Start Up: Facebook forces video sound, ransomware for power plants, VR slows, PewDiePie screws up, and more

Transport for London understands passenger movement inside stations better after tracking Wi-Fi use. Photo by tompagenet on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Internet Archive offers to host PACER data • Internet Archive Blogs

Brewster Kahle, founder of the Internet Archive:


The Internet Archive has long supported the efforts of the Free Law Movement to make the laws and edicts of government of the United States more broadly available. With our colleague Aaron Swartz and the efforts of numerous groups across the country including the Free Law Foundation and Princeton’s Center for Information Technology Policy, we host the RECAP repository of documents from the federal district courts.  Many of these public domain document were downloaded by users of the goverment’s PACER  system for $0.10 per page and uploaded to the Internet Archive. The RECAP repository is available for free, and in bulk, which is useful for researchers.

On Tuesday, February 14, the U.S. Congress will hold the first hearings in over a decade examining the operation of the PACER system. The hearing will be before the Subcommittee on Courts, Intellectual Property and the Internet of the Judiciary Committee in the House of Representatives. The Internet Archive was pleased to accept the committee’s invitation to submit a statement for the record and we have submitted the following, which includes an offer to host the PACER data now and forever to make the works of our federal courts more readily available to inform the citizenry and to further the effective and fair administration of justice.


Have I mentioned that I love the Internet Archive? Hope you contributed at Christmas. Needed now more than ever. And it would be great to have UK decisions filed in the same way. (Yes, there is, but one would like it all in the same place.)
link to this extract

Here’s what TfL learned from tracking your phone on the tube • Gizmodo UK

James O’Malley:


Perhaps the number one reason to do the trial was to better understand the journeys that people actually make on the Tube. At the moment, TfL [Trtansport for London, which operates the London Underground] can tell what station you started and ended your journey at based on your Oyster card – but it can’t tell how you got between two locations. It sometimes supplements this data with a Rolling Origins Destination Survey (RODS) to figure out specific routes, but this is done manually, which is expensive and time consuming.

So one immediately obvious benefit of the wifi data is being able to collect the same data much faster, on a larger scale, and for a fraction of the cost. If you look at the slide below, you can see how popular different routes between Liverpool Street and Victoria are.

So if you travel via Oxford Circus, you do the same as 44% of other people. If you lazily sit on the circle line you do the same as 26% of people making the same journey. And if you change twice – once at Holborn, then again at Green Park, then congratulations, you’re a psychopath.

According to one document, the inclusion of the Finchley Road to Wembley Park section of the Jubilee and Metropolitan lines (they run next to each other – the Jubilee just stops at more stations in between) was deliberately included in order to observe customer behaviour when there are two options where one is obviously faster than the other (It takes 5 minutes on the Met, 12 on the Jubilee).

TfL even checked if this data was accurate, by matching it up with actual train timetables, and was able to demonstrate how on one journey southbound down the Victoria Line they were able match the wifi data of one passenger and figure out which specific train they were travelling on.


And also useful for in-station monitoring – to identify crowd points.
link to this extract

Facebook’s autoplay videos will now play with the sound on • Recode

Kurt EWagner:


The videos you scroll past in your Facebook News Feed are about to include a new element: sound.

Facebook’s autoplay videos will soon play with the sound on, the company announced Tuesday, an expansion of a test the social network started last fall. As you scroll through News Feed on a mobile device, the sound will “fade in and out” as you come across videos, according to a company blogpost.

There are a few caveats. Sound will only play if you already have the sound turned on for your phone; if your phone is in silent mode, for example, the videos won’t play with sound. You can also opt out of this whole thing in settings if it bothers you.

It’s a small but notable change for the company as it pushes even further into video. As CEO Mark Zuckerberg explained on the company’s last earnings call, Facebook wants to be a video destination, not just a feed that also happens to have videos.


Is this being done because everyone wants the sound to play automatically when they scroll past a video? No. It’s user-hostile; it’s not about the best experience for the user, but to maximise revenue for the advertiser. The indifference of ad-funded tech companies to their users continues. Facebook, on its announcement page, insists that “After testing sound on in News Feed and hearing positive feedback, we’re slowly bringing it to more people.”

Notice that it doesn’t say who the “positive feedback” came from. Users? Or advertisers?
link to this extract

Proof-of-concept ransomware locks up the PLCs that control power plants • Boing Boing

Cory Doctorow:


In Out of Control: Ransomware for Industrial Control Systems, three Georgia Tech computer scientists describe their work to develop LogicLocker, a piece of proof-of-concept ransomware that infects the programmable logic controllers that are used to control industrial systems like those in power plants.

The researchers attacked two common PLC models (they found over 1,500 of these models, unprotected and available for attack online), and showed that they could create a “cross-vendor worm” that hopped from one kind of PLC to another. PLCs are notoriously insecure (they are known to fail to “properly authenticate programming log-ins”), so they had good reason to think they could penetrate the devices.

They argue that ransomware perpetrators stand to earn big returns by targeting PLCs, and recommend some pretty basic security countermeasures: changing default passwords, using a firewall, and running an intrusion-detection system.


*whistles happy tune*
link to this extract

YouTube cancels PewDiePie show, pulls channel from ad program • Variety

Todd Spangler:


Google’s YouTube has canceled the second season of PewDiePie’s reality show and pulled his channel from its premium advertising program after the Swedish-born vlogger’s prank involving an anti-Semitic slogan gained widespread notice.

The announcement from YouTube came just hours after Disney’s Maker Studios said it was terminating its relationship with PewDiePie, as first reported by the Wall Street Journal, over the same videos.

Last month PewDiePie, YouTube’s most-subscribed channel with more than 53 million followers, posted several videos detailing a stunt in which he paid two shirtless Indian men to make a video holding up a sign that said “Death to All Jews.”

PewDiePie, whose actual name is Felix Kjellberg, has insisted that his point was to critique of the absurdity of an internet service (in this case, he used Tel Aviv-based Fiverr) that enables someone to say or do something so outrageous for just $5. More than a month later, Maker and YouTube now have decided that he was out of bounds.

In a statement early Tuesday, a YouTube spokesperson said, “We’ve decided to cancel the release of ‘Scare PewDiePie’ season 2 and we’re removing the PewDiePie channel from Google Preferred.” Google Preferred is the internet giant’s advertising program for selling popular “brand-safe content” on YouTube.


Kjellberg seems to have moved into the “say things to garner attention” space, so one wonders which way this move by the grownups will shift him. Note though that his channel remains untouched – this was just Google’s show, not the individual videos.
link to this extract

Pricey virtual reality headsets slow to catch on • WSJ

Sarah Needleman:


When RocketWerkz Ltd. released one of the first videogames for virtual reality last spring, developers at the New Zealand studio were hopeful it could break even—maybe even turn a profit.

Neither happened. Its $20 strategy game, “Out of Ammo,” has recouped only about 60% of the roughly $650,000 it cost to create, according to Dean Hall, the company’s chief executive. For now, RocketWerkz is going back to making traditional computer games.

Proponents have heralded virtual reality, or VR, as the next big step in computing. But while less costly VR goggles that rely on smartphones have sold well, sales of costlier headsets that tether to powerful computers or videogame machines haven’t lived up to the hype.

That has prompted some developers to reconsider VR.

“The future of virtual reality is very bright, but in the short term it’s not where we see ourselves,” Mr. Hall said. “The return on investment is not enough for us.”

Voyager Capital in 2015 invested $100,000 in Envelop VR, whose software let users in VR interact with traditional desktop apps. The startup closed its doors in January despite raising more than $5 million, according to Erik Benson, a partner at Voyager.


Calculations are that last year headset sales generated about $1.5bn on 2.2m units (leader being Sony with 0.75m), and this year $2.75bn. People aren’t thrilled about the idea of strapping something to their face. It’s Google Glass with a mask on.
link to this extract

Google Daydream hasn’t done anything to fix VR’s biggest problem – it’s just not very good (opinion) • Android Police

David Ruddock:


Today, I uninstalled the Daydream app from my Pixel XL, because I hadn’t used it in nearly three months. When I reviewed the experience in November last year, I had the sneaking suspicion this is where I’d end up. Not because I felt Daydream was uniquely lacking in some way, or even that the sparse content ecosystem would quickly be depleted through my use. It’s because the exact same thing has happened with every Samsung Gear VR I’ve been sent to evaluate over the years. And Gear VR’s Oculus Store has tons of stuff – hundreds of experiences, games, 360-degree videos. But after a week or so, I never returned to my Gear VRs, and I never missed them. (And don’t let Gear VR’s amazing shipment numbers fool you – those were largely free headsets, and I will bet you dollars to dimes almost all of them just collect dust.)

Far more so even than smartwatches, I think, mobile virtual reality is a solution desperately in search of a problem. And it doesn’t help that the solution isn’t even very good. Low effective viewfinder size, massive power drain on the connected phone, relatively modest 3D rendering capabilities, and intense heat generation on the connected device are all, at the end of the day, practical problems with practical solutions. We can fix these things. What we cannot fix is something that eats at me every time I try one of these products: What, exactly, is it we’re supposed to gain from this experience?


For Ruddock to be even more down on VR than on smartwatches means he’s *really* down on it.
link to this extract

Login to Your Account • British Gas

This is not a story as such, but I think it is an example of a dark pattern (malevolent work by companies to make you do things you don’t want to online). If you’re a British Gas customer and want to submit a correct reading for a meter, rather than their inflated estimates, the paper bill with the estimate tells you to follow the link ““.

That brings you to this page – which asks you to “log into your account”, or if you don’t have one, to create it. But the condition of creating an account is that you consent to never receiving paper bills again.

Some people, however (I’m one) like receiving paper bills, because email is a flood, whereas a paper bill is hard to ignore or overlook, easy to examine, and simple to compare with its siblings. So what’s the answer? How do you submit a meter reading without giving up on paper?

The page doesn’t tell you. There’s no link on it to do so. Such a page does exist, but it’s buried away in “Help and Support” – and not the “Help and Support” page linked at the top of this one, but a different one.

This is absolutely classic: an example of a big company where the website grows out of control. But behind it all is the desire to capture peoples’ data and make them stop doing something they want, in favour of what the company wants.
link to this extract

This cunning, months-in-the-making phishing campaign targeted dozens of journalists, activists • Motherboard

Joseph Cox:


Safeena Malik is not a real person. Despite having a Twitter feed created in December 2014, a fully fleshed-out LinkedIn with over five hundred connections, and a Facebook account where she reposts innocent viral videos, this supposed UK university graduate is an elaborate ploy in a large scale hacking operation, according to a new report from Amnesty International.

Throughout 2016, those behind the Malik identity have tried, and in some cases succeeded, to break into the Gmail accounts of journalists, labor rights activists and human rights defenders, particularly those with a focus on Qatar. But the attention to detail, the persistence, and the long-game approach of these hackers stands heads and shoulders above other phishing campaigns.

“In this case, the attackers have literally engaged with targets for months
and attempted multiple times with different tactics and baits,” Claudio Guarnieri, a technologist at Amnesty International, told Motherboard in an online chat.

“I am doing research about human trafficking. Can you help in this. I want to share my research with you. Can you guide me in this?” one of Malik’s emails, sent to a target on August 29, 2016, reads. The message doesn’t ask targets to download a file, but to take a look at a document stored on Google Drive. When clicked, the victim is directed to a login screen that looks identical to Gmail’s legitimate one, and which has even been pre-configured to display the specific target’s profile photo.

It is not clear who was behind these attacks, however. Because the hackers focused on activists working on issues in Qatar, Amnesty believes the campaign may have been carried out by a state-sponsored actor. The hackers logged into some of the stolen accounts from an IP address related to Ooredoo, an internet service provider with headquarters in Doha, Qatar, the report adds. The Qatari government denied any involvement in the phony Google pages, according to a statement given to Amnesty.


The point about the preconfigured display of the target’s photo suggests this is much more than the average script kiddie gang.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.