This visualization was created in **R** using the **rayrender** and **rayshader** packages to render the 3D image, and **ffmpeg** to combine the images into a video and add text. You can see close-ups of 6 continents in the following tweet thread:
Receiving a publishing deal from an indie publisher can be a turning point for an independent developer. But when one-man team Jakefriend was approached with an offer to invest half a million Canadian dollars into his hand-drawn action-adventure game Scrabdackle, he discovered the contract’s terms could see him signing himself into a lifetime of debt, losing all rights to his game, and even paying for it to be completed by others out of his own money.
In a lengthy thread on Twitter, indie developer Jakefriend explained the reasons he had turned down the half-million publishing deal for his Kickstarter-funded project, Scrabdackle. Already having raised CA$44,552 from crowdfunding, the investment could have seen his game released in multiple languages, with full QA testing, and launched simultaneously on PC and Switch. He just had to sign a contract including clauses that could leave him financially responsible for the game’s completion, while receiving no revenue at all, should he breach its terms.
“I turned down a pretty big publishing contract today for about half a million in total investment,” begins Jake’s thread. Without identifying the publisher, he continues, “They genuinely wanted to work with me, but couldn’t see what was exploitative about the terms. I’m not under an NDA, wanna talk about it?”
Over the following 24 tweets, the developer lays out the key issues with the contract, most especially focusing on the proposed revenue share. While the unnamed publisher would eventually offer a 50:50 split of revenues (albeit minus up to 10% for other sundry costs, including—very weirdly—international sales taxes), this wouldn’t happen until 50% of the marketing spend (approximately CA$200,000/US$159,000) and the entirety of his development funds (CA$65,000 Jake confirms to me via Discord) was recouped by sales. That works out to about 24,000 copies of the game, before which its developer would receive precisely 0% of revenue.
Even then, Scrabdackle’s lone developer explains, the contract made clear there would be no payments until a further 30 days after the end of the next quarter, with a further clause that allowed yet another three month delay beyond that. All this with no legal requirement to show him their financial records.
Should Jake want to challenge the sales data for the game, he’d be required to call for an audit, which he’d have to pay for whether there were issues or not. And should it turn out that there were discrepancies, there’d be no financial penalty for the publisher, merely the requirement to pay the missing amount—which he would have to hope would be enough to cover paying for the audit in the first place.
Another section of the contract explained that should there be disagreement about the direction of the game, the publisher could overrule and bring in a third-party developer to make the changes Jake would not, at Jake’s personal expense. With no spending limit on that figure.
But perhaps most surprising was a section declaring that should the developer be found in breach of the contract—something Jake explains is too ambiguously defined—then they would lose all rights to their game, receive no revenue from its sales, have to repay all the money they received, and pay for all further development costs to see the game completed. And here again there was no upper limit on what those costs could be.
It might seem obvious that no one should ever sign a contract containing clauses just so ridiculous. To be liable—at the publisher’s whim—for unlimited costs to complete a game while also required to pay back all funds (likely already spent), for no income from the game’s sales… Who would ever agree to such a thing? Well, as Jake tells me via Discord, an awful lot of independent developers, desperate for some financial support to finish their project. The contract described in his tweets might sound egregious, but the reality is that most of them offer some kind of awful term(s) for indie game devs.
“My close indie dev friends discuss what we’re able to of contracts frequently,” he says, “and the only thing surprising to them about mine is that it hit all the typical red flags instead of typically most of them. We’re all extremely fatigued and disheartened by how mundane an unjust contract offer is. It’s unfair and it’s tiring.”
Jake makes it clear that he doesn’t believe the people who contacted him were being maliciously predatory, but rather they were simply too used to the shitty terms. “I felt genuinely no sense of wanting to give me a bad deal with the scouts and producers I was speaking to, but I have to assume they are aware of the problems and are just used to that being the norm as well.”
Since posting the thread, Jake tells me he’s heard from a lot of other developers who described the terms to which he objected as, “sadly all-too-familiar.” At one point creator of The Witness, Jonathan Blow, replied to the thread saying, “I can guess who the publisher is because I have seen equivalent contracts.” Except Jake’s fairly certain he’d be wrong.
“The problem is so widespread,” Jake explains, “that when you describe the worst of terms, everyone thinks they know who it is and everyone has a different guess.
While putting this piece together, I reached out to boutique indie publisher Mike Rose of No More Robots, to see if he had seen anything similar, and indeed who he thought the publisher might be. “Honestly, it could be anyone,” he replied via Discord. “What [Jake] described is very much the norm. All of the big publishers you like, his description is all of their contracts.”
This is very much a point that Jake wants to make clear. In fact, it’s why he didn’t identify the publisher in his thread. Rather than to spare their blushes, or harm his future opportunities, Jake explains that he did it to ensure his experience couldn’t be taken advantage of by other indie publishers. “I don’t want to let others with equally bad practices off the hook,” he tells me. “As soon as I say ‘It was SoAndSo Publishing’, everyone else can say, ‘Wow, can’t believe it, glad we’re not like that,’ and have deniability.”
I also reached out to a few of the larger indie publishers, listing the main points of contention in Jake’s thread, to see if they had any comments. The only company that replied by the time of publication was Devolver. I was told,
“Publishing contracts have dozens of variables involved and a developer should rightfully decline points and clauses that make them feel uncomfortable or taken advantage of in what should be an equitable relationship with their partner—publisher, investor, or otherwise. Rev share and recoupment in particular should be weighed on factors like investment, risk, and opportunity for both parties and ultimately land on something where everyone feels like they are receiving a fair shake on what was put forth on the project. While I have not seen the full contract and context, most of the bullet points you placed here aren’t standard practice for our team.”
Where does this leave Jake and the future of Scrabdackle? “The Kickstarter funds only barely pay my costs for the next 10 months,” he tells Kotaku. “So there’s no Switch port or marketing budget to speak of. Nonetheless, I feel more motivated than ever going it alone.”
I asked if he would still consider a more reasonable publishing deal at this point. “This was a hobby project that only became something more when popular demand from an incredible and large community rallied for me to build a crowdfunding campaign…A publisher can offer a lot to an indie project, and a good deal is the difference between gamedev being a year-long stint or a long-term career for me, but that’s not worth the pound of flesh I was asked for.”
Android is implementing this option as part of the accessibility feature, Switch Access. Switch Access adds a blue selection window to your display, and lets you use external switches, a keyboard, or the buttons on your Android to move that selection window through the many different items on your screen until you land on the one you want to select.
The big update to Switch Access is to make facial gestures the triggers that move the selection window across your screen. This new feature is part of Android Accessibility Suite’s 12.0.0 beta, which arrives packed into the latest Android 12 beta (beta 4, to be exact). If you aren’t running the beta on your Android device, you won’t be able to take advantage of this cool new feature until Google seeds Android 12 to the general public.
If you want to try it out right now, however, you can simply enroll your device in the Android 12 beta program, then download and install the work-in-progress software to your phone. Follow along on our walkthrough here to set yourself up.
How to set up facial gestures on Android 12
To get started on a device running Android 12 beta 4, head over to Settings > Accessibility > Switch Access, then tap the toggle next to Use Switch Access. You’ll need to grant the feature full control over your device, which involves viewing and controlling the screen, as well as viewing and performing actions. Tap Allow to confirm.
The first time you do this, Android will automatically open the Switch Access setup guide. Here, tap Camera Switch, then tap Next. On the following page, choose between one switch or two switches, the latter of which Android recommends. With one switch, you use the same gesture to begin highlighting items on screen that you do to select a particular item. With two switches, you set one gesture to start highlighting, and a separate one to select.
Screenshot: Jake Peterson
We’re going to demonstrate the instructions for choosing Two switches. On the following page, choose how you’d like Android to scan through a particular page of options:
Linear scanning (except keyboard): Move between items one at a time. If you’re using a keyboard, however, it will scan by row.
Row-column scanning: Scan one row at a time. After the row is selected, move through items in that list.
Group selection (advanced): All items will be assigned a color. You perform a face gesture corresponding to the color of the item you want to select. Narrow down the size of the group until you reach your choice.
We’ll choose Linear scanning for this walkthrough. Once you make your selection, choose Next, then choose a gesture to assign to the action Next (which is what tells the blue selection window to move through the screen). You can choose from Open Mouth, Smile, Raise Eyebrows, Look Left, Look Right, and Look Up, and can assign as many of these gestures as you want to the one action. Just know that when you assign a gesture to an action, you won’t be able to use it with another action. When finished, tap Next.
Screenshot: Jake Peterson
Now, choose a gesture for the action Select (which selects an items that the blue selection window is hovering over). You can choose from the same list as before, barring any gestures you assigned to Next. Once you make your choice, you can actually start using these gestures to continue, since you can use your first gesture to move through the options, and your second gesture to select.
Finally, choose a gesture to pause or unpause camera switches. You don’t need to use this feature, but Android recommends you do. Pick your gesture or gestures, then choose Next. Once you do, the setup is done and you can now use your facial gestures to move around Android.
Other face gesture settings and options
Once you finish your setup, you’ll find some additional settings you can go through. Under Face Gesture Settings, you’ll find all the gesture options, as well as their assigned actions. Tap on one to test it out, adjust the gesture size, set the gesture duration, and edit the assignment for the gesture.
Screenshot: Jake Peterson
Beneath Additional settings for Camera Switches, you’ll find four more options to choose from:
Enhanced visual feedback: Show a visual indication of how long you have held a gesture.
Enhanced audio feedback: Play a sound when something on the screen changes in response to a gesture.
Keep screen on: Keep the screen on when Camera Switches in enabled. Camera Switches cannot unlock the screen if it turns off.
Ignore repeated Camera Switch triggers: You can choose a duration of time where the system will interpret multiple Camera Switch triggers as one trigger.
How to turn off facial gestures (Camera Switches)
If you find that controlling your phone with facial gestures just isn’t for you, don’t worry; it’s easy to turn off the feature. Just head back to Settings > Accessibility > Switch Access, then choose Settings. Tap Camera Switch gestures, then tap the slider next to Use Camera Switches. That will disable the whole feature, while saving your setup. If you want to reenable the feature, just return to this page at any time, and tap the toggle again.
Hamburg’s state government has been formally warned against using Zoom over data protection concerns.
The German state’s data protection agency (DPA) took the step of issuing a public warning yesterday, writing in a press release that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR) since user data is transferred to the U.S. for processing.
The DPA’s concern follows a landmark ruling (Schrems II) by Europe’s top court last summer which invalidated a flagship data transfer arrangement between the EU and the U.S. (Privacy Shield), finding U.S. surveillance law to be incompatible with EU privacy rights.
The fallout from Schrems II has been slow to manifest — beyond an instant blanket of legal uncertainty. However, a number of European DPAs are now investigating the use of U.S.-based digital services because of the data transfer issue, in some instances publicly warning against the use of mainstream U.S. tools like Facebook and Zoom because user data cannot be adequately safeguarded when it’s taken over the pond.
German agencies are among the most proactive in this respect. But the EU’s data protection supervisor is also investigating the bloc’s use of cloud services from U.S. giants Amazon and Microsoft over the same data transfer concern.
[…]
The agency asserts that use of Zoom by the public body does not comply with the GDPR’s requirement for a valid legal basis for processing personal data, writing: “The documents submitted by the Senate Chancellery on the use of Zoom show that [GDPR] standards are not being adhered to.”
The DPA initiated a formal procedure earlier, via a hearing, on June 17, 2021, but says the Senate Chancellory failed to stop using the videoconferencing tool. Nor did it provide any additional documents or arguments to demonstrate compliance usage. Hence, the DPA taking the step of a formal warning, under Article 58 (2) (a) of the GDPR.
Most Spotify users are likely aware the streaming service tracks their listening activity, search history, playlists, and the songs they like or skip—that’s all part of helping the algorithm figure out what you like, right? However, some users may be less OK with how much other data Spotify and its partners are logging.
Street address, country, and other GPS location data
Login info
Billing info
Website cookies
IP address
Facebook user ID, login information, likes, and other data.
Device information like accelerometer or gyroscope data, operating system, model, browser, and even some data from other devices on your wifi network.
This information helps Spotify tailor song and artist recommendations to your tastes and is used to improve the in-app user experience, sure. However, the company also uses it to attract advertising partners, who can create personalized ads based on your information. And that doesn’t even touch on the third-party cross-site trackers that are eagerly eyeing your Spotify activity too.
Treating people and their data like a consumable resource is scummy, but it’s common practice for most companies and websites these days, and the common response from the general public is typically a shrug (never mind that a survey of US adults revealed we place a high value on our personal data). However, it’s still a security risk. As we’ve seen repeatedly over the years, all it takes is one poorly-secured server or an unusually skilled hacker to compromise the personal data that companies like Spotify hold onto.
And to top things off, almost all of your Spotify profile’s information is public by default—so anyone else with a Spotify account can easily look you up unless you go out of your way to change your settings.
Luckily, you can limit some of the data Spotify and connected third-party apps collect, and can review the personal information the app has stored. Spotify doesn’t offer that many data privacy options, and many of them are spread out across its web, desktop, and mobile apps, but we’ll show you where to find them all and which ones you should enable for the most private Spotify listening experience possible. You know, relatively.
How to change your Spotify account’s privacy settings
The web player is where to start if you want to tune up your Spotify privacy. Almost all of Spotify’s data privacy settings are found on there, rather than in the mobile or desktop apps.
We’ll start by cutting down on how much personal data you share with Spotify.
Click your user icon then go to Account > Edit profile.
Remove or edit any personal info that you’re able to.
Uncheck “Share my registration data with Spotify’s content providers for marketing purposes.”
Click “Save Changes.”
Screenshot: Brendan Hesse
Next, let’s limit how Spotify uses your personal data for advertising.
Go to Account > Privacy settings.
Turn off “Process my personal data for tailored ads.” Note that you’ll still get just as many ads—and Spotify will still track you—but your personal data will no longer be used to deliver you targeted ads.
Turn off “Process my Facebook data.” This will stop Spotify from using your Facebook account data to further refine the ads you hear.
Lastly, go to Account > Apps to review all the external apps linked to your Spotify account and see a list of all devices you’re logged in to. Remove any you don’t need or use anymore.
How to review your Spotify account data
You can also see how much of your personal data Spotify has collected. At the bottom of the Privacy Settings page, there’s an option to download your Spotify data for review. While you can’t remove this data from your account, it shows you a selection of personal information, your listening and search history, and other data the company has collected. Click “Request” to begin the process. Note that it can take up to 30 days for Spotify to get your data ready for download.
How to hide public playlists and listening activity on Spotify
Your Spotify playlists and listening activity are public by default, but you can quickly turn them off or even block certain listening activity in Spotify’s web and desktop apps. While this doesn’t affect Spotify’s data tracking, it’s still a good idea to keep some info hidden if you’re trying to make Spotify as private as possible.
How to turn off Spotify listening activity
Desktop
Screenshot: Brendan Hesse
Click your profile image and go to Settings > Social
Turn off “Make my new playlists public.”
Turn off “Share my listening activity on Spotify.”
Mobile
Screenshot: Brendan Hesse
Tap the settings icon in the upper-right of the app.
Scroll down to “Social.”
Disable “Listening Activity.”
How to hide Spotify Playlists
Don’t forget to hide previously created playlists, which are made public by default. This can be done from the desktop, web, and mobile apps.
Mobile
Open the “Your Library” tab.
Select a playlist.
Tap the three-dot icon in the upper-right of the screen.
Select “Make Secret.”
Desktop app and web player
Open a playlist from the library bar on the left.
Click the three-dot icon by the Playlist’s name.
Select “Make Secret.”
How to use Private Listening mode on Spotify
Spotify’s Private Listening mode also hides your listening activity, but you need to enable it manually each time you want to use it.
Mobile
In the app, go to Settings > Social.
Tap “Enable private session.”
Desktop app and web player
There are three ways to enable a Private session on desktop:
Click your profile picture then select “Private session.”
Or, click the “…” icon in the upper-left and go to File > Private session.
Or, go to Settings > Social and toggle “Start a private session to listen anonymously.”
Note that Private sessions only affect what other users see (or don’t see, rather). It doesn’t stop Spotify from tracking your activity—though as Wired points out, Spotify’s Privacy Policy vaguely implies Private Mode “may not influence” your recommendations, so it’s possible some data isn’t tracked while this mode is turned on. It’s better to use the privacy controls outlined in the sections above if you want to change how Spotify collects data.
How to limit third-party cookie tracking in Spotify
Turning on the privacy settings above will help reduce how much data Spotify tracks and uses for advertising and keep some of your Spotify listening history hidden from other users, but you should also take steps to limit how other apps and websites track your Spotify activity.
Screenshot: Brendan Hesse
The desktop app has built-in cookie blocking controls that can do this:
In the desktop app, click your username in the top right corner.
Go to Settings > Show advanced settings.
Scroll down to “Privacy” and turn on “Block all cookies for this installation of the Spotify desktop app.”
Close and restart the app for the change to take effect.
Even with all possible privacy settings turned on and Private Listening sessions enabled at all times, Spotify is still tracking your data. If that is absolutely unacceptable to you, the only real option is to delete your account. This will remove all your Spotify data for good—just make sure you download and back up any data you want to import to other services before you go through with it.
Go to the Contact Spotify Support web page and sign in with your Spotify account.
Select the “Account” section.
Click “I want to close my account” from the list of options.
Scroll down to the bottom of the page and click “Close Account.”
Follow the on-screen prompts, clicking “Continue” each time to move forward.
After the final confirmation, Spotify will send you an email with the cancellation link. Click the “Close My Account” button to verify you want to delete your account (this link is only active for 24 hours).
To be clear, we’re not advocating everyone go out and delete their Spotify accounts over the company’s privacy policy and advertising practices, but it’s always important to know how—and why—the apps and websites we use are tracking us. As we said at the top, even companies with the best intentions can fumble your data, unwittingly delivering it into the wrong hands.
Even if you’re cool with Spotify tracking you and don’t feel like enabling the options we’ve outlined in this guide, take a moment to tune up your account’s privacy with a strong password and two-factor sign-in, and remove any unnecessary info from your profile. These extra steps will help keep you safe if there’s ever an unexpected security breach.
An announcement by the Cyberspace Administration of China (CAC) said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe. The announcement therefore defines infosec regulations and and responsibilities.
The CAC referred to critical infrastructure as “the nerve center of economic and social operations and the top priority of network security”. China’s definition of critical information infrastructure can be found in Article 2 of the State Council’s “Regulations on the Security Protection of Critical Information Infrastructure” and boils down to any system that could suffer significant damage from a cyber attack, and/or have such an attack damage society at large or even national security.
“The regulations clarify that important network facilities and information systems in key industries and fields belong to critical information infrastructure,” wrote the CAC in its announcement (as translated from Mandarin), adding that the state was adopting measures to monitor, defend and handle network risks and intrusions, originating domestically and globally.
The regulations themselves are lengthy and detailed, but the theme is that all Chinese enterprises whose operations depend on networks must conduct an annual security reviews, report breaches to government, and establish teams to monitor security constantly.
Those teams get to develop emergency plans and carry out emergency drills on a regular basis, in accordance with disaster management national plans.
If an incident is ever discovered, reporting and escalation to national authorities is mandatory.
The lengthy document also details a variety of organizational and logistical “clarifications”, while also outlining the state’s ability to adjust identification rules dynamically, how safeguarding measures can be implemented, and legal responsibilities and penalties for negligent parties.
This sounds sensible. The Dutch NCSC has guidelines and an audit checklist recommending this, however this is not mandatory anywhere and very few companies actually use the monster checklist, let alone implement it. Nowadays this is not really acceptable behaviour any more.
This visualization was created in **R** using the **rayrender** and **rayshader** packages to render the 3D image, and **ffmpeg** to combine the images into a video and add text. You can see close-ups of 6 continents in the following tweet thread:
https://twitter.com/tylermorganwall/status/1427642504082599942
The data source is the GPW-v4 population density dataset, at 15 minute (30km) increments:
Data:
https://sedac.ciesin.columbia.edu/data/collection/gpw-v4
Rayshader:
http://www.github.com/tylermorganwall/rayshader
Rayrender:
http://www.github.com/tylermorganwall/rayrender
Here’s a link to the R code used to generate the visualization:
https://gist.github.com/tylermorganwall/3ee1c6e2a5dff19aca7836c05cbbf9ac