Speaking of the leaked celebrity pictures:

It doesn’t matter if the stolen pictures were of landscapes or boobs, it was still theft and the only person to blame is the person who did the theft. Not the victim.

If your house is broken into you, don’t call Schlage and get pissed at them because the lock on your door was bypassed — you call the cops and they go after the person who broke in (not you, not Schlage).

That’s precisely what most people seem to forget with this whole thing. There is not a system in the world that is 100% impervious to malicious attacks. However secure a system may be, there is always some risk that your data may be accessed.

Instead of obsessing over who’s to blame, perhaps we should all be focusing more on finding the people responsible.

PS: At the time of publication (September 3, 2014), this article was only accessible to members of The Brooks Review. If you enjoy it, you should consider becoming a member and supporting Ben’s work.

John Gruber on the intrinsic risks associated with cloud-based backups:

It is thus, in my opinion, terribly irresponsible to advise people to blindly not trust Apple (or Google, or Dropbox, or Microsoft, etc.) with “any of your data” without emphasizing, clearly and adamantly, that by only storing their data on-device, they greatly increase the risk of losing everything.

Well said. “Just don’t put your stuff in the cloud” is about the worst advice you can give.

Tonight Deep Rising was on TV. It didn’t ring a bell, so I went to IMDb to check out a few reviews. Sure enough, Neonsamurai’s was the first one, with the title: “It’s officially the best film ever made”:

The sad thing is that if the Colour Purple had included a raid on a sinking cruise liner, infested with sub aqua monsters as part of the film, then it too would have climbed to the top of my favourite movie list. But as with most films the director took the easy way out and chose to ignore this very overlooked area of filmmaking.

I honestly don’t know how it’s taken me this long to run into his reviews (Deep Rising’s is from 2002). After that, I obviously had to take a look at the rest of them.

Great, great stuff.

Today I read a great piece by Richard J. Anderson about Facebook, where he makes an interesting point:

I tried giving up Facebook once before only to end up sucked back in. Why? It’s simple: Facebook is where all my friends are. If I want to keep in touch with them, in any way, I’ll have to be on Facebook.

I just don’t have to do it on Facebook’s terms.

He goes on to explain his way to deal with Facebook’s privacy-invading tactics,¹ and he gives some solid advice if you’re interested in doing the same. At the end of the day, though, I’m not sure fighting the way Facebook works is the best approach.

Let me start by saying, I’m no Facebook fan. Far from it. I use it very much like Anderson does, mainly to stay in touch with people I’ve met over the years and for whom I have no other contact information. Facebook works really well for that, and so I use it. That’s pretty much it.

It is in part because I have no love for Facebook that I understand where Anderson is coming from. The idea of a shady corporation tracking our every move with obscure intentions is certainly unsettling. And yet, the more I think about it, the more I realize Facebook doesn’t make for a great villain.

What is it that Facebook wants? It’s simple: they want to know everything there is to know about you so that they can show you ads you’re more likely to click on.

Ads. That’s all there is to Facebook’s evil plan. It is, of course, understandable: companies like Facebook are, after all, businesses, and they need to make money to survive. Running a social network, especially one as huge as Facebook, is crazy expensive.

Here’s a big problem that plagues every social network:

• Everybody wants to use them because they add value to their lives and/or personal relationships.

• Everybody wants them to be free.

• Nobody wants to see ads.

Of course, that’s impossible. Something has to give. And if we’ve learned anything from App.net it is that premium, paid social networks very rarely ever work, even if the product is good. The problem is, once you start out with a free service, it’s much more difficult to get people to pay.

So, that leaves ads.

However, it’s not enough to show ads, you must actually get users to click on them, and for that you must know as much about them as you possibly can. It’s only logical, then, that all social networks would use the information they have on their users in order to target them with “better” ads.²

Even so, you may argue that there should be limits on what type of information these companies are allowed to collect, and I absolutely agree. To me, tracking users once they leave your site is going a step too far, and yet both Google and Facebook do it with impunity. In that regard, the Do Not Track Me extension that Anderson mentions in his article may be a good solution. Browser vendors should also provide some form of built-in protection against that. Or perhaps we should simply remember to log out of Facebook before closing the tab. And if we forget to do that then, let’s face it, it might be because deep down, it doesn’t really bother us as much as we thought.

There’s this notion in the tech community about the evils of social networks and other ad-based services like Google’s. “If you’re not buying anything then you’re the product being sold”. I’m sure you’ve heard it before.

But what is it that bothers us so much about being shown ads?

I believe this is an issue that gets blown way out of proportion within the aforementioned tech community. The rest of the world doesn’t care. They really don’t. Ask any of your friends whether they prefer to see ads or pay $10 a month to use Facebook. See what they tell you.

Sadly, regular people don’t value their privacy nearly as much as we do.

For example, my personal rules for interacting on social networks (actually, on all of the Internet) are simple:

1. If I’m not comfortable with everybody on the Internet knowing about it, I do not share it.

2. There’s no step 2.

To me it really is that simple. Anything I willingly share is fair game, and I’m OK with that. And if they use it to show me ads, then so be it. It’s still a small price to pay for the convenience we get out of these tools.

What doesn’t make sense to me is trying to keep using these networks without disclosing any personal information for the sole purpose of avoiding being tracked or being shown ads. I suppose it’s technically possible, but it’s just too exhausting. I know it because I, too, have tried. It’s like going to a restaurant and only ordering side dishes to avoid paying for your meal. You can do it, but it’s kind of missing the point.

Whether we like it or not, social networks need our information to survive. And so, they will show us ads, and they will try to know more about us. If we’re going to use them at all, we should be OK with that. This will be true until the day we’re willing to start paying money for them. But let’s be honest, the odds of enough people suddenly deciding they want to start paying to use Facebook are pretty slim.

We can try to keep them at bay, and I’d go so far as to say that it’s our responsibility to ensure they don’t cross the line into creepy territory, but that’s no small task. If we absolutely don’t want to grant them access to our personal information then the only sensible choice is not to use them at all. But as Anderson says, that’s not a realistic approach because well, everyone else is still using them.

For all the bad press Facebook gets about their privacy issues, their real power lies elsewhere. Paraphrasing the great Verbal Kint:

The greatest trick Facebook ever pulled was convincing the world they needed to use it.

And like that… we’re all screwed.

Great reporting by Matthew Panzarino:

[Apple’s two-factor authentication] does not, however, make you enter a verification code if you restore a new device from an iCloud backup. And that’s the design ‘feature’ that hackers are taking advantage of here.

(…)

Even if the hackers do not actually download the entire backup — or if there is no backup on the account — they still have access to a user’s Photo Stream at this point, which is also not protected by two-factor authentication.

So, even if all of the people who have had their photos compromised had two-factor enabled, their iCloud backups and Photo Streams would still be accessible.

It seems like a pretty big omission on Apple’s part.

However, even though Apple’s two-factor authentication probably wouldn’t have stopped these photos from leaking, it can still protect your account against many other forms of unintended access, so you should always have it enabled for your Apple ID.

Here’s all you need to know about it:

Serious scientific answers to absurd hypothetical questions.

“What If?” is a frequent favorite of mine. This book is a compilation of the best answers from the blog, but it also contains several new questions. I’ve already ordered mine, and I can’t wait for it to be delivered.

Highly recommended.

Beautiful video about the love for video games:

Via Myke Hurley.

This is amazing:

Over the last three months photographer Thomas Herbrich snapped some 100,000 individual photographs of smoke, looking for unexpected anomalies and fortuitous coincidences where familiar shapes emerged. It’s fascinating to see how the brain tries to create order out of chaos, just like looking up at the clouds, suddenly familiar patterns seem to stand out: faces, hands, or scrolls of paper. After carefully sifting through each image Herbrich selected 20 final shots for this series, aptly titled, Smoke.

Really stunning images.

Via The Loop.

Brent Simmons tries to come up with a communication system for easily exchanging links over the Internet:

There’s no technical reason why that specific use case — message with link, no subject line, quick to find contact, quick to write and send — couldn’t be handled by email. The issue is user interface.

It continues to surprise me that email app vendors don’t think about the way people communicate now. They may think about the way people communicate by email but they don’t think about how people communicate in general.

Excellent point. This is an intriguing idea, and I wonder why nobody has tried to run away with it yet.

Here’s the statement from Apple:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

So, they’re basically saying that their systems were not at fault, and that the attackers knew which iCloud accounts they were hacking into.

This strikes me as a very odd statement. Even if their systems were not breached, at the end of the day several high-profile accounts were hacked. Their wording makes it sound a lot like they’re saying: “this is life on the Internet, better get used to it”.

That’s not very reassuring, and it doesn’t sound like Apple to me.

If you haven’t done it yet, this might be a good time to set up 2-step verification for your Apple ID.