Start Up: fixing Facebook’s ad machine, the gender idiots, Apple Watch v Fitbit Ionic, and more


Is Amazon really helping people build bombs – or something less dangerous? Photo by ollyj on Flickr

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Don’t say I didn’t warn you. I’m @charlesarthur on Twitter. Observations and links welcome.

Anatomy of a moral panic • Idle Words

Maciej Cieglowski on the “Amazon helps you build bombs story”:

»

just how many people does Channel 4 imagine are buying bombs online? For a recommendations algorithm to be suggesting shrapnel to sulfur shoppers implies that thousands or tens of thousands of people are putting these items together in their shopping cart. So where are all these black powder bombers? And why on earth would an aspiring bomber use an online shopping cart tied to their real identity?

A more responsible report would have clarified that black powder, a low-velocity explosive, is not a favored material for bomb making. Other combinations are just as easy to make, and pack a bigger punch.

The bomb that blew up the Federal building in Oklahoma City, for example, was a mixture of agricultural fertilizer and racing fuel. Terrorists behind the recent London bombings have favored a homemade explosive called TATP that can be easily synthesized from acetone, a ubiquitous industrial solvent.

Those bombers who do use black powder find it easier to just scrape it out of commercially available fireworks, which is how the Boston Marathon bomber obtained the explosives for his device. The only people carefully milling the stuff from scratch, after buying it online in an easily traceable way, are harmless musket owners and rocket nerds who will now face an additional level of hassle.

The shoddiness of this story has not prevented it from spreading like a weed to other media outlets, accumulating errors as it goes.

The New York Times omits the bogus shrapnel claim, but falsely describes thermite as “two powders that explode when mixed together in the right proportions and then ignited.” (Thermite does not detonate.)

«

And more where those came from. I have one issue: he thinks bad reporting comes from the desire to get clicks. It’s been around a lot, lot longer than the internet. But like all of his articles, this one has killer blows. (Thanks John Naughton for the link.)
link to this extract


Diversification (aka how to survive a crash) • AVC

Fred Wilson is pretty sure a crash in cryptocoin is inevitable:

»

I have advocated many times on this blog that people should have some percentage of their net worth in crypto. I have suggested as much as 10% or even 20% for people who are young or who are true believers. I continue to believe that and advocate for that.

But we don’t have that much of our net worth in crypto. We probably have around 5% between direct holdings and indirect holdings through USV and other crypto funds. I think that’s a prudent number for a portfolio like ours.

I know a lot of people who are true believers in crypto and have made fortunes in it. They are “all in” on crypto and have much of their net worth (all in some cases) invested in this sector. I worry about them and this post is aimed at them and others like them. It is fine to be a true believer and being all in on crypto has made them a lot of money. But preservation of capital is about diversification and I think and hope that they will take some money off the table, pay the taxes, and invest it elsewhere.

«

Bet you didn’t know how little of his holdings are in cryptocoin.
link to this extract


CCleaner malware outbreak is much worse than it first appeared • Ars Technica

Dan Goodin:

»

Because the CCleaner backdoor was active for 31 days, the total number of infected computers is “likely at least in the order of hundreds,” researchers from Avast, the antivirus company that acquired CCleaner in July, said in their own analysis published Thursday.

From September 12 to September 16, the highly advanced second stage was reserved for computers inside 20 companies or Web properties, including Cisco, Microsoft, Gmail, VMware, Akamai, Sony, and Samsung. The 20 computers that installed the payload were from eight of those targeted organizations, Avast said, without identifying which ones. Again, because the data covers only a small fraction of the time the backdoor was active, both Avast and Talos believe the true number of targets and victims was much bigger.

The second stage appears to use a completely different control network. The complex code is heavily obfuscated and uses anti-debugging and anti-emulation tricks to conceal its inner workings. Craig Williams, a senior technology leader and global outreach manager at Talos, said the code contains a “fileless” third stage that’s injected into computer memory without ever being written to disk, a feature that further makes analysis difficult. Researchers are in the process of reverse engineering the payload to understand precisely what it does on infected networks…

…The group behind the attack remains unknown. Talos was able to confirm an observation, first made by AV provider Kaspersky Lab, that some of the code in the CCleaner backdoor overlaps with a backdoor used by a hacking group known both as APT 17 and Group 72. Researchers have tied this group to people in China.

«

This is a hell of a thing.
link to this extract


EU buried its own $400,000 study showing unauthorized downloads have almost no effect on sales • Techdirt

Glyn Moody:

»

The 304-page document (pdf), made available on the netzpolitik.org site, contains all the details of the questions that were put to a total of 30,000 people from Germany, France, Poland, Spain, Sweden, and the UK, their answers, and exhaustive analysis. The summary reveals the key results:

»

In 2014, on average 51% of the adults and 72% of the minors in the EU have illegally downloaded or streamed any form of creative content, with higher piracy rates in Poland and Spain than in the other four countries of this study. In general, the results do not show robust statistical evidence of displacement of sales by online copyright infringements. That does not necessarily mean that piracy has no effect but only that the statistical analysis does not prove with sufficient reliability that there is an effect. An exception is the displacement of recent top films. The results show a displacement rate of 40% which means that for every ten recent top films watched illegally, four fewer films are consumed legally.

«

That is, there is zero evidence that unauthorized downloads harmed sales of music, books and games. Indeed, for games, there was evidence that such downloads boosted sales…

«

So it clearly shows that there is an effect on films, and there might be one for all the others (though not games). High prices were essentially to blame: where prices aren’t high, piracy recedes.
link to this extract


App that paid users to exercise owes nearly $1m for not paying users to exercise • Gizmodo

Rhett Jones:

»

In the capitalistic nightmare we live in, everything has to be a transaction. So, when Pact launched its fitness app that let you make money for working out—or else pay a fee for failing to do so—it seemed to be the perfect motivational tool. There was just one problem: The company apparently wasn’t that great at paying up, and was it too good at collecting fees.

On Thursday, the FTC announced that it has settled its complaint against the makers of Pact for failing to live up to their agreement with users. A $1.5m judgment will be partially suspended based on Pact’s apparent lack of funds, the FTC writes, but Pact will be required to pay out $948,788 to customers who were wronged by the company.

«

link to this extract


Google experiment tests top 5 browsers, finds Safari riddled with security bugs • BleepingComputer

Catalin Cimpanu:

»

The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today’s top five browsers, finding most bugs in Apple’s Safari.

The tool — named Domato — is a fuzzer, a security testing toolkit that feeds a software application with random data and analyzes the output for abnormalities.

Google engineer Ivan Fratric created Domato with the goal of fuzzing DOM engines, the browser components that read HTML code and organize it into the DOM (Document Object Model), which is then “painted” and displayed inside the browser window that human users view on their screens.

Google: DOM engine bugs should be a priority
Fratric says he focused on DOM engines because it’s “a rare case that a vendor will publish a security update that doesn’t contain fixes for at least several DOM engine bugs,” showing how prevalent they are today.

He also argues that while Flash bugs provide a cross-browser attack surface, once Flash reaches end-of-life (in 2020), attackers will focus their efforts on DOM engines, the browser’s biggest attack surface.

With Domato he wants to help browser vendors test and patch as many security bugs in their respective DOM engines before it is too late.

«

After 100m tests: 17 bugs in Safari. Edge found 6, IE and Firefox 4, Chrome has 2. “Riddled” might be overstating it. Google has given a copy of Domato to all the browser makers.

Ah, but has also open-sourced Domato. So every hacker can have a go and find the bugs. In the matter of security, Project Zero gives and it takes away.
link to this extract


Fitbit Ionic review: A great fitness tracker, a mediocre smartwatch • Macworld

Michael Simon:

»

Fitbit has leveraged its Pebble acquisition to create a brand new foundation for apps, and you’ll get a handful of them at launch: Weather from AccuWeather, Pandora, Starbucks, and Strava, along with a few stock Fitbit apps, including Exercise, Coach, Wallet, Timers, Alarms, Relax, Settings, and Today.

That’s a pretty weak selection to start with, but it might be easier to overlook if any of the non-fitness-related apps did something useful. Aside from Timers and Alarms, which do what you’d expect, Ionic’s apps are frustratingly limited, with most offering single-page and in some cases, single-use functionality. For example, the Starbucks app is nothing more than a place to store your card. And the Wallet app (the logical place for your Starbucks card) merely offers instructions for how to make payments (by holding the left button).

That’s right, Ionic includes an NFC chip for on-the-go payments. The means yet another payment service (Fitbit Pay, natch), and it works like any other: pull up a card and hold the screen up to a checkout reader. But you can’t add cards without the phone app and Ionic only stores one at a time. It’s clearly designed for athletes who want to leave their wallet behind when on a run rather than someone who wants to abandon cash and credit cards.

You might have noticed a few key smartwatch apps that are missing from Ionic: messages, phone, mail, and maps. As it stands, you can’t do any of those things on the watch. Notifications will alert you to incoming messages and calls, but you’ll need your phone handy if you want to interact with them. It’s a very hands-off affair that might have been novel with the first Pebble way back when, but today’s smartwatches are much more than mere conduits for our phones.

«

The Ionic seems to have lots to recommend it on the fitness front, and the music storage and NFC elements. It’s the compatibility with smartphones which creates the problem for Fitbit. That, and Apple selling products with better “smartwatch” functionality above and below its $300 price.
link to this extract


2017 US music sales are up 17%; streaming is up 48% • Recode

Peter Kafka:

»

More than 30 million people are now paying for a subscription streaming service in the U.S., which pushed streaming revenue up 48%, to $2.5 billion, in the first half of the year. Streaming now accounts for 62% of the U.S. music business.

And that’s pushing the overall music business back up again, after a fall that started in 1999, with the ascent of Napster, and didn’t stop until a couple years ago. Retail sales were up 17%, to $4bn, and wholesale shipments were up 14.6%, to $2.7bn.

Meanwhile, iTunes-style digital download sales continue to fall. They’re down 24 percent. Because why buy songs for a dollar when you can legally stream (almost) anything you want for a price that ranges between zero and $10 a month?

One surprise: Physical sales — things you buy that you can hold in your hand, like in the olden days — are nearly flat, down just 1%. That’s partly because of you hipsters and your facial hair, who pushed vinyl sales up 3%. But it’s also because some of you still like CDs, and maybe you’re always going to like CDs. Those sales were only down 3%.

«

What I find puzzling is that anyone is paying for downloads, given that Spotify has a free tier. Except, I guess, the instances where albums are only released for download. But that can’t be a substantial number.
link to this extract


The LTE Apple Watch is a glimpse into the not-so-distant future • BirchTree

Matt Birchler got an Apple Watch Series 3, and has a mobile connection set up, and he’s really happy with making calls and sending messages while not having to carry a phone on his run:

»

AirPods also behaved swimmingly on this workout. I’d never paired them to this Apple Watch before, but since they’re both linked to my iCloud account, the watch was able to see the AirPods and connect to them without a fuss. Interacting with AirPods is nice and easy too. I have mine set up where tapping the left will play/pause and tapping the right will skip to the next track. watchOS 4 helpfully displays your media controls on screen and in the Workout app, but being able to just tap my ear to move onto the next song is a little easier to do mid-run.

And like I said, because my Apple Watch has an LTE connection, I was also able to place and receive messages during this workout, I could check when the Packers were playing the next day, and even place a call (just to see if I could). The only smartphone thing I really missed was the camera. It was a night run, so I would not have taken any pictures anyway, but I do sometimes shoot quick photos while out in the world on a workout, and I would hate too miss a cool moment because =I simply didn’t have a camera with me. God help me, I think I want a camera on the next Apple Watch!

As any Android fan will tell you, Apple is not the first to this game. There have been LTE Android Wear watches for a couple years now, so I’m just an Apple fanboy who has never left the Apple bubble and thinks Apple does everything first even though they’re years behind. So left me make it clear, I have a drawer full of Android phones that I use regularly, and I have had the uh, pleasure of using an LTE-equipped Android Wear watch and I can tell you without a shadow of a doubt the experience was far more clunky and less enjoyable than my experience last night. My short time doing similar things with all Android devices made me think “maybe we will always need smartphones for everything, because this sucks” while the watchOS experience left me literally giddy with excitement for the future.

«

(That point about being able to specify what taps on each AirPod will do might have passed you by, but it’s new in iOS 11.)

The integration of the Watch and AirPods is remarkable, and this is definitely what Apple sees as a tempting possibility – but is it limited only to those who want to exercise?
link to this extract


It’s official – B&N has thrown in the towel on the Nook • The Digital Reader

Nate Hoffelder:

»

People want to shop online, and they want to buy ebooks, and for a brief while it looked like B&N could give customers what they want. But that illusion was slowly stripped away as Nook entered its death spiral following the 2012 holiday season.

Nook revenues have since declined to the point that Kindle Unlimited is far larger (and the new version of B&N’s website is so painful to use that online sales are also declining). While one estimate said  Nook ebooks sales exceeded Kobo ebook sales in 2016, you shouldn’t bet money on things staying that way.

Instead, the more likely scenario is that B&N is going to strike a deal with Kobo to let the latter either run Nook or simply take over Nook customer accounts. In either case, B&N will got from being a potential player to being little more than one of Kobo’s retail partners – think Indigo, only in the US.

B&N probably winces every time they are compared to Indigo, but that Canadian bookseller is the perfect example of what Barnes & Noble could have done.

«

Yes, like you I thought “Nook is still going in any shape or form?”
link to this extract


Push for gender equality in tech? Some men say it’s gone too far • NYTimes.com

Nellie Bowles:

»

as the nation’s technology capital — long identified as one of the more hostile work environments for women — reels from a series of high-profile sexual harassment and discrimination scandals, these conversations are gaining broader traction.

One of those who said there had been a change is James Altizer, an engineer at the chip maker Nvidia. Mr. Altizer, 52, said he had realized a few years ago that feminists in Silicon Valley had formed a cabal whose goal was to subjugate men. At the time, he said, he was one of the few with that view.

Now Mr. Altizer said he was less alone. “There’s quite a few people going through that in Silicon Valley right now,” he said. “It’s exploding. It’s mostly young men, younger than me.”

Mr. Altizer said that a gathering he hosts in person and online to discuss men’s issues had grown by a few dozen members this year to more than 200, that the private Facebook pages he frequents on men’s rights were gaining new members and that a radical subculture calling for total male separatism was emerging.

“It’s a witch hunt,” he said in a phone interview, contending men are being fired by “dangerous” human resources departments. “I’m sitting in a soundproof booth right now because I’m afraid someone will hear me. When you’re discussing gender issues, it’s almost religious, the response. It’s almost zealotry.”

«

I for one totally support their right to colonise the moon or Mars. In future years, they’ll make a great case study in how cults emerge.
link to this extract


Zuckerberg nixes new Facebook share class after shareholder lawsuit

Tom Hals:

»

Facebook chairman Mark Zuckerberg abandoned plans on Friday to create a new class of company stock with no voting power, which was meant to be a way for Zuckerberg to retain control over the company he founded while fulfilling a pledge to give away his wealth.

Zuckerberg on Friday said that he could meet the charity pledge and maintain voting control of Facebook without the change. His decision followed a shareholder lawsuit opposed to the creation of a new class of stock.

Zuckerberg said in a post on Facebook that the company’s stock had performed well enough that he could fund his philanthropy by selling stock for at least 20 years and still retain voting control of the company. In December 2015 Zuckerberg and his wife, Priscilla Chan, a pediatrician, pledged to give away 99% of their Facebook shares to charity.

«

Odd how it took him until the lawsuit to figure out that 20 years thing.
link to this extract


I helped create Facebook’s ad machine. Here’s how I’d fix it • WIRED

Antonio García Martínez:

»

modern digital advertisers constantly tweak and experiment with ads. When big brands requested the ability to post lots of different creative, it posed a real problem. Brands wanted to show a dozen different ad variations every day, but they didn’t want to pollute their page (where all posts necessarily appear). ‘Dark posts’ were a way to shoehorn that advertiser requirement into the Pages system, allowing brands to create as many special, unseen posts as they’d like, which would only be seen by targeted audiences in their Feeds, and not to random passers-by on their page. The unfortunate term ‘dark post’ assumed a sinister air this past election, as it was assumed that these shady foreign elements, or just certain presidential candidates, were showing very different messages to different people, engaging in a cynical and hypocritical politicking.

Zuckerberg’s proposes, shockingly, a solution that involves total transparency…

As big a step as the transparency feature sounds, I don’t see how Facebook can launch it until these Pages product concerns are worked out. The Facebook Pages team product managers must be sitting right now in a conference room frantically scrawling new design ideas on a whiteboard. I’d bet anything that the Ads Quality and Pages teams are prioritizing that as you read this. This is one scandal Facebook isn’t going to weasel its way out of with generic appeals to “openness” and “community”…

…If democracy is to survive Facebook, that company must realize the outsized role it now plays as both the public forum where our strident democratic drama unfolds, and as the vehicle for those who aspire to control that drama’s course. Facebook, welcome to the big leagues.

«

link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: Facebook and Instagram in hot water, exploding moons, LTE Watch, and more


Now feasible through a neat bit of hacking. Photo by rcousine on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Apparently Google marked yesterday’s Overspill as “junk” for some people because it contained a “bad link”. We don’t know which that was. We only do well-behaved links. But please go and retrieve it and mark it “Not Spam”.

A selection of 12 links for you. No bad links! I’m @charlesarthur on Twitter. Observations and links welcome.

How I hacked hundreds of companies through their helpdesk • FreeCodeCamp

Inti De Ceukelaire:

»

Months ago I discovered a flaw hackers can use to access a company’s internal communications. The flaw only takes a couple of clicks to potentially access intranets, social media accounts such as Twitter, and most commonly Yammer and Slack teams.

The bug is still out there. It isn’t something that can be fixed right away. Over the past few months, I contacted dozens of companies and affected vendors as part of their bug bounty programs in order to get their setup fixed. Due to the number of affected companies it was not possible to contact everyone. On the recommendation of some of my hacker heroes, and with approval of the affected vendors, I’m publishing this blog so everyone affected can act immediately. Introducing what I’ve been calling Ticket Trick.

«

Haven’t seen this replicated. However, pretty much every amateur hacker on the planet will presently be trying to get into every company’s Slack systems as of, oh, about ten days ago when this was published.
link to this extract


“The moon blew up without warning and for no apparent reason” • Almost looks like work

Jason Cole:

»

Intriguing title, no? These are the first eleven words of Neal Stephenson’s novel Seveneves, which set up the remaining 600 pages as an extended treatise on the future of humanity as it copes with certain annihilation. I thoroughly recommend it, as long as you can deal with hundreds of pages of orbital mechanics. In this post I will numerically explore this post-lunar age, to verify for myself if it would be as deadly as described.

In the novel, one day the moon breaks up into 7 roughly equal-sized pieces. These pieces continue peacefully orbiting the Earth for a while, and eventually two pieces collide. This collision causes a piece to fragment, making future collisions more likely. The process repeats, at what Stephenson says is an exponential rate, until the Earth is under near-constant bombardment from meteorites, wiping out (nearly) all life on Earth.

How likely is this? Let’s simulate the process numerically.

«

Now I want to read the book.
link to this extract


Instagram uses ‘I will rape you’ post as Facebook ad in latest algorithm mishap • The Guardian

Sam Levin:

»

Instagram used a user’s image which included the text “I will rape you before I kill you, you filthy whore!” to advertise its service on Facebook, the latest example of social media algorithms boosting offensive content.

Guardian reporter Olivia Solon recently discovered that Instagram, which is owned by Facebook, made an advertisement out of a photo she had posted of a violent threat she received in an email, which said “Olivia, you fucking bitch!!!!!!!” and “I Will Rape You”.

Instagram selected the screenshot, which she posted nearly a year ago, to advertise the photo-sharing platform to Solon’s sister this week, with the message, “See Olivia Solon’s photo and posts from friends on Instagram”.

«

Yeeaah. You can see what happened. It got loads of “engagement” – as in, people responding. So that means it must be good, right? Unfortunate for IG that it did it now, and did it with a Guardian reporter.

link to this extract


Islamic State backers find ephemeral platform in Instagram • Associated Press

Lori Hinnant:

»

Researchers say Islamic State supporters have found an ephemeral platform to share propaganda: Using Instagram’s “stories” feature, which causes posts to disappear in 24 hours.

With successive military defeats in Iraq and Syria, many of its recruits dead or on the run and its Twitter and Facebook accounts being shut down, the group’s propaganda drive is increasingly homemade. But a recent analysis found the networks of people inspired by the group remain strong elsewhere.

The software analysis identified more than 50,000 accounts linked to Islamic State supporters posting Instagram stories, according to Andrea Stroppa, who is part of the software research group called Ghost Data. Of those 50,000, just over 10,000 are described as strongly-linked to IS — they follow core IS accounts and are followed back, and about 30% of their posted content is about the group.

“They send a message that they know will disappear but they know who the audience is. They are using these stories because they know it is a safe channel to share information,” said Stroppa, who is also affiliated with the World Economic Forum.

There is no sign that the majority of the posts are from Islamic State’s central propaganda units — rather, they tend to be personal snapshots with little production value, like a clip of the IS trademark black flag, or a bloody photo showing what happens to “traitors.”

«

50,000 is still quite a lot, given that those actually fighting will be one-tenth of that or less.
link to this extract


What we’re doing about political ads • Mark Zuckerberg on Facebook

The Zuck is back from holiday, and he’s getting to work:

»

Here are 9 things we’ll be working on over the next few months:

1. We are actively working with the US government on its ongoing investigations into Russian interference. We have been investigating this for many months, and for a while we had found no evidence of fake accounts linked to Russia running ads. When we recently uncovered this activity, we provided that information to the special counsel. We also briefed Congress — and this morning I directed our team to provide the ads we’ve found to Congress as well. As a general rule, we are limited in what we can discuss publicly about law enforcement investigations, so we may not always be able to share our findings publicly. But we support Congress in deciding how to best use this information to inform the public, and we expect the government to publish its findings when their investigation is complete.

2. We will continue our investigation into what happened on Facebook in this election. We may find more, and if we do, we will continue to work with the government. We are looking into foreign actors, including additional Russian groups and other former Soviet states, as well as organizations like the campaigns, to further our understanding of how they used our tools. These investigations will take some time, but we will continue our thorough review.

3. Going forward — and perhaps the most important step we’re taking — we’re going to make political advertising more transparent. When someone buys political ads on TV or other media, they’re required by law to disclose who paid for them. But you still don’t know if you’re seeing the same messages as everyone else. So we’re going to bring Facebook to an even higher standard of transparency. Not only will you have to disclose which page paid for an ad, but we will also make it so you can visit an advertiser’s page and see the ads they’re currently running to any audience on Facebook. We will roll this out over the coming months, and we will work with others to create a new standard for transparency in online political ads.

«

There’s more, but note that the transparency is completely unlike what Facebook argued in 2011. Moved fast, broke things, now trying to fix them.
link to this extract


Lying to machines: how Apple’s new “Do Not Disturb while driving” feature will shape your soul • Don’t Eat The Fruit

John Dyer:

»

I’d like to think that the “Do Not Call While Driving” feature will at least cause drivers to think about how much they use their phones in the car. But my prediction is that in the next few weeks, millions of people will begin doing the exact same thing that I, to my shame, did. It’ll start small with a “legitimate” purpose, but eventually it’ll snowball and people will just tap “I’m Not Driving” as unthinkingly as we all check the “I’ve Read the Terms and Conditions” box.

Unfortunately, this will come quite naturally to us, not because we’re liars, but because of the way computer user interfaces (UI) are designed. Over the past few decades of computer use, we’ve been presented with thousands of buttons that say “OK” and checkboxes that say “I’ve read …” This has taught us that interacting with computers and devices means tapping whatever button is in the way of what we want.

This probably wasn’t terribly significant when the stakes were low, and it might seem hyperbolic to call it “lying.” But when we bend the truth about reading the Terms and Conditions, there aren’t kids in the roads or oncoming vans full of people.

«

It starts with the little things, then it grows, and pretty soon you’re president.
link to this extract


Apple Watch Series 3’s “LTE problems” are actually an existing Wi-Fi bug • iMore

Serenity Caldwell:

»

Like your iPhone, your Apple Watch has a Wi-Fi antenna inside of it, which allows it to connect directly to Wi-Fi networks (or via your iPhone) rather than always using your cellular data.

Where the two devices differ is in how they can connect: The Apple Watch doesn’t have an Auto-Join Wi-Fi screen, or a place to select networks. Nor does it have an option to dictate or Scribble in passwords. In short: Your Apple Watch can’t connect to Wi-Fi unless your iPhone has first connected to it.

Essentially, when your iPhone connects to a Wi-Fi hotspot and enters in the password while you’re also connected to Apple Watch, your iPhone syncs that information over to your Watch.

Apple Watch can then access that information and connect to a network — even if you visit that location in the future with only your watch. That way, you can use all of your Apple Watch’s online capabilities in Wi-Fi areas (like Messages, Maps, and any third-party apps) whether you have a GPS + Cellular model or a Series 0 Apple Watch.

Sounds easy enough, right? Unfortunately, there are a few limitations.

«

It seems like it grabs onto open Wi-Fi networks (eg Starbucks) that you’ve previously joined, but can’t authenticate, and so gets stuck. Neil Cybart, though, points out that the people who had trouble with the LTE calling were using AT&T – and thinks there’s something going on there. We’ll have to see how things go in the UK.
link to this extract


Craig Federighi says 3D Touch app switcher gesture will return in future update to iOS 11 • Mac Rumors

Joe Rossignol:

»

Federighi, replying to an email from MacRumors reader Adam Zahn, said Apple had to “temporarily drop support” for the gesture due to an unidentified “technical constraint.”
Question from Zahn: Could we at least make the 3D Touch app switch gesture an option in iOS 11 so that I could retain the ability to switch apps that way instead of having to double tap the home button?

Response from Federighi: Hi Adam,

We regretfully had to temporarily drop support for this gesture due to a technical constraint. We will be bringing it back in an upcoming iOS 11.x update.

Thanks (and sorry for the inconvenience)!

– craig

On devices that support 3D Touch running iOS 9 or iOS 10, users can press deeply on the left side of the screen, drag to the right, and release to quickly access the App Switcher.

«

This is interesting; I thought that it had been removed because on an edge-to-edge screen (ie, the iPhone X) it would be too easy to trigger. Apparently not.
link to this extract


Food Environment Assessement Tool (FEAT)

»

The Food environment assessment tool (Feat) has been developed by CEDAR [Centre for Diet and Activity Research) and the MRC Epidemiology Unit at the University of Cambridge. It allows for detailed exploration of the geography of food retail access across England.

Feat is underpinned by the latest scientific evidence about how food access in our neighbourhoods affects our dietary choices, body weight and health. It will allow you to map, measure and monitor access to food outlets at a neighbourhood level, including changes over time.

It is designed around the needs of professionals in public health, environmental health and planning roles, locally and nationally. Use it to:

• generate local evidence for use in the development of Obesity Strategies, Local and Neighbourhood Plans, JSNAs and Strategic Planning Documents.
• support planning decisions
• compare food access between neighbourhoods, and see where is changing fastest
• target interventions, and test the effectiveness of planning policies

«

Most of us though will just use it to see first, what they know about places near us, and second, which places eat a lot of chips. The map data is from OpenStreetMap.
link to this extract


Toshiba reaches tentative deal to sell microchip unit • The New York Times

Jonathan Soble:

»

The Japanese company said the microchip unit would be sold for 2 trillion yen, or roughly $18bn. The structure of the deal is complicated, and Toshiba said it would retain partial control of the business. It was not clear on Wednesday how much would end up being owned by outside investors.

Those investors primarily include Bain Capital, the American buyout firm, and two organizations controlled by the Japanese government, the Innovation Network Corporation of Japan and the Development Bank of Japan.

While they were the only buyers identified by Toshiba on Wednesday, others, including Apple and the South Korean semiconductor company SK Hynix, are negotiating to potentially purchase smaller stakes, the person close to the deliberations said.

The business, Toshiba Memory Corporation, is an important manufacturer of flash memory chips, which are used in millions of smartphones and other digital devices.

Toshiba needs money from the sale to repair its tattered finances. A gaping hole in its balance sheet caused by bad bets on American nuclear power projects has threatened the future of the technology company, one of Japan’s biggest and most storied.

The deal’s more convoluted elements appeared to stem from Toshiba’s desire to retain a significant degree of control over the chip business.

One way that will happen is that Toshiba said it would join Bain and its partners in creating the special purpose company that will buy the unit. In effect, that means it will keep a portion of the unit for itself, though it did not say how much. Many analysts expect it to be a minority stake.

«

DRAM is so strategic now that nobody wants to cash out. Apple fronted $7bn to be in this and to win it: it needs chip prices to go down, or at least be predictable. Samsung makes its own chips – which puts it in a powerful position when there’s a world shortage of memory.

If you’re wondering why: consider that there used to be about 350m PCs sold, which would have around 8-16GB of RAM.

Now consider a world with 1.5bn smartphones sold, each having a minimum of 2GB of RAM. It’s an order of magnitude bigger. Those who saw that ramp coming are coining it – except Toshiba’s nuclear business screwed the rest of it.
link to this extract


Touchscreens in cockpits would improve airliner safety, research shows • WSJ

Andy Pasztor:

»

The findings, portions of which were to be made public Wednesday at an international avionics conference in St. Petersburg, Fla., are the culmination of a four-year study intended to help reduce pilot workload and devise eye-tracking technology to identify pilot mistakes. Dutch government researchers, engineers from French equipment maker Thales SA and a host of other international experts also are developing cutting-edge systems able to alert pilots if they become distracted, sleepy or stray from normal procedures.

Without such advances, “the crew is no longer able to manage all the information” today’s jetliners spew out, Eric Parelon, a senior Thales manager, told an international safety conference in Brussels earlier this year. To further improve safety and enhance pilot decision making, he said, various touch-screen variants are essential because “information has to be provided in a completely different way” than in the past.

Pilots from more than 60 carriers participated in extensive simulator sessions run by the Netherlands Aerospace Centre depicting airborne emergencies, unexpected changes in runway assignments and other stressful situations. Sometimes with only one or two swipes of cockpit displays, pilots were able to respond—even setting up complex instrument approaches for entirely new destinations—while maintaining situational awareness and reducing workload, according to Wilfred Rouwhorst, a senior Dutch researcher.

«

And this is even in turbulence. But probably won’t come in for a decade. Though younger pilots are apparently keen on it.
link to this extract


HTC messed up its Google deal • Bloomberg Gadfly

Tim Culpan:

»

The transfer [of about 2,000 HTC staff] to Google [for a $1.1bn payment] will reduce headcount by about 19%, according to Bloomberg Gadfly calculations. Those are probably among the most expensive people on the payroll; arguably they also add the most value. To be clear, HTC still has a solid team of engineers that works on its branded devices, such as its flagship U11 smartphone, which isn’t touched by the sale. “Powered by HTC” is the division primarily tasked with building products for non-HTC brand devices, such as the Google Pixel.

For HTC, the main point of this deal is to cut costs. It will do that with a 30% to 40% reduction in operating expenses, Shen said.

Unfortunately, based on financial results for the past six quarters, a 40% improvement in op-ex [operating expenditure] still isn’t enough to swing HTC to profit. Deeper cuts are needed. A 35% cut in the second quarter would have put the company in the black (barely) for that period, but revenue for the most recent two months indicate that this June quarter bounce was a fluke rather than a trend. HTC may well move in and out of profit, but there’s nothing to indicate this can be sustained.

«

If HTC management thinks it can still make money on smartphones, they’re deluded. The Vive is the only hope, but it’s going to be quite the tightrope walk. Google, meanwhile, has yet to show it can be a player in the smartphone world.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: watch Apple’s Watch, another Equifax boob, Google buying (some) HTC, and more


Cord cutting – abandoning cable subscriptions – is accelerating in the US. Photo by Jason Rosenberg on Flickr.

A selection of 11 links for you. Virtually. I’m @charlesarthur on Twitter. Observations and links welcome.

A week on the wrist: the Apple Watch Series 3 Edition • Hodinkee

Benjamin Clymer reviews mechanical watches; and now he’s reviewing the Apple Watch:

»

In the few days I’ve been using the Series 3 Edition as my only communication device, I’ve found myself checking Instagram less. Texting less. Dickin’ around on the web less. I use the watch to text or make phone calls when I need to – and that’s it. My definition of “need” has changed completely – and frankly I don’t miss having my phone in my pocket at all.

Is it more cumbersome to respond to emails and texts? Sure, but Siri in the new watchOS 4 is so dialed-in that mistakes seldom happen in dictation, and there is a nice “scribble” function where you can essentially write what you want to say with your finger – it’s definitely good enough for quick responses – and, as I’ve strangely discovered over the last few days, life goes on if emails go unanswered for an hour or two…

…I think this Friday, as the Apple Watch Series 3 begins to deliver all over the world, we are about to begin a new chapter for smartwatches and perhaps for watches in general. Will Swiss watchmaking do as Nokia did with the iPhone and downplay the threat until it’s far too late? Or will Swiss watchmaking thrive due to the very reason that it stands for hand-craft, longevity, and multi-generational appeal – the very antithesis of most digital products? The answer is likely neither one nor the other. The watch industry doesn’t move as a whole – some resist, some accept. Now the question becomes where each brand will stand as the dust settles on what is very likely a new era for the watch world, all ushered in by the Apple Watch Series 3.

«

link to this extract


Apple acknowledges cellular connectivity problem in new Watch • WSJ

Tripp Mickle:

»

Apple acknowledged problems with cellular connectivity in its newest smartwatch, raising questions about the device’s most significant feature days before it goes on sale in stores in the U.S. and other countries.

In a statement Wednesday, Apple said the problem connecting to cellular networks occurs when the Apple Watch Series 3—the first watch from Apple to feature an LTE chip for cellular service—joins “unauthenticated Wi-Fi wireless networks without connectivity.” Apple said it is “investigating a fix for a future software release.”

Apple issued the statement after reviewers from The Wall Street Journal and the Verge encountered problems at times making calls, connecting with the Siri virtual assistant and maintaining a cellular-network connection. The Journal ran into issues across multiple wireless carriers…

…The new Apple Watch with LTE goes on sale in stores Friday for $399, and been available for preorder online since Sept. 15. The promise it can operate independently of an iPhone or Wi-Fi has raised sales expectations…

…What is holding the watch back from mass-market appeal is that it is still too focused on health and fitness, said Jitesh Ubrani, a smartwatch analyst with IDC. Apple needs developers to make different kinds of apps so the watch can become a “need to have” device. Cellular capability “gives them a chance,” he said.

«

link to this extract


Turning off Wi-Fi and Bluetooth in iOS 11’s Control Center doesn’t actually turn off Wi-Fi or Bluetooth • Motherboard

Lorenzo Franceschi-Bicchierai:

»

when you toggle Bluetooth and Wi-Fi off from the iPhone’s Control Center—the somewhat confusing menu that appears when you swipe up from the bottom of the phone—it actually doesn’t completely turn them off. While that might sound like a bug, that’s actually what Apple intended in the new operating system. But security researchers warn that users might not realize this and, as a consequence, could leave Bluetooth and Wi-Fi on without noticing.

“It is stupid,” Collin Mulliner, a security researcher who’s studied Bluetooth for years, told Motherboard in a Twitter chat. “It is not clear for the user.”

To be clear, and to be fair, this behavior is exactly what Apple wants. In its own documentation, the company says that “in iOS 11 and later, when you toggle the Wi-Fi or Bluetooth buttons in Control Center, your device will immediately disconnect from Wi-Fi and Bluetooth accessories. Both Wi-Fi and Bluetooth will continue to be available.” That is because Apple wants the iPhone to be able to continue using AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and other features, according to the documentation.

Motherboard tested this behavior on an iPhone with iOS 11 installed and verified that Bluetooth and Wi-Fi remain on in the settings after turning them off in the Control Center, as some users have started to notice.

«

OK, so let’s get all the iOS 11 bugs/features (this one’s intentional) out of the way early on.
link to this extract


ARise is an AR puzzle-platformer for ARKit • UploadVR

Jamie Feltham:

»

Unlike VR, AR’s rise in relevance hasn’t largely been fuelled by gaming (save for the enormous success of Pokemon Go). That’s why we’re so interested to see the first games for Apple’s new ARKit. Arise is one of those games.

This is the latest project from Climax Studios, the developer of VR games like Lola and the Giant, Balloon Chair Death Match and even some Google Tango apps. It looks like a clever evolution of puzzle-platformer games like Echochrome using the new positional tracking featured in ARKit. You help clear a path for a tiny knight that journeys through virtual levels that appear in the real world through your phone. Check out the first trailer below.

«

As a side note, I think that UploadVR will find itself writing many more AR stories in the near future.
link to this extract


Fake Russian ads could have very real implications for Facebook • AdExchanger

Allison Schiff:

»

“One of the radical things Facebook has done is to take the interfaces and dashboards that only people in ad tech ops used to look at and make them available to anyone with a credit card,” [professor of media design at The New Schoo, and Facebook critic David] Carroll said. “And now we’ve seen the effects of putting industrial-strength ad targeting tools into the hands of ordinary people and even foreign state adversaries.”

But that’s not to say Facebook puts out the welcome mat for anything and everything. Facebook’s ad quality team, which is now headed by ad tech vet Rob Leathern, is constantly vetting content in an never-ending game of cat and mouse.

“That’s why you’re not seeing nudity or iPad fill-out-this poll scams like you used to, and why people under 21 or people in Saudi Arabia don’t see ads for alcohol,” said former Facebook exec and “Chaos Monkeys” author Antonio Garcia Martinez, who led the team that built Facebook’s ad exchange and also helmed the ad quality crew in 2012, right around the time of the second Obama election.

“This content is tagged using machine learning and goes to a special workflow,” Garcia Martinez said. “There’s no reason Facebook couldn’t do this with political content as well.”

Facebook has long demurred that it’s a platform rather than a publisher. But current events are pushing Facebook to take more responsibility for the news and ad content it distributes, as well as to be more proactive in finding out who’s making money off the content or paying for ads.

«

Martinez’s intervention is notable.
link to this extract


Yet another report says the rate of TV cord cutting is worse than anybody thought • Techdirt

Karl Bode:

»

we’re slowly but surely reaching the point where the rise of the streaming video revolution can’t be denied, with data indicating it’s worse than anybody thought. While the pay TV sector lost another 1 million subscribers last quarter, those totals don’t factor in those that bought a new home or rented a new apartment, but chose not to sign up for cable. Many of these folks are dubbed “cord nevers,” having never bought into the value proposition of paying $130 more per month for a bloated bundle of largely-unwatched reality TV channels from a company that treats paying customers with disdain.

Meanwhile, a new report by eMarketer this week indicates that the pace of customer defections is notably higher than most previous estimates. The firm notes that it was forced to reduce its estimate for US TV ad spending due to faster-than-expected growth in cord-cutting:

»

“eMarketer expected a slowdown this year in TV ad sales, after 2016 benefited from both the Olympics and US presidential election,” said Monica Peart, eMarketer’s senior forecasting director. “However, traditional TV advertising is slowing even more than expected, as viewers switch their time and attention to the growing list of live streaming and over-the-top [OTT] platforms.”

«

All told, the firm predicts that by the end of this year, there will be 22.2 million consumers over the age of eighteen that have cut the cord, up 33.2% since 2016. And while there’s still a whopping 196.3 million US adults that subscribe to traditional pay TV (cable, satellite, or telco), that tally is down 2.4% over 2016 levels, with the defection rate only accelerating. The cause? A strange idea known as competition and, by proxy, lower prices…

«

US TV probably hasn’t had to realise how awful it is for years. The growth of rivals – free (YouTube) and paid-for (Netflix et al) – is exposing its structural weaknesses, and particularly the intrusiveness of its advertising.
link to this extract


Still a long road ahead in fight against digital extremism • Demos

Alex Krasodomski-Jones critiques The Policy Exchange’s new report “The New Netwar“:

»

the increasing difficulty of finding Islamist material on major platforms, and the growing importance of alternative platforms like Telegram (referred to by Fisher as a “multiplatform zeitgeist”) could be hailed as a success on the part of Twitter. Indeed, the recommendations make this explicit, calling for the big companies to drive the extremist content off their platforms.

The long and short of it is that moderating platforms of this scale is extraordinarily difficult. It becomes even more difficult when dealing with the content described. A simple example of this emerges from the report itself: one survey question asked respondents to ‘draw the line’ on extreme content – does it, for instance, contain murder, assault, or even just hateful speech without incitement to violence? The report recommends the Commission for Countering Extremism draw up a definition of extremism based on promoting violence or hatred.

But what about the thousands of images of tractors and shopping centres circulated by Islamic State and shown in the research supporting the recommendations? Only a small percentage of content circulated by these extremist groups is actually violent, focusing instead on utopian arguments of state-building and victimhood narratives. What do we do about this stuff? The language of extremism is nuanced, ever-changing and far from universally violent. This is not only a challenge to law and law enforcement, but a challenge to designing technology.

«

link to this extract


Equifax just sent hack victims to a fake phishing site • Mashable

Jack Morse:

»

Following a data breach of this size, it’s not unusual to see websites pop up that mimic official help pages. Typically, the goal of these phishing sites is to trick worried consumers into handing over their personal information. In this case, Equifax created a very real site — https://www.equifaxsecurity2017.com — where people can enter their last name along with the last six digits of their social security number to see if they were affected by the hack. 

Unsurprisingly, someone cloned that site and hosted that copy at a very similar URL: https://securityequifax2017.com. The two sites, one real and one fake, look the same to the casual observer. In fact, they are so easily confused that Equifax itself apparently can’t tell the difference. 

If you look closely at the above pictured Twitter exchange, you’ll see that someone operating the Equifax account named Tim linked to the fake website. The timestamp on the tweet is from September 19, and the tweet was still up as of the morning of September 20 (it was deleted during the course of writing this story). 

«

link to this extract


Google to buy part of phone maker HTC • WSJ

Dana Mattioli, Jack Nicas and Dan Strumpf:

»

Alphabet Inc.’s Google is set to buy part of struggling Taiwanese smartphone maker HTC, according to people familiar with the situation, part of the search giant’s latest effort to crack the handset market.

The acquisition, which could be announced as soon as Wednesday afternoon, is for HTC’s mobile-phone original design operations, according to the people. Google chose HTC, a longtime Google supplier, as its contract manufacturer for the high-end Pixel phone that Google launched last year, partly as a challenge to Apple Inc.

HTC, based in Taiwan, suspended trading of its shares Wednesday pending an announcement. HTC’s market capitalization is about US$1.9bn. The value or size of the division Google is set to buy is unclear…

With the acquisition, Google may get deeper access to HTC’s research and development, as well as sales and distribution channels, analysts said. That could help Google as it seeks to make a bigger splash in the increasingly competitive smartphone market as it prepares to launch an updated version of the Pixel this fall.

The deal shows “Google is very serious about building its own hardware,” said Jan Dawson, chief analyst at Jackdaw Research.

Taiwanese media previously reported the planned deal.

Google’s interest in the HTC unit extends beyond the Pixel, one of the people said, as the assets could also come into play for future Google products. HTC’s virtual-reality headset, called Vive, is one of the top sellers in the nascent category. It isn’t clear if any Google acquisition would include Vive.

«

Compared to the amount Google lost on the Motorola acquisition and disposal (I reckon a couple of billion), HTC is chickenfeed.
link to this extract


Here is the Pixel 2 in “Kinda Blue,” White, and Black – starting at $649 • Droid Life

“Kellen:

»

From what we can tell, it’ll arrive in three colorways and match the Pixel 2 XL in terms of storage, while sticking to prices very similar to last year’s original smaller Pixel.

The Pixel 2 will arrive in Kinda Blue, Just Black, and Clearly White. It’ll be sold with 64GB and 128GB of storage and priced at $649 and $749, respectively. Like the Pixel 2 XL, financing will be available for each storage option. The 64GB Pixel 2 will cost $27.04/mo over 24 months and the 128GB model will cost $31/21/mo.

«

The XL will cost $840 (64GB) and $949 (128GB). These are made by LG, rather than HTC. Any arguments that this is a Veblen good?
link to this extract


Uk PC prices have risen 30% in a year since the EC referendum • The Register

Paul Kunert:

»

The average trade price of computers in Britain shot up by almost a third in the past year since the EU referendum, though a weakened pound might not tell the whole story.

According to distributor data collated by channel analyst CONTEXT, average sales prices (ASPs) for desktops, notebooks and workstations reached £480 in July and August, up 30% on the same months in the prior year.

Component shortages in areas including memory, a shift to higher-spec machines and fewer sales to lower-margin retailers were also behind the hike, Marie-Christine Pygott, CONTEXT senior analyst, told The Reg.

“But it looks like currency issues had the biggest impact,” she said. The average price of PCs sold by distributors in the Eurozone went up 12% year-on-year during the period in question.

«

Note that this is trade price. But PCs are now getting squeezed by the demands of smartphones for memory and components.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: the Bluetooth DDOS threat, Canada’s pricey phones, iPhone8 and WatchOS review, and more


It’s not an iPhone. But do they share a pricing strategy? Photo by cocoate.com on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

BlueBorne Bluetooth vulnerability ‘exposes almost every connected device’ • Betanews

Mark Wycislik-Wilson:

»

The only requirement for a successful attack is that Bluetooth is enabled — something most people have enabled at least on their phone, and often on their computers and laptops. Armis Labs describes BlueBorne as being “out of the traditional kill chain” as it is incredibly hard to detect.

The company says:

»

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

«

Armis Labs has already communicated with Microsoft, Google, Linux, Apple and Samsung, and patches are being issued in most cases — with the possible exception of Samsung which failed to respond to the notification.

«

Mitigated in Windows 10 as of July 11; fixed in iOS 10; pushed in an Android update on August 7, included in the September security update for Android. Still leaves a lot of Android devices potentially vulnerable.
link to this extract


How Apple’s pricey new iPhone X tests economic theory • WSJ

Josh Zumbrum and Tripp Mickle:

»

Apple and Samsung have found themselves here partly by necessity. Smartphone makers are running out of new customers. Data from IHS Markit estimates there are just under 100 smartphones per 100 people in the U.S. and about 92 smartphones per 100 people in Europe. (Many people own more than one phone.) By 2020, there will be about 84 smartphones per 100 people globally, IHS projects.

To generate more revenue the big smartphone makers increasingly need to push on price.

“They can create a super-premium model and perception of super-premium that pushes those buyer types into the stratosphere,” said Steven Haines, chief executive of Sequent Learning Networks, which advises companies on product management. “This is classic product management.”

Such segmentation is normal in mature industries, said Mr. Haines, comparing smartphones to what happened with the auto industry, where luxury cars with high prices became a status symbol as car ownership became commonplace.

«

Zumbrum and Mickle are trying to argue that the iPhone [X] is a Veblen good – where demand rises as the price goes up. Neil Cybart takes this argument to pieces in his latest newsletter (sign up on aboveavalon.com). He points out that iPhone starting prices now range from $349 (iPhone SE) to $999 (iPhone X):

»

Apple didn’t establish the preceding price range in order to push specific “luxury” models, like iPhone X or iPhone 8 Plus. It’s not that the higher-end models are priced in such a way as to stoke demand and interest simply because of a higher price. Instead, iPhone pricing is based on capability [such as camera, processor speed, screen size].

«

Handbags or Vertu phones (which recently went bust) aren’t priced on their capability. Vertu phones were arguably less capable than far cheaper devices.
link to this extract


Why Canadian cell phone bills are among the most expensive on the planet • National Post

Tristin Hopper:

»

The more likely reason for the high prices is that the people setting these prices don’t have any reason not to.

As Michael Geist put it in 2013, cell phone carriers raise prices “because they can.”

They’re not a cartel, which would be illegal. Rather, Canadian telecoms are in a situation in which there’s no real incentive to undercut each other. The three companies know they are better off when Canadians are paying among the world’s highest rates for cell phone usage.

As industry watchers have noted, these companies have a strange habit of raising their prices in tandem. In January 2016, Bell hiked its monthly plans by $5 per month. Within a week, Telus and Rogers had independently followed suit.

These are not the normal actions of an industry. When Air Canada hikes prices, WestJet and NewLeaf don’t follow suit within a matter of hours. In fact, it’s quite the opposite: By constantly trying to grab market share from each other, the competing airlines force prices to a bare minimum.

But Canadian cell phone providers don’t have to worry about a WestJet or a NewLeaf. The awesome costs and regulatory barriers of starting a competing Canadian wireless company are so prohibitive that telecoms can rest assured that they won’t suddenly be challenged by an ambitious startup.

«

Weird that Canada’s regulators haven’t thought of providing some sort of incentive to encourage another carrier to move in, perhaps simply by forcing the sharing of infrastructure. This is similar to the problem in the UK where there’s no competitor to BT for landlines because of the cost of infrastructure.
link to this extract


All that’s needed to hack Gmail and rob bitcoin: a name and a phone number • Forbes

Thomas Fox-Brewster:

»

Hackers have proven just how urgently a gaping flaw in the global telecoms network, affecting what’s known as Signalling System No. 7 (SS7), needs to be fixed. In a video demonstration, shown to Forbes ahead of publication today, benevolent hackers from Positive Technologies were able to take control of a Coinbase bitcoin wallet and start pilfering funds via the SS7 flaws.

SS7 weaknesses, despite fixes being available for years, remain open. They allow anyone with access to that part of the telecoms backbone to send and receive messages to and from cellphones, with various attacks allowing silent interception of SMS texts, calls and location data. (Typically, the SS7 network is used by telecoms companies to talk with one another, normally for shifting customers between operators when roaming).

In their attack, the Positive researchers first went to Gmail, using Google’s service to find an email account with just a phone number. Once the email account was identified, the hackers initiated a password reset process, asking one-time authorization codes to be sent to the victim’s phone. By exploiting SS7 weaknesses they were able to intercept text messages containing those codes, allowing them to choose a new password and take control of the Gmail account. They could then simply head to the Coinbase website and do another password reset using the email they’d compromised.

«

SS7 has weaknesses, though it’s difficult to access; Positive got access “for research to help mobile operators make their networks more secure”. For hackers, slightly harder – but far from impossible.
link to this extract


The iPhone 8: a worthy refinement before the next generation • The New York Times

Farhad Manjoo:

»

So here’s my conclusion, after nearly a week testing the 8 and 8 Plus: The 8s feel like a swan song — or, to put it another way, they represent Apple’s platonic ideal of that first iPhone, an ultimate refinement before eternal retirement.

«

This is the perfect review. The platonic ideal of iPhone (2007-September 2017) reviews. OK, the actual piece is somewhat longer, but this says it beautifully.
link to this extract


watchOS 4: the BirchTree review • BirchTree

Matt Birchler:

»

I will say up front that this is not the same type of giant update like we got last year. While I have to acknowledge that it’s unreasonable to expect massive changes every year, watchOS is still a young platform and has a lot of room to grow. This contrast sums up much of my feelings towards watchOS 4. This is a satisfying update that improves on the previous version in almost every way, but it doesn’t move the needle as much as some, including myself, would like.

And it’s not just a matter of quantity over quality. watchOS 3 sported a huge list of improvements and I would argue 99% of them were objective improvements over what came before. watchOS 4 has a shorter list of new features, but I don’t think Apple’s success rate is as high as it was last year. They didn’t “blow it” on any specific feature, but there are definitely some questionable choices made this year that made me grumble more than a few times.

Of course you should update your Apple Watch if you own one, it’s free and makes the Apple Watch a better product than it was yesterday. But set your expectations properly because this release will make your Apple Watch better, but it will not change your life.

«

This is a thorough review; might not make a lot of sense if you don’t yet own a Watch. The Workout app rewrite looks like a particular improvement – the targets on the old one were too small for fat fingers. The change to the Dock (which now shows what you’ve previously used, not a set of apps you choose) seems retrograde – though Birchler has his own idea for why they changed it: because people weren’t using it.
link to this extract


Technology companies should publish political advertising files online • Sunlight Foundation

Alex Howard and John Wonderlich:

»

The United States of America has now fallen off the online disclosure cliff that Sunlight has warned of for years: the lack of transparency for political ad spending and related activity online created a significant vulnerability in our public accountability laws. While more transparency was rendered to TV stations, “dark ads” have flourished online. Last week’s reporting confirms that Facebook was used by Russians used to influence the 2016 election. The full extent of that interference is still not understood publicly, even now.

As we told Buzzfeed, highly targeted online ads now present a significant vulnerability for liberal democracies, especially since they are not covered by the comparatively strong legal oversight and public visibility that traditional radio, TV, and print ads are.

The Federal Communications Commission approved rules in 2016 that required TV stations and radio stations to publish their political advertising files online. This has added a digital twist to a decades-old requirement that political ad spending be publicly disclosed, in near real time, while technology companies, newly relevant as political ad vendors, continue to get a pass altogether from analogous public protections.

As the share of political advertising spent by campaigns on digital platforms grows, and more public time is spent on social networks, disclosure’s importance increases.

«

There’s no basis to disagree: people spend more time on social media than reading newspapers or watching TV news.
link to this extract


Toys ‘R’ Us seeks bankruptcy, crushed by debt and online rivals • Bloomberg

Dawn McCarty and Daniela Wei:

»

The bankruptcy filing is the latest blow to a brick-and-mortar retail industry reeling from store closures, sluggish mall traffic and the gravitational pull of Amazon.com Inc., which has revolutionized the way people consume with affordable online offerings and global home delivery service.

A dozen-plus major retailers have filed for creditor protection this year, including Payless Inc., Gymboree Corp. and Perfumania Holdings Inc., all of which are using the Chapter 11 process to close underperforming stores and expand online operations. 

The shakeout is also reverberating across American malls and shopping districts. More than 10% of U.S. retail space, or nearly 1 billion square feet, may need to be closed, converted to other uses or renegotiated for lower rent in coming years, according to data provided to Bloomberg by CoStar Group.

The troubles at Toys “R” Us come as retailers and suppliers ramp up for the all-important holiday shopping season. In an emailed statement, Mattel Inc. said, “As one of our most important retail partners, we are committed to supporting Toys ‘R’ Us and its management team as they work through this process, particularly as we approach the holiday season.”

The bankruptcy filing by the company also may have global implications, especially for Chinese toy manufacturers. Some 38% of the company’s revenue came from overseas markets in the latest fiscal year. “It’s a loss for the long-term benefit of the entire industry,” said Lun Leung, chairman of Hong Kong-based Lung Cheong Group, a toy supplier for Hasbro Inc. He said Toys “R” Us accounted for less than 5% of the group’s sales.

The company listed debt and assets of more than $1 billion each in Chapter 11 documents submitted Monday at the U.S. Bankruptcy Court in Richmond, Virginia. Prior to filing, the chain secured more than $3 billion in financing from lenders including a JPMorgan Chase & Co.-led bank syndicate and certain existing lenders to fund operations while it restructures, according to a company statement. The funding is subject to court approval.

«

Gradually, and then suddenly. The debt mattered – the leveraged buyout was in 2005, when dumping a ton of debt on a retail store looked reasonable. (Or not unreasonable.) Ten years later, it turns out to have been a calamitous decision. Financial analysts will be looking at the gearing (debt ratio) of lots of retailers from here.
link to this extract


Samsung’s Bixby button is structural bloatware • The Verge

Vlad Savov:

»

the most common reason for pressing the Bixby button to date has been an accidental click when people have wanted to turn the phone’s volume down (because the volume rocker is just above). The moment the Galaxy S8 was announced, prospective users were already asking if they could re-purpose the button to activate Google Assistant, but Samsung has resolutely and stringently denied them that possibility. The company’s present climbdown to just disable the button rather than allow us to use it otherwise is embarrassingly user-hostile.

Isn’t Bixby pushy enough even without the button? You can’t set up a Galaxy smartphone without being informed about Bixby and urged to sign up for the requisite Samsung account. Swipe left from the home screen and a sort of champagne-bubble animation kicks in as Bixby starts to wake… I usually swipe frantically back to the right to avoid further prompts. Most onerous of all is Samsung forcing its Bixby camera-assisting features on me every time I open the camera app. I gave in after just half a day trying to shoot photos for our Galaxy S8 review. So well done, Samsung, you forced your horrible piece of self-serving bloat on me, and in the process you extracted some additional personal information. Are you feeling proud of bullying your users into this?

I know that Google works on similar principles to those underpinning Samsung’s Bixby: make a new data-hungry feature a core part of the software and tirelessly nudge people into using it until they do. But the Google difference is that its services are actually superior and useful…

«

As he says, it’s indicative of a company which – despite charging premium prices for the phones with this built in – is at heart not user-centric. It’s product-centric.

Savov’s coda sums it up:

»

there’s not a human on Earth (that I know of, anyway) who is honestly lauding Bixby as a unique advantage. Most are just asking for it to go away, and for the newly vacant button to be customizable to our own preferences. Is that too much to ask when you spend hundreds of dollars on a phone?

«

What chance Bixby goes away in a year or two?
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: inside the Equifax hack, CCleaner compromised, Google’s auction offer, and more


A Kinect sensor. Soon you can put one in your pocket. Photo by bm.iphone on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The iPhone X’s notch is basically a Kinect • The Verge

Paul Miller:

»

Apple’s iPhone X provides a nice little illustration of how sensor and processing technology has evolved in the past decade. In June 2009, Microsoft unveiled this:

In September 2017, Apple put all that tech in this:

Well, minus the tilt motor.

Microsoft’s original Kinect hardware was powered by a little-known Israeli company called PrimeSense. PrimeSense pioneered the technology of projecting a grid of infrared dots onto a scene, then detecting them with an IR camera and acsertaining depth information through a special processing chip.

«

Terrific observation. (And Apple did buy Primesense, in 2013.)
link to this extract


Samsung finally lets us disable the Bixby button • SamMobile

Adnan F:

»

The dedicated Bixby button on the Galaxy S8 and Galaxy S8+ didn’t really serve any meaningful purpose until last month when Bixby Voice was rolled out globally. Before the global release of Bixby Voice, the dedicated button could only be used for Bixby Home.

Most users didn’t feel the need for Bixby Home to have a dedicated key. Third-party apps were developed that allowed them to remap the button to launch any app of their choice. Samsung was quick to clamp down on those apps for reasons that our editor in chief explained in great detail.

I bemoaned recently that the Bixby button was driving me nuts and many of our readers agreed with me. I don’t like how it gets in the way and that you can’t avoid accidental presses of the button. However, it’s time for us to rejoice.

Samsung is finally allowing us to disable the Bixby button, to an extent.

«

Hooray? Except further down the story..

»

The implementation appears to be random right now. Some of our devices have got this toggle after the update. Some haven’t.

«

link to this extract


Apple’s removal of the App Store from iTunes screws over users, publishers, and developers • BirchTree

Matt Birchler:

»

Take a website like MacStories. This is a great website for discovering new iOS apps, and this week will especially be big since iOS 11 is coming out and tons of your favorite apps will be updated to take advantage of new features.

Here’s the thing though, you really shouldn’t read MacStories on a desktop anymore. Why? Well, because if you are on your MacBook Pro and read an article about an app you think looks great and want to buy, you have no course of action to actually get that app. Your 3 options are:

• Remember the app name and search the App Store on your iOS device for that app (and hope the App Store search brings up the right one)
• Remember the URL for the MacStories page, load that on your iOS device, and tap the link from the article on that device
• Save the App Store link to a read later service like Pocket and open the link on your iPhone or iPad

None of those options are great for the users or MacStories. Each option is worse than it was before, where you could tap/click an App Store link from any device and install the app from there. In this new reality, users have to do more work to get new apps if they don’t discover them on their iOS device, and the most likely solution (searching the App Store manually) cuts out the affiliate link MacStories used in their article.

«

Um.. AirDrop the link to yourself? (Drag the URL to the AirDrop page on Finder. On the phone you get the option to save it to iCloud Drive, Dropbox, Slack, and any other URL-capable app) Message it to yourself? But yes, things are broken at present.
link to this extract


‘We’ve been breached’: inside the Equifax hack • WSJ

AnnaMaria Andriotis, Michael Rapoport and Robert McMillan:

»

Although investigators are still grappling with who might be behind the Equifax break-in, the scale of the breach, sophistication of the hack and nature of the stolen data all point toward a state-sponsored actor, says a person familiar with the investigation.

In March, the Justice Department charged two officers with Russia’s Federal Security Service, alleging the hack was part of an information-collection operation. A Russian official said the charges were part of an attempt to raise “the theme of ‘Russian hackers’ in the domestic political squabbles in the U.S.”

“Credit bureaus are the tracks that the [credit] trains run on, and we should make sure those roads and tracks are sound if we’re going to run a whole economy over them,” said Louis Hyman, a consumer-credit historian at Cornell University…

…One large firm that links credit-card networks, merchants and lenders saw a spike in fraudulent activity from late May to early June, according to people familiar with the matter.

The firm was getting phone calls from people who said they had an account there and provided all four pieces of personal information typically needed for identity verification: name, address, date of birth and Social Security number. Equifax has said the same type of information was exposed.

Callers then asked the large firm to change the bank-deposit number for what they claimed was their business, people familiar with the matter say. The callers said the change was needed because they had changed banks.

The firm usually gets about a dozen such calls per year, but it was suddenly getting a dozen per week, these people say.

«

So likely a lot of people have been hit already. The state-sponsored idea is novel.
link to this extract


Hackers compromised free CCleaner software, Avast’s Piriform says • Reuters

Joseph Menn:

»

More than 2 million people downloaded tainted versions of Piriform’s program, which then directed the computers to get instructions from servers under the hacker’s control, Piriform said.

Piriform said it worked with law enforcement and cut off communication to the servers before any malicious commands were detected. This came after security researchers at Cisco Systems Inc (CSCO.O) and Morphisec Ltd alerted Piriform’s parent Avast Software of the hack last week.

The malicious program was slipped into legitimate software called CCleaner, which cleans up junk programs and advertising cookies to speed up devices.

CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner…

…In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

«

link to this extract


After crisis and collapse, Jack Heuer’s time has come again • FT

Simon de Burton:

»

Mr Heuer [as in Tag Heuer, the watches] has already experienced one calamity in the watch industry. In 1958, at the age of 26, he had gone to work for Heuer, the company founded in 1860 by his great-grandfather, Edouard. Twenty years later, the “quartz crisis”, when Japanese companies’ cheap quartz-powered watches destroyed historical Swiss brands, brought a 22% drop in Swiss watch exports and coincided with a 20% fall in the value of the Swiss franc against the dollar. In 1982, the financial situation defeated him: Heuer-Leonidas was sold to the first of a succession of owners, before being taken over by TAG. As he writes in his autobiography: “I was five months away from my 50th birthday and ruined.”

Now, almost four years after officially retiring as TAG Heuer’s honorary chairman, a role he had held since 2001, he will step aside for good at the end of this year. So how does he compare the difficulties faced by today’s watch industry to those he battled 35 years ago?

“I think the big difference this time is that there is both a technical challenge from the smartwatch [comparable to the arrival of quartz] and a mental slowdown with the end consumer — people have become used to being able to see the precise time on their mobile phones and perhaps feel they no longer have a need for a traditional watch.

“To me, that is a more disturbing factor than the competition from the smartwatch. In fact, I think it could be a potential killer for the industry because, unlike the smartwatch, the mobile phone does nothing to help the worldwide development of wristwatch sales — and I don’t think that danger has yet been fully addressed.”

«

link to this extract


iPhone X: the demo gods are cheeky • Monday Note

Jean-Louis Gassée:

»

Over time, I came to see how random the correlation between a demo’s success and the market’s reaction to the product is. Two good examples are the well-received Mac Portable demo where I assembled the machine on stage or, even better, the BeBox demo performed at the Agenda conference by my colleague Steve Horowitz that got a standing ovation. Market success didn’t follow.

On the other hand, we have Steve Jobs’ exquisitely edited and rehearsed Apple 2.0 demos. The best example is the January 2007 iPhone intro; a thrilling demo that marked the beginning of a new era, of more than one billion iPhones sold. The video is here, a resonant classic, the master at the top of his expository powers.

This brings us back to the aptly named iPhone X, ten years later. As it turns out, Face ID didn’t fail Federighi. A stagehand had unwittingly and repeatedly triggered Face ID when arranging the device before the presentation. As designed, a security algorithm kicked in when the camera had seen too much of the stagehand’s unrecognized face and thus it sent Federighi to the security code entry screen. Both disconcerting and reassuring.

I haven’t had the opportunity to form a Third Impression of the new iPhone X, that is putting my money on the table, getting the product and using it long enough to reach a stable gut-level feel, the one that triggers the ultimate marketing weapon: Word of Mouth.

«

It is very interesting to listen to John Gruber’s podcast with Craig Federighi, Apple’s software chief, who has been using the iPhone X for some time, and who says you get completely used to face-unlocking being automatic.

And I don’t want to seem fulsome, but Federighi’s recovery at the iPhone X onstage demo – when it didn’t unlock after what had probably been a summer when it unlocked every time for him – was one of the all-time presentation recoveries. Imagine how unnerving it would be if something that had always worked suddenly didn’t. Yet he had the presence of mind to not go with the passcode, but switch to the backup. It’s the only time I’ve ever seen him wrongfooted, and he handled it with aplomb.
link to this extract


There isn’t a long waiting list for the iPhone 8 yet • Business Insider

Kif Leswing:

»

If you were to log on to Apple.com on Monday and order the newest iPhone, you wouldn’t have to wait very long until you received your new device.

In fact, some iPhone 8 models will still arrive by Friday, the first day it hits retail stores, even if it was ordered several days after pre-orders started.

This suggests there will be no shortage of iPhone 8 models this fall and that the iPhone 8 will be easier to find than previous new iPhone models. 

“The pre-order lead times are playing out as we expected with similar to the lead times as the smaller size iPhone’s over the past three years, but shorter lead times than the larger Plus sizes,” Loup Ventures founder Gene Munster wrote in a research post on Monday.

«

Anyone would think they had an entirely different phone coming out soon.
link to this extract


Google offers to auction off shopping ad spaces to rivals • WSJ

Natalia Drozdiak:

»

Google has proposed overhauling its shopping search results so that rivals can bid for space to display products for sale, as part of the tech giant’s efforts to comply with the European Union’s antitrust order, according to people familiar with the matter.

Under the proposal, Google would bid against rivals to display products for sale in the space above its general search results, according to the people. Google would set itself a price cap that it wouldn’t be able to bid above, but competitors could do so if they wished.

Rival shopping sites have hit back, saying an auction-based remedy wouldn’t assuage the EU regulator’s demands that the company treat its competitors’ offerings and its own shopping service equally.

The European Commission ordered Google to make the changes to its search results by late September as part of its decision to fine Google a record €2.42bn ($2.89bn) in June for discriminating against rival comparison-shopping sites in its search ranking…

…“While we have yet to see details of Google’s proposal, it seems unlikely that Google could have devised an auction-based remedy that does not fall far short of the equal treatment standard stipulated by the [commission’s] decision,” said Shivaun Raff, chief executive of Foundem.co.uk, a comparison-shopping website that was the first company to file a formal antitrust complaint about Google to the EU.

The auction-based remedy could force Google’s competitors to bid away the majority of their profits to Google, Ms. Raff said. Google could set a high price cap for its own bids, pushing the bids of competitors higher.

«

As the story points out, this is essentially the same failed proposal Google made a few years ago with the previous competition commissioner, and it’s just as absurd. Competitors want access to the free spot at the top of the organic results, which Google presently awards to its Shopping site in a sort of technological nepotism. Competitors like Foundem argue that there should be a clear algorithmic explanation of how that top spot is chosen, so everyone can compete fairly for it.

This will cause another round of complaints, and meanwhile the rivals are ground down further by Google’s monopoly.
link to this extract


How Baidu will win China’s AI race—and, maybe, the world’s • WIRED

In August, Jessi Hempel interviewed Qi Lu, who left Microsoft to become chief operating officer at Baidu, having seen Microsoft’s Cortana effort fall behind Amazon’s (to the surprise of many at Microsoft, and Google):

»

Hempel: don’t you think that Amazon’s handicap is on its back end, in that it can’t keep up on the technology side with Google and Microsoft?

Qi Lu: I worked on Cortana four and a half years ago. At the time we all were like, “Amazon, yeah, that technology is so far behind.” But one thing I learned is that in this race to AI, it’s actually more about having the right application scenarios and the right ecosystems. Google and Microsoft, technologically, were ahead of Amazon by a wide margin. But look at the AI race today. The Amazon Alexa ecosystem is far ahead of anybody else in the United States. It’s because they got the scenario right. They got the device right. Essentially, Alexa is an AI-first device.

Microsoft and Google made the same mistake. We focused on Cortana on the phone and PC, particularly the phone. The phone, in my view, is going to be, for the foreseeable future, a finger-first, mobile-first device. You need an AI-first device to solidify an emerging base of ecosystems.

It’s become so much clearer, living in China, what AI-first really means. It means you interact with the technology differently from the start. It has to be voice or image recognition, facial recognition, in the first interactions. You can use a screen or touch, but that’s secondary.

At Baidu [headquarters], it’s all face recognition-based. At the vending machine at Baidu, you can buy stuff with voice and a face. And we’re also working on a cafeteria project. Our goal is, when you go to a cafeteria, you walk away with food…

…JH: How does the US market for voice technology compare to the Chinese market?

QL: The home environment is very different. Because we’re talking about voice interactions. The acoustic environment, the pattern of noises, will be very different. Alexa, Echo, and Cortana are optimized for American homes. In my view, this only works in North America and maybe a portion of Europe. Essentially, the assumption is that you have spacious homes; you have several rooms. In China, that’s not the case at all. For our target, even for the young generation with high incomes, typically they have 60 square meters [645 square feet], sometimes 90 square meters [970 square feet].

We have better opportunities to globalize DuerOS, because guess what? A home in Japan, a home in India, or a home in Brazil, is a lot closer to a home in China than a home in North America.

«

link to this extract


Video autoplay policy changes • Google Developers

»

As you may have noticed, web browsers are moving towards stricter autoplay policies in order to improve the web experience for users, minimize the incentives to install extensions that block ads, and reduce data consumption on expensive and/or constrained networks.

With these new autoplay policies, the Chrome team aims to provide a greater control to users over content playing in their browser. Those will also benefit publishers who have legitimate autoplay use cases.

Chrome’s autoplay policies are simple:

• Muted autoplay is always allowed.
• Autoplay with sound is allowed if any of the following conditions are met:
– User has interacted with the site (click, tap, etc.)
– Media Engagement Index threshold is crossed (desktop only)
– Site has been installed using the “Add to Homescreen” flow (mobile only)
• Top frame can delegate autoplay permission to their iframes to allow autoplay with sound.

«

The link to “noticed” is to the Safari team’s noticed about how they’re making video policies even tighter. Not only are people annoyed by autoplay videos; they’re also the source of a huge amount of ad fraud (autoplaying videos with sound off with display positions far off your screen). Chrome ought to be ahead of Safari on this, since it’s in Google’s interest if there isn’t ad fraud – isn’t it?

link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: Facebook v Mueller (yes, that one), FaceID questions answered, Equifax’s musical security, and more


Do you want AI to be outing people without their consent? Photo by the_gain_card on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Handle with care. I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook’s heading toward a bruising run-in with the Russia probe • Talking Points Memo

Josh Marshall:

»

I believe what we’re seeing here is a convergence of two separate but highly charged news streams and political moments. On the one hand, you have the Russia probe, with all that is tied to that investigation. On another, you have the rising public backlash against Big Tech, the various threats it arguably poses and its outsized power in the American economy and American public life. A couple weeks ago, I wrote that after working with Google in various capacities for more than a decade I’d observed that Google is, institutionally, so accustomed to its customers actually being its products that when it gets into lines of business where its customers are really customers it really doesn’t know how to deal with them. There’s something comparable with Facebook.

Facebook is so accustomed to treating its ‘internal policies’ as though they were something like laws that they appear to have a sort of blind spot that prevents them from seeing how ridiculous their resistance sounds. To use the cliche, it feels like a real shark jumping moment. As someone recently observed, Facebook’s ‘internal policies’ are crafted to create the appearance of civic concerns for privacy, free speech, and other similar concerns. But they’re actually just a business model. Facebook’s ‘internal policies’ amount to a kind of Stepford Wives version of civic liberalism and speech and privacy rights, the outward form of the things preserved while the innards have been gutted and replaced by something entirely different, an aggressive and totalizing business model which in many ways turns these norms and values on their heads. More to the point, most people have the experience of Facebook’s ‘internal policies’ being meaningless in terms of protecting their speech or privacy or whatever as soon as they bump up against Facebook’s business model.

«

link to this extract


Mueller investigation into Facebook ads may be a big deal • NY Mag

Benjamin Hart:

»

The Wall Street Journal reported on Friday that Facebook had turned over much more information to Special Counsel Robert Mueller about Russian-backed advertisements during the 2016 election than the company had shared with Congress:

»

The information Facebook shared with Mr. Mueller included copies of the ads and details about the accounts that bought them and the targeting criteria they used, the people familiar with the matter said. Facebook policy dictates that it would only turn over “the stored contents of any account,” including messages and location information, in response to a search warrant, some of them said.

«

CNN confirmed on Saturday that Mueller had indeed obtained the information with the help of a warrant.

Legal experts said that the news could signal a potentially explosive new phase in Mueller’s investigation. In a tweetstorm, Yale Law School associate dean Asha Rangappa said that to obtain the warrant, Mueller would have had to believe that a crime was committed – it is illegal for foreign people or entities to make contributions connected to American elections – and that the offense would need to be connected to “specific accounts” on Facebook.

Former federal prosecutor Renato Mariotti also focused on the warrant in a series of tweets, arguing that its presence meant that Mueller was “close to charging specific foreign people with a crime,” and that if Trump associates were part of the planning behind it, they could face serious charges as well.

«

A senior person who I know at Facebook said “that was quite a week”. There might be some more coming.
link to this extract


The AI “Gaydar” study and the real dangers of big data • The New Yorker

Alan Burdick on the reaction to the study which took pictures from Tindr and applied AI to guess – well, calculate – whether they were gay or straight:

»

Historically speaking, the hair-trigger response to the study was understandable. Regardless of the accuracy of the method, past schemes to identify gay people have typically ended in cruel fashion—pogroms, imprisonment, conversion therapy. The fact is, though, that nowadays a computer model can probably already do a decent job of ascertaining your sexual orientation, even better than facial-recognition technology can, simply by scraping and analyzing the reams of data that marketing firms are continuously compiling about you. Do gay men buy more broccoli than straight men, or do they buy less of it? Do they rent bigger cars or smaller ones? Who knows? Somewhere, though, a bot is poring over your data points, grasping for ways to connect any two of them.

Therein lies the real worry. Last week, Equifax, the giant credit-reporting agency, disclosed that a security breach had exposed the personal data of more than a hundred and forty-three million Americans; company executives had been aware of the security flaw since late July but had failed to disclose it. (Three of them, however, had off-loaded some of their Equifax stock.) The collection and sale of consumer data and buying patterns has become a vast business of which consumers are largely unaware, although they actively contribute to it by clicking on ads, accepting cookies, and agreeing to be tracked. But each new security breach reveals again that the data-collection farms feel little obligation toward us; their customer is the data buyer, not the data source.

«

link to this extract


Google will delete Android backups after two months of no device usage • Android Police

Ryan Whitwam:

»

It turns out Google won’t keep your Android backups forever. In fact, it only gives you about two months.

Android has been able to sync some apps and data to a new phone since the Eclair days, but the system was vastly improved in Marshmallow. Now, you have backups for your Android devices in a Google Drive folder, and the process of restoring is somewhat reliable. It’s far from perfect, but it usually works… unless your backup is expired. As someone on Reddit recently reminded us, Google deletes unused backups after two months. All that app and settings data is gone, and there’s no way to save it even if you’re paying for Google Drive storage.

You can see which backups of yours, if any, are set to expire by checking the backup folder in Google Drive. Backups for any device inactive for more than two weeks should have an expiration date. This is only showing up for me in the Android app, which seems especially problematic since you might not be using an Android device at all.

«

To me this tells us more about how Google views (and what it knows about) device usage, and backup retrieval, than anything else. A backup that hasn’t been touched for two months is probably for a dead device – supplanted, forgotten, lost, stolen. I’d bet that the amount of data stored is minimal. Even though 2 billion devices can add up to a lot of stored data, Google has plenty of storage for it. Except that the Reddit user who raised this had been using a “temporary” iPhone.

Apple’s use of never-expiring backups becomes odd in this context. Do you really need that two-year-old backup?
link to this extract


Every major advertising group is blasting Apple for blocking cookies in the Safari browser • Adweek

Marty Swant:

»

In an open letter expected to be published this afternoon, the groups describe the new standards as “opaque and arbitrary,” warning that the changes could affect the “infrastructure of the modern internet,” which largely relies on consistent standards across websites. The groups say the feature also hurts user experience by making advertising more “generic and less timely and useful.”

“Apple’s unilateral and heavy-handed approach is bad for consumer choice and bad for the ad-supported online content and services consumers love,” according to a copy of the letter obtained by Adweek this morning. “Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful. Put simply, machine-driven cookie choices do not represent user choice; they represent browser-manufacturer choice.”

Of course, the digital advertising world has a lot to lose if hyper-targeting becomes more diluted. According to an eMarketer report released in March, digital ad spending in the US is expected to reach $83bn in 2017, up nearly 16% from last year.

«

Apple’s response as given to John Gruber and others:

»

“Apple believes that people have a right to privacy — Safari was the first browser to block third party cookies by default and Intelligent Tracking Prevention is a more advanced method for protecting user privacy.

Ad tracking technology has become so pervasive that it is possible for ad tracking companies to recreate the majority of a person’s web browsing history. This information is collected without permission and is used for ad re-targeting, which is how ads follow people around the Internet. The new Intelligent Tracking Prevention feature detects and eliminates cookies and other data used for this cross-site tracking, which means it helps keep a person’s browsing private. The feature does not block ads or interfere with legitimate tracking on the sites that people actually click on and visit. Cookies for sites that you interact with function as designed, and ads placed by web publishers will appear normally.”

«

They thought adblocking on iOS would end the world too. Hasn’t, so far.
link to this extract


Interview: Apple’s Craig Federighi answers some burning questions about Face ID • TechCrunch

Matthew Panzarino:

»

One anecdotal thing: If you lift your phone and swipe up immediately, there’s a good chance that the Face ID system will have performed its authentication fast enough to have unlocked your device by the time you finish your swipe. That’s how fast it is.

But the speed isn’t the only question. Sunglasses, for instance, are fairly commonly worn outdoors. Federighi had mentioned in an email to a user that “most” sunglasses would work fine.…

…Face ID requires that it be able to see your eyes, nose and mouth. This means there are scenarios where it just won’t work.

“If you’re a surgeon or someone who wears a garment that covers your face, it’s not going to work,” says Federighi. “But if you’re wearing a helmet or scarf, it works quite well.”

This means that Face ID is not going to be a viable option for people who wear a mask for work or wear a niqab, for instance. They would need to use a passcode. Federighi notes that this limitation is similar to Touch ID, which simply didn’t work if you wore gloves or had wet fingers.

Another common question is about what kind of angles and distances you can be at in relation to your iPhone to get it to unlock.

“It’s quite similar to the ranges you’d be at if you put your phone in front-facing camera mode [to take a picture],” says Federighi. Once your space from eyes to mouth come into view that would be the matching range — it can work at fairly extreme angles — if it’s down low because your phone is in your lap it can unlock it as long as it can see those features. Basically, If you’re using your phone across a natural series of angles it can unlock it.”

«

The question all becomes one of “what does ‘look’ at your phone mean?” From the demos I’ve seen it’s not a fixed stare. It’s a lot more casual than that.
link to this extract


Changes in the new iTunes • Apple Support

»

The new iTunes [on desktop; version 12.7] focuses on music, movies, TV shows, podcasts, and audiobooks. Apps for iPhone, iPad, and iPod touch are now exclusively available in the new App Store for iOS. And the new App Store makes it easy to get, update, and redownload apps—all without a Mac or PC.

You’ll find these changes in the new iTunes:
• Apps: Looking for your past iOS app downloads? Learn how to redownload apps on your iOS device.

• iTunes U: Collections of iTunes U content appear in the Podcasts section of iTunes. 

• Internet Radio: Your Internet Radio stations appear in your music library’s sidebar. Click Edit in the sidebar to show or hide Internet Radio.

• Ringtones: iOS 11 supports redownloading ringtones directly to your iOS device, without the need to use iTunes on your Mac or PC.

•Books on Windows: Books on iTunes for Windows are managed in iBooks for iOS. Learn how to redownload books on an iOS device.

«

It’s been a long run, iTunes – 16 years of syncing with Apple’s top portable devices! – but it’s finally time to cut the cord.
link to this extract


Equifax hired a music major as chief security officer and she has just retired • MarketWatch

Brett Arends:

»

When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security.

And then they might also ask him if anyone at the company has been involved in efforts to cover up [former chief security officer] Susan Mauldin’s lack of educational qualifications since the data breach became public.

It would be fascinating to hear Smith try to explain both of those extraordinary items.

If those events don’t put the final nails in his professional coffin, accountability in the U.S. is officially dead. And late Friday Equifax said both Mauldin and the company’s chief information officer have retired effective immediately [in an announcement which didn’t name either].

Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security. Late last week, her LinkedIn page was made private and her last name replaced with “M.”

This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.

«

Arends allows, fairly, that Mauldin’s music training might have equipped her for computer security. There just isn’t anything in her LI profile that would lead you to conclude she’s best-suited for the job. (Then again, there’s no responsibility to curate your LI profile to show such detail.) It would be good to have some more detail about Mauldin’s experience before this.

link to this extract


Experts say the use of private email by Trump’s Voter Fraud Commission isn’t legal • ProPublica

Jessica Huseman:

»

President Donald Trump’s voter fraud commission came under fire earlier this month when a lawsuit and media reports revealed that the commissioners were using private emails to conduct public business. Commission co-chair Kris Kobach confirmed this week that most of them continue to do so.

Experts say the commission’s email practices do not appear to comport with federal law. “The statute here is clear,” said Jason R. Baron, a lawyer at Drinker Biddle and former director of litigation at the National Archives and Records Administration.

Essentially, Baron said, the commissioners have three options: 1. They can use a government email address; 2. They can use a private email address but copy every message to a government account; or 3. They can use a private email address and forward each message to a government account within 20 days. According to Baron, those are the requirements of the Presidential Records Act of 1978, which the commission must comply with under its charter.

«

Private emails are also at risk of hacking, too.
link to this extract


Sign language interpreter used gibberish, warned of bears, monsters during Hurricane Irma update | AL.com

Leada Gore:

»

Officials in Manatee County, Florida are under fire after an interpreter for the deaf warned about pizza and monsters during an emergency briefing related to Hurricane Irma.

The interpreter, Marshall Greene, a lifeguard for the county, has a brother who is deaf, according to the DailyMoth, a video news site that provides information via American Sign Language. Greene was used as the interpreter for a Sept. 8 press conference regarding the incoming storm and possible evacuations.

Members of the deaf community said Greene mostly signed gibberish, referencing “pizza,” “monsters,” and using the phrase “help you at that time to use bear big,” during the event. Other information signed to viewers was incomplete, experts said.

«

One always suspects this about the sign language interpreters. Never expects it to be true. (Apparently the interpreter had said previously he didn’t feel confident about doing this.)
link to this extract


Errata, corrigenda and ai no corrida: none notified

The Apple Watch Series 3 ripoff: how carriers want to charge for zero data use


The Apple Watch Series 3 can take phone calls. But you’ll pay for that. Photo by portalgda on Flickr.

On first trying the Apple Watch, in 2015, my reaction was that it did a lot of things pretty well. I still wished that it had an always-on screen. But earlier this year I started taking exercise more seriously. At that point, it suddenly comes into its own: the workout apps, the heart monitoring, the calorie estimator. Add AirPods – I was quick enough to snag a pair when they went on sale in the UK last Christmas – and you have a terrific combo for running: store some music on your watch, connect AirPods, go running. No wires, no phones, and no, they don’t fall out.

When I’m out I see other runners with phones strapped to their wrists, with headphone wires all over the place. They give me odd looks. I give them an odd look right back. Exercising without wires is how it’s meant to be. (If you’ve got a Watch then I recommend the HeartWatch app, which gives you the granular detail of your heart rate, especially during workouts.)

Since you can add Apple Pay, the Watch becomes a device that can do everything while you’re out and about, even without a phone. Except.. if you don’t have a phone you can’t take phone calls, or receive and respond to text and other forms of messages, or get new data for Maps, or activate Siri, etc, etc.

Adding mobile (“cellular”) capability makes perfect sense there. Now you really can leave the phone at home, because you can receive calls anywhere you get coverage – with good LTE this means plenty of places, such as the middle of a lake, as in the Apple demo – and make them, because your contacts list is in the phone, and failing that there’s a Big Buttoned Virtual Keypad.

And generally in technology, if someone can, someone will. Samsung had already gone there, but its device was big and bulky, and it didn’t have the same phone number as your phone. Apple has solved that.

Zero data, zero incentive

What doesn’t make sense is the price that carriers are looking to charge for hooking your Watch to their network. In the US, the price is put at $10/month; in the UK, at £5 per month, on EE.

These are outrageous prices, on a par with the ludicrous data charges that carriers used to apply before the iPhone. In those days, up to mid-2007, to want data on the move marked you out as someone with money to burn, or else a raging desire for debt.

Why outrageous? Because Watch cellular data use is not additive; it’s substitutive. If you’re pulling in data on your cellular Watch, you must have left your phone behind. Ergo, you’re doing nothing with the phone, so it’s consuming (next to) no data. The data consumption has shifted to your Watch.

(Just to be clear: Apple says that your Watch uses the best available connection with your phone. If you’re in Bluetooth range, it uses that. If you’re on the same Wi-Fi network (or even, magically, a Wi-Fi network that your phone knows how to connect to, even somewhere distant) then it’ll use Wi-Fi. Now, if you’re not in range of either of those, the Watch will connect to the data network when it has to. But most of the time, and especially when you have your phone with you, it won’t be connecting to the mobile network.)

If anything, you’ll be consuming less data while you’re Watching solo – you won’t be loading Facebook pages, or giant email attachments, or scrolling through Twitter, or watching YouTube. Sure, you might be listening to music streamed from Apple Music. But you might well have been doing that anyway; if you like streaming music while you run, you’ve probably been doing that already, but with a phone around your arm. (And you can get music onto the Watch just by downloading it from the phone, rather like one used to with iPods. This is probably the biggest use case of music on the Watch even if you can stream, because runner like to create their own playlists, not rely on stuff in the cloud.)

Nor do the carriers have to send you a physical SIM; it’s done in software, in the Watch. Nor do they have to open a new account; you’re already a customer. There might be a mild bit of back-end administration to inform the cell network that two different IMEIs (mobile device IDs) have the same phone number. (Side note: the fact this can be done implies that spying on your phone calls may be easier than it seems?)

But there’s nothing in there which justifies $10/month or £5/month. And think of what that adds to the cost of the device: $120 or £60 per year. That’s a substantial chunk of the upfront price, and it never stops. On Twitter, Marine Engelvuori points out that EE ties you to a 24-month contract if you buy the watch from them, and that you have to add VAT; suddenly that device which costs £399 on its own has added £200-odd of costs over the contract lifetime.

If the cost were $1 or £1 per month, that would be tolerable; one can concede that carriers could charge for the tiny bit of administration cost that might be involved, and maybe eke a profit on the fact of this device’s new qualities. But more than that is just absurd, and it will stifle purchases by anyone who might be a marginal buyer of the service.

This is a real pity. The Series 3 is a remarkable piece of engineering: turning the screen into the aerial (I don’t even know how they do this) and maintaining the thin profile is just amazing. All the software functionality, such as heart rate monitoring and so on, is top class. People could benefit from cell-connected smartwatches, and not only the ones made by Apple. (It might encourage people to spend less time staring at screens, weirdly enough.)

But the price that the carriers are trying to charge is stupid.

Third-party like it’s 2006

It really is 2006 in wearable land; the time before carriers woke up to the broader benefit of offering services at prices which encourage people to use them. Wearables are, arguably, still at the same stage in their evolution as the smartphone was in 2006. This doesn’t mean though that the carriers couldn’t act as the midwives to help things along a little.

Remember, they’re trying to charge this amount for something which will use no extra data over you using your phone, and for which they don’t have to provide a physical item.

There is a precedent for doing this well: Amazon and the Kindle. The deal it cut for “Whispernet” meant you could download books anywhere and all you paid for was the extra 3G functionality in the upfront price. No ongoing fees. I can imagine that Apple’s board gulped a bit at the potential cost of doing that for the Watch, when people would no doubt eagerly take the chance to stream music all day and all night long forever for the extra £70. Kindle files are pretty small compared with music files, and Amazon had a monopoly on that market. So it was probably a non-starter for Apple to shoulder the cost. (This doesn’t mean there’s a cost to the carriers – as I said above, it’s substitutive. But it would be all new costs for Apple to pay for Watch data.)

Maybe the first carriers are just hoping to rake it in before competition opens up and drives prices down. Here’s hoping.

It took the iPhone, and Steve Jobs’s negotiating genius, to get carriers to adopt a flat rate model for data. It’s a disappointment that Apple hasn’t managed to push the future of connectivity forward in the other place where it matters – not on your wrist, because they’ve solved that; but in your wallet.

Start Up: Facebook’s fake election rallies, Trump blocks Lattice buy, Equifax’s woeful security, and more


Fonts can tell tales – and reveal liars – if you know enough about them. Photo by stewf on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Is that really your face, though? I’m @charlesarthur on Twitter. Observations and links welcome.

Purged Facebook page tied to the Kremlin spread anti-immigrant bile • The New York Times

Scott Shane:

»

The notice went out on Facebook last year, calling citizens of Twin Falls, Idaho, to an urgent meeting about the “huge upsurge of violence toward American citizens” by Muslim refugees who had settled there.

The inflammatory post, however, originated not in Idaho but in Russia. The meeting’s sponsor, an anti-immigrant page called “Secured Borders,” was one of hundreds of fake Facebook accounts created by a Russian company with Kremlin ties to spread vitriolic messages on divisive issues.

Facebook acknowledged last week that it had closed the accounts after linking them to advertisements costing $100,000 that were purchased in Russia’s influence campaign during and after the 2016 election. But the company declined to release or describe in detail the pages and profiles it had linked to Russia.

A report by the Russian media outlet RBC last March, however, identified the Secured Borders page as the work of the Internet Research Agency, a St. Petersburg firm that employs hundreds of so-called trolls to post material in support of Russian government policies. A Facebook official confirmed that Secured Borders was removed in the purge of Russian fakes…

…It also promoted the Aug. 27, 2016, meeting in Twin Falls, called “Citizens before refugees,” which was first reported by The Daily Beast. The call came amid incendiary claims, linking Muslim refugees in Twin Falls to crime, that circulated on far-right websites last year. In May, Alex Jones, of the conspiracy site Infowars.com, retracted a claim that the Twin Falls yogurt company Chobani, which had made a point of hiring refugees, had been “caught importing migrant rapists.”

Shawn Barigar, the mayor of Twin Falls, said that the City Council Chambers, where the supposed meeting was called on a Saturday, were closed that day and that officials did not recall any gathering. But he said that after two years of “robust debate” over the city’s refugee resettlement program, which dates to the 1980s, it was “kind of surreal” to discover that Russia had joined in.

«

This reminds me of a Philip K Dick short story called “If There Were No Benny Cemoli” which – because he was a genius ahead of his time – is all about fake news and fake events. Something about this really gives me the shivers.
link to this extract


Trump blocks China-backed Lattice bid • Bloomberg

»

President Donald Trump blocked a Chinese-backed investor from buying Lattice Semiconductor Corp., casting a cloud over Chinese deals seeking U.S. security clearance and spurring a call for fairness from Beijing.

It was just the fourth time in a quarter century that a U.S. president has ordered a foreign takeover of an American firm stopped on national-security concerns. Trump acted on the recommendation of a multi-agency panel, the White House and the Treasury Department said Wednesday. The spurned buyer, Canyon Bridge Capital Partners LLC, is a private-equity firm backed by a Chinese state-owned asset manager.

The Trump administration has maintained a tough stance against Chinese takeovers of American businesses even as it seeks China’s help to resolve the North Korean nuclear crisis. Other deals under review include MoneyGram International Inc.’s proposed sale to Ant Financial, the financial-services company controlled by Chinese billionaire Jack Ma. The government is also examining an agreement by Chinese conglomerate HNA Group Co. to buy a stake in SkyBridge Capital LLC, the fund-management firm founded by Anthony Scaramucci, who was briefly Trump’s White House communications director…

…Lattice makes programmable logic chips, which have a wide variety of uses because their attributes can be changed using software. The chips are used in communications, computing, and in industrial and military applications. The company generates more than 70% of its revenue in Asia, according to data compiled by Bloomberg.

Trump’s move builds on years of U.S. opposition to China’s efforts to bolster its chip industry by buying American technology. China, the world’s largest chip market, has been on the hunt for acquisitions in the field as it looks to build a domestic supply and rely less on imports, as the $300bn global semiconductor industry undergoes its biggest wave of consolidation.

«

link to this extract


“Font detectives” use their expertise to solve high stakes cases • WIRED

Glenn Fleishman:

»

Most forgeries that experts expose aren’t very sophisticated to the discerning type eye. [Thomas] Phinney recounts his involvement in a case he calls The Respected Rabbi: A Long Island rabbi faced controversy among his congregation after his name failed to appear on a list of alumni from the school at which he said he’d obtained ordination. Phinney says he was told, too, that the rabbi “didn’t know his theology as well you might expect from a rabbi.”

After much tsorres, the rabbi presented a board member with a faxed copy of his proof of smicha, or ordination, issued in 1968. It was from an institution that had closed, and its records had been destroyed in a fire. Called in to examine the smicha, Phinney quickly noted that the entire document was in fancy, handwritten calligraphy, except the recipient’s name, which was set in a typeface that had a calligraphed feel.

Though diplomas and similar documents were once written by an expert hand, most have been printed en masse for centuries (Harvard started printing its in 1813) with a blank space left for the recipient’s name. That name is typically then added either via a calligrapher or a letterpress in the same font as the rest of the diploma. But a diploma written by hand with the blank filled in with a calligraphic printed typeface? That was extremely unlikely. Phinney also identified the face as Monotype Corsiva, a font released in the early 1990s, making the chronology impossible.

«

This article has three headlines: the one above, the one on this article (“Meet the font detectives who ferret out fakery”), and the print one – “I shot the serif.” BOOM. Lots of good stories in this.
link to this extract


What happens if a cop forces you to unlock your iPhone X with your face? • The Washington Post

Brian Fung:

»

While you can’t legally be compelled to give up your passcode, some analysts say, courts have ruled that law enforcement can compel you to give up your fingerprint under certain conditions. Under a standard known as “reasonable suspicion,” you can be required to provide your fingerprint. Could the same standard be applied to your facial data? That’s what is unclear.

That said, Americans enjoy one additional layer of legal protection. Even if a police officer uses your biometric information to unlock a phone, he or she must still obtain a search warrant to search the phone. The warrantless searching of cellphones was ruled unconstitutional by the Supreme Court in Riley v. California in 2014.

“That’s now established Supreme Court doctrine,” Calabrese said. Either way, he said, the best protection is probably to use a strong passcode.

Given how confusing the law can be on these issues, can’t there be some kind of technological solution?

A partial one may be in the works. The new version of Apple’s mobile operating system, iOS 11, is said to contain a fail-safe that will not only disable Touch ID, but also potentially Face ID. By pressing the power button five times in quick succession, an iPhone will stop accepting biometric data as an unlocking mechanism and require a passcode, according to the researcher who discovered the feature in a beta version of iOS 11.

It is not clear how long the fail-safe lasts before things revert to the regular mode. Apple did not respond to a request for comment.

«

It was all going so well until that last paragraph, which is clueless. “Regular mode” is “requiring a passcode”. Only when you’ve entered a passcode is the biometric unlock (finger or face) enabled. Pressing the side button five times does indeed disable the biometric unlock. If you feel you need to, that’s your solution.

(Added to the “close but no cigar” category on iPhone X and FaceID.)
link to this extract


Ayuda! (Help!) Equifax has my data! • Krebs on Security

Brian Krebs:

»

Earlier today, this author was contacted by Alex Holden, founder of Milwaukee, Wisc.-based Hold Security LLC. Holden’s team of nearly 30 employees includes two native Argentinians who spent some time examining Equifax’s South American operations online after the company disclosed the breach involving its business units in North America.

It took almost no time for them to discover that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”

We’ll speak about this Equifax Argentina employee portal — known as Veraz or “truthful” in Spanish — in the past tense because the credit bureau took the whole thing offline shortly after being contacted by KrebsOnSecurity this afternoon. The specific Veraz application being described in this post was dubbed Ayuda or “help” in Spanish on internal documentation.

Once inside the portal, the researchers found they could view the names of more than 100 Equifax employees in Argentina, as well as their employee ID and email address. The “list of users” page also featured a clickable button that anyone authenticated with the “admin/admin” username and password could use to add, modify or delete user accounts on the system…

Each employee record included a company username in plain text, and a corresponding password that was obfuscated by a series of dots.

However, all one needed to do in order to view said password was to right-click on the employee’s profile page and select “view source,” a function that displays the raw HTML code which makes up the Web site. Buried in that HTML code was the employee’s password in plain text.

«

🙄
link to this extract


Failure to patch two-month-old bug led to massive Equifax breach • Ars Technica

Dan Goodin:

»

The Equifax breach that exposed sensitive data for as many as 143 million US consumers was accomplished by exploiting a Web application vulnerability that had been patched more than two months earlier, officials with the credit reporting service said Thursday.

“Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted,” company officials wrote in an update posted online. “We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.”

The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on Web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.

«

At what point does not updating become dereliction of duty?
link to this extract


Photos: What it was like to attend Apple’s iPhone X event • Recode

Dan Frommer:

»

it was the first keynote Apple held in its new Steve Jobs Theater — named after the late Apple founder, who made these “Stevenotes” into the sort of mainstream cultural and media events that millions of people would stream live.

I was in attendance yesterday and took hundreds of photos. Here’s my experience, as told through a few dozen.

«

They’re great pictures (well, spoiled by some clown in one of them). The one that really captures it is the young kid, who we thought might be the tech correspondent for the Ellen de Generes show – seriously. One day, all tech correspondents will be this young, or old.

What that picture really shows, though, is the amazing size of Apple’s new building, in the distance. It’s perhaps 500m away. It’s circular. And it just seems to go on and on; you can see one edge, but not the other. You know the spaceship in Independence Day, which just looms over everything? Like that, but landed.
link to this extract


Google’s influence over its network of influencers • Search Neutrality

Shivaun and Adam Raff run Foundem, the “vertical search” (shopping) site which first complained to the EC about Google’s demotion of their site in organic results:

»

We accept that many of the academics and other professionals within Google’s extensive network of influencers sincerely believe that their pro-Google opinions are their own and are not influenced by their (or their institution’s) financial ties to Google.  However, it is noteworthy how often these opinions are underpinned by an eerily consistent misrepresentation of the basic facts of the Google case that belies, at the very least, a failure to treat Google’s representations of the case with the healthy scepticism one would normally reserve for a defendant.

The criticisms of the EC’s Google Search verdict by Google-funded academics and think tanks have tended to rely on and mirror many of the same fundamental misrepresentations and omissions that Google’s own criticisms of the verdict rely on. For example:

• They tend to focus exclusively on Google’s anti-competitive promotion of its own services (through Universal Search), while ignoring Google’s anti-competitive demotions and exclusions of competing services (through anti-competitive penalties). This is an important omission because any defence of one practice inevitably undermines the defence of the other.

• They neglect to point out that pay-for-placement advertisements are not a substitute for the relevance-based search results they are anti-competitively replacing. This is not a minor omission: paid advertisements are not what users visit Google for, and, when they are used to promote the merchants willing to pay Google the most money for a click rather than those offering users the lowest prices, the resultant user harm is obvious.

• They ignore the inconvenient yet immutable fact that Google only introduced these pay-for-placement advertisements (which underpin all of Google’s misleading ad-based arguments) in February 2013—at least 7 years after the introduction of Google’s anti-competitive practices, 3 years after the start of the EC’s investigation, and 11 months after the commencement of “settlement” negotiations with Commissioner Almunia. (See our December 2016 Paper for some of the history, context, and consumer harm resulting from Google’s progressive blurring of the lines between search results and pay-for-placement ads).

The perception-shaping power of Google’s sophisticated and disciplined PR machine is far-reaching.

«

link to this extract


Apple Watch Edition 3 vs Samsung Gear S3 Frontier LTE • SmartWatch Specifications

The contrast is remarkable: the Apple Watch screen is notably bigger (1.65in v 1.3in), and yet smaller in every other dimension; even compared to the 42mm Watch, not the 38mm, the Samsung has 64% more volume and weighs 33% more.

Some of the finer details on the comparison are wrong though – it doesn’t seem to accept you can take and make calls on the Apple Watch, and it suggests it works with Android devices. It doesn’t.

And of course the Apple Watch will have the same phone number as its parent iPhone; the Samsung device won’t. But don’t get me started on the utter ripoff of the prices carriers are charging for data plans for the Watch, which is substitutional use rather than additive. They should be ashamed. (Via Ben Thompson.)
link to this extract


Do autonomous cars dream of driverless roads? • Dark Reading

Laurence Pitt is strategic director for security at Juniper Networks in Europe/Mid-East/Africa:

»

The UK government is seeking to take a leadership role in the development of these rules by contributing an Autonomous and Electric Vehicle bill which will create a new insurance framework for self-driving cars. In tandem, the UK Department for Transport and Centre for the Protection of National Infrastructure have released a series of documents outlining principles of cyber security for connected and automated vehicles.’These documents form a modern version of Asimov’s Robotic Laws, but with the focus being on the automotive manufacturers to ensure that these vehicles are developed with a defense-in-depth approach so that they remain resilient to threat at all times – even in situations where sensors are unable to respond due to attack or failure.

This legislation will put the United Kingdom at the centre of these new and exciting technological developments, while ensuring that safety and consumer protection remain at the heart of an emerging industry.

«

Top marks to the sub-editor who ignored Pitt’s chosen narrative (Asimov’s Laws, which as he points out aren’t applicable because the cars aren’t sentient) and went with the Philip K Dick one for the headline.

In fact, I’d say it’s headline of the month.
link to this extract


Errata, corrigenda and ai no corrida: the review of the Essential phone in yesterday’s roundup was by Ryan Whitwam, not David Ruddock.

Start Up: averaging MPs’ faces, Apple’s big OLED plans, what hunter-gatherers had, and more


The iPhone X: still many questions, whose answers you’ll have to wait for. Photo by perzonseo on Flickr.

A selection of 11 links for you. See? I’m @charlesarthur on Twitter. Observations and links welcome.

The case against civilisation • The New Yorker

John Lanchester reviews “Against the Grain: A Deep History of the Earliest States” by James Scott:

»

So why did our ancestors switch from this complex web of food supplies [as hunter-gatherers] to the concentrated production of single crops? We don’t know, although Scott speculates that climatic stress may have been involved. Two things, however, are clear. The first is that, for thousands of years, the agricultural revolution was, for most of the people living through it, a disaster. The fossil record shows that life for agriculturalists was harder than it had been for hunter-gatherers. Their bones show evidence of dietary stress: they were shorter, they were sicker, their mortality rates were higher. Living in close proximity to domesticated animals led to diseases that crossed the species barrier, wreaking havoc in the densely settled communities. Scott calls them not towns but “late-Neolithic multispecies resettlement camps.” Who would choose to live in one of those? Jared Diamond called the Neolithic Revolution “the worst mistake in human history.” The startling thing about this claim is that, among historians of the era, it isn’t very controversial.

The other conclusion we can draw from the evidence, Scott says, is that there is a crucial, direct link between the cultivation of cereal crops and the birth of the first states. It’s not that cereal grains were humankind’s only staples; it’s just that they were the only ones that encouraged the formation of states. “History records no cassava states, no sago, yam, taro, plantain, breadfruit or sweet potato states,” he writes. What was so special about grains? The answer will make sense to anyone who has ever filled out a Form 1040: grain, unlike other crops, is easy to tax. Some crops (potatoes, sweet potatoes, cassava) are buried and so can be hidden from the tax collector, and, even if discovered, they must be dug up individually and laboriously. Other crops (notably, legumes) ripen at different intervals, or yield harvests throughout a growing season rather than along a fixed trajectory of unripe to ripe—in other words, the taxman can’t come once and get his proper due. Only grains are, in Scott’s words, “visible, divisible, assessable, storable, transportable, and ‘rationable.’ ” Other crops have some of these advantages, but only cereal grains have them all, and so grain became “the main food starch, the unit of taxation in kind, and the basis for a hegemonic agrarian calendar.” The taxman can come, assess the fields, set a level of tax, then come back and make sure he’s got his share of the harvest.

«

Also in the piece: we don’t give our forebears enough credit for their innovations. Principally, the adoption and use of fire.
link to this extract


Essential Phone review: Essentially okay • Android Police

David Ruddock:

»

The biggest potential deal breaker is the camera, which is considerably below average. Shutter lag is huge, and focusing takes too long. Photos often have washed out colors, poorly managed exposure, and HDR mode makes almost no difference in image quality (but it does slow the camera down even more). There are phones with better cameras that cost much less (like the OnePlus 5). The Pixel or Galaxy S8 absolutely blow the Essential Phone out of the water when it comes to photo quality. Those phones only have one camera, too. The Essential Phone’s secondary monochrome sensor is supposed to sharpen photos, but I can’t say if it’s doing any good. What I can say is Essential needs to work on its image processing algorithms.

Essential is doing some fascinating stuff with the hardware, and I definitely want to see more from the company. However, I don’t think spending $700 on this device is a good idea.

«

link to this extract


IPad Pro: Apple quietly hikes the price • CNBC

Todd Haselton:

»

Apple quietly increased the price of the 256GB and 512GB versions of its 10.5-inch and 12.9-inch iPad Pro tablets.

The price change was first spotted by the blog MacRumors.

Prior to Tuesday’s Apple rollout, consumers could purchase the 256GB and 512GB 10.9-inch iPad Pro for $749 and $949, respectively. Those models now cost $799 and $999, respectively. The 12.9-inch iPad Pro saw its 256GB and 512GB models increase by $50 to $949 and $1,149, respectively, with the latter nearing the price of a MacBook.

The price of the 64GB version of both iPads remains unchanged.

«

It raised the prices on last year’s iPhones too. So this is surely about memory – prices have rocketed in the past year or so.
link to this extract


The one wireless speaker you won’t ever want to hide from view • Bloomberg

»

Master & Dynamic, the three-year-old New York startup, has quickly made an impression among aficionados for its headphones and earbuds. It also has a way with collaborations, including standouts with the Rolling Stones, Bamford Watch Department, and Leica Camera. Now, for its first venture into the world of speakers, Master & Dynamic has enlisted Sir David Adjaye, whose National Museum of African American History and Culture opened in Washington last year. The architect upends the category with the MA770, a striking 35-pound, 16-by-20-inch countertop unit made of concrete composite.

«

Look at the picture and you will agree with me that not only will you want to hide it from view, you will not want to spend money on it nor bring it home.
link to this extract


Sony and Samsung pressure Huawei’s growth in Europe • Kantar Worldpanel

Dominic Sunnebo on the three months to the end of July 2017, according to Kantar’s longitudinal buyer panel (which looks at shifts in ownership, not pure sales numbers):

»

The renewed focus by Sony and Samsung on their successful entry-level models put more pressure on Huawei in Europe, as its share fell in Spain and Great Britain. However, gains in Germany and Italy helped Huawei’s EU5 share grow to 14.6% in the three months ending July, up from 12.4% one year earlier.

In the USA, Samsung remained in the top spot during the three months ending in July with a 36.2% share, with Apple close behind at 34.1%. The growth rates of the two brands are almost exactly matched at 2.5% for Samsung and 2.6% for Apple. The iPhone 7 was the top-selling handset during the period at 12.6% of sales, while the newer Samsung Galaxy S8 stood at 8.8%.

“Apple’s US growth is very impressive, given that an all-new iPhone is expected to be announced on September 12, and should become available for purchase later in the month,” Sunnebo added.

Apple saw something of a rebound in Urban China in the July data period, with share +5.1%pts to 19.3%. The large screen iPhone 7 Plus was the top selling device in Urban China in the month of July, the first time the Plus version has outsold the smaller screen iPhone 7.

«

link to this extract


South Korean companies start to make investments again for Apple’s OLED iPhones • ET News Korea

Yun Keonil:

»

South Korean companies started making second investments in order to supply their products to Apple for its OLED iPhones.. Because Apple is planning to double the amount of models that will be equipped with OLED displays in 2018 after releasing its first OLED iPhones this year, many Smartphone part manufacturers started extending their production facilities. It is heard that Apple is planning to produce up to 170 million OLED iPhones in 2018 after producing about 70 million OLED iPhones this year. If current Smartphone part manufactures obtain entire orders of increased supply, Apple’s sales will jump by about 140%. It is predicted that its sales will jump up to 100% even if reduction in unit cost due to increase in supply is considered. Billions of dollars worth of trickle down effect is expected as Apple is set to release more OLED iPhones.

«

70m iPhone Xs in 2017 is a lot of iPhone Xs.
link to this extract


Apple’s iPhone X: wait for the reviews • The Verge

Vlad Savov raises (but sensibly doesn’t try to answer) many valid questions, such as “how good is the new swipe-based interface?” and “will the glass back hold up over the long run?”:

»

Many of today’s questions about the iPhone X are inherent in Apple’s premise of this being the phone of the future. Of course the day-one iPhone X apps will be mere adaptations of iPhone apps that were built for different screens, devices, and interaction paradigms. You can’t expect those to be superior right away, but the idea is that the new UI and taller, bezel-starved screen will eventually pay off in a better overall user experience. The same goes for Face ID and the hardware tweaks designed to facilitate useful things like wireless charging.

If you ask Apple, the company will probably tell you that the iPhone X is its no-compromise vision for what a phone should be. I look at things a little differently. The sensor-laden notch at the top of the iPhone X’s screen is an apt metaphor for the compromises Apple had to make: it spoils the perfect all-screen front just a little bit, representing the eternal struggle to balance aesthetic and technical requirements in a thoughtful way. How well the iPhone X strikes that balance is an open question right now. And that’s what makes me wary to reach conclusions until at least the first reviews come in.

«

This is absolutely the right approach. And even initial reviews won’t answer this, because they’ll be about having used the phone for a week or so. This is going to be a long haul. (Thanks RG for the link.)
link to this extract


Smartphones are driving all growth in web traffic • Recode

»

Smartphones are driving all growth in U.S. web traffic, while tablets and computer web access has declined, according to new data from Adobe Analytics.

Screenshot 2017 09 13 06 47 29

Since January 2015, there has been a 68% increase in smartphone web traffic in the U.S., while desktop and tablet both saw declines. Overall, web traffic has been pretty much flat, according to Adobe’s Media & Metrics report that was released Monday. Adobe tracked more than 150 billion visits to or launches of 400 large company sites and apps since January 2015, using anonymous and aggregated data from companies on Adobe Experience Cloud.

«

This is change rather than total, but it’s still dramatic. -30% for desktops/laptops, -16% for tablets.
link to this extract


I calculated the average face of a UK Member of Parliament and here’s what I found • Medium

Giuseppe Sollazzo:

»

The UK Parliament Digital Service has recently released an archive of official portraits of MPs shot by photographer Chris McAndrew (under a CC BY licence! Open Data, yay!) As I’m playing with image manipulation and Machine Learning to train a cohort of medical researchers, I thought the portraits would make an excellent test of what’s possible in the wild.

Using Machine Learning on faces has recently been subject of controversy, when researchers at Stanford University developed an algorithm that detects whether the face in a photo belongs to a gay person. Steering away from controversy, I thought that it would be interesting to find out what the average MP looks like. There has been a good deal of research on this concept, some of which is rather catchy. In 2015 the Guardian reported that we tend to find average faces the most attractive. I’m not sure this applies to MPs (and let’s avoid all jokes about average, i.e. centrist, faces), but here we go.

«

Here you go:

As he observes: quite like Cameron. But he then breaks it down into political parties, which gives some nuance.
link to this extract


How my doppelgänger used the Internet to find and befriend me • Splnter News

Kashmir Hill:

»

My first reaction was, “Whoa. This is creepy.” When I showed it to colleagues and friends, they had the same reaction. Not only did she look a lot like me, but she had obviously gone to some trouble to stage a photo in the same pose as my Google Plus profile photo.

She explained in the email that she and her two young sons had been eating at a “Smashburger” in her hometown of Phoenix when three “well-dressed gentlemen” approached her and one said, “I hope this doesn’t sound too weird but does your name happen to be Kashmir?” When she said no, he showed her a photo of me that he’d pulled up on his smartphone; she was shocked by the likeness. They told her I was a big name in what sounded like “bit con” to her. When she got home, she tried to find me by Googling variations of “Cashmere” and “bit con” with no success. Then she asked Facebook for help. A friend of hers who knew people interested in Bitcoin quickly figured out who I was and posted a photo of me that Leigh was convinced was her, until she realized she had never owned the shirt I was wearing. “Mind blown,” one of her Facebook friends commented. “It’s like the twins separated at birth from a soap opera,” said another.

After deciding that this person probably wasn’t planning to murder me and take over my life, I emailed back about the uncanny likeness, and asked if she wanted to meet or videochat to see if we looked as much alike when our faces were moving. So we arranged a FaceTime meeting to compare faces. We both felt like looking alike meant we had to meet for some reason.

«

This is from 2015. Now, of course, we want Kashmir and her kinda-double to try out Apple’s iPhone X face recognition to see if it can tell the difference. (My guess: it will.)
link to this extract


Google responds to Apple’s Intelligent Tracking Prevention with AdWords tracking update • Search Engine Land

Ginny Marvin:

»

In short, with ITP, third-party cookies that are determined to be able to track users across sites can only be used for 24 hours from the time a user visits a website via Safari. After 24 hours, the third-party cookies can only be used for log-in purposes. The cookies are purged entirely after 30 days.

This means that unless a user converts within 24 hours of last visiting an advertiser’s site after clicking an AdWords ad, for example, the conversion attribution will be lost. With Safari accounting for nearly 50% of mobile web traffic share in North America, ITP has the potential to wreak havoc on mobile ad conversion attribution.

«

This sounds arcane (ok, it is quite arcane) but for Google, it has the ability to (as the article says) wreak havoc on the satisfaction of advertisers. (Not people on the web.) In essence, Google and Apple are still fighting a guerilla battle over pervasive tracking.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: Apple Pay on iPhone X, Russia’s fake Americans, Yelp accuses Google, and more


Apple’s new iPhone has a big screen. Not quite that big. Photo by Mark Gregory007 on Flickr.

A selection of 10 links for you. Priced to sell. I’m @charlesarthur on Twitter. Observations and links welcome.

The fake Americans Russia created to influence the election • The New York Times

Scott Shane:

»

Sometimes an international offensive begins with a few shots that draw little notice. So it was last year when Melvin Redick of Harrisburg, Pa., a friendly-looking American with a backward baseball cap and a young daughter, posted on Facebook a link to a brand-new website.

“These guys show hidden truth about Hillary Clinton, George Soros and other leaders of the US,” he wrote on June 8, 2016. “Visit #DCLeaks website. It’s really interesting!”

Mr. Redick turned out to be a remarkably elusive character. No Melvin Redick appears in Pennsylvania records, and his photos seem to be borrowed from an unsuspecting Brazilian. But this fictional concoction has earned a small spot in history: The Redick posts that morning were among the first public signs of an unprecedented foreign intervention in American democracy.


A Facebook post, by someone claiming to be Melvin Redick, promoting a website linked to the Russian military intelligence agency G.R.U. Credit The New York Times

The DCLeaks site had gone live a few days earlier, posting the first samples of material, stolen from prominent Americans by Russian hackers, that would reverberate through the presidential election campaign and into the Trump presidency. The site’s phony promoters were in the vanguard of a cyberarmy of counterfeit Facebook and Twitter accounts, a legion of Russian-controlled impostors whose operations are still being unraveled.

«

This is quite an investigation, done by the NYT with FireEye.
link to this extract


Screw my iPhone, I just want the new Apple Watch • Fast Co Design

Jesus Diaz:

»

This is a tiny device that I can wrap around my wrist to connect me to other people beaming signals through space without having to look like too much of a douchebag. I can take it with me at all times without worrying about it getting dropped or stolen. I use it to do everything I do with my iPhone except take photos and videos. I can access all the music I have in the cloud and listen to it in my AirPods. And it has new, enhanced heart monitoring software–the icing on the cake that will alert me when I have a heart attack on my way from the sofa to the fridge to lick the actual icing on the actual cake that is waiting for me right now.

Can I ditch my iPhone and live with an Apple Watch Series 3? Yes, if it truly works as advertised, I think I can. Like me, I suspect millions will look at this watch as an alternative to their phones–if not as a complete replacement, at least as a replacement for a large part of their day. The phone is still better for things that require concentration, like extensive writing, reading, or viewing large photos and videos. But I only do those things for work, and only on very specific occasions.

«

Alas, US carriers are pricing the data plan for the new Watch at $10/month – which is a ripoff. Consider: when you’re using the Watch, you’re pretty much certainly not using your phone, so you’re not using data on it. And you’d have to be going some to use any appreciable amount of data on the Watch. US carriers are greedy. (Three-month free trials don’t solve anything. Drug dealers do the same.)

One can hope for better in the UK and elsewhere. The first partner will be EE; don’t expect that to be cheap either. Competition is needed from those who realise the marginal benefit of really cheap data plans.

Diaz’s broader point, about the shift to smaller screens, is worth considering.
link to this extract


Face ID on the iPhone X is probably going to suck • Ars Technica

Ron Amadeo:

»

Face ID on the iPhone X uses a “TrueDepth” camera setup, which blasts your face with more than 30,000 infrared dots and scans your face in 3D. Apple says this can “recognize you in an instant” and log you into your phone.

None of that matters. Face ID is still going to suck.

This is not the first phone we’ve tried with a facial recognition feature, and they all have the same problem. It doesn’t matter how fast or accurate Face ID is, the problem is the ergonomics: you need to aim it at your face. This is slow and awkward, especially when compared to a fingerprint reader, which doesn’t have to be aimed at anything.

Consider the “taking it out of your pocket” use case: If you’re good, you’ll stick your hand in your pocket and grip the phone so your finger lands on the fingerprint reader. Touch ID works as both an “on” button and an “authentication” button. In one touch, you’ve turned on the phone and logged in. You haven’t even fully taken the phone out of your pocket yet, and it’s already on and unlocked. By the time you bring the phone to your face, the unlock process is finished and you’re looking at the home screen.

To use the iPhone X’s Face ID, you have take the phone out of your pocket, lift it up to your face, swipe up to turn it on, and only then can can you start the unlock process. The difference is probably one or two seconds, but for something you do 80 times a day, having the fastest possible unlock system really matters.

Consider authenticating with Apple Pay. With a fingerprint reader, you can slam your iPhone on the credit card terminal while holding your finger on the Touch ID button, and everything will just work. You’re continuously authenticating and beaming credit card data at the same time, which is easy, intuitive, and hard to mess up. According to Craig Federighi’s Face ID demo during the keynote, you now have to open up Apple Pay first, then aim the phone at your face so Face ID can work. Only then can you tap against the credit card terminal. That’s two extra steps.

«

I’m pretty sure Ron wasn’t at the Apple event, so didn’t get hands-on time with the iPhone X. I was, and did. Apple Pay with facial recognition is a key question I’ve raised myself in the past, so asked for a demo.

The unlocking works at easy arm’s length; it’s not like Samsung’s formal version. It’s quick – probably as fast as the first-generation TouchID. For Apple Pay, you could double-click the side button while it’s in your pocket, pull it out, face unlock as you walk (towards a TfL terminal, say) and hold it to the reader. The pay system remains active for 60 seconds. Plus – an advantage – you don’t have to “end-hold” it, where it’s liable to fall or be knocked out of your hand; you’ll be holding it in your full hand grip.

Anyway, it should be fun to come back to this article in eight months’ time or so.
link to this extract


Apple’s iOS 11 makes it tougher than ever for cops to grab your data • WIRED UK

Andy Greenberg:

»

In recent versions of iOS, any iPhone plugged into an unfamiliar computer would ask the user if he or she was willing to trust that new machine before exchanging any data with it. That meant if cops or border agents were able to seize an unlocked iPhone or compel its owner to unlock a locked one with a finger on its TouchID sensor, they could simply plug it into a desktop via a cable in its lightning port, choose to trust the new machine with a tap, and upload its contents using forensic software like Elcomsoft or Cellebrite. (That’s particularly important because courts have found criminal suspects can’t plead the Fifth Amendment and refuse to offer their fingerprints, as they sometimes can with a password or passcode.)

But in iOS 11, iPhones will not only require a tap to trust a new computer, but the phone’s passcode, too. That means even if forensic analysts do seize a phone while it’s unlocked or use its owner’s finger to unlock it, they still need a passcode to offload its data to a program where it can be analysed wholesale. They can still flip through the data on the phone itself. But if the owner refuses to divulge the passcode, they can’t use forensic tools to access its data in the far more digestible format for analysis known as SQLite. “There’s a huge amount of data that can’t be effectively analysed if you have to look at it manually,” says Vladimir Katalov, Elcomsoft’s co-founder. “On my phone, I have more than 100,000 messages and several thousand call logs. The manual review of that data is not possible.”

«

In retrospect, an obvious move. This makes the iPhone even more secure against law enforcement – of all stripes.
link to this extract


The best utility apps for iOS • Initial Charge

Michael Rockwell:

»

On a recent episode of Mac Power Users, Katie Floyd and David Sparks discussed their favorite iOS utilities — simple little apps that do one thing really well. I thought I’d follow in their footsteps and publish a list of, what I consider to be, the best iOS utilities available.

«

If you use iOS, you’ll probably find something you like here. (Read it on your iPhone/iPad so the links work directly..) The “Unobstruct” content blocker for getting rid of floating social toolbars “and other unnecessary cruft” is probably a must-have.
link to this extract


Yelp claims Google broke promise to antitrust regulators • WIRED

Nitasha Tiku:

»

As part of the 2012 agreement, operators of other websites can opt out of having content such as photos or user-generated reviews scraped by Google for its own services, such as Shopping or Google+ Local. Yelp opted out and says that Google agreed to stop scraping Yelp content even before the formal agreement [with the FTC in 2012], in response to a cease-and-desist request to Google in July 2011.

Yelp suspected Google had resumed scraping after the owner of a North Carolina gym told Yelp that an image from a Yelp listing for another gym was showing up as its Google business listing. Yelp set up a test to see if Google was pulling images from its servers. Yelp says it found Google pulled almost 386,000 images from Yelp in an hour, and then used some of the photos in business listings in Google Maps. Yelp says it searched Google for 150 of those businesses and found that a Yelp photo was a lead image in Google’s Local OneBox—which shows a business’s location, phone number, and reviews—in 111 cases.

«

Google is the scorpion on the fox’s back crossing the river: its behaviour is fixed, even if it’s self-destructive. And the key part of that behaviour is scouring the internet for content. The company said “it did not intend” to use the images. Yelp says that 386,000 isn’t quite an accident.
link to this extract


There’s blood in the water in Silicon Valley • Buzzfeed

Ben Smith is Buzzfeed’s editor-in-chief:

»

The blinding rise of Donald Trump over the past year has masked another major trend in American politics: the palpable, and perhaps permanent, turn against the tech industry. The new corporate leviathans that used to be seen as bright new avatars of American innovation are increasingly portrayed as sinister new centers of unaccountable power, a transformation likely to have major consequences for the industry and for American politics.

That turn has accelerated in recent days: Steve Bannon and Bernie Sanders both want big tech treated as, in Bannon’s words in Hong Kong this week, “public utilities.” Tucker Carlson and Franklin Foer have found common ground. Even the group No Labels, an exquisitely poll-tested effort to create a safe new center, is on board. Rupert Murdoch, never shy to use his media power to advance his commercial interests, is hard at work.

“Anti-trust is back, baby,” Yelp’s policy chief, Luther Lowe, DM’d me after Fox News gave him several minutes to make the antitrust case against Yelp’s giant rival Google to its audience of millions.

The new spotlight on these companies doesn’t come out of nowhere. They sit, substantively, at the heart of the biggest and most pressing issues facing the United States, and often stand on the less popular side of those: automation and inequality, trust in public life, privacy and security. They make the case that growth and transformation are public goods — but the public may not agree.

«

The noise about making companies like Google and Facebook into “utilities” simply hasn’t been thought through. How do you enforce that, under what laws? How do you effect it in one country but not others? Would the US government own it? It’s bizarre. But the “New Center”, an idea from Americans who in Europe would be seen as solidly right-wing, proposes some sort of reform of antitrust to “deal” with the dominance particularly of Facebook and Google, but also Amazon. (They’re evidently a bit puzzled by Apple’s lack of obvious dominance in anything.)
link to this extract


Trump Inc: inside the president’s not-so-blind trust • Salon.com

Michael Tanglis:

»

Our current president has two jobs: leader of the free world and the owner of hundreds of business entities worldwide. The combination is toxic for democracy.

More than 70% of Trump’s businesses are incorporated in Delaware — a state known for anonymity and secrecy. There is often very little information on the Delaware business filings. And the ambiguity and imprecision of the federal financial disclosure form filed with the Office of Government Ethics makes it difficult to discern the detailed financial health of the president or his businesses.

For example, Trump is not required to disclose net income from his businesses (as opposed to gross revenue). This raises the prospect that Trump’s businesses may be hemorrhaging money in years that he reported hundreds of millions of dollars of income. Further, the disclosure guidelines allow Trump to report liabilities totaling just hundreds of millions when the real number may be in the billions.

Trump’s tax returns — which he has refused to release — would provide the detail needed to determine the extent of his conflicts of interest.

Throughout his business career, Trump has been a boom-and-bust businessman — filing for Chapter 11 bankruptcy protection 11 times. If his business approaches another bust moment while he is president, it is hard to imagine Trump — who has exhibited so little restraint both as a businessman and now as president — not succumbing to the temptation to use the powers of his office to benefit his private interests.

In many ways, the Trump presidency is the natural culmination of the decades-long stranglehold of wealthy individuals and corporations over public policy. But Trump has taken the standard model a step further: He has cut out the middleman — the lowly elected official — who by Trump’s own admission typically needed to be greased to make the whole process work. As president, Trump now has immense power to dictate policy and direct funds to his businesses, or to others who in turn can repay him through his businesses.

«

Delaware’s position as a way to hide business dealings is very peculiar. Trump’s dealings, though, really call into question how robust the US is.
link to this extract


Cognitive Hollywood, part 1: data shows box office economics in turmoil • Medium

Yves Bergquist on the suggestion that low Rotten Tomatoes scores lead to low box office takings in the cinema:

»

I collected box office return data through Box Office Mojo for all the 150 titles released in 2017 that grossed more than $1 million, plugged in Rotten Tomatoes Scores and Audience Scores for all titles, and looked at correlation between scores and financial performance through both a basic Pearson Product-Moment Correlation Coefficient (PMCC) analysis and some linear modeling to extract r-squares (which measure the strength of the correlation). PMCC measures the linear correlation between two variables x and y. It has a value between + 1 (100% positive correlation) and -1 (100% negative correlation, often called “inverse correlation”). The closer to 0 a PMCC score, the less correlation there is between x and y.

The result? Nope. The math is pretty overwhelming in saying there was no (positive or negative) correlation in 2017 between Rotten Tomatoes Scores and box office returns.

The data showed a very small statistical relationship between good or bad Rotten Tomatoes Scores and worldwide box office revenue for 2017 so far: 12% PMCC correlation, and a .009 r-square (meaning there is likely no statistical relationship between the two variables).

Even more surprising, the impact of Rotten Tomatoes scores on opening weekend box office seemed even lower: .08 PMCC score (only 8% correlation), and a -0.001 r-square.

That’s for all 2017 titles so far. What about the Summer titles, which the executives quoted by The New York Times complained about?

Nada.

«

So it’s not only “nobody knows anything” but also “and they’re wrong about it”. I’ve heard that social media on the first weekend is now a more important indicator of how box office will go.
link to this extract


Study finds Reddit’s controversial ban of its most toxic subreddits actually worked • TechCrunch

Devin Coldewey:

»

It’s an example of one of the objections made to the idea of banning troublesome users or communities: they’ll just go elsewhere, so why bother?

Researchers at the Georgia Institute of Technology took this question seriously, as until someone actually investigates whether such bans are helpful, harmful or some mix thereof, it’s all speculation. So they took a major corpus of Reddit data (compiled by PushShift.io) and examined exactly what happened to the hate speech and purveyors thereof, with the two aforementioned subreddits as case studies.

Essentially they looked at the thousands of users that made up CT and FPH (as they call them) and quantified their hate speech usage. They then compared this pre-ban data to the same users post-ban: how much hate speech they produced, where they “migrated” to (i.e. duplicate subreddits, related ones, etc.) and whether “invaded” subreddits experienced spikes in hate speech as a result. Control groups were created by observing the activity of similar subreddits that weren’t banned.

What they found was encouraging for this strategy of reducing unwanted activity on a site like Reddit:

• Post-ban, hate speech by the same users was reduced by as much as 80-90 percent.
• Members of banned communities left Reddit at significantly higher rates than control groups.
• Migration was common, both to similar subreddits (i.e. overtly racist ones) and tangentially related ones (r/The_Donald).
• However, within those communities, hate speech did not reliably increase, although there were slight bumps as the invaders encountered and tested new rules and moderators.

All in all, the researchers conclude, the ban was quite effective at what it set out to do…

«

Encouraging.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.