Not nearly enough: California's new privacy law looks like too little, too late

Let's start with the lede, from c|net:

A major privacy bill signed into law in California on Thursday is poised to reshape how Silicon Valley does business. When the law goes into effect, people living in the Golden State can tell companies to stop collecting or selling their personal data.

In two votes Thursday, the state's Senate and Assembly both passed the bill unanimously, and Gov. Jerry Brown signed it within a matter of hours. The rush to pass the bill comes courtesy of an even stricter voter initiative that would've appeared on California ballots this November if lawmakers hadn't gotten the bill through by 5 p.m. PT Thursday. Thursday is the state's deadline for withdrawing a ballot measure for the November election.

Privacy advocates cheered the new law. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the law means privacy could become an issue that impacts the upcoming midterm elections.

"This is a milestone moment for privacy law in the United States," Rotenberg said in a statement. "The California Privacy Act sends a powerful message that people care about privacy and that lawmakers will act."

Sounds great doesn't it? Two days ago, I'd have been cheering, too. But that was then, and this is now, and Exactis happened in between.

The Achilles' heel of California's new law is that people need to know when companies are collecting their data, in order to be able to tell them to stop. That might deal with the likes of Facebook, but most of the people affected by Exactis' data breach had no idea that the company even existed, and no way to know that they were building shadow profiles of as many as 60% of people living in the U.S. Yes, it sends a message; unfortunately, that message is that U.S. lawmakers still don't fully comprehend the scope and severity of the problem.

Lawmakers, both in California and elsewhere, should make the practice of shadow profiling into a criminal offence, with significant penalties for those found to be building such profiles anyway, and additional penalties for failing to secure databases of peoples' personal and financial information. Stop putting the onus on consumers to police this, and make it the responsibility of the companies in question to stop invading peoples' privacy and weakening the security of their data.

Magical thinking, or, securing the Internet of Things

The news about Exactis' failure to secure their enormous trove of shadow profile data got me thinking about security in general: about the extent to which corporations, of whose existence we might be completely ignorant, are already harvesting all manner of highly personal information about you and I, not only without our informed consent, but without us even knowing when or how often it's happening. And that got me to thinking about the other data collection scheme that Big Data is so keen on lately: IoT, the so-called Internet of Things.

The idea that everything in your environment that incorporates a microchip would inevitably be connected to the Internet, and thus vulnerable to, and controllable by, any sufficiently sophisticated hacker, is something which has concerned me for some time now. I'm not convinced that it's possible to secure such a wide range of devices, from an equally wide range of manufacturers; and even if were possible, I'm not convinced that the measures required to make it happen are desirable. At all.

I'm especially un-sold on the capacity for Artificial Intelligence to succeed at this task when human intelligence has repeatedly failed, or to compensate for the combination of ignorance, incompetence, apathy, and/or greed that will doubtless be a defining feature of IoT for a long time to come. First things first, though; let's start by describing the scope of the problem.

Facebook's "shadow profiles" are not unique, and that's a huge problem

Facebook's practice of building shadow profiles, collecting enormous amounts of personal data about people who don't have, or who never had, Facebook accounts, with neither their knowledge nor their consent, is hugely problematic. It's not just the ethical and privacy concerns, with an enormous corporation building a detailed profile which can be used to target you for all manner of subtle (or less-than-subtle) influencing; there's also a security concern here, because the sort of information that accumulates in these shadow profiles can be used to facilitate harassment, intimidation, or assault, spear phishing attacks, identity theft, doxxing, Swatting, and more. Lives may literally depend on the ability of the profilers to keep their shadow profile databases secure.

Enter Exactis, a marketing firm that you've probably never heard of, but who you're going to learn a lot more about in the coming weeks. From WIRED:

Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses. While the precise number of individuals included in the data isn't clear—and the leak doesn't seem to contain credit card information or Social Security numbers—it does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name. The categories range from interests and habits to the number, age, and gender of the person's children.

"It seems like this is a database with pretty much every US citizen in it," says Troia, who is the founder of his own New York-based security company, Night Lion Security. Troia notes that almost every person he's searched for in the database, he's found. And when WIRED asked him to find records for a list of 10 specific people in the database, he very quickly found six of them. "I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen," he says.

Thanks to the avarice and incompetence of Exactis, a huge swath of the U.S. population is about to learn just how problematic it is to have a gigantic trove of personal information data, including yours, freely available online to literally whoever wanted access. Much like Equifax's security failure, which leaked the SSNs and credit card information of 145 million-plus Americans, along with tens of millions of Brits, the true impact of Exactis' security failures will likely take years to truly manifest, but the cost to society of failing to regulate the practice of data profiling people without their knowledge and informed consent is already significant, and growing with each passing day.

The inevitable sequence of public outcry, Congressional hearings, and class action lawsuits should be getting underway shortly. We can hope that no violence or deaths follow as a result of this breach... but given recent history, I'm not holding out much hope of avoiding that grisly outcome.

Seriously, there needs to be a law against this shadow profiling shit.

GitHub users move to GitLab... which now runs on Google's Cloud.Also, Google is doubling down on Linux, in general.

Contributors unhappy with Microsoft's support of ICE weren't the only ones upset about Redmond's purchase of GitHub; 100,000 of them have apparently already decamped to GitLab, a leading GitHub rival. And that's not all they're doing, according to ZDNet:

When Microsoft acquired GitHub, a lot of open-source GitHub users weren't happy. At least 100,000 of them were upset enough to move to a leading GitHub rival, GitLab. Now, GitLab is moving its code repositories from Microsoft Azure to Google Cloud Platform (GCP).

Andrew Newdigate, GitLab's Google Cloud Platform Migration Project Lead, explained GitLab was making the move to improve the service's performance and reliability.

Specifically, the company is making the move because it believes Kubernetes is the future. Kubernetes "makes reliability at massive scale possible." GCP was their natural choice because of this desire to run GitLab on Kubernetes. After all, Google invented Kubernetes, and GKE has the most robust and mature Kubernetes support.

Kubernetes, or K8s, is a container-orchestration system which essentially automates the process of converting applications to run in their own "containers," or "jails," virtual machines which run their operating systems in isolation from the system as a whole. K8s was designed by Google, and was designed to work with Linux; Microsoft's Azure includes similar functionality, which also works with Linux, but it seems that trust is still in short supply where MSFT are concerned, if a hundred thousand former GitHub contributors have left GitHub/Azure for GitLab/K8s simply because the corporate acquisition happened.

That's not the only reason that Google is making Linux news feeds, though; GOOG has also just upped its support of Linux, and of Open Source software development, by a couple of very large steps.

Reminder: VR is still not useful. Also, tech journalism continues to be a bad joke.

Spotted today, on Tech Republic: "5 top use cases for AR/VR in business, and how you can get started."

Challenge accepted! Shall we keep score?

According to an Altimeter report by analyst Omar Akhtar, the combined market size for augmented reality (AR) and virtual reality (VR) is expected to grow exponentially from about $18 billion in 2018 to $215 billion in 2021. With this growing push toward immersive technology, many business are questioning how they can utilize it and how to being implementing it into their strategies.

Analysts have been making equally aggressive growth forecasts for VR for the past two years; as yet, this forecast growth has not materialized, and there is no sign that it's going to suddenly start happening anytime soon. I've noticed that Altimeter are now rolling AR and VR together into this number, which is probably wise considering that VR is not a thing, but there's no evidence yet of AR being ready for prime time, either. Not a good start. F.

Emily Olman, CEO of VR/AR at Hopscotch Interactive, said in the report that immersive technology implementation is a question of "when, not if."

"The sooner your company is able to understand the language [of AR/VR] and become fluent in what the possibilities are, the faster they are going to be able to react," Olman said in the report.

When people with a vested material interest in something keep predicting that it's just about to happen, for years on end, with no sign of it actually happening, you should be very suspicious. Someone whose job title includes "of VR/AR" definitely falls into this category, as do Altimeter themselves, whose actual business is "providing research and advisory on how to leverage disruptive technologies." I'd recommend that you take any of their recommendations with a healthy pinch of salt, if double handfuls of salt weren't actually needed here. F.

Here are the five use cases for immersive technology outlined in the report.

This is where things really start to go downhill.

And then there were four...

The conga line of tech companies whose employees have better ethics than their CEOs just got a little longer:

Protests from within the technology industry continue as hundreds of employees at Salesforce have requested that the company’s leadership reassess its work with U.S. Customs and Border Protection (CBP) following reports that authorities have separated thousands of children from their parents at the U.S–Mexico border.

In a letter addressed to Marc Benioff, Salesforce’s co-founder and CEO, the employees argue that, by providing CBP with a number of its products, the company is potentially abandoning its core values and making employees “complicit in the inhumane treatment of vulnerable people.”

“We are particularly concerned about the use of Service Cloud to manage border activities,” the letter, sent to Benioff on Monday, reads. “Given the inhumane separation of children from their parents currently taking place at the border, we believe that our core value of Equality is at stake and that Salesforce should re-examine our contractual relationship with CBP and speak out against its practices.”

Salesforce are obviously not giants like Amazon, Google, or Microsoft, but it may be just as significant that Salesforce employees are following in the ethically conscious footsteps of their colleagues from larger firms. The Silicon Valley ethos of disrupting now, and only worrying about the consequences later (if ever) may be shifting to one where the ethical considerations inherent in these tech companies' practices are one of their employees foremost concerns.

If so, it's a long overdue development. Technology isn't just a collection of devices; it all impacts human beings at some point, and that human impact needs to be factored into the designs. All too often, though, it hasn't been, which is how Uber and Theranos happened. If we're starting to see the kind of sea change that will make the next Theranos less likely, then that can only be a good thing.

Also, the intersection of ethics, politics, and tech? It's not stopping anytime soon.

In case you missed it:Intel CPUs have another security flaw

At this point, I don't supposed that this will really surprise anyone, but it's happened again:

A team of researchers at the Systems and Network Security Group at Vrije Universiteit Amsterdam, in the Netherlands, say they were able to leverage the security weakness to extract crypto keys from another running program in 99.8 of tests on an Intel Skylake Core i7-6700K desktop CPU; 98.2 percent of tests on an Intel Broadwell Xeon E5-2620 v4 server CPU; and 99.8 per cent of tests on a Coffeelake part.

Their code was able to lift a secret 256-bit key, used to cryptographically sign data, from another program while it performed a signing operation with libgcrypt’s Curve 25519 EdDSA implementation. It took roughly 17 seconds to determine each of the keys using machine-learning software and some brute force, according to a paper detailing the attack, seen by The Register this week.

[...]

The extraction technique is not reliant on speculative execution, and thus is unrelated to Spectre and Meltdown. Instead, it builds upon the exploitation of Intel's Hyper-Threading technology and the processor caches to leak data, which is a known security problem with its own mitigations.

Have I mentioned lately how relieved I am to have stuck with AMD, all these years?

Important points:

1. TLBleed is unrelated to the Meltdown and Spectre vulnerabilities that Google Project Zero reported back in January; it's an entirely new category of vulnerability, and one which Intel's competitors apparently don't share.
2. TLBleed affects Intel CPUs ranging from Broadwell to Coffee Lake, i.e. every Intel CPU released since 2014, including their newest (Broadwell was followed by Skylake, and then by Kaby Lake, although The Reg's coverage doesn't specifically mention Kaby Lake). So, once again, we're talking about a lot of affected PCs.

Intel, naturally, has "no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications." Because why would Intel have a plan? Or, really, a clue? Look for this messaging to change as this story gains traction, though... and then for Intel comments to dry up entirely, once the class action lawsuits start. Because they will start, and it won't take long.

And don't think that Whiskey Lake or Cannon Lake are going to fix the issues, either; both of those are just variations on Skylake/Kaby Lake.

Intel have clearly been playing way too fast for way too long with consumers' security in the name of eking out a little extra performance over AMD, and with no clear plan for what they'd do when it started to come back to bite them. TLBleed is now the fourth serious security vulnerability to be found in Intel's hardware in just a year, starting with Intel's TME, Meltdown, and Spectre, with only Spectre reaching well beyond Intel. I don't expect it to be the last.

And then there were three...

Remember when I wrote that Microsoft weren't the only giant multinational whose normally-safe (and very lucrative) government contracts were becoming increasingly problematic in the Trump Era? I was thinking of Google's troubles with Project Maven. I was not expecting that Amazon's employees were literally days away from following in the footsteps of their Google and Microsoft counterparts... but here we are:

Following employee protests at Google and Microsoft over government contracts, workers at Amazon are circulating an internal letter to CEO Jeff Bezos, asking him to stop selling the company’s Rekognition facial recognition software to law enforcement and to boot the data-mining firm Palantir from its cloud services.

[...]

“Along with much of the world we watched in horror recently as U.S. authorities tore children away from their parents,” the letter states. “In the face of this immoral U.S. policy, and the U.S.’s increasingly inhumane treatment of refugees and immigrants beyond this specific policy, we are deeply concerned that Amazon is implicated, providing infrastructure and services that enable ICE and DHS.”

In May, an investigation by the American Civil Liberties Union revealed that Amazon had heavily marketed its Rekognition software to police departments and government agencies. The technology can recognize and track faces in real time, and the ACLU noted that such a powerful surveillance tool could easily be misused by law enforcement. Earlier this week, several Amazon shareholders called on the company to stop selling Rekognition to the police.

That backlash has now spread among employees as well.

“Our company should not be in the surveillance business; we should not be in the policing business; we should not be in the business of supporting those who monitor and oppress marginalized populations,” the employee letter states.

Now all that remains is for Facebook's employees to start sending open letters to Mark Zuckerberg about that company's egregiously awful business practices, and the Grand Slam of Tech Ethics will be complete. And it's about damn time, too.

Of course, it remains to be seen whether Microsoft or Amazon back down in the face of their internal revolts with the same alacrity that Google showed in walking away from their big-dollar Pentagon contract. There's no guarantee of it, in either case; Google was founded with an explicit "don't be evil" mission statement, which a significant percentage of their employees have clearly internalized, but the same may not be true of their gigantic tech rivals. Still, images of traumatized children can have a wonderfully clarifying effect on one's worldview, so one can hope.

One thing is becoming increasingly clear, though; tech companies, who had clearly hoped to remain above the political fray, are not going to be able to avoid recognizing and dealing with the political ramifications of their various businesses. Trump's malignant influence simply cannot be escaped, and wishing isn't going to make any of these issues go away.

GitHub contributors threaten boycott over ICE

Microsoft's relationship with ICE just became even more of a problem for Redmond.

More than five dozen Github contributors on Thursday signed a letter threatening to abandon the website unless Microsoft canceled its Immigration and Customs Enforcement (ICE) contract.

Microsoft, which acquired GitHub, the internet’s largest source code repository, for $7.5 billion earlier this month, is one of several tech companies facing heat for its work on behalf of ICE as a result of the Trump administration policy of separating families at the U.S. border.

Members of the GitHub community are now demanding Microsoft end its relationship with ICE or, they say, “we will simply take our projects elsewhere.”

“As members of the open source community and free software movement who embrace values of freedom, liberty, openness, sharing, mutual aid, and general human kindness, we are horrified by and strongly object to the Trump administration’s policies of detainment, denaturalization, deportation, and family separation as carried out by ICE,” the authors wrote.

GitHub is all about the open source code that contributors keep there, so an en masse flight to other platforms would essentially destroy the entire value of Microsoft's $7.5 billion purchase, making this no small threat. Microsoft haven't responded yet, but With their own employees applying pressure from inside, too, it's unclear how long Satya Nadella will continue to stick to the corporate line on this one.

Fuller coverage, including the full text of the GitHub contributors' letter, at Gizmodo.

Virtual reality meets commercial reality as headset sales plunge

By now, a headline like the one above, which I nicked from The Reg, should not be a surprise. The article that accompanied it, however, was much more optimistic:

Shipments of virtual reality kit have plunged, but growth is just around the corner.

So said analyst firm IDC’s Worldwide Quarterly Augmented and Virtual Reality Headset Tracker, which found “shipments of augmented reality (AR) and virtual reality (VR) headsets were down 30.5 per cent year over year, totalling 1.2 million units in the first quarter of 2018.”

But IDC also predicts a rebound, for a couple of reasons.

One is that 2017 saw lots of headsets bundled with smartphones as the likes of Samsung and HTC sought to stoke the VR market. They’ve since stopped doing that, so this year’s scary shipment figures reflect the end of giveaways rather than a dip in real demand.

Another is that new products like the Oculus Go are both superior to their predecessors and nicely-priced, so their arrival in stores should spur demand.

A third is that the VR/AR ecosystem has matured and it’s therefore becoming easier to create content, which will see business adopt VR. IDC said it “believes the commercial market to be equally important and predicts it will grow from 24 per cent of VR headset shipments in 2018 to 44.6 per cent by 2022.”

How long, exactly, has a VR breakout been "right around the corner?" It seems like forever, but it can't have been more than two years.

Dispensing with that bit of ridiculous boosterism, though, we can move on to the rest of IDC's case here, which is even weaker.

Microsoft has even bigger problemsthan the new XP

As Microsoft abandons their Windows 10-focused strategy in favour of one built on Azure, AI, and "the intelligent edge," they're trying desperately to put past failures behind them and focus on the future. As of this week, that's not going as smoothly as they might have hoped.

From Gizmodo:

Microsoft employees are putting pressure on their management to cancel a contract with U.S. Immigration and Customs Enforcement, part of a backlash against the agency’s policy of separating children from their families at the U.S. border.

In an open letter to Microsoft CEO Satya Nadella sent today, employees demanded that the company cancel its $19.4 million contract with ICE and instate a policy against working with clients who violate international human rights law. The text of the employee letter was first reported by the New York Times and confirmed by Gizmodo.

“We believe that Microsoft must take an ethical stand, and put children and families above profits,” the letter, signed by Microsoft employees, states. “We request that Microsoft cancel its contracts with ICE, and with other clients who directly enable ICE. As the people who build the technologies that Microsoft profits from, we refuse to be complicit. We are part of a growing movement, comprised of many across the industry who recognize the grave responsibility that those creating powerful technology have to ensure what they build is used for good, and not for harm.”

Yesterday, as word of the contract between ICE and Microsoft’s Azure cloud platform spread within Microsoft’s ranks, some employees were incensed—and considering quitting. Now, Gizmodo has learned, those outside the company are having second thoughts about working with a tech giant that’s a “proud” and willing collaborator with ICE.

Mat Marquis, a writer and developer, announced on Twitter that he was canceling his contract with Microsoft in protest against its ICE contract.

“It would be easy to think of coding as neutral—we solve puzzles,” Marquis told Gizmodo. “[...] It’s important, though, to consider the bigger picture for the things we help to build—how can it be misused, who am I supporting with it, who benefits from it and who bears the costs? I didn’t work with the Azure team; I would never have ended up there, considering my skillset. But the decision to work with an organization is a decision to help them achieve their goals, and Microsoft has shown that they’re willing to lend their name to ICE’s goals. I will not.”

Microsoft eventually responded to employees' concerns with some of the blandest PR pablum I've seen in quite some time, as if anxious to prove that they've learned nothing from their past mistakes, at least organizationally. Judging from the Microsoft employees' open letter, though, it would seem that consumers aren't the only people who are fed up with this shit, and ready to force some ethics on a giant multinational.

Reminder: Windows 7 really is the new XP

Back during the darkest days of Microsoft's GWX campaign, when they'd abandoned all pretense of believing in the quality of the product and offering Windows users a free upgrade, and instead started switching users' systems to Windows 10 no matter how many times they'd refused previously, it was already becoming clear that Microsoft had done lasting harm to their own brand, and to the relationship of trust and goodwill that they'd previously enjoyed with users of Windows 7.

I wasn't alone in referring to Microsoft's GWX fiasco as "upgrade-gate," or to point out the consequences with which Microsoft would have to deal for the next several years; pieces like this one, from Makeof.com, were pretty easily found at the time:

Steve Jobs famously said “people don’t know what they want until you show it to them.” Microsoft must think this is true for Windows 10. And so its developers keep finding new ways to trick Windows 7 and 8 users into upgrading because surely they will like Windows 10 once the see it. Or they’ll just surrender.

Personally, I do like Windows 10, but I also appreciate the reasons of those who oppose the upgrade. And I think what Microsoft has been doing is deeply disturbing and unethical. Microsoft acts as if its goal for 1 billion Windows 10 users supersedes the company’s responsibility for its existing Windows customers.

This reckless battle has unintended consequences, which not only hurt Microsoft’s customers, but also its business.

From loss of trust in the Windows; to users simply turning off Windows Update to avoid the hated GWX payloads; to actual monetary costs in the form of lost time, bandwidth, and productivity; reasons abounded why Microsoft's overly-aggressive GWX push was a bad idea. And while the worst of these for Microsoft, "Home Users Will Abandon Windows," hasn't yet come to pass, there's still no sign that consumers have forgiven Microsoft for the liberties, excesses, and borderline (or actual) abuses of GWX.

Microsoft's GWX push was of a piece with Terry Myerson's Windows-centric strategy, which Microsoft has since abandoned. Two years after GWX's failure, Myerson is no longer at Microsoft; his Windows and Devices Group no longer exists, its various teams having been redistributed across other business units which, according to Microsoft, are actually the future of the company. And Windows 10 is still not as popular as Windows 7... depending on who you ask, of course.

The fallout from GWX still hasn't stopped falling, either. Every month, Microsoft delivers updates for Windows 7, and every month, the description of those updates includes the same disclaimer: "does not include windows 10 upgrade functionality." That's still necessary, more than two years after GWX; that is truly epic levels of fail.

But it actually gets worse for Microsoft.

Creativity is officially dead and so is VR

I must have gone to bathroom, or something, when this bit popped up during Sony's E3 event last week:

It's a very pretty video, with very pretty music, and it takes just over two minutes (2:10, to be precise) before actually fading into any gameplay from the game itself. And yes, it's Tetris. Like, literally, just Tetris but with Tron's aesthetics.

According to the game's Wikipedia entry, Tetris Effect has been in development for 6 years. It took them 6 years to add Tron's glowy graphic style to the now-34-years-young Tetris. Oh, and a pause button, or "an all-new Zone mechanic that allows players to stop time," as it's gushingly called by UploadVR.

Available soon on Windows, PS4, and PSVR, Tetris Effect should be all the proof you need that creativity is dead. They spent six years making a VR version of Tetris, in an environment where you can't turn around and spit without hitting a free version of Tetris, and thirty four years after Tetris was first released. In thirty-four years, nobody has succeeded in adding anything of worth or note to the gameplay of Tetris, and I don't expect that Tetris Effect will succeed where everyone else has failed.

The fact that this utter failure of creativity features prominently on UploadVR's list of E3's Biggest VR Announcements should tell you everything you need to know about the state of VR, right now.

This week in Facebook's fiasco

Now that E3 is over, we can return our attention where it belongs: Facebook, who still haven't really cleaned up their mess, and whose attempts to smooth it over with PR aren't going as well as they might have liked.

Let's start with two pieces from the Guardian:

Apple strikes blow to Facebook as it clamps down on data harvesting

Rules appear to target services like Onavo Protect, which claims to protect user data even as it feeds information to Facebook

Apple has updated its rules to restrict app developers’ ability to harvest data from mobile phones, which could be bad news for a Facebook-owned data security app called Onavo Protect.

Onavo ostensibly provides users with a free virtual private network (VPN) which, it claims, helps “keep you and your data safe when you browse and share information on the web”. What is not immediately obvious is that it feeds information to Facebook about what other apps you are using and how much you are using them back to the social networking giant.

“The problem with Onavo is that it talks about being a VPN that keeps your data private, but behind the scenes it’s harvesting your data for Facebook,” said Ryan Dochuk, CEO of the paid-for VPN TunnelBear. “It goes against what people generally expect when they use a VPN.”

Onavo has been a Trojan horse for Facebook (in the classical sense, not as malware), allowing it to gather intelligence on the apps people use on tens of millions of devices outside its empire. This real-time market research highlights which apps are becoming popular and which are struggling. Such competitive intelligence can inform acquisition targets and negotiations as well as identify popular features it could copy in rival apps.

Just in case you needed a reminder that Cambridge Analytica were just the canaries in Facebook's coal mine, and that the root of the problem is Facebook itself. Yes, Facebook literally went undercover on users' systems, pretending to be a privacy protection VPN tool, and then mined those users' systems for additional data which was fed back to the parent company. It might not count as a trojan, in the sense of not allowing Facebook to literally control users' systems, that's only because Facebook want the data that those users generate. Which means that Facebook isn't just a risk to your privacy anymore: they're a risk to your security, too.

Which could be why the Guardian also ran this opinion piece today, from Emma Brockes.

E3's winners and losers

So, it's that time again... when everybody looks back, and tries to decide who "won" E3 2018. I thought Microsoft had the best press conference, but that Sony would probably be declared the winner by most commentators, but how do those predictions stack up to reality?

ScreenRant named XBox, Sony, Bethesda, and Ubisoft as their winners, while declaring Nintendo, Square Enix, and EA to be the letdowns of E3 2018. [Oh, shit, Ubisoft! I forgot all about Ubisoft!]

USGamer declared Microsoft to be the winner, and Square Enix to be the loser, with a few other "witty" additions:

• Losers: The crowd during Bethesda's Rage 2 Andrew W.K. performance; Walmart Canada; People who aren't emotionally invested in Super Smash Bros.; [their] health.
• Winners: Todd Howard; The people who have been yelling for a Metal Wolf Chaos release in the west their entire lives; Masahiro Sakurai basically saying fuck it and making Smash Bros. game people can't complain about; being hella gay.

[Dammit, why does everyone have to be a fucking comedian all the fucking time?]

Tom's Guide ranked their list:

1. XBox (grade: A)
2. PlayStation (grade: A-)
3. Bethesda (grade: B+)
4. Nintendo (grade: B)
5. Ubisoft (grade: B)
6. EA (grade: C)
7. Square Enix (grade: C-)

[Looks like someone's grading on a curve, but whatevs.]

It's early days yet, but so far, it looks like my take on things was pretty darn good. I do feel a bit bad for overlooking Ubisoft, though, so let's address that injustice.

Oh, yeah, and the other one: Sony's E3 presser

Well, if I'm going to cover them, I may as well cover them all.

Sony comes into this year's E3 as the clear industry leader. They may have spent last year more or less coasting, but the strong work they put it to build a stable of solid first-party studios has paid off in spades, and this years God of War continued the streak. Really, all they had to do was not fuck it up. So, did they manage to not fuck it up?

A joke that never gets old, by Alanah Pearce

Sony's E3 press conference did some... creative, shall we say? things with its format, which were more bewildering than impressive. Much like last year, actually, when Sony used creative lighting and a full symphony orchestra to propel the proceedings, which also left some scratching their heads. Breaking the momentum of their show while they moved people from one room to another was clearly not a good idea, though; and talented as he was, the banjo player was also clearly not as effective as last year's full symphony orchestra. Yes, it's good to see a company of Sony's size take some creative risks, but the poor logistics should have been obvious, here.

Once they finally stopped walking attendees from room to room, though, and started showing them actual games, things started to pick up.

More wrong than right: Nintendo @ E3 2018

Polygon has a pretty decent breakdown of what Nintendo did right, and wrong, during their E3 Nintendo Direct, so let's use that to frame our discussion, shall we?

Right: Super Smash Bros. Ultimate reveal

OK, but seriously, you get every character! This Super Smash Bros. release comes with a wealth of content, which makes sense considering it’s basically an expanded re-release of the Wii U Super Smash Bros. It’s unlikely that fans are going to care, however. This feels like a feast. [...] All these characters, all these stages, all this content. The demos and announcements went on and on for this game, and it was all good news about the title. This is going to sell the Nintendo Switch, no questions.

Agree. Not to my taste, but that's fine. The Nintendo Switch has been all about recycling older (but still very good) content, so the fact that they're upgrading a Wii U game is not a surprise.

Right: Super Mario Party for the Nintendo Switch

The Nintendo Switch is already a social system, so having party games that take advantage of players who have access to multiple system is a smart move. This is another example of how the inventive design of the Nintendo Switch helps Nintendo offer experiences that aren’t possible on any other console.

Disagree. The Nintendo Switch has sold very well, yes, but releasing a game whose major feature requires other people that you know to also have bought the same expensive game system feels like hubris to me. It's not all that inventive, either; Nintendo ported this functionality to the Switch from their DS line of handhelds, which means that it's really just more recycling.

Right: The voice chat and online features of Fortnite

There’s a lot to be happy about when it comes to Nintendo’s “surprise” launch of Fortnite on the Nintendo Switch today, but one of the more interesting details is the fact that you can use any standard 3.5 mm headset for online voice chat, which is a feature that no other game offers on the system, as far as we can tell. This makes chatting with your team much easier — remember, Nintendo’s official solution is a phone app that leaves much to be desired — and is something that should be offered in more games.

Disagree. Yes, it's nice that Fortnite gets this functionality, but why doesn't anyone else? Nintendo's hardware clearly supports it. This just throws a white hot spotlight on one of the Switch's glaring shortcomings.

So, if that's what Nintendo did right, and most of it's not necessarily all that right, what did they get wrong?

Let's get this nonsense started: Devolver Digital's E3 2018 jiminythinger

Well, if I'm going to do this motherf*cking thing, then I may as well do it.

Devolver Digital's 2017 "press conference" was a thing of genius. A savage send-up of the entire E3 hype-fest, and a brutal critique of the worst of the videogame industry's anti-consumer practices, it also managed to announce a couple of the company's games along the way, and had me literally laughing out loud for most of its run time. As I sat down to watch their 2018 "presser," I wondered how they could possibly top that.

How else? They made a sequel. Literally.

Upping the ante on everything, including the profanity and gore, Devolver continued their savage satire of the entire E3 experience, with "Nina Struthers" returning to show all the world just how soul-less and mercenary the videogame industry could be.

Hype and hypocricy: Reactions to Bethesda at E3

So, apparently I'm covering E3 this year. I'm as surprised as you are.

Bethesda's E3 conference followed Microsoft's on Sunday, and just as I predicted, Microsoft's blow-out of a show proved to be a tough act to follow. Apparently Bethesda's presentation this year was an improvement over last year's, but they are only one studio; Microsoft, by comparison, as the platform holder, owns multiple first-party studios of their own, and multiple third-party developers whose games they could also add to their hype event. Realistically, Microsoft should be able to put on a more impressive press conference; it wouldn't be reasonable to demand that Bethesda equal Microsoft's presentation.

That said, though, it's equally unreasonable to assert that Bethesda somehow surpassed Microsoft to put on the "best conference of E3 so far," just because they teased something that you were hoping they teased, on their way to talking about the ten or so projects that they felt like showing off this year. Of those, only Elder Scrolls Legends, Elder Scrolls Blades, Fallout 76, and Prey: Mooncrash will be releasing this year. Rage 2, Wolfenstein: Young Blood, and DOOM: Eternal are due sometime next year, while Starfield and Elder Scrolls IV are essentially nothing but logos at this point.

Oh, and VR. Bethesda are still all-in on VR, with Prey being added to their VR lineup, and a Wolfenstein VR hacking/puzzle game coming... sometime.

No, Microsoft's original vision for the XBox One was not "right"

Those who cannot remember the past are condemned to repeat it.

So goes the famous quote from Jorge Agustín Nicolás Ruiz de Santayana y Borrás, known in English simply as George Santayana. He wasn't talking about Microsoft apologists, but OMFG, he may as well have been.

So, I was doing some simple YouTube searches, trying to gauge the reaction to the XBox E3 presser, when I came across this bit of revisionist history.

It's a lovely little think piece about how visionary Microsoft were the only ones preparing for a world of connected, online gaming; about how everyone saw it coming, but only Microsoft acted on that vision. They've suffered unjustly, is the clear implication here, for being such visionaries, and the gaming industry would be a better and healthier place if they'd just done a better job of selling their vision to consumers.

This is 100% bullshit. It quite simply isn't what happened. At all.

Your mileage may vary...

I suppose I should have begun my review of Microsoft's E3 XBox presser with the disclaimer: I am a PC gamer. I do not own an XBox; I have never owned any gaming console. My Steam Link is as close to console ownership as I've ever come, and that does not look likely to change in the foreseeable future.

XBox's Play Anywhere initiative means that everything released for XBox is also released for Windows. And since nobody buys games from the wasteland of shit that is the Windows Microsoft Store, that means that they'll be coming to Steam, too. Which means that I'll have all of those games to look forward to, once I've played through some of my list of shame. The fact that almost none of them will be out this year is not an issue for me.

Some actual XBox One owners, however, appear to feel differently. Apparently, there was some expectation that Microsoft would have first-party exclusive 2018 releases to announce, in spite of the fact that Microsoft had said last year that nothing of the sort would be happening. This year's XBox E3 was always going to be about XBox's future; it was always going to be about waiting for next year, having missed the playoffs this year.

Will Microsoft attract new gamers to the XBox ecosystem? Will this conference turn around the XBox's fortunes, or reverse their momentum relative to the Nintendo Switch? No. No, it won't.

This is how you do it: Microsoft does E3 right

This is how you do the E3 hype thing:

• Start by announcing a new Halo game.
• Move on to showing actual gameplay footage in the next game you announce, a sequel to the much-loved Ori and the Blind Forest.
• Announce a totally new IP, Sekiro, again with a trailer that includes actual gameplay footage.
• Pause as rarely as possible for speech-making. It is a press conference, after all, and there's corporate messaging to get through, but nobody cares about your corporate bullshit, so don't dwell on it.
• Lather, rinse, and repeat, until you've announced 50 different games.

This is what people watch E3 to see, and wow! did Microsoft ever deliver. The range and sheer variety of games announced was staggering:

Hype machine breakdown: Square Enix edition

Let's get one thing straight: I hate the hype cycle. I'm offended by all of the manipulative things which large corporations do to convince consumers to disregard rationality, common sense, and their own interests to buy absolute shit that they don't need, and probably wouldn't even want if they just thought about it for a second. It's like they're insulting our intelligence, insisting that we forget everything we know, and every shitty thing they've done to us, all so that we can mindlessly dump more money into their coffers for even less product, this time around.

Never believe the hype.

So, yes, I hate hype. This week, though, I'm learning new things about myself. I'm learning that, even more than the hype cycle itself, I hate poorly-executed hype. It's as if, not satisfied with the insult to our intelligence, these companies now can't even be bothered to make it look like they're trying. "Hype yourselves, suckers, and fuck you all," is the message they're sending, whether they intend to or not.

EA's E3 presser was shockingly incompetent, to such an extent that I don't even know what they were trying to achieve. Not to be out-done, though, Square Enix appear to have looked at that hype-less, lethargic mess, and decided to up the ante, as reported by Kotaku:

It’s 1:30am Eastern on a Sunday morning and Square Enix just announced Kingdom Hearts III’s release date, because why not? The long-awaited action-roleplaying game will be out on January 29, 2019, the publisher says.

[...]

Technically this is a delay—Square had previously said Kingdom Hearts III would be out in 2018—but at least there’s a firm date now? And at least they announced the news in the middle of the night on the weekend of E3, two days before THEIR OWN PRESS CONFERENCE. Never change, Square Enix.

Wow. I mean... really... damn. Just... damn.

OK, I guess I can see the logic? Turning up at E3 to announce that the long-awaited game that you're supposed to be releasing this year won't actually be ready until next year would have been awkward, and bigfooting their own presser like this does obviate the need to show gameplay footage at the event itself. Since nobody's expecting anything of Square Enix anymore, I suppose that this counts as one way to effectively manage expectations.

Still, though... damn.

Having magnificently achieved the opposite of pre-show hype, Square Enix are now going to be playing to a tough room; they need to stage a show that blows everybody's minds, and based on the level of PR-fu they're showing so far, I have doubts about that happening. Last year's E3 was pretty lacklustre; this year's E3 is, if anything, off to an even worse start.

Hype machine breakdown: EA flops at E3

E3 is the single biggest event on the video games industry calendar. This is video gaming's Super Bowl. This is the one time of the year when everybody who gives a shit about video games is paying attention, willingly suspending their disbelief, literally begging to be hyped. If you've got a public relations A game, this is the time to bring it.

EA... did not bring it.

• Yes, Sea of Solitude looks pretty cool, although it would have been better to be shown the game, rather than have an indie studio head with no PR-fu just stand there talking about it. 
• Long-time fans of Command and Conquer were not hyped to see the storied franchise turned into a mediocre mobile game. 
• Presentations for the oligatory FIFA and Madden offerings ran way too long, and showed nothing that fans of those games haven't seen before.
• Speaking of obligatory, the latest Battlefield game will have a Battle Royale mode. Because of course it will. Because EA's execs have no imagination whatsoever. Never mind that BFV's devs were saying just a month ago that their game wasn't going to add a BR mode just to add it, but whatevs.
• People who were hoping for more information about the upcoming Anthem were disappointed. It still looks like Destiny, though.

Worst of all, though, at least to me, was EA's ongoing failure with the Star Wars franchise.

Virtual meets reality

From Jon Evans TechCrunch:

“Despite many pronouncements that 2016 was the year of VR, a more apt word for virtual reality might be absence,” The Economist observed caustically last summer, noting that during that year forecasts of combined sales of VR hardware and software dropped from $5.1bn to $3.6bn to the harsh reality of $1.8bn. But hey, one rough holiday season does not an industry make, right? Surely in 2017 things began to —

— oh. "Shock Stat: In 2017, VR Headset Shipments For Most Top Brands Went DOWN Compared To 2016." So much for the many predictions that VR headset shipments would grow exponentially for years. Crow appears to be the appetizer for nearly every industry dinner these days. But that was before the Oculus Go, right? Except … the Go seems to have sold at most a quarter of a million units in its first few weeks, far behind the comparably priced Nintendo Switch released months earlier, and as I write this languishes well outside the top 20 of Amazon’s “Video Games > Accessories” bestsellers.

[...]

I dropped by the Augmented World Expo in Santa Clara this week, and my main takeaway was that the industry has essentially abandoned the consumer AR/VR space, at least for now. Everyone’s aiming at AR/VR for work now. But how many jobs are there, really, where complex information needs to be accessed in a hands-free way? How many problems can be solved by VR conferencing but not videoconferencing? Sure, they exist, and the tech can be spectacularly great for them; but, again, for now at least, we’re talking Next Little Niche.

[...]

It’s the very early days of a new technology. It’s expensive. It’s still hardware-intensive. We’re still figuring out its best uses, and how it interacts with human physical location, and a whole new grammar of storytelling. But the Oculus Kickstarter launched almost six years ago, and I’ve seen a whole lot of VR/AR/mixed-reality demos since then, and every time, I walk away thinking: “This technology has so much potential.”

But in order to be the Next Big Thing at some point you have to actually start realizing your potential [...] the disheartening truth is that, despite the low-price new standalone hardware, despite all the effort that’s gone into software and design and storytelling, I still don’t feel like we’re meaningfully closer to that than we were two years ago.

Have I mentioned lately that articles like this are becoming increasingly common? Sure, people who are materially or emotionally invested in VR are still trying to sound bullish on its prospects, but those forecasts are looking increasingly ridiculous in the face of clear evidence that VR simply isn't happening, their foundations made of nothing but hype and hot air.

This week in Facebook

Today, we learned that teens prefer YouTube, and that even Facebook's shareholders are fed up with Zuckerberg's shit.

First, from TechCrunch:

A Pew survey of teens and the ways they use technology finds that kids have largely ditched Facebook for the visually stimulating alternatives of Snapchat, YouTube and Instagram. Nearly half said they’re online “almost constantly,” which will probably be used as a source of FUD, but really is just fine. Even teens, bless their honest little hearts, have doubts about whether social media is good or evil.

The survey is the first by Pew since 2015, and plenty has changed. The one that has driven the most change seems to be the ubiquity and power of smartphones, which 95 percent of respondents said they had access to. Fewer, especially among lower income families, had laptops and desktops.

This mobile-native cohort has opted for mobile-native content and apps, which means highly visual and easily browsable. That’s much more the style on the top three apps: YouTube takes first place with 85 percent reporting they use it, then Instagram at 72 percent, and Snapchat at 69.

[...]

When asked whether social media had a positive or negative effect, teens were split. They valued it for connecting with friends and family, finding news and information and meeting new people. But they decried its use in bullying and spreading rumors, its complicated effect on in-person relationships and how it distracts from and distorts real life.

And second, from Mashable:

Facebook's own shareholders are losing patience for Mark Zuckerberg's excuses. 
At the company's annual shareholders meeting on Thursday, attendees made it abundantly clear that they're fed up with Facebook and the seemingly endless barrage of scandals.

One shareholder, voicing support for a proposal to limit Mark Zuckerberg's control, urged the CEO to "emulate George Washington, not Vladimir Putin." Another shareholder admonished the company for the Cambridge Analytica scandal, saying the company's handling of users' personal data was "tantamount to a human rights violation."

"If privacy is a human right, as stated by Microsoft's CEO, then we contend that Facebook's poor stewardship of customer data is tantamount to a human rights violation," said Christine Jantz, chief investment officer at Northstar Asset Management.
Others questioned why Facebook seems to be unable to get out in front of all the negative news. "Why is the list of controversies confronting Facebook so long and so serious," asked Will Lana from Trillium Asset Management.

[...]

Zuckerberg tried to put his usual spin on things, reiterating some of his favorite recent talking points. "We face a number of important issues, we're going to make sure we take a broader view of our responsibility," he said.

Still, meeting attendees were clearly frustrated with the message and spent much of the rest of the meeting hammering Zuckerberg and other execs on everything from privacy scandals, to diversity issues, to what it's doing to address lack of housing near its headquarters.

I can't decide if these data points are part of the early stages of an overall decline for Facebook, or just blips in an otherwise unbroken upward trajectory for FB. There's little doubt that they're not good things for FB, though. If a generation of potential future users is ditching the service, in part because of its negative effects on the behaviour of users, then FB's future is suddenly looking a lot cloudier than it was. And it's with their future in apparent jeopardy that FB is also facing backlash from their own shareholders over the way they do business -- suddenly their present is also looking a little more precarious than it did a week ago.