daring-rss

I don’t post many affiliate links but here’s a great one: Amazon has second-gen AirPods Pro for just $169 for Prime Day, discounted a full third from the usual price of $249. AirPods Pro are not just my favorite earbuds ever, they’re one of my favorite products ever, full stop. Buy through this link and I’ll get rich.

 ★ 

I don’t post many affiliate links but here’s a great one: Amazon has second-gen AirPods Pro for just $169 for Prime Day, discounted a full third from the usual price of $249. AirPods Pro are not just my favorite earbuds ever, they’re one of my favorite products ever, full stop. Buy through this link and I’ll get rich.

Read More 

SMS wasn’t dying, but it was slowly fading away, and should have been left for things like automated “your table is ready” notifications from restaurants. RCS is just going to give carrier-based messaging new legs that it shouldn’t have gotten.

Here’s a hot take: last week’s news of a massive AT&T breach revealing the phone call and text messaging records of all AT&T customers for six months in 2022 exemplifies why RCS is a terrible protocol that ought not exist, and why it’s a mistake that Apple is adding support for it to iOS 18 this year.

The pro-RCS argument is that it improves upon SMS by adding support for much larger image and video attachments, as well as niceties like typing indicators. It really is just like SMS but better, which makes it seem, on the surface, like a no-brainer that all cell phone platforms should support it. In this view, the only justification for Apple’s yearslong refusal to support RCS was to maintain a maximum feature gap between iMessage (which, famously, is exclusive to Apple’s devices) and carrier-based messaging. In day-to-day use people can’t see that iMessage is fully end-to-end encrypted, but everyone can plainly see that images and videos sent over SMS/MMS look like shit. So it looks like nothing but pure spite that Apple refused, for years, to support RCS.

But the argument against RCS is strong and simple: it doesn’t support end-to-end encryption. The only new messaging platforms that should gain any traction are those that not only support E2EE, but that require it. Messaging and audio/video calls should only work through E2EE. That’s true for iMessage and FaceTime.

SMS and traditional telephone voice calls lack any encryption at all, but they’re firmly established. Just like email. But anything new should only be supported if it’s fundamentally based on E2EE. The RCS spec offers no message encryption at all. Google has implemented its own encryption for RCS, but, that’s a proprietary implementation that only works for messages sent between users who are all using Google’s own Messages app. From Google’s “Messages End-to-End Encryption Overview”:

In order to store and exchange user public keys like identity
keys and prekeys, we need to have a central key server. Unlike
the RCS messaging servers, the key server is currently only
hosted by Google.

Perhaps, someday, the RCS spec will support an open standard for E2EE. I’m not holding my breath for that. For one thing, industry consortiums tend not to produce good solutions to hard problems, and an open standard for E2EE messaging is a very hard problem. Maybe impossible. Someone has to handle key exchange and management, but who would that be in an open standard? Then there’s the politics: law enforcement agencies the world over will pressure carriers against that. As I reported back in February, the primary reason Apple changed course on supporting RCS is that it’s mandated in China. The Chinese government surely loves RCS because it isn’t encrypted.

That’s not unique to China or other authoritarian dictatorships. Even in the West, law enforcement and spy agencies love the fact that telephone voice calls and cellular text messages are unencrypted. We don’t know how much they record and keep, but it’s a known fact that the NSA has black boxes installed at the carriers’ call centers, and the safest bet is that they record and store all of it. But even if you trust law enforcement agencies to handle this sensitive data securely, it’s clear, from this latest data breach alone, that the carriers themselves cannot be trusted. They’re inept. They always have been inept. And my money says they always will be.

But even if, somehow, a future version of the RCS spec supports E2EE, what about older devices that only support today’s non-encrypted version of RCS? Even if RCS eventually supports E2EE — which, again, I doubt — such support will surely be optional, not mandatory, because RCS has already shipped and is in widespread use on Android without encryption. That’s why messaging platforms should be built around E2EE from the start. It’s difficult to mandate E2EE on a platform that already supports unencrypted messaging. RCS should have been exclusively E2EE; instead, the standard offers no encryption at all.

Carrier-based messaging was best left as a legacy protocol. SMS wasn’t dying, but it was slowly fading away, and should have been left for things like automated “your table is ready” notifications from restaurants. RCS is just going to give carrier-based messaging new legs that it shouldn’t have gotten.

Another thing that sucks about carrier-based messaging is that it requires a device with an active SIM card from a carrier. Yes, you can send and receive SMS from a Mac or iPad with Text Message Forwarding, but you need the iPhone to do the forwarding. If you power down (or worse, lose) your iPhone, your Mac and iPad will no longer be able to send or receive SMS messages — and I presume that will be true for RCS as well. Whereas with modern messaging platforms like iMessage, Signal, and WhatsApp, devices like PCs and tablets can serve as clients without a phone.1

There is, admittedly, a good argument in favor of RCS. Basically, that phone carrier messaging is now and always will be a universally accessible form of communication. Everyone who is online has a cell phone, and those phones can all send and receive SMS. Because carrier-based messaging isn’t going away, this argument goes, it ought to be made as good as possible, and RCS — despite its deficiencies — is clearly better than SMS. Therefore RCS ought to be supported by all mobile devices, including iOS. Here’s Andy Ihnatko, in a discussion with me on Threads back in November:

Carrier-based messaging on a pre-installed messaging app might
seem irrelevant to many of us. But it serves and suffices. And the
process of discovery, selection, and installation of a different
service — and getting your entire social circle on board with it — is deathly for so many people.

“If I know their phone number, I can send them a message or a
photo” is a world-beater of a feature for the average user. This
is why such apps should be as muscular as feasibly possible.

Ihnatko is right, but only if you believe that carrier-based message should remain the baseline. I do not. And it’s also a U.S.-centric viewpoint. In most countries around the world, platforms like WhatsApp, Line, or Facebook Messenger serve that role, as the baseline “everyone has it” messaging platform — and they’re better for it. I prefer iMessage, personally, for multiple reasons, but iMessage is fundamentally limited from serving that “everyone has it” baseline role by Apple’s decision not to ship an Android client. Eddy Cue doesn’t lose many arguments but he lost that one. All of the effort spent pushing Apple to support RCS would have been better spent pushing Apple to ship iMessage for Android. And without a supported iMessage client for Android, that role ought to go to WhatsApp, not RCS. WhatsApp is free, secure, and works equally well on all phones.

Meta knows this, and clearly smells the opportunity. Does Apple?

Read More 

Pete Wells:

The first thing you learn as a restaurant critic is that nobody
wants to hear you complain. The work of going out to eat every
night with hand-chosen groups of friends and family sounds
suspiciously like what other people do on vacation. If you happen
to work in New York or another major city, your beat is almost
unimaginably rich and endlessly novel. […]

So we tend to save our gripes until two or three of us are
gathered around the tar pits. Then we’ll talk about the things
nobody will pity us for, like the unflattering mug shots of us
that restaurants hang on kitchen walls and the unlikable food in
unreviewable restaurants.

One thing we almost never bring up, though, is our health. We
avoid mentioning weight the way actors avoid saying “Macbeth.”
Partly, we do this out of politeness. Mostly, though, we all know
that we’re standing on the rim of an endlessly deep hole and that
if we look down we might fall in.

It’s a funny thing about getting older. You put on weight yet you can’t eat nearly as much as you used to. Somehow, though, here in Philly, Craig Laban has been The Inquirer’s restaurant critic since 1998, and he’s still going strong.

Good critics — whether their beat is food, movies, books, whatever — review every genre, with an open mind. Some of Wells’s best writing was about the most approachable restaurants. This recent review of Hamburger America makes me hungry just glancing at it. His scathing review of Guy Fieri’s American Kitchen & Bar is famous, but don’t miss his review of the unsurprisingly-now-closed Señor Frog’s in Times Square:

Señor Frog’s is not a good restaurant by most conventional
measures, including the fairly basic one of serving food. One
night I got just two of the half-dozen appetizers I had asked for.
Another time, the starters showed up on schedule, but after nearly
two hours the main courses still had not appeared.

“What happened to our food?” we finally asked.

“That’s what I’m wondering!” our server said brightly. “Like,
where is it?”

Getting just half of what you order at Señor Frog’s can be a
blessing if it’s the right half.

 ★ 

Pete Wells:

The first thing you learn as a restaurant critic is that nobody
wants to hear you complain. The work of going out to eat every
night with hand-chosen groups of friends and family sounds
suspiciously like what other people do on vacation. If you happen
to work in New York or another major city, your beat is almost
unimaginably rich and endlessly novel. […]

So we tend to save our gripes until two or three of us are
gathered around the tar pits. Then we’ll talk about the things
nobody will pity us for, like the unflattering mug shots of us
that restaurants hang on kitchen walls and the unlikable food in
unreviewable restaurants.

One thing we almost never bring up, though, is our health. We
avoid mentioning weight the way actors avoid saying “Macbeth.”
Partly, we do this out of politeness. Mostly, though, we all know
that we’re standing on the rim of an endlessly deep hole and that
if we look down we might fall in.

It’s a funny thing about getting older. You put on weight yet you can’t eat nearly as much as you used to. Somehow, though, here in Philly, Craig Laban has been The Inquirer’s restaurant critic since 1998, and he’s still going strong.

Good critics — whether their beat is food, movies, books, whatever — review every genre, with an open mind. Some of Wells’s best writing was about the most approachable restaurants. This recent review of Hamburger America makes me hungry just glancing at it. His scathing review of Guy Fieri’s American Kitchen & Bar is famous, but don’t miss his review of the unsurprisingly-now-closed Señor Frog’s in Times Square:

Señor Frog’s is not a good restaurant by most conventional
measures, including the fairly basic one of serving food. One
night I got just two of the half-dozen appetizers I had asked for.
Another time, the starters showed up on schedule, but after nearly
two hours the main courses still had not appeared.

“What happened to our food?” we finally asked.

“That’s what I’m wondering!” our server said brightly. “Like,
where is it?”

Getting just half of what you order at Señor Frog’s can be a
blessing if it’s the right half.

Read More 

One of the all-time great talk show guests.

 ★ 

One of the all-time great talk show guests.

Read More 

Tim Hardwick, reporting for MacRumors:

Apple this weekend approved free PC emulator “UTM SE” for the App
Store on iPhone, iPad, and Vision Pro. The app allows users to
emulate old versions of Windows OS, macOS, Linux, and more to fire
up classic software and games on Apple devices. […]

After Apple’s rejection, UTM’s developer said they would not keep
going back and forth because the app would become “a subpar
experience.” However, after help from the AltStore team and
another developer to work on some changes, UTM SE was
finally approved by Apple on Saturday.

As with other emulators, UTM SE requires that users supply the
operating systems they want to emulate, but the UTM site includes
guides for Windows XP through Windows 11 emulation, as well
as downloads of pre-built virtual Linux machines.

Not sure what changed since last month, when Apple not only rejected UTM SE from the App Store but also from notarization for distribution on third-party marketplaces in the EU (and, perhaps soon, Japan).

In other emulation-on-iOS news, Delta 1.6 now fully supports iPadOS.

 ★ 

Tim Hardwick, reporting for MacRumors:

Apple this weekend approved free PC emulator “UTM SE” for the App
Store on iPhone, iPad, and Vision Pro. The app allows users to
emulate old versions of Windows OS, macOS, Linux, and more to fire
up classic software and games on Apple devices. […]

After Apple’s rejection, UTM’s developer said they would not keep
going back and forth because the app would become “a subpar
experience.” However, after help from the AltStore team and
another developer to work on some changes, UTM SE was
finally approved by Apple on Saturday.

As with other emulators, UTM SE requires that users supply the
operating systems they want to emulate, but the UTM site includes
guides for Windows XP through Windows 11 emulation, as well
as downloads of pre-built virtual Linux machines.

Not sure what changed since last month, when Apple not only rejected UTM SE from the App Store but also from notarization for distribution on third-party marketplaces in the EU (and, perhaps soon, Japan).

In other emulation-on-iOS news, Delta 1.6 now fully supports iPadOS.

Read More 

Apple Newsroom:

Today, Apple introduced HomePod mini in midnight, made with 100
percent recycled mesh fabric. At just 3.3 inches tall, HomePod
mini offers big sound in an impressively compact design. With a
seamless, acoustically transparent mesh exterior and a backlit
touch surface that illuminates from edge to edge, HomePod mini is
a stunning smart speaker that complements any space. HomePod mini
in midnight is available starting Wednesday, July 17, and joins
other bold colors, including yellow, orange, blue, and white.

This confused me for a moment, because they make it sound like they’re simply adding this new color to the lineup. But Midnight is simply replacing the subtly different Space Gray. The bigger question: is this a sign that a HomePod Mini gen 2 isn’t coming soon? The current models debuted in November 2020, and are powered by the S5 chip from Apple Watch Series 5.

 ★ 

Apple Newsroom:

Today, Apple introduced HomePod mini in midnight, made with 100
percent recycled mesh fabric. At just 3.3 inches tall, HomePod
mini offers big sound in an impressively compact design. With a
seamless, acoustically transparent mesh exterior and a backlit
touch surface that illuminates from edge to edge, HomePod mini is
a stunning smart speaker that complements any space. HomePod mini
in midnight is available starting Wednesday, July 17, and joins
other bold colors, including yellow, orange, blue, and white.

This confused me for a moment, because they make it sound like they’re simply adding this new color to the lineup. But Midnight is simply replacing the subtly different Space Gray. The bigger question: is this a sign that a HomePod Mini gen 2 isn’t coming soon? The current models debuted in November 2020, and are powered by the S5 chip from Apple Watch Series 5.

Read More 

My thanks to Dabba for sponsoring last week at DF. (You may recall them sponsoring previously.) Dabba is a low-cost broadband internet service provider in India owned and powered by engineers and startup founders from around the world. Relative to its population, India lags behind most other countries in broadband penetration:

The US has 112M connections for 350M people
China has 612M connections for 1.4B people
India has only 30M connections for 1.4B people

Anyone, anywhere in the world can help the Dabba network by buying a hotspot. It’s the bootstrapping and installation costs for new hotspots that are holding India back. Through Dabba, you help subsidize those costs. As a hotspot owner you can monitor the performance of your hotspot on their publicly available explorer. It puts you in on the ground floor of a telecom with broad aspirations in an absolutely enormous market.

 ★ 

My thanks to Dabba for sponsoring last week at DF. (You may recall them sponsoring previously.) Dabba is a low-cost broadband internet service provider in India owned and powered by engineers and startup founders from around the world. Relative to its population, India lags behind most other countries in broadband penetration:

The US has 112M connections for 350M people
China has 612M connections for 1.4B people
India has only 30M connections for 1.4B people

Anyone, anywhere in the world can help the Dabba network by buying a hotspot. It’s the bootstrapping and installation costs for new hotspots that are holding India back. Through Dabba, you help subsidize those costs. As a hotspot owner you can monitor the performance of your hotspot on their publicly available explorer. It puts you in on the ground floor of a telecom with broad aspirations in an absolutely enormous market.

Read More 

Make them all say, as Trump himself did after a school shooting massacre in Iowa this year, that we “have to get over it, we have to move forward.”

Josh Marshall, writing at Talking Points Memo:

Political violence and especially electoral violence strike at the
heart of the open, free and democratic choice-making upon which
our civic democratic system and the legitimacy of its choices are
based. We must condemn it in every instance as well as expressing
our personal sympathy for its victims. We do so not to box check
some vague concept of civility or comity but because it strikes at
the taproot of civil peace. It is equally not a license to squelch
political speech or in this case threaten or intimidate those
calling attention to the real and profound dangers of Donald Trump
returning to the White House. We are already seeing this attempt
in the making.

Political violence is abhorrent, and as Marshall aptly notes, strikes at the heart of the very concept of democracy. Words cannot express strongly enough the feelings that an event like yesterday’s evokes, no matter which side of the political spectrum we’re on. We call many things “unacceptable” but an assassination attempt is more than that. It’s sick, and, correctly, makes us feel sick. It’s like how our bodies revolt when we consume poison. An assassination attempt is poison to the body politic.

But only one of the candidates in this election has ever incited political violence. That candidate is Donald Trump, particularly and especially on January 6, 2021. Only one candidate has ever mocked and cracked jokes about a near-miss assassination attempt against one of his political adversaries. That candidate is Donald Trump, who (along with his son) has repeatedly mocked Nancy Pelosi’s husband Paul after an unhinged lunatic, asking “Where is Nancy?”, broke into their home and bashed Paul Pelosi’s head with a hammer, fracturing his skull to an extent that required surgery.

Donald Trump wasn’t an inch away from assassination because of Democratic rhetoric against his threat to democracy. He is a threat to democracy. He threatened democracy on national television. He has repeated, literally hundreds of times over the last three and a half years, that the fairest election this nation has ever held was “rigged” because he lost. Ask him today and he’ll say the same. Give Trump credit: he fully admits that the only election results he will accept are results that declare him the winner. But that, quite literally, is a threat to our democracy. He tried to remain in office after losing, by almost the exact same Electoral College margin he declared “a massive landslide victory” when he won in 2016, by overthrowing the duly elected government of the United States. Ask him today if he should still be in the White House.

Do not accept, not even at this fraught moment, the claims of anyone blaming yesterday on Democrats describing Trump as a threat to democracy. Saying so is not even on the spectrum of hyperbole. We saw what we saw after the 2020 election, and especially on January 6.

Do not fret, either, that yesterday’s event somehow cedes the election to Trump, on the grounds that he survived and projected strength. The side that wants a strongman was already voting for him. They’re the same people who claimed, wrongly, that being convicted of 34 felonies somehow helped him electorally. This is, no question, an indelible image and a photo for the ages. But Teddy Roosevelt was shot campaigning in 1912 — and unlike Trump took the stage to deliver his speech after taking the bullet — and lost the election by 347 Electoral College votes (an actual landslide) to Woodrow Wilson. Running for president for the third time in 1972, virulently racist Alabama governor George Wallace was shot, leaving him paralyzed. Wallace lost the primary to Richard Nixon. Gerald Ford survived not just one but two shooting attempts within 17 days in 1975. Ford wore a bulletproof trench coat in public for the remainder of his term. He lost the 1976 election to Jimmy Carter. (It was quite close.)

The truth is that our nation, great though it is in so many ways, has a horrific history of political violence and a seemingly innate obsession with firearms. Four presidents have been assassinated in office — Lincoln in 1865, Garfield in 1881, McKinley in 1901, and Kennedy in 1963 — all by gunshots. Three more — Roosevelt, Reagan (who nearly died), and now Trump — have been wounded by gunshots. And there have been numerous other failed attempts, including a nut who fired shots into the White House during Barack Obama’s second term in 2011.

Also, yesterday’s events will be old news by election day. There are 113 days until November 5. It’s been 129 days since Joe Biden’s strong State of the Union speech. Does that State of the Union feel recent to you today? That’s how old yesterday’s shooting will feel when we vote.

So here is what the Democrats should do. Tomorrow morning Chuck Schumer should put on the floor of the Senate a law mandating strict background checks for all gun purchases. Perhaps tie it to a reinstitution of the 1994 assault weapons ban that Republicans allowed to expire in 2004. Give it a name like the “Anti Political and School Violence Act”. Make Republicans shoot it down. Make them say, as Trump himself did after a school shooting massacre in Iowa this year, that we “have to get over it, we have to move forward.” It’s not just an outrage when your right-wing authoritarian hero gets his ear nicked by an assassin’s bullet. It’s an outrage when anyone is shot by a nut with a gun.

Make them say it. See how that flies.

]🏒: https://en.wikipedia.org/wiki/AttemptedassassinationofTheodoreRoosevelt

Read More 

Brian Krebs:

In a written statement shared with KrebsOnSecurity, the FBI
confirmed that it asked AT&T to delay notifying affected
customers.

“Shortly after identifying a potential breach to customer data and
before making its materiality decision, AT&T contacted the FBI to
report the incident,” the FBI statement reads. “In assessing the
nature of the breach, all parties discussed a potential delay to
public reporting under Item 1.05(c) of the SEC Rule, due to
potential risks to national security and/or public safety. AT&T,
FBI, and DOJ worked collaboratively through the first and second
delay process, all while sharing key threat intelligence to
bolster FBI investigative equities and to assist AT&T’s incident
response work.”

Techcrunch quoted an AT&T spokesperson saying the customer data
was stolen as a result of a still-unfolding data breach involving
more than 160 customers of the cloud data provider Snowflake.

Mark Burnett is an application security architect, consultant and
author. Burnett said the only real use for the data stolen in the
most recent AT&T breach is to know who is contacting whom and how
many times.

“The most concerning thing to me about this AT&T breach of ALL
customer call and text records is that this isn’t one of their
main databases; it is metadata on who is contacting who,” Burnett
wrote on Mastodon. “Which makes me wonder what would call logs
without timestamps or names have been used for.”

It remains unclear why so many major corporations persist in the
belief that it is somehow acceptable to store so much sensitive
customer data with so few security protections. For example,
Advance Auto Parts said the data exposed included full names,
Social Security numbers, drivers licenses and government issued ID
numbers on 2.3 million people who were former employees or job
applicants.

 ★ 

Brian Krebs:

In a written statement shared with KrebsOnSecurity, the FBI
confirmed that it asked AT&T to delay notifying affected
customers.

“Shortly after identifying a potential breach to customer data and
before making its materiality decision, AT&T contacted the FBI to
report the incident,” the FBI statement reads. “In assessing the
nature of the breach, all parties discussed a potential delay to
public reporting under Item 1.05(c) of the SEC Rule, due to
potential risks to national security and/or public safety. AT&T,
FBI, and DOJ worked collaboratively through the first and second
delay process, all while sharing key threat intelligence to
bolster FBI investigative equities and to assist AT&T’s incident
response work.”

Techcrunch quoted an AT&T spokesperson saying the customer data
was stolen as a result of a still-unfolding data breach involving
more than 160 customers of the cloud data provider Snowflake.

Mark Burnett is an application security architect, consultant and
author. Burnett said the only real use for the data stolen in the
most recent AT&T breach is to know who is contacting whom and how
many times.

“The most concerning thing to me about this AT&T breach of ALL
customer call and text records is that this isn’t one of their
main databases; it is metadata on who is contacting who,” Burnett
wrote on Mastodon. “Which makes me wonder what would call logs
without timestamps or names have been used for.”

It remains unclear why so many major corporations persist in the
belief that it is somehow acceptable to store so much sensitive
customer data with so few security protections. For example,
Advance Auto Parts said the data exposed included full names,
Social Security numbers, drivers licenses and government issued ID
numbers on 2.3 million people who were former employees or job
applicants.

Read More 

Luca Casonato:

So, Google Chrome gives all *.google.com sites full access to
system / tab CPU usage, GPU usage, and memory usage. It also gives
access to detailed processor information, and provides a logging
backchannel.

This API is not exposed to other sites – only to *.google.com.

This is interesting because it is a clear violation of the idea
that browser vendors should not give preference to their websites
over anyone else’s.

The DMA codifies this idea into law: browser vendors, as
gatekeepers of the internet, must give the same capabilities to
everyone. Depending on how you interpret the DMA, this additional
exposure of information only to Google properties may be
considered a violation of the DMA. Take for example Zoom – they
are now at a disadvantage because they can not provide the same
CPU debugging feature as Google Meet.

I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.

But put the DMA aside. This is just creepy. It’s clearly a privacy violation. I don’t want Google to know what kind of CPU I have, how many cores, and how busy they are. And the makers of other Chromium-based browsers are so lazy that their browsers — Microsoft Edge and Brave at least — include this same “feature”. I don’t mean that Edge grants system-monitoring privileges to Microsoft’s websites. Edge grants these privileges to Google’s websites, and Google’s alone.

But speaking of the DMA, Chromium is, far and away, the most popular browser engine that the DMA compels Apple to allow on iOS. There are legitimate reasons to wish that Apple allowed third-party browser engines on iOS. But there are also legitimate reasons why Apple doesn’t allow them. Chrome really is bad. Better to let the market decide than let clueless regulator decide.

(Via Simon Willison.)

 ★ 

Luca Casonato:

So, Google Chrome gives all *.google.com sites full access to
system / tab CPU usage, GPU usage, and memory usage. It also gives
access to detailed processor information, and provides a logging
backchannel.

This API is not exposed to other sites – only to *.google.com.

This is interesting because it is a clear violation of the idea
that browser vendors should not give preference to their websites
over anyone else’s.

The DMA codifies this idea into law: browser vendors, as
gatekeepers of the internet, must give the same capabilities to
everyone. Depending on how you interpret the DMA, this additional
exposure of information only to Google properties may be
considered a violation of the DMA. Take for example Zoom – they
are now at a disadvantage because they can not provide the same
CPU debugging feature as Google Meet.

I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.

But put the DMA aside. This is just creepy. It’s clearly a privacy violation. I don’t want Google to know what kind of CPU I have, how many cores, and how busy they are. And the makers of other Chromium-based browsers are so lazy that their browsers — Microsoft Edge and Brave at least — include this same “feature”. I don’t mean that Edge grants system-monitoring privileges to Microsoft’s websites. Edge grants these privileges to Google’s websites, and Google’s alone.

But speaking of the DMA, Chromium is, far and away, the most popular browser engine that the DMA compels Apple to allow on iOS. There are legitimate reasons to wish that Apple allowed third-party browser engines on iOS. But there are also legitimate reasons why Apple doesn’t allow them. Chrome really is bad. Better to let the market decide than let clueless regulator decide.

(Via Simon Willison.)

Read More