Start Up: US medical data abuse, $1m ransomware!, Mexico’s text spyware, iPhone app bloat, and more

A neural network can detect asymptomatic atrial fibrillation via Apple Watch heart monitoring. Photo from Nottingham Vet School on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Happy almost-solstice. I’m @charlesarthur on Twitter. Observations and links welcome.

How a company you’ve never heard of sends you letters about your medical condition • Gizmodo

Kashmir Hill and Surya Mattu:


In the summer of 2015, Alexandra Franco got a letter in the mail from a company she had never heard of called AcurianHealth. The letter, addressed to Franco personally, invited her to participate in a study of people with psoriasis, a condition that causes dry, itchy patches on the skin.

Franco did not have psoriasis. But the year before, she remembered, she had searched for information about it online, when a friend was dealing with the condition. And a few months prior to getting the letter, she had also turned to the internet with a question about a skin fungus. It was the sort of browsing anyone might do, on the assumption it was private and anonymous.

Now there was a letter, with her name and home address on it, targeting her as a potential skin-disease patient. Acurian is in the business of recruiting people to take part in clinical trials for drug companies. How had it identified her? She had done nothing that would publicly associate her with having a skin condition.


You won’t like how they did this – though it points to the US’s terrible lack of protections for data, and its larcenous healthcare system (on which more below).
link to this extract

Web hosting provider pays $1 million to ransomware attackers • SecurityWeek.Com

Ionut Arghire:


South Korean web hosting company Nayana agreed to pay $1 million in Bitcoin after a ransomware attack hit 153 Linux servers.

The attack took place June 10 and resulted in over 3,400 business websites the company hosts being encrypted. According to the Nayana’s initial announcement, the attacker demanded 550 Bitcoins (over $1.6 million) to decrypt the infected files. Following negotiations, they lowered the ransom demand to 397.6 Bitcoins (around $1.01 million).  

The payments, the company announced, will be made in three batches, and the attackers will decrypt the affected servers accordingly. Two payments were already made, and the company is currently in the process of recovering the data from the first two server batches.

The ransomware used in this attack, Trend Micro reveals, was Erebus, a piece of malware that was initially spotted in September 2016 and which was already seen in attacks earlier this year, when it packed Windows User Account Control bypass capabilities.

Apparently, someone ported the ransomware to Linux and is using it to target vulnerable servers. Running on Linux kernel, which was compiled back in 2008, Nayana’s website is vulnerable to a great deal of exploits that could provide attackers with root access to the server, such as DIRTY COW, Trend Micro notes.


“Dear customer, a review of our ongoing costs means that regrettably we are having to raise hosting prices…”
link to this extract

Using texts as lures, government spyware targets Mexican activists and their families • The New York Times

Azam Ahmed and Nicole Perlroth:


Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.

The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police. The spying even swept up family members, including a teenage boy.

Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.


You can’t control how it’s used once it’s sold.
link to this extract

The founder of Pinboard on why understanding fandom is good for business • The Verge

Kaitlyn Tiffany with the interview:


Q: Pinboard for a while had this competition with Delicious as a main part of its brand — on Twitter, you wrote a lot of jokes about Delicious, lots of taunts aimed at Yahoo or AVOS — now that that’s over, who’s next?

Maciej Ceglowski: Yeah, it’s really weird for me, because especially at the outset I felt like I was a flea on the elephant. I was trying to suck a few dozen customers away from this enormous Yahoo-funded giant and the idea that I could not just compete with this site, but actually buy it, never entered my mind. So I’m in a bit of a Twilight Zone feeling.

I feel like I won the war so thoroughly that I don’t really know what to do next. I would love to take down Pocket and I would love to take down Diigo. Pocket is losing a lot of money, and Diigo is kind of a strange, weird longterm competitor. Actually, I think there’s room for a lot of different bookmarking sites and I like that there’s competitors, I hope that they stick around.

There’s all these little niche areas in bookmarking that I want to see be occupied by people like me, who are just kind of living from it. There are a lot of ways you can earn a living but there’s not a lot of ways you can make millions. Unfortunately what ends up happening is that people start with a niche, but then they decide they want to grow the business to be like Pinterest and that never seems to work, maybe once in a decade.


And the thing that gave him leverage? AVOS, which bought Delicious from Yahoo, didn’t realise how important the “/” symbol was in bookmarking fan fiction.

Pocket ought to be worried, though.
link to this extract

How we spend $3,400,000,000,000 • The Atlantic

T.R. Reid:


Last year, America’s total medical costs hit a new record of $3.4 trillion, according to the federal government. That’s about 18% of the country’s total GDP, meaning that one out of every six dollars we spent in 2016 went to health care. The national doctor bill dwarfs anything else we spend money on, including food, clothing, housing, or even our mighty military.

If that $3.4 trillion were spread equally throughout the population, the bill would come to some $10,350 for every man, woman and child in the country. But fortunately –for most of us, anyway—the cost of health care is not equally distributed. Rather, a small number of Americans run up most of the expense. The biggest medical costs are concentrated on a fairly small segment of the population—people with one or more chronic illnesses, plus victims of accidents or violent crime. The cost is so concentrated, in fact, that an estimated 5% of the population accounts for 50% of total medical costs…

…For most people, the vast majority of all the health care they’ll ever get comes near the hour of death. Hundreds of billions of dollars each year are spent treating Americans who are in the last weeks, or days, of life.


This is slightly – though only slightly – misrepresented. Lots of costs go on people who die soon after. But what about the people who have lots spent on them and live for many more years?

The article then looks at how the UK does it, through NICE, which recommends whether particular (costed) treatments are worth it. One gets the impression that there’s a certain amount of reflection going on over America’s health care right now.
link to this extract

The size of iPhone’s top apps has increased by 1,000% in four years • Sensor Tower

Randy Nelson:


As you can see in the chart below, while none of the top 10 apps—which include Facebook, Uber, Gmail, Snapchat, Spotify, Messenger, Google Maps, YouTube, Instagram, and Netflix—are larger than a few hundred megabytes individually, they all began to increase in size after Apple raised the maximum app size to 4 GB in February 2015.

Before this point, apps were limited to a maximum of 2 GB, with the core executable capped at 100 MB of that (the latter is still the case). Of course, apps can take up additional storage on a user’s device; Apple’s limit applies to what can be initially downloaded from the App Store. For the purposes of our analysis, we only looked at the core app size, not the total storage footprint of an app plus additional content.

Also noticeable above is a further acceleration in app size increase following the September 2016 rollout of iOS 10, but as we’ll get to in the next section, there’s a more specific reason for a lot of this growth among the top 10 apps in particular.


Ah, but can you guess which one has increased more than 50 times in size since May 2013? And meanwhile, minimum storage size for the iPhone has only doubled.
link to this extract

Silicon Valley could be next target for Trump-style nationalism • Axios

Mike Allen:


The Bannon wing of the White House would like to take on the lords of the Valley now over outsourcing, the concentration of wealth and their control over our data and lives. But this fight is on hold for a later date, officials tell us.

The bigger problem for tech is that many Americans are rethinking their romantic views of the hottest and biggest companies of the new economy. As people look for villains to blame, tech might get its turn:

• Some shine has come off Facebook (though not in user data, Dan Primack points out: People still love the service), as executives fend off grievances about fake news, live violence and the filter bubble.

• Silicon Valley makes itself a juicy target with its male dominance, concentration of wealth (in both people and places), and reliance on foreign workers.

• Robots will soon be eating lots of jobs, with working-class, blue collar workers — an engine of the Trump coalition — at the most immediate risk. Many think this will be the story of the next 10 years.

• Anyone familiar with military intelligence will tell you cyber-risk is much greater than most people realize. Russians used cyber tools to try to throw the 2016 election, and electronic attack is perhaps the greatest US vulnerability to an international power.


Quite how the Bannon wing would do anything is an interesting question.
link to this extract

Intel discontinues Joule, Galileo, and Edison product lines • Hackaday

Jenny List:


Sometimes the end of a product’s production run is surrounded by publicity, a mix of a party atmosphere celebrating its impact either good or bad, and perhaps a tinge of regret at its passing. Think of the last rear-engined Volkswagens rolling off their South American production lines for an example.

Then again, there are the products that die with a whimper, their passing marked only by a barely visible press release in an obscure corner of the Internet. Such as this week’s discontinuances from Intel, in a series of PDFs lodged on a document management server announcing the end of their Galileo (PDF), Joule (PDF), and Edison (PDF) lines. The documents in turn set out a timetable for each of the boards, for now they are still available but the last will have shipped by the end of 2017.

It’s important to remember that this does not mark the end of the semiconductor giant’s forray into the world of IoT development boards, there is no announcement of the demise of their Curie chip, as found in the Arduino 101. But it does mark an ignominious end to their efforts over the past few years in bringing the full power of their x86 platforms to this particular market, the Curie is an extremely limited device in comparison to those being discontinued.


So Intel is retreating from a number of Internet of Things spaces. ARM stuff is likely to dominate. Strange how it turns out that ARM’s RISC (reduced instruction set computing) has won, bit by bit, over Intels’ CISC (complex instruction set). ARM, of course, being a British company before Softbank bought it. Just wanted to mention that.
link to this extract

Artificial intelligence automatically detects atrial fibrillation • Heart Rhythm Society


A new study shows that the Apple Watch’s heart rate sensor, when paired with an artificial intelligence-based algorithm, can detect a serious and often symptomless heart arrhythmia, atrial fibrillation (AF). The new research uses a deep neural network based on photoplethysmographic (PPG) sensors commonly found in smart watches. The results of this study were presented today at Heart Rhythm 2017, the Heart Rhythm Society’s 38th Annual Scientific Sessions.

AF, the most common heart arrhythmia, affects more than 2.7 million American adults. While AF may present symptoms such as palpitations and fatigue, it is often asymptomatic, causing no alarm to doctors or patients and making diagnosis difficult. According to a national survey of 1,000 Americans, one in five Americans owns a wearable fitness tracker such as a smart watch or Fitbit1. With the growing number of people using this mobile technology, there is an opportunity to address public health issues such as undiagnosed AF in a way that is convenient for many.

The study enrolled 6,158 users of Cardiogram for Apple Watch into the UCSF Health eHeart Study. Data from those participants—including 139 million heart rate measurements and 6,338 mobile ECGs—was used to train a deep neural network to automatically distinguish atrial fibrillation from normal heart rhythm.


Can this algorithm – and others like it – be incorporated into Watch OS 4? Seems like a pretty useful addition.
link to this extract

Uber scandals • Ben Edelman

Professor Ben Edelman:


Uber’s rapid rise has brought an even sharper increase in disputed activities — from violating city rules on licensing and safety to invading critics’ privacy to tolerating sexual harassment.  This site indexes and organizes selected examples, providing summaries and citations for each.


Edelman has done good, clever work looking at implicit discrimination by AirBnB and others. By my count he has 114 listed here, but some are probably duplicates.

At least, I hope so.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.