Weekly output: 5G leaders, Mr. Antenna, streaming study, Desi Bundle, Disney’s Star+, Seinfeld coming to Netflix, two-factor authentication, HBO Max on Vizio, Locast logs off, Apple loosens App Store rules for “reader” apps, Nielsen nixed, checking wireless coverage, WhatsApp privacy fine

I worked a volunteer shift at a COVID-19 vaccination clinic Friday, the fourth time I’ve done so. On this occasion, we had far fewer customers than before, most coming for their second round of Pfizer or Moderna. But a few had yet to get any dose, which meant that they got to choose between those two vaccines or Johnson & Johnson’s; the latter needing a single jab made the difference for one man who said he was only getting vaccinated because his job required it. We also had a few under-18 kids who were limited to Pfizer–and one whom had been brought by her mom on her 12th birthday, so we had to take a minute to sing “Happy Birthday” to her.

8/30/2021: The 5G 50 to Watch Top Ten List, Light Reading

I helped write the bios for this list of top telecom industry executives put together by my trade-pub client. Yes, my last name is spelled wrong at the end of the piece.

8/31/2021: OTA antenna service alleges Vegas station refused to air its ads, FierceVideo

I spent most of this week filling in at my other big trade-pub client. I started by covering an allegation by a broadcast-antenna vendor named Mr. Antenna that a Las Vegas station had quit airing its ads because increased broadcast viewing would undercut its cable-TV income.

8/31/2021: New study finds more Americans splitting their streaming budget, FierceVideo

I wrote up a Leichtman Research Group study finding more Americans signing up for at least three streaming services.

8/31/2021: DistroScale streaming bundle serves up free South Asian channels, FierceVideo

If you didn’t know that “desi” is a term for people of South Asian descent before reading this post, you did after.

9/1/2021: Disney debuts Star+ in Latin America, FierceVideo

Writing this led me to dust off my VPN service for the first time in months to see what pricing this new Disney streaming service would show to a viewer in its target Latin American markets–the press releases I saw didn’t list any.

9/1/2021: Seinfeld coming to Netflix Oct. 1—and in 4K, FierceVideo

I only referenced one Seinfeld catch phrase in this piece, which I thought showed remarkable restraint.

Screengrab of column as seen in USAT's iPad app9/1/2021: Why you shouldn’t rely on texts when using two-factor authentication to sign into accounts, USA Today

I could have written this column at any time in the previous two years, but T-Mobile’s latest data breach made it newly relevant.

9/2/2021: HBO Max app comes to Vizio connected TVs, FierceVideo

This post reminded me how much of HBO Max’s early struggles with getting its apps on streaming platforms.

9/2/2021: After hostile court ruling, Locast logs off, FierceVideo

As I tweeted after this story ran, the broadcasters who succeeded in suing Locast offline might not want to gloat too much. Viewers aren’t getting any less weary of endless pay-TV rate hikes, and telling people without good over-the-air reception to stick with cable will only get less persuasive every year.

9/2/2021: Apple to let video apps point users away from its payment system, FierceVideo

Apple deigning to allow “reader” apps to include one link to their own site shouldn’t be a big deal, but it is in the context of that company’s history of App Store control-freakery.

9/3/2021: Media Rating Council suspends Nielsen accreditations, FierceVideo

My last post for Fierce this week covered an industry group snubbing Nielsen’s audience-tracking work.

9/3/2021: Which wireless carrier has the best coverage where you’re going? Here’s how to find out, USA Today

A friend’s query about ways to see if T-Mobile or Verizon would offer better service than AT&T at his home was followed by my realizing that USAT had yet to cover the FCC’s release of a new and surprisingly helpful map of predicted LTE coverage from the major carriers.

9/3/2021: WhatsApp fined under GDPR, Al Jazeera

The Arabic-language channel had me on to discuss WhatsApp getting hit with a €225 million fine for violations of the EU’s General Data Protection Regulation. The European Data Protection Board’s ruling in this case calls those failures of transparency, but I see the underlying problem as WhatsApp insisting on access to your phone’s contacts list to place a call or send a message to anybody who hasn’t already contacted you in the app.

Weekly output: Google hearings (x2), Microsoft wants facial-recognition rules, Google Maps and Lime scooters, U2F security keys, U.S. newspapers vs. the GDPR

My calendar for the coming week looks strange: There isn’t a single work appointment on it. I plan to celebrate that by not shaving tomorrow.

12/10/2018: Congress will grill Google’s CEO this week — here’s what to expect, Yahoo Finance

The House Judiciary Committee–in particular, certain of its Republican members–obliged me by living up so completely to this preview of Google chief executive Sundar Pichai’s Tuesday appearance there.

12/10/2018: Microsoft is asking the government to regulate the company’s facial recognition tech, Yahoo Finance

Microsoft president Brad Smith came to the Brookings Institution last week to make an unusual plea: Please regulate us before we get dragged into a race to the bottom with ethically-unbounded vendors of facial-recognition technology.

12/13/2018: Google Maps will now help you find Lime scooters, Yahoo Finance

I got an advance on this news from one of Lime’s publicists; by itself, this new feature isn’t a huge development, but covering it allowed me to discuss broader failings in both Google and Apple’s navigation software.

12/13/2018: On privacy, Google CEO’s congressional hearing comes up short, The Parallax

I wrote about several security and privacy questions that should have been asked during Pichai’s grilling but never came up. The single worst omission: Not a single representative even mentioned the name of a non-Google search engine.

12/14/2018: Primer: How to lock your online accounts with a security key, The Parallax

I’ve had the idea of an explainer about “U2F” security keys on my to-do list for a while. In the time it took for me to sell the piece, Microsoft and Apple finally began moving to support this particularly secure two-step verification option.

12/16/2018: Post-Dispatch, Tribune haven’t caught up with EU rules, Gateway Journalism Review

My former Washington Post colleague Jackie Spinner wrote about how the sites of some U.S. newspapers continue to block European readers instead of complying with the European Union’s General Data Protection Regulation. She gave me a chance to critique this self-defeating practice–I’d earlier griped about it in a Facebook comments thread with her–and I was happy to give her few quotes.

LastPass shows how to do two-step verification wrong

I finally signed up for LastPass Premium after years of using the free version of that password-management service. And I’m starting to regret that expense even though $2 a month should amount to a rounding error.

Instead of that minimal outlay, I’m irked by LastPass’s implementation of the feature I had in mind when typing in credit-card digits: support for Yubikey U2F security keys as a form of two-step verification.

Two-step verification, if any reminder is needed, secures your accounts by confirming any unusual login with a one-time code. The easy but brittle way to get a two-step code is to have a service text one to you, which works great unless somebody hijacks your phone number with a SIM swap. Using an app like Google Authenticator takes your wireless carrier’s security out of the equation but requires regenerating these codes each time you reset or switch phones.

Using a security key–Yubikey being one brand, “U2F” an older standard, “WebAuthn” a newer and broader standard–allows two-step verification independent of both your wireless carrier and your current phone.

Paying for LastPass Premium allowed me to use that. But what I didn’t realize upfront is that LastPass treats this as an A-or-B choice: If you don’t have your Yubikey handy, you can’t click or type a button to enter a Google Authenticator code instead as you can with a Google account.

A LastPass tech-support notice doesn’t quite capture the broken state of this user experience:

If multiple Authentication methods are used, only one will activate per login attempt. If you disable one, then another will activate on the next log in attempt. Because only one activates at a time, you cannot have multiple prompts during the same log in.

The reality you see if you happened to leave your Yubikey at home or just have your phone closer at hand: an “I’ve lost my YubiKey device” link you’re supposed to click to remove that security option from your account.

This absolutist approach to two-step verification is not helpful. But it’s also something I should have looked up myself before throwing $24 at this service.