Elon Musk says his posts did more to ‘financially impair’ X than help it
Elon Musk admitted that his posts on the platform formerly known as Twitter may have financially harmed the company in the long run, in a March 27th deposition made public on Monday by The Huffington Post. The billionaire also admitted to have a “limited understanding” of the lawsuit for which he was being deposed.
The 22-year old Ben Brody sued Musk for defamation last fall, alleging that Musk pushed a conspiracy theory that falsely identified Brody as being involved in a fight between two far-right groups in Oregon. Musk’s attorney filed multiple requests to keep the transcript of his nearly two-hour testimony confidential, but they were denied by the judge.
At one point, Musk is asked by Brody’s attorney, Mark Bankston, about his purchase of Twitter and what impact it had on his usage of the site. Musk responded that he believed his posts had “really remained unchanged before and after the acquisition.” But he acknowledged that maintaining that attitude likely did X more harm than good.
“The — and going back to the sort of self-inflicted wounds, the Kevlar shoes, I think there’s — I’ve probably done — I may have done more to financially impair the company than to help it, but certainly I — I do not guide my posts by what is financially beneficial but by what I believe is interesting or important or entertaining to the public,” said the owner of X.
On multiple occasions, Musk expressed confusion over why Brody was pursuing litigation against him and basic details about the case. At one point he accused Bankston — Brody’s attorney — of performing a cash grab by pursuing the lawsuit. “My — what I want to think it’s really about is about you getting a lot of money,” said Musk.
The focus of the lawsuit is a series of tweets that Musk made last summer that promoted a far-right conspiracy theory that falsely linked Brody to an Oregon brawl between the Proud Boys and a local neo-Nazi group. Brody, who is based in California, bore a vague resemblance to a participant in the brawl. Online trolls quickly latched onto the theory that the brawl was a “false flag,” and that Brody was an undercover government agent. Musk engaged with users who were pushing this conspiracy theory on X, agreeing with their conclusions that the brawl was likely a staged incident. On June 27th, Musk replied to a post that contained a video of the fight and suggested that Brody was part of a “false flag” operation. In truth, Brody was falsely identified by online trolls as one of the men in the video.
“Looks like one is a college student (who wants to join the govt) and another is maybe an Antifa member, but nonetheless a probable false flag situation,” Musk tweeted.
That tweet was directly referenced by Brody’s attorney. Musk argued that his post didn’t have that much reach due to it merely being a reply.
“The replies get 100 times less attention than a primary tweet. So this was certainly not any attempt to generate advertising revenue. In fact, generally advertisers would not want to advertise with content that is contentious,” said Musk.
Given the size of Musk’s account and his public prominence, his reply, which still remains on the site, was viewed by over a million people, Brody’s attorney estimated.
“You do understand that the amount of people who saw this, who have viewed this tweet, is equivalent to all 30 major baseball stadiums filled to capacity?” asked Bankston.
But Musk claimed that Twitter had five to eight trillion views a year, and so a million views wasn’t significant on the platform.
“No big deal?” said Bankston.
“Hit or miss, yeah,” responded Musk.
“Not a big deal that this went out to so many people?”
“Correct. And more of a — this is kind of the thing where advertisers, when it’s contentious, will not advertise, which means we do not get revenue from it,” Musk responded.
Musk also admitted that he was the owner of an account called @ermnmusk in which he role-played as his own toddler son. Motherboard and several other outlets uncovered the mysterious account last year.
Musk also made it clear that he didn’t believe that Brody, who was forced to evacuate his home at one point, was “meaningfully harmed” due to the false accusations that he helped spread.
“People are attacked all the time in the media, online media, social media, but it is rare that that actually has a meaningful negative impact on their life,” said Musk.
Tesla Settles Lawsuit Over a Fatal Crash Involving Autopilot A Tesla driver’s family had sought damages for the 2018 crash, which happened while the carmaker’s driver-assistance software was in use.
Can you watch a solar eclipse in the Apple Vision Pro?
This morning, remembering I’d forgotten to order eclipse glasses, I wondered out loud: Would it be an absolutely awful idea to watch today’s solar eclipse on the Apple Vision Pro? I’m extremely not a camera expert, but I seem to recall that pointing a camera at the sun is bad. However, online answers vary widely, so I put the question to The Verge’s Emmy-winning senior video producer Becca Farsace.
Her answer was that the Vision Pro is expensive; it has a lot of cameras; and it isn’t worth the risk. She added: “Wes, you are a free soul! you can do whatever you please, but if I saw this on the internet I would be so mad that someone who spent that much money was out there doing this.”
She’s right; I am a free soul! Challenge accepted, Becca.
Here’s what the eclipse looks like in the Vision Pro.
Okay, okay, maybe a friend gave me a pair of eclipse glasses. Putting them over the Vision Pro’s cameras enabled my vile digital sungazing ambitions (which I had already chickened out of, by the way) without risking my very expensive headset.
So yes, you can look at the eclipse with the Vision Pro, so long as you don’t mind a big “Tracking Failed” error message popping up in the middle of your view, telling you it’s too dark out.
If you would also like to point a camera at the sun — eclipse or no — Becca has additional tips in the video below.
A24’s horror trilogy heads to the ’80s in first Maxxxine trailer
It’s shaping up to be a promising summer of horror. Last week, we got a first glimpse at Tilman Singer’s Cuckoo, which comes out in August, and this week is starting off with the first trailer for Ti West’s Maxxxine. The movie will round out a trilogy that kicked off in 2022 with the release of both X and its prequel Pearl; it hits theaters on July 5th.
As the title implies, the new movie follows aspiring actress Maxine Minx (Mia Goth) as she attempts to make it big in Hollywood in 1985 following the gruesome events of X. Much like Pearl before her (also played by Goth), she seems willing to do anything to make it happen. But bad news: a mysterious killer known as the “night stalker” is on the loose, complicating those plans.
Despite telling parts of the same story, each entry in West’s trilogy has had a completely different vibe. X introduced both Pearl and Maxine and was modeled after ’70s slasher movies. Pearl, meanwhile, was set a few decades earlier and had elements of The Wizard of Oz (only, you know, much darker). So Maxxxine naturally is very ’80s, from the music to the fashion.
In addition to Goth, it stars Elizabeth Debicki, Moses Sumney, Michelle Monaghan, Bobby Cannavale, Halsey, Lily Collins, Giancarlo Esposito, and Kevin Bacon.
Spotify’s latest AI feature builds playlists based on text descriptions
After experimenting with AI playlist generation in its DJ feature last year, Spotify is now launching a beta tool that allows users to create a curated tracklist based on text descriptions. Its new AI Playlist beta is initially rolling out to Spotify Premium subscribers on mobile devices in the United Kingdom and Australia.
Android and iOS users in those locations can find the AI Playlist generator by heading into “Your Library” and tapping the “+” button at the top-right of the page. After selecting the AI Playlist option from the drop-down menu, users can type in a prompt — such as “music to read to on a cold, rainy day” — to get a playlist of 30 songs that match that vibe. The results can be tweaked using additional prompts like “more sad music” until the user is satisfied with the playlist, at which point it can be saved by tapping “create” at the top right.
In my testing, AI Playlists did an impressive job of matching songs to niche prompts. For example, it spat out a delightful mix of rave-appropriate techno music when I asked it to generate a playlist that would “make me feel like a vampire hunter from Blade (1998)” and even titled the playlist as “Blade’s Essence” without additional input. Spotify says that users will get better playlists by using prompts that contain “a combination of genres, moods, artists, or decades,” and that places, animals, activities, movie characters, colors, and even emojis can be referenced by the feature. Spotify says it will continue working on its generative playlist feature “over the coming months.”
There are a few limitations to be aware of — AI Playlists won’t produce results for non-music-related prompts like current events or specific brands, and there are “measures in place around prompts that are offensive,” for example.
Using it has been a fun experience so far. It’s a much faster way to throw together an ensemble than manually building a playlist, and provides some functionality as a music discovery tool for those who want to find new tunes that follow a specific aesthetic. That already makes it feel more useful than Spotify’s AI DJ, which generates a custom playlist based on your entire listening history with limited options to curate the final results.
The new feature could, however, also be a contributing factor in the price increases Spotify is expected to introduce later this year. At the moment, Premium subscriptions start at $5.99 per month for students or $10.99 for individuals. We have asked Spotify when other regions can expect the beta and will update this story if we hear back.
Maryland Passes 2 Major Privacy Bills, Despite Tech Industry Pushback One bill would require apps like Instagram and TikTok to prioritize young people’s safety and the other would restrict the collection of consumer data.
Earlier this year, there were enough rumors about imminent new Apple products to make for a big spring event, but the company instead announced its new M3 MacBook Airs via press release — and new iPads haven’t shown up since. Today, Mark Gurman writes in his Power On newsletter for Bloomberg that the big spring iPad update, which includes new OLED iPad Pros, is due on May 6th — about 19 months since the last one.
But why upgrade? My 2021 model still feels like new, and I know at least one person who says the same of the 2018 iPad Pro. Unless it does more than what’s been rumored, which is precious little at this point in the grand scheme of things, it narrows who it’s for to just the very specific subset of people who like iPadOS a lot and would shell out for a good, contrasty OLED screen. But what if it just embraced the fact that it’s essentially a laptop with a touchscreen?
The OLED iPad Pro is supposed to be the Big Deal of the new lineup. Both the 11-inch and 13-inch versions are expected to get the better screen, and Apple is apparently releasing more laptop-like aluminum Magic Keyboards for them. Gurman writes in the subscriber edition of his newsletter that there may be a new Apple Pencil with a pressure-sensitive button on the side too. Two new iPad Airs with M2 processors are also expected — one in the standard 10.9-inch size, and a larger 12.9-inch model that would use the same Magic Keyboard accessories available now for the Pro.
That could steal some thunder from the Pro since not everybody cares that much about OLED or high refresh rates — a bigger screen is arguably worth more than fancy display technology. The iPad Pro is an ultra-portable productivity device, and a fancy Magic Keyboard reinforces that idea. But for now, it has one USB-C port and runs iPadOS, which still feels limited, despite multitasking features Apple has added, like Stage Manager.
The 12.9-inch 2022 model is already $1,099 for 128GB of storage and 8GB of RAM. The same money will get you a M3 MacBook Air with 256GB of memory, a bigger screen, a built-in keyboard and trackpad, and an operating system with four-decades-and-counting of software ecosystem support and evolution behind it. The next iPad Pro may be even more expensive. You’d really have to like iPadOS to pick the former over the latter.
Federico Viticci, who’s known for being an iPad power user, said recently that using macOS in a virtual display alongside visionOS apps (which presumably included some iPad apps) “felt powerful and flexible in a way that iPadOS hasn’t made me feel in a while.” That was in a fun MacStories article last month about his experience making a bizarre FrankenPad out of an iPad Pro and a headless MacBook.
At $3,500, the Vision Pro is no immediate threat to the iPad Pro, but Viticci’s story highlights the tablet’s vulnerability. Even if iPad productivity isn’t your bag, it’s great for casual, personal content consumption. If the Vision Pro can take that job over, then the iPad really needs something fresh. One thing Apple could do is make the iPad Pro a true hybrid.It’s already a great secondary display for my MacBook Air.
Apple has shown in the past few years it’s willing to give people a little bit of what they ask for by returning HDMI and SD card ports to the MacBook Pro. I say bring that energy to the iPad. Give it one more USB-C port and — while I’m here asking for things that probably won’t happen but would be awesome if they did — let it dual-boot macOS and iPadOS.
New Disney animatronics breathe convincing life into its 2D characters
No matter your opinion on the current state of its animated movies, Disney is proving that it can still knock animatronics out of the park. This week, the entertainment giant gave us another early look at the new audio-animatronics being prepared for Tiana’s Bayou Adventure — a retheming of the iconic (and controversial) Splash Mountain ride — and the demonstrations so far have been breathtakingly impressive.
Recognizable characters from The Princess and the Frog (2009) have been brought to robotic life across various social media posts and Disney’s new “We Call It Imagineering” YouTube series, including Princess Tiana herself, Mama Odie, Charlotte La Bouff, Louis the Alligator, and a host of other swamp critters.
I compiled all the clips of animatronics that have been revealed for Tiana's Bayou Adventure (so far) pic.twitter.com/qmGvRXwHAr
Seriously, some of these animatronics move so fluidly that they seem genuinely alive! If these new animatronics were developed like the ones for Tokyo Disneyland’s Beauty and the Beast attraction, their movements and facial expressions may have been provided by actual animators from Walt Disney Animation Studios, which is why it feels like the characters have simply escaped their 2D confinements. They’re not as realistically lifelike as the Shaman that features in the Na’vi River Journey ride, but that animatronic was a groundbreaking feat of engineering in 2017 — it’s exciting to see technology that complex now being applied at scale around the parks.
I’m also pleased that Disney has moved away from the rear-projection technology that was used on the Seven Dwarfs Mine Train and Frozen Ever After rides in Disney World. It just looks odd and unusually washed out in some circumstances and feels rather lazy compared to previous animatronic innovations from Disney’s Imagineering division over the last 60 years. By contrast, seeing the Princess and the Frog character’s lips, eyes, and facial structure physically moving makes me take a second to remember that these are real metal and plastic constructs and not CGI.
It’s an exciting time for any like-minded nerds who love to see animatronics or robots used in theme parks and other live experiences. The free-roaming, chicken-like BD-X droids showcased by Disney Imagineering last year will be set loose at the Black Spire Outpost in Disneyland’s Galaxy’s Edge park between April 5th and June 2nd.
We’ve also seen some incredible robots designed around Shanghai Disney Resort’s Zootopia land, and Universal is working on bringing life-size dragons to some of the experiences at the How To Train Your Dragon-themed land it’s constructing for its upcoming Epic Universe park.
If any of this has piqued your interest then I recommend watching The Imagineering Story docuseries on Disney Plus — it provides some fascinating insight into Disney’s extensive history in the animatronic industry.
In Battle Over Health Care Costs, Private Equity Plays Both Sides As medical practices owned by private equity firms fuel overbilling, a payment tool also backed by such investors helps insurers boost their profits.
How Tech Giants Cut Corners to Harvest Data for A.I. OpenAI, Google and Meta ignored corporate policies, altered their own rules and discussed skirting copyright law as they sought online information to train their newest artificial intelligence systems.
At $32.4 billion for 2021 alone, that’s even more than YouTube, which pulled in $28.8 billion in the same year. Business Insider previously pointed out the lead it has over Google’s video unit, and mentions that YouTube gives up 55 percent of each advertising dollar it makes to content owners who upload videos while Instagram coughs up a lot less.
The gap is also there even if you look further back. In 2020 and 2019, Meta lists Instagram’s ad revenue as $22 and $17.9 billion, respectively, while YouTube’s ad revenue is listed in its annual report (PDF) as $19.7 and $15.1 billion for the same years.
According to Bloomberg, the figures show the share of Meta’s revenue that comes from Instagram has jumped from 26 percent in 2020 to almost 30 percent in the first six months of 2022. The figures from the filing give more insight than Meta’s quarterly earnings reports, which don’t break out Instagram, but now we have a much clearer idea about how much Adam Mosseri’s section means to Meta.
Back in the ’90s, This Eclipse Webcast Put the Cosmos on Demand A total solar eclipse in Aruba was streamed to millions of users of the World Wide Web in 1998, helping to start an ongoing era of viral videos of space and astronomy.
Andres Freund, el ingeniero que previno un posible ciberataque global Un ingeniero de Microsoft notó que algo andaba mal en un software en el que había trabajado. Pronto descubrió que probablemente alguien intentaba acceder a computadoras en todo el mundo.
Google sues alleged crypto scammers for luring people into investments they’d never get back
Google is suing two alleged crypto scammers, accusing them of using its Play Store to offer fraudulent cryptocurrency trading apps and investment platforms that instead simply took users’ money. These apps were used in a type of romance scam commonly called “pig butchering” in reference to fattening a pig before it’s slaughtered.
The accused scammers — two app developers based in China and Hong Kong — allegedly uploaded 87 different fraudulent apps to enable their schemes, luring in more than 100,000 people who downloaded them. Based on user complaints, Google alleges that users lost anywhere from $100 to tens of thousands of dollars each. Apps uploaded by the pair and their unnamed associates have been used in versions of the scam since at least 2019, according to Google.
Google says it’s the first company of its peers to take this kind of action. It already shut down the apps on the Play Store once it determined they were fraudulent. “This litigation is a critical step in holding these bad actors accountable and sending a clear message that we will aggressively pursue those who seek to take advantage of our users,” Google’s general counsel, Halimah DeLaine Prado, said in a statement. Google says it was also harmed by the scheme because it threatens the “integrity” of its app store and diverted resources to detect and disrupt the operation. The company says it suffered economic damages of more than $75,000 investigating the fraud.
Here’s how the alleged scam worked, according to Google’s complaint: the developers would make fake cryptocurrency exchange and investment apps, misrepresenting them to the Play Store as legitimate investing apps and allegedly misrepresenting details like their location so they could be uploaded. Then, the alleged scammers or their associates would lure users to the platforms through a mix of romance scam messages and YouTube videos. While this kind of scam is often referred to as “pig butchering,” Google says in a footnote to its complaint that it doesn’t adopt or endorse the term.
The initial texts they would send might look familiar to anyone who’s received text spam — messages like, “I am Sophia, do you remember me?” or “I miss you all the time, how are your parents Mike?” according to the complaint. If they got a response, the alleged scammers would apparently try to start a conversation and eventually move it to a platform like WhatsApp, before convincing their new “friend” to download one of the fraudulent apps and put money into it.
The developers or their associates would also at times convince alleged victims that they could earn commission by hawking the apps themselves as “affiliates” of the platforms, according to the complaint.
Once users were on the apps, the developers made the platforms look convincing by showing a balance and returns on investments, Google alleges. The only problem: users couldn’t take their money out. At times, the apps would let them take out small amounts of money, according to Google, or would require a fee or minimum balance to make a withdrawal, ultimately scamming some out of even more money.
Google is accusing the developers of breaking its terms of service and violating the Racketeer Influenced and Corrupt Organizations Act. It’s asking the court to block them from committing further fraud and award Google an unspecified amount in damages.
Amazon still has a serious plastic waste problem in the US
Despite making pledges to cut down on plastic packaging, a new report from the nonprofit conservation organization Oceana estimates that Amazon’s plastic waste has continued to grow in the US.
The company created 208 million pounds of plastic waste from its packaging in the US in 2022 alone, which Oceana says is enough trash to circle Earth more than 200 times in the form of plastic air pillows. That’s a nearly 10 percent jump from the amount of plastic waste it generated the year before, according to the report.
The US is a worrying outlier for Amazon, Oceana says. Globally, the e-commerce giant says that it reduced its use of plastic packaging 11.6 percent in 2022 compared to the prior year. But the US is the company’s biggest market, and Oceana argues it’s where Amazon needs to make a lot more progress.
“Why are U.S. customers being left behind?” Matt Littlejohn, Oceana’s senior vice president for strategic initiatives, said in an emailed press release.
There’s not much transparency on how much plastic waste Amazon pumps out from place to place. Its latest sustainability report, which covers 2022, doesn’t break the data down by country. It also doesn’t report on all the plastic waste generated by orders fulfilled by third-party sellers. So Oceana relied on market data from firms Mordor Intelligence and Euromonitor to conduct its analysis, and then made adjustments based on public statements Amazon has made about new measures meant to reduce waste.
In an email to The Verge, Amazon vice president of mechatronics and sustainable packaging Pat Lindner called Oceana’s analysis a “misleading report with exaggerated and inaccurate information about our plastic packaging” and pointed to the company’s “multi-year effort to eliminate plastic delivery packaging from our US automated fulfillment centers.”
Plastic film bags used for packaging generally aren’t accepted in curbside recycling programs. Because this type of plastic is trickier to rehash than bottles, consumers who want to steer it away from landfills and incinerators would need to take it to designated drop-off locations in the US.
In July of last year, Amazon appeared to make a vague commitment to ditch some of its iconic plastic packaging altogether. “We are phasing out padded bags containing plastics in favor of recyclable alternatives,” the company said in its sustainability report at the time. But it didn’t set a timeline for when that would happen.
Oceana wants to see the company phase out plastic packaging in its home base, the US. It’s also calling on Amazon to shrink the total amount of plastic packaging it uses by a minimum of one-third by the end of the decade.
X’s ‘complimentary’ Premium push gives people blue checks they didn’t ask for
Just as Elon Musk said, X is doling out free Premium and Premium memberships to accounts with a high number of verified followers.
Multiple X users on Wednesday reported seeing the familiar blue “Verified” checkmark next to their handles despite not paying for either paid X subscription tier. Musk last week announced that X accounts with over 2,500 “verified subscriber followers” would receive a free Premium membership; while accounts with over 5,000 would receive a free Premium Plus membership.
based on all the confused tweets i’m seeing, it looks like Twitter / X is starting to really ramp up the roll out of this now
if you suddenly have a blue checkmark even though you’re not paying for one, this is why: pic.twitter.com/T1XaBEeGgn
Before Musk’s takeover, the verified symbol on the platform known as Twitter was generally applied to celebrities, politicians, journalists, and others in the public eye. After the platform rolled out paid verification, it became a label anyone could obtain along with purchasing a Premium membership. Previously verified X users who refused to pay lost their checkmarks, though Elon Musk personally intervened to push it on people like Steven King and LeBron, and it was eventually added to many accounts with more than a million followers (which also verified accounts for many people who’d died or otherwise had not requested it).
Now, it appears that many influential X accounts with already large followings in the tens or hundreds of thousands (which may translate to verified followings that cross the benchmark) are once again check-marked, or will be, whether they like it or not.
X users who were granted verification under the latest scheme received the following message, according to a screenshot by Peter Kafka of Business Insider.
NASA Picks 3 Companies to Help Astronauts Drive Around the Moon The agency’s future moon buggies will reach speeds of 9.3 miles per hour and will be capable of self-driving.
A first look at Europe’s alternative iPhone app stores
DMA is about to unleash a brave new world of game emulators, clipboard managers, and uncertainty.
Almost a month after Apple’s begrudging capitulation to the Digital Markets Act (DMA), only one third-party iOS app store is currently live in Europe. It’s the B2B-focused Mobivention marketplace that allows companies to distribute their own apps internally. While that’s fine and all, things won’t stay this way for long — and it’s what’s coming soon that’ll really pique the interest of Verge readers.
Both the Epic Games Store and MacPaw’s Setapp have been announced, but it’s AltStore that’s likely to hit EU users’ phones first. This new app marketplace from developer Riley Testut is a version of AltStore, an App Store alternative that launched in 2019 that doesn’t require users to jailbreak their devices. The primary drive for its creation was Delta, a Nintendo emulator that Testut and his business partner Shane Gill are now bringing to the iPhone through their European app marketplace.
Currently, the new version of AltStore is deep in Apple’s approval process and will be ready to go live once it gets the thumbs up from the company. Thankfully, we’ve already had a chance to preview the marketplace and spend some time kicking its tires.
One reason we’ve not seen more app stores launch at this point in time is partially down to Apple making it too costly. For example, its Core Technology Fee (CTF) requires developers to pay Apple 50 euro cents for every annual app install over 1 million, but developers of third-party app stores must pay the CTF for every first annual install of their app marketplace. In other words, every download of AltStore and Mobivention costs their developers 50 euro cents — a fee that could quickly become unsustainable. The current AltStore has been downloaded over a million times, for example.
There’s no best practice guide on managing this, but Mobivention has passed the CTF fees onto its customers through membership packages. At the time of writing, AltStore hasn’t announced how it plans to handle this.
Such fees aren’t financially devastating for users, but they could be enough of a blocker to stop the slightly curious from exploring alternative app stores — especially if people aren’t really sure what they’ll find there. No one likes paying for services they may not use, after all.
Installing an app marketplace
Another potential roadblock to widespread third-party marketplace adoption is just how fiddly it is, with each store taking around a dozen screen interactions to install.
It goes like this: you begin by clicking a browser-based link to load the alternative store. From there, you receive a pop-up informing you that your installation settings don’t allow marketplaces from that developer. Then, you head into Settings, enable the marketplace, return to your browser, click the download link again, and receive another prompt asking you to confirm the install. Finally, you can open the store and browse the available apps.
It’s not a tricky procedure to follow, but there are enough steps and scary language to make it irritating and act as a deterrent — especially when Apple’s App Store only requires a single click to get going. It’s hard to view this as anything other than the company’s attempt to sap people’s energy and dissuade them from carrying on, especially given Apple’s historical prowess at designing user experiences.
Thankfully, installing third-party apps themselves is easier. On both Mobivention and AltStore, it’s effectively the same process as the App Store: you click on a button that says “install” and… it installs. On first inspection, at least.
While this method works for AltStore’s bundled apps — Delta and Clip — using software from other providers requires a slightly different approach. AltStore allows you to add “sources,” which are URLs developers share that contain JSON files holding app metadata. Once these sources are added, the apps they point to can be downloaded from AltStore. It’s a little Inception-esque: stores within a store.
Clearly, this decentralized approach differs from Apple’s all-inclusive App Store and could further deter the general public. It’s a little complicated for most people. Saying that, I’d bet a lot of enthusiasts are rubbing their hands together with glee about this unrestrained approach to app distribution.
These sources won’t be available at release, but Testut says this is a “priority post-launch,” and there will soon be a curated list of recommended source partners to download apps from.
As I didn’t try out a source in the course of my testing, this left me to focus on the two apps available at launch: Delta and Clip. And this is where things get particularly exciting, because Delta, especially, is terrific.
Are the apps worth all the pain?
Delta is primarily a Nintendo emulator that focuses on the NES, SNES, N64, and pre-Switch handhelds. I wasn’t expecting to be impressed by the free app, but it genuinely blew me away. Playing classic games on my iPhone is something I didn’t even know I missed.
Actually using Delta was a breeze. You can upload ROMs via iCloud Drive or from your phone’s Download folder, and the performance while playing various titles was excellent. I will say that the controls were awkward on the touchscreen, but connecting an external controller made things much easier — even if I had a few issues accessing Delta’s menu afterward.
All in all, though, as someone who grew up with these games, finally playing them on an iPhone feels nothing short of magical.
Clip was another app I enjoyed using. This clipboard manager requires a minimum Patreon pledge of $1 a month (plus taxes) to download. You can cancel this monthly pledge at any time and still continue to use Clip, but it won’t receive any updates.
Regarding the app itself, the version of Clip I tried differs from similar software offered on Apple’s App Store in that it constantly runs in the background. Normally, clipboard managers on iOS have to use a variety of workarounds to achieve comparable functionality. For example, Paste requires you to open the app each time you want to add something you’ve copied to the clipboard.
This is where Clip thrives, by comparison. When you copy something, you immediately receive a notification and can swipe down to save it to your clipboard. This means you have the option to add it if it’s something useful — like an address — or dismiss the notification if it’s something you don’t want logged, like a password. I found saving your copied items like this into a centralized location to be incredibly useful, as it makes sharing and reusing these snippets painless.
Clip works well, and it’s a tool I can see myself using, but it does raise some red flags. There’s a reason that Apple doesn’t allow fully functioning clipboard managers on the App Store after all. Security-wise, there’s a potential danger in allowing an app to snoop on everything you’re copying and pasting — especially if a bad actor manages to access your data store.
When I put this concern to Testut, he tells me Clip uses “standard iOS security (e.g. sandboxing)” and that everything is stored in an SQLite database, something that can’t be accessed by other apps, “unless your device is jailbroken.”
Caveat emptor
Nevertheless, it’s these types of apps that have raised concern around using third-party marketplaces — especially by companies like Apple. It contends that the DMA is throttling its ability to “detect, prevent, and take action against malicious apps on iOS and to support users impacted by issues with apps downloaded outside of the App Store.”
There’s some truth to that, but it’s not quite so binary. Apple still has to do a baseline review and notarize all apps on third-party app stores in order to “ensure [they] are free of known malware, viruses, or other security threats, function as promised, and don’t expose users to egregious fraud.” Under the DMA, Apple is also allowed to take “necessary and proportionate” steps to protect users and mitigate any security issues.
For example, after I had tested Clip, Testut had to tweak the app’s background monitoring feature in order for Apple to notarize it. The first version I tried used the user’s location to remain active, but was rejected by Apple. Testut then updated Clip with a Map feature — so there’s a reason for the app to remain active in the background — to receive approval.
This back and forth clearly shows that third-party marketplaces aren’t quite the Wild West some have feared.
This isn’t to say there aren’t dangers involved with operating outside of Apple’s walled garden though. Clip might protect your data, but what about the next app you decide to try? The sparsely populated app privacy sections on AltStore don’t help alleviate this concern, especially compared to the App Store. Being less secure doesn’t automatically mean you’ll have your identity or data stolen, but some additional transparency related to data collection, permissions, and privacy would certainly be welcome.
Likely, the biggest hurdle for the general public to adopt third-party marketplaces will be leaving the comforting embrace of the App Store. People have been downloading apps from Apple since 2008. Whether it’s security, user privacy, app updates, fraud protection, or refunds, you feel confident that Apple has it under control on the App Store.
Third-party app stores introduce an element of doubt. What happens if you’re out of the EU for over a month and apps you depend on stop getting updates? Or you want a refund on a defective piece of software? Or an app scams you?
In the case of AltStore, Testut says that since all marketplace payments are done via Patreon pledges, Patreon will deal with any disputes as it does on the existing AltStore. Other app marketplaces will take different approaches. With Apple, you always know where you stand.
While AltStore and Mobivention aren’t well known enough to inspire confidence in the same way Apple does, other big hitters might. Both the aforementioned Epic Games Store and Setapp marketplaces are on the horizon, and their higher profiles could convince people of their ability to mitigate harm and moderate disputes. Normalizing app downloads outside the App Store will also get a boost after the spring when Apple enables web distribution for large developers.
Of course, for the public to get used to alternative marketplaces, consumer-focused ones need to launch first. While AltStore may be close to going live, the approval process has been slow and drawn out causing the launch to miss its March target.
Fundamentally, in their current state, third-party iOS app stores like AltStore will only be attractive to power users, groups of enthusiasts who are desperate to solve niche issues or have particular interests in something they can’t get on the App Store, like a fully functioning clipboard manager or game emulator.
And Apple? It’s probably pretty happy with this. The fewer things that mess with its big old moneymaker, the better — even if its approach to DMA compliance makes the company low-hanging fruit for hungry EU regulators.
How one volunteer stopped a backdoor from exposing Linux systems worldwide
Linux, the most widely used open source operating system in the world, narrowly escaped a massive cyber attack over Easter weekend, all thanks to one volunteer.
The backdoor had been inserted into a recent release of a Linux compression format called XZ Utils, a tool that is little-known outside the Linux world but is used in nearly every Linux distribution to compresses large files, making them easier to transfer. If it had spread more widely, an untold number of systems could have been left compromised for years.
And as Ars Technica noted in its exhaustive recap, the culprit had been working on the project out in the open.
The vulnerability, inserted into Linux’s remote log-in, only exposed itself to a single key, so that it could hide from scans of public computers. As Ben Thompson writes in Stratechery. “the majority of the world’s computers would be vulnerable and no one would know.”
The story of the XZ backdoor’s discovery starts in the early morning of March 29th, as San Francisco-based Microsoft developer Andres Freund posted on Mastodon and sent an email to OpenWall’s security mailing list with the heading: “backdoor in upstream xz/liblzma leading to ssh server compromise.”
Freund, who volunteers as a “maintainer” for PostgreSQL, a Linux-based database, noticed a few strange things over the past few weeks while running tests. Encrypted log-ins to liblzma, part of the XZ compression library, were using up a ton of CPU. None of the performance tools he used revealed anything, Freund wrote on Mastodon. This immediately made him suspicious, and he remembered an “odd complaint” from a Postgres user a couple of weeks earlier about Valgrind, Linux’s program that checks for memory errors.
After some sleuthing, Freund eventually discovered what was wrong. “The upstream xz repository and the xz tarballs have been backdoored,” noted Freund in his email. The malicious code was in versions 5.6.0 and 5.6.1 of the xz tools and libraries.
Shortly after, enterprise opensource software company Red Hat sent out an emergency security alert for users of Fedora Rawhide and Fedora Linux 40. Ultimately, the company concluded that the beta version of Fedora Linux 40 contained two affected versions of the xz libraries. Fedora Rawhide versions likely received versions 5.6.0 or 5.6.1 as well.
PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES for work or personal activity. Fedora Rawhide will be reverted to xz-5.4.x shortly, and once that is done, Fedora Rawhide instances can safely be redeployed.
Although a beta version of Debian, the free Linux distribution, contained compromised packages, its security team acted swiftly to revert them. “Right now no Debian stable versions are known to be affected,” wrote Debian’s Salvatore Bonaccorso in a security alert to users on Friday evening.
Freund later identified the person who submitted the malicious code as one of two main xz Utils developers, known as JiaT75, or Jia Tan. “Given the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system. Unfortunately the latter looks like the less likely explanation, given they communicated on various lists about the “fixes” mentioned above,” wrote Freund in his analysis, after linking several workarounds that were made by JiaT75.
JiaT75 was a familiar name: they’d worked side-by-side with the original developer of .xz file format, Lasse Collin, for a while. As programmer Russ Cox noted in his timeline, JiaT75 started by sending apparently legitimate patches to the XZ mailing list in October of 2021.
Other arms of the scheme unfolded a few months later, as two other identities, Jigar Kumar and Dennis Ens, began emailing complaints to Collin about bugs and the project’s slow development. However, as noted in reports by Evan Boehs and others, “Kumar” and “Ens” were never seen outside the XZ community, leading investigators to believe both are fakes that existed only to help Jia Tan get into position to deliver the backdoored code.
“I am sorry about your mental health issues, but its important to be aware of your own limits. I get that this is a hobby project for all contributors, but the community desires more,” wrote Ens in one message, while Kumar said in another that “Progress will not happen until there is new maintainer.”
In the midst of this back and forth, Collins wrote that “I haven’t lost interest but my ability to care has been fairly limited mostly due to longterm mental health issues but also due to some other things,” and suggested Jia Tan would take on a bigger role. “It’s also good to keep in mind that this is an unpaid hobby project,” he concluded. The emails from “Kumar” and “Ens” continued until Tan was added as a maintainer later that year, able to make alterations, and attempt to get the backdoored package into Linux distributions with more authority.
The xz backdoor incident and its aftermath are an example of both the beauty of open source and a striking vulnerability in the internet’s infrastructure.
The lesson from the xz fiasco is that investments in maintenance and sustainability are unsexy and probably won't get a middle manager their promotion but pay off a thousandfold over many years.
A developer behind FFmpeg, a popular open-source media package, highlighted the problem in a tweet, saying “The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion dollar corporations expect free and urgent support from volunteers.” And they brought receipts, pointing out how they dealt with a “high priority” bug affecting Microsoft Teams.
Despite Microsoft’s dependence on its software, the developer writes, “After politely requesting a support contract from Microsoft for long term maintenance, they offered a one-time payment of a few thousand dollars instead...investments in maintenance and sustainability are unsexy and probably won’t get a middle manager their promotion but pay off a thousandfold over many years.”
Details of who is behind “JiaT75,” how they executed their plan, and the extent of the damage are being unearthed by an army of developers and cybersecurity professionals, both on social media and online forums. But that happens without direct financial support from many of the companies and organizations who benefit from being able to use secure software.
Now there’s an AI gas station with robot fry cooks
There’s a little-known hack in rural America: you can get the best fried food at the gas station (or in the case of a place I went to on my last road trip, shockingly good tikka masala). Now, one convenience store chain wants to change that with a robotic fry cook that it’s bringing to a place once inhabited by a person who may or may not smell like a recent smoke break and cooks up a mean fried chicken liver.
The convenience store chain Re-Up announced that it's installing “The Wingman,” a robot from Nala Robotics that drops fry baskets into hot oil and rolls chicken wings around in sauce before dumping those things into buckets for your consumption (at least, based on the video below). The company says that the machine will use “advanced artificial intelligence technology” to give customers “fully customizable fried chicken, french fries and other menu items.”
A quote from the release reads: “The Wingman doesn’t get sick can work around the clock and can cook any dish efficiently all the time, improving on quality and saving on labor costs.”
But the store isn’t apparently just focused on employing robot fry cooks. Re-Up founder Michael Salafia says that “by harnessing the power of AI, we are able to provide our customers with convenient, personalized, and safe shopping and dining experiences.” Honestly, I always felt pretty safe around Chet, and he always knew my order, but this is the future, right?
Re-Up has nine stores currently (with more planned), including one that just opened in Melbourne, Florida, near Melbourne Orlando International Airport. Other locations in Georgia, Mississippi, Florida, and Alabama are listed on Re-Up’s site, which also features this image of a robotic arm dipping its robotic finger in a latte:
Will the Apple antitrust case affect your phone’s security?
Of all the allegations that the Department of Justice has laid at Apple’s door, the most contentious is perhaps its salvo over security and privacy. Apple has warned that if the DOJ gets its way, Apple products — especially the iPhone — will be less secure for users. Meanwhile, the DOJ claims that Apple’s much-touted privacy features are pretextual.
The complaint in the DOJ’s antitrust lawsuit against Apple says that the company “wraps itself in a cloak of privacy, security, and consumer preferences to justify its anti-competitive behavior.” In the press conference announcing the lawsuit, Assistant Attorney General Jonathan Kanter said Apple’s choices have actually made its system “less private and less secure.”
“Apple selectively compromises privacy and security interests when doing so is in Apple’s own financial interest,” the complaint reads, “such as degrading the security of text messages, offering governments and certain companies the chance to access more private and secure versions of app stores, or accepting billions of dollars a year for choosing Google as its default search engine when more private options are available.”
It’s a particularly aggressive shot at a company whose branding strategy heavily emphasizes privacy by design. In Epic v. Apple, the judge found that user privacy and device security were acceptable reasons behind some of the company’s extremely restrictive (and financially lucrative) App Store policies.
In press briefings, spokespeople for Apple have taken umbrage with the DOJ’s assertion that the company’s privacy and security features are pretextual and have asserted that the antitrust suit will ultimately harm users.
The DOJ’s attack on one of the core tenets of Apple’s brand identity relies on how broad the general concept of user privacy is, going far outside of the issue of App Store review to make its point.
The complaint emphasizes that, unlike iMessages, iPhone users’ SMS communications with Android users — i.e., green bubble texts — lack encryption.
“Apple forces other platforms to use SMS messaging. It doesn’t allow them to integrate with iMessage or another encrypted message platform built-in,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told The Verge in a phone interview. Since SMS messages aren’t encrypted, they’re less secure by default.
Apple has previously said its devices would begin supporting RCS, a more secure messaging protocol that will make communications with Android devices encrypted, later this year.
But the DOJ is on shakier ground once the attention shifts away from green bubble texts and back to the App Store. At the DOJ press conference, a reporter noted that a member of Congress said that stripping Apple of the ability to vet the products uploaded onto the App Store could “open the door to apps made in China and Russia, and other adversaries, if you will.”
Attorney General Merrick Garland said the lawsuit’s goal is to limit “exclusionary conduct” in the App Store, not to reduce Apple’s ability to vet apps. The lawsuit specifically asks the court to prevent Apple “from using its control of app distribution to undermine cross-platform technologies such as super apps and cloud streaming apps.”
But super apps like WeChat effectively function as app stores of their own. For the DOJ, this has less to do with privacy than it does competition. It’s not like that’s coming out of nowhere — the lawsuit notes a board of directors presentation in which Apple described super apps like WeChat as a “major headwind” to boosting iPhone sales abroad.
However, some security experts note that Apple’s App Store is indeed safer than those on Android phones.
“Our data from millions of device scans on iOS and Android devices around the world suggests that open app stores lead to more malicious activity than closed ecosystems,” said Danny Rogers, the CEO of the cybersecurity company iVerify, whose app detects malware on phones and computers. “So while opening up app stores to third parties might be good for competition, it will likely increase malicious activity as well.”
That malicious activity ranges from operating system-level compromise to the presence of spyware like Pegasus, Rogers told The Verge. “We see almost 100x more frequency of security issues pop up on Android compared to iOS,” Rogers said, even though the app has conducted more iOS scans than Android scans.
Daniel Kahn Gillmor, the senior staff technologist at the American Civil Liberties Union’s speech, privacy, and technology project, said the higher rate of malware on Android devices may be related to the phones having a “much longer shelf life” than iPhones. “You’re going to find more vulnerabilities on these old, outdated Android devices simply because those old, outdated Android devices are out there and they’re on sale,” Gillmor said. “Apple has done a good job of keeping their update process regular — and also at decommissioning old iPhones. They’ll tell you, ‘This thing is not good anymore, you have to get a new one. We cannot support it.’”
Gillmor agrees that an app store “with much looser controls” could lead to “more invasive, infectious garbage being pushed onto people’s phones,” he said. “But that risk is worth it, because it means that we also allow software that Apple might disapprove of, for whatever their political reasons are.”
“It’s unquestionable that Apple exercises tight control over its ecosystem than is necessary to have a healthy software ecosystem” on its phones, Gillmor said. “Even Apple’s computers let you install software from anybody that you want.”
For now, it’s simply too soon to say how iPhone users’ privacy will be affected — we don’t even yet know what the Justice Department wants as a remedy if it wins, let alone what it will actually get. (And all of that, of course, is contingent on it winning in the first place.) “There are so many different pieces of this,” Steinhauer said. “I don’t see how they could possibly win all or lose all.”
Twitch’s Hype Train record smashed again by Pirate Software
Game developer Jason Thor Hall, better known by the moniker Pirate Software, has set a new Twitch Hype Train world record, with his channel reaching level 106 on April 1st. Once the Hype Train was initiated, it took Hall roughly three hours to beat his previous level 55 world record from December, with viewers contributing 54,380 gifted subs (alongside regular subscriptions) and 8,225,386 Bits — likely earning Hall a healthy six-figure sum in the process.
Hype Trains, a feature that Twitched launched in 2020, are a limited-time event triggered when a channel receives an uptick in Bits or subscriptions, pushing past a streamer-designated threshold. While we won’t know the official figure paid by Hall’s community, it’s sure to be significant: in the US, gifted subs range between $4.99 - $24.99, and 100 Bits can be purchased for $1.40.
Hype level LITERALLY over 100! Congrats to @PirateSoftware and his community on setting a whole new bar with the hypest Hype Train, ever.
The new record set by Hall comes just days after Twitch introduced new Hype Train rewards that could be obtained by reaching level 100, making him the first streamer to unlock the KappaInifinite emote. According to Hall, the KappaInifinite emote is rolling out gradually to Hype Train participants because the event “hit the website so hard they had to rate-limit the delivery.”
How Meta’s global head of safety approaches online age verification
“The ability to know somebody’s age and try to protect privacy at the same time can be challenging,” says Meta’s Global Head of Safety Antigone Davis. Meta has been advocating for app store operators like Apple and Google to be in charge of verifying users’ ages and soliciting parental consent for app downloads. Now, it’s using its own virtual reality Quest store as a model for how it thinks that should work.
Meta is prompting Quest 2 and 3 users to reenter their birthdays so that it can place accounts in the appropriate age experience as it tries to centralize age verification through its Quest store. Teens aged 13 to 17 will have more privacy settings turned on by default and can be monitored through parental supervision tools. Preteens aged 10 to 12 have even more restrictive settings turned on, with only parents or guardians able to change privacy settings.
Davis told The Verge that Meta is trying to solve for age verification challenges with this effort “while protecting privacy and access considerations. And you’ll see the same thing in the federal legislation that we’re proposing.”
Meta has been investing in its own user age group API so that app developers can sort their offerings into different age groups. Meta is asking developers to self-certify which age group (preteens, teens, or adults) their apps are targeted at, and by using the API, Meta can communicate with the app about whether a user is eligible to use it or not.
It’s similar to what Meta has proposed at the federal level, where it wants to see mobile app store operators like Apple and Google be tasked with verifying users' ages so that information can be shared with apps used on their devices. That would mean that users wouldn’t need to verify their ages from one app to the next because they’d do it once while setting up their phones.
If that sounds like Meta passing the buck to other tech companies for age verification, Davis says its work on the Quest store should show that it stands by what it’s advocating for.
“Where we have an app store, we are” taking action, Davis told The Verge. “That’s evidenced by what we’re doing today.”
Still, finding the right method for age verification remains a tricky task. Some policymakers have scoffed at using methods like self-proclaimed birthdates to verify age since it’s easy to lie on the app. Davis said Meta will double-check any users who say they’re suddenly in a different age category when they reenter their birthday and require them to verify with an ID or credit card. Meta doesn’t store that information long-term after it completes the process.
Across different services, Meta has tried an array of age verification methods. For example, it’s used AI face-scanning tool Yoti on Facebook Dating and also will occasionally check government IDs, which it stores short-term with encryption. But there’s no perfect solution.
“There is no one panacea,” Davis said. “That’s why I think you see the industry has struggled a bit to come up with a simple and easy solution.”
That’s why, according to Davis, the simplest and least privacy-invasive way to do age verification would be when consumers are setting up their phones, especially since it’s a time when kids and teens are likely right next to their parents, increasing the chance of more accurate age information.
While online safety measures for kids are a hot topic in Congress, there’s limited time to get legislation passed this year. Meanwhile, states, including Florida, have moved forward with their own age verification laws, requiring parental consent to use social media for large groups of young teens.
Davis said that’s creating a complicated patchwork for companies to navigate. “What you’re finding right now is that some states specify the type and form of age verification, some states don’t specify the type and form of age verification. Some have some idea of accuracy rates that they think should apply; some don’t offer any accuracy rates,” Davis said. “There’s significant ambiguity in many of the laws, and I think there will be some concerns about liability and risk for all companies with the laws as they currently are.”