Archive for July 18, 2024

Thursday, July 18, 2024

Overcast’s New Foundation

Marco Arment (Mastodon):

Today, on the tenth anniversary of Overcast 1.0, I’m happy to launch a complete rewrite and redesign of most of the iOS app, built to carry Overcast into the next decade — and hopefully beyond.

[…]

  • Much faster, more responsive, more reliable, and more accessible.
  • Modern design, optimized for easily-reached controls on today’s phone sizes.
  • Improvements throughout, such as undoing large seeks, new playlist-priority options, easier navigation, and more.

[…]

The last few missing features from the old app, such as Shortcuts support, storage management, and OPML. These are absent now, but will return soon.

[…]

For Overcast to have a future, it needed a modern foundation for its second decade. I’ve spent the past 18 months rebuilding most of the app with Swift, SwiftUI, Blackbird, and modern Swift concurrency.

Now, development is rapidly accelerating. I’m more responsive, iterating more quickly, and ultimately making the app much better.

Overcast is one of my favorite apps, and I expect to like this version, too. However, after hearing about the self-imposed anniversary deadline, the smaller beta group and short beta period, and some unimplemented old features, I’m delaying for a bit. I’m in no rush and would like to avoid any initial bugs. The App Store doesn’t offer any way to downgrade, so it seems like the only way to wait for a few maintenance updates is to turn off auto-updating across all apps.

See also:

Previously:

Update (2024-07-23): Kyle Hughes:

The new Overcast looks and feels cheap now, and is the laggiest app I routinely use. So much polish is gone. It feels like a poster child for SwiftUI problems.

John Gruber (Mastodon):

I’ve got a few small gripes with this major update, but overall it’s clear that Overcast is better than ever.

I’m not sure what to make of the mixed reports, with some saying the interface is much more laggy than before and others saying that it’s much faster and smoother than before. I thought maybe it was that the actual drawing is slower but much of the work is async so that the interface isn’t blocked, but there are also reports of freezes. It does seem like Arment is working quickly to fix the bugs.

Update (2024-07-29): See also: ChicagoBob and Marcin Krzyzanowski.

Update (2024-08-13): Under the Radar:

The first few days after the launch of the Overcast rewrite, and how to process the mountain of feedback.

Marco Arment (Under the Radar):

Not having a big public beta for my rewrite really didn’t affect it at all. There was no feedback that I got from a bigger group that I didn’t get from my beta testers, from even having a small beta of I think it ended up being something like 40 people. I got all the same feedback that I got later from the bigger release and the bigger group.

Accidental Tech Podcast:

Overcast launch

Dominik Wagner:

The new overcast and me just don’t seem to be able to get along. sigh. Episode that was accidentally finished while asleep yesterday, apparently now deleted and gives me this beautiful screen on play.

Accidental Tech Podcast:

immense power of 1-star reviews

See also:

I’m going to wait a bit longer, but it looks like it’s getting there.

Update (2024-08-17): Chris Pepper:

Rewrite Feedback

Update (2024-09-10): See also:

Update (2024-09-17): I’m holding off on updating to iOS 18 because I’ve heard nothing about how well the old version of Overcast works there. The new version does not have OPML export yet, but it turns out that you can export from the Web site. So my main concern at this point is that there are lots of reports of problems with download limits and storage management.

See also: Kyle Howells.

Update (2024-10-14): Marco Arment:

I have no problem telling everyone this now: I’m raising my price in the near future.

I have no problem paying a higher price, but I’m concerned to still be seeing lots of reports of the new version not being fully reliable yet. It’s good to see that OPML support is now in beta, though.

Update (2024-10-18): ianscuffling:

Other than queueing issues a month or 2 ago, the app works perfectly fine for me - no failed downloads, no queue problems, nothing. It’s basically just the same as it ever was.

Yet every time I see a post from this sub it’s almost always someone with a catalogue of problems.

How can so many people be having such wildly different experiences?

Update (2024-10-22): Overcast:

The 2024.10 update is now live in the App Store!

Safari Private Click Measurement and Firefox Privacy-Preserving Attribution

John Wilander (2021):

A new, on-by-default feature called Private Click Measurement, or PCM, for privacy-preserving measurement of ad clicks across websites and from iOS apps to websites in iOS and iPadOS 14.5 betas.

This didn’t attract a lot of attention at the time, but now it’s getting some criticism for being opt-out and somewhat hidden in the settings. Apple words it as Allow privacy-preserving measurement of ad effectiveness, which is a bit confusing because it’s actually more private if you uncheck this. The French and Dutch localizations are apparently even more confusing because without the Allow part it sounds like you are missing out on privacy features if you don’t check it.

Actually, as far as I can tell, the benefit to checking the box is that it sends more information to advertisers and that this improves the economics of content creation while reducing the incentives for more intrusive tracking. If all browsers and sites are good citizens and support this, aggregate privacy should improve, even though at the micro level you are at best revealing more information in a way that doesn’t actually affect you.

Now it’s big news because Firefox added a similar option.

Lokjo (Hacker News):

Firefox is just another US-corporate product with an ‘open source’ sticker on it.

Their version 128 update has auto checked a new little privacy breach setting.

Jonah Aragon (Hacker News):

Less than a month after acquiring the AdTech company Anonym, Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This “Privacy-Preserving Attribution” (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.

Moritz Förster (Hacker News):

What may sound good on paper does not go down well with many users for several reasons: Firstly, Firefox automatically delivers the Privacy-Preserving Attribution (PPA) with the update to the new version, despite the “experimental” label. More serious, however, is the fact that Mozilla also activates the feature directly - users must therefore deactivate the PPA manually by opting out.

Bobby Holley, Firefox CTO (Hacker News):

Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.

Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away. A mechanism for advertisers to accomplish their goals in a way that did not entail gathering a bunch of personal data would be a profound improvement to the Internet we have today, and so we’ve invested a significant amount of technical effort into trying to figure it out.

The devil is in the details, and not everything that claims to be privacy-preserving actually is. We’ve published extensive analyses of how certain other proposals in this vein come up short. But rather than just taking shots, we’re also trying to design a system that actually meets the bar. We’ve been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark.

ozjimbob:

I think the issue I see is; this may well be a better way. But advertisers aren’t going to quit the arms race either, quit what they currently do and switch to this. They will use this but also continue the bloated, privacy-invading malware ads. So now we have two problems, not one.

See also: Thom Holwerda.

Previously:

Update (2024-07-19): Andrew Moore (via Brad Dougherty):

As someone who really values personal privacy, and despises advertising and tracking, I will be keeping PPA enabled in my browsers as it reduces the incentive from AdTech companies to track in an invasive way. It also simplifies my blocking of telemetry as I only have the DAP service endpoints to block.

[…]

Arguably, the biggest failure of Privacy Preserving Attribution (PPA) is Mozilla’s failure to clearly communicate and explain this experiment to its users. Changes that affect user privacy, positively or negatively, should be prominently displayed in the “What’s New” page. This page, containing release notes and that opens automatically when an update is installed, is the perfect opportunity to inform users about features that may impact them. While it is listed in the current release notes, it isn’t prominently displayed.

Safari Private Browsing 2.0

John Wilander et al. (Mastodon):

These are the protections and defenses added to Private Browsing in Safari 17.0:

  • Link Tracking Protection
  • Blocking network loads of known trackers, including CNAME-cloaked known trackers
  • Advanced Fingerprinting Protection
  • Extensions with website or history access are off by default

In addition, we added these protections and defenses in all browsing modes:

  • Capped lifetime of cookies set in responses from cloaked third-party IP addresses
  • Partitioned SessionStorage
  • Partitioned blob URLs (starting in Safari 17.2)

We also expanded Web AdAttributionKit (formerly Private Click Measurement) as a replacement for tracking parameters in URL to help developers understand the performance of their marketing campaigns even under Private Browsing.

Kyle Howells:

Seriously considering switching from Safari to Chrome or Firefox because EVERY TIME I visit most websites I’m logged out.

Safari’s stupidly over aggressive privacy policy of purging cookies after 7 days turns out to be quicker than I visit most sites.

Jeff Johnson:

I don’t use 1password, but I signed up for a trial a few days ago to diagnose an issue. Just got this email. What an indictment of Safari!

Steve Troughton-Smith:

I don’t know if Safari has just fundamentally broken the web, or if sites are just detecting Safari and clearing their own cookies to get a tracking refresh. It’s got worse and worse to browse with

I’ve been seeing this logout problem with Safari for years, and it’s gotten especially bad in the last few months.

Kyle Howells:

I posted this complaint about Safari logging me out 24hrs ago.

I just had to relogin in order to post this.

Jeff Johnson:

FWIW I almost never get logged out after this:

defaults write -g WebKitExperimentalIsFirstPartyWebsiteDataRemovalDisabled -bool true

Except for App Store Connect, which uses session cookies, which affects all web browsers.

It’s in the Feature Flags now, Disable Removal of Non-Cookie Data After 7 Days of No User Interaction.

Safari may reset this on updates, but putting it in the global defaults makes it immune from reset.

This did not work for me, so I think there must be multiple issues here.

Daniel Jalkut:

For the last few weeks Safari has become nearly impossible for me to use because it logs me out of EVERYTHING and forgets my state in web apps with cookie-based storage.

When I say it logs me out, I mean several times per day! Almost every time I return to a site, I have to log in again.

Googling suggests I’m not alone, but it’s far from a universal problem.

[…]

I’ve been to hell and back investigating this, and let me just say for now that if you suffer from this problem, I think turning ON the “Prevent cross-site tracking” preference in Safari will alleviate it.

He seems to have found a bug where turning off the extra privacy—which I did long ago to try to make Safari compatible with more sites—triggers a bug where Safari inappropriately deletes saved data.

Jeff Johnson:

“Private Browsing uses Oblivious DNS over HTTPS by default, which encrypts and proxies DNS queries to protect the privacy and integrity of these lookups.”

I’m not actually seeing this in my testing. Packet traces show DNS queries still occurring in the clear. Anyone else test this?

Jeff Johnson:

Advanced tracking and fingerprinting protection is in the Safari Advanced Settings on both iOS and macOS. The setting has three options: disabled, enabled in private browsing, or enabled in all browsing. Last year I wrote about why I disabled advanced tracking and fingerprinting protection in Safari. This year I found another reason: it breaks my Safari extension StopTheMadness Pro!

[…]

The way advanced tracking and fingerprinting protection appears to work is that if it blocks at least one third-party tracking script on a web page, then it also prevents every third-party script on the page from accessing the URL query string.

[…]

The problem with this “protection” is that it can break innocent third-party scripts. Even worse, Safari extension content scripts are treated as third party!

Previously:

Update (2024-07-22): Kyle Howells:

The big problem with things like “Advanced tracking and fingerprinting protection” in Safari, is they are basically a fancy way of saying

“We worked out how to break as much of the webpage as possible, without you actually noticing anything is wrong”

Except they now disable, or break so many things that Safari is starting to just become a horrible unreliable web browser to use.

Kyle Howells:

In the last few days I’ve had to re-login to:

  • Google 5 times
  • reddit 4 times
  • mastodon 4 times
  • YouTube 3 times
  • Github 3 times

This can’t just be the privacy measures, this has to be an actual bug.

Except I haven’t installed a macOS update recently, so in theory nothing has changed?

This is the type of thing that I’ve been seeing lately, though worse. Turning on Prevent cross-site tracking seems to have helped a bit but did not fix the problem. I’m currently trying the voodoo of disabling the Develop menu.

Safari 18 Announced

Apple:

Safari, the world’s fastest browser, now offers Highlights, an even easier way to discover information on the web, such as directions, summaries, or quick links to learn more about people, music, movies, and TV shows. A redesigned Reader includes even more ways to enjoy articles without distractions, featuring a streamlined view of the article a user is reading, a summary, and a table of contents for longer articles. And when Safari detects a video on the page, Viewer helps users put it front and center, while still giving them full access to system playback controls, including Picture in Picture.

Jen Simmons et al.:

Now, we are pleased to announce WebKit for Safari 18 beta. It adds another 48 web platform features, as well as 18 deprecations and 174 bug fixes.

[…]

macOS Sequoia beta adds support for opening links directly in web apps. Now, when a user clicks a link, if it matches the scope of a web app that the user has added to their Dock, that link will open in the web app instead of their default web browser.

[…]

Now you can personalize web apps on Mac with Safari Web Extensions and Content Blockers.

Jeff Johnson:

Note that this new feature does not apply to home screen apps on iOS 18. It’s Mac-only.

My blog post The four types of Safari extension explained the difference between Safari content blockers, Safari web extensions, Safari app extensions, and the discontinued Safariextz format. My own Homecoming for Mastodon is a Safari web extension, and StopTheFonts is a Safari content blocker, so those now work in Safari web apps on macOS 15. However, StopTheMadness Pro and StopTheScript are Safari app extensions, which means that they don’t work in Safari web apps, unfortunately. You probably don’t need StopTheScript in a web app, but StopTheMadness Pro would be nice, wouldn’t it? If you want StopTheMadness Pro in Safari web apps, let Apple know that they should support Safari app extensions too!

Christina Warren:

You know what would make Safari great? Support for ublock origin.

Corey Quinn:

And custom search engines.

Nicolas Magand:

Still no mention of search improvements on Safari. This is a wait and see situation and I hope more details will come out about Safari and if custom search engine settings are available, or at least more options than just Google and Bing-related search engines.

Jen Simmons et al.:

WebKit for Safari 18 beta adds support for three new features as we continue to improve passkeys. First, Safari 18 beta adds support for using mediation=conditional for web authentication credential creation. This allows websites to automatically upgrade existing password-based accounts to use passkeys.

Juli Clover:

With the new Passwords app in iOS 18, iPadOS 18, and macOS Sequoia, there’s a feature that is designed to allow websites and apps to upgrade existing accounts to passkeys automatically.

Enabled by default, the feature will speed up the adoption of passkeys, which are more secure than a traditional login and password.

Daniel Jalkut:

The only feature anybody REALLY wants from Safari is “Now works with every site Chrome does.”

Previously:

Update (2024-09-06): Greg Pierce:

Weird change in macOS Sequoia I do not approve of…the “Safari opens with” settings to prevent Safari from restoring windows/tabs when launched have gone away. I really dislike it maintaining everything and regularly quit and relaunch to get a clean slate. Those days are gone.