Goodbye Tweetbot

I have been actively using Twitter for years. I joined in late 2009 and have fond memories of using it. From a desktop first, then an iPod Touch using the official Twitter app, and then my old Sony Ericsson K790i by SMS-ing tweets, before switching over to using smartphones and using apps.

I did use the default Twitter app for a bit, but Tweetbot was the first iOS app I bought on the App Store in 2013, and added it immediately onto my dock where it stayed ever since. I have used Tweetbot since then. I continued to use Tweetbot through the years by buying / subscribing to new versions, despite the Twitter API always limiting third-party clients and not supporting all of the features the official apps and websites had.

And I lived with that deficit, because Tweetbot felt like home. Over the years, I have tried using the official app multiple times (and always have the app on my phone), but it has always been terrible. The experience of using Tweetbot was always so much better than the official app. Tweetbot didn’t have ads, only showed me tweets from my (curated) followers list, had a chronological timeline, maintained my point in the app even if I fell behind, was customizable, etc. But most of all: it had a so much better user experience that put me first. It never felt cluttered and made Twitter inviting.

Over the last ~3 years, I had reduced tweeting but I still consumed from it fairly regularly. Twitter was still an enjoyable experience when I wanted it because I had Tweetbot. The negativity since Elon Musk got involved in March 2022, though, has been overpowering, and I removed Tweetbot from my dock in early December 2022.

Tweetbot shutting down after Twitter abruptly disabled its APIs, though, does convince me to wane my use of Twitter even further. Twitter without Tweetbot doesn’t feel right. Trust me, I have tried! Mastodon is interesting, but it isn’t a Twitter replacement. Not yet atleast.

We’ll see where this journey goes, but until then, goodbye Tweetbot 🫡. Thank you for giving me such a pleasant Twitter experience for almost a decade. You will be sorely missed.

Online Privacy Should Be Modeled on Real-World Privacy

I read Daring Fireball often and one of the things I strongly agree with Gruber on is privacy. I think privacy ought to be a fundamental right and I loathe the practices of tech companies that are formulated on invading it. That is also why I use DuckDuckGo as my default search engine.

John Gruber wrote this post following Apple’s new iPhone ad (watch it, it is a great one) about companies act as privacy thieves by tracking people across the internet. I agree with it in its entirety.

They have zero right, none, to the tracking they’ve been getting away with. We, as a society, have implicitly accepted it because we never really noticed it. You, the user, have no way of seeing it happen. Our brains are naturally attuned to detect and viscerally reject, with outrage and alarm, real-world intrusions into our privacy. Real-world marketers could never get away with tracking us like online marketers do.

We definitely wouldn’t accept this type of behavior in the real world!

The tracking industry is correct that iOS 14 users are going to overwhelmingly deny permission to track them. That’s not because Apple’s permission dialog is unnecessarily scaring them — it’s because Apple’s permission dialog is accurately explaining what is going on in plain language, and it is repulsive. Apple’s tracking permission dialog is something no sane person would agree to because this sort of tracking is something no sane person would agree to.

Yes.

The privacy thieves have, unsurprisingly, come out against these expected changes coming in iOS 14, and tried to defend their entitlement. They should have none. And they would have none if their business models were based on asking users for permission (as Apple’s system is expected to).

More privacy for one and all.

Good Sudoku

I’m a sucker for sudoku. I was obsessed about 7-8 years ago and solved it every single day for a while (thanks, Mumbai Mirror!).

In the week after I watched and posted about the Miracle Sudoku, Zach Gage and Jack Schlesinger released a great sudoku game. I have been obsessed and can’t stop playing.

Go, have some fun and play it. (Also, send help. I really need to limit how much time I spend playing it…)

Takeaways from the WWDC 2020 Keynote

I am an Apple enthusiast, and I just watched the WWDC 2020 keynote. Here’s what I thought (in no specific order):

iOS 14

• Reaching for the top row apps on my iPhone 7 Plus is not easy. I can rarely, if ever, use my phone with a single hand anymore. So, I appreciate the new home screen layout. It definitely appears useful at first glance.
• I can see myself adding Dark Sky (wait, will it still be updated?!) and Fantastical widgets, but I don’t think I’ll add much else. We’ll see.
• Pinned conversations, inline replies, mentions… Love it all. Also, mask Memoji 😷!
• As someone that obsessively downloads (and keeps) apps from cafes, stores, and parking apps I only need about once every year, and refuses to delete them for the one time time I might need them again, I love the idea of App Clips. I can (hopefully) get rid of all those unused apps.
• I am nitpicky about my home screen layout, so I’m conflicted about the new dynamic App Library. I can imagine it being useful, but it might also play against my muscle memory.
• No more full-screen popovers for phone calls or Siri! YES!
• Rarely use iPhone to watch video, so couldn’t care less about picture-in-picture.
• Lot of appreciation for the new privacy features. I have desired approximate location for so many apps that I don’t trust, but still have to provide location information to.
• Camera and microphone usage indicators are godsend. I have often wondered how many apps exploit those permissions because they have them.
• Overall not a lot is changing, which is a good thing.

Apple Maps

• Biking directions with elevation! I have wished for this to have existed for months as I struggled with mapping my bike rides. This alone will make me update to iOS 14 on day 1.

iPadOS 14

• Neat improvements to handwriting recognition and scribble.

AirPods

• Seamless switching: Why did it take so long?!
• Spatial Audio: Tempting me to buy a set of AirPods Pro.

watchOS 7

• Hand washing countdowns are cute and I love that they exist ☺️.
• Sleep tracking appears cool, but I also don’t like wearing my Apple Watch while I’m asleep.

Safari

• Amazing new privacy controls. I use Safari all day, everyday. It is already very fast, secure and neatly integrated. The privacy improvements take what is great and make it even better.
• I’m going to obsess for a while over the Privacy Reports of some of my most visited websites.
• The new hover-on-tab feature that displays a tiny thumbnail is also really nice. It is one of the things I miss the most from my days of Firefox.

macOS Big Sur (11.0!)

• I like the new design aesthetic in the apps, but hate the new icons. The iOS-ified icons feel out of place. Maybe they’ll grown on me over time.
• Control Center is neat, and so is the new notification pane.
• Messages and Apple Maps are Catalyst ports, but get feature parity with iOS. Cool!
• Overall: A slate of nice updates for a mature desktop OS. Lots of polish, I hope.

App Store

• Simple, easy to understand privacy policies for every app before you download it? Yes, please!

Mac’s Transition to Apple SoC

• This might actually go through in a seamless way than I had thought.
• A12Z running Final Cut Pro and 3 streams of 4K, and driving the 6K Pro Display XDR? Damn, that’s powerful.
• Emulation also appears to be fast.
• Not a fan of iOS and iPadOS apps running on macOS. That sounds like a recipe for lazy developers to not make good, native macOS apps, while allowing Apple to boast ‘millions of apps on day 1’.
• I can’t wait to learn more about the upcoming Mac line-up. Such an exciting time!

Miscellaneous

• The production quality of this year’s presentation was exemplary.
• It was uncanny (and weird) to look at close-ups of Tim Cook and Craig Federighi as they talked to the camera. It was too close and too in-my-face.

Instagram has Terrible Account Security

A few days back, someone reached out to me suspecting that their Instagram account had been hacked. What followed was me helping them work through every available way to lock down their account and then convincing them that they had done everything and it didn’t seem like it was hacked. In the process, though, as a proof-of-concept, I followed the same procedure I helped them go through. That brings me to what I learnt about Instagram and its account security practices.

I am obsessive about the security of my online accounts, including ones that I only use occasionally. I don’t repeat passwords, I have 2FA enabled on all such services, and I use an authenticator app for it to avoid the possibility of SIM swapping. I am not an expert, but I am curious, cautious and fairly literate on security best practices. With this, I started investigating what different ways exist to identify if an Instagram account had been hacked, and what can be done to salvage it.

Instagram offers a simple ‘Login Activity’ page that provides a list of locations and devices from which your account was accessed. A quick glance at it and I suspect it comes from the IP address location provided by ISPs. (Instagram does not have access to the location data on my phone.) It potentially has duplicates of the same device, so is not foolproof, but it is a good sanity check. If there’s no device-location pair on this list that you don’t recognize (and haven’t received an email from Instagram telling you about a recent login), there’s a low probability that your account could be hacked. Great.

But what if there is an unknown device there? What do you do then? Well, you try to kick them out. Step one would be to log that device out, but that leaves the possibility that it will be able to log back in, almost immediately. Why, you ask? Well, Instagram has a surprisingly ridiculous setting, ‘Saved login information’, that is turned on by default, and saves the login information to the mobile app. So, even if you log a device out, chances are that it can log back in almost immediately given the login information is saved. Not good, but not alarming either. After all, it is a Facebook product.

So how do you actually force a login from every device? Astonishingly, there’s no way to do this. Articles all over the internet will tell you to change your password, which will force a password entry on every device. I tried that, and it worked, but only sort of.

At this point, Instagram logs out every other device that was previously logged in to the account. Cool. However, when you try to login again, it gives you a choice: a) Use Facebook to login, or b) Enter the new password (without a 2FA prompt or email notification about login). (b), in and of itself, is terrible, but it is (a) that got me even more worried. I disconnected my Facebook account from Instagram a few years back. And despite Instagram’s constant attempt to lure me into re-connecting them with dark patterns, I have resisted and consciously ensured I do not connect them together.

I tapped ‘Use Facebook to login’. Lo and behold, I was in my Instagram account! No new password, no 2FA code, no email from Instagram about a new login, no email from Facebook about my Facebook account being used to login to another service. I was in. Business as usual.

I was dazed. I checked Facebook to see if any other ‘app’ was connected to my account or had used Facebook for login. Nada.

To recap, I changed my password on a 2FA enabled, Facebook-disconnected Instagram account. On a different device, I could login to my Instagram account without my password, 2FA code or authenticating my Facebook account. I didn’t receive an email from Instagram or Facebook about the login.

In real world, what this means is that if someone gains access to your Facebook account, they can probably extend it and gain access to your Instagram account. Someone will keep chasing a red herring and try to beef up their Instagram security, all while the perpetrator can conveniently gloss over all of those changes by simply using Facebook to login to Instagram every single time, with not even a whiff to the victim.

Ludicrous.

Using Instagram in 2019

8 years. That’s how long I’ve had an Instagram account. My Instagram profile is a curation, it is a reminder of everywhere I have been, some of my best photographs, akin to a portfolio. I have seen it go from a niche, Facebook acquisition, ads, it becoming a popular app, adding stories and messages. I’m not a fan of most of Instagram’s changes, so here’s a little bit about how I use Instagram these days, in 2019.

• Instagram rose to popularity with a simple photo sharing model. Traditionally, photos have been a weird beast, with everyone shooting them in different sizes and resolutions (ask Flickr or 500px). Instagram offered to level this field by forcing a square photo. Square photos, that’s it. You choose what you will crop out, but the end photo must be a square. That was the allure to me. It forced users to be creative and critical. Much like Twitter with its 140 character limit, Instagram’s square was culture-defining. Heck, Apple added a ‘square’ mode to the iOS camera app a few years after Instagram was first released, because some people exclusively shot photos to post on Instagram! So, that’s what I do on Instagram, even today: Post square photos.
• I have posted a few photos over the years that were not squares, but made such by using tools to add borders. I think that’s fine, every once in a while. What I don’t think is fine, though, is the posts that have borders on all 4 sides; it doesn’t add anything to the value of the post. Instagram posts are tiny, and by putting borders on all 4 sides, you are essentially playing your followers to force them to tap on it from your profile page.
• I do not post stories on Instagram. I will post them fairly often to Snapchat, but never on Instagram. I think stories are an abomination on Instagram. The baggage of who you are, what exists on your profile, the followers and how that mashes with your ‘personality’, forces people to spend more time on creating stories than enjoying what is in those stories. That pressure doesn’t exist on Snapchat, where a story exists to tell a simple, quick and dirty story (literally) of what you are doing. Blurry? Doesn’t matter. No caption? Better! On Instagram, it is to showoff, not to have fun.
• Instagram is not how I communicate with everyone I know; that’s Messages or WhatsApp. I refuse to follow everyone I have ever run into (I already have Facebook for that!), because seeing their posts or stories do not bring value to my life. I use Instagram to see the work of some of the best photos and read captions that will enrich the photograph by supplementing it. In fact, I regularly curate my following list and unfollow people who do not add value to my feed.
• I love the messages features on Instagram, it is a simple, great way to share posts with people, who I care about, and share something they will enjoy.
• I think the whole concept of Instagram influencers is flawed. I understand ads and sponsored content on YouTube, because it is video and no one does video like YouTube. It is not feasible to host, encode and transmit videos as easily as text or photos over the internet (yet?). But since most content is photos on Instagram, if it is your own content, it deserves to be elsewhere. We have had blogs since the advent of the internet for this exact reason: for people to own their own content! If you have content that is worthy enough that people would go where you are to see it, great, host it in a place where you own it. If not, you are not really an influencer.
• I am not a fan of the ads, but eh, whatever.

There was a time when I loved Instagram. It saddens me that I do not feel as strongly about it anymore.