Archive for April 9, 2021

Friday, April 9, 2021

Wix and Their Dirty Tricks

Matt Mullenweg:

Wix, the website builder company you may remember from stealing WordPress code and lying about it, has now decided the best way to gain relevance is attacking the open source WordPress community in a bizarre set of ads. They can’t even come up with original concepts for attack ads, and have tried to rip-off of Apple’s Mac vs PC ads, but tastelessly personify the WordPress community as an absent, drunken father in a therapy session. 🤔


They are so insecure that they are also the only website creator I’m aware of that doesn’t allow you to export your content, so they’re like a roach motel where you can check in but never check out.

Via Nick Heer:

Much like those recent Intel ads that also parody the Mac vs. PC campaign, Wix’s ads do not make much sense if you give them even a little extra thought. Take the one where a low-budget Bryan Cranston, playing the part of WordPress, collapses to the floor under the weight of forgotten maintenance and implores the site owner to switch to Wix. Sounds promising, except it is comparing a self-hosted software package to a managed platform, so it is not honest. Maintenance is not inherent to WordPress and, if you would prefer not to deal with it, there are managed options available through Automattic and many third-party providers.


I am not sure what these mean-spirited ads are supposed to achieve, but they do not make me want to recommend Wix to anyone. Quite the opposite. Other platforms are for nice people.

Roger Montti:

The campaign seemed to actually backfire by causing many to express negative reactions toward Wix.


Update (2021-04-14): Avishai Abrahami (via Hacker News):

Dear Matt,

I just finished reading your post, and I see that there is a lot of anger and many half-truths that you said. Wow. I guess that we touched a sore point there.

Why are you so angry? Don’t you agree with the shortcomings of WordPress that we raised? We really tried to be fair and only speak about what we know to be a consensus.

It’s kind of amazing that this is real. Tone aside, he’s not helping his case by misrepresenting various issues, including the GPL one:

This isn’t the first time WordPress and Wix have been at odds. In 2016, Matt Mullenweg called out Wix for copying GPL code from the WordPress mobile app and distributing it in its proprietary app. This rendered the entire app in violation of the GPL. Instead of complying with the GPL, Wix responded by removing the GPL-licensed code and forking the original MIT-licensed library that the WordPress mobile app code was built upon. The fork was relicensed under an absurd modification of the MIT that prohibits the code’s redistribution under any copyleft license.

And then he says that it’s not true that Wix doesn’t export because in fact it doesn’t block third-party importers from scraping.

Keyboard Shortcuts and non-US Layouts

Thomas Kainrad (via Hacker News):

During the past 15 months, I have been thinking a lot about keyboard shortcuts and about how different applications handle them. I shouldn’t complain; I knew what I was getting into when I started to build KeyCombiner, an app for learning and looking up shortcuts and text snippets. Still, I didn’t quite know how much of a mess keyboard shortcut handling on the web is.

Do you use an international keyboard layout? Then you already know what I am talking about. You probably have had some issues typing keyboard shortcuts such as alt+/, or cmd+[. This post will help you to understand why this annoyance exists. However, the people who should most urgently read this post are web developers. Are you a web developer? Great! I will explain how you are currently letting down non-US users and how you can get us out of this mess.

There are also issues for Mac apps. A shortcut that makes sense in one language or is ergnomic with one layout may not be with others.


But most importantly, I miss Android keyboard. Yes, I know, that I can install other keyboards, but on the one hand they not as good as on android, on the other hand, if anywhere, on iOS, I’d expect the system keyboard to work properly). I am a Hungarian student in France, I type on three languages on a daily basis. My main problems are[…]

Why There’s No iMessage for Android

Tim Hardwick:

It’s no secret that Apple sees iMessage as a big enough selling point to keep the service exclusive to Apple devices, however new court filings submitted by Epic Games in its ongoing lawsuit with the company reveal just how Apple executives have rationalized their decision not to develop a version of iMessage for Android.

Ben Lovejoy:

It seems Epic did manage to track down Scott Forstall’s phone number and depose him, as the former iOS senior vice president is cited as the source of one piece of evidence presented.

In an agenda for a 2010 executive team meeting, Apple founder and late CEO Steve Jobs wrote that he wanted to “tie all of our products together, so [Apple] further lock[s] customers into [its] ecosystem” [Forstall]

Eddy Cue also talked about what Apple does “to get people hooked to the ecosystem,” and Epic also presents evidence that this is why Apple never offered iMessage on Android.

Craig Federighi, Apple’s Senior Vice President of Software Engineering and the executive in charge of iOS, feared that “iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones” […]

Schiller commented that “moving iMessage to Android will hurt us more than help us.”

Nick Heer:

For some reason, this is being seen as a shocking admission.

John Gruber:

Apple first, users second, developers last — those are Apple’s priorities.

There are certainly reasons to believe that the exclusivity is good for Apple’s business, though it’s possible that if iMessage were cross-platform it would have become more dominant and that would have eventually accrued benefits to Apple.

But it’s a trade-off because this is definitely worse for Apple’s customers. The user experience and and photo/video quality are worse when exchanging text messages with Android-using friends and family. And they aren’t end-to-end encrypted. Selling more iPhones is more important than the privacy of those who already have iPhones.


Update (2021-04-14): Dieter Bohn:

I’m less surprised by the fact that Apple executives are just openly worried that people would switch to Android if it has iMessage than I am at how much of these conversations are happening over email.

Anyway iMessage for Android is one of those forever pipe dreams but I guess the case could be make that iMessage could be a gateway service in the way the iPod was a gateway device?

Yeah a stretch. Here’s the only argument that’s ever made sense to me.

Dieter Bohn:

Every time I hear Tim Cook talk about privacy as a human right, I think about the biggest thing his company could do to help ensure that privacy: spread the ability for people to have conversations that are safe from government snooping across the world. And the largest, most impactful way Apple could do that is to release iMessage on Android.

Update (2021-05-07): Russell Brandom (via Hacker News, Nilay Patel, MacRumors):

Eight years later, it seems unlikely that iMessage will ever come to Android, but another passage in the deposition suggests Cue still isn’t entirely won over by Federighi’s case.

Patrick McGee:

Phil Schiller didn’t like the idea of iMessage for Android. Said it sounds like the failed ‘Safari on Windows strategy’.

Blunt response from SVP of software Eddy Cue, who reports directly to Cook:

2013: “The reason we lost Safari on Windows is the same reason we are losing Safari on Mac. We didn’t innovate or enhance Safari….We had an amazing start and then stopped innovating….

…Look at Chrome. They put out releases at least every month while we basically do it once a year.”


Update (2022-12-02): See also: Internal Tech Emails (via Hacker News).

Nick Heer:

In the nine years since this exchange took place, it is interesting to reflect on Google’s actual performance in messaging and wonder if, maybe, a universally-accessible service from Apple could have found a more welcoming market than Federighi seems to believe.


Apple and Epic’s Proposed Findings of Fact

John Voorhees (also: Court Listener):

Just past midnight Pacific time today, Apple filed Proposed Findings of Fact and Conclusions of Law in its legal dispute with Epic Games. The document, a standard pre-trial filing, is designed to serve as a road map for the trial judge, explaining the facts Apple expects will be admitted into evidence at trial, how the law applies to those facts, and the decision Apple believes the court should reach. In other words, it’s a one-sided account of the disputes meant to persuade the judge that Apple’s legal positions are correct. Epic has filed a similar pleading in the case arguing its side of the story.

Juli Clover:

Tim Sweeney, the CEO of Epic Games, has confirmed Project Liberty in prior interviews and has said that Epic spent months preparing the lawsuit against Apple, though Apple’s court filings provide new insight into the lengths that Epic went to in order to rope Apple and Google into an antitrust lawsuit.

Apple argues that an expansion of antitrust law is unwarranted and that Epic’s product market descriptions are inaccurate because of the other platforms the App Store is competing with. Apple claims that Epic overstates the App Store’s profitability, and that arguments that the review process is ineffective are inaccurate.

Samuel Axon:

The major distinction at play in Epic’s own argument is that iOS is an entire market unto itself and not just one of many competing products in a larger marketplace of video game transactions. If the judge agrees with this classification, Apple may be more likely to be seen as monopolistic.

Another key part of Epic’s argument involves comparing and contrasting iOS with macOS. Apple claims that its strict rules about what apps can and can’t do on the iOS App Store are driven at least in part by concerns about security and privacy for users. Epic points out, however, that Apple claims macOS is secure and private without placing all the same restrictions on the Mac operating system.


Epic asserts that Apple’s controversial App Review process “does little to keep iOS devices secure,” and it alleges that Apple has on multiple occasions screened apps “primarily for non-security issues—including specifically for anti competitive purposes.”

Apple (PDF):

Apple has never increased its baseline 30% commission. Schiller TT. To the contrary, it has lowered the commission in multiple instances, including subscription services and as part of its small business program.

As I’ve noted, the effective commission has actually increased. The recently announced small business program of course has nothing to do with this case.

When those free downloads are considered—as they should be—the effective commission rate for initial game app downloads in 2008 was about 3%


Both categories of evidence—market structure and market outcomes—are inconsistent with Apple possessing monopoly power or charging supracompetitive prices.


Developers need not even leave the App Store to constrain Apple’s ability to raise prices. Hitt TT. If Apple sought to raise its commission, for example, developers could monetize through content or digital currencies sold to consumers through another transaction platform or directly through a web browser (including a web browser on an iOS device).


IAP obviates the need for (and expense of) tracking, audit, and collection of Apple’s commissions on any in-app purchases of digital content. Schmalensee TT. Indeed, without such automatic processes, a developer using an external payment mechanism could seek to evade a commission owed to Apple, and Apple would have no technological ability to collect any commissions on the sale. Schmalensee TT. This would lead to laborious reconciliation efforts and dispute resolution—turning an automated, near-instantaneous process accomplished through IAP into a fraught and drawn-out one.

It’s weird how Apple is simultaneously arguing that developers have other options for payments and that no other options can be allowed because that would make it harder to count up the 30% that’s owed to Apple.

Florian Mueller:

By mislabeling distributor and retailer margins as “commissions,” Apple seeks to distract from structural differences between shrinkwrapped software distribution and today’s app stores.

Epic (PDF):

In the months that followed, Apple executives and software engineers debated the proper distribution method for third-party applications and specifically whether “Apple signed applications” would be posted exclusively to an “online store”, or whether third parties would be permitted to “distribute on their own”. […] Apple’s security experts remained out of this debate, noting that the question of exclusive distribution is one of “policy”, as opposed to security.


During the time between the launch of the App Store in 2008 and the introduction of IAP in 2009, in-app payment processing and app distribution were entirely separate and iOS developers were monetizing their apps with in-app payment solutions that were self-provided.


Web apps have limited functionality compared to native apps. Native apps are “faster”, “use less memory” and “can take advantage of native graphics libraries in a way that is either not available or would have to be shoehorned in a web app or a different kind of application”. (Forstall Dep. […])


Apple publicly touts the security of macOS, promising Mac users that they can enjoy “Security. Built right in.” and can “[d]ownload apps safelty from the Mac App Store. And the internet.”


Apple prepared a number of internal white papers [that] explicitly contemplate the possibility of distribution outside the App Store, and assume that “the technical infrastructure [they were] building w[ould] allow for other distribution mechanisms” beyond the App Store. […] This security layer is independent of the app distribution channel.


In 2013, another app from the same developer was “remov[ed]” “immediately” because Mr. Schiller and Mr. Cue were “adamant” about its removal, despite Mr. Shoemaker’s “protest[s]” that there was no clear justification for doing so under the app review guidelines.


The FEAR team further believed that […] the process amounts to “a wetware [i.e., a human-led] rate limiting service and nothing more”, and that Apple had not invested sufficient resources to detect and prevent abuse.

Florian Mueller:

Epic: “In June 2018, Apple sought to force Uber and Lyft to adopt IAP for their newly-introduced subscription services.” The remainder of that paragraph is redacted. Was it previously known that Apple tried to require Uber and Lyft to use Apple’s payment system for subscriptions?

Patrick McGee:

Eric Friedman, head of Apple’s FEAR unit — Fraud Engineering Algorithms and Risk — said in a recent deposition that his team believed the App Review team was inadequate to the risks posed by malicious actors, saying they were “bringing a plastic butter knife to a gun fight.”


However in late 2017 Apple’s FEAR team still called the App Review process inadequate. Friedman said it “was more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog.”

FEAR likened App Review to TSA employees, “under pressure to move people through” and “not able to deflect sophisticated attackers”.

Jeff Johnson:

There shouldn’t be anything particularly surprising to knowledgeable App Store developers. But this is public confirmation that the worst case scenarios, our most “cynical” speculations, are actually true.

Nick Lockwood:

I can’t believe how long Apple has had to address these problems and how little they’ve done.

David Heinemeier Hansson (tweet):

Apple’s App Store was never designed to work. At least not in the way the company purports that it does. Apple presents the App Store as a highly curated, secure mall of apps which have been thoroughly vetted, and that you can safely install without any due diligence. But it’s not and you shouldn’t.

As part of Epic’s lawsuit against Apple, we’ve come to learn that app reviewers typically review 50-100 apps per day. Some times spending less than a minute reviewing an individual app. We’ve also learned that these reviewers are hired without any technical background, let alone any particular expertise with the iOS or macOS platforms.

There’s a term for a practice like this: security theater.

Tony Fadell:

Customers convinced us but so did the fact that Google LOVED that we started with a web apps strategy. Eric Schmidt was a huge supporter & it’s easy to understand why. When SJ saw he could lose control of the iPhone platform, there was a whole hearted shift away from web apps!


Update (2021-04-14): Ben Lovejoy:

Internal documents released as part of the Epic Games lawsuit reveal an Apple anti-fraud engineer suggesting that App Store checks were grossly inadequate.

Kosta Eleftheriou:

Apple: “The @AppStore is a place you can trust.”

Also Apple: “Our lawyers told us to remove the ‘Report a Problem’ button to avoid paper trails & liability.”

Remember this?

Kosta Eleftheriou:

You think the @AppStore is “a place you can trust”?

🚨Think again!🚨

How to spot a $5M/year scam, in 5 minutes flat:👇

David Heinemeier Hansson:

Here’s another example. Total scam copy app of the Roku Remote app (the official one is FREE!) that charges people $4.99 PER WEEK?? Stacked with fake reviews. Write-up on Forbes platform. Still chugging along.

Kosta Eleftheriou:

Someone just sent me an app that’s a silly little game, but if I set my VPN to Turkey it becomes an online casino that doesn’t even use Apple’s IAP.

Kosta Eleftheriou (via Hacker News):

Nobody is happy with this app. Most are accusing it of being a scam. Some of the ratings are probably fake too, “boosting” it to 2.4 stars.

Why does any of this matter?

The app is currently the #441 top grossing app across the entire App Store 🤯