Archive for April 15, 2024

Monday, April 15, 2024

The Demise of Email Forwarding Is Getting Closer

gastropod:

A bunch of universities have just sent out notices that email forwarding is going to increasingly break in the very near future. The big email services, gmail, yahoo, outlook and apple, are going to start tightening the thumbscrews (strict SPF, DMARK and DKIM, but also other stuff) on April 1 (bad timing, that).

I’d vaguely seen that gmail was planning to block much more bulk mail to individuals, but hadn’t really thought about the consequences to normal email forwarding.

[…]

It’s a good time to audit your email situation, especially if you currently forward mail to large provider controlled domains, or if you have any chains of forwards set up that you’ve forgotten about.

This has been breaking for a long time. I get lots of bounces because people have set iCloud Mail to forward to an address that rejects the message based on the headers (which iCloud didn’t rewrite).

Previously:

Update (2024-04-26): See also: Hacker News.

NSTableView With SwiftUI

Edvinas Byla (via Dave Verwer):

The [LazyVGrid] user experience isn’t great, but it’s still probably okayish for a version 1.0.0 release. The performance issues are less noticeable with fewer items unless you’re used to high-quality apps. But then there was this one thing that bugged me: the behavior of the context menu.

On macOS, right-clicking an item usually selects it and shows the context menu. SwiftUI’s .contextMenu shows the menu but doesn’t select or give you any callback for selecting the item. This can be confusing because you don’t know if you’re seeing the menu for the right item.

You’re supposed to be able to use the contextual menu to interact with a list item without changing the selection.

Damn, did [NSTableView] feel buttery.

[…]

But the main reason for this overhaul wasn’t just the scroll performance. It was also fixing that annoying context menu issue.

[…]

On top of all this, I managed to get rid of some extra code for keyboard navigation, clean up the layout mess, and now I can easily adjust and rearrange columns.

[…]

The remaining part of this post will go over some challenges and gotchas of replacing LazyVGrid with NSTableView while still reusing SwiftUI views.

Lots of good stuff there about using SwiftUI views inside the column headers and table cells.

I don’t want the takeaway to be that SwiftUI is slow and AppKit is fast, or that SwiftUI on macOS isn’t ready for serious apps. In reality, the very complex template editor for this app is almost entirely written in SwiftUI, which handles it impressively well.

Helge Heß:

SwiftUI is part of the future, it is not “the” future. It is still unclear how sth basic like a text editor can work with the scalability constraints of SwiftUI. Or a List w/ more than 1k items. Everything becomes easier if you start to acknowledge that SwiftUI is a convenience extension to Cocoa, not a replacement in any way. And miraculously SwiftUI also allows super easy integration w/ Cocoa, making sure it is no either or 🙂

Malcolm Hall:

having a constant number of Views per row (i.e. no ifs) is one of the performance secrets recently explained at 16:25 here.

Another is no sorting/filtering in body, e.g. it could be bounced through onChange and saved in another state

Previously:

Update (2024-04-26): Greg Pierce:

SwiftUI Q: Is there a trick to get lazy generation of a context menu on a list row?

Keeping Your Data From Apple Is Harder Than Expected

Minna Tiainen (via Hacker News):

The researchers studied eight apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps, from technical documentation to privacy policies and user manuals.

The fragility of the privacy protections surprised even the researchers.

‘Due to the way the user interface is designed, users don’t know what is going on. For example, the user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Lindqvist.

[…]

‘It turned out that the participants weren’t able to prevent any of the apps from sharing their data with other applications or the service provider,’ Bourdoucen says.

Mysk:

Privacy Nutrition Labels are a great idea, but the lack of a mechanism to verify what’s on them makes them unreliable. They can be inaccurate or misleading. Here’s an example: Apple’s own Podcasts app states that search history isn’t linked to the user’s identity, but experiments show that every search performed in the app sends a request to Apple servers with the user’s iCloud ID associated with search keywords, as shown in the screenshot. Perhaps this data is discarded, but in theory the data is enough to build a search history that is linked to a particular user. And this’s not what the privacy label says.

Previously:

Update (2024-09-25): SHL0MS:

the fact that Apple sets this as default-on and only allows you to turn it off manually from each app’s individual settings implies that they are collecting a ton of data from this

you don’t need dark patterns for settings that aren’t valuable to you

and yes this is absolutely a dark pattern, i have 250+ apps on my phone which means if i decide i am not comfortable with this setting it takes over 20 minutes and 1250 taps to turn it off globally

GM Stops Sharing Driver Data With Brokers

Jonathan M. Gitlin (Hacker News):

After public outcry, General Motors has decided to stop sharing driving data from its connected cars with data brokers. Last week, news broke that customers enrolled in GM's OnStar Smart Driver app have had their data shared with LexisNexis and Verisk.

Those data brokers in turn shared the information with insurance companies, resulting in some drivers finding it much harder or more expensive to obtain insurance. To make matters much worse, customers allege they never signed up for OnStar Smart Driver in the first place, claiming the choice was made for them by salespeople during the car-buying process.

Karl Bode:

The absolute bare minimum you could could expect from the auto industry here is that they’re doing this in a way that’s clear to car owners. But of course they aren’t; they’re burying “consent” deep in the mire of some hundred-page end user agreement nobody reads, usually not related to the car purchase itself but the apps consumers now use to manage roadside assistance and other programs.

So not surprisingly, GM was subsequently sued. And now the company finds itself on an apology tour[…]

Previously:

Update (2024-04-24): Jude Karabus (via Hacker News):

Two New Jersey drivers claim they now pay more for their car insurance because General Motors (GM) and its OnStar app snooped on their driving behavior without their consent and sent metrics to “various insurance carriers.”

As the lawsuit [PDF], filed in Georgia on Friday, concedes, some vehicle purchasers do knowingly consent to having their personal driving habits and behavior monitored and handed on to third parties when they agree “to specific safe driving programs … and to installing dongles in their vehicles.” But the plaintiffs claim they agreed to no such thing.

Update (2024-04-30): Kashmir Hill (via Bruce Schneier):

Automakers have been selling data about the driving behavior of millions of people to the insurance industry. In the case of General Motors, affected drivers weren’t informed, and the tracking led insurance companies to charge some of them more for premiums. I’m the reporter who broke the story. I recently discovered that I’m among the drivers who was spied on.

Update (2024-05-01): Ron Wyden (via Hacker News):

The letter comes in response to an inquiry by Sen. Wyden’s office, which asked the association representing automakers how their members respond to law enforcement requests for location information collected from internet-connected cars and trucks. He found that only five — GM, Ford, Honda, Stellantis and Tesla — require a warrant to provide location data to law-enforcement. And only Tesla notifies auto owners about government demands.

Update (2024-08-15): Bruce Schneier (Hacker News):

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies[…]