Here’s how much Facebook was tracking me around the rest of the Web

Facebook finally fulfilled one of Mark Zuckerberg’s campaign promises this week–a promise dating back to May of 2018.

That’s when Facebook’s CEO said the company would roll out a “Clear History” feature that would let its users erase Facebook records of their activity at other sites and apps as gathered by the social network’s Like and Share buttons and other plug-ins.

(If it took you a long time to realize the extent of that tracking, I can’t blame you. Instead, I can blame me: The post I did for the Washington Post when my old shop integrated a batch of Facebook components to its site didn’t spell out this risk.)

Twenty months after Zuck’s announcement, this feature, renamed “Off Facebook Activity”, finally arrived for U.S. users on Tuesday. I promptly set aside that day’s tasks to check it out firsthand.

The good news, such as it was: Only 74 apps and sites had been providing Facebook info about my activity there. And most of them (disclosure: including such current and past clients as USA Today, Fast Company, The Points Guy and the Columbia Journalism Review) had only coughed up isolated data points.

The bad news: The Yelp, Eventbrite, AnyDo, and Duolingo apps had all coughed up more than 20 records of my interactions there, as had the sites of Home Depot and Safeway owner Albertson’s.

To judge from the responses I got from readers of my Facebook when I asked them how many sites and apps showed up in their own Off-Facebook Activity listings, I’m practically living a cloistered life. Most comments cited three-digit numbers, two close to four digits: 232, 356, 395, 862, and 974. One thing most of these users seemed to have in common: using Google’s Chrome as a default browser instead of Apple’s Safari or Mozilla Firefox, both of which automatically block tracking by social networks on other pages. The former is the default on my desktop, while the latter has that place on my laptop.

I’ve now cleared my history and turned off future Off-Facebook Activity–at the possible cost of no longer having WordPress.com publish new posts automatically to my Facebook page. I can probably live with that.

The boring art of testing hotspot bandwidth and battery life

I’m nearing the finish line (I hope) of an overdue update to the Wirecutter guide to WiFi hotspots. The research for that had me repeatedly subjecting an array of loaner hotspots from all four nationwide wireless carriers to tests of the two core metrics of bandwidth and battery life.

It hasn’t exactly been my most exciting work.

For bandwidth testing, I’ve continued to rely on Ookla’s Speedtest.net Web, Android and iOS apps to clock the download speeds, upload speeds and ping times each hotspot has served up. This is pretty much an industry-standard benchmark, and these apps are simple enough to run.

But getting data out of them is another thing:

  • The iOS app creates a .csv file you can open in any spreadsheet app that includes every relevant bit of data–date and time, GPS-derived location, WiFi network name, download/upload/ping measurements, shareable public link–and attaches it to an e-mail message.
  • The Android app also generates a .csv file–except that choosing to have it saved to your Google Drive leaves you with a .eml mail-attachment file. You have to e-mail it to yourself to get a usable .csv, at which point you discover that this export doesn’t include the name of the wireless network.
  • The Web app’s “Export” button yields a third type of .csv file, one without a record of the WiFi network name, your location, or a shareable link.
  • No, the option to create a Speedtest account won’t help–because you can’t log into that from the mobile apps.

Ookla is owned by PCMag publisher Ziff Davis, but that has yet to result in any corporate pressure to make exporting measurements less janky for the hardworking journalists at that and other Ziff tech media properties.

Testing hotspot battery life only requires recording the times you started and ended each trial. But because these things often run for 12 hours or more, it’s not realistic to tether a laptop to a hotspot and keep working nonstop until the hotspot battery expires and the connection drops.

To ensure my laptop would be keeping each hotspot working full time, I opened a page to NASA’s live YouTube channel. Beyond running up the social-media metrics for one of my favorite four-letter government agencies, keeping the browser on a single live channel avoids the risk of YouTube’s recommendations sending me off to some nutcase conspiracy hub.

Because I’m not always that smart, I didn’t think to check my laptop’s ability to log a wireless connection going offline until after I’d spent an hour and change watching one hotspot linger at 1% of a charge.

As a helpful StackExchange thread pointed out, that logged data awaits inside Windows. Type “Event Viewer” in the taskbar search, open that app, select “Applications and Services Logs” in the left-hand pane, double-click the center pane’s “Microsoft,” “Windows,” “UniversalTelemetryClient,” and “Operational” entries in succession, then select “Filter Current Log…” in the right-hand pane. Type “55” in the resulting dialog’s Event ID field, hit “OK” and you’ll see a series of entries.

Assuming you check this right after seeing that the laptop went offline, opening the most recent should reveal a properties field consisting of “Is the Internet available: false,” with the time corresponding to when the hotspot died.

Since I don’t have a Mac laptop, I’m not sure how you’d do this on one. A different StackExchange thread suggests a Terminal command, but that doesn’t work on my iMac–maybe because this aging desktop isn’t running the latest macOS edition. It would be ironic if you have to hit the command line on a Mac to perform a task that Windows lets you accomplish inside a graphical user interface–but the Windows Event Viewer app is mighty ugly itself, and neither operating system covers itself in glory in this aspect.

Happy 10th birthday, iMac

A decade ago today, I set up the computer on which I’m typing this post. That is an absurdly long lifespan for any computer, much less one that’s seen near-daily use over that many years.

But here we–meaning me and the late 2009 iMac that’s now graced the same desk for 10 years–are. Three things made this longevity possible.

One is my working mainly in text and non-moving images. If I had to do any serious video editing, this model’s processor would have forced its retirement long ago. As is, there’s not that much computational labor involved in polishing prose–and while working with high-resolution photos can require a few CPU cycles, I do most of that editing online anyway.

Another is the relative repairability of this model. In the previous decade, Apple still designed desktops that allowed memory upgrades, so I took advantage of that option to double this iMac’s RAM early on. Apple didn’t intend for owners of this model to replace the hard drive, but its design left that possible with fairly simple tools–as in, no need to cut through adhesive holding the screen in place. I didn’t exploit that opportunity until a couple of years later than I should have, but the SSD upgrade I performed last spring now looks like some of the best $200 I’ve spent.

I could have replaced the optical drive that stopped reading CDs and DVDs in the same manner, but instead I bought a cheap Samsung DVD burner and plugged that into a free USB port–so much for the all-in-one concept!

(My second-longest-tenured daily-use computer, the Mac clone I kept from 1996 to 2002, was far more tolerant of tinkering, since Power Computing designed it along the lines of any PC desktop. That box ended its service to me after two processor upgrades, one hard drive replacement, an internal power-supply transplant, a memory upgrade and the addition of two USB ports.)

Last comes Apple’s baffling inability to keep its desktops current over any sustained stretch of time. The company formerly known as “Apple Computer, Inc.” spent several years not updating the iMac or Mac mini at all. By the time it finally refreshed the iMac, buying a new all-in-one desktop would have meant buying a 4K monitor inseparable from a computer would grow obsolete well before the display. But when Apple finally updated the moribund Mac mini last year, it shipped it with a joke of a 128 GB SSD and then listed insultingly high prices for adequate storage.

It’s since slightly moderated the storage rip-off, but the Mac mini has now gone over a year without an update, so I’d feel like a chump paying new-Mac pricing for that old design now. Even though my legacy Mac is now living two editions of macOS in the past–Apple dropped support for this model with macOS Mojave, leaving macOS Catalina completely out of the question. If Apple weren’t still shipping security updates for macOS High Sierra, I’d be in a real pickle.

Okay, I guess there’s a fourth factor behind this iMac’s longevity: I can be really cheap, stubborn or both sometimes.

Updated 12/3/2019 to note my OS-support issues and better crop a photo.

Six updates in, iPadOS still needs work

It hasn’t even been two months since Apple shipped iPadOS, but in that time the tablet offshoot of iOS 13 has seen six maintenance updates–from iPadOS 13.1.1 to 13.2.3.

That plethora of patches has squashed some obvious bugs, like the ones that made Dock shortcuts to recently-opened non-Apple apps inert. They have not, however, cured other trying aspects of iPadOS:

• The new QuickPath gesture-typing option is, for some reason, confined to the floating keyboard you can invoke, not the standard-sized one. Has nobody at Apple tried using Google’s Gboard?

• The new multiple-windows option for an app is buried beneath a long-press of a Dock icon–sufficiently hidden that I did not realize that feature existed until reading Ars Technica’s iPadOS review.

• I appreciate Apple’s attempts to make me aware when apps request my location in the background, but after being nagged 10 times about my choice to let the Dark Sky weather app check my coordinates in the background, I’d appreciate having an option to the effect of “I know what I’m doing and you can stop asking about this.”

• Seeing which apps have updates or have been recently updated takes more steps than in iOS 12–presumably, so that Apple could use that spot at the bottom of the App Store app to promote its Apple Arcade subscription gaming service.

• The process of moving app icons around feels even more maddening than before, especially if I happen to drop an app inside a folder by mistake. Meanwhile, the OS still affords no relief from its inflexible app grid; I can’t leave a row or a column blank as negative space to set off particular icons.

• AirDrop remains as enabling of anonymous harassment as ever.

• I still see display glitches like the charming overlap of portrait and landscape screen modes shown in the screengrab above.

It’s not that I regret installing iPadOS–some of the new features, like the privacy-preserving Sign in with Apple option, are only starting to reveal their promise. Others, such as the Sidecar Mac screen-mirroring option, require newer hardware than the aging iMac on which I’m typing this. But seeing these obscure, illogical or insensitive bits of user experience, I can’t help thinking of all the times I’ve taken a whack at Windows for the same sort of design stumbles.

I’m (still) sorry about the schlock ads here

Yesterday’s announcement of a merger of Taboola and Outbrain–the dreadful duo responsible for those horrible “around the Web” galleries of clickbait ads tarting up many of your favorite news sites–provided yet another reminder of how fundamentally schlocky programmatic ads can get online.

But so did a look at this blog.

When WordPress.com launched WordAds in 2012, the company touted a more tasteful advertising system that bloggers here could be proud of. The reality in the seven years since has been less impressive.

The WordAds program features some respectable, name-brand advertisers like Airbnb and Audible, to name two firms seen here tonight. But it’s also accepted too much tacky crap–including some of the same medically-unsound trash that litters Taboola and Outbrain “chumboxes”–while struggling to block scams like the “forced-redirect” ad in the screenshot at right.

Over the last year, I’ve also been increasingly bothered by the way these ads rely on tracking your activity across the Web. I know that many of you avoid that surveillance by using browsers like Safari or Firefox with tracking-protection features, but I’d just as soon not be part of the privacy problem. Alas, WordPress has yet to offer bloggers the option of running ads that only target context (as in, the posts they accompany), not perceived user behavior as determined by various programmatic systems.

I do make money off these ads, but slowly. Most months, my advertising income here doesn’t exceed $10, and I can’t withdraw any of the proceeds until they exceed $100. I had thought that I’d see one of those paydays last month–but August’s addition to my ad income left me 28 cents shy of that C-note threshold.

So in practice, my major return on WordAds is the opportunity to have my face periodically shoved into the muck of online marketing. That’s worth something, I guess.

Android 10 first impressions: location, location, no you can’t have my location

A dozen days after installing Android 10 on my Pixel 3a, this operating-system update’s major accomplishment has been helping me to chain down a bunch of my apps.

That’s good! The location-privacy improvements in Android 10–starting with the ability to deny an application access to your location when it’s not running in the foreground–more than justify the roughly seven minutes I spent installing this release.

I expected that after seeing Google’s introduction of Android 10, then named Android Q, at Google I/O this May.

But I didn’t know then that Android would actively warn me when individual apps checked my whereabouts when I wasn’t running them, in the form of “[App name] got your location in the background” notifications inviting me to take the background-location keys from that app.

I was already planning on limiting most of the apps on my phone to foreground location access only, but these reminders have sped up that process and helped spotlight the more obvious offenders. (Facebook Messenger, go sit in the corner.) This is an excellent case of Google borrowing from Apple.

There’s much more that’s new in Android 10–if you’re curious and have an hour or so free, Ron Amadeo’s novella-length review at Ars Technica exceeds 2,000 words on the first of nine pages–but its other changes have made less of a difference in my daily use.

• The battery, WiFi and signal-strength icons are now simple outlines, and when swiped down the notifications area shows your remaining battery life in human language instead of a percentage: “1 day, 2 hr.” Less attractive: The text of notifications doesn’t appear in Android’s usual Roboto font, which bugs me to no end.

• The array of icons in the share sheet no longer painstakingly paint their way onto the screen. And the one I employ most often–the copy-to-clipboard icon–always appears first and at the top right of this list.

• The switch to gesture navigation (for instance, swiping up to see all open apps) hasn’t been as confusing as I’d feared… because Android 10 didn’t touch my previous “2-button navigation” system setting, which keeps the back and home buttons one swipe away. I guess I should try the new routine now.

• I still think dark mode is an overrated concept, having had that as my everyday screen environment on too many DOS PCs, but I get that it can be less distracting at night. And on phones with OLED screens, dark modes also extend battery life. So now that dark theme is a supported Android feature–hint, edit your Quick Settings sheet to add a “Dark theme” tile–I would like to see more apps support it. Starting with Google’s own Gmail.

Finally, I have to note that my phone has yet to crash or experience any impaired battery life since updating it to Android 10. I hope I didn’t just jinx this update by writing the preceding sentence.

 

News sites, can you at least stop nagging distant readers to get your local-update newsletters?

With my industry becalmed in its current horrid economic state, you’d expect news sites to strive to make new readers welcome. Instead, they keep resorting to clingy, creepy behavior that must send a large fraction of those new readers lunging for the back button.

I’m speaking, of course, of the giant sign-up-for-our-newsletter dialog that pops up as you’ve read a third or half of a story, encouraging you to get that site’s latest updates in your inbox.

This is dumb on strict user-experience grounds–at a minimum, you shouldn’t see this until you’ve read to the end of the story. Would you like NPR affiliates to run their pledge drives by sounding an air horn in the middle of Morning Edition and then asking for your money? No, you would not.

But the newsletter nag looks especially dumb when a local newspaper greets a distant reader with this interruption. The odds that I’m going to want daily updates about developments in Richmond, Buffalo (as seen above), or some other place where I do not live are just about zero. And the fact that I’m reading hundreds or thousands of miles away should be obvious to every one of these sites via basic Internet Protocol address geolocation.

I’m willing to click or tap those dialogs closed and keep reading, because I don’t want to sandbag the journalism business any further. But it’s hard to blame readers who instead respond by switching to the stripped-down reader-view option of Safari or Firefox. Or by running an ad blocker.

iTunes (2001-2019-ish)

With Monday’s news that Apple is finally retiring the Mac version of iTunes, there’s been a lot of “good riddance” chatter about the impending demise of this music/video/download-store/backup/kitchen-sink app.

I get it. For years, iTunes has been a glaring example of Apple forgetting one of Steve Jobs’ rules about the importance of saying no to things. But I also have a long history with this program–I’ve been using it continuously for as long as I have any app, maybe longer. And it hasn’t been all bad.

It’s easy to forget today how bad the music-player landscape was before iTunes, full of apps deliberately limited in features and larded with upsells. If you wanted something decent, you had to pay for it upfront–the app that became iTunes, Casady & Greene’s SoundJamp MP, was a $40 download.

And even after iTunes arrived, competitors didn’t take the hint. Typical headline, from a 2006 review of Microsoft’s Windows Media Player 11: “Nice Features, But It’s No iTunes.” So when I finally set aside time to rip every CD I owned, iTunes did the job. And it was through iTunes that I bought the vast majority of my music downloads–and then paid $25 for iTunes Match to get legit copies of the MP3s I’d downloaded off Usenet newsgroups and file-sharing apps in the days before paying $1 a song was an option.

Most of two decades since my introduction to this app, I no longer use one of its original flagship features, easy music sync. I don’t own an iPhone, and since Apple has held fast to ignoring other mobile devices in this app, I copy the songs I want to store on my Android phone via the Finder.

The new Music app that will replace iTunes may be just as good at the core tasks of music organization and playback, but I won’t know for a while. The iMac on which I’m typing this–kept in service largely because I replaced its sluggish hard drive with a solid-state drive last year–can’t even run the current Mojave edition, much less the upcoming Catalina.

And iTunes for Windows will remain–but that app looks like such a stranger in Windows 10, I can’t deal with it. Instead, it looks like I’m stuck with two other choices with their own issues: Microsoft’s Groove Music, effectively retired after a series of feature removals, and the privacy-hostile Spotify. It looks like Apple isn’t the only large tech company that needs to reboot its desktop music-player strategy.

First impressions of 1Password

After several years using the same password-manager service–and then paying for its premium version–I’ve spent the last few weeks trying an alternative.

I can credit a sales pitch that included the italicized phrase “completely free” for this departure: 1Password’s offer of a free membership to journalists, in celebration of World Press Freedom Day this May 3. But I was also overdue to spend some time in a password manager besides LastPass.

So far, I’m impressed by the elegance of the interface but a little put off by how persnickety 1Password can be to set up. You don’t just create a username and password, you also have to type in a complex and random secret key to get going.

Having read this Toronto-based firm’s documentation of how this extra step helps ensure that a successful guess of your password still won’t compromise your account, I get where they’re coming from. But I’m not sure I’d recommend it to just anybody, especially not when LastPass’s free version suffices for many casual users.

Further time with 1Password’s Mac, Windows and Android apps has revealed other things I like:

This time has also surfaced one thing I don’t like: an incomplete approach to two-step verification that seems to require choosing between running an authenticator app on your smartphone or employing a weird Yubikey implementation that requires running a separate app instead of just plugging a standard USB security key. That’s no better than LastPass’s inflexible notion of two-step verification.

I’d like to see 1Password improve that and support the WebAuthn standard for security-key confirmation. But I’m prepared to give them some time, based on everything else I’ve seen so far.

Ugh, Washington Gas is the worst at customer experience

We got a message on our home phone yesterday from Washington Gas, and even by voicemail standards of annoyingness it was unhelpful: “We value you as a customer. Please contact us for an important message.”

Right, I’m going to listen to a voicemail and call a company back in 2019 to get a message that it could just put in my account online. Unfortunately, that is not at all out of character for how the D.C. area’s gas utility operates. Even when its customer site hasn’t been in the grip of a relaunch meltdown that left me unable to login for weeks, it’s mainly functioned as an exhibit of how not to run a payment portal.

The single biggest failing here comes if you choose to pay your bill via credit card–as you absolutely should, since there’s no surcharge compared to a bank deposit and you can make 2 percent cash back on each payment via a Citi Double Cash card. (I will set aside for now the fact that we’ve just had to get this card replaced for the third time in four years after some joker tried to make yet another fraudulent purchase on our number.) But clicking the button to pay via credit yields a dialog from the previous century: “A popup blocker is currently enabled. Please switch this to disable for Credit Card payment to function.”

Fortunately, you can disable pop-up blocking for a specific site in Chrome and Safari. Doing so will allow the Washington Gas page to launch a full-screen page from a service called Kubra EZ-Pay. EZ, this experience is not so much: It breaks the entry of your credit-card across two screens, which seems to stop Google Pay from auto-filling the second one, then asks for a phone number and e-mail when neither should be necessary in this transaction.

It’s all a pain, yet I keep taking this payment option because I don’t want to give Washington Gas the satisfaction of knowing that I gave up a 2 percent return because of its janky user interface. The only problem is that because I can’t automate a credit-card payment, I sometimes forget about this bill… which is what I suspect that call was about, not that the Washington Gas payment portal had any message of its own following up on the call.