My Latest Book: A Practical Guide to Networking, Privacy & Security in iOS 9

I've been writing about the three topics in this book's title for…well, decades now. And even though iOS is ostensibly an intuitive and simple operating system, knowing where every setting is and which software to use to enhance safety, security, and privacy can be a struggle. This 176-page book, A Practical Guide to Networking, Privacy & Security in iOS 9, documents all that in concise chapters divided by tasks that tackles the basics all the way up to advanced topics. (You can download an excerpt with a full table of contents and a chapter.)

Folks concerned about privacy controls in iOS and safe/ad-free web surfing asked me to include details on those topics for this new edition. The Privacy section is thus all new. It explains how to use Apple's settings—and what Apple claims is done with data and details it collects when you're searching, using Siri, and mapping. I also have a chapter that runs through content-blocking Safari extensions, which were introduced in iOS 9, and allow third-party apps to help you block web-based malware, trackers, phishing sites, and unwanted bandwidth wasters, which can include advertising networks that don't respect your privacy, time, or your mobile data plan costs!

The book is normally $15, and you get three DRM-free versions: PDF, EPUB, and MOBI (Kindle compatible). As a reader of this blog who read to this point on the page, you can get 25% by using the coupon code FOG9 at checkout. Thanks for your support!

You can also buy the books through your favorite online bookseller:

You can even get it in print! This edition is printed on demand (POD), and it looks almost exactly like books printed in large quantity—and costs the same as the ebook edition.

Stately Plump Jonathan Franzen Surveys Things of His Own Making

“I don’t like to hire people to do work that I can do,” [Jonathan Franzen] says. So that means he does his own dusting in the New York apartment he shares with his girlfriend? Franzen looks slightly shifty. “We do have a cleaner…

“I repainted our guest room this summer in our rather small house in Santa Cruz.…If I had hired someone, it would’ve been done better, and I was very sick of doing it by the end, and yet it seemed important. The first two coats I enjoyed and the third coat I was getting tired of it and the fourth coat was just sheer torture."

Financial Times, 9 October 2015

Franzen looked down into the terraced pit. It was now all his.

"You never did say what you wanted to buy an iron mine for, Mr. Franzen," said the weather-beaten manager.

"Never mind, Philip," Franzen said kindly, although from lofty heights, "I have my reasons."

Franzen felt the heat of the blast furnace as he shoveled in pig iron to create the steel he needed for printing plants and trucks, for his lumber mill saws and typewriters.

Hefting an axe over his shoulder, Franzen strode boldly into the forest, as if on seven-league boots. "These trees are worthy to form the pages of my books," he said to the birds and squirrels.

A knife clenched between his teeth, Franzen leapt from the deck of the ship, a ship he had built himself from the wood of his forest, the iron of his pit.

Down he swam, down past the limits of human endurance and of sanity, to find the squid that would surrender ink for his pages.

"Mr. Franzen, I know that many authors have owned bookstores or set up shops. Larry McMurtry, for instance. But I'm intrigued about the choices you made for yours."

"To build the shop with my own hands? To make all the shelves? To create a new form of currency? To program the cash register?"

"Yes, yes, all that. But also, selling just the one book. That one you wrote."

"My plan has come together."

Franzen looked around his shop and the awkward customers who tried to avoid eye contact. It was dusty. Perhaps he should hire someone to take care of that.

Power Shaving to the People!

“This shave is so smooth, comrade. How did you get such a decadent blade!?”

“Natasha, is not decadent—it is revolutionary!”

Chorus: “Byyyyyyy Lenin"

We liked the factory that makes the blades so much, we seized the means of production.

We send a handle, three blades, and a Molotov cocktail to your door.

The Lenin: such a sharp razor, it doesn’t leave marks.

The Latest in the World of Glenn

An update from the land of Glenn: I've been a busy bee as usual. September has whizzed by, even with the six-day teacher strike (fully justified!) early this month.

  • At Macworld, you can find piles and piles of stories from Apple's hardware announcements and updates earlier this month, including my essay on how an iPad Pro is a kind of test for an ARM-based laptop running OS X. Benchmarks on the iPhone 6s/6s Plus after I wrote this essay show that it's faster than some of Apple's low-end Intel-based laptops for a broad range of tasks.
  • At Fast Company, I tackled "Happy Birthday": why despite a recent summary judgment in a lawsuit about the rights that Warner-Chappell Music claimed, a judge didn't declare the work in the public domain. But are the lyrics still under copyright? Were they ever? It's the Schrödinger's Cat of copyright.
  • Imagine a friendly cube that shoots pressurized air to move about in zero gravity and help astronauts! NASA envisioned this and is making the Astrobee, a tiny wonder for the International Space Station that will assist and supplement crew. I wrote about Astrobee in this week's Economist.
  • Since July, I've been editing guides and other work at The Wirecutter. Some of the ones I've had a fair amount to do with will appear soon.
  • I've been back to taping more The Incomparable episodes. Soon, you'll be able to hear me reprise my role as Nicola Tesla in not just one, but two Incomparable Radio Theater shows! But already out, in reverse chronological order:
  • I'm a guest on an upcoming Defocused podcast installment, where I torture the young hosts by forcing them to watch and talk about The Highlander.
  • Mark Frauenfelder and Kevin Kelly had me as a guest on their Cool Tools podcast. I explained my love for a blister-packaging cutter, among other things.
  • I returned to the Internet History Podcast to excavate more thoughts about my time at Amazon, the current controversy about Amazon's employee treatment (and those of other dotcoms), and the situation around current freelancer pay rates.

Glow Little Forge, Glimmer, Glimmer

I'm long past the point in my life where I want more stuff. My goal is less stuff and more creativity—more exploration of making ideas and things without accruing more material objects. This comes after watching my parents shed their house and pare down and do more paring over time; my mother passing away, leading to my dad going through her stuff; then my dad finding a new partner and marrying and helping her comb through her house, bring her stuff west, and then move to a smaller house they bought together. And my in-laws going through a move a few years ago that required sorting through decades of meaningful possessions.

Lynn and I probably own less, even with two kids in the house, than we have at any point in the last decade. I no longer even need much office furniture, because most of the stuff I had used to be for filing and managing paper in some form.

Which is why it may be odd that I'm about to buy a relatively large object that costs a few thousand bucks.

Glowforge white background.jpg

My friends at Glowforge (Dan Shapiro, a founder, and Dean Putney, our mutual friend, who is a programmer) just announced something they've been working on for months. It's a relatively inexpensive laser cutter. While computer-controlled laser cutters have been around for years, there's never been one at the price point they're offering it—starting at $4,000 list, and 50% off that during a pre-order stage right now. (It ships in December.)

They used software to substitute for hardware, which is increasingly common. Instead of expensive parts, a camera and cleverness can produce results to the desired degree of precision. They also are offering a very high degree of control over beam intensity, which allows engraving and etching all the way down to cutting. The camera in the unit automatically recognizes lots of materials, and streams a picture of what it's doing while it's engaged in its task. (It also takes a picture of you when you open the bay when it's done!)

It can cut and engrave a huge range of materials: paper, metal, stone, acrylic, leather…and chocolate, nori, and other foods. Watch the video and browse the site. It's amazing.

When Dan first showed me a video months ago of what Glowforge would do, I was genuinely blown away. I'm an old, cynical, grizzled tech veteran. I've seen so many useless products that are hammers in search of nails. There's little I've seen introduced in recent years that I feel is truly useful. It may be more efficient, more fun, smaller, and so forth. But Glowforge falls into a different category: it's a creativity amplifier, whether for personal hobbies or for professional purposes.

Many hand crafts involve a lot of drudgery. I've learned many of them earlier in life. I made houses for my model railroad. I did shop class and theater arts, and can sew and build sets. I was a typesetter (both hand and digital), and letterpress printer. I was an art major in graphic design and spent a lot of time working with my hands to create things.

Many of the things I've been interested in, and many parts of arts and crafts, involve repetitive cutting from templates or precise placement of holes or removals. This work often requires enormous training, but the point is to produce a precisely, often identical result. The work represents typically taking and working with those repetitive elements.

I found my aptitude lies in digital things. My hand and eye coordination are such that I put tens of thousands of hours into working on computer-aided design, compared to thousands on hand work.

Glowforge is a glue between my digital and analog interests. It's an amplifier, in that it lets me focus my hand abilities on the stuff that's most interesting, while using a digitally connected tool to bypass the frustrating part that I never mastered or don't have the time (and, honestly, often the interest) in mastering—because the outcome is making something that's better made by a machine. It removes none of the creativity for the kinds of things I'm interested in.

I'm getting one and I can't wait to start taking half-formed ideas in my head and turn them into meaningful work. This is the same feeling I had when I bought a mirrorless digital camera a few years ago: it recaptured so much of the joy and control I had with analog, but bolstered me up, too.

(If you use my referral URL, you get $100 off on the pre-order price, and I get a $100 rebate, too.)

Are We Obliged To Load and View Ads on Web Pages?

The Parable of the TV Store

Imagine a TV store that makes money in two ways: selling sets and showing programming. Their store is very comfortable, and they invite people in to watch unlimited shows. The only proviso is that those entering the store have to fill out a survey. There's a lengthy disclosure statement you can ask for, but it's not part of the form. Ads are shown during programming. Sometimes, people buy TV sets, but they're mostly there watching TV.

Also, there may be hidden cameras, which you may or may not be told about. These cameras may record your behavior. And you might be chipped as you leave the store without your knowledge (there's a tiny label on the chip if you find it and get a magnifying glass) that tracks your visits to many different stores with the same business model.

A clever person invents a workaround: it's an invisibility cloak. When worn, you can enter the store and watch all the programming. You never really plan to buy a set at the store, and you walk away during most or all of the ads shown during shows. The store can't count you in their ad sales, which reduces their primary revenue.

Eventually the store seems mostly empty, and it changes its model: if you want to watch TV, you have to become a paid member. Other stores try different plans, like marching everyone out of the TV viewing area into a special advertising room every half hour to watch a special sponsorship message. Still others stores have an invisibility cloak detector at the doorway, and bar those wearing them, but the cloaks keep improving as do the detectors.

Some similar operations that existed before the TV ad/sales shops note that their policy of handing those entering a slick, simple ad flyer every once in a while was less intrusive and resulted in more sales for the advertiser, too, but they admit not every store has the right kind of customers to move into the ad-flyer business.

Many stores go bankrupt. Programming options decrease. And people wearing invisibility cloaks say, "Booooooo."

Implicit Contracts

As someone who has made and continues to make part of his living from advertising, either paid directly to me or in the form of publications that earn money that way paying me fees, I have many feelings about the new content blockers in iOS 9. I've written several stories for Macworld about them: details of how they work, how to use them, and how to target and block popover nagging boxes.

At various times I've:

  • Edited and, for a large part of its run, owned a publication that was founded on the principle of subscriber-only support—no ads. (The Magazine, developed and founded by Marco Arment.) It didn't thrive, so I shut it down while it was still well ahead of expenses, because I found no way to retain and attract subscribers faster than I lost them.
  • Run a web site that benefited hugely from relatively simple banner ads (via what was then Federated Media), direct sponsorships, newsletter ads, and Google Adsense. That was Wi-Fi Networking News, which formed a nice part of my living from 2001 to 2007.
  • Been a writer since 1994 for publications that receive a combination of subscription revenue and advertisements in print and online editions.
  • Run podcasts, like The New Disruptors, that were funded mostly from sponsorships, but a little from patronage (through Patreon).
  • Run four Kickstarter campaigns, two successfully. The two that funded raised nearly $65,000 together.
  • Planning a new publication that doesn't rely on ads, but may have sponsorships.
  • Was a plaintiff in an EFF lawsuit in the early 2000s in which I and other consumers were fighting for an affirmative right for timeshifting (skipping through programs, including skipping ads with smart technology) and spaceshifting (recording and watching programming where we chose). That we fought for this seems absurd today.

You can see my position isn't clear. I benefit from, reject, and fight to reject ads!

I've taken at times a devil's advocate position on Twitter in discussing it this week. When people ask if they're justified blocking ads and other material from a site they visit, I say: No. Instead, you're justified in leaving the site, deleting your cookies, and never returning again.

That lacks nuance, but it's also true from the strictest position. If you don't want to use a site as it's intended, then simply don't use the site. However, that's not the deal as it's presented by most web sites.

When you first arrive at a site, the European Union requires for visitors in its territory at least that a cookie warning message appears if browser cookies are used to track or identify you. That's not a requirement in any other major jurisdiction, although you often see this message outside the EU.

But sites don't otherwise provide a clickthrough agreement. Without an explicit set of terms that guides what our use of their resources—their servers feed us pages, them letting us load copyright-licensed assets on some basis in our browsers—is supposed to be, the offer only implicit rules.

Visitors can establish all sorts of reasons in their heads about what those implicit rules are. Unless a site makes its version of those terms and conditions explicit and requires affirmative consent, it would be exceedingly difficult to make a case that the terms apply.

Logically, we could assume that a site that offers advertisements does so on the basis of earning revenue that allows it to operate. Ethically, once we are aware of that, we are obliged to make a moral decision: either to subvert the basis on which we can reasonably assume the implicit contract stands, or to accept it. If we cannot tolerate the ads and invisible tracking, we should then leave; if we can, we load everything. Any other course is potentially unethical, even if we can justify it to ourselves.

But that assumes further that we have been disclosed with perfect knowledge every bit of JavaScript code and every image tracker and every site database and third-party database used in relationship to us when we visit a site, along with what information about us is being recorded, how it will be retained, how to opt out initially, and how to get the information removed later.

Because all of those arrangements aren't disclosed on our arrival the first time (or ever), and require substantial hunting or the installation of a third-party desktop extension, like Ghostery, to assemble, can we be said to be bound by them? The implicit agreements there take way, way too much from us without informed and affirmative consent. It's an unequal relationship.

Further, sites using one or more third-party networks rarely know all the details of how information about their visitors will be used. Multiply that by dozens—I had 76 different remote items load on a recent visit to a major media site for which I write—and there's zero possibility the sites you visit truly comprehend the impact on your privacy and security.

Add one more element on top: networks that allow self-service advertising purchases, which is most of them, can leak malware onto visitors' computers. Given that there will also be exploits, the ability to push out scripts through ad networks always poses a threat unless it's reviewed ahead of time—and even then, it's impossible to know in many cases.

How Can You Comply If You Don't Know the Terms?

Let me revisit the headline, then: are we obliged to load and view ads?

  • We don't know precisely what a site expects from us when we visit.
  • We don't know how all of our information that is obtained merely by visiting a page will be used.
  • Very few sites could possibly know what the impact of the combination of what they're installing will be on visitors.
  • Ad networks have allowed malware on in the past.
  • Sites are almost never blocking visitors who block loading ads and other elements. (Some are starting to warn or block visitors.)

What I'd propose is that it's legitimate for a site to expect you accept what is visible (static ads with links with tracking embedded only for clicks) and disclosed on first arriving, but not feed out a bit of hidden code or retain anything about you until you are informed and accept the terms.

Related to the EFF lawsuit, Turner Broadcasting's CEO made a ridiculous statement to a trade publication: that "there was a certain amount of tolerance for going to the bathroom." That was a very legalistic way to say that, of course, people didn't need to be plastered to a TV. But his next statement had more insight and was lost: if you create a formal algorithm designed specifically to skip the advertising interval, you're "stealing" the programming.

However, just as with online ads, viewers never accepted those terms, nor did the broadcast and cable industry ever present an agreement of that sort to viewers. Because no one would sign it and it's unenforceable.

Given that web sites don't want to pause your experience by presenting you with a license to accept, they're in an ambiguous situation in asking you to accept tacitly everything they do.

John Bergmayer has a great rundown of the legality of ad blocking: your use of a site is a license, not a contract; a contract requires parties to agree on the exchange of value; and ad-blocking tools likely are perfectly legal because they have substantially non-infringing purposes.

Seems like an impasse, no?

This is all separate from the reality: Users are blocking in huge numbers on the desktop (about 50% of regular online newsreaders in America and 40% in the UK, according to a Reuters Institute survey [PDF]). The same will slowly phase in via mobile. All ads are being treated equally by most visitors, blocking static, non-code-based ones, as well as the most egregious.

Some sites will die. Others will adapt and thrive. But a great change is upon us, because the questions I pose above were never properly addressed over 20 years of commercial editorial web site business development. Even sites that have the highest standards for ads and the least amount of user tracking—or even none—will pass through the same cleansing fire on the way to the next business model.

Viruses of the Mind (1996)

A colleague wrote recently after trying to find a column I'd written long ago for Adobe Magazine called "Eternal September," about how AOL letting everyone into Usenet newsgroups created the same conditions as each August and September when students arrived at universities and gained access for the first time to the worldwide discussions then taking place. I dug around and found this gem from the June/July 1996 issue, introducing people to memes—and doxing!

Read More

The Blandification of Scalable Logos

Google introduced a new logo today.

The memory of charm, but quite efficient.

At first glance, it seemed exceedingly bland to me; the longer I look at it and a new font that's related, the more I think they made a series of good choices. It's still bland, but it's a well-thought-out bland that makes sense for their company.

Google has never had a strong design sense; Android developed one when Google hired Matias Duarte, who helped bring style, simplicity, unity, and some pizzazz over there. He art directed the creation of Roboto, a bespoke Android font, designed by Christian Robertson. I had the same reaction to Roboto as I do here.

It runs the gamut from a to b.

It runs the gamut from a to b.

His involvement with the new logo seems remote (he congratulates the team and his name isn't on the designers’ post), but it was clearly informed by similar principles. The logo was developed alongside a new font, Product Sans (Product Sans!), which is also the basis for the Alphabet holding company's logo. (There's a downloadable PDF specimen sheet of the full font.)


When Yahoo introduced a new logo almost exactly two years ago, I was quite contemptuous about it, because it looked bad in a way that any non-design person could see. From the graphic design perspective, all the rationale that Yahoo created around the logotype's design process and final result were nonsense. They had thrown away hundreds of years of understanding about legibility and communication in their pursuit of rationalizing a poor process that started from scratch. (I'm thinking specifically about stroke widths and kerning, which they got completely wrong on the perceptual side.)

Google—well, they did it right. The final result isn't arbitrary. The new logo is purpose built: it carries corporate history while shedding the naive, amateurish (but charming and disarming) details of their longest-running company mark. The redesign is still absolutely Google, while being optimized for legible display at many sizes and for many uses. Having a set of the logo, four colored dots corresponding to the logo's colors, and a single G mark that incorporates those four colors gives them a lot of flexibility and consistency across many platforms and uses. The design team's description of its goals and how it achieved them is solid and even admirable. It's not a series of compromises and justifications that got them here, but a number of constraints in the design brief.

One of my favorite typefaces is Kabel, designed by Rudolf Koch, one of the greatest modern type designers. You can see a little taste of Kabel in the Google logo: the tilted bar of the lower-case e is absolutely characteristic of Kabel and rarely seen elsewhere. More generally, Product Sans reminds me of a blend of Futura and Gill Sans with the idiosyncrasies of both steamrollered out.

Many typefaces still in wide use were designed for books and newspapers, and while adapted to the medium of the web, still haven't caught up with what's needed for mobile. The designed-for-screen fonts of the late 1990s and early 2000s lag because they were born when screen displays were far below today's retina-and-beyond densities. New faces don't need to be bland, but faces with a broad and custom purpose like this will be less interesting and less quirky than those intended for general reading.

Unlike Yahoo, which lacks a mobile platform (though it designs beautiful, highly functional apps), Google needs a font that works everywhere in an ecosystem that has a ridiculous number of screen sizes and densities, devices and intents, and which also has to deal with bandwidth and computational rendering constraints.

I'm not in love with the new logo or Product Sans, but I respect how they made it. Inoffensive can be a design goal for a company.