Vaccinated!

I had sort of been keeping an eye on possibilities for registering to get on wait lists as soon as I become eligible for the vaccine on the 15th, so any vaccine-related threads on the local Reddit group immediately get my attention. Yesterday morning, rumors were circulating that three tribal clinics in the area had excess supply and were letting any adult, regardless of age or tribal status, receive the vaccine.

Two of the three rumors got promptly shot down in flames. But people kept insisting that the third one was actually a possibility. I went to the web site for that clinic, and sure enough, hundreds of vaccine doses for that afternoon were yet to be claimed.

Could it be? It sounded too good to be true. The clinic in question was in the next county and almost an hour’s drive away, and I didn’t want to make the drive only to be turned away, so I called them to verify. It was indeed true: they had a surplus of Johnson & Johnson vaccine, and any adult, regardless of tribal status, who made an appointment and showed up could claim a dose.

Everything was handled outdoors in the parking lot of the Swinomish Casino. I did not even have to leave the cab of my truck. I waited less than five minutes to get my shot. It all seemed surreal, what with how so many people are scrambling merely to get on waiting lists. It still seems surreal.

But I have a piece of card stock to prove it was all very real.

Thinking about Privacy Policies

I am in the process of developing and publishing an Android app to the Google Play store. Part of the process of doing so is developing and publishing a privacy policy.

Initially, I thought this would be super-simple: Don’t collect information, then there is nothing to share or to establish policies about sharing. Simple. However, in the real world, things are seldom so simple as they might at first appear.

The first complication came when I realized that although my app does not (and probably never will) gather and pass on usage statistics, the places from which users might download my app, which will include a web site run by yours truly in addition to the Google Play store, certainly will gather such statistics.

Virtually every web server on the Internet logs each and every request it receives, and these log messages typically contain, at a bare minimum:

  • The time a request arrived.
  • The IP address the request arrived from,
  • The URL of the resource being requested, and
  • Basic information on the user agent (i.e. web browser) used to make the request. Such information typically includes the operating system that the user agent was running under.

So, say you are an AT&T customer in Brooklyn who uses your Samsung Galaxy S21 to download a copy of my app. I (or Google) will be able to tell from your IP address that you are an AT&T customer in the New York City metro area. We may even be able to tell that you were in the borough of Brooklyn, and that you were using a Galaxy S21. If we share your IP address with AT&T Wireless, they will be definitely able to determine exactly who you are, what hardware you used, where you used it, and (if you were doing something unlawful and/or abusive) take action against you for what you did.

Some Internet users are shocked to discover this. If you are one of those, consider yourself educated.

Why is this done? Not always for nefarious purposes! In fact, not usually for such. Gathering such data can be extremely useful for dealing with things like abusive users (they exist), troubleshooting software and network problems (they are inevitable), or managing the growth of traffic to a web site or to a cellular network.

But it’s still pretty simple, right? So I am collecting basic usage statistics (and Google Play will doubtless collect some on my behalf that it can share with me in reports). Just do not share the information!

Well, there is the matter that I could end up in jail on a contempt of court charge for adhering to such a policy: what if a law enforcement officer or a process server arrives at my door armed with a warrant or a subpoena?

Okay, then, exclude that and nothing else. Solved!

Not so fast, yet again! What if my app becomes popular with violent white nationalists and neofascists? I am, after all, promising to gather a fairly minimum amount of information and to be as reluctant as possible in sharing it; that makes my app attractive to such individuals.

It also makes it attractive to those breaking laws to undermine oppression and to advocate for more freedom, which is my main intent. If that sounds reckless to you, just ponder that any oppressive order has always considered it a crime to undermine said order; revolutionary politics is intrinsically criminal politics. Lech Wałęsa was a criminal; Martin Luther King was a criminal; Mahatma Gandhi was a criminal. If the Founding Fathers of the United States had failed in their endeavor, they would have been prosecuted and for the most part executed for the crime of treason against the British Empire.

The only exceptions to the above rule are certain situations when the revolutionaries are judged to be sufficiently tiny in number and powerless so as to pose little or no threat to the established order. And as soon as they gain enough power to cease being so, watch out! The velvet gloves will be replaced by an iron fist.

But I digress. So now I must craft an exception for things like neofascist and white nationalist politics. While I do not want to, and do not have any intent to, regularly monitor the download logs, I want to be free to cooperate with antifascist organizations should my cooperation prove helpful to the cause of fighting fascism.

That, of course, begs the question of just what, precisely “neofascist and white nationalist politics” is. However I define it, it opens up the prospects of all sorts of word games: “No, I am not a ‘fascist,’ you stupid leftist. I am a ‘nationalist’ and an ‘identitarian.’”

Now I am stuck trying to anticipate those word games, all the while also having a privacy promise that still is meaningful to the vast majority of people, even people whom I might politically disagree with, who are nonetheless not fascists and whose beliefs must be accepted as part of the diverse spectrum of beliefs in any free and open society.

In the real world, things are seldom so simple as they might at first appear.

Testing Android Apps

It leaves a lot to be desired.

The normal unit testing is advertised as supporting most of the Android class library (which is not the same as the standard Java class library), but what they don’t tell you is that it’s chock full of stub-out dummy logic. The routine to load an image from a file, for example, always returns a 100 by 100 black image. That’s sort of a deal-killer if one is trying to test image-processing code.

The instrumented testing runs on Android devices so avoids those headaches, but it too is extremely limited in scope and needlessly developer-hostile. For example, the test code is by default strictly disallowed from making any modifications to the filesystem. If one is testing an app that processes files, that again ends up being a deal-killer (how, exactly, am I to create the test files to feed to the app being tested)?

There are ways to disable this misfeature, but they are very poorly documented. It’s a setting buried deeply in an obscure settings menu somewhere. Where, exactly, is not standardized: it varies from device to device so much that one set of instructions is not even valid for a single Android OS release. I gave up in disgust after pissing away at least an hour searching in vain for it on my phone.

If Google wants developers to write good, comprehensive tests for apps, they need to stop making it as difficult as possible for us to do so. Until then, Google can take its pleading about writing tests and go fuck themselves. I will still write tests, but not very comprehensive ones.