In conjunction with our 30th anniversary last week (see “TidBITS Marks Its 30th Anniversary in a Time of Pandemic,” 13 April 2020), I noted that TidBITS has been in a bit of a financial slide this year, made worse by the SARS-CoV-2 coronavirus pandemic. Happily, between extra one-time contributions from loyal TidBITS readers via our PayPal-powered Boost TidBITS button and nearly 600 readers who joined TidBITS in response to an email I sent to non-members, we’re feeling much more relaxed about our fiscal future. Thank you to everyone who stepped up to help out—it means a lot that you think highly enough of our work to contribute in this fashion.

I find it difficult to make such appeals, but the outpouring of support has been tremendously encouraging. And while reaching out to 21,000 people meant that I spent several days replying to email, I always enjoy the opportunity to talk directly with readers. They included longtime subscribers who were regular correspondents in the past, those who reminded me of times we chatted at a Macworld Expo or other conference, and people for whom this exchange was the first we’ve had despite their decades of following TidBITS.

In some ways, it would be cleaner if TidBITS were a subscription service or relied on a paywall like many other publications. But a few messages I received reminded me of why I appreciate some readers contributing so TidBITS can stay free for all. One woman said she’s 74 and lives mostly on meager Social Security benefits, and since she has numerous health problems, she doesn’t dare go out to do Mac consulting like she used to. Another guy told me he’d been reading TidBITS religiously since 1994, but at 69, he’s now retired and scraping by on his Navy pension and Social Security benefits. As I told them, I’m just happy to hear that they’re reading TidBITS at all.

Finally, my apologies to those who had trouble with our site. The problems fell into a few categories:

• Most common were login problems that required new passwords; it seems that some ISPs are using greylisting to control spam, which can result in delayed password reset messages. Little is more frustrating than not getting a password reset email for hours, but we have no control over that.
• Although I intended to email only non-members, a handful of members accidentally ended up in that group, some due to a technical glitch and others because they had an extra account under another email address. Sorry for any confusion!
• One person, and I’m hoping it was only one, was temporarily prevented from becoming a member by the Stop Spammers plug-in for WordPress that we installed recently to block the 20–50 spammers who were registering accounts at our site every week. Shockingly, in the last month, it has logged some 400,000 attacks of various sorts. This isn’t the Internet I had in mind back when I wrote Internet Starter Kit for Macintosh in 1993.

Lauri Reinhardt, our friend who helps with support issues, and I have been trying to get everyone squared away, but if you’re having any trouble, just write to Lauri at [email protected].

Thanks again for all you make possible for Tonya and me, for Josh and Lauri, for our writers, and for all those out there for whom TidBITS remains a useful technical resource.

When Apple announced its new Magic Keyboard for iPad Pro with a built-in trackpad, the company said it would ship in May (see “Hell Freezes Over: Apple’s New iPad Pro Supports Trackpads,” 18 March 2020). Surprise! You can order it now, and it will start shipping 24 April 2020.

There are two models of the Magic Keyboard for iPad Pro, one for the first- and second-generation 11-inch iPad Pro, and the other for the third- and fourth-generation 12.9-inch iPad Pro. It costs a whopping $299 for the 11-inch version and $349 for the 12.9-inch version, but includes a built-in trackpad, taking advantage of the new pointing device support in iPadOS 13.4 (see “The iPad Gets Full Trackpad and Mouse Support,” 28 March 2020).

We’ll be interested to hear how people like the new Magic Keyboard for iPad Pro, and we expect to see alternatives. For instance, Jason Snell reviewed a competing product, the Brydge Pro+, and found it lacking. For those who lack the necessary iPad Pro model, be on the lookout for Logitech’s upcoming $149.99 Combo Touch case, which will work with the seventh-generation iPad, the third-generation iPad Air, and the 10.5-inch iPad Pro.

At long last, Apple has released a second-generation iPhone SE. The original iPhone SE was based on the iPhone 5s form factor and provided a smaller, less-expensive alternative to the iPhone 6s. Apple has nominally employed the same strategy here, essentially updating the iPhone 8 to bring this new iPhone SE’s specs up to modern standards. You can choose from black, white, and PRODUCT(RED) colors. Proceeds from Apple’s PRODUCT(RED) versions will go to the Global Fund’s COVID‑19 Response.

Prices start at $399 for 64 GB, with a 128 GB model increasing it to $449, and the 256 GB model at $549. It became available for pre-order on 17 April 2020, with deliveries starting on 24 April 2020.

The Elephant in the Room

First off, size matters. After every iPhone release over the last few years, conversations I had with friends and acquaintances who don’t follow the tech industry always led off with “Why doesn’t Apple make a smaller iPhone anymore?” At first, I chalked it up to design trends, but more recently, I’ve resorted to joking, “Because Apple hates you and your tiny hands.” Do Apple designers never hear complaints from women who find current iPhones too large for their hands, much less their pockets? That’s a common refrain from Tonya, Glenn Fleishman’s wife Lynn, and many of my female friends, plus plenty of guys. Last I knew, Peter Lewis of Keyboard Maestro fame was still using an iPhone SE.

So yes, the new iPhone SE is significantly larger than the first-generation iPhone SE. It’s even a hair larger than the iPhone 6s that many people have been holding onto as each successive generation of iPhone has ballooned. Tonya passed on a hand-me-down iPhone X because it was annoyingly larger than the iPhone 6s that replaced her dying iPhone 5s.

Phil Schiller, Apple’s senior vice president of Worldwide Marketing, is quoted in the iPhone SE press release as saying, “The first iPhone SE was a hit with many customers who loved its unique combination of small size, high-end performance and affordable price.” That’s absolutely true, especially the “small size” part. However, then he goes on to say, “the new second-generation iPhone SE builds on that great idea and improves on it in every way.” No. When small size is the key feature, “improved” would require that it get smaller, not larger.

Sorry, Apple hates you and your tiny hands. And your small pockets.

Impressive Specs for the Price

Apart from the disappointing size, the new iPhone SE sports an impressive set of specs for the price. Little is particularly new here, of course, since it’s basically an upgraded iPhone 8. The key specs include:

• A13 Bionic: The second-generation iPhone SE uses the same A13 Bionic chip as the iPhone 11 and iPhone 11 Pro. If past behavior is any indication, this second-generation iPhone SE won’t see any updates for years, so having the fastest chip available now will keep it up to snuff for some time.
• Improved photos: Although the base specs of the iPhone SE’s 12-megapixel rear and 7-megapixel front camera are the same as the iPhone 8’s cameras, the additional processing power of the A13 Bionic chip enables Portrait mode, all six Portrait Lighting effects, and Depth Control. Tests will undoubtedly be out soon, and we expect that the image quality will be noticeably improved over the iPhone 8.
• More storage options: The iPhone 8 offered storage choices of only 64 GB or 256 GB; the iPhone SE adds the middle-ground 128 GB option.
• Video changes: There are several differences in the specs for video recording between the two models, but it’s impossible to tell if they’re substantive. The most likely one is the iPhone SE’s new “extended dynamic range for video up to 30 fps” spec.
• 4.7-inch display: The screen technology appears identical to the iPhone 8, with 1334-by-750-pixel resolution at 326 pixels per inch and a 1400:1 contrast ratio. It’s a Retina HD screen with True Tone and wide color display (P3).
• Haptic touch: Whereas the iPhone 8 supported pressure-sensitive 3D Touch, the iPhone SE drops back to the Haptic Touch approach that relies on the length of the press and can’t distinguish between different pressure levels.
• Touch ID: Although Apple has moved to Face ID for the 2018 and 2019 iPhone models, the iPhone SE sticks with the Touch ID sensor from the iPhone 8. Some people prefer Touch ID, and, especially as mask-wearing becomes more commonplace, Touch ID may be more effective than Face ID.
• Qi wireless charging: Like the iPhone 8, the iPhone SE supports wireless charging. Battery life is the same as the iPhone 8 as well, and it’s still fast-charge capable.
• eSIM-capable: Where the iPhone 8 was limited to a single nano-SIM, the iPhone SE has both a nano-SIM and supports Apple’s eSIM technology for a second number.

In short, then, the second-generation iPhone SE is just an iPhone 8 with a faster chip that enables better photos, a “just-right” 128 GB storage option, Haptic Touch instead of 3D Touch, and support for an eSIM-enabled second number.

What’s important about the iPhone SE, though, is its price. It costs $399, $449, or $549, depending on whether you want 64 GB, 128 GB, or 256 GB of storage. In comparison, equivalent models of the iPhone 11 and iPhone 11 Pro are $300 and $600 more, respectively.

So as much as the size of the second-generation iPhone SE is disappointing, the price—and the performance for that price—is extremely welcome. At $699, the iPhone 11 could never be considered inexpensive in any light other than that cast by the $999 iPhone 11 Pro and the $1099 iPhone 11 Pro Max.

If you don’t care about size, Apple is still selling the beefy iPhone XR for $200 more. Apart from its older A12 Bionic chip, the iPhone XR has Face ID and somewhat better specs than the iPhone SE. But if you’re going to spend $200 more, ante up another $100 and get the iPhone 11.

For some people, an iPhone is such an important part of their lives that there’s no question that it’s worth spending over $1000. But for many others, an iPhone is nice but not necessary, so having the second-generation iPhone SE cut that price by more than half will significantly increase Apple’s sales.

Periodically, Google Analytics sends me a report with various statistics related to traffic on the TidBITS Web site. Seldom does it reveal anything interesting, but the last one I got showed that we had been receiving hits for some seemingly odd searches about Siri, all revolving around what happens when you say the number 14 to Siri. Google was sending people to our site because of Scholle McFarland’s article, “14 Siri Tricks You Can Use Right Now” (7 March 2019), but that article wasn’t going to answer their questions.

Curious as to why anyone would be reciting numbers at Siri, I invoked Siri on my iPhone and said, “14.” You can imagine my surprise when I was presented with an emergency call screen and a 3-second countdown. I tapped Cancel quickly, not knowing what would actually happen. (I subsequently confirmed that Siri would have called 911 here in the United States and presumably whatever your primary emergency number is wherever you live.)

A little research showed that Siri recognizes 14, along with at least 15, 17, and 18, as emergency numbers in some countries, but it doesn’t require you to be in those countries. Needless to say, I had to try them all. 14 usually called emergency services immediately, and 15 did once, but most of the time, 15, 17, and 18 showed a less stressful interface that didn’t call automatically.

What about other one- and two-digit numbers? I tried them all—well, into the twenties, anyway, with some higher spot checks. Siri’s responses varied a little. With numbers under 14, Siri mostly played dumb, although several times it interpreted my number as a desire to create a calendar event. (Numbers skipped below used the same set of responses.)

Siri was the most unsure about 16, never interpreting it as an emergency number. Just hope you don’t need to report a fire in Pakistan! But it is nice to learn, in case you weren’t clear on the concept, that 16 is an even, non-prime integer.

Similarly, 19 was never recognized as an emergency number even though Wikipedia claims it calls ambulances in Djibouti and police in Morocco. Interestingly, once I got over 20, the response about not being able to call an MMI or USSD number became consistent.

What are those? It turns out that USSD stands for Unstructured Supplementary Service Data and is a communications protocol used by GSM-based cell phones to talk to the carrier’s computers. It’s commonly used to check the available balance on prepaid GSM phones. MMI generically stands for Man-Machine Interface, and MMI numbers appear to be the codes you would enter to, for instance, forward your calls to another phone number. They’re hardcoded into every device.

As to why Google searches asking about Siri and the number 14 have suddenly started hitting our site, I couldn’t say—the emergency calling feature isn’t new. But it was a fun excuse to learn more about Siri, emergency numbers around the world, and geeky telecommunications protocols.

The Zoom videoconferencing service has faced unprecedented scrutiny amid massive growth, largely from consumer and school users relying on its free service tier. At the beginning of April, TidBITS published my extensive list of every Zoom security, privacy, and encryption flaw, design mistake, and judgment error (see “Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself,” 3 April 2020).

Even during the writing and editing of that article, new exploits and problems emerged while Zoom was simultaneously addressing all the concerns it could. The company’s all-hands-on-deck efforts continued in the following days, but have finally slowed down as it has gotten ahead of urgent changes. Let’s look at the now-solved issues, new disclosures, and Zoom’s update on its roadmap.

Heightened Safety Controls

The company’s biggest problem was one that arises from toxic Internet culture, but the firm and its users were caught in the crossfire. “Zoombombing” entered the lexicon to describe trolls and bigots leaping into meetings to stream pornography, post anti-Semitic remarks, or scream racial epithets, among other forms of unacceptable behavior.

This happens on other systems, too: my kids’ public-school system standardized on Microsoft Teams, and a teacher sent an email last week about what one could call “Teamsbombing.” But Zoom has seen the most growth by far and ostensibly had the weakest safeguards.

Zoom had published a set of best practices to help hosts avoid unwanted participants or bad behavior by people in both publicly announced and private meetings. That proved insufficient, and on 4 April 2020, the company began a series of measures that have transformed the safety profile of using its service, albeit with additional overhead for hosts and people joining meetings. On 8 April 2020, Zoom’s CEO, Eric Yuan, told NPR, “When it comes to a conflict between usability and privacy and security, privacy and security [are] more important–even at the cost of multiple clicks.”

Some of these changes made it into the last article, but most are new. They include:

• Passwords required: All free-tier accounts, free upgraded education accounts, and single-host paid accounts now require a password. It’s generated automatically and may be changed but cannot be removed. This blocks access by those who obtain the meeting ID but not the password, and it prevents access through bots trying to join randomly generated meeting IDs in the reasonable hope of connecting to a password-free session.
• Meeting ID hidden: The meeting ID no longer appears in the title bar of Zoom apps to prevent it from appearing in screen captures posted on social media or elsewhere.
• Waiting Room enabled: By default, the Waiting Room feature is now enabled for all accounts, even those that previously had the option turned off. The Waiting Room puts participants who attempt to join the meeting into a holding position. The host must admit them. It’s fussy, and if it’s unnecessary in your environment, you can override the default on a per-meeting or per-host basis.
• Centralized security settings: A new Security button in Zoom apps centralizes all privacy and safety settings, including locking participants out of the chat and preventing them from sharing their screen.

  

• Meeting locks: With a click of the Security button, hosts can lock a meeting at any point to prevent new participants from being added to the Waiting Room or joining directly. Another click unlocks the meeting.
• Name change prevention: Hosts can prevent participants from changing the name that appears when they join or request to join a meeting. Some people—both unwanted visitors and juveniles who thought it was funny—were changing their names to derogatory or abusive forms during meetings.

A less obvious anti-troll change involves requiring a Zoom account sign-in for those using Zoom’s Web app, available across all major browsers. Reportedly, malicious conference joiners could script the Web app to let them continuously re-join a meeting with a new name each time. Hosts can disable that requirement if it’s undesirable to require everyone to sign in with a Zoom account. However, for recurring meetings among an affinity group, like an addiction-support group that has moved online, it’s likely to help deter abuse.

Other Security and Privacy Fixes

Zoom has also repaired other security and privacy problems:

• Domain contacts visibility: Zoom no longer treats every user with the same domain in their email address as belonging to the same organization. Previously, anyone with a given address could view account information or add everyone to their contacts who had the same domain, excluding some major ISPs and mail hosts, like Gmail and iCloud. That feature is now disabled for free tier and paid single-host accounts, and must be enabled on higher-tier paid accounts.
• Waiting Room vulnerability: Citizen Lab discovered a security problem with the Waiting Room feature that it didn’t include in its 3 April 2020 report in order to give Zoom a chance to fix it. That bug, later disclosed on 8 April 2020 after Zoom updated server software, would have let someone with a little technical expertise be restricted to a meeting’s Waiting Room and yet still be able to extract the session’s encryption key and video stream.
• Traffic routed through China: The paths that data travels is a political, regulatory, and business question, not just a technical one. Citizen Lab’s report revealed that Zoom was routing some traffic that didn’t involve any participants in China through servers in that country. Zoom explained that it was an error in load balancing, which seemed plausible given the quick scaling of operations it needed to have. The company said it made permanent changes to prevent data passing through Chinese servers from outside the country. A new feature for paid users starts 18 April 2020, and those users will be able to select which of several regions data may pass through. Free users are locked to data centers in the region from which they subscribed. Apart from concerns about China, some people outside the United States don’t trust the National Security Agency or other US intelligence groups.

Zoom has also announced that it has formed a council of chief information security officers (CISOs) to advise the company. In addition, it contracted with former Facebook chief security officer Alex Stamos to work as a paid advisor.

While Facebook has faced extreme criticism and government investigations into its security and privacy practices, Stamos had reportedly become a thorn in the side of Mark Zuckerberg and other executives for stressing the danger of Russian misinformation on the platform. In 2018, Stamos left the company to pursue academic research and engage in paid consulting.

Is Continued Progress Enough for You?

Zoom continues to squash bugs while making good on its promises of the last few weeks to respond rapidly. To regain the trust of those who have been troubled, to put it mildly, about Zoom’s past lapses, the company will have to continue down this path of improved security and privacy and increased transparency, while maintaining the high levels of quality and performance that have made it one of the most popular options for videoconferencing during the pandemic.

We suspect that Zoom will never be able to recover from its mistakes in the eyes of some people. For those who aren’t as adamantly opposed to the company, however, it does seem that the company is both saying the right things and working hard to move in the right direction. For a recent TidBITS staff call, we tried Skype for about 5 minutes and were plagued with audio dropouts and other issues. When we switched to Zoom, the audio and video were rock-solid for the remainder of the hour-long call. We’ll continue to test other options, but Zoom has set the bar high.

---

I’m writing a book about Zoom for Take Control Books and would welcome your tips and input in the comments. I would also encourage you to download a free copy of Take Control of Working from Home Temporarily, a book I wrote to help people with the sudden adjustment in their working lives. It contains a number of videoconferencing tips, among many others provided by Take Control authors, TidBITS editors and contributors, and others who donated their experiences and insights.