Is it iPadOS 14 or iPadOS 13.8?

It’s been almost a month since I installed iPadOS 14 on my iPad mini 5, and not much about my tablet-computing experience since has reminded me of that.

Why? Compare Apple’s list of new iPadOS 14 features with its brag list for iOS 14: Apple tablets don’t get home-screen widgets or the App Library, even though their larger displays might better fit those interface changes. Apple’s new Translate app, a privacy-optimizing alternative to Google’s? iPhone only for now. Even emoji search in the keyboard is confined to Apple’s smaller-screen devices.

Like earlier iPad releases, iPadOS 14 omits the basics of weather and calculator apps. I guess Apple still couldn’t find a way “to do something really distinctly great,” as its software senior vice president Craig Federighi told tech journalist Marques Brownlee in the least-persuasive moments of a June interview.

There’s also still no kid’s mode that would let a parent hand over their iPad to a child and have it locked to open only designated apps. The continued absence of this fundamental feature–even the Apple TV supports multiple user accounts!–is especially aggravating after so many American parents have spent the last eight months mostly cooped up at home with their offspring.

Apple did add a bunch of fascinating new features in iPadOS 14 for Apple Pencil users–but my iPad mini 5 and my wife’s iPad mini 4 don’t work with that peripheral.

This new release has brought lesser benefits that I do appreciate. Incoming calls in FaceTime, Google Voice, and other Internet-calling apps now politely announce themselves with a notification at the edge of the screen instead of indulging in the interface misanthropy of a full-screen dialog, and Siri shares this restraint with screen real estate. Safari catches up to Chrome by offering automated translation of their text and surpasses Google’s browser with a privacy-report summary, both available with a tap of the font-size button. I can finally set default mail and browser apps–but not navigation, the area in which Apple remains farthest behind Google. And a set of new privacy defenses include the welcome option of denying an app access to my precise location.

But as nice as those things are, they don’t feel like the stuff of a major annual release–more like the pleasant surprises of an overperforming iPadOS 13.8 update. And they certainly don’t square with what you might reasonably expect from a company that reported $33.4 billion in cash and cash equivalents on hand in its most recent quarter.

Android 11 first impressions: payments with less stress

My pick for the single most helpful new feature in Android 11 doesn’t even get a description in Google’s highlights of its mobile operating system’s new version.

This addition lurks behind the power button: Press and hold that, and instead of Android 10’s sidebar menu with the “Lockdown” option that disables biometric unlocking and scrubs notifications from the lock screen, you see a full-screen menu with large buttons for that security feature, your Google-linked smart-home gadgets–and the credit cards you have active in Google Pay.

I’ve been a fan of NFC payments for years, but the world has caught up to me since March as merchants have rushed to provide contactless payment options. But until Android 11 landed on my Pixel 3a 11 days ago, matching a purchase with the card offering the best cash-back or points reward required me to open the Android Pay app and switch payment methods. Now, I just mash the power button and tap the card I want.

The Conversations features that do lead off Google’s sales pitch for Android 11 also seem like they’ll simplify my digital life. That’s “seem” because it took me until today to remember to swipe left on a text-message notification to expose the option to make the sender a priority–starring them in the Contacts app doesn’t affect this, nor do I see a way to promote people from within the Messages app. But at least now I know that messages from my wife will show up on my lock screen with her picture.

Android 11 also brings some less-obvious application-privacy enhancements, as detailed Google’s developer guidance. It improves on Android 10’s ability to deny apps background access to your location by letting you give an app only a one-time peek at your location. If you turn off location services altogether, COVID-19 exposure-notification apps like Virginia’s COVIDWISE now still work. And if you don’t open an app for a few months, the system will turn off its permissions automatically.

The biggest problem with Android 11 is one that has existed with every other Android update–but which fortunately doesn’t affect me as a Pixel 3a user. This update will probably take months to reach Android phones outside the small universe of Pixel devices and those from such other, smaller vendors as Nokia and OnePlus that decided to commit to shipping Google’s releases quickly.

My fellow Virginians, please install the COVIDWISE app. Now, thank you.

As the United States continues to flail away at the novel-coronavirus pandemic, my part of it has done one thing right. Wednesday morning, Virginia’s Department of Health launched COVIDWISE–the first digital contact-tracing app shipped in the U.S. on the privacy-optimized Exposure Notifications framework that Apple and Google co-developed this spring.

What that means is that COVIDWISE, available for iPhones running 13.5 or newer and most Android phones running Android 6.0 or newer, requires none of your data–not your name, not your number, not your e-mail, not even your phone’s electronic identifiers–to have it warn that you spent a sustained period of time close to somebody who has tested positive for COVID-19.

COVIDWISE and other apps built on the Apple/Google system instead send out randomized Bluetooth beacons every few minutes, store those sent by nearby phones running these apps, and flag those that indicate sufficiently extended proximity to allow for COVID-19 transmission as doctors understand it. That’s the important but often misunderstood point: All of the actual contact matching is done on individual phones by these apps–not by Apple, Google or any health authorities.

If a user of COVIDWISE tests positive and alerts this system by entering the code given them by a doctor or test lab into this app, that will trigger their copy of the app to upload its record of the last 14 days of those flagged close contacts–again, anonymized beyond even Apple or Google’s knowledge–to a VDH-run server. The health authority’s server will then send a get-tested alert to phones that had originally broadcast the beacons behind those detected contacts–once the apps on those devices do their daily check-ins online for any such warnings.

The U.S. is late to this game–Latvia shipped the first such app based on Apple and Google’s framework, Apturi Covid, in late May. In that time, the single biggest complaint about the Apple/Google project from healthcare professionals has been that it’s too private and doesn’t provide the names or locations that would ease traditional contact-tracing efforts.

I’m not writing this just off reading Apple and Google’s documentation; I’ve spent a lot of time over the last two months talking to outside experts for a long report on digital-contact-tracing apps. Please trust me on this; you should install COVIDWISE.

Plus, there’s nothing to it. The pictures above show almost the entire process on my Android phone: download, open, tap through a few dialogs, that’s it. At no point did I have to enter any data, and the Settings app confirms that COVIDWISE has requested zero permissions for my data. It uses the Bluetooth radio and the network connection; that’s it, as I’ve confirmed on two other Android phones.

If I’m curious about how this app’s working, I can pop into Android’s Settings app (search “COVID” or “exposure”) to see when my phone last performed an exposure check. But I don’t expect to get any other sign of this app’s presence on my phone–unless it warns me that I stood too close to somebody who tested positive, in which case I may not enjoy that notification but will certainly need it.

Updated 8/6/2020 with further details about the app’s setup and operation.

How I got Amazon Prime almost for free

Last summer, my appetite for quantifying my finances intersected with my food-procurement habits to yield a math exercise: How much of my Amazon Prime membership was I chipping away with these discounts at Whole Foods?

The Seattle retail leviathan’s 2017 purchase of the Austin-based grocery chain consolidated a large portion of my annual consumer spend at one company. It also gave me a new set of benefits for the Amazon Prime membership my wife and I have had since 2011: an extra 10% off sale items except beer and wine, plus some Prime-only deals.

(Personal-finance FYI: Amazon also touts getting 5% cash back at Whole Foods on its credit card, but the American Express Blue Cash Preferred offers 6% back on all grocery stores. That higher rate combined with Amex Offers for rebates at designated merchants easily erases the card’s $95 annual fee and returns more money than I’d get from Amazon’s card.)

So on my way out of Whole Foods, I created a new Google Docs spreadsheet on my phone and jotted down the Prime savings called out on my receipt. Then I did the same thing after subsequent visits. If Whole Foods and Amazon were going to track my shopping habits (which I assume they could from seeing the same credit card even if I didn’t scan in the QR code in the Amazon app at the checkout), I ought to do likewise.

Aside from $10-and-change savings during last July’s Prime Day promotion and again on roses for Valentine’s Day, most of these 41 transactions yielded $4 or less in Prime discounts. But after a year, they added up to $118.14, just 86 cents less than the $119 Prime annual fee.

To answer the obvious question: No, I did not step up my Whole Foods visits because of this tie-in. That place does happen to be the closest almost-full-spectrum grocery store to my home, but there’s a Trader Joe’s barely further away that trades a smaller selection for cheaper pricing on staples like milk and flour. And thanks to this dorky habit of mine, I can tell that I’ve shifted more of my business from WF to TJ’s the past few months.

Things I learned from working a primary election

After more than 15 years of writing about voting-machine security, I finally got some hands-on experience in the field–by waking up at 4 a.m. and working a 16-hour day.

I’d had the idea in my head for a while, thanks to frequent reminders from such election-security experts as Georgetown Law’s Matt Blaze that the best way to learn how elections work is to work one yourself. And I finally realized in January that I’d be in town for the March 3 Democratic primary and, as a self-employed type, could take the whole day off.

I applied at Arlington’s site by filling out a short form, and about two hours later got a confirmation of my appointment as an election officer. (My wife works for Arlington’s Department of Technology Services but has no role in election administration.) A training class Feb. 11 outlined the basics of the work and sent me home with a thick binder of documentation–yes, I actually read it–and on March 3, I woke up two minutes before my 4 a.m. alarm.

After packing myself a lunch and snacks, as if I were going to grade school, and powering through some cereal, I arrived at my assigned polling place just before the instructed start time of 5 a.m. I left a little before 9 p.m. Here are the big things I learned over those 16 hours:

  • Yes, having people fill out paper ballots and scan them in works. I saw 500-plus voters do that while I tended the scanner in the morning, and none had the machine reject their ballot. There was confusion over which way to insert that ballot, but the scanner accommodated that by reading them whether they were inserted upside down, right-side up, forwards or backwards. (I wish more machines were that tolerant of human variances in input.) And at the end of the day, we had a box full of ballots that will be kept for a year.
  • The technology overall appeared to be of higher quality than the grotesquely insecure, Windows-based Winvote touchscreen machines on which I voted for too many years. This scanner was an offline model running a build of Linux, while the poll-book apps ran on a set of iPads.
  • The “vote fraud” rationale for imposing photo ID requirements is not only fraudulent, but photo IDs themselves are overrated. The state allows a really broad selection of public- and private-sector IDs—unavoidable unless you want to make it obvious that you’re restricting the franchise to older and wealthier voters—and our instructions required us to be liberal in accepting those. I didn’t see or hear of anybody getting rejected for an ID mismatch. (The one surprise was how many people showed up with passports; I quickly grew to appreciate their larger color photos over the tiny black-and-white thumbnails on drivers’ licenses.)
  • Asking people to state their name and address, then matching that against voter-registration records, does work. That also happens to be how voter check-in used to work in Virginia before Republicans in the General Assembly shoved through the photo-ID requirement that’s now been reversed by the new Democratic majority in Richmond.
  • You know who really loves high turnout? Election officers who otherwise have some pretty dull hours in mid-morning and then mid-afternoon. At one point, the person in charge of the ballot scanner busied himself by arranging stickers into a bitmapped outline of Virginia, then added a layer of stickers on top of that to represent I-95 and I-66. Fortunately, precinct 44 blew away past primary-turnout records with a total of 1,046 in-person votes.
  • The attention to detail I saw was almost liturgical. Every hour, the precinct chief did a count of voters checked in and votes cast to ensure the numbers matched; every record was done in at least duplicate; every piece of paper was signed by at least two election officers, and the overall SOR (statement of results) bore the signatures of all eight of us. We closed out the night by putting documents and records in specified, numbered envelopes, each locked with a numbered zip-tie lock; each number was recorded on a piece of paper on the outside of each envelope that was itself signed by two election officers.
  • Serving as an election officer isn’t physically demanding work, but it does make for a long day. We did have coffee delivered, but it didn’t arrive until 9 a.m., and nobody had time for dinner during the rush to close out things after the polls closed.
  • It’s also not the most lucrative work ever. My paycheck arrived Friday: $175, amounting to an hourly wage of $10.94. The value of seeing the attention paid to make democracy work and then watching more than a thousand people show up to exercise their rights: priceless.

Updated 3/23/2020 to fix some formatting glitches.

Here’s how much Facebook was tracking me around the rest of the Web

Facebook finally fulfilled one of Mark Zuckerberg’s campaign promises this week–a promise dating back to May of 2018.

That’s when Facebook’s CEO said the company would roll out a “Clear History” feature that would let its users erase Facebook records of their activity at other sites and apps as gathered by the social network’s Like and Share buttons and other plug-ins.

(If it took you a long time to realize the extent of that tracking, I can’t blame you. Instead, I can blame me: The post I did for the Washington Post when my old shop integrated a batch of Facebook components to its site didn’t spell out this risk.)

Twenty months after Zuck’s announcement, this feature, renamed “Off Facebook Activity”, finally arrived for U.S. users on Tuesday. I promptly set aside that day’s tasks to check it out firsthand.

The good news, such as it was: Only 74 apps and sites had been providing Facebook info about my activity there. And most of them (disclosure: including such current and past clients as USA Today, Fast Company, The Points Guy and the Columbia Journalism Review) had only coughed up isolated data points.

The bad news: The Yelp, Eventbrite, AnyDo, and Duolingo apps had all coughed up more than 20 records of my interactions there, as had the sites of Home Depot and Safeway owner Albertson’s.

To judge from the responses I got from readers of my Facebook when I asked them how many sites and apps showed up in their own Off-Facebook Activity listings, I’m practically living a cloistered life. Most comments cited three-digit numbers, two close to four digits: 232, 356, 395, 862, and 974. One thing most of these users seemed to have in common: using Google’s Chrome as a default browser instead of Apple’s Safari or Mozilla Firefox, both of which automatically block tracking by social networks on other pages. The former is the default on my desktop, while the latter has that place on my laptop.

I’ve now cleared my history and turned off future Off-Facebook Activity–at the possible cost of no longer having WordPress.com publish new posts automatically to my Facebook page. I can probably live with that.

Google told me to put this blog on a diet

The screen real estate around these words should look a little neater now–not much thanks to my own editing instincts. Instead, I needed a scolding from Google.

That came from its PageSpeed Insights tool, a page you can use to check the performance of your own site or any other. It’s been around for years, but I didn’t think to use it until after I finally connected this site to Google’s Search Console webmaster tool last May (yes, even though I’ve been blogging here since 2011 and am supposed to be a professional tech journalist) and saw a prompt to try PageSpeed Insights in my results.

The results were not flattering: a mobile performance score of 47 out of 100, with desktop performance better but still subpar at 89. Scrolling down revealed a variety of flaws in this blog, some that I could correct with the limited tools of a free WordPress.com account and some that I could not.

I started with the first obviously fixable thing, image sizes. Google suggested that I convert such frequently-downloaded elements as the background image to “next-gen formats” like WebP or JPEG 2000. But instead of switching to files that Apple’s Safari browser can’t display, I opened the original photo for the background (a view of the Blue Ridge from a bike century ride in 2006) in my Mac’s GraphicConverter app and exported it with a lower image-quality setting that cut its size by a third at no visible cost.

That did not impress PageSpeed–my mobile score actually dropped to 44–so I moved on to the third-party code that Google reported had been getting in the way of my own content. It listed Facebook as a major offender, accounting for 207 milliseconds of delay. Removing the Facebook widget that you formerly saw in the right-hand sidebar boosted my mobile score to 53, with the desktop score essentially unchanged at 87.

(PageSpeed Insights scores fluctuate up and down with each test, so don’t get bent out of shape if yours drops by five for no apparent reason, at least not until you run the test again.)

Then I removed the Facebook and Twitter share buttons and elected to toss all of the share buttons except the tool to e-mail a link to the page. That edged the mobile score up to 58 and pushed the desktop score up to 96.

This pruning got me to look again at all the ads you see around here–and think about how low-rent so many of them are. I turned off the three “additional ad placement” options that had been salting each post with extra banners. That may cut into my ad revenue, but it’s already so thin I’d rather that my professional presence online not look quite so janky.

Having spun myself up fully into Marie Kondo mode, I returned to the sidebar and removed the Twitter widget (PageSpeed Insights had blamed Twitter code for 119 ms of delay) and some non-interactive links that only cluttered that part of the page.

The results of all this effort as calculated by PageSpeed Insights just now: scores of 76 on mobile and 99 on desktop. I hope you notice this blog loading a little quicker–and I trust you appreciate how this exercise has also rid my blog of Facebook’s tracking.

Six updates in, iPadOS still needs work

It hasn’t even been two months since Apple shipped iPadOS, but in that time the tablet offshoot of iOS 13 has seen six maintenance updates–from iPadOS 13.1.1 to 13.2.3.

That plethora of patches has squashed some obvious bugs, like the ones that made Dock shortcuts to recently-opened non-Apple apps inert. They have not, however, cured other trying aspects of iPadOS:

• The new QuickPath gesture-typing option is, for some reason, confined to the floating keyboard you can invoke, not the standard-sized one. Has nobody at Apple tried using Google’s Gboard?

• The new multiple-windows option for an app is buried beneath a long-press of a Dock icon–sufficiently hidden that I did not realize that feature existed until reading Ars Technica’s iPadOS review.

• I appreciate Apple’s attempts to make me aware when apps request my location in the background, but after being nagged 10 times about my choice to let the Dark Sky weather app check my coordinates in the background, I’d appreciate having an option to the effect of “I know what I’m doing and you can stop asking about this.”

• Seeing which apps have updates or have been recently updated takes more steps than in iOS 12–presumably, so that Apple could use that spot at the bottom of the App Store app to promote its Apple Arcade subscription gaming service.

• The process of moving app icons around feels even more maddening than before, especially if I happen to drop an app inside a folder by mistake. Meanwhile, the OS still affords no relief from its inflexible app grid; I can’t leave a row or a column blank as negative space to set off particular icons.

• AirDrop remains as enabling of anonymous harassment as ever.

• I still see display glitches like the charming overlap of portrait and landscape screen modes shown in the screengrab above.

It’s not that I regret installing iPadOS–some of the new features, like the privacy-preserving Sign in with Apple option, are only starting to reveal their promise. Others, such as the Sidecar Mac screen-mirroring option, require newer hardware than the aging iMac on which I’m typing this. But seeing these obscure, illogical or insensitive bits of user experience, I can’t help thinking of all the times I’ve taken a whack at Windows for the same sort of design stumbles.

I’m (still) sorry about the schlock ads here

Yesterday’s announcement of a merger of Taboola and Outbrain–the dreadful duo responsible for those horrible “around the Web” galleries of clickbait ads tarting up many of your favorite news sites–provided yet another reminder of how fundamentally schlocky programmatic ads can get online.

But so did a look at this blog.

When WordPress.com launched WordAds in 2012, the company touted a more tasteful advertising system that bloggers here could be proud of. The reality in the seven years since has been less impressive.

The WordAds program features some respectable, name-brand advertisers like Airbnb and Audible, to name two firms seen here tonight. But it’s also accepted too much tacky crap–including some of the same medically-unsound trash that litters Taboola and Outbrain “chumboxes”–while struggling to block scams like the “forced-redirect” ad in the screenshot at right.

Over the last year, I’ve also been increasingly bothered by the way these ads rely on tracking your activity across the Web. I know that many of you avoid that surveillance by using browsers like Safari or Firefox with tracking-protection features, but I’d just as soon not be part of the privacy problem. Alas, WordPress has yet to offer bloggers the option of running ads that only target context (as in, the posts they accompany), not perceived user behavior as determined by various programmatic systems.

I do make money off these ads, but slowly. Most months, my advertising income here doesn’t exceed $10, and I can’t withdraw any of the proceeds until they exceed $100. I had thought that I’d see one of those paydays last month–but August’s addition to my ad income left me 28 cents shy of that C-note threshold.

So in practice, my major return on WordAds is the opportunity to have my face periodically shoved into the muck of online marketing. That’s worth something, I guess.

Android 10 first impressions: location, location, no you can’t have my location

A dozen days after installing Android 10 on my Pixel 3a, this operating-system update’s major accomplishment has been helping me to chain down a bunch of my apps.

That’s good! The location-privacy improvements in Android 10–starting with the ability to deny an application access to your location when it’s not running in the foreground–more than justify the roughly seven minutes I spent installing this release.

I expected that after seeing Google’s introduction of Android 10, then named Android Q, at Google I/O this May.

But I didn’t know then that Android would actively warn me when individual apps checked my whereabouts when I wasn’t running them, in the form of “[App name] got your location in the background” notifications inviting me to take the background-location keys from that app.

I was already planning on limiting most of the apps on my phone to foreground location access only, but these reminders have sped up that process and helped spotlight the more obvious offenders. (Facebook Messenger, go sit in the corner.) This is an excellent case of Google borrowing from Apple.

There’s much more that’s new in Android 10–if you’re curious and have an hour or so free, Ron Amadeo’s novella-length review at Ars Technica exceeds 2,000 words on the first of nine pages–but its other changes have made less of a difference in my daily use.

• The battery, WiFi and signal-strength icons are now simple outlines, and when swiped down the notifications area shows your remaining battery life in human language instead of a percentage: “1 day, 2 hr.” Less attractive: The text of notifications doesn’t appear in Android’s usual Roboto font, which bugs me to no end.

• The array of icons in the share sheet no longer painstakingly paint their way onto the screen. And the one I employ most often–the copy-to-clipboard icon–always appears first and at the top right of this list.

• The switch to gesture navigation (for instance, swiping up to see all open apps) hasn’t been as confusing as I’d feared… because Android 10 didn’t touch my previous “2-button navigation” system setting, which keeps the back and home buttons one swipe away. I guess I should try the new routine now.

• I still think dark mode is an overrated concept, having had that as my everyday screen environment on too many DOS PCs, but I get that it can be less distracting at night. And on phones with OLED screens, dark modes also extend battery life. So now that dark theme is a supported Android feature–hint, edit your Quick Settings sheet to add a “Dark theme” tile–I would like to see more apps support it. Starting with Google’s own Gmail.

Finally, I have to note that my phone has yet to crash or experience any impaired battery life since updating it to Android 10. I hope I didn’t just jinx this update by writing the preceding sentence.