Macron’s team stayed ahead of the hackers – but only just. Photo by villenevers on Flickr.
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.
Did Macron outsmart campaign hackers? • The Daily Beast
»
Wikileaks jumped on the document dump, but didn’t seem to be familiar with the material in it. Responding to the Macron statement that some of the items were bogus, Wikileaks tweeted, “We have not yet discovered fakes in #MacronLeaks & we are very skeptical that the Macron campaign is faster than us.”
Ah, but there’s the rub. As reported by The Daily Beast, part of the Macron campaign strategy against Fancy Bear (also known as Pawn Storm and Apt28) was to sign on to the phishing pages and plant bogus information.
“You can flood these [phishing] addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out,” Mounir Mahjoubi, the head of Macron’s digital team, told The Daily Beast for its earlier article on this subject.
In the end, whoever made the dump may not have known what is real and what is false, which would explain in part the odd timing. After the disruptive revelations of the Democratic National Committee hacks in the United States, the public is conditioned to think that if there’s a document dump like this, it has to be incriminating. By putting it out just before the news blackout, when Macron cannot respond in detail, the dump becomes both the medium and the message.
«
Terribly odd how it’s only the candidates who support the continuance of existing western organisation who get hacked. Seems Macron’s team were one step ahead of that, though. One document was wonderfully fake: it referred to a bitcoin transaction on a block number that doesn’t yet exist. Didn’t stop the alt-right loons from celebrating what they thought it revealed. Fact-checking isn’t much of a thing nowadays.
link to this extract
The great British Brexit robbery: how our democracy was hijacked • The Guardian
»
The Electoral Commission has written to AggregateIQ. A source close to the investigation said that AggregateIQ responded by saying it had signed a non-disclosure agreement. And since it was outside British jurisdiction, that was the end of it. Vote Leave refers to this as the Electoral Commission giving it “a clean bill of health”.
On his blog, Dominic Cummings [campaign strategist for Vote Leave, the official Leave group] has written thousands of words about the referendum campaign. What is missing is any details about his data scientists. He “hired physicists” is all he’ll say. In the books on Brexit, other members of the team talk about “Dom’s astrophysicists”, who he kept “a tightly guarded secret”. They built models, using data “scraped” off Facebook.
Finally, after weeks of messages, he sent me an email. We were agreed on one thing, it turned out. He wrote: “The law/regulatory agencies are such a joke the reality is that anybody who wanted to cheat the law could do it easily without people realising.” But, he says, “by encouraging people to focus on non-stories like Mercer’s nonexistent role in the referendum you are obscuring these important issues”.
And to finally answer the question about how Vote Leave found this obscure Canadian company on the other side of the planet, he wrote: “Someone found AIQ [AggregateIQ] on the internet and interviewed them on the phone then told me – let’s go with these guys. They were clearly more competent than any others we’d spoken to in London.”
The most unfortunate aspect of this – for Dominic Cummings – is that this isn’t credible. It’s the work of moments to put a date filter on Google search and discover that in late 2015 or early 2016, there are no Google hits for “Aggregate IQ”. There is no press coverage. No random mentions. It doesn’t even throw up its website. I have caught Dominic Cummings in what appears to be an alternative fact.
«
This is a complex tale; Cadwalldr is wrestling with people who don’t want things to be known, and who seem to have done questionable things.
link to this extract
Global smartwatch OS market share by region, Q1 2017 • Strategy Analytics
»
Global smartwatch shipments at 6.2m units in Q1 2017 were up 48% YoY. Apple’s watchOS maintained the top spot with 57% market share. Tizen with 19% share took second place from Android Wear this quarter for the first time since Q4 2015. Android Wear vendors together accounted 18% share and took the #3 rank.
«
That makes it 3.5m Apple Watch units, Tizen at 1.2m, Android Wear 1.1m. My data from Google Play suggests only 0.6m or so Android Wear devices activated in that period, though possibly quite a few were connected to iPhones (where data isn’t easily available).
link to this extract
Phil Schiller on App Store upgrade pricing, Amazon Echo-like devices, Swift, and more • NDTV Gadgets360.com
»
Gadgets 360: With all the recent changes in the App Store, can developers expect to see upgrade pricing next?
Phill Schiller: The reason we haven’t done it is that it’s much more complex than people know, and that’s okay, it’s our job to think about complex problems, but the App Store has reached so many successful milestones without it because the business model makes sense to customers. And the upgrade model, which I know very well from my days of running many large software programmes, is a model from the shrink-wrapped software days that for some developers is still very important, for most, it’s not really a part of the future we are going.
I think for many developers, subscription model is a better way to, go than try to come up with a list of features, and different pricing for upgrade, versus for new customers. I am not saying it doesn’t have value for some developers but for most it doesn’t, so that’s the challenge. And if you look at the App Store it would take a lot of engineering to do that and so would be at the expense of other features we can deliver.
«
And on voice-driven assistants (re Google Home and Amazon Echo specifically: “My mother used to have a saying that if you don’t have something nice to say, say nothing at all”):
»
there’s many moments where a voice assistant is really beneficial, but that doesn’t mean you’d never want a screen. So the idea of not having a screen, I don’t think suits many situations. For example if I’m looking for directions and I’m using Maps, Siri can tell me those directions by voice and that’s really convenient but it’s even better if I can see that map, and I can see what turns are coming up, and I can see where there is congestion, I understand better my route, and what I’m going to do.
Or, for example, with photography, and one of the most popular reasons for our products is photography now, and photography requires a screen. So the idea of a device without a screen, well it’s not really useful for that whole category of photos that we all share.
«
Given that some are suggesting Amazon’s next iteration of the Echo will have a screen, this could get edgy. Except isn’t an Echo with a screen just… a tablet?
The point on pricing has lots of developers quietly agreeing.
link to this extract
One year later, Google’s vision of Android apps on Chrome has collapsed • Thurrott.com
»
Google originally promised that Android apps would be broadly available on Chromebooks by the end of 2016. And media reports throughout last year were perhaps overly positive about Google’s expected impact on Windows PCs and Macs. This was supposed to be game-changing.
To be clear, if Google can pull this off, Android apps on Chrome will indeed be disruptive, as I openly pondered a year ago in Can Google and Apple Pull the Plug on the PC Market? A June 2016 video described the wonders of this solution.
And then things got silent. As I wrote in January, in Still Waiting for the Chromebook Revolution that Never Came (Premium), Google’s late 2016 promise was smoke, and only a very slim selection of devices ever got Android app support, and then only in pre-release form.
The back-to-back releases of the Samsung Chromebook Plus and Chromebook Pro in early 2017 were supposed to turn things around. These Surface-like hybrid PCs offer touch screens and pens, and can be used like a traditional laptop or like a tablet.
There’s just one problem: Samsung has only released the Chromebook Plus so far, and this expensive device hasn’t moved the needle at all. The Pro, which features an ARM processor instead of an Intel processor, was delayed from March to April. And then to May.
And now we’re told that this new version of the device will ship sometime “this spring.” And according to many reports, the reason for the delay is, yep, you guessed it, that Google actually cannot figure out how to combine Android apps and Chrome OS. This attack that Google announced a year ago is effectively vaporware.
«
Fair comment, but if Google is taking the time to get this right, rather than rushing it out of the door half-done, that’s got to be a good thing.
link to this extract
Smartphone industry consolidation accelerated in Q1 2017 • Strategy Analytics
»
A huge number of second-tier “microvendors” are playing a meaningful role in the global smartphone market. However, industry consolidation is underway. The “top 30+” vendors worldwide, like OPPO, together grew +8% YoY in Q1 2017, in contrast, the next “top 100+” microvendors combined posted -8% YoY decline.
We believe supply constraint and component price hikes hurt microvendors’ performance over recent quarters. All microvendors together made up 11% of global smartphone volumes during Q1 2017. Microvendors, like Lefeng and Xiaolajiao in China, Reliance Jio in India and INNJOO in Africa, are growing faster than average. However, we tracked some small vendors have been pushed out of market over the past few quarters, due to lack of scale to counter price hikes.
«
“Microvendors” is a great word. But one can imagine them mostly being in China, and getting squashed there as the smartphone tide goes out a little. Europe and the US don’t offer much chance.
link to this extract
MediaRadar: YouTube lost 5% of top advertisers in April • CNBC
»
MediaRadar — which works with more than 1,600 publishers including The New York Times, BuzzFeed, and Bloomberg — uses artificial intelligence to track advertising and sells that data to companies.
The 5% were customers of Google Preferred, YouTube’s program for advertising on its top-tier videos. It is bought in an “upfront” style, meaning companies commit advertising money before programming runs. But that doesn’t mean they can’t back out.
“Securing ad space in advance is not a promise to run ads no matter what,” MediaRadar CEO Todd Krizelman said. “Advertisers and their agencies can immediately cancel or put campaigns on hold if they are worried about brand safety.”
Five% is not insignificant, but it would require more defections for the company to really feel the impact. Mizuho said if 10% of brands pulled their ads, it would decrease the company’s earnings per share by $0.15 cents this year or a little under 1% of the value.
(Google’s most recent earnings report, on April 27, would not reflect April’s decline in advertising since it covered the first quarter of 2017.)
Google did not respond to a request for comment.
«
You’d imagine if they’re the top 5% that they’d be bigger spenders than, say, the bottom 5%. Which in turn implies that it lost more than 5% of its revenues (assuming MediaRadar is correct). Which makes this a problem Google needs to get on top of – but the only way to do that might be to stop ads on some videos. That might increase CPMs (price per ad space), but will it increase revenue?
link to this extract
Google was warned about the mass phishing email attack six years ago • Motherboard
Lorenzo Franceschi-Bicchierai:
»
On October 4, 2011, a researcher speculated in a mailing list that hackers could trick users into giving them access to their accounts by simply posing as a trustworthy app.
This attack, the researcher argued in the message, hinges on creating a malicious application and registering it on the OAuth service under a name like “Google,” exploiting the trust that users have in the OAuth authorization process. OAuth is a standard that allows users to grant websites or applications access to their online email and social networking accounts, or parts of their accounts, without giving up their passwords. It is commonly used throughout the web, and typically shows up as a menu that lets you select which of your personal accounts (such as your Google or Facebook account) you want to use to sign into or connect to another service.
“Imagine someone registers a client application with an OAuth service, let’s call it Foobar, and he names his client app ‘Google, Inc.’. The Foobar authorization server will engage the user with ‘Google, Inc. is requesting permission to do the following,'” Andre DeMarre wrote in the message sent to the Internet Engineering Task Force (IETF), the independent organization responsible for many of the internet’s operating standards.
“The resource owner might reason, ‘I see that I’m legitimately on the https://www.foobar.com site, and Foobar is telling me that Google wants permission. I trust Foobar and Google, so I’ll click Allow,'” DeMarre concluded.
If that sounds really familiar, is because that’s pretty much exactly how someone tricked around one million people into giving up full access to their Google accounts to a malicious app named “Google Doc.”
«
Very good find. Nothing is really new under the hacking sun. This was probably rediscovered by the perpetrator last week, rather than filed away for reused. But Google should have noted it in the OAuth threat model – it was added, according to a later message in the thread.
link to this extract
Jeff Bezos explains Amazon’s artificial intelligence and machine learning strategy • GeekWire
Todd Bishop on what Bezos said at the Internet Association:
»
“Machine learning and AI is a horizontal enabling layer. It will empower and improve every business, every government organization, every philanthropy — basically there’s no institution in the world that cannot be improved with machine learning. At Amazon, some of the things we’re doing are superficially obvious, and they’re interesting, and they’re cool. And you should pay attention. I’m thinking of things like Alexa and Echo, our voice assistant, I’m thinking about our autonomous Prime Air delivery drones. Those things use a tremendous amount of machine learning, machine vision systems, natural language understanding and a bunch of other techniques.
“But those are kind of the showy ones. I would say, a lot of the value that we’re getting from machine learning is actually happening beneath the surface. It is things like improved search results. Improved product recommendations for customers. Improved forecasting for inventory management. Literally hundreds of other things beneath the surface.”
«
How a small group of pro-Corbyn websites built enormous audiences on Facebook • Buzzfeed
»
[Thomas] Clark doesn’t have much of an inside track on what’s going on in Westminster and he’s not even particularly aligned with any single political party – with the exception of holding strong anti-Tory views. In fact, he’s a thirtysomething part-time English tutor originally from the Yorkshire Dales who has never previously spoken to the media and was quite happy to keep a relatively low profile until BuzzFeed News got in touch.
He’s also, measured by Facebook shares per article in the first week of the election campaign, the most viral political journalist in the entire country.
Clark’s site, Another Angry Voice, is attracting a readership that most mainstream news sites would kill for. Despite still being hosted on an old-fashioned Blogspot account and relying on donations for funding, it’s reaching millions of people with a combination of endearingly homemade memes, Facebook-friendly headlines, and a regular output of relentlessly anti-Conservative takes on the news. Recent mega-viral hits include “How many of Jeremy Corbyn’s policies do you actually disagree with?”, “30 things you should know about the Tory record”, and “The systematic Tory abuse of disabled people”.
«
That thing about “the most viral political journalist” in the UK is where you should pause. Electoral results from the council elections saw Labour trounced and the Tories ascendant. Being a viral political journalist is nice, but there’s no evidence – if anything, this is counter-evidence – that it affects how people vote.
Waterson spoke to one Labour MP who despairs:
»
The Labour MP suggested the sites were the modern equivalent of “the six nutters who sell the Socialist Workers Party newspaper in any town centre” but they were being boosted by an online echo chamber.
“Both sides feed off each other like the drug dealer and the junkie,” they told BuzzFeed News. “Technology has given them the wider reach, though there’s no evidence that they are getting any more traction with the vast majority of normal, sensible people in this country.”
«
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 