Start Up: Facebook’s copy machine, Infowars supplements, live randomly!, Kochs help Techdirt, and more

The right place for a new Foxconn plant – but is the price right? Photo by tbfurman on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The new copycats: how Facebook squashes competition from startups • WSJ

Betsy Morris and Deepa Seetharaman:


In February 2016, Mr. Rubin and Ms. Sistani launched Houseparty and began to demo it on college campuses. In May 2016, it briefly became the top social-networking app for the iPhone, according to app-research firm Sensor Tower.

Houseparty downloads went from 10,000 to 100,000 in one day and then crashed, unable to handle the load. The app was down for several hours and then glitchy through July, when the team decided it needed a major overhaul.

When Houseparty was at its most vulnerable, Facebook came knocking. Fidji Simo, head of Facebook’s video efforts, contacted Mr. Rubin, according to people familiar with the contact. She wanted to talk about live video, the people say. It was the first sign Facebook was scrutinizing Houseparty.

Mr. Zuckerberg is sensitive to anything that might disrupt Facebook, even the teeniest startup, say current and former executives and employees.

Facebook uses an internal database to track rivals, including young startups performing unusually well, people familiar with the system say. The database stems from Facebook’s 2013 acquisition of a Tel Aviv-based startup, Onavo, which had built an app that secures users’ privacy by routing their traffic through private servers. The app gives Facebook an unusually detailed look at what users collectively do on their phones, these people say.

The tool shaped Facebook’s decision to buy WhatsApp and informed its live-video strategy, they say. Facebook used Onavo to build its early-bird tool that tips it off to promising services and that helped Facebook home in on Houseparty.


Remember when it was all Apple and Microsoft accusing each other of copying features in their respective desktop operating systems, and doing the same to tiny companies (hence “Sherlocked“)? Nothing much different here.
link to this extract

How to confirm a Google user’s specific email address (Bug Bounty Submission) • Tom Anthony


I’ve previously written about identifying whether a user is logged in to a certain social network, and this attack is a variation of that method (albeit more serious, IMHO).

Google login pages often pass a continue parameter in the URL that is used to redirect a user to their intended destination after they complete login. However, if you are already logged in then you just get redirected immediately to the URL specified in the continue parameter.

This fact can be abused to craft a URL that will redirect users who are logged in to an image file, and challenge users who are not logged in with a login page. If you now use this URL as the src element in an img tag, you can use the Javascript onload and onerror functions to determine whether the image loaded correctly or not.

If the image loaded, then the user is logged in, and if it errored then the user is not logged in. This is an known issue but has limited capacity to cause any sort of problem.

However, Google succumbs to a far more dangerous variation where the attacker can also supply an additional parameter specifying an email address. The redirect then fires if the email matches, but otherwise not.

At this point an attacker can just dynamically create loads of image tags (no need to even add them to the page, you can do it without attaching them to the DOM) with onload attributes and wait for a match. In my tests I could check about 1000 emails every 23-24 seconds or so. If a user is on your site for a couple of minutes then you could check many thousands of possible emails.


This is the demo page. It works. Reported to Google, but they say it’s “intended behaviour”. Still seems risky.
link to this extract

We looked at Trump’s Twitter interactions for more than a year. A lot of them are suspicious • Media Matters

Nina Mast, Freedom Murphy and Natalie Martinez:


President Donald Trump tweets … a lot. But along with his usual flurry of tweets attacking the media, lamenting fake news, or criticizing practically anyone who disagrees with him, Trump has another Twitter habit — quoting his supposed supporters’ tweets. A look at over a year of Trump’s retweets, quote tweets, and tweets in which he quoted another Twitter handle has left a lot of questions.

Using the Trump Twitter Archive, Media Matters audited the president’s Twitter handle, @RealDonaldTrump, between April 1, 2016, and July 31, 2017, focusing on retweets, quote tweets, and tweets where @RealDonaldTrump quoted another Twitter handle. We used that list to identify unverified accounts that he quoted or retweeted, which we then checked for the original tweet and suspicious or bot-like activity. If an account seemed suspicious (for example, it posted an unrealistic number of tweets or exclusively pro-Trump messages), we examined its tweeting habits during the weekend of the second presidential debate (October 6 to 10, 2016). Finally, if an account seemed like a bot, we reviewed its tweeting habits between August 2015 and January 2016.

Factors used to identify suspicious behavior included the date the handle was created; the number of tweets sent; the general frequency of tweets and use of hashtags and images; the content and frequency of tweets the weekend of the second debate; and what the account tweeted before the October 2015 primary season.


There is, certainly, something a bit odd about this. People are making money out of those retweets and quoted tweets. How are they chosen, though? That seems like the next stage. As I keep saying.
link to this extract

We sent Alex Jones’ Infowars supplements to a lab. Here’s what’s in them • Buzzfeed

Charlie Warzel:


Alex Jones’ wildly popular suite of Infowars supplements probably won’t kill you, but extensive tests provided to BuzzFeed News have shown that they’re little more than overpriced and ineffective blends of vitamins and minerals that have been sold in stores for ages.

The independent test results are the work of Labdoor, a San Francisco-based lab that tests and grades dietary supplements. Labdoor ran full tests on six popular Infowars supplements to determine the exact make-up of each supplement and screen for various dangerous and illegal chemicals. It also investigated a few of the products that “claimed incredible benefits for what seemed like could just be simple ingredients.”

“We tested samples in triplicate, and wherever possible, cross-checked those results with at least two independent analytical laboratories, so we have complete trust in our conclusions,” Brian Brandley, Labdoor’s Laboratory Director told BuzzFeed News.

All of the test results were largely the same: The products are — more or less — accurately advertised. They don’t contain significantly more or less of a particular ingredient than listed on the bottles, and there are no surprise ingredients. They’re also reasonably safe, meaning they passed heavy metal contaminant screenings and tested free of stimulants, depressants, and other prohibited drugs.

But just because the product’s ingredients matched their labels doesn’t mean they lived up to Jones’ claims.


I’m shocked, shocked to hear they don’t live up to Jones’s claims, whatever those are.
link to this extract

Google reveals sites with ‘failing’ ads, including Forbes, LA Times • Digiday

Lucia Moses:


On June 1, Google rolled out its Ad Experience Report, a tool it’s using to evaluate and score websites based on their ad creative and design. It provides screenshots and videos of ads that have been identified as annoying to users, such as pop-ups and autoplaying video ads with sound, and “prestitial” ads with countdown timers.

So far, Google has identified about 700 sites as warranting corrective action out of around 100,000 sites it’s reviewed so far. Half of the roughly 700 got a “failing” status and the other half a “warning.” Pop-ups were the most common problem Google found, accounting for 96% of violations on desktop and 54% on mobile.

Most of these sites are out of the mainstream, such as entertainment sites and But a couple dozen are a who’s who of traditional media. Those listed as failing include Forbes; Tronc-owned Orlando Sentinel, Sun-Sentinel and Los Angeles Times; Bauer Xcel Media’s Life & Style and In Touch Weekly; The Wrap; Chicago Sun-Times; Tribune Broadcasting’s Fox 13 Now; and Sporting News.

A similar number of mainstream sites got warnings. They included Kiplinger, Gizmodo Media Group’s Lifehacker, The Jerusalem Post, The San Diego Union-Tribune, Cox Media Group’s WSB-TV in Atlanta, Tronc’s Baltimore Sun and Chicago Tribune, The Christian Science Monitor, the U.K. Independent, The Daily Caller, Reader’s Digest, All You, Smithsonian, New York Daily News, Salt Lake Tribune and CBS News.


Basically, warning them that if they don’t change, they’ll die once Chrome gets an adblocker.
link to this extract

Wisconsin Senate Republican leader raises questions on Foxconn deal, says he doesn’t have votes yet • Milwaukee Sentinel

Patrick Marley, Lee Bergquist and Jason Stein:


[Scott] Fitzgerald said it was “striking” that a report issued this week by the Legislative Fiscal Bureau found that state taxpayers would not recoup their investment in Foxconn until 2043. The bureau described that timeline as the best-case scenario, with the Wisconsin plant fully operational and spawning job growth at suppliers and other companies that would come to the area.

“Is it going to be a good deal for taxpayers? A lot of that is going to be based on viability, on how this happens over the next 15, 25 years,” Fitzgerald said. “And what is the payback going to be? And it’s difficult to really measure that right now.”

For his part, Walker on Wednesday downplayed the report’s findings.

“We’ve known it all along,” Walker told Green Bay-area conservative radio host Jerry Bader when asked about the report. “We’ve known this was a big deal.”

Also Wednesday, the head of the state Department of Natural Resources said her agency has hired a coordinator to manage the DNR’s oversight of the massive project. 

Eric Ebersberger, a retired DNR attorney, was heavily involved in the agency’s review of Waukesha’s bid to tap Lake Michigan as a source of drinking water. That experience is relevant to the Foxconn plant, which would need large amounts of water from the lake to produce glass and other components of flat screens. 

DNR Secretary Cathy Stepp announced the move at a meeting of the agency board in Milwaukee, saying the DNR is preparing internally for Foxconn. 


It would take 26 years to pay back? The report notes that there would be a $3bn economic sweetener. There are all sorts of proposed exceptions to environmental regulations too.

I suspect though that given this would be a $10bn investment by Foxconn (per the report) employing more than 10,000 jobs every year, that it might happen.
link to this extract

The end of typing: the next billion mobile users will rely on video and voice • WSJ

Eric Bellman:


Instead of typing searches and emails, a wave of newcomers—“the next billion,” the tech industry calls them—is avoiding text, using voice activation and communicating with images. They are a swath of the world’s less-educated, online for the first time thanks to low-end smartphones, cheap data plans and intuitive apps that let them navigate despite poor literacy.

Incumbent tech companies are finding they must rethink their products for these newcomers and face local competitors that have been quicker to figure them out. “We are seeing a new kind of internet user,” said Caesar Sengupta, who heads a group at Alphabet Inc.’s Google trying to adapt to the new wave. “The new users are very different from the first billion.”…

…Google has revamped the way certain searches look in India. Seek a local cricket star, and the top of the search is crowded with photos and videos instead of long lists of links. Google’s YouTube created apps in India to make it easier for users to share videos directly—helping them avoid data costs and circumvent slow internet speeds.

One five-person Google team took a long train ride through the western Indian state of Maharashtra recently to poll passengers. “How does he get new music?” asked project manager Scott Velicer through a translator. “Ask him if he has trouble getting to know the name of songs he hears on TV.”

The team showed passengers a “low-fidelity prototype,” basically phone screens printed on paper with different apps and instructions, asking what they would do if they saw one of the screens. The group later stood at the Lonavla Station and discussed what it learned. “People here don’t read the text,” so the icons need to be easy to understand, Mr. Velicer said.

Google has also benefited from the dominance of its Android operating system.

Apple has been upping its bet on India, contracting with a manufacturer to assemble handsets locally, rolling out a bigger retail network and investing to support developers of more apps aimed at Indians. It has begun offering Apple Music—available for Android phones—for a lower price than in the U.S.


link to this extract

Misunderstanding Apple Services • Monday Note

Jean-Lois Gassée:


the biggest misunderstanding isn’t the theoretical placement [of the revenue from Apple Services] in the Fortune 100 list, or the comparisons to Facebook. It’s the consideration of Apple Services as a self-standing business. Remove “Apple” from “Apple Services”…would this stand-alone “Services” company enjoy the same success were it to service Android phones or Windows PCs?

Apple Services is an important member of the supporting cast that pushes the volume and margins for the main act: Apple Personal Computers. These come in three sizes, small (iPhone), medium (iPad), and large (Mac). If rumors of the addition of a cellular modem are true, we may even see the Watch, today an iPhone accessory, added to the cast as the newest and smallest performer.

Everything else that Apple offers has one raison d’être: fuelling the company’s main hardware act, without which Apple is nothing. As an example, headphones, earphones, loudspeaker sales, and music distribution revenue isn’t the goal (note the fall in music purchases on Horace’s chart above).

With Services, Apple enjoys the benefits of a virtuous circle: Hardware sales create Services revenue opportunities; Services makes hardware more attractive and “stickier”. Like Apple Stores, Services are part of the ecosystem. Such is the satisfying simplicity and robustness of Apple’s business model.


A lot of people are missing this point.
link to this extract

Eager to burst his own bubble, a techie made apps to randomize his life • NPR

Alix Spiegel:


Max’s once beautiful routine suddenly seemed unfulfilling. He felt like he was growing closer to people in his own bubble and becoming isolated from those outside of it.

“There was something … that just made me feel trapped,” he says. “Like I was reading a story that I’d read before or I was playing out someone else’s script.”

How is it that two people can look at the same thing and see something completely different? Alix Spiegel and co-host Hanna Rosin tackle the notion of bubbles and follow two people making radical attempts to break out of them in the latest episode of Season 3 of the NPR podcast Invisibilia.
As any computer developer would do, Max turned to technology to craft his way out — a series of randomization applications.

Max started small, with an app that integrated Uber. It starts like a regular ride-hailing app: He would press a button in the app and a car would arrive. But then, a twist: He couldn’t select a drop-off location; the app would choose a spot within a range without disclosing it. The only thing the rider had to do was enjoy the journey — and hope for a good destination.

From there, Max’s applications became more complex. He built an app that used a Facebook search function for public events to find ones near him. Then the app would randomly choose which event Max would attend.

At first, he was nervous: What if people wouldn’t let him in? But, as a kind of unassuming white guy, he actually didn’t have this problem. (And Max acknowledges this privilege.) Once Max explained how and why he had arrived at these events, hosts usually welcomed him, often with only a few questions asked. Most of the time, people were taken by the idea of Max expanding his bubble.

One night, he got to drink white Russians with some Russians. Another, he attended acroyoga (as in, acrobatics + yoga). A community center pancake breakfast. A networking event for young professionals. The algorithm chose; Max attended.

Most of these events were something that the nonrandomized Max would never have thought to try.


Since you ask, Max doesn’t have children, no. But adding randomness into your life is a neat idea.
link to this extract

Koch group, Craigslist founder come to Techdirt’s aid • Axios

David McCabe:


An eclectic group is financially backing TechDirt, a tech news site being sued for libel by the same lawyer who helped take down Gawker.

Who’s involved: The Charles Koch Foundation, Craigslist Founder Craig Newmark’s CraigConnects, Union Square Ventures, WordPress parent Automattic and the Freedom of the Press Foundation. The financial support is worth more than a quarter of a million dollars.

Why this matters: Their backing comes as some news organizations shy away from writing about a powerful or well-resourced person out of fear of a lawsuit — which some have called the Gawker Effect. This helps to chart a path for the types of publishers that can’t survive the kind of libel suits that are becoming more common in the post-Gawker age.

The details: The parent company for Techdirt is facing a libel suit filed by a man who claims he invented email, who is represented by the same lawyer who led the case that resulted in Gawker Media’s bankruptcy. The same person settled with Gawker in 2016. Techdirt’s founder, Mike Masnick, has said that the lawsuit has “already taken a massive toll on us and our ability to function and report.” To help the Techdirt weather the lawsuit, the group of philanthropies, companies and private individuals is funding a year of coverage on the site devoted to free speech issues.


Yes, the Charles Koch Foundation is linked to those Koch brothers. Strange to see them ranged against Thiel. But good to see Techdirt getting a serious backer.
link to this extract

How to take down Kim Jong Un • POLITICO Magazine

Tom Malinowski was assistant secretary of state for democracy, human rights and labo(u)r at the US State Department from 2014-2017:


Kim Jong Un, like all totalitarian leaders, wants above all to ensure his survival. He is convinced that a nuclear strike capability is necessary to deter the United States and South Korea from threatening his regime, and to extract concessions that might prolong its life. There is nothing crazy about this conviction. And because the matter is existential for Kim, more economic pressure will not change his mind. His regime survived a famine and can risk economic hardship. What he apparently will not risk is following the example of Saddam Hussein and Muammar Qadhafi, who gave up nuclear programs and found themselves defenseless against foreign interventions that claimed their lives.

But there is an opportunity in Kim’s obsession with survival. While he assumes the United States would not start a catastrophic war to stop his nuclear program, he also knows that were he to start that war, the U.S. would have no reason to hold back. We could, and likely would, destroy his regime. This means that even if we can’t prevent North Korea from gaining the ability to hit us or our allies, we can deter it from actually doing so, and thus have time to pursue, by means more effective than sanctions and less dangerous than war, our ultimate goal of a reunified Korea that threatens no one.


Malinowski offers a number of suggestions for what those “more effective than sanctions” options are, though personally I find them unsatisfactory, in that they’re slow. (They’re all things the US and South Korea are doing anyway.) A nuclear North Korea has negotiating power, so the US should negotiate with it – because it can be sure that any opening of North Korea’s regime to outside trade and information will weaken it and eventually undermine it. (I made similar points in a Twitter thread.)

Overall? I think that the risk of actual war with North Korea is minimal, as long as the US keeps calm. (Thanks for the link to Tim Bajarin, who has previously pointed to similar thinking about Kim Jong-un.)
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.