)

macOS Mojave 10.14.6 Supplemental Update No comments

macOS Mojave 10.14.6 Supplemental Update

Apple has released macOS Mojave 10.14.6 Supplemental Update to fix “an issue that may prevent certain Macs from waking from sleep properly.” While Apple hasn’t published any other specific information about this update, Howard Oakley notes on his Eclectic Light Company blog that four MacBook Pro models have received EFI firmware updates: the 15-inch models from 2016 and 2017 (MacBookPro13,2 and MacBookPro13,3) and the 13-inch models with four Thunderbolt 3 ports from 2016 and 2017 (MacBookPro14,2 and MacBookPro14,3; see this Apple support page for a list of all MacBook Pro models). This supplemental update is available from Software Update or Apple’s Support Downloads site. (Free, 954.8 MB, macOS 10.14.6)

BBEdit 12.6.6 No comments

BBEdit 12.6.6

Bare Bones Software has issued BBEdit 12.6.6, adding basic support for C++ raw strings and changing the alert behavior when no appropriate match is found in search. The text editor ensures double-clicking a folder item in a palette corresponding to a folder-backed menu doesn’t cause a crash, restores some old code to partially address a reported font-smoothing issue in macOS 10.14 Mojave, works around a bug in certain printer drivers (Canon in particular) that would cause BBEdit to crash when attempting to save the current print options, and fixes a cosmetic glitch that would occur when vertically resizing sections of the sidebar in project windows. ($49.99 new, free update, 13.7 MB, release notes, macOS 10.12.6+)

ExtraBITS

Here We Go Again: GCHQ’s Ghost User Proposal to Circumvent Encryption No comments

Here We Go Again: GCHQ’s Ghost User Proposal to Circumvent Encryption

Remember how the FBI wanted Apple to put a backdoor in iOS to enable decryption of the contents of iPhones used by criminals or terrorists? (We touched on the topic regularly back in 2016.) Apple pushed back hard, and the FBI eventually figured out a different way to get into the iPhone 5c used by one of the San Bernardino shooters. But the FBI and other government law enforcement and intelligence agencies around the world remain unhappy about encrypted communications.

The latest major proposal for circumventing encryption comes from the UK’s GCHQ, which is equivalent to the US’s NSA. The GCHQ proposal doesn’t require a backdoor but instead would require service providers to secretly add an extra user—the government—to all encrypted conversations. This “ghost user” would thus have decrypted access to all otherwise encrypted conversations.

Our old friend Jon Callas, who is now a Senior Technology Fellow at the ACLU on top of a 30-year career of developing encrypted software, hardware, and services at companies like Apple, PGP Corporation, and Silent Circle, has penned a four-part series in which he discusses the fatal flaws of the GCHQ’s proposal. Among other criticisms, he points out that such a system faces likely insurmountable technical and deployment hurdles at its proposed scale, that countries with few or no safeguards for individual rights will demand access once it’s built, and that “canary apps” would always be able to detect (or even deceive) the ghost user.

Apple Offering Augmented Reality Art Installations and Sessions No comments

Apple Offering Augmented Reality Art Installations and Sessions

Apple has announced a series of three augmented reality art initiatives in cooperation with the New Museum that will be made available on 10 August 2019, but which you can start signing up for now. The first is called [AR]T Walk and is a series of artist-created augmented reality experiential walks that will be available in San Francisco, New York, London, Paris, Hong Kong, and Tokyo. [AR]T Lab: AR Experiences is a 90-minute Today at Apple session, available at Apple Stores everywhere, that teaches you how to create augmented reality content in Swift Playgrounds. Finally, there will be an augmented reality art installation at every Apple Store—Nick Cave’s “Amass” (Nick Cave the artist, not the musician)—that you can view with the Apple Store app.

Capital One Data Breach Reveals Information on 106 Million 7 comments

Capital One Data Breach Reveals Information on 106 Million

Capital One, the 10th largest bank in the United States, has announced a security breach that resulted in the personal information of 100 million Americans and 6 million Canadians being stolen, including names, addresses, Zip Codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income—basically anything someone would put on a credit card application form. Plus, in an unfortunate turn of phrase, Capital One also says:

No bank account numbers or Social Security numbers were compromised, other than:

  • About 140,000 Social Security numbers of our credit card customers
  • About 80,000 linked bank account numbers of our secured credit card customers

For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.

Portions of customer credit card data were also stolen, including credit scores, credit limits, balances, payment history, and contact information. However, no credit card numbers or log-in credentials were stolen, so there’s no need to change your passwords or cancel your cards.

The good—if unusual—news is that the FBI has arrested the perpetrator, Paige “erratic” Thompson of Seattle. Capital One doesn’t believe the information was distributed and said it has not only fixed the vulnerability that led to the breach but that it will supply free credit monitoring and identity protection to those affected.

Social Engineering for Fun and Profit. And Other Stuff 7 comments

Social Engineering for Fun and Profit. And Other Stuff

We the people are easily manipulated. Perhaps not you or me specifically—some of us are suspicious of any such attempts—but the population at large. Thanks to Google’s AdWords and YouTube videos, it’s easier than ever to sway people’s opinions with social engineering. That may or may not be a bad thing, but it’s certainly worth pondering.

In 2016, the Google-incubated Redirect Method used ads to deradicalize would-be Islamic State extremists, redirecting 320,000 people to videos debunking ISIS’s recruitment narratives. But the Redirect Method wasn’t a one-off—the groups behind it distilled it into a 44-step blueprint.

In an opinion piece at the New York Times, Patrick Berlinquette, founder of the search engine marketing consulting firm Berlin SEM, explains how he used the Redirect Method’s blueprint to change the minds of suicidal people. His ads for the National Suicide Prevention Lifeline generated a 28% conversion rate, 7 times the average rate of 4%, in just a week. A second experiment to redirect prospective school shooters to a crisis hotline failed, but the point remains—it’s easy for anyone to use Google’s precise targeting tools and redirect ads to promote their own agenda. In some regards, this conclusion is obvious—it’s what marketers do every day. But it raises questions about the ethics involved, how to protect yourself and others from such manipulation, and what Google’s role in all this should be. What do you think?

Apple Suspends Siri’s “Response Grading” Eavesdropping 4 comments

Apple Suspends Siri’s “Response Grading” Eavesdropping

The Guardian recently revealed that Apple contractors listen to Siri recordings in order to improve the service—a practice Apple calls “response grading.” (See “Apple Workers May Be Listening to Your Siri Conversations,” 29 July 2019.) In a statement released to TechCrunch, Apple said it’s suspending the program for now, is reviewing its grading process, and will release a software update that lets users choose whether to participate in the grading program.

While it’s unfortunate that Apple had to be called out on this privacy-unfriendly behavior to take action, its move has had the salutary effect of prompting Amazon and Google, who have both been criticized for similar practices with their voice assistants, to announce changes as well.