Thursday, 9 May 2019

Thoughts on the up and coming Apple Arcade

The App Store is dead.
No, hear me out. I know it’s been making more money than ever, but the financial figures only tell part of the story. Money may be up, probably due to subscriptions, but downloads are down. That is probably because, these days, what used to be the open range safari of an App Store is mostly catered for by a very few companies delivering the big apps that almost everybody uses (thing Facebook, Instagram, Snapchat, Google Maps) and a tiny bit of a few other things on the side that are probably struggling to survive (think Evernote).
That old concept that said all one needs in order to make a killer app and retire a millionaire hasn’t been cutting the threshold of reality since around 2014. Exceptions exist, true, but so do lottery winners, and none of us take lottery winning for granted; we’re smart enough to know the odds mean it’ll never happen to us.
Looking at games, specifically, the App Store is even more than dead. It’s a dead zombie walking. Have a look at all the charts and you will have a hard time finding a premium game; everything is freemium, and - by definition - a freemium game cannot be a good game.  A good game is a game that’s focused on being a good game, usually by delivering a good narrative; a freemium game is a game that’s focused on drawing money out of the coffers of its players.
If Apple was truly caring for us, its users, it would offer search options where games are ranked in depending order of cost. Better yet, it would allow the option of ignoring freemium apps in the search.

If the iOS App Store is dying, then the tvOS App Store can never be said to have been alive in the first place. Sure, when the fourth generation Apple TV came out there was this promise that it would turn our living room into a gaming arena, but that was hampered by two factors:
First, those of us who wanted a gaming arena around their TV already had much superior options to do so with. Think PlayStation.
Second, anyone who tried the Siri remote that comes with the Apple TV will know it’s a pain to use when all one seeks to do is watch something on Netflix; for gaming purposes, it’s a total nightmare. Proper console like controllers can be purchased, yes, but they’re expensive and they are trapped in that chicken-and-egg conundrum of having the games first before bothering to buy a controller.

Into this scene Apple is now proposing to bring the Apple Arcade. For a fee rumoured to be $10 (USD) a month, users would be able to play some 100 games Apple had paid hundreds of millions ($500M, according to this report) for external game developers to create. Assuming the catalog will only grow in size over time, expect the Apple Arcade to open around September 2019 with the release of iOS 13.
Further, those Apple Arcade games would be playable on iOS (that’s iPhone and iPad for you), tvOS (Apple TV), and macOS. In effect, through iCloud sync, that would create an environment not unlike the Nintendo Switch’s: you could play at home on your big TV with a controller, then take the game with you to play when you’re out and about. Or even at work, but don’t tell anyone. The technical capabilities of these devices is certainly not far off the Switch’s, if not better in certain aspects.
The question is, what would Apple Arcade achieve? Would we be better off for its existence, or would it create a worse world as far as good games are concerned?

Naturally, the knee jerk reaction is to welcome any initiative where games receive proper funding and where games are being properly paid for. At first glance, Apple Arcade could be a life saver.
Nothing, however, is simple as it may seem. There is a lot to question with regards to Apple’s approach with Apple Arcade.
Consider the developers it had engaged. The likes of Will Wright of Sim City and The Sims fame; or Hironobu Sakaguchi, the creator of Final Fantasy. Are these the sort of people that need Apple’s cash to create a good game in the first place?
Take a look at the companies Apple has been engaging with. Are Lego and Sega, to pick a couple, the sort of companies that have any problems releasing video games on their own?
Sure, there is nothing wrong with us having more games from these makers. Spare a thought, though, for the small indie developer out there, armed with fantastic ideas and no funding: what hope lies in their future when all the money goes towards the already rich and famous? Worse, who in their sound mind would pay to buy their games when they’re already paying $10 a month to Apple Arcade?
Apple Arcade could be a boon for all those involved, but it could be a disaster for all those left out. And those left behind are the majority of developers out there, the ones that - once upon a time - helped Apple make the App Store the giant it is.
Me, I’d rather see Apple spend its money on smaller developers. Or initiate some sort of a program that would allow them to come up with something, rather than invest in the already tried and tested that we are generally saturated with already.

Then there is the discussion on whether $10 a month would work. Most of us are already spending considerable sums a month on various entertainment subscriptions, be they cable or Netflix for video or Spotify and Apple Music for music. Gamers are already paying for the likes of PlayStation Plus or Nintendo’s generally struggling online service. Do we care to add the considerable sum of $10 a month on top? $120 a year?
I expect many, if not most, to be pushed back by this price. Personally, I’d love to pay for games but I hardly get the time to play them; spending $10 a month when I can only play 1-2 hours a week seems highly irrational to me, no matter the good thoughts that paying for good games bring.
I would have preferred some sort of a tiered payment structure that could ease the pain.

Last, but not least (at least for yours truly), is the matter of privacy.
Ads, tracking, and data harvesting are the hidden bane of modern gaming. Most people are unaware or turn a blind eye, but there are hardly any games or games platforms out there that don’t watch you as you’re playing and go home to talk about it to anyone willing to pay. Most game publishers consider the money they earn through these avenues another legitimate revenue streams, but in effect they are selling our data - who we are - to the highest bidder (and to the lowest as well).
Do you really want anyone out there to know what you’re playing, when you’re playing, and where you’re playing? Maybe you’d consider that data harmless; but it is not so harmless when it is added to data collected about you elsewhere, which allows companies like Facebook to categorise who you are to an extremely fine degree so that the likes of Brexit and Donald Trump can then be sold on to you.
Call me old fashioned, but when I read a book I like to do so by myself. And when I play a game, I also like to do so by myself. Therefore, when Apple announced its Apple Arcade games would come with no in app purchases, no ads, and no tracking, that was - by far - the thing that attracted me most to this service. No longer will I have to switch my phone offline in order to be able to privately play a game without some nasty company like Facebook peering over my shoulder!
The questions I had (and still have) is, how private is private? I have seen (and reported) cases where a company states one thing with regards to privacy but does another thing altogether. Where will Apple lie on this spectrum?
We still don’t know, because Apple Arcade isn’t out yet. And we would have to constantly check in order to be sure over time. However, we got a bit of a promising glimpse into the future when Apple released its own game, for the first time in goddess knows when, to the App Store. This free game is called ‎Warren Buffett's Paper Wizard.
Granted, it’s not much of a game; the back story suggests it’s more of a joke. Regardless, last time I checked yours truly was holding the #8 high score in the world. Not bad for a n00b.
More importantly, yours truly checked Paper Wizard to see if Apple is true to its word when it comes to privacy and tracking. The image below shows all the internet connections made by my iPad while playing the game:


Let me translate it to you: other than normal iOS communications that the device does anyway, and other than saving my position to iCloud, no external ad agency, data harvester, or external analytics service was deployed. Assuming one trusts Apple (and one has to when buying an iPhone), things could not be better on the privacy front.

In conclusion, let me ask again: would Apple Arcade improve the world of gaming or hamper it?
We don’t know yet. Personally, I hope it would; it could be the last time a company with coffers as big as Apple’s decides to invest in gaming.  But I suspect some sort of a mixed bag that easily could, if Apple doesn’t pay enough attention, actually reinforce the current status quo. Do we want to continue living in a world where only big companies can release games, and therefore those games they do release tend  to come off the uninspiring pre-established moulds?

Sunday, 28 April 2019

What good is a Privacy Policy?

A friend recently pointed out the existence of an Israeli app called Shiri (שירי), which allows its users to freely listen a large collection of Israeli songs. Generally speaking, I hesitate to install new apps on my phone on account of the regular abuse of my privacy and security performed by most apps (a phenomenon I had already discussed here). However, out of curiosity, I decided to give this particular app a proper examination.

First, I went to the app's iTunes page in order to check its website out. It is there that I found Shiri's privacy policy, which - to my eyes - seemed quite impressive. Under the assumption of fair use (which I believe I have on my side here, as I am about to critically assess this policy), I will quote some of its more appealing aspects:
The National Library collects only personal information provided by you, willingly [emphasis by yours truly], with active and informed consent granted during your user registration process and\or during your request of services and\or...
The National Library will not transfer your personal information to third parties unless (a) it is required to do so by law, and\or (b) it was required to submit information to an authorized authority according to that authority's request, and\or (c) it was necessary for the provision of the requested services and you approved the transfer of the information to that third party.
Given such a lovely privacy policy, I went out and installed the free app. However, before starting the app for the first time I set up a proxy service in order to capture all the online activities performed by the app.
The next thing I did was start the app. I will emphasise here that I only started the app, did not press anything, and got only as far as its welcome page. However, by then my proxy service already showed the following online connections were made by the Shiri app:



Three usual suspects are immediately noticeable: Google, Facebook, and Apple. Apple can be excused by the fact it is the phone's operating system itself that contacts Apple every time an app is started in order to support Apple's app usage statistics. However, there is no excuse for Facebook nor Google to be there. Not when the above quoted privacy policy says that no personal information of mine will be transferred to third parties (which is exactly what Google and Facebook are, in this particular case).
Even if the inclusion of Facebook and Google was included because "it was necessary for the provision of the requested services", I do not recall having "approved the transfer of the information to that third party"; all I did was start the app for the very first time. It cannot be said that I had willingly provided my consent for my information to be collected!
Further, Google and Facebook were not the only trackers to join the Shiri party; they are just the most famous. As you can see in the above screen shot, we also had app-measurement.com, appsflyer, hockeyapp, and crashlytics. Now, it may be argued that these are not your average data harvesting services out there to suck as much information about you (the way Google and Facebook act), but rather services that are there to help the app developer ensure they are providing good service. However, these are still third parties, they are still collecting my information, and I still haven't provided any consent for them to do that. More importantly, in the context of this post, they were never supposed to exist in the first place given Shiri's privacy policy!

Why is it, then, that Shiri is acting this way? Why is Shiri publishing a privacy policy which it then completely ignores?
I strongly suspect there was no ill will on behalf of Shiri here; just good old ignorance. One part of the organisation, with all the good idealism on its side, wrote a marvelous privacy policy; then another part of the organisation (probably with the help of external contractors) went out to develop an app, and that part chose to use SDKs from Google and Facebook. While at it, they chose to use several third party services to help them with the app's development and running. I suspect they did not even bother to read their organisation's own privacy policy.
Who does, these days?

Wednesday, 10 April 2019

Using Multi-Dimensional Arrays in Swift 5


Coming from old school programming, I sort of grew to regard multi dimensional arrays as a given; the stuff one learns at the second programming lesson during one’s early high school career. These days, that does not seem to be the case anymore, to the point of finding myself wasting way more time than I thought I’d need in order to figure how to work it out in Swift 5. This post is therefore here in order to help me solidify my findings, and if - in the process - I’d actually end up helping others, then I have done even better.

First, I will point you to the sources I have found the most helpful. That honour falls unto Paul Hudson for this post, to which I will add I have been finding his posts (and for that matter, his books) very helpful.
My second source of inspiration was this post Multidimensional Arrays in Swift from iAchieved.it, which provides some good practical examples.
Feel free to pause and have a look at these two before reading the rest of this post.

On to the main event.
The problem I was facing, which can be generally summed up as “how do I use multi-dimensional arrays in Swift 5”, can be further broken down into the following:
  1. How do I declare a multi dimensional array in Swift 5?
  2. Once declared, how do I even address a particular member in the array’s matrix?
  3. How do I add values into such an array?
  4. In particular, how do all of the above happen when my array is not of a simple type (say, Int or String), but is rather a multi dimensional array of a complex struct that is made its own arrays, booleans, and other complex structures?
  5. How do I manipulate particular (and generally unknown) cells in the array’s matrix, while leaving most of the other cells alone? Specifically, how do I get to do that in Swift, with its prudish (but justifiable) emphasis on declaring and initialising anything and everything?

With that in mind, let’s have a detailed look at the various solutions and compromises I was able to identify. I’m sure experts will have a look and then laugh, but - regardless - this is what I was able to come up with within a reasonable timeframe.
The declaration part is easy. This is how one defines a two dimension array of a struct that I called Cell:
var grid = Cell()

Once declared, accessing a particular “cell” in the matrix is done via:
grid[i][j]
Where i and j point at the row and column in that array.

Obviously, before accessing grid[i][j] there have to be values there (or Xcode will raise a runtime error), which brings us to the more tricky bits.
I have found that simply asking Xcode to add individual “cells”, say grid[0][0], would not work. I had to append rows to the matrix first!
For example, in a case where I needed a matrix of 10 rows, I needed to do something like this in order to get rid of runtime errors later -
for _ in 0…9 {
            grid.append([Cell(value: 0, providedByUser: false)])
        }
This adds 10 rows and 1 column into my grid, all of which contain data that I could - for now - ignore.
What is worth noting here, however, is the syntax I had to apply in order to append my values. As mentioned, individual cells in my matrix are made of a struct that is more complex than, say, Int; in this particular case, they are made of value (which is an Int) and of providedByUser (which is a boolean).

With this initialisation of the grid now performed, I was finally able to enter the individual values I wanted into specific cells of my grid. However, as per usual Swift standards, I had to do it properly and in order, so I ended up doing it using for loops:
for i in 0…9 {
            for j in 0…9 {
                if j == 0 {
                    grid[i][j] = (Cell(value: 1, providedByUser: true))
                } else {
                    grid[i].append(Cell(value: 1, providedByUser: true))
                }
            }
        }
In the above, do note the different way of setting values when dealing with the first column of a row as opposed to when dealing with the rest of the row. That difference is a side effect of the fact I had already created that first column when I declared my 10 rows earlier with the minimum I could get away with - a single column.
Obviously, this very issue indicates at more elegant ways in which a multidimensional array could be set up. The point, if there was one, is to point out the importance of initialising rows in our multidimensional arrays and point a finger at ways to do so.

Now, if I want to print the values of my grid, that is how I do it:
for i in 0…9 {
            for j in 0…9 {
                print(“\(i) \(j) \(grid[i][j])”)
            }
        }

I cannot claim to be ecstatic about the way I manipulated the array in order to get the result I wanted, but I did end up with a working multidimensional (or rather, two dimensional) array. I guess if it was all lovely and simple, there would not have been a need for this post…
One question I still don’t have an answer for is, how do I achieve everything I had achieved here in a case where I do not know the size of my matrix in advance. I can think of ways around it, but they all require some form of non elegant manoeuvring that is likely to get frowned upon by the purists. Purists whose feedback and inputs I’d love to have, BTW.

Tuesday, 4 December 2018

Panda Arcade interview

It's been a while since I contributed to Digitally Downloaded, but I'm quite proud of this particular one: an interview with the Richmond (Melbourne) based indie developers Panda Arcade.
Panda Arcade are in the process of making a new mobile game, Pico Tanks. Essentially, it's a modern incarnation, online multiplayer, version of the good old Combat game that came bundled with my Atari 2600. Having played it at last year's PAX as well as this year's, I can report a family favourite in the making.
I'll quit while ahead and send you to read the interview here.

Thursday, 6 September 2018

ASS Access Submission

Following is the submission I have made with regards to Australia's proposed ASS Access bill.
I do not pretend for this submission to be exemplary in any way; I knocked it off rather too quickly in between other things I have to do in life. However, I am publishing it here in the hope it would help others file their own submissions. We only have a few days left to make an impact!

Dear sir/madam,

I would like to express my objection to the proposed Assistance and Access Bill 2018 (The Bill). As I will outline below, The Bill demonstrates deep misunderstanding of contemporary telecommunications, The Bill will jeopardise the security of Australians as well as the rest of the world, and The Bill runs the risk of turning Australia from a society of free thinkers into a society of East Germany like people worried about their every move.

To start, the explanations provided in support of The Bill on The Bill’s internet page itself (see https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018) demonstrate the government’s lack of understanding in the areas it is aiming to regulate so aggressively through the proposed Bill.
For example, the page cites a sex offender whose use of Snapchat and Facebook Messenger prevents the Victoria Police from collecting evidence on the case. However, in real life that will not be the case: Snapchat is probably one of the least secure popular messaging platforms, and should allow the police to easily retrieve all communicated data using existing procedures (e.g., a warrant). Given court approval, a police appointed hacker will have no problems retrieving message data, although it should be even easier for the police to acquire the data from Snapchat itself.
Similarly, Facebook Messenger should not pose much of a problem to the police, either. By default, Facebook Messenger does not use end-to-end encryption. Further, Facebook collects messages’ metadata, which it will serve the police when issued with a warrant, therefore allowing the police to connect the dots even if encrypted messaging was put to use. And let us not ignore the fact the police can already collect most, if not all, of the evidence it requires from the victim’s phone.
To summarise the point, there is nothing in the single example cited in support of The Bill that cannot be achieved, and easily so, using legal methods currently available to the police. This example not only demonstrates lack of understanding in matters of technology on behalf of the government proposing The Bill, it actually demonstrates quite effectively the rather redundant nature of the proposed Bill when it comes to crime fighting.

Further, I - as well as all cybersecurity and encryption experts, who are unanimous on this - argue that the proposed Bill will harm the cybersecurity of Australians rather than improve it. In actual fact, it would harm the cybersecurity of all the citizens of the world, since we all rely on the same technology and mathematics to protect our banking, commerce, private messaging, and even nude photos that we would prefer to keep to ourselves. (I know nude photos do not sound like much in comparison with commerce and banking, but they do seem to carry a lot of significance with a large proportion of the population.)
The reason The Bill will be harmful to the security of Australians and the rest of the world is that its implementations would create backdoors into otherwise private online interactions. While The Bill claims it will not create a backdoor, that is exactly what it will create: there is no other way to break the encryption algorithms in current use other than a backdoor; it is mathematically impossible. The only point of contention remains the exact definition of the term “backdoor”, but semantics aside, a backdoor by any other name is still a backdoor.
The problem with such backdoors is that, once created, we cannot prevent them from being used only by “the good guys”. Nor can we prevent their abuse, which is likely to be high given the complete absence of oversight offered by The Bill and the oppressive measures it will enforce on those informing the public of its application (measures that might befit Putin’s oligarchy, but certainly have no place in Australia).
For example, if Apple develops a way for Australia to hack into iPhones, that same method can be used by Russia, China, and the entire collection of criminal hackers who would love to put their hands on the sensitive data we all store on our smartphones these days. There is simply no other way about it, which is exactly why The Bill would be harmful to the interests of Australia’s citizens and put Australian businesses at a disadvantage against their international competition. It is obvious international companies would prefer to avoid the potential scrutiny of the Australian government.
Eventually, the proposed Bill would put the entire world at risk. Examples for the problematic way in which government backdoors can go wrong include the famous WannaCry, which was originally developed by the NSA as a backdoor. WannaCry then fell into the hands of people on the wrong side of the fence, probably North Koreans, and shut down the UK’s health services for a while. It  still continues to harm the world economy, putting all manufacturing at Taiwan’s TSMC, the world’s largest computer chip manufacturer, to a halt just the other month (refer to https://www.bankinfosecurity.com/chipmaker-tsmc-wannacry-attack-could-cost-us170-million-a-11285 for details). I am thus very much puzzled by an Australia that seeks to walk down the same path and put the world’s cybersecurity at risk: if the NSA with its multibillion dollar budget, the biggest and mightiest in the world, can fail to protect its trade secrets, what chance does Australia stand?

Lastly, I will argue the proposed Bill stands against the core values of Australian society. The values that make Australia the great country it is, a society of free thinkers, where entrepreneurship is encouraged, and individual initiative is highly regarded.
Do we really want to subdue the free spirit of our society by creating, instead, a country where people know every form of communication they have with their fellow citizens is monitored and surveilled by others (be it government agencies, but also - as previously noted - foreign governments and criminals?).
Science has already told us people behave differently when they know they are being observed (refer to the Observer Effect or the Hawthorne Effect, https://en.wikipedia.org/wiki/Hawthorne_effect). Australians do not need to experiment on ourselves to know what a society of mass government surveillance would be like: we need only look at China. China’s internet resembles the one our Bill aspires to create: an internet where no one can keep a secret from the state through the abduction of all form of privacy. All this has been achieved by delegalising all manner of encryption.
Let there be no doubt about it: these days, removing the means with which people can securely and privately communicate electronically amounts to removing people’s core freedom; electronic communications are where the bulk of today’s communications lie. For some people it represents the entirety of their communication with the world at large.
We therefore need to ask ourselves: Do we want to become another China? I think that is a rhetorical question. I doubt any Australian would prefer to live in China over Australia; similarly, Australia is often cited as one of the best countries in the world to migrate to, whereas I am yet to hear of anyone who seeks to migrate to China.

I therefore urge for the Assistance and Access Bill 2018 to be dropped. As I have demonstrated, it has been wrongfully raised in the first place; it will put Australians at a disadvantage; and it will actively harm Australians as well as the rest of the world.
Let us keep Australia as one of the best places in the world to live at. Let us not imitate the East German Stasi ideal. Let’s stop this bill and keep Australians free.

Monday, 6 August 2018

Follow the Apps

Most people take mobile apps for granted and never stop to consider the implications of using them. Well, there are implications, and privacy is one of them: when you use an app, you are - effectively - giving up on your ability to know what this app is doing on your behalf.
One very common thing for apps to do is to share your information with various players who make their money by collecting and harvesting our information. I’m talking Google, I’m talking Facebook, but I’m also talking about thousands of other companies most people have never heard of who make billions by selling our data. And, almost exclusively, they do so behind our backs (because we wouldn’t let them do it if we were aware of what was really going on).

There are ways for one to check on one’s apps.
One free and all conquering tool is Wireshark. You set it up on a computer in your network and it will tell you of everything going in and out; you can then examine it to see, in detail, what goes in and out of your phone when you use certain apps. The problem, however, is that for the laymen it can be pretty hard to identify the relevant from the irrelevant. Or, for that matter, it could be pretty hard to set Wireshark up in the first place.
Another way to check what’s going on in your internet connection is to use deep pocket inspection facilities available on some routers and switching equipment, particularly the more professional ones. For the purpose of the current discussion, I will assume this is either unavailable or is too technically demanding.
The easier and accessible for all way to see what apps are doing is to use a proxy app on your mobile device. When it’s running, all outgoing network traffic will go through that proxy app, and if it is designed for that purpose then it will allow you to peek into that outgoing traffic: where it is going, how much of it is going, and what is it that is going (as in, the actual contents). With regards to the contents, things are getting harder to assess given most apps use encryption (a much welcomed positive!), but the metadata at one's disposal is usually sufficient to make some educated assessments. For example, you can tell if an app of yours is uploading your photos to an online server.
My proxy app of choice for iOS is called Charles Proxy. I can attest that aside of having a lovely name and a lovely icon, it delivers when it comes to overseeing one’s apps.
Regardless of tool, the first thing you will see when examining traffic going in and out of an iOS device is just how often your phone calls home to Apple (and I assume the situation is very similar with Android phones calling Google home). It’s all encrypted, so you can’t tell what it is, exactly, but it does looks like Apple keeps track of opened and closed apps (probably for the purpose of assessing app popularity and such). The problem is, it’s all done behind closed doors so one cannot really tell what’s going on; regardless, we should all be aware of the fact our phones report a lot of stuff about us to the powers that be. It is something we all need to be aware of when we use our phones: you are not alone; someone is watching behind your back.
For now I will note that, given I ran my tests below on iOS, I have ignored mentioning whether apps call on an Apple service. It comes down to the fact that if you are using an Apple phone, you cannot hide from Apple. The same applies to Google and Android phones; Apple and Google’s surveillance is only limited by how far they are willing to go. In Apple’s case, it claims to be quite pro privacy (e.g., it offers navigation facilities using Apple Maps that don’t record where you are) yet it lacks in transparency. Google’s case is vastly different, with the company making its money out of its users’ data, causing it to often cross what’s acceptable (examples include tracking users’ location using cell tower data even when the user disables location services; there’s plenty more). I will put it this way, there are very good reasons why I happily pay Apple the inflated prices it charges for its devices.

Once you do start looking into apps’ behaviour, you’d be able to detect a pattern. Apps tend to come in one of the following flavours:
1. Apps that work just fine without calling any external party or any user tracking.
2. Apps that call home to Google.
3. Apps that call home to Facebook.
4. Apps that call home to a slew of other trackers, advertisers, and data harvesters.
I will note the above order of app escalation is not random. That is to say, apps that call Facebook seem to unanimously call Google, too. Similarly, apps that call on “other” trackers will not leave Google or Facebook behind.
It’s worth mentioning there are legitimate reasons for apps to call on the external resources of companies such as Google and Amazon. For example, Signal, one of the most secure and private messaging app out there, uses Amazon’s services. Similarly, there are apps that use Google’s storage facilities. However, part of the Google “contract”, if you will, says that they provide services in return for tracking. Similarly, Amazon Web Services is the engine that runs a lot of our internets, but Amazon is also a retail company running pretty sophisticated operations in the tracking and data harvesting department.

To demonstrate my point regarding apps and the tracking they come bundled with, I will point out real life examples for apps that behave differently to one another when it comes to respecting their users’ privacy. Obviously, there are a lot of apps to go through (in the millions!), but for now I will stick with three popular use cases of mine.

Camera apps:
Halide: Doesn’t call anyone.
Camera+ for iPad: Doesn’t call anyone (but do note there is a newer iteration of that app).

Photo editing apps:
Darkroom: Calls the dev’s home, a couple of analytics tools (Heap Analytics, HockeyApp), Apple’s iCloud (probably because that’s where my photos are stored).
Affinity: Calls the dev’s home and Amazon’s AWS.
Enlight: Calls Google, Facebook, and numerous others. Guess that's one app that quickly gets deleted off my phone.

Video playback apps:
VLC: As can be expected (?) from an app of such noble origins, VLC doesn’t call anyone.
Infuse: Doesn’t call anyone, but I will note I am using the old Pro version 4.
PlayerXtreme: Despite me paying for the premium app (there is also a free version), the app calls Google, Facebook, and numerous other trackers. It’s hard to tell what it is, exactly, that is shared; however, since I am not sure I would like to share what videos I watch with such entities, I’d rather stick with the likes of VLC.

PDF annotation apps: (I will add I grouped here several apps offering significantly different, yet overlapping, functionality)
GoodReader: As per its own statements, GoodReader does not share your information.
Notability: While this app offers superior annotation facilities (e.g., OCR, Apple Pencil support), it does calls home to Google.
GoodNotes: Very similar to Notability in form and function (though it had OCR years earlier), GoodNotes calls home to both Google and Facebook.
LiquidText: This otherwise incredible app for studying texts is also quite productive in the tracking department. It calls home to liquidtext.net looking for something called ad-pack.zip (does the name tell us all we need to know here?). It also calls Facebook and various analytics/trackers like Apptentive, Crashlytics, and AppsFlyer.

I will add I find the above findings odd. In the case of Halide I actually communicated with the devs, who told me their apps don’t send anything, but then again my device clearly shows some [yet little] mobile data use by the app. It could have been a one off or a bug.
In the case of Camera+, I distinctly remember the iPhone version calling home with each use. Perhaps the iPad version is different, or maybe they changed their approach.
I guess my point is, if you see an app sending your information away then you know it does it; if you don’t, that does not preclude the app from sending information away at some later point in time. That said, I highly recommend Halide as my favourite camera app on the iPhone, and I think it is clear the developer has all the right intentions.

You might have noticed I did not include games in this survey. Which is rather odd, given games are known to be some of the worst offenders when it comes to tracking users. Especially the free ones, some of which are pretty blatant platforms for not much more than tracking their users.
My answer there is rather simple: Sure, there are plenty of ethical games out there that do not track their users. Regardless, given that the bulk of games do not need the internet to run (I will add: given the better games do not need the internet to run), the easiest way of dealing with their user tracking is to simply go offline when playing them.
Sometimes, the crude “old style” solution is the best solution.

Yet another solution for bypassing the tracking imposed on users by apps is to use a good old browser instead. That is, instead of using an app to perform an action (say, buying an item on eBay), go to the eBay website and perform the exact same action.
The reason for choosing the browser over the app is simple: on a browser, you can take control over who can track you or not by using ad blockers and numerous other tools that are widely available out there. On a desktop browser you can install add-ons such as uBlock Origin (ad blocker), Ghostery and Privacy Badger (tracker blockers that utilise different approaches to the blocking).
On iOS Safari, on the other hand, you can utilise ad blockers such as Firefox Focus, AdBlock, or one of the flavours available from Disconnect. The Firefox iOS browser itself comes with ad blocking built in, to various degrees, but it is not on by default. Then there is my favourite iOS browser, Brave, which comes with idiot proof tracker blocking built in and even offers script blocking for the more advanced user. Indeed, Brave has become my go to recommendation whenever the layman asks me for the easiest way to avoid tracking; it is, literally, idiot proof.
Sure, nothing here can completely solve the tracking problem, but this approach lets us, users, take some initiative.

If there is a way for me to summarise this post, it will be by stating that, the way things currently are, there is no way for a user to know whether or not certain apps come with user tracking or not without (a) paying for them first, and (b) testing them yourself while, at the same time, letting the harvesters harvest by virtue of your testing. Given the above examples, it is clear I would have never bought certain apps given the availability of others that do the same (more or less) but come without that extra burden of user tracking.
With the caveat of never knowing for sure before you actually bought the app, I will add there are certain indicators that can help. Some apps “smell” right while others don’t. Take VLC as an example: it’s open source, it’s a free download and has been for eternity, and therefore I wasn’t surprised to learn it doesn’t try to track me.
In contrast, all the apps that make a living through advertising are clearly prime time suspects, if only because of the fact those same advertising companies whose contents they show are also (usually) data trackers/harvesters. Clearly, this makes paid apps less likely to use trackers than free apps (with the notable exception of the ideologically driven apps, of the likes of VLC and Signal). It’s probably worth noting that trackers do not stop tracking even after you pay the extra fee to remove the adds, as is often an option.
Bottom line, probably the most effective way of assessing whether an app will exploit you for your data’s worth or not - other than paying and testing the app for yourself - is to try and figure out how, exactly, is the app developer planning to finance their operation. In most cases, us users can tell that in advance; sure, it takes time and effort to do this research, but on the other hand it is always worthwhile to ensure you’re installing quality stuff on your devices in the first place. For the same reasons you don’t pick garbage from the street to put in your house, don’t do it with any odd garbage you find at your nearest App or Play Store.
One last thing: If you do stumble upon an ethical developer that does the right thing, do support them! Give them some of your money, because they deserve it. And try to point to your friends and colleagues the virtues of those developers. The biggest problem a developer faces is obscurity, and if we can help the good guys with that then we are actively improving the world we live in.

Monday, 28 May 2018

Now broadcasting in HTTPS

You might have noticed this blog and my other blog are now using secure HTTPS connections (as opposed to the so previous decade HTTP). Then again, you might have not, given how rarely I’m posting anything these days.
Still, it’s good to know you are more securely accessing my blogs nowadays.

I would like to add a short clarification to explain what you gain and what you do not gain by using an encrypted HTTPS connection as opposed to the open communication of HTTP.
Essentially, when using a well implemented HTTPS connection (in this case, as it is organised by Google, we can safely assume it is), you’re making it way harder for third parties (that is, everybody other than you and the site[s] you’re connecting to) to know what it is that you’re doing at the site.
However, you do not gain anonymity through the use of an encrypted connection. That is to do with many factors. For example, your internet provider has the ability to know who your first port of call is by virtue of providing you with that access. The main point, however, is that most of the rest of the world can tell, too, if they really want, by virtue of the mechanism with which your computer finds the location of the website you are after. That mechanism is called DNS (which stands for Domain Name System, in case you cared), which acts like a the phone book of websites: you want to go somewhere, say, to Google in order to run a search? Your computer will head to the DNS directory assigned to it in order to find out where this Google thing that you are after is. And the problem, on the anonymity side of things, is that those DNS queries are (but for a tiny few exceptions) always done in the open and without encryption.
And the lesson is: an HTTPS connection is likely to improve your security, but that by itself may not have benefits for your privacy.

Friday, 8 December 2017

Simon Joslin interview

I recently interviewed Simon Joslin for Digitally Downloaded. You can read the interview here.
Simon is the main guy behind the Train Conductor series of games, games that left me with some dear personal memories (of the family type). I met with Simon at last year's PAX and we had a long chat; he definitely is a nice guy. As you can read in the interview, he's been doing interesting things and has plenty of interesting insight to share.