Everything Apple

Saturday 31 March 2018

Facebook plans crackdown on ad targeting by email without consent

Facebook is scrambling to add safeguards against abuse of user data as it reels from backlash over the Cambridge Analytica scandal. Now TechCrunch has learned Facebook will launch a certification tool that demands that marketers guarantee email addresses used for ad targeting were rightfully attained. This new Custom Audiences certification tool was described by Facebook representatives to their marketing clients, according to two sources. Facebook will also prevent the sharing of Custom Audience data across Business accounts.

This snippet of a message sent by a Facebook rep to a client notes that “for any Custom Audiences data imported into Facebook, Advertisers will be required to represent and warrant that proper user content has been obtained.”

Once shown the message, Facebook spokesperson Elisabeth Diana told TechCrunch “I can confirm there is a permissions tool that we’re building.” It will require that advertisers and the agencies representing them pledge that “I certify that I have permission to use this data”, she said.

Diana noted that “We’ve always had terms in place to ensure that advertisers have consent for data they use but we’re going to make that much more prominent and educate advertisers on the way they can use the data.” The change isn’t in response to a specific incident, but Facebook does plan to re-review the way it works with third-party data measurement firms to ensure everything is responsibly used. This is a way to safeguard data” Diana concluded.The company declined to specify whether it’s ever blocked usage of a Custom Audience because it suspected the owner didn’t have user consent. ”

The social network is hoping to prevent further misuse of ill-gotten data after Dr. Aleksandr Kogan’s app that pulled data on 50 million Facebook users was passed to Cambridge Analytica in violation of Facebook policy. That sordid data is suspected to have been used by Cambridge Analytica to support the Trump and Brexit campaigns, which employed Custom Audiences to reach voters.

Facebook launched Custom Audiences back in 2012 to let businesses upload hashed lists of their customers email addresses or phone numbers, allowing advertisers to target specific people instead of broad demographics. Custom Audiences quickly became one of Facebook’s most powerful advertising options because businesses could easily reach existing customers to drive repeat sales. The Custom Audiences terms of service require that businesses have “provided appropriate notice to and secured any necessary consent from the data subjects” to attain and use these people’s contact info.

But just like Facebook’s policy told app developers like Kogan not to sell, share, or misuse data they collected from Facebook users, the company didn’t go further to enforce this rule. It essentially trusted that the fear of legal repercussions or suspension on Facebook would deter violations of both its app data privacy and Custom Audiences consent policies. With clear financial incentives to bend or break those rules and limited effort spent investigating to ensure compliance, Facebook left itself and its users open to exploitation.

Last week Facebook banned the use of third-party data brokers like Experian and Acxiom for ad targeting, closing a marketing featured called Partner Categories. Facebook is believed to have been trying to prevent any ill-gotten data from being laundered through these data brokers and then directly imported to Facebook to target users. But that left open the option for businesses to compile illicit data sets or pull them from data brokers, then upload them to Facebook as Custom Audiences by themselves.

The Custom Audiences certification tool could close that loophole. It’s still being built, so Facebook wouldn’t say exactly how it will work. I asked if Facebook would scan uploaded user lists and try to match them against a database of suspicious data, but for now it sounds more like Facebook will merely require a written promise.

Meanwhile, barring the sharing of Custom Audiences between Business Accounts might prevent those with access to email lists from using them to promote companies unrelated to the one to which users gave their email address. Facebook declined to comment on how the new ban on Custom Audience sharing would work.

Now Facebook must find ways to thwart misuse of its targeting tools and audit anyone it suspects may have already violated its policies. Otherwise it may receive the ire of privacy-conscious users and critics, and strengthen the case for substantial regulation of its ads (though regulation could end up protecting Facebook from competitors who can’t afford compliance). Still the question remains why it took such a massive data privacy scandal for Facebook to take a tougher stance on requiring user consent for ad targeting. And given that written promises didn’t stop Kogan or Cambridge Analytica from misusing data, why would they stop advertisers bent on boosting profits?

For more on Facebook’s recent scandals, check out TechCrunch’s coverage:

 

Arbtr wants to create an anti-feed where users can only share one thing at a time

At a time when the models of traditional social networks are being questioned, it’s more important than ever to experiment with alternatives. Arbtr is a proposed social network that limits users to sharing a single thing at any given time, encouraging “ruthless self-editing” and avoiding “nasty things” like endless feeds filled with trivial garbage.

It’s seeking funds on Kickstarter and could use a buck or two. I plan to.

Now, I know what you’re thinking. “Why would I give money to maybe join a social network eventually that might not have any of my friends on it on it? That is, if it ever even exists?” Great question.

The answer is: how else do you think we’re going to replace Facebook? Someone with a smart, different idea has to come along and we have to support them. If we won’t spare the cost of a cup of coffee for a purpose like that, then we deserve the social networks we’ve got. (And if I’m honest, I’ve had very similar ideas over the last few years and I’m eager to see how they might play out in reality.)

The fundamental feature is, of course, the single-sharing thing. You can only show off one item at a time, and when you post a new one, the old one (and any discussion, likes, etc) will be deleted. There will be options to keep logs of these things, and maybe premium features to access them (or perhaps metrics), but the basic proposal is, I think, quite sound — at the very least, worth trying.

Some design ideas for the app. I like the text one but it does need thumbnails.

If you’re sharing less, as Arbtr insists you will, then presumably you’ll put more love behind those things you do share. Wouldn’t that be nice?

We’re in this mess because we bought wholesale the idea that the more you share, the more connected you are. Now that we’ve found that isn’t the case – and in fact we were in effect being fattened for a perpetual slaughter — I don’t see why we shouldn’t try something else.

Will it be Arbtr? I don’t know. Probably not, but we’ve got a lot to gain by giving ideas like this a shot.

Friday 30 March 2018

The real threat to Facebook is the kool-aid turning sour

These kinds of leaks didn’t happen when I started reporting on Facebook eight years ago. It was a kool-aid cult convinced of its mission to connect everyone, but with the discipline of a military unit where everyone knew loose lips sink ships. Motivational posters with bold corporate slogans dotted its offices, rallying the troops. Employees were happy to be evangelists.

But then came the fake news, News Feed addiction, violence on Facebook Live, cyberbullying, abusive ad targeting, election interference, and most recently the Cambridge Analytica app data privacy scandals. All the while, Facebook either willfully believed the worst case scenarios could never come true, was naive to their existence, or calculated the benefits and growth outweighed the risks. And when finally confronted, Facebook often dragged its feet before admitting the extent of the problems.

Inside the social network’s offices, the bonds began to fray. Slogans took on sinister second meanings. The kool-aid tasted different.

Some hoped they could right the ship but couldn’t. Some craved the influence and intellectual thrill of running one of humanity’s most popular inventions, but now question if that influence and their work is positive. Others surely just wanted to collect salaries, stock, and resume highlights but lost the stomach for it.

Now the convergence of scandals has come to a head in the form of constant leaks.

The Trouble Tipping Point

The more benign leaks merely cost Facebook a bit of competitive advantage. We’ve learned it’s building a smart speaker, a standalone VR headset, and a Houseparty split-screen video chat clone.

Yet policy-focused leaks have exacerbated the backlash against Facebook, putting more pressure on the conscience of employees. As blame fell to Facebook for Trump’s election, word of Facebook prototyping a censorship tool for operating in China escaped, triggering questions about its respect for human rights and free speech. Facebook’s content rulebook got out alongside disturbing tales of the filth the company’s contracted moderators have to sift through. Its ad targeting was revealed to be able to pinpoint emotionally vulnerable teens.

In recent weeks, the leaks have accelerated to a maddening pace in the wake of Facebook’s soggy apologies regarding the Cambridge Analytica debacle. Its weak policy enforcement left the door open to exploitation of data users gave third-party apps, deepening the perception that Facebook doesn’t care about privacy.

And it all culminated with BuzzFeed publishing a leaked “growth at all costs” internal post from Facebook VP Andrew “Boz” Bosworth that substantiated people’s worst fears about the company’s disregard for user safety in pursuit of world domination. Even the ensuing internal discussion about the damage caused by leaks and how to prevent them…leaked.

But the leaks are not the disease, just the symptom. Sunken morale is the cause, and it’s dragging down the company. Former Facebook employee and Wired writer Antonio Garcia Martinez sums it up, saying this kind of vindictive, intentionally destructive leak fills Facebook’s leadership with “horror”:

And that sentiment was confirmed by Facebook’s VP of News Feed Adam Mosseri, who tweeted that leaks “create strong incentives to be less transparent internally and they certainly slow us down”, and will make it tougher to deal with the big problems.

Those thoughts weigh heavy on Facebook’s team. A source close to several Facebook executives tells us they feel “embarrassed to work there” and are increasingly open to other job opportunities. One current employee told us to assume anything certain execs tell the media is “100% false”.

If Facebook can’t internally discuss the problems it faces without being exposed, how can it solve them?

Implosion

The consequences of Facebook’s failures are typically pegged as external hazards.

You might assume the government will finally step in and regulate Facebook. But the Honest Ads Act and other rules about ads transparency and data privacy could end up protecting Facebook by being simply a paperwork speed bump for it while making it tough for competitors to build a rival database of personal info. In our corporation-loving society, it seems unlikely that the administration would go so far as to split up Facebook, Instagram, and WhatsApp — one of the few feasible ways to limit the company’s power.

Users have watched Facebook go make misstep after misstep over the years, but can’t help but stay glued to its feed. Even those who don’t scroll rely on it as fundamental utility for messaging and login on other sites. Privacy and transparency are too abstract for most people to care about. Hence, first-time Facebook downloads held steady and its App Store rank actually rose in the week after the Cambridge Analytica fiasco broke. In regards to the #DeleteFacebook movement, Mark Zuckerberg himself said “I don’t think we’ve seen a meaningful number of people act on that.” And as long as they’re browsing, advertisers will keep paying Facebook to reach them.

That’s why the greatest threat of the scandal convergence comes from inside. The leaks are the canary in the noxious blue coal mine.

Can Facebook Survive Slowing Down?

If employees wake up each day unsure whether Facebook’s mission is actually harming the world, they won’t stay. Facebook doesn’t have the same internal work culture problems as some giants like Uber. But there are plenty of other tech companies with less questionable impacts. Some are still private and offer the chance to win big on an IPO or acquisition. At the very least, those in the Bay could find somewhere to work without a spending hours a day on the traffic-snarled 101 freeway.

If they do stay, they won’t work as hard. It’s tough to build if you think you’re building a weapon. Especially if you thought you were going to be making helpful tools. The melancholy and malaise set in. People go into rest-and-vest mode, living out their days at Facebook as a sentence not an opportunity. The next killer product Facebook needs a year or two from now might never coalesce.

And if they do work hard, a culture of anxiety and paralysis will work against them. No one wants to code with their hands tied, and some would prefer a less scrutinized environment. Every decision will require endless philosophizing and risk-reduction. Product changes will be reduced to the lowest common denominator, designed not to offend or appear too tyrannical.

Source: Volkan Furuncu/Anadolu Agency + David Ramos/Getty Images

In fact, that’s partly how Facebook got into this whole mess. A leak by an anonymous former contractor led Gizmodo to report Facebook was suppressing conservative news in its Trending section. Terrified of appearing liberally biased, Facebook reportedly hesitated to take decisive action against fake news. That hands-off approach led to the post-election criticism that degraded morale and pushed the growing snowball of leaks down the mountain.

It’s still rolling.

How to stop morale’s downward momentum will be one of Facebook’s greatest tests of leadership. This isn’t a bug to be squashed. It can’t just roll back a feature update. And an apology won’t suffice. It will have to expel or reeducate the leakers and disloyal without instilling a witchunt’s sense of dread. Compensation may have to jump upwards to keep talent aboard like Twitter did when it was floundering. Its top brass will need to show candor and accountability without fueling more indiscretion. And it may need to make a shocking, landmark act of humility to convince employees its capable of change.

This isn’t about whether Facebook will disappear tomorrow, but whether it will remain unconquerable for the forseeable future.

Growth has been the driving mantra for Facebook since its inception. No matter how employees are evaluated, it’s still the underlying ethos. Facebook has poised itself as a mission-driven company. The implication was always that connecting people is good so connecting more people is better. The only question was how to grow faster.

Now Zuckerberg will have to figure out how to get Facebook to cautiously foresee the consequences of what it says and does while remaining an appealing place to work. “Move slow and think things through” just doesn’t have the same ring to it.

Clipisode launches a ‘talk show in a box’

A company called Clipisode is today launching a new service that’s essentially a “talk show in a box,” as founder Brian Alvey describes it. Similar to how Anchor now allows anyone to build a professional podcast using simple mobile and web tools, Clipisode does this for video content. With Clipisode, you can record a video that can be shared across any platform – social media, the web, text messages – and collect video responses that can then be integrated into the “show” and overlaid with professional graphics.

The video responses feature is something more akin to a video voicemail-based call-in feature.

Here’s how it works. The content creator will first use Clipisode to record their video, and receive the link to share the video across social media, the web, or privately through email, text messaging, etc. When the viewer or guest clicks the link, they can respond to the question the show’s “host” posed.

For example, a reporter could ask for viewers’ thoughts on an issue or a creator could ask their fans what they want to see next.

How the video creator wants to use this functionality is really up to them, and specific to the type of video show they’re making.

To give you an idea, during a pre-launch period, the app has been tested by AXS TV to promote their upcoming Top Ten Revealed series by asking music industry experts “Who Is Your All-time Favorite Guitarist?

BBC Scotland asked their Twitter followers who they want to see hired as the new manager for the Scotland national football team.

A full-time Twitch gamer, Chris Melberger asked his subscribers what device they watch Twitch on.

The content creator can then receive all the video responses to these questions privately, choose which ones they want to include in their finished show, and drag those responses into the order they want. The creator can respond back to the clips, too, or just add another clip at the end of of their video. Uploading pre-recorded clips from services like Dropbox or even your phone is supported as well.

Plus, content creators can use Clipisode to overlay professional-looking animations and graphics on top of the final video with the responses and replies. This makes it seem more like something made with help from a video editing team, not an app on your phone.

Because Clipisode invitations are web links, they don’t require the recipients to download an app.

“[People] don’t want to download an app for a one-time video reply,” explains Alvey. “But with this, people can reply.” And, he adds, what makes Clipisode interesting from a technical perspective, is that the web links users click to reply can work in any app in a way that feels seamless to the end user.

“That’s our biggest trick – making this work in other people’s apps, so there’s no new social network to join and nothing to download,” he says.

The app is free currently, but the plan is to generate revenue by later selling subscription access to the authoring suite where users can create the animated overlays and branding components that give the video the professional look-and-feel.

In an online CMS, creators can author, test and deploy animated themes that run on top of their videos.

The final video product can be shared back to social media, or downloaded as a video file to be published on video-sharing sites, social media, or as a video podcast.

Clipisode has been in development for some time, Alvey says. The company originally raised less than a million from investors including Mike Jones and Mark Cuban for a different product the founder describes as a Patreon competitor, before pivoting to Clipisode. Investors funded the new product with less than half a million.

The app itself took a couple of years to complete, something that Alvey says has to do with the animation studio it includes and the small team. (It’s just him and technical co-founder Max Schmeling.)

Clipisode is a free download on iOS and Android.

Google’s on-by-default ‘Articles for You’ leverage browser dominance for 2,100 percent growth

When you’ve got leverage, don’t be afraid to use it. That’s been Google’s modus operandi in the news and publishing world over the last year or so as it has pushed its AMP platform, funding various news-related ventures that may put it ahead, and nourished its personalized Chrome tabs on mobile. The latter, as Nieman Labs notes, grew 2,100 percent in 2017.

You may have noticed, since Chrome is a popular mobile browser and this setting is on by default, but the “Articles for You” appear automatically in every new tab, showing you a bunch of articles the company things you’d like. And it’s gone from driving 15 million article views to a staggering 341 million over the last year.

In late 2016, when Google announced the product, I described it as “polluting” the otherwise useful new tab page. I also don’t like the idea of being served news when I’m not actively looking for it — I understand that when I visit Google News (and I do) that my browser history (among other things) is being scoured to determine what categories and stories I’ll see. I also understand that everything I do on the site, as on every Google site, is being entered into its great data engine in order to improve its profile of me.

Like I said, when I visit a Google site, I expect that. But a browser is supposed to be a tool, not a private platform, and the idea that every tab I open is another data point and another opportunity for Google to foist its algorithms on me is rankling.

It has unsavory forebears. Remember Internet Explorer 6, which came with MSN.com as the default homepage? That incredible positioning drove so much traffic that for years after (and indeed, today) it drove disgusting amounts of traffic to anything it featured. But that traffic was tainted: you knew that firehose was in great part clicks from senior citizens who thought MSN was the entire internet.

Of course the generated pages for individual users aren’t the concentrated fire of a link on a major portal, but they are subject to Google approval and, of course, the requisite ranking bonus for AMP content. Can’t forget that!

But wherever you see the news first, that’s your news provider. And you can’t get much earlier than “as soon as you open a new tab.” That’s pretty much the ultimate positioning advantage.

Just how this amazing growth occurred is unclear. If there’s been any word of mouth, I missed it. “Have you tried scrolling down? The news is just right there!” It seems unlikely. My guess would be that the feature has been steadily rolling out in new regions, opting in new users who occasionally scroll down and see these stories.

And unlike many other news distribution platforms, there isn’t much for publishers or sites like this one to learn about it. How are stories qualified for inclusion? Is there overlap with Google News stuff? What’s shown if people aren’t signed in? I’ve asked Google for further info.

Do you, like me, dislike the idea that every time you open a tab — not just when you use its services — Google uses it as an opportunity to monetize you, however indirectly? Fortunately, and I may say consistent with Google’s user-friendliness in this type of thing, you can turn it off quite easily — on iOS, anyway.

Open the menu at the top right of any tab and hit settings. There should be a “Suggested articles” toggle — disable that and you’re done. While you’re at it, you might just head into Privacy and disable search and site suggestions and usage data.

On Android? You’ll have to dig into the app’s flags and toggle the hidden setting there. Not as user-friendly.

Huawei says it’s still committed to the U.S., in spite of, well, everything

A funny thing happened the last couple of times I was briefed on a Huawei flagship product: news was breaking about some major roadblock for the company’s U.S. distribution plans. First it was AT&T backing out in the midst of CES and then it was Best Buy’s decision to drop the company just ahead of the big P20 launch (though a rep for the company told me the States were never part of its plans for that handset). 

It’s been one thing after another as the Chinese hardware maker has worked to establish a meaningful presence here in the States. In spite of all of this fallout from government pushback, however, the company insists that it’s not going anywhere.

In an email to CNET, the company’s consumer CEO reaffirmed that commitment. “We are committed to the U.S. market and to earning the trust of U.S. consumers by staying focused on delivering world-class products and innovation,” Yu writes. “We would never compromise that trust.”

The sentiment echoes statements Yu made on-stage at CES in the wake of the AT&T deal implosion — albeit much more measured this time around. Most of Yu’s followup reinforced his earlier assertions that, in spite of multiple warning from various US security departments, this whole thing is blow entirely out of proportion.

“The security risk concerns are based on groundless suspicions and are quite frankly unfair,” Yu adds. ”We welcome an open and transparent discussion if it is based on facts.”

Even if the company’s intentions are as stated, Huawei’s got an epic uphill climb if it’s going to make any sort of dent in the world’s third-largest mobile market. The company’s carrier play is non-existent in a country where most phones are purchased through telecoms. And abandonment by the biggest big box store in the States was insult to injury.

And if the company does manage to reverse those trends, it will still be a hard sell for U.S. consumers after several warnings from the country’s defense departments. 

Thursday 29 March 2018

Instagram reenables GIF sharing after GIPHY promises no more racism

A racial slur GIF slipped into GIPHY’s sticker library earlier this month, prompting Instagram and Snapchat to drop their GIPHY integrations. Now Instagram is reactivating after GIPHY confirmed its reviewed its GIF library four times and will preemptively review any new GIFs it adds. Snapchat said it had nothing to share right now about whether it’s going to reactivate GIPHY.

“We’ve been in close contact with GIPHY throughout this process and we’re confident that they have put measures in place to ensure that Instagram users have a good experience” an Instagram spokesperson told TechCrunch. GIPHY told TechCrunch in a statement that “To anyone who was affected: we’re sorry. We take full responsibility for this recent event and under no circumstances does
GIPHY condone or support this kind of content . . . We have also finished a full investigation into our content moderations systems and processes and have made specific changes to our process to ensure soemthing like this does not happen again.”

We first reported Instagram was building a GIPHY integration back in January before it launched a week later, with Snapchat adding a similar feature in February. But it wasn’t long before things went wrong. First spotted by a user in the U.K. around March 8th, the GIF included a racial slur. We’ve shared a censored version of the image below, but warning, it still includes graphic content that may be offensive to some users.

When asked, Snapchat told TechCrunch ““We have removed GIPHY from our application until we can be assured that this will never happen again.” Instagram wasn’t aware that the racist GIF was available in its GIPHY integration until informed by TechCrunch, leading to a shut down of the feature within an hour. An Instagram spokesperson told TechCrunch “This type of content has no place on Instagram.” After 12 hours of silence, GIPHY responded the next morning, telling us “After investigation of the incident, this sticker was available due to a bug in our content moderation filters specifically affecting GIF stickers.”

The fiasco highlights the risks of major platforms working with third-party developers to brings outside and crowdsourced content into their apps. While it’s an easy way to provide more entertainment and creative expression tools, it also forces companies to rely on the quality and safety of things they don’t fully control.

GIPHY’s full statement is below.

CHANGES TO GIPHY’S STICKER MODERATION
Before we get into the details, we wanted to take a moment and sincerely apologize for the
deeply offensive sticker discovered by a user on March 8, 2018. To anyone who was affected:
we’re sorry. We take full responsibility for this recent event and under no circumstances does
GIPHY condone or support this kind of content.
The content was immediately removed and after investigation a bug was found in our content
moderation filters affecting stickers. This bug was immediately fixed and all stickers were re-
moderated.
We have also finished a full investigation into our content moderation systems and processes
and have made specific changes to our process to ensure something like this does not happen
again.

THE CHANGES
After fixing the bug in our content moderation filters and confirming that the sticker was
successfully detected, we re-moderated our entire sticker library 4x.
We have also added another level of GIPHY moderation before each sticker is approved into
the library. This is now a permanent addition to our moderation process.
We hope this will ensure that GIPHY stickers will always be fun and safe no matter where you
see them.

THE FUTURE AND BEYOND
GIFs and Stickers are supposed to make the Internet a better, more entertaining place.
GIPHY is committed to making sure that’s always the case. As GIPHY continues to grow, we’re
going to continue looking for ways to improve our user experience. Please let us know how we
can help at: support@giphy.com.
Team Giphy.

 

Apple releases iOS 11.3 with new Animojis

Apple just released an iOS update for your iPhone and iPad. 11.3 introduces a ton of bug fixes but also a bunch of new features. If you forgot about Animjois, today is your lucky day as Apple is adding four new Animojis — a dragon, a bear, a lion and a skull.

But that’s not all. Apple already shared a preview of iOS 11.3 a couple of months ago. There’s a big ARKit update to ARKit 1.5. It can recognize more objects and surfaces.

And iOS 11.3 is also the battery update we’ve all been waiting for. There’s some new info in the settings about the status of your battery. It tells you the overall capacity and if it’s time to change your battery.

You can also choose to disable Apple’s controversial decision to throttle performance with old batteries. Apple says it’s a beta feature for now.

Apple is also introducing a new feature in the Health app. You can now centralize all your health records in the app. It’s only limited to a handful of clinics for now.

Apple is adding customer support conversations to Messages. You can initiate a conversation with a business to order something, book a table and more. Discover, Hilton, Lowe’s and Wells Fargo are already on board. Health Records and Business Chats are only available in the U.S. as a beta for now.

You’ll also see a new privacy icon across the operating system. A new website to export all your data is coming in May as well. Apple needs to add those features to comply with GDPR.

Finally, Apple Music is getting a new video clips section, the App Store Updates tab now shows you the size of each update and more tiny little things. And if you care about security, it’s always a good thing to update to the latest version of iOS. Unfortunately, iOS 11.3 still doesn’t include iMessage in iCloud.

Back up your iPhone or iPad to iCloud or your computer using iTunes before updating. You can then head over to the Settings app, then ‘General’, then ‘Software Update’. macOS 10.13.4 and tvOS 11.3 are also available today.

Google Play audiobooks get Smart Resume, bookmarks and Assistant routines support

Google Play Audiobooks is getting a major update today that adds a number of new features to the service that were sorely missing when it launched earlier this year. None of these are groundbreaking, but they’ll help Google reach feature parity with some of its competitors while injecting a bit of its proprietary smarts into the process, too.

Maybe the most useful new feature in today’s release is Smart Resume. Instead of picking up in the middle of a sentence or even word when your audiobook playback gets interrupted (maybe by Google Maps giving you directions or a friendly passerby who is asking for directions while you are clearly listening to an audiobook). Depending on the length of the interruption, this new feature will smartly rewind to the beginning of the word or sentence to help you stay in the flow.

Also new in this update are the ability to set bookmarks so you can easily go back to your favorite part of a book and the ability to speed up the audio — or slow it down so you can really savor your favorite passage in Ulysses. Both of these features were definitely missing in the first release.

If you’re a regular Google Assistant user and are already making use of the recently launched Routines feature, you’ll be happy to hear that you can now choose to continue your audiobooks when you wake up or start your commute.

And if you have family that’s spread around the world, you’ll be happy to hear that support for Google’s Family Library, which allows you to share Google Play purchases like apps, games, movies, e-books and audiobooks, is now rolling out in 13 new countries: Belgium, Germany, Italy, Netherlands, Norway, Poland, Russia, Spain, Switzerland, Chile, Mexico, Japan (audiobooks only) and South Africa.

All of these new features are now available on iOS and Android.

 

Wednesday 28 March 2018

Security flaw in Grindr exposed locations to third-party service

Users of Grindr, the popular dating app for gay men, may have been broadcasting their location despite having disabled that particular feature. Two security flaws allowed for discovery of location data against a user’s will, though they take a bit of doing.

The first of the flaws, which were discovered by Trever Faden and reported first by NBC News, allowed users to see a variety of data not available normally: who had blocked them, deleted photos, locations of people who had chosen not to share that data, and more.

The catch is that if you wanted to find out about this, you had to hand over your username and password to Faden’s purpose-built website, C*ckblocked (asterisk original), which would then scour your Grindr account for this hidden metadata.

Of course it’s a bad idea to surrender your credentials to any third party whatsoever, but regardless of that, this particular third party was able to find data that a user should not have access to in the first place.

The second flaw involved location data being sent unencrypted, meaning a traffic snooper might be able to detect it.

It may not sound too serious to have someone watching a wi-fi network know a person’s location — they’re there on the network, obviously, which narrows it down considerably. But users of a gay dating app are members of a minority often targeted by bigots and governments, and having their phone essentially send out a public signal saying “I’m here and I’m gay” without their knowledge is a serious problem.

I’ve asked Grindr for comment and confirmation; the company told NBC News that it had changed how data was handled in order to prevent the C*ckblocked exploit (the site has since been shut down), but did not address the second issue.

Hide 3D paintings anywhere with AR app Artopia

Public places may soon be filled with secret pieces of art unlocked by looking through the lens of AR, if Artopia’s cheerily creative app catches on. It essentially lets you geocache your 3D scribbles so anyone else can find, appreciate, and share them.

Artopia, currently in beta for Android and iOS, is a straightforward combination of AR painting and real world discovery. You make your art by selecting brushes, colors, and so on and moving your phone as you would the brush. Grab objects and move them around, attach them, etc.

When you’re done, save it and its precise location is saved to Artopia’s service. Now anyone passing by will be able to see it (a map shows nearby creations) and who made it, give it a like, and maybe draw some complementary work nearby.

It’s simple (in concept, not in execution), but also a thoroughly pleasant and natural combo. Of course, there will also be a report button in case someone draws a fence of phalluses around your house (for example), and the usual caveats of crowd-sourced content and moderation apply.

Artopia was created by Kuwaiti developer Omar Khalil, so the density of art might be a bit higher around the American University of Kuwait. But if this sounds like something you’re into, apply to get into the beta and start filling the parks and streets around your neighborhood with color and shape.

Waze officially launches its ad program for small businesses

With the launch of Waze Local, Google-owned navigation app Waze is offering small businesses a way to market themselves to consumers  on the road.

Waze has allowed larger brands to buy ads for years, and it’s been beta testing Waze Local since 2016.

“It’s been a gradual strategy,” said Matt Phillips, who leads the Waze Local team. “We wanted to get it right.”

He added that the key is understanding the needs of small businesses — like the fact that most of them are more interested in driving traffic to their physical stores than their websites.

As Phillips explained it, Waze Local’s “core ad format” is the branded pin, which will appear on users’ screens as they drive near a store’s location. For some advertisers, such as coffee shops, a branded pin might persuade drivers to make a quick detour before they continue their commute. For others, the pin might not lead to an immediate action, but it still helps build awareness.

In addition, Waze Local offers advertisers the opportunity to promote their listings in Waze search results, and to run what the company calls a zero-speed takeover — a big banner ad across the top of the screen, which only appears when the driver has come to a complete stop. And advertisers can see real-time data on how their campaigns are performing.

Waze will charge for ads on a CPM basis, and Phillips said businesses running the most basic campaigns could pay as little as $2 per day.

If you’re worried about the app getting overrun with ads, it’s worth remembering that Waze was already offering these formats to larger advertisers. So you may just see more ads now, and more of them are likely come from local businesses. (Phillips also said Waze will never show more than three branded pins at one time.)

During the beta test, Waze Local ended up driving an average 20 percent increase in navigations to the businesses buying ads. One of the early advertisers was Kung Fu Tea, which saw more than 5,500 drivers navigating via Waze Local to 16 Kung Fu Tea locations over a three-month period.

When asked if Google might eventually connect Waze Local to its other ad products, Phillips acknowledged that Waze does share some anonymized data with Google around things like traffic, but he said, “Our focus is to build this platform for small and medium businesses … We’re happy with the roadmap as is.”