You too could get scammed by a call purporting to be from your credit card company. How will you spot it before it happens? CC-licensed photo by frankie leon on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
There’s another post coming this week at the Social Warming Substack on Friday at 0845 UK time. Free signup.
A selection of 9 links for you. Charge it! I’m @charlesarthur on Twitter. On Threads: charles_arthur. On Mastodon: https://newsie.social/@charlesarthur. Observations and links welcome.
How I got scammed • Pluralistic
Cory Doctorow:
»
Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union’s ATM and I used that one instead (I bank with a one-branch credit union and generally there’s no fee to use another CU’s ATM).
A couple days later, I got a call from my credit union (CU). It was a weekend, during the holiday, and the guy who called was obviously working for my little CU’s after-hours fraud contractor. I’d dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn’t great and the staff will often make mistakes like mispronouncing my credit union’s name.
That’s what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank’s name and then asked if I’d attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I’d had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union’s ATM (it had been a very cheap looking system).
I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I’d left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.
“Look,” I said, “you’ve got all my details, you’ve frozen the card. I gotta go home and meet my family and head to the airport. I’ll call you back on the after-hours number once I’m through security, all right?”
«
As the headline suggests, it wasn’t all right. But you, like Cory, might find it hard at first to spot where it went wrong. Just goes to show: it can happen to any of us. But, Doctorow points out, there’s some sort of data leak going on which is making people extra vulnerable to this.
unique link to this extract
Inside the underground site where ‘neural networks’ churn out fake IDs • 404 Media
Joseph Cox:
»
An underground website called OnlyFake is claiming to use “neural networks” to generate realistic looking photos of fake IDs for just $15, radically disrupting the marketplace for fake identities and cybersecurity more generally. This technology, which 404 Media has verified produces fake IDs nearly instantly, could streamline everything from bank fraud to laundering stolen funds.
In our own tests, OnlyFake created a highly convincing California driver’s license, complete with whatever arbitrary name, biographical information, address, expiration date, and signature we wanted. The photo even gives the appearance that the ID card is laying on a fluffy carpet, as if someone has placed it on the floor and snapped a picture, which many sites require for verification purposes. 404 Media then used another fake ID generated by this site to successfully step through the identity verification process on OKX. OKX is a cryptocurrency exchange that has recently appeared in multiple court records because of its use by criminals.
Rather than painstakingly crafting a fake ID by hand—a highly skilled criminal profession that can take years to master—or waiting for a purchased one to arrive in the mail with the risk of interception, OnlyFake lets essentially anyone generate fake IDs in minutes that may seem real enough to bypass various online verification systems. Or at least fool some people.
“The era of rendering documents using Photoshop is coming to an end,” an announcement posted to OnlyFake’s Telegram account reads. As well as “neural networks,” the service claims to use “generators” which create up to 20,000 documents a day. The service’s owner, who goes by the moniker John Wick, told 404 Media that hundreds of documents can be generated at once using data from an Excel table.
«
Totally logical development. (In passing: 404 Media is doing register-to-read, and a paywall. It’s got the potential to become a really good technology site if enough people sign up.)
unique link to this extract
TechCrunch+ termination • Lux Capital
Danny Crichton is the former managing editor of Techcrunch, which as he points out has survived where plenty of other media properties haven’t:
»
TechCrunch’s focus on startups required second-order thinking. Startup-related articles got a fraction of the readership of an article on Apple, since no one is searching on Google for the name of a startup they have never heard of before. So why bother? Indeed, many of TechCrunch’s now-dead competitors didn’t bother. The key insight though is that these articles attract the startup CEOs and founders, and it is precisely this demographic that is so valuable for advertisers. Startup coverage was a form of service journalism, and one that happened to create a perpetual revenue machine.
The other half of TechCrunch’s business is events, and namely Disrupt. Disrupt attracts around 10,000 attendees per year, and the fruits of that service journalism on startups kept on giving. Disrupt offered Founder Pass packages that were quite affordable even for the youngest companies, while charging eye-watering sums for business executives from legacy technology companies. The economic price discrimination is and was brilliant: make sure the “cool kids” are there, and then charge the so-called “grown-ups” to be around them.
TechCrunch’s events were more profitable compared to the industry norm since most of them were local to San Francisco, none of the speakers were paid, panels could be constructed by accomplished beat writers who already knew who should be there (greatly reducing the number of event planners required), and the site itself became the best advertising medium to sell tickets and sponsorships, vastly reducing marketing costs.
The unique economics for TechCrunch around advertising and events funded the organization well, but they have an obvious flaw: they don’t really scale.
«
And yet it’s also shutting down its subscription service Extra Crunch/TechCrunch+. Which struck me as odd, until I read Crichton’s description of the impossibility of finding writers to produce content for it. (Try guessing how much one feature writer demanded to write a feature. Nope, it was more than that.) Journalism in the US is in deep trouble.
unique link to this extract
Amazon finds $1bn jackpot in its 100 million+ IPv4 address stockpile • TechSpot
Zane Khan:
»
Amazon Web Services (AWS) flipped the switch on its new IPv4 address pricing scheme on February 1 as it had announced months prior. The new policy means customers will pay $0.005 per public IPv4 address per hour, a seemingly negligible amount at first glance. But dig deeper and you’ll find a billion-dollar revenue stream emerging for Amazon’s cloud division.
The tech giant first teased the pricing change last summer, positioning it as a necessity given skyrocketing demand and administrative costs for IPv4 addresses. After all, the 32-bit protocol is tapped out at around 4.3 billion unique IDs. That may sound like a lot but in an era of proliferating smart devices, we indeed are running out.
And as IDs run out, associated costs have soared. “The cost to acquire a single public IPv4 address has risen more than 300% over the past five years,” the company stated, urging users to transition to IPv6 with its vast 128-bit address pool.
But IPv4 remains widespread, and Amazon holds a trove of the sought-after addresses. An analysis by Border0 estimated Amazon controls nearly 132 million public IPv4s. Crunching some numbers, Border0 found out their eye-watering valuation – around $4.6bn based on today’s average IPv4 price tag of $35.
Of course, Amazon cannot simply cash out and offload that internet real estate. However, it can generate recurring revenue by billing active users. Border0 estimates that 30% of those IPs (79 million) are linked to income-generating AWS services. Quick calculations reveal over $1bn per year in projected revenue from this policy adjustment. Border0 concludes that Amazon could be earning between $400m to $1bn annually with these new prices. Not bad at all.
«
Owning the shovels and hiring them out really is the way to get rich in the mine.
unique link to this extract
This baby with a head camera helped teach an AI how kids learn language • MIT Technology Review
Cassandra Willyard:
»
Human babies are far better at learning than even the very best large language models. To be able to write in passable English, ChatGPT had to be trained on massive data sets that contain millions or even a trillion words. Children, on the other hand, have access to only a tiny fraction of that data, yet by age three they’re communicating in quite sophisticated ways.
A team of researchers at New York University wondered if AI could learn like a baby. What could an AI model do when given a far smaller data set—the sights and sounds experienced by a single child learning to talk?
A lot, it turns out. The AI model managed to match words to the objects they represent. “There’s enough data even in this blip of the child’s experience that it can do genuine word learning,” says Brenden Lake, a computational cognitive scientist at New York University and an author of the study. This work, published in Science today, not only provides insights into how babies learn but could also lead to better AI models.
Online videos are a vast and untapped source of training data—and OpenAI says it has a new way to use it.
For this experiment, the researchers relied on 61 hours of video from a helmet camera worn by a child who lives near Adelaide, Australia. That child, Sam, wore the camera off and on for one and a half years, from the time he was six months old until a little after his second birthday. The camera captured the things Sam looked at and paid attention to during about 1% of his waking hours. It recorded Sam’s two cats, his parents, his crib and toys, his house, his meals, and much more. “This data set was totally unique,” Lake says. “It’s the best window we’ve ever had into what a single child has access to.”«
To “mouse with an ear on its back” we can now add “baby with a camera on its head for 18 months”. Though it’s only about 1% of the child’s waking hours. The rest of the article deals with how the researchers matched the video to the language, and it’s actually pretty interesting.
unique link to this extract
The Apple Vision Pro is spectacular and sad • The Atlantic
Ian Bogost:
»
Please do not get in the car, or try to operate any other heavy machinery, while wearing the Apple Vision Pro. The device will convince you that you can see areas beyond it, but it renders that space only as trompe l’œil. I had no trouble getting up from the couch to grab my laptop from the other room, but the world jittered in the display, sprouting fuzz around its edges. Objects throbbed in time with my footfalls. Every jostle or cough made reality shudder. This was a rapidly updating computer-desktop-background version of the world, rather than a view of things as they really are.
To stave off this nagging sense of unreality, one can select one of Apple’s built-in “environments”—virtual scenes with animation and sound—that blend in and out of view as you turn the knob on the visor’s top. Using my eyes as a mouse, I selected White Sands, a view of a turbulent sky over the gypsum dunes of southern New Mexico.
It was there, in that Oppenheimer desolation, that I hooked up the goggles to my laptop and cast my Mac display into my augmented reality as a virtual screen. Typing via finger pinches or dictation was a pain, so I used a wireless keyboard. Even that had problems. Touch-typing in that context wasn’t easy, and the writing felt out of phase. The letters on the screen appeared after a very slight delay, just enough to make it feel like my words were being pulled through a wormhole on their way into my document.
I reconnected with my editor, via Slack, inside my laptop, through my headset. This is how I’d thought the Apple Vision Pro might best be used—as a virtual office, a place to work that is an actual place and not just a little screen on a table or a desk. The posture benefits were immediate: I was sitting upright, my back against a cushion, my head straight, my eyes focused on the horizon (and the future?). I felt like an illustration in a workplace-ergonomics poster. I felt good.
But also disoriented.
«
The hot takes are cooling down now. Give it a couple of weeks and people will have gotten over the fact that this is version 1.0, and quiet down. Then spatial video of sports will start coming out (or being shared) and it will heat up again. It’s the cycle of (tech news) life.
unique link to this extract
Craig Wright’s claim he invented bitcoin a ‘brazen lie’, court told • The Guardian
Dan Milmo and agencies:
»
An Australian computer scientist’s claim to be the author of the founding text of bitcoin is a “brazen lie”, the high court has heard.
Craig Wright’s assertion that he is the pseudonymous author Satoshi Nakamoto was at the centre of a trial that began on Monday, where the 53-year-old is being sued by a group of cryptocurrency exchanges and developers.
Jonathan Hough KC, representing the Crypto Patent Alliance [Copa], told the high court that Wright’s claim was a “brazen lie and elaborate false narrative supported by forgery on an industrial scale”. Copa, which is backed by Twitter founder Jack Dorsey, is seeking a “negative declaration” that Wright is not Nakamoto.
Elements of Wright’s conduct were reminiscent of a “farce”, said Hough, including the alleged use of ChatGPT to produce forgeries to back up his claims. Nevertheless, Hough said, Wright’s insistence that he was Nakamoto – a claim he first made in 2016 – had “deadly serious” consequences for individuals who had faced legal action based on his claims.
Hough said: “On the basis of his dishonest claim to be Satoshi, he has pursued claims he puts at hundreds of billions of dollars, including against numerous private individuals.”
In written submissions, Hough added: “Dr Wright has consistently failed to supply genuine proof of his claim to be Satoshi: instead, he has repeatedly proffered documents which bear clear signs of having been doctored.”
The court heard that experts on both sides agreed that the original white paper was written on OpenOffice software. But the version provided by Wright was created on software called LaTeX, Hough told the court.
«
Certainly going to be one to watch: will Wright somehow have to prove that he is Nakamoto? Wright has certainly spent a lot of money on pricey lawyers in the past few years.
unique link to this extract
Why some states are requiring ID to see adult content, porn online • The 19th
Jasmine Mithani:
»
Age verification laws are the “latest strategy in a long battle” against pornography, said Kelsy Burke, professor of sociology at University of Nebraska at Lincoln and author of “The Pornography Wars: The Past, Present, and Future of America’s Obscene Obsession.”
“Over the past couple hundred years, conservatives have used various arguments to talk about why porn is bad for us,” Burke said. “Conservatives think they can gain some traction with broader publics by saying that kids are accessing porn, and that’s why we need to stop them.”
There is widespread consensus among politicians, parents, sex workers, the Supreme Court and the general population that minors should not be allowed to engage with explicit content.
“One of the things that’s important to point out is that it is already illegal to distribute sexual material to minors,” Burke said. “So in some ways, these age verification laws are attempting to provide a mechanism to enforce laws that are already out there.”There are several ways adult content is restricted on the internet, but they are imperfect. Some adult sites ask users to affirm they are over 18 via a pop-up, but the self-reported information is never confirmed. Search engines and devices have content filtering enabled for adult websites, but device-level restrictions are not enabled by default.
The current tools require parents to be involved decision makers in the kind of content their kids are able to view, said Burke.
If parents don’t do that, then the tools remain ineffective. Content filters and device settings also require a certain level of technical ability to set — and often kids can be more technologically fluent than their parents.
«
Sounds like the methods for “enforcement” are about as unsophisticated as you can imagine.
unique link to this extract
Exploring Reddit’s third-party app environment seven months after the APIcalypse • Ars Technica
Scharon Harding:
»
After speaking with developers, a few trends stand out. There’s annoyance among app users over pricing changes, but users are still jumping from popular closed [ie shuttered] apps to apps that are still available, underscoring the enduring demand for third-party apps. Some devs are trying to mollify users by offering pricing tiers that don’t pay for themselves, hoping that things balance out through other paying users.
There is also trepidation around how long third-party Reddit apps will keep existing. While some are currently profitable, developers are aware that Reddit can change the rules again at any time. Reddit says its goal isn’t to kill third-party apps, but it’s apparent that third-party apps aren’t a business priority. Still, some developers are finding value in building apps that work on top of, instead of in lieu of, native Reddit platforms.
Meanwhile, there’s not a huge incentive for developers to make third-party Reddit apps. There haven’t been significant updates about Reddit’s developer platform, and devs I spoke to aren’t making enough money with their apps to quit their day jobs. Most are working out of personal interest in app development and making Reddit better to use. If Reddit were to make things more complicated or expensive for developers, even more could throw in the towel.
In December, The Information reported that Reddit’s ad revenue was expected to grow over 20% in 2023. However, this was still reportedly less than Reddit anticipated for the year, so you can expect the company to expand efforts that grow its ad business, especially as it strives to turn a profit and prepare for a 2024 IPO.
«
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 