Bandwidth battles in China

SHANGHAI–Crowded gadget trade shows like CES and Mobile World Congress usually entail connectivity complaints. But when you put the gadget show in China, you level up the complexity, thanks to the need to run a Virtual Private Network app to preserve access to U.S. sites blocked by China’s Internet filters.

In theory–and in every PR pitch from a VPN service advertising itself as the surefire way to stop your ISP from tracking your online activity–that should add no difficulty to getting online. You connect, the VPN app automatically sets up an encrypted link to the VPN firm’s servers, and then you browse as usual.

PIA VPN exit-server menu

The reality that I’ve seen at CES Asia this week while using the Private Internet Access Windows and Android apps has been a good deal less elegant.

  • Often, the PIA app will connect automatically to the best available server (don’t be like me by wasting selecting a particular U.S. server when the app usually gets this right) to provide a usable link to the outside world. But it’s never clear how long that link will stay up; you don’t want to start a long VoIP call or Skype conference in this situation.
  • On other occasions, the app has gotten stuck negotiating the VPN connection–and occasionally then falls into a loop in which it waits increasingly longer to retry the setup. Telling it to restart that process works sometimes; in others, I’ve had to quit the app. For whatever reason, this has been more of a problem on my laptop than on my phone.
  • The WiFi itself has been exceedingly spotty whether I’ve used my hotel WiFi, the Skyroam Solis international-roaming hotspot I took (a review loaner that I really, really need to send back), the press-room WiFi or, worst of all, the show-floor WiFi. Each time one of those connections drop, the VPN app has to negotiate a new connection.

If you were going to say “you’re using the wrong VPN app”: Maybe I am! I signed up for PIA last year when the excellent digital-policy-news site Techdirt offered a discounted two-year subscription; since then, my client Wirecutter has endorsed a competing service, IVPN (although I can’t reach that site at the moment). Since I don’t have any other trips to China coming up, I will wait to reassess things when my current subscription runs out next April.

Also, it’s not just me; my friend and former Yahoo Tech colleague Dan Tynan has been running into the same wonkiness.

To compound the weirdness, I’ve also found that some connectivity here seems to route around the Great Firewall without VPN help. That was true of the press-room WiFi Thursday, for instance, and I’ve also had other journalists attending CES Asia report that having a U.S. phone roam here–free on Sprint and T-Mobile, a surcharge on AT&T or Verizon–yielded an unfettered connection.

At the same time, using a VPN connection occasionally left the CES Asia site unreachable. I have no idea why that is so.

What I do know is that I’ll very much appreciate being able to break out my laptop somewhere over the Pacific in a few hours and pay for an unblocked connection–then land in a country where that’s the default condition.

Advertisements

Yes, I still use Flickr

My oldest social-media hangout is no longer the property of my biggest client’s corporate parent, and I am okay with that.

Flickr Android appLast night brought word that Verizon’s Oath division had sold Flickr to the photo-sharing site SmugMug. Jessica Guynn’s USA Today story breaking the news calls Flickr a “faded social networking pioneer,” which is both uncomplimentary and correct.

My Flickr account dates to 2005, and over the subsequent 13 years I’ve seen Flickr suffer a lot of neglect–especially during Yahoo’s pre-Marissa Mayer years, when a succession of inept CEOs let Instagram run away with the mobile market.

Yet not only have I kept on uploading, editing and captioning pictures on Flickr (edit: with the occasional lag in sharing anything), since 2011 I’ve paid for a Flickr Pro membership. That first got me out from under the free version’s 100-megabyte monthly upload cap, but since Yahoo ditched that stingy limit in 2013… well, it’s a tiny monthly cost, and I like the idea of having a social-media account on which I’m not an advertising target with eyeballs to monetize.

Meanwhile, Flickr has continued to do a few things well: welcome both pictures taken with a standalone camera and those shot with a phone; make it easy to present and browse albums of photos (“photosets” if you’re old); support Creative Commons licensing so I can permit non-commercial sharing but prohibit commercial reuse (which required USA Today to pay me for one Flickr photo); and let people share their work in pools (for instance, Greater Greater Washington’s, which has occasionally resulted in my shots getting featured on that blog).

Instagram, where my active presence only dates to February of 2017, is easy, fun and great for engagement–slap #travel on a shot and you’ll get 15 likes in an hour. But it doesn’t do those things. And it’s a Facebook property, which raises the question of just how much of my online identity I need on that company’s servers.

Google Photos offers a fantastic private-backup service, but it, too, belongs to a company that already hosts much of my digital life.

SmugMug hasn’t said much about its plans for Flickr beyond promising not to merge Flickr and SmugMug. But unlike Oath, it has no other lines of business besides photo sharing. And as a privately-owned firm that hasn’t taken outside investments, SmugMug doesn’t need to meet impatient expectations from Wall Street or Silicon Valley. I feel pretty good about this transition, and I doubt I’ll have any big hangups about paying for my next Flickr Pro bill.

My Facebook-apps privacy audit

At some point, I was going to revisit my Facebook-privacy settings, but this weekend’s news about Cambridge Analytica’s exfiltration of some 50 million Facebook users’ data via a personality-quiz app moved up that timetable a bit.

That also sped up my overdue reacquaintance with my Facebook app settings–something I hadn’t paid much attention to since I last added any apps to my profile. The how-to I wrote in late 2013 about Facebook privacy waved away that angle: “Most of the options under the ‘Apps’ heading only apply if you add applications to your profile.”

Alas, I had added a few apps to my profile, especially in the first few years I had an account. Make that a few dozen apps. They fell into a few categories:

  • Apps or site logins (Facebook lists both on the same page) that I didn’t remember adding but could imagine reasons to have done so.
  • Apps that I had once appreciated but hadn’t touched in years (and which, per the new policy Facebook CEO Mark Zuckerberg announced Wednesday, would now be cut off).
  • Apps that I still appreciated but which had more access to my data than I recalled granting.
  • Apps that I recognized and which didn’t demand information beyond the public-on-Facebook aspects of my profile.

The last category aside, it was an embarrassing exercise. How had I allowed so many apps to see my friends list? Aren’t I supposed to know this stuff?

After that humbling moment, I removed about two-thirds of the apps, with those offering discernable utility cut down to seeing only my basic profile information. I should have done that years ago. But so should most of us.

Bear in mind that I’ve never treated Facebook as a friends-only space. I know that screenshots exist; I hadn’t had a Facebook account for more than a year and change before a now-defunct D.C.-journalism-gossip site posted a sceengrab of it. If I post an update, I try to write it so it won’t look too incriminating when quoted elsewhere out of context.

During this overdue investigation, I also looked at the “Apps Others Use” category that Facebook vaguely explains as a way for friends to bring your info to apps they use. I’d unchecked all 13 of those options, but after seeing most activated in a dummy account I keep for fact-checking purposes–and having people ask if this didn’t mean that Facebook apps could still grab data from friends–I had to ask Facebook to clear this up.

The less-than-conclusive answer I got over two e-mails: That cluster of settings dates to “before we made significant changes to how developers build apps on Facebook” that eliminated its functionality, except that it “still addresses some limited situations like photo sharing.”

So it appears that this absurdly wealthy company has trouble updating and documenting its privacy interface. That’s yet another problem Facebook needs to solve.

SXSW scheduling: indecision is the key to flexibility

AUSTIN–Looking at the glut of invitations to South By Southwest events that have landed in my inbox in the past few days, two things seem clear: Many publicists think this event starts and ends on Saturday, and I shouldn’t have bothered scheduling anything until this week.

SXSW 2018 logoI know from prior experience that this conference attracts a silly amount of marketing money that gets lit on fire in various #brand-building exercises–most involving the distribution of free tacos, BBQ and beer.

But this year–much like at CES–some sort of happy-hour herd instinct has also led many companies to schedule their events on the same day, in this case Saturday. Looking over the possibilities, it appears I could spend that entire day–starting with a 7:30 a.m. mimosa breakfast–drinking on the dime of one corporate host or another.

(I won’t. I have panels to attend, people to interview, and probably one post to write. I may need a nap too.)

And, yes, a huge number of these invitations came in the last 72 hours. Far be it for me to criticize other people’s just-in-time conduct, but weren’t all of these bars, restaurants and other event spaces booked months ago? I have to assume that after not enough of the A, B and C-list guests responded affirmatively, the sponsor reluctantly decided to invite the D-list.

Considering that you can’t tell which events will be mobbed and how you might be waylaid by random meetings at them, your only safe response is to RSVP to everything and leave your calendar looking like a game of Tetris that you’re about to lose. Then decide where you’ll go based on where you’re standing and what looks interesting nearby–as shallow and impolite as that is.

And that’s how I came to a conclusive answer to this question: What’s a less reliable indication of somebody’s attendance than an Evite response?

How I screwed up a Strava story

A story I wrote weeks ago started to go bad last Saturday, before it had even been published and posted.

That’s when an Australian student named Nathan Ruser tweeted out an interesting discovery: The Global Heatmap provided by the activity-tracking social network Strava revealed the locations of both documented and secret foreign military bases, as outlined by the running and walking paths of service members that Strava’s apps had recorded.

The feature I had filed for the U.S. Geospatial Intelligence Foundation’s Trajectory Magazine–posted Wednesday and landing in print subscribers’ mailboxes this week–also covered Strava, but in a different light.

As part of an overview of interesting applications of “geoint,” I wrote about Strava Metro, the database of activities over time available to local governments and cyclist-advocacy organizations (but not commercial buyers). In that part of the story, I quoted Strava executive Brian Devaney explaining the company’s efforts to keep its users anonymous in both Metro and the heatmap.

Looking at Strava from the perspective of “will this show where people live?”, I didn’t even think about how Strava users might unwittingly map temporary workplaces abroad. I had my chance to clue in on Strava’s military user base from looking around D.C.–that’s Joint Base Andrews precisely outlined southeast of the District in the screengrab above–but I failed to draw any conclusions from that.

Apparently, so did everybody else in the months after the Nov. 1 debut of the heatmap, heralded in a post by Strava engineer Drew Robb that touted how “our platform has numerous privacy rules that must be respected.”

You can blame Strava for making it difficult to set a geofence around a sensitive area. But it’s less fair to hound a privately-run service built to share workout data–remember, it calls itself “the social network for athletes”–for not maintaining a database of classified military locations to be blacked out on its heatmap.

After Ruser’s first tweets, however, developer Steve Loughran poked around Strava’s system and found that he could correlate the heatmap with the records of individual people by uploading a fabricated GPS file of a workout to spoof the site into thinking he’d jogged along the same path. That’s a deeper problem, and one that appears to be Strava’s fault.

After I asked Strava to explain these new findings, spokesman Andrew Vontz pointed me to a Jan. 29 post by CEO James Quarles pledging action to make privacy a simpler choice in its system.

I hope that they do so forthwith. Meanwhile, a fourth of a magazine feature with my name on it (at least it’s the last fourth!) looks dumb. It’s true that every other journalist to write about Strava between November and last week also missed these angles–but I may be unique in having a positive piece about Strava land this week. That’s not a great feeling.

Sharing stories from Apple News considered harmful

Last Tuesday, Google delivered some news that open-Web advocates have long awaited: Stories posted in the speedy, Google-developed Accelerated Mobile Pages format and served up via its even-faster caching service won’t zap onto the screens of mobile devices at google.com addresses, not the domain name of their publisher.

The avoidable but common facet of the AMP experience has bothered me since my early encounters with Google’s attempt to make the mobile Web less janky–it led the explainer I wrote for Yahoo two years ago. Google is now moving to fix the problem it helped create, which is welcome news in any publishing format.

(Specifically, Google will adopt a new page-packaging standard to preserve site domain names. In last Tuesday’s post, AMP project tech lead Malte Ubl says we should start seeing the results on our phones in the second half of this year.)

This, however, leaves another address-eating annoyance on the mobile Web: Apple News. This iOS app is a pleasant way to browse and read stories; like the open-source AMP, this proprietary format cuts out the cruft that can clog mobile reading.

But when you tap its “Share” button, Apple News serves up an apple.news address. And unlike even Googled-up AMP addresses, this one offers no hint after the domain name of where you’ll go.

The text Apple News pre-populates in a tweet or Facebook update–the story headline, an em-dash, and then the publication name–does. But on Twitter and Facebook, many people decide to replace that text with their own words, leaving users to guess what’s behind that apple.news address.

Apple appears to be doing this to ensure that other iOS users can read the story you shared in Apple News as well–its developer documentation even lists a story’s canonical address as a “not required” bit of metadata. But in the context of a button that can share a story on the public Web, that’s an absurd inversion of priorities.

Apple could fix this by coding Apple News to share a story’s original address when available, perhaps with an identifier to tell iOS devices to open it in Apple News. But knowing this company, I wouldn’t expect that any sooner than the arrival of a reborn Mac mini at my neighborhood’s Apple Store.

Instead, you’ll have to solve this problem yourself. If you’re sharing a story from Apple News, keep some reference to the publisher in your description. If that would cramp your social-media style, please take a moment to tap the share sheet’s “Open in Safari” button–then share the story from that browser, from whence it will have its real address.

How to get a CES PR pitch wrong

2018 is only six days old, and I have already received 725 e-mails mentioning “CES” somewhere–and that’s excluding those from colleagues at various clients.

Something about this gargantuan electronics show makes tech-PR types needier and thirstier than at any other time of the year–which, in turn, makes tech-journalism types crankier than at any other time of the year. It’s not a good look for any of us.

With that volume of pitches, any one CES PR e-mail faces dire odds. Those odds get a lot worse if the message gets some basic stuff wrong.

Undisclosed location: Proximity drives scheduling at CES, because the traffic is so awful, so I need to know where an event is at before I decide if it’s worth my time. If you don’t say where your event is at, am I supposed to think it’s at some venue miles from the Strip?

While I’m on the subject, a five-digit booth number is not that much of a help, since that could be anywhere in several square miles of convention-center space.

Unannounced time: More CES pitches than you’d think forget another Invitation 101 thing, telling me when an event is happening. Please remember to put that in the message–by which I mean in the message’s text, so mail clients can detect it and offer to add it to my calendar.

Micromanaged scheduling: The Pepcom and ShowStoppers receptions are an efficient way for smaller companies to get exposure to the press and for journalists to get dinner and a drink or three to numb the pain. I always attend them. (Disclosure: The ShowStoppers people put together my annual trip to the IFA trade show in Berlin.) I don’t mind PR pitches saying that a client will be at one of these events. I really hate requests to book an appointment at them; please don’t waste my time with them.

Breaking the laws of CES physics: Press-conference day and opening day of CES–this time around, Monday and Tuesday–are the two busiest days of the show. Coaxing journalists to some event that isn’t at the primary venue for each day (Mandalay Bay for press conferences, the Las Vegas Convention Center for opening day) is generally a doomed endeavor. PR folks reading this: I wish you good luck in convincing your clients to not try this next year.

Some of these event invitations come with an offer of a free ride to or from the LVCC. On opening day, that car will have to be of the flying variety.

Standard-issue mail #fail. CES is no better than any other time to forget about the BCC line in your e-mail and instead send a pitch to 258 people on the To: line. Somebody did that this time around, and it worked about as well as you’d expect. One recipient took the time to techsplain to the sender how he should check out the BCC option–“I heard it was rolled out at CES 1977”–and of course did so by hitting reply-all himself.