At last year’s WWDC, Apple introduced privacy manifests. They recently sent out a reminder that the deadline for complying with these new requirements is May 1. Privacy manifests expand on the previously introduced privacy “nutrition labels” that are self-reported by developers and displayed on the App Store. Developers must start including a privacy manifest in their apps by the aforementioned deadline, but what’s more interesting is that Apple is, for the first time, imposing these new privacy rules on third-party SDKs as well. Even more interesting is the list of SDKs that Apple has published, which, upon inspection is quite bizarre.

Historically, Apple has rarely, if ever, explicitly acknowledged any third-party SDK or library. It took years for them to even acknowledge community tools like CocoaPods in Xcode’s release notes. Thus, it is interesting to see which SDKs they have deemed important or concerning enough to explicitly mandate a privacy manifest. And, in typical Apple fashion, I’m pretty sure SDKs authors were not notified about this in advance. We all learned which SDKs need privacy manifests at the same time — when the list was published.

The first few entries in the list make sense:

• Abseil, a low-level C++ library.
• AppAuth, an SDK for communicating with OAuth 2.0 and OpenID Connect providers.
• AFNetworking and it’s successor Alamofire, networking libraries that wrap Apple’s APIs, which almost every iOS developer has encountered.
• BoringSSL, a fork of OpenSSL maintained by Google.

I can see how these libraries could be concerning with regard to user privacy, they are all dealing with networking, authentication, and security (except for Abseil) — these are common vectors for privacy-related issues. Abseil is the exception, but I could see an argument for why a low-level C++ library might be a concern. There are also a lot of SDKs from Google and Facebook on the list — neither of those companies have a particularly good reputation when it comes to user privacy. It makes sense for those to be included.

But then… you see that the list contains UI libraries that haven’t seen significant updates or any activity for multiple years, like SVProgressHUD. Why does a library that provides a single UI component need a privacy manifest? Is it as concerning and as potentially privacy invasive as the Facebook SDK? Some of the UI-only SDKs on the list haven’t seen significant updates (or any updates at all) within the last 4-5 years. Furthermore, even AFNetworking hasn’t had an update in 4 years because it was deprecated long ago after being supplanted by AlamoFire. The AFNetworking repo on GitHub has been archived and read-only for over a year! Who’s going to bother adding a privacy manifest to that?

And then… there are some entries that are simply obscure and absurd: connectivity_plus, image_picker_ios, video_player_avfoundation, file_picker. What the hell are those?! They don’t even sound like SDK or library names. I have never heard of any of these, and I’ve been involved in the iOS open source community for a decade.

And then… you know what’s even more bizarre about this list? There are no links! There are no links to the SDK project homepages or GitHub repos. It is a plain text list of names, and in some cases, seemingly random names like “file_picker”. Ok lol. SDK and Library names are not necessarily unique. How are you supposed to know exactly which SDKs these are and, more importantly, where they are?

Finally, wouldn’t you expect some sort of reason or justification for each of these SDKs being on the list? We don’t need a 10-page essay but a brief explanation of a few sentences explaining why each of these SDKs is on the list would be helpful in understanding the logic and reasoning behind it.

* * *

For a company that has positioned itself as a staunch privacy advocate, this list of SDKs is slapdash at best. The lack of attention to detail, like simply including links to SDK homepages, makes the list appear like it was assembled quite hastily and carelessly. It makes you wonder, how was this list compiled? What was the criteria for including or excluding an SDK from this list?

I was venting about the list on Mastodon, and the general consensus is that it was most likely just a script dump from a static analysis of app binaries on the app store, with the sole criterion being “what are the most popular libraries” used across all apps with some threshold for inclusion. It is quite clear from the list that no one at Apple really put much thought into it. 🤡

Operating under the hypothesis that this list is merely the output of a script that someone wrote to check off the box “determine which third-party SDKs should be required to included privacy manifests”, it all starts to make more sense. This list is ultimately the result of a popularity contest, not a thoughtful analysis of SDKs that have meaningful implications for user privacy. They couldn’t even bother to link to the projects or provide brief explanations. There’s literally an entry titled “file_picker” with no other explanation. Did anyone at Apple even look into any of these libraries? Did anyone at Apple even read through this list after some script vomited it out?

When Apple imposes new privacy regulations in such a slipshod manner, how are we, as developers and as users, supposed to take this seriously? This feels like more bureaucratic security and privacy theater. Let’s all take off our shoes and throw away sealed bottles of water we purchased at the airport before we proceed through TSA security — meanwhile the real concern is that the doors might fall off the damn plane.

Originally published on jessesquires.com.

Hire me for iOS freelance and contracting work.

Buy my apps.

Sponsor my blog and open source projects.

• Artist: Puddles Pity Party
• Date: Saturday, August 17th 2024
• Time: 7:00pm
• City: Charlotte, NC
• Venue: Skyla Credit Union Amphitheatre
• Country: US
• Buy Tickets
• Notes: With Primus and Coheed & Cambria!
• Add to Google Calendar | Download iCal

keirahknightley:

The Lord of the Rings: The Fellowship of the Ring (2001)

🎬 Peter Jackson

+ IMDb trivia

A year ago today my pal Lou Anders asked me if I wanted an invite to a new microblogging site called Bluesky, which was making a little bit of a news splash because Jack Dorsey was on its board, and because it was initially a sort-off offshoot of what was then still known as Twitter, but designed to eventually be a federated protocol, like Mastodon was.

I did want an invite. One, I always like to reserve my name on any new social media instance, and two, I was auditioning other microblogging sites, like Spoutible and Post, to see if they were worth my time, and worth moving over from Twitter, which was well into its transformation into a fascist shithole. It was worth auditioning Bluesky for this as well. When I logged in, the site had just under 10,000 users. I posted my traditional “here I am, here’s a cat picture” inaugural post, and settled in to see if I could like the place.

Reader, I could. A year later, and not counting my own personal site, Bluesky is what I consider my primary social media hangout, the place I go to see and be seen online, to chat with friends and readers, to be accessible in a casual way, and, simply, to have fun. It’s not the only place I’m online — I’m on Threads rather a bit as well, not to mention Mastodon, I keep professional and private accounts on Facebook, and I even pop into Instagram from time to time. But if you ask me the question “what’s the social media you check first and last every day,” Bluesky is the answer.

What I like about Bluesky is wrapped up in both its technical differences from other social media, and the way I use it personally, both of which dovetail into each other. Bluesky is (largely) algorithm free – what you’re presented with when you sign in is the list of people you follow, and their posts in chronological order. As a default, the service doesn’t push posts on you; you can subscribe to lists that people create, for varying interests, but if you only follow a couple of people, then by default those couple of people will be all you see (this is why, I imagine, there was this period when one of the largest complaints about Bluesky was that all people saw on the service was me and Neil Gaiman — people followed us because they knew of us, and we both are, shall we say, enthusiastic posters). Bluesky is what you make of it, essentially.

Which I think is great! As it happens I don’t want my social media site to suggest reading material for me, because inevitably the algorithms want you to “engage,” and since people “engage” with the things that piss them off, inevitably the feeds make people twitchy and angry. All social media algorithms lead to doomscrolling; it’s damn near axiomatic. That Bluesky doesn’t lead with this is perfect. I quickly found friends and interesting people on Bluesky, and my feed was filled with some fabulous stuff.

Now, the flip side of this is you can’t just sit back and let Bluesky happen to you. You have to engage with it — actual engagement! Not the kind where an algorithm pokes you with a stick! — or you’re going to be bored. It’s not an endless TikTok firehose where all you have to do is put yourself in its path. It’s a spigot, and you control how much or how little you get. Everyone says they want that, but it turns out a lot of people kinda like the firehose instead.

The other aspect of Bluesky being algorithm-free (and still being relatively small; its user base currently sits at 5.5 million) is that it’s not great for being famous or being an influencer, or being a troll. I think the Bluesky technical and cultural schema confuses the famous and/or influencer and/or shitty people who come onto the service to be famous, or to influence, or to be shitty for clicks. You can’t game an algorithm to go viral, and the sort of marketing that works on other social media works less well on Bluesky, and even if it did work that way, there aren’t hundreds of millions of people to broadcast at. You can try to do all these things on Bluesky, obviously. But Instagram and TikTok and Threads and the former Twitter are all still there, and much easier to game and influence and troll. People who come to Bluesky to do those things don’t seem to stay very long.

Which is a feature, not a bug, for me, and comports with how I want to do social media. I am not on Bluesky to be “famous,” or purely to market myself and my work. I’m on Bluesky to fart about and chat with people, and do socializing that works for me as an introvert and who is, most of the time, better in text. Do I tell people about upcoming books and events, and talk about the writing life, and occasionally brag about the cool shit that happens to me because I’m just “famous” enough to have cool shit happen to me? Hell yes I do! Along with the pictures of cats, weird thoughts that pop into my head, and talking with people I enjoy chatting with. It’s all “yes, and,” and Bluesky is great for that.

I want to talk about one other technical aspect of Bluesky which I think is a real differentiator, and also helped me evolve my thinking about how I want to be online generally, which is its really fantastic “block” feature. When you block someone on Bluesky, it doesn’t just keep them from seeing you, or you them. It also (as I understand it) nukes every interaction you’ve had on the site with them out of existence, not just for the two of you but for everyone else. I understand that some people dislike this and feel like it’s overpowered and breaks conversational continuity. I tend to think of it differently. I think it both disincentivizes the power of being shitty for clicks and influence in general, and disincentivizes being shitty to people, or (intentionally or otherwise), directing others to dogpile. On social media, that is absolutely a jewel beyond price. You can still be an asshole on Bluesky if you want to! And some people are! But you risk all your “work” in that area being wiped out by someone else in a single click. That’s not fun for most trolls.

It’s also changed my behavior. I don’t go out of my way to troll, but on the former Twitter, when trolls rolled up on me, I would give them a little head pat, say something sarcastic, and then block them, because it was fun and I was petty enough to do it, and because there would be that residue of me stomping a troll. On Bluesky, there’s no residue, so there’s no point in doing that… which made me think about why I was doing it at all. Stomping a troll is fun, but it’s also still acknowledging the troll exists (or existed), and it’s still farming a response from one’s followers. It’s not being a troll, but it’s not great, either. And bluntly, it mostly didn’t feel great on my end — there was that enervation of having let a troll get to you in the first place, if only to sarcastically dismiss him (and yes, almost always, it’s a him).

Bluesky early on fostered the idea of “Don’t Engage, Just Block,” which is to say that the first time some dick rolls up to give you a hard time, you just zap him there and then, no muss, no fuss, just that dickhead gone forever, not longer your problem and no longer the problem of anyone else in that comment thread. Bluesky’s powerful block tool encourages getting that done sooner than later, so you don’t disrupt the conversational experience for anyone else, and then it’s done and you literally never have to think about that person again.

I found this philosophy of blocking early and often and without taking on anything they did more than “Oh, look, troll,” to be liberating. No more wasting brain cycles! Just block with the dispassionate mercy of angels and get on with your life! I had been leaning that way the older I got anyway — I wasn’t any less desiring of poking jerks, I’m just more tired — but this was a real clean break opportunity for me, and I took it. I also adopted it for Threads and Mastodon and everywhere else I am online. I do so much less taunting of the tauntable now than I did back in the day. Mostly now I just block.

(Am I proud that it took Bluesky’s block feature to help me decide change my own behavior, at the oh-so-tender age of 54? No, I am not! But let’s take our improvements where we may, shall we.)

Bluesky, it should be noted, is not perfect: Humans are still humans, on both sides of the site, and Bluesky has in the year I’ve been on it weathered its own controversies and cliques and weirdness, including a sort of insularity, especially from people who were on the service early, which I suspect ran off some folks who might have otherwise stayed on the site. Some people took the concept of “Bluesky Elder” far more seriously than they should have. I’ll also note that I personally use Bluesky for some things more than others, and farm out other things to other services. Generally when I want to gripe about politics, I go to Threads, and if I’m going deep on some nerd issue, I tend to head to Mastodon. So it’s possible that Bluesky is not a complete social media solution for me.

Then again, I don’t know that I’m looking for a complete social media solution at this point. I don’t need Bluesky (or Threads, or Mastodon, or wherever) to replace what Twitter used to be for me; there’s some wisdom in realizing that this was an “all eggs, one basket” approach to social media. I don’t think Bluesky is going to be bought by an egomaniacal fascist billionaire anytime soon (it should be noted that Jack Dorsey, while on Bluesky’s board, is not running the place and in fact doesn’t even currently have an account on the site), but if it is, it’ll be better to also be active on other sites as well. Bluesky is my current favorite social media site; it doesn’t have to be my only current social media site.

Ultimately, here’s the thing that makes Bluesky my current favorite social media site: I’m actually happy to be on it. I enjoy it in a way that I hadn’t enjoyed being on social media (particularly the former Twitter) for years. The fun of hanging out with friends, of meeting new people who might one day become friends, of being goofy with strangers and riffing on the silly memes being created and shared — I missed that, and I didn’t realize how much I missed it until Bluesky reminded me it was possible to do that. It’s been a year of social media being a positive part of my life again, and no matter what happens from here on out, that’s something that I, frankly, was not expecting.

So to the people who make Bluesky what it is, both the staff and the folks who post it on it: Thank you. It’s been a pretty good year. I hope we keep it going.

— JS

It feels like we just did this — but the goodly folks at Food Desert Recordings are at it yet again.

Released TODAY, Know Justice, Know Peace is a brand new compilation benefitting National Bail Out.

Various Artists – Know Justice, Know Peace: A Compilation in Support of National Bail Out (Food Desert Recordings, 26 April 2024)

From Food Desert Recordings‘ Bandcamp page:

The National Bail Out is a Black-led and Black-centered collective of abolitionist organizers, lawyers, and activists building a community-based movement to support our folks in abolishing pretrial detention systems and dismantling the prison industrial complex. They are people who have been impacted by cages — either by being in them themselves or witnessing their families and loved ones be encaged. They are queer, trans, young, elder, and immigrant.

The collective coordinates the Mama’s Day Bail Outs, where they bail out as many Black Mamas and caregivers as we can so they can spend Mother’s Day with their families where they belong! They provide fellowship and employment opportunities for those they bail out to support their growth and create a national community of leaders who have experienced incarceration. They also work with groups across the country to support ongoing bail reform efforts and create resources for organizers and advocates interested in ending pretrial detention.

To find out more about National Bail Out, please visit www.nationalbailout.org. All proceeds from this album will be donated to National Bail Out every month to help them achieve their mission. As always, thank you for your generosity and support.

Know Justice, Know Peace: A Compilation in Support of National Bail Out is available for purchase right now, right here.
 

 

 
Featured artists include:

Klaus Von Mork
Lovecraftian Potato
Gorgons Alter
The Rights
Educated Owls
HΔUNTED LOCKET
Champenoise
Tumultuous Ruin
Non Serviam
Through Mists
Hallucinogenic Bulb
Tenebrae Annex
Toxicodendron
Territorial Pissants
Double Hell Death Match
Witnesses

* * *

Food Desert Recordings: Bandcamp | bsky | Twitter | Instagram