Start up: why startups fail, Apple’s patent reverse, Yahoo’s troll-finder, Swiftkey’s leaky data, and more

Battery APIs can give away information about you – and your situation. Photo by jhons2012 on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Autopsy: lessons from failed startups

It is what it says – a giant list of what they did and, if possible, where they went wrong. Good for whiling away some time in a VC’s waiting room.
link to this extract

Judge voids VirnetX’s $625.6 million Apple verdict; VirnetX plunges • Reuters

»A federal judge has thrown out a verdict requiring Apple Inc (AAPL.O) to pay VirnetX Holding Corp $625.6m for infringing four patents relating to Internet security technology, causing VirnetX’s share price to plunge.

VirnetX shares were down $1.93, or 44.6 percent, at $2.40 in Monday morning trading, after earlier falling to $2.14.

In a decision late Friday, U.S. District Judge Robert Schroeder in Tyler, Texas said it was unfair to Apple that two VirnetX lawsuits had been combined into a single trial.

He said jurors may have been confused by more than 50 references to the earlier case, though it contained “incredibly similar” issues, and deferred improperly to the prior jury’s findings when it found Apple’s liable for willful infringement.


VirnetX claims patents which it says are used in FaceTime and iMessage. So you can see how the outcome might be important to both it and Apple.
link to this extract

Battery Status readout as a privacy risk • Lukasz Olejnik

»Privacy risks and threats arise and surface even in seemingly innocuous mechanisms. We have seen it before, and we will see it again.

Recently, I participated in a study assessing the risk of W3C Battery Status API. The mechanism allows a web site to read the battery level of a device (smartphone, laptop, etc.). One of the positive use cases may be, for example, stopping the execution of intensive operations if the battery is running low.

Our privacy analysis of Battery Status API revealed interesting results.

Battery readouts provide the following information:

the current level of battery (format: 0.00-1.0, for empty and full, respectively)
time to a full discharge of battery (in seconds)
time to a full charge of battery, if connected to a charger (in seconds)
Those values are updated whenever a new value is supplied by the operating system

What might be the issues here?

Frequency of changes in the reported readouts from Battery Status API potentially allowed the monitoring of users’ computer use habits; for example, potentially enabled analyzing of how frequently the user’s device is under heavy use. This could lead to behavioral analysis.


And plenty more: if an app for a taxi-hailing service sees that you’re low on battery, you might be willing to accept a surge price. (It’s worth an A/B test at least.) That’s a situation where you don’t want such potential. More to the point: didn’t anyone at the W3C consider this when they created the API?
link to this extract

Yahoo has a tool that can catch online abuse surprisingly well • MIT Technology Review

Will Knight:

»Researchers are, in fact, making some progress toward technology that can help stop the abuse. A team at Yahoo recently developed an algorithm capable of catching abusive messages better than any other automated system to date. The researchers created a data set of abuse by collecting messages on Yahoo articles that were flagged as offensive by the company’s own comment editors.

The Yahoo team used a number of conventional techniques, including looking for abusive keywords, punctuation that often seemed to accompany abusive messages, and syntactic clues as to the meaning of a sentence.

But the researchers also applied a more advanced approach to automated language understanding, using a way of representing the meaning of words as vectors with many dimensions. This approach, known as “word embedding,” allows semantics to be processed in a sophisticated way. For instance, even if a comment contains a string of words that have not been identified as abusive, the representations of that string in vector space may be enough to identify it as such.

When everything was combined, the team was able to identify abusive messages (from its own data set) with roughly 90% accuracy.

Catching the remaining 10% may prove tricky.


link to this extract

‘We were wasting time churning out tweets’: The Economist guide to quality over quantity • Digiday

Lucinda Southern:

»On Twitter, the Economist has about a dozen accounts, split by region or topic — such as EconEurope, EconAsia, EconBizFin or EconSciTech — some with hardly any followers, whereas its main account has 15 million. “When we started doing social media a few years ago Twitter was very much a thing, so the number of accounts we started was very much supply driven,” Law told Digiday.

After an audit in March, the Economist found that more than 50% of their efforts was going into their secondary accounts, but was generating next to nothing in reach and traffic, she said. “We need to balance being lean, efficient and high quality, you can’t do that when you’re writing 15 tweets per article,” said Law, adding that more checks by staff are done on the copy now, and more checklists are in place.

Since then, that resource has been redirected to other, more relevant platforms. For instance, the EconAsia Twitter account has 33,000 followers and has been on Twitter since 2009 (this is substantially more than its EconChina account which has just 700 followers). After launching on messaging app Line the Economist has increased its follower count to more than 300,000 in less than six months, although more mainstream publishers like the BBC have grown following to nearly 1.5 million. Time spent writing for platforms like Tumblr and Pinterest, which weren’t getting much traction, has been redirected to Facebook, Twitter, Line, LinkedIn and YouTube.


Hadn’t heard of Line as a significant driver of social traffic before.
link to this extract

Here’s what top trend spotter Faith Popcorn sees for 2016 • Fortune

Eileen Daspin with an interview with Popcorn (who I hadn’t heard of, but sounds interesting):

»You think Americans binge-consume media—games, programming—as an escape?

They are seeking safety. We want to plug into somebody else’s story. It is escape, escape, escape. Look at Minecraft. Look at what they are building. They are building towns that are safes that have bars and guards with their own water systems. They plug in and they don’t want to get out.

Your perspective is very Brave New World.

People always say that about us. But most people don’t want their symptoms dealt with, they want to be transported to a whole new place. It’s not about flipping a switch in your brain and forgetting about Paris and forgetting about ISIS, it’s looking for things to create memories of happiness and peace as if they didn’t happen. It is altering the whole view. Its really fantasy.

How can marketers use this knowledge to reach consumers?

More and more, we are looking at micro-clans, really small groups that are ever smaller and more specific. The Internet has allowed us to target more specifically. We huddle with people who are more like us—either by their world views or what they collect or how many kids they have. We are creating family out of friends and any kind of grouping that makes us feels safe.


link to this extract

Joshua Topolsky, former Verge editor, raises funding for digital media venture • WSJ

Mike Shields:

»with The Outline, Mr. Topolsky said he is aiming to reach roughly 10 to 15 million users, most of whom come directly to his site. “This has to be a real brand,” he said. The site’s content will focus on three areas: power, as it relates to subjects like politics and business; culture; and the future. He said he’s aiming for a smart, influential readership.

The plan is to produce roughly 15 to 20 pieces of content a day, including text articles, more visual stories and video.

“I really want to move away from the impressions-based way of judging success,” he said. “We want to focus on the best way to tell a story. Digital media has millions of colors to paint with, and most of the time we only use like four.”

To help, he has hired 10 staffers, including journalists such as Aaron Edwards, formally of BuzzFeed News, and Adrianne Jeffries, who was most recently a managing editor at Vice. In addition, Mr. Topolsky has brought on Amanda Hale, formerly of the politics site Talking Points Memo, as head of revenue. The Outline staff may grow to 20 or 30 over the next few months, Mr. Topolsky added.


That’s a lot of staff to generate that comparatively small amount of content per day. The wish of attracting “smart, influential” readers is often made, and frequently abandoned in favour of just getting lots more readers to hit revenue targets.
link to this extract

Another media-stealing app found on Google Play • Symantec

Shaun Amiato:

»Last time we blogged about malware on Google Play that stole photos from Viber. Since then we’ve discovered another app on Google Play that is moving personal media files (photos and videos) off victims’ mobile devices and onto a remote server.

All your videos are belong to us
In the course of enhancing our Mobile Insight cloud-based features to identify apps that leak personally identifiable information (PII), we came across an app on Google Play that was clearly malicious. This app, ‘HTML Source Code Viewer’ by Sunuba Gaming, poses as a development tool, but actually posts files stored on the device in “/DCIM/Camera” and “/DCIM/100LGDSC/” (standard photo and video storage locations) to a web server hosted on A look on this server revealed a wealth of personal media files dating as far back as March, 2015. This personal media could be used for blackmailing, ransomware attacks, identity theft, pornography, and other forms of victimization.

Whois data for this server indicates that it’s hosted in Azerbaijan. The app had 1,000-5,000 downloads from Google Play when we discovered it, targets all versions of Android after and including Gingerbread, and uses the following permissions:

• android.permission.INTERNET (allows app to open network connections)
• android.permission.ACCESS_NETWORK_STATE (allows the app to access information about networks)
• android.permission.READ_EXTERNAL_STORAGE (allows the app to read from external storage)
• android.permission.WRITE_EXTERNAL_STORAGE (allows the app to write to external storage)

This is the second case of media-stealing malware we’ve profiled appearing on Google Play.


The problem remains Android’s outdated approach to permissions (can’t pick which you allow), which for the majority of Android users lags about four years behind Apple’s. If iOS had a longstanding flaw like this, you’d never hear the end of it.
link to this extract

Swiftkey app leaked users’ email addresses and phone numbers to strangers • Daily Telegraph

Cara McGoogan:

»SwiftKey has a database of words and phrases commonly typed by each of its users, which it uses to make suggestions as they’re typing. The app, which can read personal text such as emails, social media interactions and text messages, has access to sensitive information including regularly typed phone numbers, addresses, names and phrases.

One SwiftKey user, who works in the legal profession and asked to remain anonymous, found out their details had been compromised when a stranger emailed them to say that a brand new phone had suggested their email address when logging into an account online.

“A few days ago, I received an email from a complete stranger asking if I had recently purchased and returned a particular model of mobile phone, adding that not one but two of my email addresses (one personal and one work address) were saved on the phone she had just bought as brand-new,” said the user.


Swiftkey (bought recently by Microsoft) has disabled this sync. But – ouch. This is a bad mistake. Legal users in particular won’t come back.
link to this extract

Theresa May’s new government must renew the Government Digital Service’s political mandate • Huffington Post

Tom Watson:

»It is a classic Whitehall power grab carried out while the chaos caused by Brexit is still unfolding. While Cabinet members familiarise themselves with their new roles, the Government Digital Service (GDS) is under threat, with a Whitehall plan to undermine it already well advanced. Unless it’s stopped, a decade of digital progress in central government could be undone. The Home Office has already quietly removed its most senior digital leader and similar positions in the Cabinet Office, DWP and HMRC are reportedly under threat. The mandarin machine is taking advantage of the summer hiatus to launch a minor coup, with the Sir Humphreys of Whitehall effectively trying to repatriate powers to their respective departments. The new cabinet office minister, Ben Gummer, must not allow them to succeed.

The Government Digital Service was set up by the Coalition Government immediately after the 2010 general election with a simple but radical objective; to use the groundbreaking tools and techniques of the internet era to redesign public services around the citizens who use them. Until then, their interests had too often been subservient to government departments that habitually think and act in isolation. As a former Minister for Digital Engagement I’m glad it’s succeeded. According to the Treasury, it saved £4.1bn of public money in four years, and the digital approach it inspired helped transform Government services like the DVLA.


The GDS really took off after 2010 in the coalition under Francis Maude, an old-school Tory minister who knew how to get things done, and took no crap from civil servants. It would be a huge loss if his work, and Watson’s, were reversed: it would take us back to crappy big contracts which overspend and overrun.
link to this extract

Secrets of the Apple Store • Thrillist

Joe McGauley spoke to some people who worked years at the Apple Store. Many of the usual war stories, though there’s always entertainment like these:

»Lucas: “It’s very obvious when somebody is lying. Genii know what they’re talking about. The customer generally does not. Don’t try to bullshit somebody that knows the product inside out. Sometimes I found myself seeing people waiting in line before I even spoke to them and I’d think in my head ‘This guy is a bullshitter.’”

Tony: “I had a guy try to convince me that the liquid damage was some kind of E.T. fluid from when he was abducted [by aliens]. It was hard to keep a straight face during that.”

David: “One time we had a guy bring in a completely destroyed iPhone in a plastic bag. I mean this thing was 100% unrecognizable. He told us it wasn’t working right, so he took it out behind his house and shot it with a rifle because he was so fed up with the thing. We did not replace it.”

Lucas: “The most full-of-shit customer I ever had was a guy that came in and put a mutated, deformed iPhone in front of me and said ‘My phone isn’t working.’ I politely asked what happened. He explained that he had been talking on it, when suddenly the phone got very hot and started to burn his hand, so he threw it on the counter and it erupted into flames. I took the phone into the Genius Room to open it up… it clearly had been subjected to some type of liquid, and I returned to the Genius Bar to tell him. He responds with ‘Well yeah, it caught on fire, so I threw it in the sink and ran water over it.’ Right… I am quite certain that he dropped his phone in water and thought that the best idea was to dry it in the microwave.”


link to this extract

Errata, corrigenda and ai no corrida: Corrected spelling of Lukasz Olejnik’s name.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.