Over my cornflakes this morning, I read Ben Hoyle’s interview with Tim Cook, CEO of Apple, in The Times Magazine.

This was one of those interviews which is sort of interesting but doesn’t really say much. Though I was quite taken with this description of Apple’s canteen where the cutlery is hidden from view in an illuminating example of form over function:

You can’t tell what the chefs are cooking because there are no menus on display (the options are on your phone if you’re an employee). You don’t seem to be able to pay cash for anything and there are no sauce sachets or eating utensils to be seen unless you know where to look (they’re with the other unsightly essentials like bottled drinks and napkins, sunk out of sight in smooth, curved central islands reminiscent of giant iPods).

What really struck me about this interview was the weird cognitive dissonance in the tenth paragraph. In this paragraph, Hoyle points out that:

Apple’s App Store is “curated” to the extent that you (and your children) won’t find hate speech or pornography on there.

That is, Apple – for better or worse – prioritises its values over the freedom of its customers to easily use the platform for activities which meet with disapproval from Apple. I wish this (puritanical?) attitude had been used to challenge in this bit of the same paragraph:

Apple has regarded privacy as “a basic human right” for a long time and “built the company around” that belief. The sprawling, intimate personal data profiles that companies like Facebook and Google compile “shouldn’t exist”, Cook thinks.

Cook claims that Apple is built around privacy. Yet, while Apple is happy preventing access to hate speech on the App Store, it actively promotes the Facebook app despite it asking for user permission to build data profiles which Cook says are antithetical to everything Apple stands for.

This seems a really odd moral position to me: if your company is reputedly built around one “basic human right”, why allow apps which violate that fundamental belief and ban apps which contravene less dearly held standards? The answer seems fairly obvious to me: the Facebook and Google apps are among the most popular, and are core to the iPhone experience. But can you really claim something is a cornerstone value if you ignore it to sell more phones?

I was also a bit riled up by this ludicrous comparison:

On cybersecurity … the company also protects its FaceTime and Messages apps with end-to-end encryption unlike, say, Google’s standard Gmail.

Why compare a closed messaging system, where end-to-end encryption is easy, with an open standard like email? That reads like a line supplied by Apple. It should have been challenged by asking if Apple’s iCloud email service protects messages with end-to-end encryption, which of course it does not.

There are a lot of things that Apple does extraordinarily well. It is evidently one of the corporate success stories of our time and has inspired phenomenol brand loyalty among a huge population of users. But it isn’t perfect.

Much of the media, and Hoyle’s article is no exception, seems far too credulous when it comes to Apple. Coverage of Apple would be much more satisfying if it showed a degree of balance or at least an attempt at challenging some of the more outlandish media lines rather than simply repeating them verbatim.

The picture of Tim Cook at the top of this post was uploaded to Flickr by Fabio Bini, and is used here under its Creative Commons licence.

The Economist’s data team has today published a blog post called “How much would you pay to keep using Google?” Unusually for The Economist, the headline isn’t really an accurate representation of the contents, which actually discuss research findings related to the amount people would have to be paid to give up using search engines in general.

But the original question got me thinking. A couple of years ago, I’d have responded with a fairly substantial sum. These days, I’m not so sure. I wonder what that says about the state of the company?

Google used to be the only decent search engine. That is no longer true. A couple of years ago, I decided to see if it was possible to go all-in on Bing. Ironically, this was somewhat inspired by Matt Cutts, formerly of Google, who gives himself 28-day challenges to test assumptions and better himself. Surely, I reasoned, it can’t be as bad as people make out, nor as bad in daily use as an occasional search to try it out makes it seem. I switched my default search engine to Bing in Chrome and on my mobile.

And do you know what? The vast majority of the time, it is perfectly competent. On very rare occasions when I’m struggling to find something I also try searching on Google: I’d say 75% of the time, I also fail to find what I’m looking for there. I’d also say, without any proper data to back up the assertion, that Bing’s results seem less replete with spammy useless links than Google’s. And Bing’s rewards scheme buys me an occasional coffee. I don’t think I’d pay for Google search.

But of course, Google provides more than just search. Would I pay for other components of their offer?

Would I pay for Gmail? There are perfectly decent alternatives to Gmail, and I rarely use my actual Gmail address but forward stuff to it from elsewhere, so redirecting future mail wouldn’t be a problem. Moving the archive would be a pain. I’d probably pay a small fee—a pound a month?—just to avoid the hassle.

One service I would definitely pay for is Google Maps. I use Google Maps every day and have not found anything that can even begin to compete. Back in December, Justin O’Beirne wrote a great essay on Google Maps’s moat—the content and time barrier which keeps it well ahead of competitors. On these terms, I guess Google Maps is probably the most “valuable” bit of Google to me.

Google Drive is great, but OneDrive is pretty great too. Chrome is my current default browser, but I’d happily switch to Firefox. Google Calendar is actually quite irritating (especially since ‘quick add’ was removed) and I use it only because it’s handy. I like my Android phone, but I’d get by on iOS. I’d be sad to lose my Chromebook, but Windows laptops aren’t quite the horror shows they used to be.

I enjoy watching occasional Youtube videos, but I wouldn’t really miss them if I couldn’t watch them any more. I use Google Photos, but I also upload all of my photos to other cloud services, at least in part because I don’t trust Google not to shut down Photos when it turns its attention elsewhere (à la Google Reader or Google Notebook, both of which closed while I was an active user).

More recent Google developments (Home, Assistant, Allo, Duo, Now) have totally passed me by.

Jeff Jarvis used to talk about “livin’ la vida Google” to describe his complete immersion in the Google universe. A couple of years ago, I’d have put myself in a similar category, but no longer. I am only one person, and I’ve no idea how ‘typical’ I am in this context, but I wonder if my change in behaviour represents a wider portentous shift for Google’s fortunes?

The photo at the top was posted on Flickr by Sigurd Magnusson, and is reproduced here under its Creative Commons licence.

The Washington Post’s Hayley Tsukayama recently pointed out out that in the latest version of Windows,

if you go through setup as recommended, you’ll never get a password option.

Passwords, we can surely agree, are the bane of modern digital existence. On a big-picture level, insecure passwords cause an estimated 80 percent of breaches, according to a 2017 report from Verizon. On a human level, they’re paralyzing; right when you need to access your utility bill, you can’t remember if you replaced the “a” with a 4 or an @ symbol.

Indeed, we certainly can agree: passwords suck. I seemingly have quite a few more online accounts with passwords than the average person. It’s simply impossible to have unique passwords for all these accounts and have any hope of remembering them. So for many years, I used Lastpass to manage my passwords (though I moved elsewhere after their significant data breach), and turned on two-factor authentication wherever I could. I even used a YubiKey for a bit, until I got fed up with having to fetch my keys to log in to stuff. Despite this, I was still pretty lazy, and typically used the same password (or a simple derivative of it) to sign up for new services, which meant that–despite all advice to the contrary–many of my accounts ended up with the same password.

I thought this was “alright enough” security. I had unique passwords for accounts I saw as “high risk”, such as banks and email accounts, but “so what” if some loyalty card account shared a password with some other account. I didn’t think I cared. Even when I knew that various company’s data breaches had exposed my information, I didn’t think I needed high security on most of my accounts.

Then, in a matter of months, three things happened that changed my mind.

First, somebody used my details to spend a couple of quid on my Greggs app. I don’t actually use the Greggs app very often, so it took me quite a while to notice that my account had been drained of the small change it contained. And I wasn’t all that bothered: I was mostly amused that someone had gone to some effort to steal a small amount of money to spend on pastries. I didn’t even report it, I just closed down the account. (Sidenote: yes, I’m a public health consultant, and yes, I had an account on the Greggs app. Deal with it.)

Second, I noticed that dodgy advertising text had been inserted into a number of posts on my blog. This did irritate me. It turns out that I had both used a frequently repeated password to secure the database that runs the site, and also left this in a publicly accessible place. I’m fairly certain that it was the former rather than the latter that led to the problem. In some cases, the miscreant had also deleted the backups of posts, so I couldn’t do a simple restore to overcome the problem: I had to do it manually. And I still occasionally come across bits of inserted text that I missed when cleaning up.

Third, someone knicked £8 of Costa points from my loyalty card. This also annoyed me–albeit slightly irrationally given that I rarely bother to redeem the points, hence having £8 built up. Again, used a password that I’ve often used elsewhere to secure this account. I did report this, and Costa refunded the points and (so they told me) investigated the fraud.

What’s the point of all this? I suppose I realised that I cared more about many of my accounts than I thought I did. The convenience of using an easy password meant that my security was a bit lax around the edges, and I lost out around those edges. The system of using passwords to secure accounts inappropriately rewards lax behaviour on a day-to-day basis, as it is less hassle than securing things properly.

I’ve since used my password manager properly, changing all of my accounts to long random sequences of numbers, digits and symbols that even I don’t recognise, and got into the habit of generating new secure passwords every time I’m asked to set one up. This takes a very small amount of hassle, but certainly more hassle than a go-to easily remembered reusable password… until the account is breached, of course.

There are still settings where I maintain that a long string of characters as a password is not particularly helpful. For example, I was at a conference at the Royal Society of Medicine the other day where the delegate wifi password was long and complex. Who were they trying to keep out? Why was any password even necessary? But at the same time, it’s becoming clearer to me that lax security is no longer really good enough, even for seemingly insignificant accounts.

It seems to me that ‘password management’ has gone from being something that ‘techy people’ need to think seriously about, to something we all need to think about. And let’s be honest, most of us won’t, at least most of the time. So it’s always good to hear that passwords are being ‘phased out’. The sooner the better, as long as the alternative isn’t too much hassle!

The image at the top is by Christiaan Colen on Flickr, used under Creative Commons licence.

Amazon has just launched Kindle Unlimited in the UK. I read a lot of books – but won’t be subscribing. Here’s why.

Amazon launched Kindle Unlimited in the UK a few hours ago. Kindle Unlimited, which has been available in the States since July, allows subscribers to pay a monthly fee (£7.99) to access 650,000 eBooks and an unspecified number of audiobooks without further payment.

I read a lot of books, mainly on a Kindle. I dread to think how much I spend each month on books, but it is most certainly more than £7.99. So, when Kindle Unlimited launched in the US, I was pining for a UK launch. This came up in a conversation over a drink with a non-techy friend: “What, like a library?” she asked, as I described the service.

The question was as barbed as it was sarcastic, and it struck a nerve. Some sliver of my Council Tax already funds the ability for me to borrow from an enormous collection of physical books, eBooks and audiobooks via my local library. It is vaguely absurd to pay a second time to access a more limited library.

So I set myself a challenge: ditch the Kindle and start using the library.

The first barrier was to discover that I don’t own an eReader compatible with the formats available from my library. But this wasn’t really a problem: I chose to read eBooks mainly because they are cheap, available ‘over the air’, and take up no space in my house. Library books are almost as good: they’re free, take up no space in my house, and are available to collect from the library.

My local library, in common with others, has a great click-and-collect service: I request a book online; they dig it out from whichever library branch or store it is in, whack it on a ‘collection’ shelf near the door in the most convenient branch for me, and notify me that it’s ready to collect. I can then pop into the library during my commute and swap books using a self-service machine. It takes less than sixty seconds from entering the library to exiting.

Of course, not all books feature in the library’s stock. Rather than have the library source these from elsewhere, I’ve bought my own copies; the joy of reading physical books from the library has convinced me to buy paperbacks. So much for saving shelf-space.

The last ten books I’ve read would have cost, in total, £66.89 in Kindle format. Only two of them appear to be among the 650,000-book Kindle Unlimited selection. All but two were within my library’s selection: I paid £9.09 for one of these two in paperback, and borrowed the other by post from the BMA library. Hence, I saved £57.80: an 86% discount.

And so (tl;dr): Amazon’s Kindle Unlimited package made me re-evaluate how much I spent on books. It made me realise the value of my local library, and has lead to me using Amazon far less, and saving myself a small fortune in the process.

In 2013, Apple sold something of the order of $10bn of apps, making profit of the order of $3bn. Estimates suggest a further $2bn profit from iTunes sales. These figures suggest that these two classes of digital content alone account for nearly 14% of Apple’s profit.

As is widely reported, the Google Play store on Android has higher download figures, but brings in only about a third of the revenue of Apple’s App Store (though revenue is growing faster for Google than Apple). The trajectories suggest that Apple’s closed ecosystem will become decreasingly relevant in revenue terms over the coming decades – though I’m sure Amazon would open an iOS app store in moments if permitted to do so.

I suspect that Amazon is playing into the smartphone market with an eye keenly trained on these figures. I buy Kindle books, rather than iBooks or Google Play Books, because I can read them anywhere, on many devices. For Android users, this is already partly true for Amazon’s App Store: apps bought on Amazon’s store can be used across Android, FireOS, and Blackberry devices, yet Google Play or Blackberry app sales are limited to their own ecosystems. Since I own a Kindle Fire, I tend to buy on Amazon’s store even if buying for my Android phone.

Amazon’s move into the smartphone market makes this all the more compelling: if I might, at some point in the future, own a non-Android phone, then I would be crazy to buy apps for my Android device from Google rather than Amazon… especially as Amazon Coins generally make the same apps cheaper via Amazon than via Google.

Amazon’s strategy for digital content has (almost) always been to capitalise on cross-device compatibility. I doubt Amazon expects huge sales for it’s phone: I think it is the digital content market it wants, and that the phone is merely a means to an end.

My friend Jonathan Rothwell has blogged about Microsoft’s takeover of part of Nokia today.

I haven’t had chance to read any of the coverage around this yet, so this is truly uninformed opinion. The first thing that occurred to me was: what on earth are the non-mobile parts of Nokia? But that’s somewhat beside the point of this post.

Jonathan says:

The general perception of Nokia is of an old stalwart, a cheap, reliable phone that would last basically forever. The perception of Microsoft, for people (like me) who grew up in the same period, is of an irritating anthropomorphic paperclip, which gets in your way and can be invited to show off.

I think he’s half right. When I think of Nokia, I think of the 3310. But when I think of Microsoft, I think of the annoying software that stops me from getting stuff done efficiently at work.

RIM, makers of the BlackBerry, are in meltdown. Yet the go-to business mobile remains the BlackBerry. There’s one sat on my desk right now. At least in part, that’s because BlackBerries are cheap and hard to destroy: exactly the virtues of the Nokia 3310.

So if Microsoft is smart – and that’s a big if – perhaps they can take BlackBerry’s market share and create a great, highly profitable niche in secure and indestructible business phones that integrate closely with their business software. Of course, this is a shrinking market with the spread of BYOD, but there will always be a core “BlackBerry” market, and it’s likely to always be a fairly highly profitable one, even if it’s small. And with a focus on the corporate customer, with e.g. usage charges rather than regular device refreshes, it’s a need that Microsoft is uniquely well placed to serve at relatively low cost.

Just a thought…

Since Apple’s WWDC Keynote, there’s been no end of stuff written about iOS7. As always with Apple stories, the majority of what’s written has polarised into suggesting that iOS’s new look is either “insanely great” or “the beginning of the end for Apple”. And, as always with Apple stories, the truth is probably somewhere in the middle.

By some co-incidence, I was reading an interesting blog post from Paul Buchheit – one of the original Gmail developers – this week. It’s an old post, written in the aftermath of the announcement of the original iPad. He argues that many successful technology products share the attributes of doing a small number of things extremely well, while (at least initially) doing many other things poorly. The reaction of many commentators will be to criticise what the product lacks, whilst consumers will often be seduced by what the product offers.

It’s an interesting antidote to the reactionary guff that passes for news and reviews in the aftermath of a product announcement, and shifted my perspective to that of the developer in a way that many others try unsuccessfully to do. It’s well worth reading this weekend.

The picture at the top of this post was uploaded to Flickr by Kārlis Dambrāns, and has been modified and used under Creative Commons licence.

On the 25th March – approximately a lifetime ago in internet terms – the GMC published guidelines for doctors’ use of social media. The guidelines come into effect later this month.

Publication of the guidelines caused something of a social media uproar, particularly around the anonymity clause. The brilliant Anne Marie Cunningham, who has written and spoken a lot about social media in medicine, has hosted a particularly fascinating conversation about this on her blog, with well made points on both sides.

With all the high-quality discussion and carefully thought-through points flying back and forth, I’ve taken a back seat on this one. I’m not sure that I have all that much that’s new to add, and I don’t blog all that much about medical matters any more. But a nagging feeling in the back of my head says that this is exactly the sort of debate I would once have jumped into with both feet, and the focus hasn’t been on the part of the guidelines to which I most object. So here goes.

In all guidelines, I’ve always been lead to believe that definitions are crucial. For a guideline to be effective, let alone for it to be enforced, it must be clear what it covers. And yet, the GMC’s definition of social media is absurdly wide:

Social media describes web-based applications that allow people to create and exchange content.

Later in the guidelines, it is clarified that this definition includes non-public, professional social networks too. As I’ve discussed this issue with tech friends and colleagues over the last couple of weeks, this definition has caused several to – literally – laugh out loud.

It, of course, includes all manner of things that are not social media, and essentially describes any form of cloud-based application. If we interpret this guidance as written, then from 22nd April patient-identifiable information can no longer be uploaded to web-based GP note systems, or to HPZone used by Public Health England to track outbreaks, or indeed transferred via NHSMail, the restricted-level security email system designed exactly for that purpose. Use of Choose and Book will be against the GMC’s rules. All of these are online applications which allow people to create and share content. All are clearly not supposed to be covered by this guidance.

It can be argued that even if the definition as written is unclear, it is perfectly clear to most people what it is supposed to refer to. I don’t buy that, for two reasons. Firstly, what’s the point in publishing the guidance at all if we aren’t to interpret it as written? Some might say that the definition has to be broad in a fast-moving environment, and that the guidance would quickly be outdated if it were too pinned down.

Which brings me to my second problem: you may understand it, but I don’t. I actually don’t know whether this guidance applies in edge cases. Office 365 and Google Drive are both web-based applications which allow the creation and exchange of content. Applications like these are almost certain to replace locally hosted applications like the Word and Excel of today within this decade. Indeed, some organisations have already made the switch.

Is use of these outlawed by the guidance? I can see arguments why it, perhaps, should be. There are inherent risks about patient confidentiality in these systems. But to ban their use for patient identifiable information is a big statement, and I suspect that they didn’t actually mean it. But I’m far from certain.

To me, the nub of the problem here is that this is guidance on using a particular medium – and one that is ill-defined, at that. Publication might feel relevant now, and everyone from the BMA to the RCGP is helping people to understand how to use this medium safely. But I don’t think this is the place of a regulator. I’m acutely aware that others will strongly disagree with this position.

By and large, I think the GMC should stick to outlining principles. I no more expect to see supplementary guidelines on social media use than I would on letter writing or telephone conversations. Although, if – like many hospitals – you’re using a VOIP system, it could be argued that these guidelines apply. Just like the GMC does with those two media, I think case studies would have been a better way to illustrate the application of principles, rather than a list of inflexible “rules”. I don’t think it’s sensible or advisable to try and give over-arching “explanatory guidance” about an area of life which is changing so rapidly.

After all, these are only supposed to be explanatory. They are not intended to introduce new regulation. Though, to my reading, their poor formulation does lead to new regulatory burdens being placed on doctors.

When the last Good Medical Practice was published, Twitter had barely been conceived, and Facebook had yet to open to the general public. These guidelines aren’t clear now, so goodness knows what we’ll think of them in seven years’ time. I think they should be withdrawn.

A couple of years ago, I was asked by one of the organisations I work with to do an “email audit” – “audit” in the accounting rather than quality sense – looking at how many emails I receive, and what I do with them. That specific project was trying derive what aspects of an email could be tweaked to encourage action, but I found it a useful experience to work out how efficiently I used email.

Every now and again I repeat the process, looking at the emails I receive in a typical week and what I do with them. Sometimes, this spurs action: unsubscribing from newsletters I never read, for example, or resolving to check email less frequently. Since I’ve just done one of these, from 22nd – 28th September, I thought that it might be interesting to share the results on here. I’ve really no idea where I sit in the continuum email recipients in a job like mine, and maybe this will encourage people to share.

So, some figures: over the week in question, which I’ve no reason to suspect was atypical, I received 1,010 emails across all my accounts. I haven’t included anything that my email providers marked as spam. These divided roughly 60% were personal – as in, not related to my main job in Public Health. That’s probably an overestimate, because I wasn’t very good at classifying emails, and tried to err consistently on the side of calling things “personal” rather than “work”.

I divided my actions into three mutually exclusive categories:

1. Deleted without reading – These were emails that I either didn’t open (if using Gmail), or that I deleted at a glance if they happened to be opened in Outlook’s preview pane.
2. Read – These were emails that I read and then deleted or archived. This category covers a multitude of sins, from those emails that I read and realised were nonsense, to those that I read closely as they included important information, but were ultimately not “actionable”.
3. Read and acted – There were emails that I read and acted upon. Again, this covers a wide gamut of stuff, including emails in which I simply clicked on a link, emails I replied to, and emails which kicked off whole streams of work.

This pie chart shows how the proportions stacked up:

These varied slightly by the type of email: I read about 10% more of my work email than my personal email, but acted on 2% more personal mail. All told, I deleted about 62% of my work email and 69% of my personal email without reading it. Which is, I think, an appropriate response to receiving 1,010 emails.

So what does all of this mean? I’ve no idea. I don’t even know whether it means that email is a horrendously inefficient or wonderfully efficient communication method. With email, I can cut through ~65% of the things that don’t interest me in virtually no time; if these were letters or phone calls, I’d have no time to do any work. But, on the other hand, if email were unavailable, how many of these messages would ever bother transforming themselves into other media? Do I just get a load of emails because sending an email is relatively “costless” in terms of money, time, and energy? I certainly don’t feel like I’m drowning in email, and was a little surprised that the totals were so high – about 25% higher than the previous times I’ve done this. Having said that, I have come to rely on Gmail’s “Priority Inbox” feature more than I ever thought I would.

Compared with the first time I did this exercise, the proportion of emails that I’ve deleted without reading has fallen considerably. I don’t remember the exact figures, but they were somewhere near 80%. That shows the effect of the remedial action I’ve taken, I suppose.

Anyway, I’ve no idea if this is of interest to anyone, but I find it a useful exercise, and wonder if you might too? Feel free to comment if you’ve any thoughts to contribute!

Tyne Tees is one of the few areas of the UK where Ceefax is still available… but not for much longer! In 12 days, this region will complete digital switchover and we’ll lose Ceefax forever.

The degree to which this really doesn’t matter to me personally is exemplified by the fact that it’s taken me about 10 minutes to work out how to get it on my current TV…! But I used to use it quite a lot, so I feel a little bit sad to know that it will no longer be there!