The New Instapaper Bookmarklet

/

Marco Arment, creator of Instapaper, announced a fantastic set of updates to the Read Later bookmarklet:

[…]the bookmarklet now sports a completely new design that’s highly visible at every screen size, and works in more browsers[…]

The new bookmarklet now also supports automatic saving of every page in multi-page articles.

And best of all, if you already have the bookmarklet:

You don’t need to reinstall your Read Later bookmarklet to get this update. It applies automatically to the one you already have.

It’s a great experience, and is just one more of those little details that makes me love Instapaper so much.

Here's Some Ads with Your Apps

/

Twitter:

With our most recent app updates, Promoted Accounts are now in Twitter for iPhone and Twitter for Android. And in the coming weeks, we’ll begin introducing Promoted Tweets in the timeline on these mobile apps. Initially, a small number of users may see Promoted Tweets near the top of their timelines from brands they already follow.

This isn’t really a surprise. It was only a matter of time since promoted tweets started happening on the website.

My question is how long until third-party apps have to include promoted tweets?

‘Google Tracked iPhones, Bypassing Apple Browser Privacy Settings’

/

I saw the following bit from a Wall Street Journal article on The Brooks Review this morning:

To get around Safari’s default blocking, Google exploited a loophole in the browser’s privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

This is downright shameful behavior. It isn’t just Google doing this, either. But I expected better from Google. I used to really like the company, but in the last couple years many of their moves have left me considering closing off my account.

Thankfully, this loophole is already patched in Webkit (by two Google engineers, no less) and should make it’s way to a shipping version of Safari soon, according to a companion piece by the WSJ:

An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.”

An update to the software that underlies Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update. The people who handled the proposed change, according to software documents: two engineers at Google.

Apple to Require User Permission for Contact Data

/

No doubt in response to last week’s controversy about Path uploading user’s entire address book, Apple has issued the following statement to AllThingsD:

“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”

So, now we wait to see if it comes with iOS 5.1 in a month or so, or if Apple rolls out iOS 5.0.2 to patch this up a little faster. It’s a good response from Apple, since Path isn’t the only app out there that had been doing this.

Elevation Dock

/

Casey Hopkins couldn’t find the perfect iPhone dock, so he decided to make his own. He proposed the idea on Kickstarter, with a goal of $75,000 to get the project off the ground. There’s less than a day left of the proposal period, and the project has been backed by almost 11,000 people (including yours truly) and has raised 1.2 million George Washington treasury notes.

What I like best is that Elevation Dock doesn’t just support the iPhone 4 and 4S, but all iPhone, iPod touch, and iPod nano models, with or without a case. This also makes it a good bet it will last through future models.

Watch the fantastic video below (sorry about it being Flash, blame Kickstarter), and then hurry up and back the project, since you’ll get an Elevation cheaper than it will retail for.

‘We are sorry.’

/

Yesterday, a pretty big fiasco happened with a neat app (that I use) called Path. It was discovered by Arun Thampi:

I started to observe the various API calls made to Path’s servers from the iPhone app. It all seemed harmless enough until I observed a POST request to https://api.path.com/3/contacts/add.

Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path. Now I don’t remember having given permission to Path to access my address book and send its contents to its servers, so I created a completely new “Path” and repeated the experiment and I got the same result – my address book was in Path’s hands.

Arun made sure to point out that he was sure Path did not have nefarious intentions, and in fact, Path’s founder followed up in the comments to Arun’s post to ensure the data is only used to help users find personal friends who are also using the service.

The problem with all this is (1) Path never asks for permission to access your contacts, (2) it doesn’t even use a hash to obscure the data before transmission (though Path says it is sent through a secure channel), and (3) it’s taking your entire address book — names, phone numbers, birthdays, anniversaries, home addresses, and email addresses — not just the email addresses it would need to make the match.

And all that data, while sent through an encrypted channel, sits on a Path server, which could be (not saying it is being) accessed for data mining. It’s an extremely poor practice. It would be much less discomforting if the app one-way hashed the information, then transmitted it, and then those hashes should remain unreadable by people. They could still be matched, but the actual information wouldn’t be reversed for data mining.

And above all, the user should have a say in the matter.

Well, Path responded today on their blog. The pertinent parts, with commentary:

We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.

As our mission is to build the world’s first personal network, a trusted place for you to journal and share life with close friends and family, we take the storage and transmission of your personal information very, very seriously.

Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.

I believe this is a heartfelt apology. Path knows they screwed the pooch.

In the interest of complete transparency we want to clarify that the use of this information is limited to improving the quality of friend suggestions when you use the ‘Add Friends’ feature and to notify you when one of your contacts joins Path––nothing else. We always transmit this and any other information you share on Path to our servers over an encrypted connection. It is also stored securely on our servers using industry standard firewall technology.

Transparency is good. Path should have been transparent about this from the get-go. I still think they should only take pertinent data after the user gives their blessing, instead of all the data. And that data should be obscured before, during, and after transmission.

We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.

That’s a good move.

In Path 2.0.6, released to the App Store today, you are prompted to opt in or out of sharing your phone’s contacts with our servers in order to find your friends and family on Path. If you accept and later decide you would like to revoke this access, please send an email to service@path.com and we will promptly see to it that your contact information is removed.

Also good news.

This is all a good start to fixing the problem, but this shouldn’t have been a problem in the first place. Path should have had better practices to begin with.

I’m glad to see they responded quickly.

OS X Lion 10.7.3

/

Apple let OS X Lion 10.7.3 out of the gate today, bringing a crap ton of fixes. It also bumps Safari to version 5.1.3, but there isn’t much news on what is new with my favorite browser.

Really, there aren’t any landmark features to talk about, but the fit & finish of Lion feels even tighter. My guess is, from the sheer size of the update, there are a lot more fixes in this update than listed on Apple’s support page.

Kindle Touch Software 5.0.3

/

I have been checking Amazon’s page for Kindle software updates every week or so since Christmas, as they tend to post them on the site for manual download before pushing them out over wireless directly to the device. The reason I have been checking is that, as much as I love my Kindle Touch, the responsiveness seems to have been getting worse over time.

Last night I checked again and noticed an update, version 5.0.3, had been posted for the Kindle Touch (mine shipped with 5.0.1, never saw 5.0.2).

The page doesn’t list what Amazon has improved, but after a manual install, I can affirm that page turns, navigation, and overall snappiness are much improved.

This update makes an already nice Kindle extremely great.

The Death Knell of IE6

/

Microsoft:

Everyone benefits from an up-to-date browser.

Today we are sharing our plan to automatically upgrade Windows customers to the latest version of Internet Explorer available for their PC. This is an important step in helping to move the Web forward.

[…]

The Web overall is better – and safer – when more people run the most up-to-date browser. Our goal is to make sure that Windows customers have the most up-to-date and safest browsing experience possible, with the best protections against malicious software such as malware.

I cannot tell you how great of a move this is on Microsoft’s part. IE6 is the bane of the Internet, and I know so many people who use it because they don’t know there have been three new versions since. IE9 isn’t fully standards-compliant, but it is a great step in the right direction. And IE10 looks promising.

Chrome auto-updates, Firefox is going there. Apple already pushes new versions of Safari via Software Update, though the user must still choose to install it. For the fast pace of the Internet, auto-updating is the right thing to do for home users (my only gripe is the user is often not told what is new).

It seems Microsoft finally took notice they were shipping a terrible browser, and ever since they have been on the frontline to kill the zombie that is IE6.

[via Zeldman]