Ask Paul: October 4 (Premium)

Happy Friday! I’ve gone from Macungie, PA to Dallas to Mexico City since Monday and I’m wiped. So let’s kick off the weekend a bit early with another great set of reader questions. And then I may need to crash for a bit.

There’s openness and then there’s openness

Anlong08 asks:

In one of your recent pieces about a phone you were talking about matrix of choice and mentioned Android and openness. I realized I didn’t actually know anything about the nature of android. How open is Android? Could you really get the code for what is on any old pixel or Samsung phone?

The core of Android, the Android Open Source Project (AOSP), is free and open source and, yes, you can view the source code. But the Android that most hardware partners use also includes the proprietary software and services that everyone wants, like Google Play, Chrome, and other Google apps. And none of that is open or free: Google charges hardware makers license fees for that, just as Microsoft does for Windows.

But openness means a lot of things. And to me, and most users, the ways that Android is freer than iOS extend across the user experience and include such things as deep customization that can even include replacing the “shell” of the OS with different launchers, user interfaces, icons, sounds, and more. This is what Samsung does with One UI, but any individual can install an alternative shell like Nova Launcher. Android also supports more default app types–browser, caller ID and spam, digital assistant, home (launcher), phone, SMS, and wallet–whereas iPhones/iPads support only a subset of that, and with further limitations. (Excluding the EU, browsers on Apple platforms are required to use the Safari browser engine.)

Apple is slowly getting better, but its mobile platforms are much more locked down than Android.

It’s all in the fine print

oasis21 asks:

I’ve been really liking Proton and their stance on privacy. So I wanted to ask you how private is OneDrive and Google Drive? I have some things on there, and so it got me thinking. I wouldn’t want some MSFT/Google employees looking at my stuff. I wouldn’t want to put files (especially sensitive docs) on there knowing someone can look at them or they might miss-use my data (e.g training AI). How do you feel about this? Proton claims E2EE and that they cannot even see the files — which I do like. How do OneDrive & Google Drive fare on this matter. I know OneDrive has a personal vault, but does that just mean that it requires password and isn’t E2EE?

All of these services use encryption, but you cite the biggest difference between Proton and Google/Microsoft from a privacy perspective: Proton couldn’t access your data even if it wanted to, while the others could be compelled by law to provide governments or law enforcement with access to your private data. Beyond that, it almost comes down to trust. Microsoft and Google both publish privacy policies for their products and services, and both are relatively clear about how they handle your data.

With OneDrive for consumers Microsoft specifies that you own your data, and that it is encrypted in transit and at rest (while in Microsoft’s data centers). But Microsoft engineers can access that data when required by law–Microsoft owns the encryption keys required for that–though it at least has a reasonable looking set of policies to control that access (in the link above).

For consumers, Google Drive is similar. It uses encryption at rest (while in Google’s datacenters) and in-transit. If you sync some of that offline, it’s up to you to secure the device. (On a Windows PC, the disk is typically encrypted and you can, of course, secure it easily enough.) Google doesn’t use your content to deliver target ads, but it does “process” your content to provide services like spam filtering, virus detection, malware protection, and search. As it says, “Google respects your privacy. We access your private content only when we have your permission or are required to by law. With the Google Transparency Report, we share data about how the policies and actions of governments and corporations affect privacy, security, and access to information.”

These both seem OK to me. I do use OneDrive’s Private Vault feature for sensitive documents, though it is perhaps notable that Microsoft doesn’t explicitly say that it cannot access that content. I’m not personally worried about Microsoft (or Google) looking through my data. That I don’t believe I have anything worth hiding is perhaps beside the point, but while I don’t trust Microsoft and Google in various ways, I do trust them to securely and privately store my data.

In short, if privacy is a big concern and you need a service that is completely private, even from the owner of the service storing that data, Proton Drive seems like the right choice.

Publishing is a tough business

helix2301 asks:

What do you think about imore shutting down after 15 years? Windows central and few others owned by same company are staying open saying there profitable. I know blogging tough business now but shocked me considering iPhone and Apple user base.

I wasn’t super-familiar with iMore, but this is a tough business. We have a Premium subscription that makes all the difference from a viability perspective. If we had to rely on ads, Thurrott.com would disappear as well. A long time ago, ads worked well, but now you have spam your own site with them to make just a tiny fraction of what they made in the past. It’s terrible. And it’s Google’s fault. I vaguely hope that when Google is broken up–and, yes, I do think it will be–that this will normalize somehow and become less terrible. But I also feel that’s naive and that nothing will ever improve.

But I remember Petri was different audience then thurrott.com

Yeah, the Petri/Thurrott mix was the same as the old Windows IT Pro/SuperSite for Windows mix back in the day, with one serving a mostly business/IT pro market and the other serving individuals/enthusiasts. There are pros and cons to each, but Petri always had a sponsorship advantage whereas Thurrott had/has Premium.

Even slashdot one those sites that still remains profitable because of user base. I know Leo talked about it other day that windows weekly n security now are different audience then twig or macbreak weekly. I loved the tech guy show but Leo had hard time getting advertising.

Yeah, Spotify did to podcasting what Google did to blogging: It sucked up all the money in that world and then changed to distributing it mostly to itself. A lot of this is just volume. A site like Thurrott.com is just a one-off website, whereas conglomerates with multiple sites can sell a larger audience base. And then some are simply big: Obviously, sites like CNET have bigger audiences and can command the attention of advertisers and even the companies they cover in ways I cannot.

I’m not sure what the end game is here. We experienced a big drop-off in ad revenue in early 2023, but it’s stabilized since then. I don’t see it ever going up again, but what I worry about it is when it inevitably nose-dives once more. And it will. Unless, hopefully, Google is rectified. We’ll see.

Snapdragon X, smart charging, and docks

pretender asks:

Hi Paul. I have a question about smart charging on Windows on ARM devices. I noticed that on my Surface Laptop running Windows on ARM, the device never goes into smart charging mode when docked all day. Have you encountered this issue on your own Windows on ARM device? If so, did you find a way to get smart charging working properly? I’d appreciate any insights you can share, as I’m hoping to optimize battery health on my laptop. Thanks in advance for your help!

That’s interesting. I’ve not used a Snapdragon X PC in that configuration regularly (mostly just testing), so I might have simply not run into this. I use docks here in Mexico, and we’re here for six weeks, so I will keep an eye on that and see what happens, as I brought the Surface Laptop 7 along.

But smart charging is unique in that it’s PC maker-specific. So depending on the PC you’re using, you may have to go find some specific interface. With Surface PCs, that’s in the Surface app, though there is minimal control. You temporarily pause smart charging, but not completely disable it.

I’m curious though, why you would use this type of PC docked. The point of the platform, in many ways, is the battery life and efficiency, and it seems like a traditional x64-based PC would make more sense in a docked configuration where those things are less important.

A few questions. What type of PCs are these? Also, do these PCs work normally on power but not when docked? Because of the way I use PCs, I don’t ever want smart charging to happen because of worries about not having a full charge when I need it. But if you want it to always work, I feel like that would be the default.

Anyway. I will dock the Surface Laptop for the next week or so and see what it does.

Windows Hello ESS

ArizonaBob asks:

Is it true that to use Enhanced Secure Sign-in that the fingerprint reader and the camera must be integrated into the computer and cannot be detached. If so, this is reasonable for a laptop; but how do you do this for a desktop or workstation?

Short answer, yes.

Windows Hello Enhanced Sign-In Security (ESS) is confusing on any number of levels, in part because it’s relatively new, rarely used by PC makers to date, and has a daunting list of requirements. One of which is that the authentication hardware it needs must be installed, configured, and certified at built time by the PC maker. External fingerprint readers and cameras are not supported. (I wrote about this and the other incredible security requirements of this system in Need to Know: Windows Hello Enhanced Sign-In Security (Premium). It’s rather impressive.)

That doesn’t mean you can’t use external security devices, like Windows Hello-compatible webcams that plug into the PC via USB. It just means you can’t use Windows Hello ESS if you do this. In that case, you have to disable ESS and switch to “normal” Windows Hello. The PC will still work normally, it just won’t have the additional protections afforded by ESS.

As for desktop computers, I guess we could rationalize that Windows Hello ESS mostly targets portable PCs not just because they are far more common, but because their portable nature exposes them to more opportunities for theft and compromises. But it’s really about the chain of security inside the device: If you can plug it in, it can be intercepted. And that means Windows Hello ESS can’t be used.

NotebookLM Audio Overview is insane

christianwilson asks:

Have you tried the Audio Overview summary feature in Google’s NotebookLM? It creates a two host podcast discussing the source material you put into a notebook. I have been playing with it and while it makes some mistakes it is more accurate than I expected. It is useful, admittedly fun, but it also makes me ponder the future of podcasting.

Why yes, I have. In fact, I just posted a video that neatly demonstrates how powerful this feature is. The resulting recording has some typical AI mistakes–the “hosts” say “A-R-M” instead of “Arm,” for example. But the banter is realistic, and while I can’t say I’ve listened thoroughly to every second of the recording, I’ve skipped through it and listened to lots of it, and it’s coherent and seems like a real conversation. That’s the most impressive bit, in a way, the human-like interactions between the two AI hosts.

I think this can coexist with podcasting. Some people are better at writing than speaking, or vice versa, so this is a nice thing for writers to be able to offer, a sort of audio summary. If anything, it’s a little too jovial and chatty, I assume there will be controls for that in the future.

But whatever. Yeah. It’s pretty incredible. And it’s more enjoyable to listen to than the “read out loud” tools you see in things like Edge and Pocket. Though that, too, has its place.