Ask Different 
This is the twenty-third episode of the Ask Different Podcast. Your hosts this week are Kyle Cronin, Jason Salaz, Nathan Greenstein.
- We begin with some talk of the Ask Different 2012 Community Moderator Election that is currently in progress. This year’s election is different than last year’s for a number of reasons, most of which are directly linked to the size and participation in Ask Different. We discuss the voting process, STV, and we wish all of the candidates the best.
- Also in Stack Exchange news, Jeff Atwood has announced that he will no longer be working at Stack Exchange, beginning in March. He is leaving to spend more time with his children, including two new twins. We greatly appreciate all of the work he poured into Stack Exchange and are glad that he is able to choose to spend time with his family. You should also read Joel Spolsky’s farewell post on the Stack Exchange blog.
- The story of an iPhone interrupting the New York Philharmonic leads to a discussion of the behavior of the iPhone’s mute switch. Jason likes the current behavior where apps can choose to ignore the mute switch’s positon, but Kyle and Nathan think that all but the most important system functions should be silenced when the mute switch is set.
- It was recently discovered that the social networking app Path sent its users full address book data to its servers without telling the user. The blame for this must be placed more on Apple than on Path. Allowing all apps unrestricted access to address book data without asking the user for permission is a significant privacy risk, especially since most users believe that apps from the App Store are safe.
- The idea of Apple exposing address book data leads us to consider the alternatives. We don’t think that the current situation is secure, but we don’t all agree that apps should never have access to this info. One possibility is to have apps request access, much like location. This has the advantage of being easy and safe, but too many notifications could become bothersome. Kyle likes the idea of allowing apps access to address book data, but forcing them to request permission to send that data to a remote server.
- Kyle recently decided to jailbreak his iPhone 4, among many other reasons to try out a theme called Jaku, which was designed by Ask Different user cksum. Despite opening up a new world of features and possibilities, it does not fix certain nuisances we deal with in iOS 5 such as audio instability, and other slowdowns as the result of the many new features built into the update.
- Our Question of the Week is How do you prepare your Mac for the possibility of being stolen?, asked by Dan Surfrider on February 1, 2012. In addition to soliciting answers, Dan also talks about his use of Prey Project for recovering a stolen Mac, and the act of making the thief comfortable using the computer, in the hopes they will leave it on and not reformat it, allowing a greater chance for recovery. We talk about this and the act of securing and backing up your data for later recovery.
- Our App of the Week is Tweetbot, by Tapbots. Tweetbot recently released version 2.0 of the Twitter client Tweetbot. Along with the usual swath of bug fixes, many of it’s features have been given the usual coat of polish. You can read the Tapbots’ release notes for the iPhone version on their site. However, the bigger news by far was the release of the very first version of Tweetbot for the iPad. Tweetbot on the iPad has only ever run in iPhone/iPod compatibility 1x/2x mode, but no longer! Tweetbot for the iPad is a new binary, which means it is, unfortunately, a new $2.99 purchase on the iTunes App Store.
This episode was recorded on February 11th, 2012. You can subscribe to this podcast via RSS or iTunes. We would appreciate it if you could take a second to give us a rating on iTunes. We’d love to hear from you! Please feel free to leave a comment on this post or e-mail us at podcast@askdifferent.net. Thanks for listening.
Filed under Podcast
Jason is right. Once an app gets contact information, it can encrypt it in any way it wants, send it over the network, and that’s that.
The encrypted data would be derived from the private address book data, and would therefore also carry the flag indicating that it cannot be transmitted over the network without permission. Granted, this sort of model would be extremely difficult to retrofit both into Objective-C and Cocoa as well as support backwards compatibility with existing, compiled apps, but is technically possible.
One the reasons Apple tries to reduce the number of times the OS asks the user to make choices, particularly choices pertaining to security, is that they strive to provide protection without administration. When faced with a choice about security most users will make the wrong decision. Bruce Schneier explores this theme in The Psychology of Security and revisits it regularly on his blog. Schneier is also an advocate of finding the correct balance between security and usability.
Rick Wash explores Folk Models of Home Computer Security and how users make decisions based on their conceptualization of those models.
In short, security issues like the recent iOS address bookgate need to be addressed, but my hope is that Apple will find minimally intrusive ways to do so. Presenting users with endless choices, and multiple, finite settings, is not the answer.