No; iMessage isn’t intercept-proof.

*** (April 5, 2013) Update: TechDirt has a nice post about the whole affair. They summarize the counterarguments against the DEA memo and the original CNET story; and they line up quite nicely with mine ūüôā They also include snippets from Julian Sanchez that offer more details and some possible motives for this whole exercise. Woot!

Argh. This story is traveling around the OMGosphere. A DEA office sent an internal notice among its agents and investigators. The notice was meant to warn them about the inability of pen registers and trap and trace devices to log Apple iMessages. The devices in question work like the call list on your phone; every call you make and every call you receive are logged. Extend that idea to include SMS messages (mobile texts) and you get the idea. It’s a form of wiretapping, but it doesn’t necessarily include logging the content of the communication.

The DEA uses these devices to record evidence of contact and communication between suspects. If they’re logging the phone calls made and received by gang members, the record of their intercommunication history could be used in court to show collusion in criminal activity, for example. RICO Act type of stuff.

Most of this equipment is installed and maintained by the phone companies to meet their legal disclosure requirements; when an agency comes knocking and asks for a full bidirectional record of calls for a certain phone number, the company is required to produce it.

The DEA warning was issued because agents discovered that the communication records they received weren’t always complete. The missing events were iMessages sent between two Apple devices; two iPhones, an iPhone and an iPad, two iToilets, etc.

So, that means that Apple iMessages have unbreakable encryption and are so amazingly great that EVEN THE DEA CAN’T TRACK THEM! ¬†Right?



Internet, there are times when I want to hit you with an atomic hockey stick.

DEA foiled again!

Why are SMS messages logged while iMessages are not? A few reasons that have nothing do with super Apple encryption framice plates.

1. SMS messages are handled by the phone company network. The capability to transport text messages between mobile phones is built right into the specifications of the mobile phone networks. When you send a mobile text message, the message protocol includes source and destination headers telling the tower where the message originated and who it’s for. The logging equipment at the phone company can simply take those headers and add them to the record.

2. iMessage is not a standard adopted by the Mobile Phone Industry. Apple handles the routing of iMessages. When you send an iMessage from your iPhone — assuming you send it via mobile data and not Wifi — the cell tower treats it like a bunch of ordinary data packets; you might as well be uploading a photo or streaming some music. The packets will have source and destination headers of their own, but only to move the packets to an Apple server. The actual source and destination of the iMessage will be part of the data packets’ content, not as cleartext metadata on the outside of an SMS message.

3. Pen registers and traps aren’t psychic. There are people in the world who think that a virus scanner is capable of identifying any kind of virus. Surprisingly, the scanner is not an oracle; it’s just pattern matching to a list of known patterns. Have you ever been bothered by anti-virus software begging you to update your virus definitions? The software needs to have the latest set of known virus patterns (or signatures) so that it can detect known threats. If the definitions haven’t been updated in 2 years, there are lots of new virussessesesesssii the scanner will miss. The wiretaps can work in a similar fashion. They can sit in the network and look for SMS-shaped things, voice call-shaped things, etc. They have been told how to identify those events; they don’t get a tingling spidey-sense when an SMS is nearby. It’s entirely possible that the wiretap equipment could be given an update allowing it to identify the signature of an iMessage, if not the ability to decode it. Depending on the iMessage spec, messages may have a structure that is observable even when encrypted; messages may have a specific preamble; all packets heading to a set of identified iMessage servers could be flagged, etc.

4. It is almost certain that Apple IS maintaining a log of iMessages in order to comply with legal requirements. If so ordered, they would be required by law to produce activity logs for individual iMessage accounts. In this case, the DEA agents weren’t aware that the Apple-held data wouldn’t be logged by the phone company. This wasn’t a triumph of Apple tech against evil government privacy violations. This was a temporary ignorance of modern communications tech.

Thus endeth the lesson.


Android Phone Goes Inky. E Inky, Prototypically Speaking.

Wow, what a great headline…

I read an article at Laptop Mag regarding a prototype Android phone that uses an E Ink display. ¬†My inner critic decided to outwardly criticize, producing a rather lengthy blog comment. ¬†I reprinted the comment here on my own blog because… well, why not?

Laptop Mag’s hands-on demo:

My response:

Notwithstanding the super-light weight and super-long battery life that E Ink affords this device, the display is a showstopper. The talk about using an older processor is a red herring; a faster processor won’t fix fundamental characteristics of the display. The currently available generations of E Ink give you a trade-off between refresh speed and power consumption; crappy refresh rates mean long battery life, fast refreshes are draining.

The E Ink screen is great for displays that don’t require rapid refresh, but this prototype demonstrates how inappropriate it is as a smartphone’s primary display.

Motofone F3

When you buy an Android phone with multi-touch, the implication is that you’ll be interacting using finger swipes and taps, and that your interactions produce feedback quickly enough to make the experience seem natural and effortless. What we think of as normal single- and multi-touch functions would lose much of their utility; pinch-to-zoom, for one, would be a noticeable series of zoom-in steps (instead of a fluid growing and shrinking effect), something you could achieve with a zoom-in button and a single finger.

I‚Äôm not trying to bad-mouth E Ink, here ‚Äď this is just not a viable application until/unless E Ink rolls out a display that gives you imperceptible refresh without massively increasing power consumption, hopefully at a reasonable price.

It would be cool to have the option of swapping your phone’s display, either physically changing it for another one or flipping one over the other like a book cover. There are times when I wish my display was e-paper, but then I look at my Motorola F3 and all is forgotten.


LG Support Super Happy Fun Time

Who doesn’t love an easter egg hunt?

Staring at the refurb LG television on my desk, I felt the need to check its customizability, or “hackability” for those wearing rollerblades. ¬†Before any of that could happen, I wanted to find precise specifications and descriptors for the TV to help my search. ¬†The logical place to start was the manufacturer’s support site… ¬†Corporate product support sites are universally craptastic, but LG has a way of making theirs even more frustrating.

Model 22LG30 LCD TV

Example: the exact model number stamped on the back of my TV isn’t listed in the product search. ¬†I have a 22LG30-UA. ¬†When I visit LG’s Canada support page*¬†and enter “22lg30-ua” I get no results at all from the quick menu or drop-down menu. ¬†Hmm. ¬†That’s not a good sign. ¬†Clicking the Search¬†button brings me to a results page that purports to show close matches to known products. ¬†But there are none. ¬†Zero matches for product, tutorials, or frequently asked questions.

*Strangely, I initially landed at the UK support site. ¬†I can’t say that this was LG’s doing since I performed a Google search instead of entering the basic URL, but I didn’t realize I was at the wrong site for my region for a few minutes. ¬†A “you appear to be in Canada, would you like to visit their site instead?” message would have been appreciated.

Playing the game, I try a less specific search term, “22lg30” (case isn’t important) and I get this from the quick menu:


Notice the total lack of “22LG30-UA” results. ¬†This time, at least, I have some leads.

This is a clear UX failure; you’ve asked me for a model number, I gave it to you verbatim, you tell me there is no such product. ¬†One of us is lying or misinformed. ¬†I can appreciate that they have oodles and oodles of model numbers and that running a support site isn’t generating revenue, but somewhere in the corporate databases there must be a master list of model numbers that could be dumped to the support site. ¬†Then, at least, a user would have the luxury of finding that his television really does exist.

So, I have two possible matches for my model, “22LG30DC” and “22LG30DC-UA“. ¬†What do these mean? ¬†What is the difference between a model that has “UA” and one that doesn’t? ¬†Is there a default, generic result that I should try first? ¬†There are many ways to help me, the frustrated user, complete his task, but I’m left to click through each link.

I clicked the results in order, looking through the first result, then back to look at the second.  The pages were exactly the same in any meaningful way and looked like this:


There was no information about region specifics (is this a UK model, a Canadian, a German?), no explanation of the “UA” suffix, no information about release year or years, no mention of product family or relation to other products. ¬†There wasn’t even a picture of the TV! ¬†All you get is a generic, slightly ghosted flat panel TV image, which is quite unhelpful when the user wants to know if it’s his television and, naturally, there is no caption or asterisk telling you that it isn’t a picture of your device.

The Help Library section, which one expects to have tips about the device, includes gems like:

  • Sharing Files & Folders – Windows Vista OS
  • Smart TV – Resetting of Netflix Premium Application
  • DLNA not supported on Macintosh Operating System

None of these is related to the product on the page. ¬†Oh well. ¬†Let’s check the manual and get all of the information we want:


THANK YOU!  Not even a manual to peruse for the 22LG30DC-UA model.  The 22LG30DC model does list a manual, a PDF document (sigh) which appears to match my product.  PDFs are annoying in all sorts of ways, but at least I do, eventually, get the info.

My favourite part of this whole exercise? ¬†Finding LG’s USA support site. ¬†It has an exact listing for “22LG30-UA” with the correct product image (top of this post, source, a spec sheet with information not found in the manual, and different Help Library information that is also unrelated to the product.¬† Parfait.

Why is the support database balkanized into separate regions like this? ¬†It makes a certain logical sense for each region to list only the models actively sold (and therefore supported) in that region, and it will probably have no negative effect on most users, but there are many realistic and recorded scenarios where users find themselves unable to get what they need. ¬†From the outside, I can’t know the real reasons for the regionalized nature of LG’s support system. ¬†I would not be surprised, however, to learn that no real usability analysis or user testing was performed, and that support was organized according to the structure of the companies involved rather than a genuine effort to provide a service to the customers.

The whole foundation of good user experience design is knowing your users, and anyone who has really tried to know their userbase has discovered a heterogeneous group of people with different expectations and different ways of solving their problems. ¬†Accepting that reality, a good designer must account for these different expectations and methods, finding ways to accommodate and assist. ¬†You can’t make every task the press of a single button, nor can you make every user act according to your plans, but you¬†can offer suggestions (“You might also check our other regional support sites”), useful information (“The sections of the model number refer to this year, this family, this region, this revision, etc.”), and more agency (“Enter this, press that button” vs “If you know X or part of X, you can search for Y here. ¬†You may also try these other methods, or follow our tutorial, etc. etc.”). ¬†A little consideration can build a lot of customer satisfaction.

LG Support has other ways to frustrate the consumer (not releasing updated firmware via the support page is a frequent complaint), but that’s enough for today.

My next post introduces us to the hidden world of the TV’s Service Menu.

Tron: Legacy: The Phantom Menace: Fully Loaded.

Dear Reader,

I find myself sitting here on a Sunday afternoon, eyes fixed on a terrible tragedy.  That tragedy is a movie called Tron: Legacy.

I could enumerate all of the horrible choices that were made in the story, the screenplay, the directing, the visual design, etc. ¬†I could do that. ¬†But I won’t – my neckbeard isn’t nearly thick enough for that kind of endeavour.

Instead, I will say this:   (SPOILER ALERT)

Jeff Bridges turns into a new age yogi or guru or hairy monk.  He wears a robe-like suit-like garment.

It has a bowl

A bowl.

Yes, a bowl. If I were the kind of guy who defends crappy movies, I would point out that all of the “people” living inside the computer have a similar bowl-shaped socket on the back of their garments. ¬†It is meant to hold an¬†dinner plate identity disc that stores your memories, yadda yadda, and doubles as a weapon. ¬†It’s basically a soul frisbee. ¬†Everyone has a soul frisbee.

Except poor old Jeff Bridges. ¬†I’ll spare you the hoary

“OMG I was betrayed by my own clone and I guess I’ll go be a space Buddhist and wear a robe thing and OMG I hope my son shows up and reminds me of who I was and some guy stole my soul frisbee¬†and now I can’t play Frolf but I hope¬†I can get my soul back and maybe a game of hackeysack”

plot since it’s not germane to the point I’m trying to make.

My question is this: Why does his monk suit have a bowl? ¬†It had a bowl. ¬†On the back, for the soul frisbee. ¬†I get the part about him being inside the computer and that everyone else has a frisbee socket, but he must have made the monk suit himself or at least ordered it from a tailor who takes neon water as payment. ¬†But at what point is he sitting on his computerized bench with a needle and thread thinking “Wait, this thing needs a bowl.” ???

You’re supposed to be the messiah to all of these two-dimensional characters (in 3D!), so surely you can give yourself a pass on the soul bowl garment requirement. ¬†Perhaps he didn’t want to stand out.

Jeff Bridges in his white monk suit.

I don’t want to look out of place here in this world of electric soul frisbees. ¬†I’d better put a bowl on my monk suit.

While trying to wrap my massive head around this question, I had an epiphany.

Tron: Legacy is the Phantom Menace of Tron movies.  Lots of money and effort spent on the CGI side, but the screenplay was given such little attention that it was launched into the sky when CGI jumped on the teeter totter.

This movie is a candy bin of horrors in the bulk food store of bad ideas, but it’s “Cash or Debit ONLY” and I’m $2 short of hobo bait, so I will leave you to ponder what I am calling “The Monk Suit Bowl Conundrum“, a mystery of such depth that it would require a diving bell full of Agatha Christies to discover its foundation. ¬†Puff puff.

Google Play says your username and password don’t match?

UX designers and coders take note: nothing will frustrate your users more than being asked for login credentials and being told that they’re wrong.

This is especially true when the user (me) is trying to enter a long alphanumeric password on a tablet with a stylus. ¬†Every time the user sees “username and password don’t match”, they will naturally assume that they’ve hit an extra key or capitalized something accidentally, and will grumble to themselves as they try again. ¬†Things get even more fun when the password field is masked with stars to prevent shoulder surfing.

It’s pretty easy to humble your user this way. ¬†So easy, in fact, that you should spend time analyzing the user’s task to see if you’re asking them the right questions and giving them enough help…

Case in point: Google Play Store. ¬†I have a very low cost (cheap) tablet on which I managed to load the Google Play packages. ¬†When asked to login to my Google account, I received the very helpful response “username and password do not match”. ¬†I attempted to login several times with my normal credentials and failed every time. ¬†There were any number of reasons for this to have failed (including the fact that my tablet was unsupported, ahem), but the real reason was ridiculous:

I use Google’s two-factor authentication.

Logging in to Google from a new computer usually means entering my username, password, and then a 6-digit number that is sent to my cellphone over SMS. ¬†If I enter the user/pass incorrectly, the error would be “username and password do not match.” ¬†If I enter the 6-digit number incorrectly, the error would be something like “incorrect PIN.” ¬†This is straightforward proposition: enter your Google username, your Google password, the PIN that Google sends to you; if you get something wrong, you entered the user/pass incorrectly, or you mistyped the PIN.

Google Play’s device login, however, doesn’t mention anything about PINs or two-factor authentication. ¬†A naive user, like myself, assumes that he must enter his normal Google username and his normal Google password. ¬†But that’s¬†wrong. ¬†Normal username, yes, but you¬†must enter your “application specific password”.

What’s that? ¬†Rather than implementing the SMS PIN step, Google lets you create a sort of special password that you only use on mobile devices or desktop apps. ¬†There are many good reasons for doing this; it’s extra security against rogue apps or compromised devices (not exposing your main Google credentials), it saves developers using Google APIs from having to rework their products, and the application specific password is only made of lower-case letters so that mobile users won’t have to fiddle with entering special characters.

Good reasons, all of them. ¬†But it all falls apart at the user interface. ¬†Users are dependent on the UX designer to give them the information they need for the task. ¬†Failing to mention mention that “password” could mean “application-specific password” is a big omission. ¬†Google’s support site does mention the issue, and users of 2-factor authentication are told in advance to expect this behaviour, but that doesn’t cut mustard.

Now, back to my under-powered plastic tablet and its slight violations of terms of service…

[Review] Space Shuttle: Final Countdown

Watching a show on eqhd about the Space Shuttle..  Shows the life of the Space Shuttle program from the design years of the late 60s and 70s to the retirement in 2011.

It’s made for a general viewing audience, so don’t expect any real insight or analysis. ¬†It offers a simplistic overview of the shuttle program, but at least it’s pretty. ¬†I liked that they included lots of interviews with actual astronauts and NASA staff. ¬†I would rather have had them narrate the whole thing.

It’s worth a look, but I have a laundry list of quibbles:

  1. The clips of the Challenger break-up had explosion sound effects dubbed in. ¬†I found that to be disrespectful, cheap, and totally unnecessary. ¬†It’s as though the break up of the launch vehicle and death of seven astronauts wouldn’t be enough to hold someone’s attention. ¬†This isn’t a World’s Greatest Disasters show, folks.
  2. The narration was tedious. ¬†The voice was an edgy bass that had the cadence and inflection of a movie trailer narrator. ¬†“In a world…”, that sort of thing.
  3. The suggestion that the possible loss of Columbia and astronauts Young and Crippen¬†during STS-1 would be the greatest space tragedy in history… ¬†so the loss of the three cosmonauts on the first Salyut mission was/would’ve been less tragic?

Streaming Music WILL NOT Destroy the Planet



A report with a very “link bait” title is making the rounds: “The Dark Side of the Tune: The Hidden Energy Cost of Digital Music Consumption.”

The premise is thus:

  • Music used to be encoded on physical objects, like records or CDs (things which had a one-time energy cost), that were possessed by a consumer
  • Music is transitioning from physical storage to electronic storage; the consumer doesn’t keep an object in his house, he just requests that an electronic copy of a song be sent to him via the Internet
  • It doesn’t cost much to transfer or “stream” music in this way, but it must be done many times over the life of the consumer
  • The net energy cost of streaming* music** will far outpace the net energy cost of providing music on physical media
  • Music** streaming* will some day consume a double-digit percentage of the world’s energy¬†production (unless we start a concerted effort to find new technologies, why oh why haven’t we started researching these things, oh wait we have, why are we writing this report in the first place)
* The report arbitrarily assumes that half of all music streaming will occur using wireless networks, presumably using much more energy per unit data than physical networks.

** An interesting bit of conflation happens here: the report is nominally about music, but the calculations of bandwidth usage include things like uncompressed video.

The first three points are basically true.  The latter two are bat-shit insane.

Some doozies I cherry-picked from the report:

¬†“Even with all traffic moving over to WiMAX, this traffic will nevertheless consume the energy equivalent of 21 per cent of the world’s total electricity consumption in 2010.”

!#%$&^%!&%!!!!!!! ¬† They’re suggesting that in 2027, 1 billion people would be using WiMAX (a questionable assumption) as their primary music-streaming connection (a very questionable assumption) with the same rate of power usage (an even more questionable assumption) per unit data transferred.

“To further illustrate the scale of data traffic and its energy drain, 2011 YouTube statistics indicate some 4 billion video streams per day [see Appendix 2]. ¬†Assuming a 1GB file size per video (half of YouTube’s 2GB cap), this represents daily data traffic consumption of approximately 8 exabytes – annually equivalent to 0.1 per cent of the world’s electricity consumption in 2010.”

!^$&@%$&!%@&$T!!!$R4!!!  I like that they arbitrarily set the average file size at half of maximum size.  I was once able to eat an entire cake for dinner, therefore I eat half a cake for dinner each night.  Lunacy.  There are a whole bunch of faulty assumptions being made.

  1. Even if a user has uploaded a 1GB video to YouTube, that does not mean that all the viewers will be downloading 1GB each time they view the video.  YouTube converts all videos to multiple sizes and qualities.
  2. There is no way in hell that the average video size is even close to 1GB.  According to this study done in 2010, the average length of a YouTube video was around 4 minutes.  Even if we are generous and assume that all videos are HD (around 20MB per minute), that works out to 80MB average.  80MB versus 1000MB.  A bit of a difference.
  3. The study assumes that 2 billion people globally will be streaming two hours of music every day, half of them using ADSL, half of them using GPRS. ¬†What’s GPRS? ¬†Oh, you know how everyone is rolling out 3G and 4G mobile phone networks? ¬†GPRS is 2G. ¬†Right, so 1 billion people are going to be using a technology that NO ONE is rolling out anymore, anywhere. ¬†Also notice that there are only two types of service mentioned here: physical network, cellular/mobile network. ¬†Did someone forget Wi-Fi? ¬†Most users not blessed with an unlimited cellular/mobile data plan (which is damned near everyone in the Americas, anyway) will opt for the much cheaper Wi-Fi in their own homes, coffee shops, schools, business, etc. ¬†This report¬†pegs the energy usage of GPRS at around 2.5 times that of Wi-Fi. ¬†I know this is an industry group for the music business, but I wonder if they get money from carriers to demonstrate the need for large government cash infusions into… carriers.


The whole report is a real trip.  If you are a policy maker, investor, or unusually gullible, I will simply advise you not to take anything in that report seriously.

Oh, you also have to subscribe to their newsletter in order to access the paper.  You can unsubscribe right away, apparently.  I will be.

How to stop HP printers from grabbing drive letters

A few months ago, I purchased a used HP Officejet Pro L7780 for my parents. ¬†It was quite an upgrade from the little Epson all-in-one that they had been using for the past few years. ¬†But there was a problem…

The software and drivers are painful to use.

I don’t know what kind of UX work went into this stuff, but it wasn’t enough. ¬†The drivers aren’t easy to install (especially for the scanner function), errors are cryptic and have a morbid finality to them, and a lot of the software’s behaviour isn’t user-customizable.

My biggest gripe, outside of the installation problems, is with the network mapping feature. The printer has a set of media card slots (SD, compact flash, etc.) that can be mapped to a drive letter on the user’s computer. ¬†For some reason, known only to HP, the mapping isn’t persistent and it isn’t controlled by the user; that is to say, the mapping has to be re-established each time the system boots, and the user can’t tell it which drive letter to use.

HP’s kludgy solution to the persistence issue (which is odd since persistent mapping is a feature in many operating systems) is to run a service at boot time. ¬†The service checks for available drive letters starting at Z and working backwards. ¬†When it finds one, it assigns it to the printer’s card slots. ¬†This means that no matter how you arrange your drives, the printer’s card slots will always show up somewhere in your drive list. ¬†It also means that the card slots can bounce around the drive listing with no fixed address.

For most of us, this isn’t a practical problem, just an annoyance. ¬†I can see that this behaviour would be beneficial in some situations. ¬†For instance, a novice user won’t be able to accidentally block access to the card slots by assigning their preferred drive letter to another device.

Personally, I want to be asked for my preference and I want to be able to change the software’s behaviour.

There is no way to use HP’s software to assign a preferred drive letter. ¬†It will always do the search from Z to A.

Stop the HP mapping service

The network drive mapping is done by a service called “HP Network Devices Support”. ¬†By default, the service launches when Windows boots. ¬†The easiest thing to do is to disable the service completely.

Open up the Services management console.  In Windows 7, click on the Start button, type services.msc then press the Enter key.

Scroll through the list until you find HP Network Devices Support.

You can see that the “Startup Type” is set to Automatic (Delayed).

Right-click on “HP Network Devices Support” and left-click on Properties.

Left-click on the Startup Type drop-down box and select Disabled.  Click Apply.  Now turn off the service by clicking on Stop.  Now click OK.

When you’re done, the Services console should look like this:

Okay, you’re done! ¬†The HP software will no longer try to map your printer’s card slots. ¬†Please note that you will still get pop-ups from HP software telling you that your printer is disconnected. ¬†If you want to stop those notifications completely, go back to the Services console, then Stop and Disable the following services:

  • HP Cue DeviceDiscovery Service
  • HP Service
  • hpqcxs08
If you still want access to the media slots, read on.

Making a permanent mapping

Under Windows 7, setting this up is quite easy.

Click the Start button, then click on Computer in the menu that appears.  You should see a list of drives.

There will be a set of links near the top of the window which say Organize, System properties, etc.  Click on the one that says Map network drive.

Choose your preferred drive letter from the list.

For this next part, you need to know the IP address or the network name of your printer. ¬†The network name is best, since the printer’s IP may change if your router uses DHCP to assign addresses. ¬†The network name will stay the same.

If you’re unsure of the IP or the network name, check your router’s setup. ¬†It should have a list of connected devices.

Click in the text field next to Folder, then type two backslashes, followed by the IP or the network name of the printer. ¬†Now click the Browse button. ¬†A dialog window should open with a list of network devices. ¬†If your printer appears in the list, click on the triangle next to it to reveal a folder named “memory_card“. ¬†Click on “memory_card“, then OK.

To make this mapping permanent, click the checkbox next to “Reconnect at logon”.

The printer should now be listed in Computer with the drive letter you chose.

Some User Experience Mistakes

  • Unexpected behaviour: ¬†the printer’s card slots are storage devices, but they are behaving unlike other storage devices. ¬†When the user adds a new USB stick or other memory device, Windows either asks for a preferred drive letter or it assigns the next available drive letter sorted from A to Z. ¬†The HP software doesn’t ask the user for a preferred letter and chooses the next available letter sorted from Z to A.
  • No choice / lack of choice: ¬†there is no way for a user to change the drive mapping behaviour by using the printer’s software. ¬†The user is forced to either live with it or disable the mapping service entirely. ¬†The card slots can be manually mapped to a specific drive letter, but this is an advanced procedure that most users couldn’t do.