Archive for November 3, 2023

Friday, November 3, 2023

Google Abandons Web Environment Integrity API

Thomas Claburn (via Hacker News):

Amid rising community concern, Google says it will no longer develop controversial technology that was said to fight fraud online though to critics looked more like DRM for websites.


Apple incidentally has already shipped its own attestation scheme called Private Access Tokens, which while it presents some of the same concerns is arguably less worrisome than Google’s proposal because Safari’s overall share of the web browser market across all devices is far lower than Chrome’s.

Google also offers two more limited attestation services, the Play Integrity API and Firebase App Check. And its YouTube subsidiary’s scanning of client browsers for ad blocking extensions also represents a form of attestation or integrity check, albeit where what’s evaluated is installed software rather than a cryptographic token.


Instead, the Android team aims to focus on the Android WebView Media Integrity API, which provides a similar form of attestation but only for WebViews embedded in Android apps.


Apple’s Three Safaris

Thomas Claburn (via Hacker News):

Apple tried to avoid regulation in the European Union by making a surprising claim – that it offers not one but three distinct web browsers, all coincidentally named Safari.

Never mind that Apple itself advertises the sameness of its Safari browsers when pitching its Continuity feature: “Same Safari. Different device.”

Cupertino also claimed it maintains five app stores and five operating systems, and that these core platform services, apart from iOS, fell below the usage threshold European rules set for regulating large platform services and ensuring competition.


This strategy appears not to have been very effective.

Open Web Advocacy:

Apple made this attempt despite the Digital Markets Act containing specific clauses to address this exact behaviour.


Update (2023-11-20): See also: MacRumors.

FTX Trial

Molly White (via Nick Heer):

We got our first glance at the FTX codebase on Friday. The prosecution brought out Github screenshots as they questioned cooperating witness Gary Wang, the former CTO of FTX who at various times was responsible for the codebases powering both FTX and Alameda Research. Wang has pleaded guilty to four charges.


Much of the conversation revolved around the allow_negative flag that was introduced to the FTX codebase on August 1, 2019. Wang testified that Sam Bankman-Fried had asked him and Nishad Singh (former FTX engineering director, who has also pleaded guilty) to add the flag. Github screenshots show Singh making a code change to add the column in the database, and adding logic to exempt accounts with the flag from checks that would otherwise determine if they had sufficient funds to withdraw.


Code snippets shown to the jury demonstrated how Nishad Singh wrote some code that would update the insurance fund amount by adding to it the daily trading volume, multiplied by a randomish number around 7,500, and dividing it by a billion, thus making it appear as though the website was referencing a real account balance that was fluctuating as the exchange added funds or withdrew from it to cover losses. In reality, it was all made up.

Elizabeth Lopatto (Hacker News):

Bankman-Fried claimed to have been “not involved as a general principle in day to day trading,” but this turned out to depend highly on how one defines trading. Sassoon quickly introduced the “Vertex” Signal groupchat for discussing Alameda’s trading. In it, we saw messages where Bankman-Fried asked the group how much of two tokens, OXY and MAPS, the group had bought. He then suggested Alameda should buy $1 million to $2 million of each over the next few days. (Bankman-Fried denied that this was him giving instructions, which depends highly on how one defines giving instructions.)

David Yaffe-Bellany, Matthew Goldstein, and J. Edward Moreno (Hacker News):

Sam Bankman-Fried, the tousle-haired mogul who founded the FTX cryptocurrency exchange, was convicted on Thursday of all seven charges of fraud and conspiracy after a monthlong trial that laid bare the hubris and risk-taking across the crypto industry. These charges carry a maximum sentence of 110 years.

MacKenzie Sigalos (via John Gruber):

Most of the defense’s case was built on the testimony of Bankman-Fried himself, who told the court that he didn’t commit fraud or steal customer money, but just made some business mistakes.


Apple’s Q4 2023 Results

Apple (transcript, Hacker News, MacRumors:

The Company posted quarterly revenue of $89.5 billion, down 1 percent year over year, and quarterly earnings per diluted share of $1.46, up 13 percent year over year.

“Today Apple is pleased to report a September quarter revenue record for iPhone and an all-time revenue record in Services,” said Tim Cook, Apple’s CEO.

Jason Snell:

Mac revenue was $7.6 billion, down 34%. iPad revenue was $6.4 billion, down 10%. iPhone revenue was $43.8 billion, up 3%.

John Gruber:

Mac sales are down quite a bit year over year, both on a quarterly basis and trailing 12-month period, but I don’t think that’s a reflection on the Mac platform. Rather, it’s the whole PC market, which is now in a downswing after a huge surge during the early COVID years.


Update (2023-11-22): See also: MacRumors.