‘Google Tracked iPhones, Bypassing Apple Browser Privacy Settings’

/

I saw the following bit from a Wall Street Journal article on The Brooks Review this morning:

To get around Safari’s default blocking, Google exploited a loophole in the browser’s privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

This is downright shameful behavior. It isn’t just Google doing this, either. But I expected better from Google. I used to really like the company, but in the last couple years many of their moves have left me considering closing off my account.

Thankfully, this loophole is already patched in Webkit (by two Google engineers, no less) and should make it’s way to a shipping version of Safari soon, according to a companion piece by the WSJ:

An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.”

An update to the software that underlies Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update. The people who handled the proposed change, according to software documents: two engineers at Google.

¶ Lion, Refined

/

I awoke this morning, reached for my iPhone, and began my ritual of reading some recent tweets to get oriented with the day’s early news. I saw a tweet by Jason Snell that announced he had a hands-on first look of OS X Mountain Lion, coming this summer.

I honestly thought it was a joke, at first. I tapped the link, expecting a Rick Astley video on YouTube, but was met with a very thorough and official looking article at Macworld complete with official looking screenshots. So I got up and went across the hall to my Mac, opened it, and fired up Apple’s site.

Yep, it’s official. OS X Mountain Lion is real. And it’s coming this summer.

iOS-ification, Refined

Apple is a company of habits. And one that is plain to see is their habit of big change, then iterate. Think of the iPhone 3G, then the iteration of the 3GS; the iPhone 4, then the iteration of the iPhone 4S. On the Mac, we can look back at OS X Leopard, which brought big changes, then Snow Leopard, which refined those new technologies; and then Lion, which was, again, a big change, and now Mountain Lion, which is a refinement of those changes.

When we got a sneak peek of Lion in October of 2010, Apple said they were bringing the best of iOS “back to the Mac”. And what we saw was the beginning of the iOS-ification of OS X. We saw things like the Mac App Store, Launchpad, Full-screen Apps, FaceTime, and a slew of new gestures come to the Mac, and they had an iOS scent to them.

Where Snow Leopard gave polish to Leopard’s underlying foundational technologies and some tweaks to newer UI, Mountain Lion is refining and polish the “back to the Mac” features introduced in Lion.

Where Lion brought us some of the way to having many of iOS’s concepts on the Mac, Mountain Lion is bringing us a lot closer.

iCloud

iCloud didn’t make its appearance on Lion until the 10.7.2 update. At that time it usurped MobileMe and took over the syncing functions of email, calendars, contacts, bookmarks, notes, and reminders. But its implementation has felt a little lacking. Documents in the Cloud are present in the backend, but there isn’t a user interface for it. Some apps are rolling their own for now.

Mountain Lion fixes that. Documents in the Cloud are now a new section of the Open/Save Dialog. Click the On This Mac button, and you get the traditional Finder-based file system. Click the iCloud button, and the dialog changes to the same linen and iOS-folder look that you can find in Apple’s iOS iWork apps.

iCloud is also featured prominently when set up a new Mac, or create a new user account. Sign in right at the beginning to pull down Store credentials, contacts, calendars, reminders, notes, email, etc.

Messages

One of my favorite features of iOS 5 is iMessage, which is integrated into Messages, which used to just handle SMS/MMS. iMessage allows iOS users to communicate with other iOS users via text, pictures, or videos, free of charge.

By far, the best part of iMessage is being able to start a conversation on my iPad while at home, and pick right up with it on my iPhone if I need to head out the door, with all the context of the entire conversation present on both devices.

(The worst part is hearing notifications go off on multiple devices throughout the entire conversation).

In Mountain Lion, iChat has been rebranded as Messages and gains iMessage support. It’s awesome. How do I know? Because Apple has released Messages as a public beta for Lion users.

It really is nice to have it on the Mac, other than now I have three devices dinging at me for message notifications.

Notifications

Speaking of notifications, Apple is bringing Notification Center to the Mac in Mountain Lion. Swipe on the trackpad or click a new button in the menu bar to reveal the Notification Center. The desktop slides off toward the left a little to reveal it as a linen layer underneath the desktop. It looks just like it does in iOS 5.

The banner notifications appear over the desktop descending from the upper right, just like Growl does. And let’s be honest, Growl just got Sherlocked.

Notes, Reminders, Contacts, & Calendars

From an article I wrote last month:

I do, however, have one little annoyance about Notes and Reminders — the way they are integrated into the Mac. On iOS, Notes and Reminders get their own apps. On the Mac, they are relegated to being apps within an app. Notes and Reminders are shoehorned into Mail and iCal, respectively.

I would much rather Notes and Reminders have their own apps on the Mac, with similar interfaces to their iOS counterparts. Notes, on its own, could effectively replace the Stickies app on the Mac.

My problem with Notes and Reminders being integrated into other apps is consistency. A great example of consistency between the Mac, iPhone, and iPad is Twitterrific. The app offers the same experience across all three devices. The user never has to question how to do anything on each device. Learn once, apply everywhere.

This is another instance where Mountain Lion refines the iOS-ification that Lion heralded. Notes and Reminders will no longer be shoehorned into Mail and iCal, respectively. They’re getting their own apps that look a lot like their iOS counterparts, with a Mac flair.

Furthering the pursuit of consistency, Address Book and iCal are being renamed to Contacts and Calendars, respectively (and getting a couple usability tweaks in their skeuomorphic UIs).

Sharing

The share button that is prevalent in iOS is going to be more widely used in Mountain Lion. This button will collect appropriate services for sharing content, based on which app you’re using.

For instance, in Safari, you can share a link to Twitter. Twitter, by the way, is also now integrated in OS X like it is in iOS 5. So, when you share something to Twitter, you’ll see the Tweet Sheet.

Another way to share things is via AirPlay. Since my wife & I got an Apple TV last year, there have been a number of occasions where we wished we could mirror our Macs to the Apple TV.

Game Center

Also, Game Center is coming to the Mac, and will allow you to play, on your Mac, against users on other Macs and even iOS devices. I’m not a heavy gamer, so this doesn’t interest me much, but I know a few folks who will love it.

Gatekeeper

Gatekeeper is a new level of security to help protect against malware. It works by only allowing apps that fall within a certain security level to run. It has three levels of security that the user can choose from:

  • Mac App Store: Only apps from the Mac App Store can run. These are the safest apps because the developers are known to Apple and the apps are reviewed by Apple prior to being published to the store.

  • Mac App Store and identified developers: In addition to the Mac App Store, developers who do not want to distribute their apps on the store can obtain a free developer ID from Apple to cryptographically sign their apps.

    Apple’s Gatekeeper site states:

    A developer’s digital signature allows Gatekeeper to verify that their app is not known malware and that it hasn’t been tampered with.

    If an app is discovered to be malware, Apple can revoke that developer’s signature certificate and stop the spread of the malware.

  • Anywhere: This allows apps from anywhere — Mac App Store, signed, or unsigned — to run on a Mac. This is the current behavior in OS X Lion.

This seems to be causing quite a stir among some folks that don’t particularly like Apple. I’ve been seeing a lot of sentiments of “They’re locking down OS X!” and “I’m going to get my data ready to jump ship, just in case”.

I can understand the fear, but I don’t think these people really understand Apple. There are a lot of smart, technologically minded folks who seem to think Apple is going to slowly tighten their grasp on developers until only the walled city of the App Store is left. I’ve also heard the sentiment that once that happens, the Mac is doomed, because developers won’t stand to have 30% of the price of their app gobbled up by Apple.

I couldn’t disagree more with all of that.

The fact that Apple went to the effort to make Gatekeeper at all shows their commitment to indie software development. Albeit, they are committing to secure indie software development. Apple always thinks of its users first, then developers.

One of the most popular OS X software developers in the world, Wil Shipley, seems to think Gatekeeper is the way to go:

(Seriously, go read that article Wil wrote and linked to above).

Simply put, Apple always supports their way, and the standard way. On iOS, they support native, cocoa touch apps via the App Store, and they also fully support (and do the best job at it) web apps. In iBooks, they support their own iBooks format and fully support ePub and PDF. On the Mac, there is the Mac App Store and developer ID and — at the user’s discretion — the old way of unsigned apps.

I firmly believe that Apple’s effort to secure indie app development outside of the App Store indeed secures its existence. If Apple wanted to go Mac App Store only, I don’t think they’d take the “boil a frog” approach. I think they’d just do it, and if you don’t like it, well, so long and thanks for all the fish.

Does Apple prefer that developers go with the Mac App Store? You bet. I’m sure that 30% cut plays a part in the motivation. But I think running a super secure system plays a bigger part. And that in itself will drive the bottom line as more people buy Apple’s technology.

Is there a carrot enticing developers over to the Mac App Store? You bet. Only apps on the Mac App Store can access iCloud and Notification Center.

Is Apple going to shut down indie development outside of the App Store? I seriously doubt it. However, I could see Apple shutting down unsecured indie development on the Mac. Maybe the successor to Mountain Lion will take away that Anywhere option within Gatekeeper, which isn’t a bad thing.

And hey, maybe I’m reading too much into this, but that Gatekeeper icon has one gate closed, and one open. How appropriate.

I have to say, it was an extremely pleasant surprise to be truly surprised by Mountain Lion’s announcement. There wasn’t an inkling of it that I saw in the rumor mill. While the rumor mill can be quite fun, it gets tiring finding out about stuff beforehand and sullies the excitement of when Apple makes an announcement. It was great to see how Apple handled this announcement, which was very different from the past. Be sure to read John Gruber’s account of finding out about Mountain Lion.

I am honestly blown away with how fantastic Mountain Lion looks, and I am going to be one very impatient person until it launches this summer.

Apple to Require User Permission for Contact Data

/

No doubt in response to last week’s controversy about Path uploading user’s entire address book, Apple has issued the following statement to AllThingsD:

“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”

So, now we wait to see if it comes with iOS 5.1 in a month or so, or if Apple rolls out iOS 5.0.2 to patch this up a little faster. It’s a good response from Apple, since Path isn’t the only app out there that had been doing this.

Elevation Dock

/

Casey Hopkins couldn’t find the perfect iPhone dock, so he decided to make his own. He proposed the idea on Kickstarter, with a goal of $75,000 to get the project off the ground. There’s less than a day left of the proposal period, and the project has been backed by almost 11,000 people (including yours truly) and has raised 1.2 million George Washington treasury notes.

What I like best is that Elevation Dock doesn’t just support the iPhone 4 and 4S, but all iPhone, iPod touch, and iPod nano models, with or without a case. This also makes it a good bet it will last through future models.

Watch the fantastic video below (sorry about it being Flash, blame Kickstarter), and then hurry up and back the project, since you’ll get an Elevation cheaper than it will retail for.

Photofocus Reviews the iPhone 4S Camera

/

Scott Bourne on the iPhone 4S camera:

I just finally got an Apple iPhone 4s. The camera included with this phone simply blows me away. I now see why under $200 point and shoot sales are dropping like a rock. The pictures you can make with this phone meet or exceed the quality that you can get out of many of the sub $200 point and shoot cameras. In fact, with proper lighting and technique, this camera can perform up to the level of some of the $400 and $500 point and shoots.

[…]

The iPhone 4s is one of the most user-friendly cameras in the world. Since you can access this camera for as little as $199 (including the rest of the iPhone) I think it’s a great value. The best camera is the one you have with you and I never go anywhere without my phone, so I always have a camera. And now – I always have a camera that is competent enough to take photos that could print as large as 8×10″ if properly exposed in good light.

I have long followed Scott Bourne as a photographer and highly respect his evaluations. The cameras I own are a Canon EOS 40D, Canon PowerShot G9, and my iPhone 4. The G9 is rarely touched, and the 40D only when I am setting out on a photographic mission. My iPhone 4 is always with me, is quick to use, and takes pretty darn good pictures. And the iPhone 4S camera is better. The G9 does have its rare uses, but I can’t foresee buying another point and shoot to replace it.

More than anything, with each iPhone release, I look forward to what the camera will be like. Like I said, I love my 4, but whatever the next iPhone is, I can’t wait to take pictures with it.

¶ A Big Day for Tweetbot

/

Tweetbot 2.0

Tapbots released Tweetbot 2.0 for iPhone and iPod touch today. What was already a really well polished Twitter client is now at a high gloss. My biggest pet peeve has been fixed in the timeline. You used to need to tap twice on an account name or link to activate it, and now it is a single tap.

I also really enjoy how Tapbots has relocated the retweeted by icon and text. Direct messages have been overhauled and display much like the Messages app in iOS 5, but with Tapbots’ signature style.

The coolest little touch is the redesigned notification of how many new tweets have loaded. It sticks to the top of the tweet list, and as you scroll it counts down the number of remaining new tweets. Like I said, it’s a nice touch.

Tweetbot for iPad

But that wasn’t all Tapbots was up to today. They also released Tweetbot for iPad, which is a separate app from its smaller-screened sibling.

Tweetbot for iPad is really impressive. Tapbots has paid a lot of attention to detail in the interface and interaction. The layout and flow of the app was designed brilliantly.

If you miss what once was Tweetie, and abhor what Twitter has done with it since acquiring it, you should give Tweetbot a shot. It’s the kind of “everything and the kitchen sink” client that Tweetie was. The iPad experience is fantastic. Most of all, Tweetbot’s polish on both devices makes it feel like a precision instrument.

For $2.99 each, you can buy Tweetbot for iPhone/iPod touch and iPad on the App Store.

I am a huge Twitterrific advocate. Not only is Twitterrific a universal app, it has a Mac version, and offers the same experience across the board. However, in recent months, Twitterrific has tended to fall behind on the feature list when compared to the competition. I still love Twitterrific and it is my go-to app, mainly because the mindset of its design gels with me. And, after years of using it, I have found that when it starts to lag behind in comparison, it means it is on the verge of a giant update to lap the competition.

‘We are sorry.’

/

Yesterday, a pretty big fiasco happened with a neat app (that I use) called Path. It was discovered by Arun Thampi:

I started to observe the various API calls made to Path’s servers from the iPhone app. It all seemed harmless enough until I observed a POST request to https://api.path.com/3/contacts/add.

Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path. Now I don’t remember having given permission to Path to access my address book and send its contents to its servers, so I created a completely new “Path” and repeated the experiment and I got the same result – my address book was in Path’s hands.

Arun made sure to point out that he was sure Path did not have nefarious intentions, and in fact, Path’s founder followed up in the comments to Arun’s post to ensure the data is only used to help users find personal friends who are also using the service.

The problem with all this is (1) Path never asks for permission to access your contacts, (2) it doesn’t even use a hash to obscure the data before transmission (though Path says it is sent through a secure channel), and (3) it’s taking your entire address book — names, phone numbers, birthdays, anniversaries, home addresses, and email addresses — not just the email addresses it would need to make the match.

And all that data, while sent through an encrypted channel, sits on a Path server, which could be (not saying it is being) accessed for data mining. It’s an extremely poor practice. It would be much less discomforting if the app one-way hashed the information, then transmitted it, and then those hashes should remain unreadable by people. They could still be matched, but the actual information wouldn’t be reversed for data mining.

And above all, the user should have a say in the matter.

Well, Path responded today on their blog. The pertinent parts, with commentary:

We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.

As our mission is to build the world’s first personal network, a trusted place for you to journal and share life with close friends and family, we take the storage and transmission of your personal information very, very seriously.

Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.

I believe this is a heartfelt apology. Path knows they screwed the pooch.

In the interest of complete transparency we want to clarify that the use of this information is limited to improving the quality of friend suggestions when you use the ‘Add Friends’ feature and to notify you when one of your contacts joins Path––nothing else. We always transmit this and any other information you share on Path to our servers over an encrypted connection. It is also stored securely on our servers using industry standard firewall technology.

Transparency is good. Path should have been transparent about this from the get-go. I still think they should only take pertinent data after the user gives their blessing, instead of all the data. And that data should be obscured before, during, and after transmission.

We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.

That’s a good move.

In Path 2.0.6, released to the App Store today, you are prompted to opt in or out of sharing your phone’s contacts with our servers in order to find your friends and family on Path. If you accept and later decide you would like to revoke this access, please send an email to service@path.com and we will promptly see to it that your contact information is removed.

Also good news.

This is all a good start to fixing the problem, but this shouldn’t have been a problem in the first place. Path should have had better practices to begin with.

I’m glad to see they responded quickly.

Quote: Shawn Blanc

/

Shawn Blanc:

It’s only a matter of time until consumers begin buying and using iPads (and other tablets) as their primary computers. Why wait until then to call the iPad a PC? The iPad is a PC today.

This past Christmas, my mother-in-law bought my father-in-law an iPad to replace his aging Dell. My friend Aaron and his siblings also pooled together and got their parents an iPad to use as their main machine. In just under two years since it entered people’s homes, the iPad is already replacing keyboard & mouse computers for plenty of folks.