Archive for September 7, 2023

Thursday, September 7, 2023

Text Kit Benchmarks

Matt Massicotte:

A suite of performance tests for macOS text views

Every year, I check in on TextKit 2 to see how things are going. It was introduced in macOS 12, and I found it basically unusable. With macOS 13 it was better, but still rough. So far, on macOS 14, it seems like it might be ok. However, I was having some performance problems. So I finally went head and factored that out into a dedicated project. Pretty focused on NSTextView right now, but I’m into making it more general if that’s helpful to anyone.

The tests are automated using XCTest’s UI performance testing system, backed by custom OSSignpost. I find this really wonderful for both repeatibility and Instruments usage.

Matt Massicotte:

I use XCTest’s UI Testing system a lot. With some help from @icanzilb, I put a bunch of utilities into a library. Has a bunch of common UI operations, along with perf optimizations to help with slow tests.


Debugging Universal Links


To test your universal links behavior, paste a link into your Notes app and long-press it (iOS) or control-click it (macOS) to see your options for following the link. If universal links have been configured correctly, the option to open in app and in Safari will both show up. The option you choose will set the default behavior for your device when following universal links from this domain in the future. To change this default choice, repeat the same steps and choose a different option.

I still find the Universal Links behavior on macOS to be completely broken.

First, this method of setting the preference is obscure. You have to wait until you encounter each domain (for Mastodon there can be many) and configure them separately. There’s no way to see the current settings. Why can’t I just see a list of apps and choose whether I want them to accept links or not?

Second, it doesn’t actually work for Twitter or Mastodon, because even if I choose to open the link in Safari, Safari will show a Cancel/Allow alert for every click offering to open the link in the separate app. It also does this when I’m already in Safari and click a link. It’s breaking the Web.

The only workaround seems to be to uninstall Twitter and Ivory. (Or, perhaps, stop using Safari.)


The Twitter desktop app hasn’t been updated for domains, has it? And Mastodon apps can’t claim every domain compatible with it.

Mozilla Report on Auto Privacy

Mozilla (via Dan Gillmor, Hacker News):

Car makers have been bragging about their cars being “computers on wheels” for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants’ privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.

All 25 car brands we researched earned our *Privacy Not Included warning label -- making cars the official worst category of products for privacy that we have ever reviewed.


That’s right: every car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you.


The ways that car companies collect and share your data are so vast and complicated that we wrote an entire piece on how that works. The gist is: they can collect super intimate information about you -- from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car -- in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests.

I didn’t see where it says how the data gets back to the car companies. Do vehicles have cellular connections to phone home, even when there are no user-facing features that can use this connection? Does it get transferred via a direct connection when you take the car to a dealer?

Surely, using CarPlay is better than using the built-in software. But I’m seeing conflicting reports about whether CarPlay data stays on the phone or needs to be manually deleted when you sell a car or return a rental.

Thomas Germain (Hacker News):

Mozilla said it was unable to determine whether the brands encrypt any of the data they collect, and only Mercedes-Benz responded to the organization’s questions.

Mozilla also found that many car brands engage in “privacy washing,” or presenting consumers with information that suggests they don’t have to worry about privacy issues when the exact opposite is true. Many leading manufacturers are signatories to the Alliance for Automotive Innovation’s “Consumer Privacy Protection Principles.” According to Mozilla, these are a non-binding set of vague promises organized by the car manufacturers themselves.


Questions around consent are essentially a joke as well. Subaru, for example, says that by being a passenger in the car, you are considered a “user” who has given the company consent to harvest information about you.

Nick Heer:

It is entirely possible these privacy policies reflect an overly broad approach, that cars do not actually collect vast amounts of personal information, and that the data brokers who have partnered with automakers are marketing themselves more ambitiously than they are able to deliver. But is that better? Automakers either collect vast amounts of private information which they share with data brokers and use for targeted advertising efforts, or they are lying and only wish they were collecting and sharing vast amounts of private information.


Update (2023-09-14): See also: Bruce Schneier and Rob Beschizza.

Intelligent Tracking Prevention Deleting Data

Jeff Johnson:

To put it simply, if you haven’t visited Twitter in the past 7 days, then Safari will automatically delete your Twitter settings, including your font size, color scheme, and timeline behavior!


On macOS, enable “Show Develop menu in menu bar” at the bottom of the Advanced pane in Safari Preferences, then open the Develop menu, the Experimental Features submenu, and select “Disable Removal of Non-Cookie Data After 7 Days of No User Interaction (ITP)”. On iOS, the same Experimental Features submenu is in the Advanced menu at the bottom of the Safari section in Settings.

But this setting is reset with each software update.

Jeff Johnson:

Of course I want to prevent cross-site tracking, but the way that Safari implements it leaves a lot to be desired, especially compared to Chrome and Firefox, both of which allow you to set per-website cookies and storage settings. For some strange reason, Safari Website Settings doesn’t include cookies and storage (or JavaScript, for that matter).

Per-site JavaScript settings would be great.

Today I was hit (yet again) by another ITP policy[…] The domain in this case was a Mastodon instance, so I’m not sure why it was “classified” by ITP. I was able to determine that ITP was the culprit in deleting my website data by checking my backups and looking inside Safari’s “container”[…]


I’m logged in permanently to a number of different websites that I use only occasionally, which makes ITP’s 30-day policy quite problematic for me. When Safari deletes all storage data for a site, you are thereby logged out of the site and need to login again. If Two-Factor Authentication (2FA) is involved, this is egregious, because you have to jump through extra hoops every time you need to login again with 2FA.

I’ve been running Safari without ITP for quite a while now, but even then it seems to forget a lot. Despite asking to be remembered, I have to enter my Amazon password multiple times per day to view order information.