Start Up: the Bluetooth DDOS threat, Canada’s pricey phones, iPhone8 and WatchOS review, and more


It’s not an iPhone. But do they share a pricing strategy? Photo by cocoate.com on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

BlueBorne Bluetooth vulnerability ‘exposes almost every connected device’ • Betanews

Mark Wycislik-Wilson:

»

The only requirement for a successful attack is that Bluetooth is enabled — something most people have enabled at least on their phone, and often on their computers and laptops. Armis Labs describes BlueBorne as being “out of the traditional kill chain” as it is incredibly hard to detect.

The company says:

»

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.

«

Armis Labs has already communicated with Microsoft, Google, Linux, Apple and Samsung, and patches are being issued in most cases — with the possible exception of Samsung which failed to respond to the notification.

«

Mitigated in Windows 10 as of July 11; fixed in iOS 10; pushed in an Android update on August 7, included in the September security update for Android. Still leaves a lot of Android devices potentially vulnerable.
link to this extract


How Apple’s pricey new iPhone X tests economic theory • WSJ

Josh Zumbrum and Tripp Mickle:

»

Apple and Samsung have found themselves here partly by necessity. Smartphone makers are running out of new customers. Data from IHS Markit estimates there are just under 100 smartphones per 100 people in the U.S. and about 92 smartphones per 100 people in Europe. (Many people own more than one phone.) By 2020, there will be about 84 smartphones per 100 people globally, IHS projects.

To generate more revenue the big smartphone makers increasingly need to push on price.

“They can create a super-premium model and perception of super-premium that pushes those buyer types into the stratosphere,” said Steven Haines, chief executive of Sequent Learning Networks, which advises companies on product management. “This is classic product management.”

Such segmentation is normal in mature industries, said Mr. Haines, comparing smartphones to what happened with the auto industry, where luxury cars with high prices became a status symbol as car ownership became commonplace.

«

Zumbrum and Mickle are trying to argue that the iPhone [X] is a Veblen good – where demand rises as the price goes up. Neil Cybart takes this argument to pieces in his latest newsletter (sign up on aboveavalon.com). He points out that iPhone starting prices now range from $349 (iPhone SE) to $999 (iPhone X):

»

Apple didn’t establish the preceding price range in order to push specific “luxury” models, like iPhone X or iPhone 8 Plus. It’s not that the higher-end models are priced in such a way as to stoke demand and interest simply because of a higher price. Instead, iPhone pricing is based on capability [such as camera, processor speed, screen size].

«

Handbags or Vertu phones (which recently went bust) aren’t priced on their capability. Vertu phones were arguably less capable than far cheaper devices.
link to this extract


Why Canadian cell phone bills are among the most expensive on the planet • National Post

Tristin Hopper:

»

The more likely reason for the high prices is that the people setting these prices don’t have any reason not to.

As Michael Geist put it in 2013, cell phone carriers raise prices “because they can.”

They’re not a cartel, which would be illegal. Rather, Canadian telecoms are in a situation in which there’s no real incentive to undercut each other. The three companies know they are better off when Canadians are paying among the world’s highest rates for cell phone usage.

As industry watchers have noted, these companies have a strange habit of raising their prices in tandem. In January 2016, Bell hiked its monthly plans by $5 per month. Within a week, Telus and Rogers had independently followed suit.

These are not the normal actions of an industry. When Air Canada hikes prices, WestJet and NewLeaf don’t follow suit within a matter of hours. In fact, it’s quite the opposite: By constantly trying to grab market share from each other, the competing airlines force prices to a bare minimum.

But Canadian cell phone providers don’t have to worry about a WestJet or a NewLeaf. The awesome costs and regulatory barriers of starting a competing Canadian wireless company are so prohibitive that telecoms can rest assured that they won’t suddenly be challenged by an ambitious startup.

«

Weird that Canada’s regulators haven’t thought of providing some sort of incentive to encourage another carrier to move in, perhaps simply by forcing the sharing of infrastructure. This is similar to the problem in the UK where there’s no competitor to BT for landlines because of the cost of infrastructure.
link to this extract


All that’s needed to hack Gmail and rob bitcoin: a name and a phone number • Forbes

Thomas Fox-Brewster:

»

Hackers have proven just how urgently a gaping flaw in the global telecoms network, affecting what’s known as Signalling System No. 7 (SS7), needs to be fixed. In a video demonstration, shown to Forbes ahead of publication today, benevolent hackers from Positive Technologies were able to take control of a Coinbase bitcoin wallet and start pilfering funds via the SS7 flaws.

SS7 weaknesses, despite fixes being available for years, remain open. They allow anyone with access to that part of the telecoms backbone to send and receive messages to and from cellphones, with various attacks allowing silent interception of SMS texts, calls and location data. (Typically, the SS7 network is used by telecoms companies to talk with one another, normally for shifting customers between operators when roaming).

In their attack, the Positive researchers first went to Gmail, using Google’s service to find an email account with just a phone number. Once the email account was identified, the hackers initiated a password reset process, asking one-time authorization codes to be sent to the victim’s phone. By exploiting SS7 weaknesses they were able to intercept text messages containing those codes, allowing them to choose a new password and take control of the Gmail account. They could then simply head to the Coinbase website and do another password reset using the email they’d compromised.

«

SS7 has weaknesses, though it’s difficult to access; Positive got access “for research to help mobile operators make their networks more secure”. For hackers, slightly harder – but far from impossible.
link to this extract


The iPhone 8: a worthy refinement before the next generation • The New York Times

Farhad Manjoo:

»

So here’s my conclusion, after nearly a week testing the 8 and 8 Plus: The 8s feel like a swan song — or, to put it another way, they represent Apple’s platonic ideal of that first iPhone, an ultimate refinement before eternal retirement.

«

This is the perfect review. The platonic ideal of iPhone (2007-September 2017) reviews. OK, the actual piece is somewhat longer, but this says it beautifully.
link to this extract


watchOS 4: the BirchTree review • BirchTree

Matt Birchler:

»

I will say up front that this is not the same type of giant update like we got last year. While I have to acknowledge that it’s unreasonable to expect massive changes every year, watchOS is still a young platform and has a lot of room to grow. This contrast sums up much of my feelings towards watchOS 4. This is a satisfying update that improves on the previous version in almost every way, but it doesn’t move the needle as much as some, including myself, would like.

And it’s not just a matter of quantity over quality. watchOS 3 sported a huge list of improvements and I would argue 99% of them were objective improvements over what came before. watchOS 4 has a shorter list of new features, but I don’t think Apple’s success rate is as high as it was last year. They didn’t “blow it” on any specific feature, but there are definitely some questionable choices made this year that made me grumble more than a few times.

Of course you should update your Apple Watch if you own one, it’s free and makes the Apple Watch a better product than it was yesterday. But set your expectations properly because this release will make your Apple Watch better, but it will not change your life.

«

This is a thorough review; might not make a lot of sense if you don’t yet own a Watch. The Workout app rewrite looks like a particular improvement – the targets on the old one were too small for fat fingers. The change to the Dock (which now shows what you’ve previously used, not a set of apps you choose) seems retrograde – though Birchler has his own idea for why they changed it: because people weren’t using it.
link to this extract


Technology companies should publish political advertising files online • Sunlight Foundation

Alex Howard and John Wonderlich:

»

The United States of America has now fallen off the online disclosure cliff that Sunlight has warned of for years: the lack of transparency for political ad spending and related activity online created a significant vulnerability in our public accountability laws. While more transparency was rendered to TV stations, “dark ads” have flourished online. Last week’s reporting confirms that Facebook was used by Russians used to influence the 2016 election. The full extent of that interference is still not understood publicly, even now.

As we told Buzzfeed, highly targeted online ads now present a significant vulnerability for liberal democracies, especially since they are not covered by the comparatively strong legal oversight and public visibility that traditional radio, TV, and print ads are.

The Federal Communications Commission approved rules in 2016 that required TV stations and radio stations to publish their political advertising files online. This has added a digital twist to a decades-old requirement that political ad spending be publicly disclosed, in near real time, while technology companies, newly relevant as political ad vendors, continue to get a pass altogether from analogous public protections.

As the share of political advertising spent by campaigns on digital platforms grows, and more public time is spent on social networks, disclosure’s importance increases.

«

There’s no basis to disagree: people spend more time on social media than reading newspapers or watching TV news.
link to this extract


Toys ‘R’ Us seeks bankruptcy, crushed by debt and online rivals • Bloomberg

Dawn McCarty and Daniela Wei:

»

The bankruptcy filing is the latest blow to a brick-and-mortar retail industry reeling from store closures, sluggish mall traffic and the gravitational pull of Amazon.com Inc., which has revolutionized the way people consume with affordable online offerings and global home delivery service.

A dozen-plus major retailers have filed for creditor protection this year, including Payless Inc., Gymboree Corp. and Perfumania Holdings Inc., all of which are using the Chapter 11 process to close underperforming stores and expand online operations. 

The shakeout is also reverberating across American malls and shopping districts. More than 10% of U.S. retail space, or nearly 1 billion square feet, may need to be closed, converted to other uses or renegotiated for lower rent in coming years, according to data provided to Bloomberg by CoStar Group.

The troubles at Toys “R” Us come as retailers and suppliers ramp up for the all-important holiday shopping season. In an emailed statement, Mattel Inc. said, “As one of our most important retail partners, we are committed to supporting Toys ‘R’ Us and its management team as they work through this process, particularly as we approach the holiday season.”

The bankruptcy filing by the company also may have global implications, especially for Chinese toy manufacturers. Some 38% of the company’s revenue came from overseas markets in the latest fiscal year. “It’s a loss for the long-term benefit of the entire industry,” said Lun Leung, chairman of Hong Kong-based Lung Cheong Group, a toy supplier for Hasbro Inc. He said Toys “R” Us accounted for less than 5% of the group’s sales.

The company listed debt and assets of more than $1 billion each in Chapter 11 documents submitted Monday at the U.S. Bankruptcy Court in Richmond, Virginia. Prior to filing, the chain secured more than $3 billion in financing from lenders including a JPMorgan Chase & Co.-led bank syndicate and certain existing lenders to fund operations while it restructures, according to a company statement. The funding is subject to court approval.

«

Gradually, and then suddenly. The debt mattered – the leveraged buyout was in 2005, when dumping a ton of debt on a retail store looked reasonable. (Or not unreasonable.) Ten years later, it turns out to have been a calamitous decision. Financial analysts will be looking at the gearing (debt ratio) of lots of retailers from here.
link to this extract


Samsung’s Bixby button is structural bloatware • The Verge

Vlad Savov:

»

the most common reason for pressing the Bixby button to date has been an accidental click when people have wanted to turn the phone’s volume down (because the volume rocker is just above). The moment the Galaxy S8 was announced, prospective users were already asking if they could re-purpose the button to activate Google Assistant, but Samsung has resolutely and stringently denied them that possibility. The company’s present climbdown to just disable the button rather than allow us to use it otherwise is embarrassingly user-hostile.

Isn’t Bixby pushy enough even without the button? You can’t set up a Galaxy smartphone without being informed about Bixby and urged to sign up for the requisite Samsung account. Swipe left from the home screen and a sort of champagne-bubble animation kicks in as Bixby starts to wake… I usually swipe frantically back to the right to avoid further prompts. Most onerous of all is Samsung forcing its Bixby camera-assisting features on me every time I open the camera app. I gave in after just half a day trying to shoot photos for our Galaxy S8 review. So well done, Samsung, you forced your horrible piece of self-serving bloat on me, and in the process you extracted some additional personal information. Are you feeling proud of bullying your users into this?

I know that Google works on similar principles to those underpinning Samsung’s Bixby: make a new data-hungry feature a core part of the software and tirelessly nudge people into using it until they do. But the Google difference is that its services are actually superior and useful…

«

As he says, it’s indicative of a company which – despite charging premium prices for the phones with this built in – is at heart not user-centric. It’s product-centric.

Savov’s coda sums it up:

»

there’s not a human on Earth (that I know of, anyway) who is honestly lauding Bixby as a unique advantage. Most are just asking for it to go away, and for the newly vacant button to be customizable to our own preferences. Is that too much to ask when you spend hundreds of dollars on a phone?

«

What chance Bixby goes away in a year or two?
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: inside the Equifax hack, CCleaner compromised, Google’s auction offer, and more


A Kinect sensor. Soon you can put one in your pocket. Photo by bm.iphone on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The iPhone X’s notch is basically a Kinect • The Verge

Paul Miller:

»

Apple’s iPhone X provides a nice little illustration of how sensor and processing technology has evolved in the past decade. In June 2009, Microsoft unveiled this:

In September 2017, Apple put all that tech in this:

Well, minus the tilt motor.

Microsoft’s original Kinect hardware was powered by a little-known Israeli company called PrimeSense. PrimeSense pioneered the technology of projecting a grid of infrared dots onto a scene, then detecting them with an IR camera and acsertaining depth information through a special processing chip.

«

Terrific observation. (And Apple did buy Primesense, in 2013.)
link to this extract


Samsung finally lets us disable the Bixby button • SamMobile

Adnan F:

»

The dedicated Bixby button on the Galaxy S8 and Galaxy S8+ didn’t really serve any meaningful purpose until last month when Bixby Voice was rolled out globally. Before the global release of Bixby Voice, the dedicated button could only be used for Bixby Home.

Most users didn’t feel the need for Bixby Home to have a dedicated key. Third-party apps were developed that allowed them to remap the button to launch any app of their choice. Samsung was quick to clamp down on those apps for reasons that our editor in chief explained in great detail.

I bemoaned recently that the Bixby button was driving me nuts and many of our readers agreed with me. I don’t like how it gets in the way and that you can’t avoid accidental presses of the button. However, it’s time for us to rejoice.

Samsung is finally allowing us to disable the Bixby button, to an extent.

«

Hooray? Except further down the story..

»

The implementation appears to be random right now. Some of our devices have got this toggle after the update. Some haven’t.

«

link to this extract


Apple’s removal of the App Store from iTunes screws over users, publishers, and developers • BirchTree

Matt Birchler:

»

Take a website like MacStories. This is a great website for discovering new iOS apps, and this week will especially be big since iOS 11 is coming out and tons of your favorite apps will be updated to take advantage of new features.

Here’s the thing though, you really shouldn’t read MacStories on a desktop anymore. Why? Well, because if you are on your MacBook Pro and read an article about an app you think looks great and want to buy, you have no course of action to actually get that app. Your 3 options are:

• Remember the app name and search the App Store on your iOS device for that app (and hope the App Store search brings up the right one)
• Remember the URL for the MacStories page, load that on your iOS device, and tap the link from the article on that device
• Save the App Store link to a read later service like Pocket and open the link on your iPhone or iPad

None of those options are great for the users or MacStories. Each option is worse than it was before, where you could tap/click an App Store link from any device and install the app from there. In this new reality, users have to do more work to get new apps if they don’t discover them on their iOS device, and the most likely solution (searching the App Store manually) cuts out the affiliate link MacStories used in their article.

«

Um.. AirDrop the link to yourself? (Drag the URL to the AirDrop page on Finder. On the phone you get the option to save it to iCloud Drive, Dropbox, Slack, and any other URL-capable app) Message it to yourself? But yes, things are broken at present.
link to this extract


‘We’ve been breached’: inside the Equifax hack • WSJ

AnnaMaria Andriotis, Michael Rapoport and Robert McMillan:

»

Although investigators are still grappling with who might be behind the Equifax break-in, the scale of the breach, sophistication of the hack and nature of the stolen data all point toward a state-sponsored actor, says a person familiar with the investigation.

In March, the Justice Department charged two officers with Russia’s Federal Security Service, alleging the hack was part of an information-collection operation. A Russian official said the charges were part of an attempt to raise “the theme of ‘Russian hackers’ in the domestic political squabbles in the U.S.”

“Credit bureaus are the tracks that the [credit] trains run on, and we should make sure those roads and tracks are sound if we’re going to run a whole economy over them,” said Louis Hyman, a consumer-credit historian at Cornell University…

…One large firm that links credit-card networks, merchants and lenders saw a spike in fraudulent activity from late May to early June, according to people familiar with the matter.

The firm was getting phone calls from people who said they had an account there and provided all four pieces of personal information typically needed for identity verification: name, address, date of birth and Social Security number. Equifax has said the same type of information was exposed.

Callers then asked the large firm to change the bank-deposit number for what they claimed was their business, people familiar with the matter say. The callers said the change was needed because they had changed banks.

The firm usually gets about a dozen such calls per year, but it was suddenly getting a dozen per week, these people say.

«

So likely a lot of people have been hit already. The state-sponsored idea is novel.
link to this extract


Hackers compromised free CCleaner software, Avast’s Piriform says • Reuters

Joseph Menn:

»

More than 2 million people downloaded tainted versions of Piriform’s program, which then directed the computers to get instructions from servers under the hacker’s control, Piriform said.

Piriform said it worked with law enforcement and cut off communication to the servers before any malicious commands were detected. This came after security researchers at Cisco Systems Inc (CSCO.O) and Morphisec Ltd alerted Piriform’s parent Avast Software of the hack last week.

The malicious program was slipped into legitimate software called CCleaner, which cleans up junk programs and advertising cookies to speed up devices.

CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner…

…In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

«

link to this extract


After crisis and collapse, Jack Heuer’s time has come again • FT

Simon de Burton:

»

Mr Heuer [as in Tag Heuer, the watches] has already experienced one calamity in the watch industry. In 1958, at the age of 26, he had gone to work for Heuer, the company founded in 1860 by his great-grandfather, Edouard. Twenty years later, the “quartz crisis”, when Japanese companies’ cheap quartz-powered watches destroyed historical Swiss brands, brought a 22% drop in Swiss watch exports and coincided with a 20% fall in the value of the Swiss franc against the dollar. In 1982, the financial situation defeated him: Heuer-Leonidas was sold to the first of a succession of owners, before being taken over by TAG. As he writes in his autobiography: “I was five months away from my 50th birthday and ruined.”

Now, almost four years after officially retiring as TAG Heuer’s honorary chairman, a role he had held since 2001, he will step aside for good at the end of this year. So how does he compare the difficulties faced by today’s watch industry to those he battled 35 years ago?

“I think the big difference this time is that there is both a technical challenge from the smartwatch [comparable to the arrival of quartz] and a mental slowdown with the end consumer — people have become used to being able to see the precise time on their mobile phones and perhaps feel they no longer have a need for a traditional watch.

“To me, that is a more disturbing factor than the competition from the smartwatch. In fact, I think it could be a potential killer for the industry because, unlike the smartwatch, the mobile phone does nothing to help the worldwide development of wristwatch sales — and I don’t think that danger has yet been fully addressed.”

«

link to this extract


iPhone X: the demo gods are cheeky • Monday Note

Jean-Louis Gassée:

»

Over time, I came to see how random the correlation between a demo’s success and the market’s reaction to the product is. Two good examples are the well-received Mac Portable demo where I assembled the machine on stage or, even better, the BeBox demo performed at the Agenda conference by my colleague Steve Horowitz that got a standing ovation. Market success didn’t follow.

On the other hand, we have Steve Jobs’ exquisitely edited and rehearsed Apple 2.0 demos. The best example is the January 2007 iPhone intro; a thrilling demo that marked the beginning of a new era, of more than one billion iPhones sold. The video is here, a resonant classic, the master at the top of his expository powers.

This brings us back to the aptly named iPhone X, ten years later. As it turns out, Face ID didn’t fail Federighi. A stagehand had unwittingly and repeatedly triggered Face ID when arranging the device before the presentation. As designed, a security algorithm kicked in when the camera had seen too much of the stagehand’s unrecognized face and thus it sent Federighi to the security code entry screen. Both disconcerting and reassuring.

I haven’t had the opportunity to form a Third Impression of the new iPhone X, that is putting my money on the table, getting the product and using it long enough to reach a stable gut-level feel, the one that triggers the ultimate marketing weapon: Word of Mouth.

«

It is very interesting to listen to John Gruber’s podcast with Craig Federighi, Apple’s software chief, who has been using the iPhone X for some time, and who says you get completely used to face-unlocking being automatic.

And I don’t want to seem fulsome, but Federighi’s recovery at the iPhone X onstage demo – when it didn’t unlock after what had probably been a summer when it unlocked every time for him – was one of the all-time presentation recoveries. Imagine how unnerving it would be if something that had always worked suddenly didn’t. Yet he had the presence of mind to not go with the passcode, but switch to the backup. It’s the only time I’ve ever seen him wrongfooted, and he handled it with aplomb.
link to this extract


There isn’t a long waiting list for the iPhone 8 yet • Business Insider

Kif Leswing:

»

If you were to log on to Apple.com on Monday and order the newest iPhone, you wouldn’t have to wait very long until you received your new device.

In fact, some iPhone 8 models will still arrive by Friday, the first day it hits retail stores, even if it was ordered several days after pre-orders started.

This suggests there will be no shortage of iPhone 8 models this fall and that the iPhone 8 will be easier to find than previous new iPhone models. 

“The pre-order lead times are playing out as we expected with similar to the lead times as the smaller size iPhone’s over the past three years, but shorter lead times than the larger Plus sizes,” Loup Ventures founder Gene Munster wrote in a research post on Monday.

«

Anyone would think they had an entirely different phone coming out soon.
link to this extract


Google offers to auction off shopping ad spaces to rivals • WSJ

Natalia Drozdiak:

»

Google has proposed overhauling its shopping search results so that rivals can bid for space to display products for sale, as part of the tech giant’s efforts to comply with the European Union’s antitrust order, according to people familiar with the matter.

Under the proposal, Google would bid against rivals to display products for sale in the space above its general search results, according to the people. Google would set itself a price cap that it wouldn’t be able to bid above, but competitors could do so if they wished.

Rival shopping sites have hit back, saying an auction-based remedy wouldn’t assuage the EU regulator’s demands that the company treat its competitors’ offerings and its own shopping service equally.

The European Commission ordered Google to make the changes to its search results by late September as part of its decision to fine Google a record €2.42bn ($2.89bn) in June for discriminating against rival comparison-shopping sites in its search ranking…

…“While we have yet to see details of Google’s proposal, it seems unlikely that Google could have devised an auction-based remedy that does not fall far short of the equal treatment standard stipulated by the [commission’s] decision,” said Shivaun Raff, chief executive of Foundem.co.uk, a comparison-shopping website that was the first company to file a formal antitrust complaint about Google to the EU.

The auction-based remedy could force Google’s competitors to bid away the majority of their profits to Google, Ms. Raff said. Google could set a high price cap for its own bids, pushing the bids of competitors higher.

«

As the story points out, this is essentially the same failed proposal Google made a few years ago with the previous competition commissioner, and it’s just as absurd. Competitors want access to the free spot at the top of the organic results, which Google presently awards to its Shopping site in a sort of technological nepotism. Competitors like Foundem argue that there should be a clear algorithmic explanation of how that top spot is chosen, so everyone can compete fairly for it.

This will cause another round of complaints, and meanwhile the rivals are ground down further by Google’s monopoly.
link to this extract


How Baidu will win China’s AI race—and, maybe, the world’s • WIRED

In August, Jessi Hempel interviewed Qi Lu, who left Microsoft to become chief operating officer at Baidu, having seen Microsoft’s Cortana effort fall behind Amazon’s (to the surprise of many at Microsoft, and Google):

»

Hempel: don’t you think that Amazon’s handicap is on its back end, in that it can’t keep up on the technology side with Google and Microsoft?

Qi Lu: I worked on Cortana four and a half years ago. At the time we all were like, “Amazon, yeah, that technology is so far behind.” But one thing I learned is that in this race to AI, it’s actually more about having the right application scenarios and the right ecosystems. Google and Microsoft, technologically, were ahead of Amazon by a wide margin. But look at the AI race today. The Amazon Alexa ecosystem is far ahead of anybody else in the United States. It’s because they got the scenario right. They got the device right. Essentially, Alexa is an AI-first device.

Microsoft and Google made the same mistake. We focused on Cortana on the phone and PC, particularly the phone. The phone, in my view, is going to be, for the foreseeable future, a finger-first, mobile-first device. You need an AI-first device to solidify an emerging base of ecosystems.

It’s become so much clearer, living in China, what AI-first really means. It means you interact with the technology differently from the start. It has to be voice or image recognition, facial recognition, in the first interactions. You can use a screen or touch, but that’s secondary.

At Baidu [headquarters], it’s all face recognition-based. At the vending machine at Baidu, you can buy stuff with voice and a face. And we’re also working on a cafeteria project. Our goal is, when you go to a cafeteria, you walk away with food…

…JH: How does the US market for voice technology compare to the Chinese market?

QL: The home environment is very different. Because we’re talking about voice interactions. The acoustic environment, the pattern of noises, will be very different. Alexa, Echo, and Cortana are optimized for American homes. In my view, this only works in North America and maybe a portion of Europe. Essentially, the assumption is that you have spacious homes; you have several rooms. In China, that’s not the case at all. For our target, even for the young generation with high incomes, typically they have 60 square meters [645 square feet], sometimes 90 square meters [970 square feet].

We have better opportunities to globalize DuerOS, because guess what? A home in Japan, a home in India, or a home in Brazil, is a lot closer to a home in China than a home in North America.

«

link to this extract


Video autoplay policy changes • Google Developers

»

As you may have noticed, web browsers are moving towards stricter autoplay policies in order to improve the web experience for users, minimize the incentives to install extensions that block ads, and reduce data consumption on expensive and/or constrained networks.

With these new autoplay policies, the Chrome team aims to provide a greater control to users over content playing in their browser. Those will also benefit publishers who have legitimate autoplay use cases.

Chrome’s autoplay policies are simple:

• Muted autoplay is always allowed.
• Autoplay with sound is allowed if any of the following conditions are met:
– User has interacted with the site (click, tap, etc.)
– Media Engagement Index threshold is crossed (desktop only)
– Site has been installed using the “Add to Homescreen” flow (mobile only)
• Top frame can delegate autoplay permission to their iframes to allow autoplay with sound.

«

The link to “noticed” is to the Safari team’s noticed about how they’re making video policies even tighter. Not only are people annoyed by autoplay videos; they’re also the source of a huge amount of ad fraud (autoplaying videos with sound off with display positions far off your screen). Chrome ought to be ahead of Safari on this, since it’s in Google’s interest if there isn’t ad fraud – isn’t it?

link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: Facebook v Mueller (yes, that one), FaceID questions answered, Equifax’s musical security, and more


Do you want AI to be outing people without their consent? Photo by the_gain_card on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Handle with care. I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook’s heading toward a bruising run-in with the Russia probe • Talking Points Memo

Josh Marshall:

»

I believe what we’re seeing here is a convergence of two separate but highly charged news streams and political moments. On the one hand, you have the Russia probe, with all that is tied to that investigation. On another, you have the rising public backlash against Big Tech, the various threats it arguably poses and its outsized power in the American economy and American public life. A couple weeks ago, I wrote that after working with Google in various capacities for more than a decade I’d observed that Google is, institutionally, so accustomed to its customers actually being its products that when it gets into lines of business where its customers are really customers it really doesn’t know how to deal with them. There’s something comparable with Facebook.

Facebook is so accustomed to treating its ‘internal policies’ as though they were something like laws that they appear to have a sort of blind spot that prevents them from seeing how ridiculous their resistance sounds. To use the cliche, it feels like a real shark jumping moment. As someone recently observed, Facebook’s ‘internal policies’ are crafted to create the appearance of civic concerns for privacy, free speech, and other similar concerns. But they’re actually just a business model. Facebook’s ‘internal policies’ amount to a kind of Stepford Wives version of civic liberalism and speech and privacy rights, the outward form of the things preserved while the innards have been gutted and replaced by something entirely different, an aggressive and totalizing business model which in many ways turns these norms and values on their heads. More to the point, most people have the experience of Facebook’s ‘internal policies’ being meaningless in terms of protecting their speech or privacy or whatever as soon as they bump up against Facebook’s business model.

«

link to this extract


Mueller investigation into Facebook ads may be a big deal • NY Mag

Benjamin Hart:

»

The Wall Street Journal reported on Friday that Facebook had turned over much more information to Special Counsel Robert Mueller about Russian-backed advertisements during the 2016 election than the company had shared with Congress:

»

The information Facebook shared with Mr. Mueller included copies of the ads and details about the accounts that bought them and the targeting criteria they used, the people familiar with the matter said. Facebook policy dictates that it would only turn over “the stored contents of any account,” including messages and location information, in response to a search warrant, some of them said.

«

CNN confirmed on Saturday that Mueller had indeed obtained the information with the help of a warrant.

Legal experts said that the news could signal a potentially explosive new phase in Mueller’s investigation. In a tweetstorm, Yale Law School associate dean Asha Rangappa said that to obtain the warrant, Mueller would have had to believe that a crime was committed – it is illegal for foreign people or entities to make contributions connected to American elections – and that the offense would need to be connected to “specific accounts” on Facebook.

Former federal prosecutor Renato Mariotti also focused on the warrant in a series of tweets, arguing that its presence meant that Mueller was “close to charging specific foreign people with a crime,” and that if Trump associates were part of the planning behind it, they could face serious charges as well.

«

A senior person who I know at Facebook said “that was quite a week”. There might be some more coming.
link to this extract


The AI “Gaydar” study and the real dangers of big data • The New Yorker

Alan Burdick on the reaction to the study which took pictures from Tindr and applied AI to guess – well, calculate – whether they were gay or straight:

»

Historically speaking, the hair-trigger response to the study was understandable. Regardless of the accuracy of the method, past schemes to identify gay people have typically ended in cruel fashion—pogroms, imprisonment, conversion therapy. The fact is, though, that nowadays a computer model can probably already do a decent job of ascertaining your sexual orientation, even better than facial-recognition technology can, simply by scraping and analyzing the reams of data that marketing firms are continuously compiling about you. Do gay men buy more broccoli than straight men, or do they buy less of it? Do they rent bigger cars or smaller ones? Who knows? Somewhere, though, a bot is poring over your data points, grasping for ways to connect any two of them.

Therein lies the real worry. Last week, Equifax, the giant credit-reporting agency, disclosed that a security breach had exposed the personal data of more than a hundred and forty-three million Americans; company executives had been aware of the security flaw since late July but had failed to disclose it. (Three of them, however, had off-loaded some of their Equifax stock.) The collection and sale of consumer data and buying patterns has become a vast business of which consumers are largely unaware, although they actively contribute to it by clicking on ads, accepting cookies, and agreeing to be tracked. But each new security breach reveals again that the data-collection farms feel little obligation toward us; their customer is the data buyer, not the data source.

«

link to this extract


Google will delete Android backups after two months of no device usage • Android Police

Ryan Whitwam:

»

It turns out Google won’t keep your Android backups forever. In fact, it only gives you about two months.

Android has been able to sync some apps and data to a new phone since the Eclair days, but the system was vastly improved in Marshmallow. Now, you have backups for your Android devices in a Google Drive folder, and the process of restoring is somewhat reliable. It’s far from perfect, but it usually works… unless your backup is expired. As someone on Reddit recently reminded us, Google deletes unused backups after two months. All that app and settings data is gone, and there’s no way to save it even if you’re paying for Google Drive storage.

You can see which backups of yours, if any, are set to expire by checking the backup folder in Google Drive. Backups for any device inactive for more than two weeks should have an expiration date. This is only showing up for me in the Android app, which seems especially problematic since you might not be using an Android device at all.

«

To me this tells us more about how Google views (and what it knows about) device usage, and backup retrieval, than anything else. A backup that hasn’t been touched for two months is probably for a dead device – supplanted, forgotten, lost, stolen. I’d bet that the amount of data stored is minimal. Even though 2 billion devices can add up to a lot of stored data, Google has plenty of storage for it. Except that the Reddit user who raised this had been using a “temporary” iPhone.

Apple’s use of never-expiring backups becomes odd in this context. Do you really need that two-year-old backup?
link to this extract


Every major advertising group is blasting Apple for blocking cookies in the Safari browser • Adweek

Marty Swant:

»

In an open letter expected to be published this afternoon, the groups describe the new standards as “opaque and arbitrary,” warning that the changes could affect the “infrastructure of the modern internet,” which largely relies on consistent standards across websites. The groups say the feature also hurts user experience by making advertising more “generic and less timely and useful.”

“Apple’s unilateral and heavy-handed approach is bad for consumer choice and bad for the ad-supported online content and services consumers love,” according to a copy of the letter obtained by Adweek this morning. “Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful. Put simply, machine-driven cookie choices do not represent user choice; they represent browser-manufacturer choice.”

Of course, the digital advertising world has a lot to lose if hyper-targeting becomes more diluted. According to an eMarketer report released in March, digital ad spending in the US is expected to reach $83bn in 2017, up nearly 16% from last year.

«

Apple’s response as given to John Gruber and others:

»

“Apple believes that people have a right to privacy — Safari was the first browser to block third party cookies by default and Intelligent Tracking Prevention is a more advanced method for protecting user privacy.

Ad tracking technology has become so pervasive that it is possible for ad tracking companies to recreate the majority of a person’s web browsing history. This information is collected without permission and is used for ad re-targeting, which is how ads follow people around the Internet. The new Intelligent Tracking Prevention feature detects and eliminates cookies and other data used for this cross-site tracking, which means it helps keep a person’s browsing private. The feature does not block ads or interfere with legitimate tracking on the sites that people actually click on and visit. Cookies for sites that you interact with function as designed, and ads placed by web publishers will appear normally.”

«

They thought adblocking on iOS would end the world too. Hasn’t, so far.
link to this extract


Interview: Apple’s Craig Federighi answers some burning questions about Face ID • TechCrunch

Matthew Panzarino:

»

One anecdotal thing: If you lift your phone and swipe up immediately, there’s a good chance that the Face ID system will have performed its authentication fast enough to have unlocked your device by the time you finish your swipe. That’s how fast it is.

But the speed isn’t the only question. Sunglasses, for instance, are fairly commonly worn outdoors. Federighi had mentioned in an email to a user that “most” sunglasses would work fine.…

…Face ID requires that it be able to see your eyes, nose and mouth. This means there are scenarios where it just won’t work.

“If you’re a surgeon or someone who wears a garment that covers your face, it’s not going to work,” says Federighi. “But if you’re wearing a helmet or scarf, it works quite well.”

This means that Face ID is not going to be a viable option for people who wear a mask for work or wear a niqab, for instance. They would need to use a passcode. Federighi notes that this limitation is similar to Touch ID, which simply didn’t work if you wore gloves or had wet fingers.

Another common question is about what kind of angles and distances you can be at in relation to your iPhone to get it to unlock.

“It’s quite similar to the ranges you’d be at if you put your phone in front-facing camera mode [to take a picture],” says Federighi. Once your space from eyes to mouth come into view that would be the matching range — it can work at fairly extreme angles — if it’s down low because your phone is in your lap it can unlock it as long as it can see those features. Basically, If you’re using your phone across a natural series of angles it can unlock it.”

«

The question all becomes one of “what does ‘look’ at your phone mean?” From the demos I’ve seen it’s not a fixed stare. It’s a lot more casual than that.
link to this extract


Changes in the new iTunes • Apple Support

»

The new iTunes [on desktop; version 12.7] focuses on music, movies, TV shows, podcasts, and audiobooks. Apps for iPhone, iPad, and iPod touch are now exclusively available in the new App Store for iOS. And the new App Store makes it easy to get, update, and redownload apps—all without a Mac or PC.

You’ll find these changes in the new iTunes:
• Apps: Looking for your past iOS app downloads? Learn how to redownload apps on your iOS device.

• iTunes U: Collections of iTunes U content appear in the Podcasts section of iTunes. 

• Internet Radio: Your Internet Radio stations appear in your music library’s sidebar. Click Edit in the sidebar to show or hide Internet Radio.

• Ringtones: iOS 11 supports redownloading ringtones directly to your iOS device, without the need to use iTunes on your Mac or PC.

•Books on Windows: Books on iTunes for Windows are managed in iBooks for iOS. Learn how to redownload books on an iOS device.

«

It’s been a long run, iTunes – 16 years of syncing with Apple’s top portable devices! – but it’s finally time to cut the cord.
link to this extract


Equifax hired a music major as chief security officer and she has just retired • MarketWatch

Brett Arends:

»

When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security.

And then they might also ask him if anyone at the company has been involved in efforts to cover up [former chief security officer] Susan Mauldin’s lack of educational qualifications since the data breach became public.

It would be fascinating to hear Smith try to explain both of those extraordinary items.

If those events don’t put the final nails in his professional coffin, accountability in the U.S. is officially dead. And late Friday Equifax said both Mauldin and the company’s chief information officer have retired effective immediately [in an announcement which didn’t name either].

Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security. Late last week, her LinkedIn page was made private and her last name replaced with “M.”

This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.

«

Arends allows, fairly, that Mauldin’s music training might have equipped her for computer security. There just isn’t anything in her LI profile that would lead you to conclude she’s best-suited for the job. (Then again, there’s no responsibility to curate your LI profile to show such detail.) It would be good to have some more detail about Mauldin’s experience before this.

link to this extract


Experts say the use of private email by Trump’s Voter Fraud Commission isn’t legal • ProPublica

Jessica Huseman:

»

President Donald Trump’s voter fraud commission came under fire earlier this month when a lawsuit and media reports revealed that the commissioners were using private emails to conduct public business. Commission co-chair Kris Kobach confirmed this week that most of them continue to do so.

Experts say the commission’s email practices do not appear to comport with federal law. “The statute here is clear,” said Jason R. Baron, a lawyer at Drinker Biddle and former director of litigation at the National Archives and Records Administration.

Essentially, Baron said, the commissioners have three options: 1. They can use a government email address; 2. They can use a private email address but copy every message to a government account; or 3. They can use a private email address and forward each message to a government account within 20 days. According to Baron, those are the requirements of the Presidential Records Act of 1978, which the commission must comply with under its charter.

«

Private emails are also at risk of hacking, too.
link to this extract


Sign language interpreter used gibberish, warned of bears, monsters during Hurricane Irma update | AL.com

Leada Gore:

»

Officials in Manatee County, Florida are under fire after an interpreter for the deaf warned about pizza and monsters during an emergency briefing related to Hurricane Irma.

The interpreter, Marshall Greene, a lifeguard for the county, has a brother who is deaf, according to the DailyMoth, a video news site that provides information via American Sign Language. Greene was used as the interpreter for a Sept. 8 press conference regarding the incoming storm and possible evacuations.

Members of the deaf community said Greene mostly signed gibberish, referencing “pizza,” “monsters,” and using the phrase “help you at that time to use bear big,” during the event. Other information signed to viewers was incomplete, experts said.

«

One always suspects this about the sign language interpreters. Never expects it to be true. (Apparently the interpreter had said previously he didn’t feel confident about doing this.)
link to this extract


Errata, corrigenda and ai no corrida: none notified

The Apple Watch Series 3 ripoff: how carriers want to charge for zero data use


The Apple Watch Series 3 can take phone calls. But you’ll pay for that. Photo by portalgda on Flickr.

On first trying the Apple Watch, in 2015, my reaction was that it did a lot of things pretty well. I still wished that it had an always-on screen. But earlier this year I started taking exercise more seriously. At that point, it suddenly comes into its own: the workout apps, the heart monitoring, the calorie estimator. Add AirPods – I was quick enough to snag a pair when they went on sale in the UK last Christmas – and you have a terrific combo for running: store some music on your watch, connect AirPods, go running. No wires, no phones, and no, they don’t fall out.

When I’m out I see other runners with phones strapped to their wrists, with headphone wires all over the place. They give me odd looks. I give them an odd look right back. Exercising without wires is how it’s meant to be. (If you’ve got a Watch then I recommend the HeartWatch app, which gives you the granular detail of your heart rate, especially during workouts.)

Since you can add Apple Pay, the Watch becomes a device that can do everything while you’re out and about, even without a phone. Except.. if you don’t have a phone you can’t take phone calls, or receive and respond to text and other forms of messages, or get new data for Maps, or activate Siri, etc, etc.

Adding mobile (“cellular”) capability makes perfect sense there. Now you really can leave the phone at home, because you can receive calls anywhere you get coverage – with good LTE this means plenty of places, such as the middle of a lake, as in the Apple demo – and make them, because your contacts list is in the phone, and failing that there’s a Big Buttoned Virtual Keypad.

And generally in technology, if someone can, someone will. Samsung had already gone there, but its device was big and bulky, and it didn’t have the same phone number as your phone. Apple has solved that.

Zero data, zero incentive

What doesn’t make sense is the price that carriers are looking to charge for hooking your Watch to their network. In the US, the price is put at $10/month; in the UK, at £5 per month, on EE.

These are outrageous prices, on a par with the ludicrous data charges that carriers used to apply before the iPhone. In those days, up to mid-2007, to want data on the move marked you out as someone with money to burn, or else a raging desire for debt.

Why outrageous? Because Watch cellular data use is not additive; it’s substitutive. If you’re pulling in data on your cellular Watch, you must have left your phone behind. Ergo, you’re doing nothing with the phone, so it’s consuming (next to) no data. The data consumption has shifted to your Watch.

(Just to be clear: Apple says that your Watch uses the best available connection with your phone. If you’re in Bluetooth range, it uses that. If you’re on the same Wi-Fi network (or even, magically, a Wi-Fi network that your phone knows how to connect to, even somewhere distant) then it’ll use Wi-Fi. Now, if you’re not in range of either of those, the Watch will connect to the data network when it has to. But most of the time, and especially when you have your phone with you, it won’t be connecting to the mobile network.)

If anything, you’ll be consuming less data while you’re Watching solo – you won’t be loading Facebook pages, or giant email attachments, or scrolling through Twitter, or watching YouTube. Sure, you might be listening to music streamed from Apple Music. But you might well have been doing that anyway; if you like streaming music while you run, you’ve probably been doing that already, but with a phone around your arm. (And you can get music onto the Watch just by downloading it from the phone, rather like one used to with iPods. This is probably the biggest use case of music on the Watch even if you can stream, because runner like to create their own playlists, not rely on stuff in the cloud.)

Nor do the carriers have to send you a physical SIM; it’s done in software, in the Watch. Nor do they have to open a new account; you’re already a customer. There might be a mild bit of back-end administration to inform the cell network that two different IMEIs (mobile device IDs) have the same phone number. (Side note: the fact this can be done implies that spying on your phone calls may be easier than it seems?)

But there’s nothing in there which justifies $10/month or £5/month. And think of what that adds to the cost of the device: $120 or £60 per year. That’s a substantial chunk of the upfront price, and it never stops. On Twitter, Marine Engelvuori points out that EE ties you to a 24-month contract if you buy the watch from them, and that you have to add VAT; suddenly that device which costs £399 on its own has added £200-odd of costs over the contract lifetime.

If the cost were $1 or £1 per month, that would be tolerable; one can concede that carriers could charge for the tiny bit of administration cost that might be involved, and maybe eke a profit on the fact of this device’s new qualities. But more than that is just absurd, and it will stifle purchases by anyone who might be a marginal buyer of the service.

This is a real pity. The Series 3 is a remarkable piece of engineering: turning the screen into the aerial (I don’t even know how they do this) and maintaining the thin profile is just amazing. All the software functionality, such as heart rate monitoring and so on, is top class. People could benefit from cell-connected smartwatches, and not only the ones made by Apple. (It might encourage people to spend less time staring at screens, weirdly enough.)

But the price that the carriers are trying to charge is stupid.

Third-party like it’s 2006

It really is 2006 in wearable land; the time before carriers woke up to the broader benefit of offering services at prices which encourage people to use them. Wearables are, arguably, still at the same stage in their evolution as the smartphone was in 2006. This doesn’t mean though that the carriers couldn’t act as the midwives to help things along a little.

Remember, they’re trying to charge this amount for something which will use no extra data over you using your phone, and for which they don’t have to provide a physical item.

There is a precedent for doing this well: Amazon and the Kindle. The deal it cut for “Whispernet” meant you could download books anywhere and all you paid for was the extra 3G functionality in the upfront price. No ongoing fees. I can imagine that Apple’s board gulped a bit at the potential cost of doing that for the Watch, when people would no doubt eagerly take the chance to stream music all day and all night long forever for the extra £70. Kindle files are pretty small compared with music files, and Amazon had a monopoly on that market. So it was probably a non-starter for Apple to shoulder the cost. (This doesn’t mean there’s a cost to the carriers – as I said above, it’s substitutive. But it would be all new costs for Apple to pay for Watch data.)

Maybe the first carriers are just hoping to rake it in before competition opens up and drives prices down. Here’s hoping.

It took the iPhone, and Steve Jobs’s negotiating genius, to get carriers to adopt a flat rate model for data. It’s a disappointment that Apple hasn’t managed to push the future of connectivity forward in the other place where it matters – not on your wrist, because they’ve solved that; but in your wallet.

Start Up: Facebook’s fake election rallies, Trump blocks Lattice buy, Equifax’s woeful security, and more


Fonts can tell tales – and reveal liars – if you know enough about them. Photo by stewf on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Is that really your face, though? I’m @charlesarthur on Twitter. Observations and links welcome.

Purged Facebook page tied to the Kremlin spread anti-immigrant bile • The New York Times

Scott Shane:

»

The notice went out on Facebook last year, calling citizens of Twin Falls, Idaho, to an urgent meeting about the “huge upsurge of violence toward American citizens” by Muslim refugees who had settled there.

The inflammatory post, however, originated not in Idaho but in Russia. The meeting’s sponsor, an anti-immigrant page called “Secured Borders,” was one of hundreds of fake Facebook accounts created by a Russian company with Kremlin ties to spread vitriolic messages on divisive issues.

Facebook acknowledged last week that it had closed the accounts after linking them to advertisements costing $100,000 that were purchased in Russia’s influence campaign during and after the 2016 election. But the company declined to release or describe in detail the pages and profiles it had linked to Russia.

A report by the Russian media outlet RBC last March, however, identified the Secured Borders page as the work of the Internet Research Agency, a St. Petersburg firm that employs hundreds of so-called trolls to post material in support of Russian government policies. A Facebook official confirmed that Secured Borders was removed in the purge of Russian fakes…

…It also promoted the Aug. 27, 2016, meeting in Twin Falls, called “Citizens before refugees,” which was first reported by The Daily Beast. The call came amid incendiary claims, linking Muslim refugees in Twin Falls to crime, that circulated on far-right websites last year. In May, Alex Jones, of the conspiracy site Infowars.com, retracted a claim that the Twin Falls yogurt company Chobani, which had made a point of hiring refugees, had been “caught importing migrant rapists.”

Shawn Barigar, the mayor of Twin Falls, said that the City Council Chambers, where the supposed meeting was called on a Saturday, were closed that day and that officials did not recall any gathering. But he said that after two years of “robust debate” over the city’s refugee resettlement program, which dates to the 1980s, it was “kind of surreal” to discover that Russia had joined in.

«

This reminds me of a Philip K Dick short story called “If There Were No Benny Cemoli” which – because he was a genius ahead of his time – is all about fake news and fake events. Something about this really gives me the shivers.
link to this extract


Trump blocks China-backed Lattice bid • Bloomberg

»

President Donald Trump blocked a Chinese-backed investor from buying Lattice Semiconductor Corp., casting a cloud over Chinese deals seeking U.S. security clearance and spurring a call for fairness from Beijing.

It was just the fourth time in a quarter century that a U.S. president has ordered a foreign takeover of an American firm stopped on national-security concerns. Trump acted on the recommendation of a multi-agency panel, the White House and the Treasury Department said Wednesday. The spurned buyer, Canyon Bridge Capital Partners LLC, is a private-equity firm backed by a Chinese state-owned asset manager.

The Trump administration has maintained a tough stance against Chinese takeovers of American businesses even as it seeks China’s help to resolve the North Korean nuclear crisis. Other deals under review include MoneyGram International Inc.’s proposed sale to Ant Financial, the financial-services company controlled by Chinese billionaire Jack Ma. The government is also examining an agreement by Chinese conglomerate HNA Group Co. to buy a stake in SkyBridge Capital LLC, the fund-management firm founded by Anthony Scaramucci, who was briefly Trump’s White House communications director…

…Lattice makes programmable logic chips, which have a wide variety of uses because their attributes can be changed using software. The chips are used in communications, computing, and in industrial and military applications. The company generates more than 70% of its revenue in Asia, according to data compiled by Bloomberg.

Trump’s move builds on years of U.S. opposition to China’s efforts to bolster its chip industry by buying American technology. China, the world’s largest chip market, has been on the hunt for acquisitions in the field as it looks to build a domestic supply and rely less on imports, as the $300bn global semiconductor industry undergoes its biggest wave of consolidation.

«

link to this extract


“Font detectives” use their expertise to solve high stakes cases • WIRED

Glenn Fleishman:

»

Most forgeries that experts expose aren’t very sophisticated to the discerning type eye. [Thomas] Phinney recounts his involvement in a case he calls The Respected Rabbi: A Long Island rabbi faced controversy among his congregation after his name failed to appear on a list of alumni from the school at which he said he’d obtained ordination. Phinney says he was told, too, that the rabbi “didn’t know his theology as well you might expect from a rabbi.”

After much tsorres, the rabbi presented a board member with a faxed copy of his proof of smicha, or ordination, issued in 1968. It was from an institution that had closed, and its records had been destroyed in a fire. Called in to examine the smicha, Phinney quickly noted that the entire document was in fancy, handwritten calligraphy, except the recipient’s name, which was set in a typeface that had a calligraphed feel.

Though diplomas and similar documents were once written by an expert hand, most have been printed en masse for centuries (Harvard started printing its in 1813) with a blank space left for the recipient’s name. That name is typically then added either via a calligrapher or a letterpress in the same font as the rest of the diploma. But a diploma written by hand with the blank filled in with a calligraphic printed typeface? That was extremely unlikely. Phinney also identified the face as Monotype Corsiva, a font released in the early 1990s, making the chronology impossible.

«

This article has three headlines: the one above, the one on this article (“Meet the font detectives who ferret out fakery”), and the print one – “I shot the serif.” BOOM. Lots of good stories in this.
link to this extract


What happens if a cop forces you to unlock your iPhone X with your face? • The Washington Post

Brian Fung:

»

While you can’t legally be compelled to give up your passcode, some analysts say, courts have ruled that law enforcement can compel you to give up your fingerprint under certain conditions. Under a standard known as “reasonable suspicion,” you can be required to provide your fingerprint. Could the same standard be applied to your facial data? That’s what is unclear.

That said, Americans enjoy one additional layer of legal protection. Even if a police officer uses your biometric information to unlock a phone, he or she must still obtain a search warrant to search the phone. The warrantless searching of cellphones was ruled unconstitutional by the Supreme Court in Riley v. California in 2014.

“That’s now established Supreme Court doctrine,” Calabrese said. Either way, he said, the best protection is probably to use a strong passcode.

Given how confusing the law can be on these issues, can’t there be some kind of technological solution?

A partial one may be in the works. The new version of Apple’s mobile operating system, iOS 11, is said to contain a fail-safe that will not only disable Touch ID, but also potentially Face ID. By pressing the power button five times in quick succession, an iPhone will stop accepting biometric data as an unlocking mechanism and require a passcode, according to the researcher who discovered the feature in a beta version of iOS 11.

It is not clear how long the fail-safe lasts before things revert to the regular mode. Apple did not respond to a request for comment.

«

It was all going so well until that last paragraph, which is clueless. “Regular mode” is “requiring a passcode”. Only when you’ve entered a passcode is the biometric unlock (finger or face) enabled. Pressing the side button five times does indeed disable the biometric unlock. If you feel you need to, that’s your solution.

(Added to the “close but no cigar” category on iPhone X and FaceID.)
link to this extract


Ayuda! (Help!) Equifax has my data! • Krebs on Security

Brian Krebs:

»

Earlier today, this author was contacted by Alex Holden, founder of Milwaukee, Wisc.-based Hold Security LLC. Holden’s team of nearly 30 employees includes two native Argentinians who spent some time examining Equifax’s South American operations online after the company disclosed the breach involving its business units in North America.

It took almost no time for them to discover that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”

We’ll speak about this Equifax Argentina employee portal — known as Veraz or “truthful” in Spanish — in the past tense because the credit bureau took the whole thing offline shortly after being contacted by KrebsOnSecurity this afternoon. The specific Veraz application being described in this post was dubbed Ayuda or “help” in Spanish on internal documentation.

Once inside the portal, the researchers found they could view the names of more than 100 Equifax employees in Argentina, as well as their employee ID and email address. The “list of users” page also featured a clickable button that anyone authenticated with the “admin/admin” username and password could use to add, modify or delete user accounts on the system…

Each employee record included a company username in plain text, and a corresponding password that was obfuscated by a series of dots.

However, all one needed to do in order to view said password was to right-click on the employee’s profile page and select “view source,” a function that displays the raw HTML code which makes up the Web site. Buried in that HTML code was the employee’s password in plain text.

«

🙄
link to this extract


Failure to patch two-month-old bug led to massive Equifax breach • Ars Technica

Dan Goodin:

»

The Equifax breach that exposed sensitive data for as many as 143 million US consumers was accomplished by exploiting a Web application vulnerability that had been patched more than two months earlier, officials with the credit reporting service said Thursday.

“Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted,” company officials wrote in an update posted online. “We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.”

The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on Web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.

«

At what point does not updating become dereliction of duty?
link to this extract


Photos: What it was like to attend Apple’s iPhone X event • Recode

Dan Frommer:

»

it was the first keynote Apple held in its new Steve Jobs Theater — named after the late Apple founder, who made these “Stevenotes” into the sort of mainstream cultural and media events that millions of people would stream live.

I was in attendance yesterday and took hundreds of photos. Here’s my experience, as told through a few dozen.

«

They’re great pictures (well, spoiled by some clown in one of them). The one that really captures it is the young kid, who we thought might be the tech correspondent for the Ellen de Generes show – seriously. One day, all tech correspondents will be this young, or old.

What that picture really shows, though, is the amazing size of Apple’s new building, in the distance. It’s perhaps 500m away. It’s circular. And it just seems to go on and on; you can see one edge, but not the other. You know the spaceship in Independence Day, which just looms over everything? Like that, but landed.
link to this extract


Google’s influence over its network of influencers • Search Neutrality

Shivaun and Adam Raff run Foundem, the “vertical search” (shopping) site which first complained to the EC about Google’s demotion of their site in organic results:

»

We accept that many of the academics and other professionals within Google’s extensive network of influencers sincerely believe that their pro-Google opinions are their own and are not influenced by their (or their institution’s) financial ties to Google.  However, it is noteworthy how often these opinions are underpinned by an eerily consistent misrepresentation of the basic facts of the Google case that belies, at the very least, a failure to treat Google’s representations of the case with the healthy scepticism one would normally reserve for a defendant.

The criticisms of the EC’s Google Search verdict by Google-funded academics and think tanks have tended to rely on and mirror many of the same fundamental misrepresentations and omissions that Google’s own criticisms of the verdict rely on. For example:

• They tend to focus exclusively on Google’s anti-competitive promotion of its own services (through Universal Search), while ignoring Google’s anti-competitive demotions and exclusions of competing services (through anti-competitive penalties). This is an important omission because any defence of one practice inevitably undermines the defence of the other.

• They neglect to point out that pay-for-placement advertisements are not a substitute for the relevance-based search results they are anti-competitively replacing. This is not a minor omission: paid advertisements are not what users visit Google for, and, when they are used to promote the merchants willing to pay Google the most money for a click rather than those offering users the lowest prices, the resultant user harm is obvious.

• They ignore the inconvenient yet immutable fact that Google only introduced these pay-for-placement advertisements (which underpin all of Google’s misleading ad-based arguments) in February 2013—at least 7 years after the introduction of Google’s anti-competitive practices, 3 years after the start of the EC’s investigation, and 11 months after the commencement of “settlement” negotiations with Commissioner Almunia. (See our December 2016 Paper for some of the history, context, and consumer harm resulting from Google’s progressive blurring of the lines between search results and pay-for-placement ads).

The perception-shaping power of Google’s sophisticated and disciplined PR machine is far-reaching.

«

link to this extract


Apple Watch Edition 3 vs Samsung Gear S3 Frontier LTE • SmartWatch Specifications

The contrast is remarkable: the Apple Watch screen is notably bigger (1.65in v 1.3in), and yet smaller in every other dimension; even compared to the 42mm Watch, not the 38mm, the Samsung has 64% more volume and weighs 33% more.

Some of the finer details on the comparison are wrong though – it doesn’t seem to accept you can take and make calls on the Apple Watch, and it suggests it works with Android devices. It doesn’t.

And of course the Apple Watch will have the same phone number as its parent iPhone; the Samsung device won’t. But don’t get me started on the utter ripoff of the prices carriers are charging for data plans for the Watch, which is substitutional use rather than additive. They should be ashamed. (Via Ben Thompson.)
link to this extract


Do autonomous cars dream of driverless roads? • Dark Reading

Laurence Pitt is strategic director for security at Juniper Networks in Europe/Mid-East/Africa:

»

The UK government is seeking to take a leadership role in the development of these rules by contributing an Autonomous and Electric Vehicle bill which will create a new insurance framework for self-driving cars. In tandem, the UK Department for Transport and Centre for the Protection of National Infrastructure have released a series of documents outlining principles of cyber security for connected and automated vehicles.’These documents form a modern version of Asimov’s Robotic Laws, but with the focus being on the automotive manufacturers to ensure that these vehicles are developed with a defense-in-depth approach so that they remain resilient to threat at all times – even in situations where sensors are unable to respond due to attack or failure.

This legislation will put the United Kingdom at the centre of these new and exciting technological developments, while ensuring that safety and consumer protection remain at the heart of an emerging industry.

«

Top marks to the sub-editor who ignored Pitt’s chosen narrative (Asimov’s Laws, which as he points out aren’t applicable because the cars aren’t sentient) and went with the Philip K Dick one for the headline.

In fact, I’d say it’s headline of the month.
link to this extract


Errata, corrigenda and ai no corrida: the review of the Essential phone in yesterday’s roundup was by Ryan Whitwam, not David Ruddock.

Start Up: averaging MPs’ faces, Apple’s big OLED plans, what hunter-gatherers had, and more


The iPhone X: still many questions, whose answers you’ll have to wait for. Photo by perzonseo on Flickr.

A selection of 11 links for you. See? I’m @charlesarthur on Twitter. Observations and links welcome.

The case against civilisation • The New Yorker

John Lanchester reviews “Against the Grain: A Deep History of the Earliest States” by James Scott:

»

So why did our ancestors switch from this complex web of food supplies [as hunter-gatherers] to the concentrated production of single crops? We don’t know, although Scott speculates that climatic stress may have been involved. Two things, however, are clear. The first is that, for thousands of years, the agricultural revolution was, for most of the people living through it, a disaster. The fossil record shows that life for agriculturalists was harder than it had been for hunter-gatherers. Their bones show evidence of dietary stress: they were shorter, they were sicker, their mortality rates were higher. Living in close proximity to domesticated animals led to diseases that crossed the species barrier, wreaking havoc in the densely settled communities. Scott calls them not towns but “late-Neolithic multispecies resettlement camps.” Who would choose to live in one of those? Jared Diamond called the Neolithic Revolution “the worst mistake in human history.” The startling thing about this claim is that, among historians of the era, it isn’t very controversial.

The other conclusion we can draw from the evidence, Scott says, is that there is a crucial, direct link between the cultivation of cereal crops and the birth of the first states. It’s not that cereal grains were humankind’s only staples; it’s just that they were the only ones that encouraged the formation of states. “History records no cassava states, no sago, yam, taro, plantain, breadfruit or sweet potato states,” he writes. What was so special about grains? The answer will make sense to anyone who has ever filled out a Form 1040: grain, unlike other crops, is easy to tax. Some crops (potatoes, sweet potatoes, cassava) are buried and so can be hidden from the tax collector, and, even if discovered, they must be dug up individually and laboriously. Other crops (notably, legumes) ripen at different intervals, or yield harvests throughout a growing season rather than along a fixed trajectory of unripe to ripe—in other words, the taxman can’t come once and get his proper due. Only grains are, in Scott’s words, “visible, divisible, assessable, storable, transportable, and ‘rationable.’ ” Other crops have some of these advantages, but only cereal grains have them all, and so grain became “the main food starch, the unit of taxation in kind, and the basis for a hegemonic agrarian calendar.” The taxman can come, assess the fields, set a level of tax, then come back and make sure he’s got his share of the harvest.

«

Also in the piece: we don’t give our forebears enough credit for their innovations. Principally, the adoption and use of fire.
link to this extract


Essential Phone review: Essentially okay • Android Police

David Ruddock:

»

The biggest potential deal breaker is the camera, which is considerably below average. Shutter lag is huge, and focusing takes too long. Photos often have washed out colors, poorly managed exposure, and HDR mode makes almost no difference in image quality (but it does slow the camera down even more). There are phones with better cameras that cost much less (like the OnePlus 5). The Pixel or Galaxy S8 absolutely blow the Essential Phone out of the water when it comes to photo quality. Those phones only have one camera, too. The Essential Phone’s secondary monochrome sensor is supposed to sharpen photos, but I can’t say if it’s doing any good. What I can say is Essential needs to work on its image processing algorithms.

Essential is doing some fascinating stuff with the hardware, and I definitely want to see more from the company. However, I don’t think spending $700 on this device is a good idea.

«

link to this extract


IPad Pro: Apple quietly hikes the price • CNBC

Todd Haselton:

»

Apple quietly increased the price of the 256GB and 512GB versions of its 10.5-inch and 12.9-inch iPad Pro tablets.

The price change was first spotted by the blog MacRumors.

Prior to Tuesday’s Apple rollout, consumers could purchase the 256GB and 512GB 10.9-inch iPad Pro for $749 and $949, respectively. Those models now cost $799 and $999, respectively. The 12.9-inch iPad Pro saw its 256GB and 512GB models increase by $50 to $949 and $1,149, respectively, with the latter nearing the price of a MacBook.

The price of the 64GB version of both iPads remains unchanged.

«

It raised the prices on last year’s iPhones too. So this is surely about memory – prices have rocketed in the past year or so.
link to this extract


The one wireless speaker you won’t ever want to hide from view • Bloomberg

»

Master & Dynamic, the three-year-old New York startup, has quickly made an impression among aficionados for its headphones and earbuds. It also has a way with collaborations, including standouts with the Rolling Stones, Bamford Watch Department, and Leica Camera. Now, for its first venture into the world of speakers, Master & Dynamic has enlisted Sir David Adjaye, whose National Museum of African American History and Culture opened in Washington last year. The architect upends the category with the MA770, a striking 35-pound, 16-by-20-inch countertop unit made of concrete composite.

«

Look at the picture and you will agree with me that not only will you want to hide it from view, you will not want to spend money on it nor bring it home.
link to this extract


Sony and Samsung pressure Huawei’s growth in Europe • Kantar Worldpanel

Dominic Sunnebo on the three months to the end of July 2017, according to Kantar’s longitudinal buyer panel (which looks at shifts in ownership, not pure sales numbers):

»

The renewed focus by Sony and Samsung on their successful entry-level models put more pressure on Huawei in Europe, as its share fell in Spain and Great Britain. However, gains in Germany and Italy helped Huawei’s EU5 share grow to 14.6% in the three months ending July, up from 12.4% one year earlier.

In the USA, Samsung remained in the top spot during the three months ending in July with a 36.2% share, with Apple close behind at 34.1%. The growth rates of the two brands are almost exactly matched at 2.5% for Samsung and 2.6% for Apple. The iPhone 7 was the top-selling handset during the period at 12.6% of sales, while the newer Samsung Galaxy S8 stood at 8.8%.

“Apple’s US growth is very impressive, given that an all-new iPhone is expected to be announced on September 12, and should become available for purchase later in the month,” Sunnebo added.

Apple saw something of a rebound in Urban China in the July data period, with share +5.1%pts to 19.3%. The large screen iPhone 7 Plus was the top selling device in Urban China in the month of July, the first time the Plus version has outsold the smaller screen iPhone 7.

«

link to this extract


South Korean companies start to make investments again for Apple’s OLED iPhones • ET News Korea

Yun Keonil:

»

South Korean companies started making second investments in order to supply their products to Apple for its OLED iPhones.. Because Apple is planning to double the amount of models that will be equipped with OLED displays in 2018 after releasing its first OLED iPhones this year, many Smartphone part manufacturers started extending their production facilities. It is heard that Apple is planning to produce up to 170 million OLED iPhones in 2018 after producing about 70 million OLED iPhones this year. If current Smartphone part manufactures obtain entire orders of increased supply, Apple’s sales will jump by about 140%. It is predicted that its sales will jump up to 100% even if reduction in unit cost due to increase in supply is considered. Billions of dollars worth of trickle down effect is expected as Apple is set to release more OLED iPhones.

«

70m iPhone Xs in 2017 is a lot of iPhone Xs.
link to this extract


Apple’s iPhone X: wait for the reviews • The Verge

Vlad Savov raises (but sensibly doesn’t try to answer) many valid questions, such as “how good is the new swipe-based interface?” and “will the glass back hold up over the long run?”:

»

Many of today’s questions about the iPhone X are inherent in Apple’s premise of this being the phone of the future. Of course the day-one iPhone X apps will be mere adaptations of iPhone apps that were built for different screens, devices, and interaction paradigms. You can’t expect those to be superior right away, but the idea is that the new UI and taller, bezel-starved screen will eventually pay off in a better overall user experience. The same goes for Face ID and the hardware tweaks designed to facilitate useful things like wireless charging.

If you ask Apple, the company will probably tell you that the iPhone X is its no-compromise vision for what a phone should be. I look at things a little differently. The sensor-laden notch at the top of the iPhone X’s screen is an apt metaphor for the compromises Apple had to make: it spoils the perfect all-screen front just a little bit, representing the eternal struggle to balance aesthetic and technical requirements in a thoughtful way. How well the iPhone X strikes that balance is an open question right now. And that’s what makes me wary to reach conclusions until at least the first reviews come in.

«

This is absolutely the right approach. And even initial reviews won’t answer this, because they’ll be about having used the phone for a week or so. This is going to be a long haul. (Thanks RG for the link.)
link to this extract


Smartphones are driving all growth in web traffic • Recode

»

Smartphones are driving all growth in U.S. web traffic, while tablets and computer web access has declined, according to new data from Adobe Analytics.

Screenshot 2017 09 13 06 47 29

Since January 2015, there has been a 68% increase in smartphone web traffic in the U.S., while desktop and tablet both saw declines. Overall, web traffic has been pretty much flat, according to Adobe’s Media & Metrics report that was released Monday. Adobe tracked more than 150 billion visits to or launches of 400 large company sites and apps since January 2015, using anonymous and aggregated data from companies on Adobe Experience Cloud.

«

This is change rather than total, but it’s still dramatic. -30% for desktops/laptops, -16% for tablets.
link to this extract


I calculated the average face of a UK Member of Parliament and here’s what I found • Medium

Giuseppe Sollazzo:

»

The UK Parliament Digital Service has recently released an archive of official portraits of MPs shot by photographer Chris McAndrew (under a CC BY licence! Open Data, yay!) As I’m playing with image manipulation and Machine Learning to train a cohort of medical researchers, I thought the portraits would make an excellent test of what’s possible in the wild.

Using Machine Learning on faces has recently been subject of controversy, when researchers at Stanford University developed an algorithm that detects whether the face in a photo belongs to a gay person. Steering away from controversy, I thought that it would be interesting to find out what the average MP looks like. There has been a good deal of research on this concept, some of which is rather catchy. In 2015 the Guardian reported that we tend to find average faces the most attractive. I’m not sure this applies to MPs (and let’s avoid all jokes about average, i.e. centrist, faces), but here we go.

«

Here you go:

As he observes: quite like Cameron. But he then breaks it down into political parties, which gives some nuance.
link to this extract


How my doppelgänger used the Internet to find and befriend me • Splnter News

Kashmir Hill:

»

My first reaction was, “Whoa. This is creepy.” When I showed it to colleagues and friends, they had the same reaction. Not only did she look a lot like me, but she had obviously gone to some trouble to stage a photo in the same pose as my Google Plus profile photo.

She explained in the email that she and her two young sons had been eating at a “Smashburger” in her hometown of Phoenix when three “well-dressed gentlemen” approached her and one said, “I hope this doesn’t sound too weird but does your name happen to be Kashmir?” When she said no, he showed her a photo of me that he’d pulled up on his smartphone; she was shocked by the likeness. They told her I was a big name in what sounded like “bit con” to her. When she got home, she tried to find me by Googling variations of “Cashmere” and “bit con” with no success. Then she asked Facebook for help. A friend of hers who knew people interested in Bitcoin quickly figured out who I was and posted a photo of me that Leigh was convinced was her, until she realized she had never owned the shirt I was wearing. “Mind blown,” one of her Facebook friends commented. “It’s like the twins separated at birth from a soap opera,” said another.

After deciding that this person probably wasn’t planning to murder me and take over my life, I emailed back about the uncanny likeness, and asked if she wanted to meet or videochat to see if we looked as much alike when our faces were moving. So we arranged a FaceTime meeting to compare faces. We both felt like looking alike meant we had to meet for some reason.

«

This is from 2015. Now, of course, we want Kashmir and her kinda-double to try out Apple’s iPhone X face recognition to see if it can tell the difference. (My guess: it will.)
link to this extract


Google responds to Apple’s Intelligent Tracking Prevention with AdWords tracking update • Search Engine Land

Ginny Marvin:

»

In short, with ITP, third-party cookies that are determined to be able to track users across sites can only be used for 24 hours from the time a user visits a website via Safari. After 24 hours, the third-party cookies can only be used for log-in purposes. The cookies are purged entirely after 30 days.

This means that unless a user converts within 24 hours of last visiting an advertiser’s site after clicking an AdWords ad, for example, the conversion attribution will be lost. With Safari accounting for nearly 50% of mobile web traffic share in North America, ITP has the potential to wreak havoc on mobile ad conversion attribution.

«

This sounds arcane (ok, it is quite arcane) but for Google, it has the ability to (as the article says) wreak havoc on the satisfaction of advertisers. (Not people on the web.) In essence, Google and Apple are still fighting a guerilla battle over pervasive tracking.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: Apple Pay on iPhone X, Russia’s fake Americans, Yelp accuses Google, and more


Apple’s new iPhone has a big screen. Not quite that big. Photo by Mark Gregory007 on Flickr.

A selection of 10 links for you. Priced to sell. I’m @charlesarthur on Twitter. Observations and links welcome.

The fake Americans Russia created to influence the election • The New York Times

Scott Shane:

»

Sometimes an international offensive begins with a few shots that draw little notice. So it was last year when Melvin Redick of Harrisburg, Pa., a friendly-looking American with a backward baseball cap and a young daughter, posted on Facebook a link to a brand-new website.

“These guys show hidden truth about Hillary Clinton, George Soros and other leaders of the US,” he wrote on June 8, 2016. “Visit #DCLeaks website. It’s really interesting!”

Mr. Redick turned out to be a remarkably elusive character. No Melvin Redick appears in Pennsylvania records, and his photos seem to be borrowed from an unsuspecting Brazilian. But this fictional concoction has earned a small spot in history: The Redick posts that morning were among the first public signs of an unprecedented foreign intervention in American democracy.


A Facebook post, by someone claiming to be Melvin Redick, promoting a website linked to the Russian military intelligence agency G.R.U. Credit The New York Times

The DCLeaks site had gone live a few days earlier, posting the first samples of material, stolen from prominent Americans by Russian hackers, that would reverberate through the presidential election campaign and into the Trump presidency. The site’s phony promoters were in the vanguard of a cyberarmy of counterfeit Facebook and Twitter accounts, a legion of Russian-controlled impostors whose operations are still being unraveled.

«

This is quite an investigation, done by the NYT with FireEye.
link to this extract


Screw my iPhone, I just want the new Apple Watch • Fast Co Design

Jesus Diaz:

»

This is a tiny device that I can wrap around my wrist to connect me to other people beaming signals through space without having to look like too much of a douchebag. I can take it with me at all times without worrying about it getting dropped or stolen. I use it to do everything I do with my iPhone except take photos and videos. I can access all the music I have in the cloud and listen to it in my AirPods. And it has new, enhanced heart monitoring software–the icing on the cake that will alert me when I have a heart attack on my way from the sofa to the fridge to lick the actual icing on the actual cake that is waiting for me right now.

Can I ditch my iPhone and live with an Apple Watch Series 3? Yes, if it truly works as advertised, I think I can. Like me, I suspect millions will look at this watch as an alternative to their phones–if not as a complete replacement, at least as a replacement for a large part of their day. The phone is still better for things that require concentration, like extensive writing, reading, or viewing large photos and videos. But I only do those things for work, and only on very specific occasions.

«

Alas, US carriers are pricing the data plan for the new Watch at $10/month – which is a ripoff. Consider: when you’re using the Watch, you’re pretty much certainly not using your phone, so you’re not using data on it. And you’d have to be going some to use any appreciable amount of data on the Watch. US carriers are greedy. (Three-month free trials don’t solve anything. Drug dealers do the same.)

One can hope for better in the UK and elsewhere. The first partner will be EE; don’t expect that to be cheap either. Competition is needed from those who realise the marginal benefit of really cheap data plans.

Diaz’s broader point, about the shift to smaller screens, is worth considering.
link to this extract


Face ID on the iPhone X is probably going to suck • Ars Technica

Ron Amadeo:

»

Face ID on the iPhone X uses a “TrueDepth” camera setup, which blasts your face with more than 30,000 infrared dots and scans your face in 3D. Apple says this can “recognize you in an instant” and log you into your phone.

None of that matters. Face ID is still going to suck.

This is not the first phone we’ve tried with a facial recognition feature, and they all have the same problem. It doesn’t matter how fast or accurate Face ID is, the problem is the ergonomics: you need to aim it at your face. This is slow and awkward, especially when compared to a fingerprint reader, which doesn’t have to be aimed at anything.

Consider the “taking it out of your pocket” use case: If you’re good, you’ll stick your hand in your pocket and grip the phone so your finger lands on the fingerprint reader. Touch ID works as both an “on” button and an “authentication” button. In one touch, you’ve turned on the phone and logged in. You haven’t even fully taken the phone out of your pocket yet, and it’s already on and unlocked. By the time you bring the phone to your face, the unlock process is finished and you’re looking at the home screen.

To use the iPhone X’s Face ID, you have take the phone out of your pocket, lift it up to your face, swipe up to turn it on, and only then can can you start the unlock process. The difference is probably one or two seconds, but for something you do 80 times a day, having the fastest possible unlock system really matters.

Consider authenticating with Apple Pay. With a fingerprint reader, you can slam your iPhone on the credit card terminal while holding your finger on the Touch ID button, and everything will just work. You’re continuously authenticating and beaming credit card data at the same time, which is easy, intuitive, and hard to mess up. According to Craig Federighi’s Face ID demo during the keynote, you now have to open up Apple Pay first, then aim the phone at your face so Face ID can work. Only then can you tap against the credit card terminal. That’s two extra steps.

«

I’m pretty sure Ron wasn’t at the Apple event, so didn’t get hands-on time with the iPhone X. I was, and did. Apple Pay with facial recognition is a key question I’ve raised myself in the past, so asked for a demo.

The unlocking works at easy arm’s length; it’s not like Samsung’s formal version. It’s quick – probably as fast as the first-generation TouchID. For Apple Pay, you could double-click the side button while it’s in your pocket, pull it out, face unlock as you walk (towards a TfL terminal, say) and hold it to the reader. The pay system remains active for 60 seconds. Plus – an advantage – you don’t have to “end-hold” it, where it’s liable to fall or be knocked out of your hand; you’ll be holding it in your full hand grip.

Anyway, it should be fun to come back to this article in eight months’ time or so.
link to this extract


Apple’s iOS 11 makes it tougher than ever for cops to grab your data • WIRED UK

Andy Greenberg:

»

In recent versions of iOS, any iPhone plugged into an unfamiliar computer would ask the user if he or she was willing to trust that new machine before exchanging any data with it. That meant if cops or border agents were able to seize an unlocked iPhone or compel its owner to unlock a locked one with a finger on its TouchID sensor, they could simply plug it into a desktop via a cable in its lightning port, choose to trust the new machine with a tap, and upload its contents using forensic software like Elcomsoft or Cellebrite. (That’s particularly important because courts have found criminal suspects can’t plead the Fifth Amendment and refuse to offer their fingerprints, as they sometimes can with a password or passcode.)

But in iOS 11, iPhones will not only require a tap to trust a new computer, but the phone’s passcode, too. That means even if forensic analysts do seize a phone while it’s unlocked or use its owner’s finger to unlock it, they still need a passcode to offload its data to a program where it can be analysed wholesale. They can still flip through the data on the phone itself. But if the owner refuses to divulge the passcode, they can’t use forensic tools to access its data in the far more digestible format for analysis known as SQLite. “There’s a huge amount of data that can’t be effectively analysed if you have to look at it manually,” says Vladimir Katalov, Elcomsoft’s co-founder. “On my phone, I have more than 100,000 messages and several thousand call logs. The manual review of that data is not possible.”

«

In retrospect, an obvious move. This makes the iPhone even more secure against law enforcement – of all stripes.
link to this extract


The best utility apps for iOS • Initial Charge

Michael Rockwell:

»

On a recent episode of Mac Power Users, Katie Floyd and David Sparks discussed their favorite iOS utilities — simple little apps that do one thing really well. I thought I’d follow in their footsteps and publish a list of, what I consider to be, the best iOS utilities available.

«

If you use iOS, you’ll probably find something you like here. (Read it on your iPhone/iPad so the links work directly..) The “Unobstruct” content blocker for getting rid of floating social toolbars “and other unnecessary cruft” is probably a must-have.
link to this extract


Yelp claims Google broke promise to antitrust regulators • WIRED

Nitasha Tiku:

»

As part of the 2012 agreement, operators of other websites can opt out of having content such as photos or user-generated reviews scraped by Google for its own services, such as Shopping or Google+ Local. Yelp opted out and says that Google agreed to stop scraping Yelp content even before the formal agreement [with the FTC in 2012], in response to a cease-and-desist request to Google in July 2011.

Yelp suspected Google had resumed scraping after the owner of a North Carolina gym told Yelp that an image from a Yelp listing for another gym was showing up as its Google business listing. Yelp set up a test to see if Google was pulling images from its servers. Yelp says it found Google pulled almost 386,000 images from Yelp in an hour, and then used some of the photos in business listings in Google Maps. Yelp says it searched Google for 150 of those businesses and found that a Yelp photo was a lead image in Google’s Local OneBox—which shows a business’s location, phone number, and reviews—in 111 cases.

«

Google is the scorpion on the fox’s back crossing the river: its behaviour is fixed, even if it’s self-destructive. And the key part of that behaviour is scouring the internet for content. The company said “it did not intend” to use the images. Yelp says that 386,000 isn’t quite an accident.
link to this extract


There’s blood in the water in Silicon Valley • Buzzfeed

Ben Smith is Buzzfeed’s editor-in-chief:

»

The blinding rise of Donald Trump over the past year has masked another major trend in American politics: the palpable, and perhaps permanent, turn against the tech industry. The new corporate leviathans that used to be seen as bright new avatars of American innovation are increasingly portrayed as sinister new centers of unaccountable power, a transformation likely to have major consequences for the industry and for American politics.

That turn has accelerated in recent days: Steve Bannon and Bernie Sanders both want big tech treated as, in Bannon’s words in Hong Kong this week, “public utilities.” Tucker Carlson and Franklin Foer have found common ground. Even the group No Labels, an exquisitely poll-tested effort to create a safe new center, is on board. Rupert Murdoch, never shy to use his media power to advance his commercial interests, is hard at work.

“Anti-trust is back, baby,” Yelp’s policy chief, Luther Lowe, DM’d me after Fox News gave him several minutes to make the antitrust case against Yelp’s giant rival Google to its audience of millions.

The new spotlight on these companies doesn’t come out of nowhere. They sit, substantively, at the heart of the biggest and most pressing issues facing the United States, and often stand on the less popular side of those: automation and inequality, trust in public life, privacy and security. They make the case that growth and transformation are public goods — but the public may not agree.

«

The noise about making companies like Google and Facebook into “utilities” simply hasn’t been thought through. How do you enforce that, under what laws? How do you effect it in one country but not others? Would the US government own it? It’s bizarre. But the “New Center”, an idea from Americans who in Europe would be seen as solidly right-wing, proposes some sort of reform of antitrust to “deal” with the dominance particularly of Facebook and Google, but also Amazon. (They’re evidently a bit puzzled by Apple’s lack of obvious dominance in anything.)
link to this extract


Trump Inc: inside the president’s not-so-blind trust • Salon.com

Michael Tanglis:

»

Our current president has two jobs: leader of the free world and the owner of hundreds of business entities worldwide. The combination is toxic for democracy.

More than 70% of Trump’s businesses are incorporated in Delaware — a state known for anonymity and secrecy. There is often very little information on the Delaware business filings. And the ambiguity and imprecision of the federal financial disclosure form filed with the Office of Government Ethics makes it difficult to discern the detailed financial health of the president or his businesses.

For example, Trump is not required to disclose net income from his businesses (as opposed to gross revenue). This raises the prospect that Trump’s businesses may be hemorrhaging money in years that he reported hundreds of millions of dollars of income. Further, the disclosure guidelines allow Trump to report liabilities totaling just hundreds of millions when the real number may be in the billions.

Trump’s tax returns — which he has refused to release — would provide the detail needed to determine the extent of his conflicts of interest.

Throughout his business career, Trump has been a boom-and-bust businessman — filing for Chapter 11 bankruptcy protection 11 times. If his business approaches another bust moment while he is president, it is hard to imagine Trump — who has exhibited so little restraint both as a businessman and now as president — not succumbing to the temptation to use the powers of his office to benefit his private interests.

In many ways, the Trump presidency is the natural culmination of the decades-long stranglehold of wealthy individuals and corporations over public policy. But Trump has taken the standard model a step further: He has cut out the middleman — the lowly elected official — who by Trump’s own admission typically needed to be greased to make the whole process work. As president, Trump now has immense power to dictate policy and direct funds to his businesses, or to others who in turn can repay him through his businesses.

«

Delaware’s position as a way to hide business dealings is very peculiar. Trump’s dealings, though, really call into question how robust the US is.
link to this extract


Cognitive Hollywood, part 1: data shows box office economics in turmoil • Medium

Yves Bergquist on the suggestion that low Rotten Tomatoes scores lead to low box office takings in the cinema:

»

I collected box office return data through Box Office Mojo for all the 150 titles released in 2017 that grossed more than $1 million, plugged in Rotten Tomatoes Scores and Audience Scores for all titles, and looked at correlation between scores and financial performance through both a basic Pearson Product-Moment Correlation Coefficient (PMCC) analysis and some linear modeling to extract r-squares (which measure the strength of the correlation). PMCC measures the linear correlation between two variables x and y. It has a value between + 1 (100% positive correlation) and -1 (100% negative correlation, often called “inverse correlation”). The closer to 0 a PMCC score, the less correlation there is between x and y.

The result? Nope. The math is pretty overwhelming in saying there was no (positive or negative) correlation in 2017 between Rotten Tomatoes Scores and box office returns.

The data showed a very small statistical relationship between good or bad Rotten Tomatoes Scores and worldwide box office revenue for 2017 so far: 12% PMCC correlation, and a .009 r-square (meaning there is likely no statistical relationship between the two variables).

Even more surprising, the impact of Rotten Tomatoes scores on opening weekend box office seemed even lower: .08 PMCC score (only 8% correlation), and a -0.001 r-square.

That’s for all 2017 titles so far. What about the Summer titles, which the executives quoted by The New York Times complained about?

Nada.

«

So it’s not only “nobody knows anything” but also “and they’re wrong about it”. I’ve heard that social media on the first weekend is now a more important indicator of how box office will go.
link to this extract


Study finds Reddit’s controversial ban of its most toxic subreddits actually worked • TechCrunch

Devin Coldewey:

»

It’s an example of one of the objections made to the idea of banning troublesome users or communities: they’ll just go elsewhere, so why bother?

Researchers at the Georgia Institute of Technology took this question seriously, as until someone actually investigates whether such bans are helpful, harmful or some mix thereof, it’s all speculation. So they took a major corpus of Reddit data (compiled by PushShift.io) and examined exactly what happened to the hate speech and purveyors thereof, with the two aforementioned subreddits as case studies.

Essentially they looked at the thousands of users that made up CT and FPH (as they call them) and quantified their hate speech usage. They then compared this pre-ban data to the same users post-ban: how much hate speech they produced, where they “migrated” to (i.e. duplicate subreddits, related ones, etc.) and whether “invaded” subreddits experienced spikes in hate speech as a result. Control groups were created by observing the activity of similar subreddits that weren’t banned.

What they found was encouraging for this strategy of reducing unwanted activity on a site like Reddit:

• Post-ban, hate speech by the same users was reduced by as much as 80-90 percent.
• Members of banned communities left Reddit at significantly higher rates than control groups.
• Migration was common, both to similar subreddits (i.e. overtly racist ones) and tangentially related ones (r/The_Donald).
• However, within those communities, hate speech did not reliably increase, although there were slight bumps as the invaders encountered and tested new rules and moderators.

All in all, the researchers conclude, the ban was quite effective at what it set out to do…

«

Encouraging.
link to this extract


Errata, corrigenda and ai no corrida: none notified

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: pricing iPhones, see humans evolve!, why credit systems are broken, Manc-y Oyster, and more


In 2011, Facebook compared political ads on its site to – guess what? Photo by vijay chennupati on Flickr.

Hey web readers: you can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. You can choose not to pay $1,000 for them. I’m @charlesarthur on Twitter. Observations and links welcome.

AI will soon identify protesters with their faces partly concealed • Motherboard

Louise Matsakis:

»

A new paper to be presented at the IEEE International Conference on Computer Vision Workshops (ICCVW) introduces a deep-learning algorithm—a subset of machine learning used to detect and model patterns in large heaps of data—that can identify an individual even when part of their face is obscured. The system was able to correctly identify a person concealed by a scarf 67% of the time when they were photographed against a “complex” background, which better resembles real-world conditions.

The deep-learning algorithm works in a novel way. The researchers, from Cambridge University, India’s National Institute of Technology, and the Indian Institute of Science, first outlined 14 key areas of the face, and then trained a deep-learning model to identify them. The algorithm connects the points into a “star-net structure,” and uses the angles between the points to identify a face. The algorithm can still identify those angles even when part of a person’s mug is obscured, by disguises including caps, scarves, and glasses.

The research has troubling implications for protestors and other dissidents, who often work to make sure they aren’t ID’d at protests and other demonstrations by covering their faces with scarves or by wearing sunglasses. “To be honest when I was trying to come up with this method, I was just trying to focus on criminals,” Amarjot Singh, one of the researchers behind the paper and a Ph.D student at Cambridge University, told me on a phone call.

Singh said he isn’t sure how to prevent the technology from being used by authoritarian regimes in the future.

«

But note that this is a long way from reliability, or real-time, or anything that would stand up in court. 67% accuracy sounds a lot, but it leaves gigantic holes for doubt. That won’t stop authoritarian regimes using it, of course.

link to this extract


Your next phone will probably cost you $1,000 • Bloomberg

Mark Gurman:

»

On Tuesday, Apple will introduce its latest top-of-the-line iPhone, and even the cheapest model is expected to cost about $1,000. A few days later, Samsung’s Galaxy Note 8 goes on sale for a comparable amount. The iPhone is expected to be made from glass and stainless steel, while the Note has an exceptionally large, bright screen with a metal-and-glass case. New features for the iPhone will include upgraded cameras and the ability to unlock your phone with a 3D scan of your face. All that stuff has pushed up prices, and there’s a risk that even many longtime early adopters will balk at laying out four figures, including tax.

“A thousand dollars is a line in the sand,” says Ramon Llamas, an analyst at researcher IDC. “There’s going to be a comparison of what $1,000 is to people’s everyday lives, and whether or not that purchase is justified. For some people, $1,000 represents a single paycheck. For others, it represents several weeks of groceries.”

«

That’s the cheapest model of the top-of-the-line phone, and nobody is forcing you to buy that one. These articles are written as though people were being lined up at the point of bayonets and made to purchase them.

Nice graphic though. The reason why prices keep moving up: it’s where the profit margin is.
link to this extract


Autonomous cars: the level 5 fallacy • Monday Note

Jean-Louis Gassée on the idea that cars will be completely self-driving (“Level 5”):

»

In prior Monday Notes that discussed electric and autonomous cars, a subject of endless fascination, I evoked scenarios where SD cars can’t cope with circumstances that require human intervention. Today, I’ll offer the pedestrian crossing at the intersection of Hayes and Octavia in San Francisco:

Understandably, the Google Street View picture was taken in the early morning. Now, imagine the 1 pm Sunday scene with crowded sidewalks and sticky car traffic. In today’s world, pedestrians and drivers manage a peaceful if hiccuping coexistence. Through eye contact, nods, hand signals, and, yes, courteous restraint, pedestrians decide to sometimes forfeit their right-of-way and let a few cars come through. On the whole, drivers are equally patient and polite (an unceasing subject of amazement for Parisians walking the streets of San Francisco).

Can we “algorithmicize” eye contact and stuttering restraint? Can an SD car acknowledge a pedestrian’s nod, or negotiate “turning rights” with a conventional vehicle?

No, we can’t. And we don’t appear to have a path to overcome such “mundane” challenges.
But you don’t have to believe me, or think I’m not “with it”. We can listen to Chris Urmson, Google’s Director of Self-Driving Cars from 2013 to late 2016 (he had joined the team in 2009). In a SXSW talk in early 2016, Urmson gives a sobering yet helpful vision of the project’s future, summarized by Lee Gomes in an IEEE Spectrum article [as always, edits and emphasis mine]:

»

“Not only might it take much longer to arrive than the company has ever indicated — as long as 30 years, said Urmson — but the early commercial versions might well be limited to certain geographies and weather conditions. Self-driving cars are much easier to engineer for sunny weather and wide-open roads, and Urmson suggested the cars might be sold for those markets first.”

«

«

link to this extract


How to generate FiveThirtyEight graphs in Python • Dataquest

Alexandru Olteanu:

»

If you read data science articles, you may have already stumbled upon FiveThirtyEight’s content. Naturally, you were impressed by their awesome visualizations. You wanted to make your own awesome visualizations and so asked Quora and Reddit how to do it. You received some answers, but they were rather vague. You still can’t get the graphs done yourself.

In this post, we’ll help you. Using Python’s matplotlib and pandas, we’ll see that it’s rather easy to replicate the core parts of any FiveThirtyEight (FTE) visualization.

We’ll start here:

And, at the end of the tutorial, arrive here:

To follow along, you’ll need at least some basic knowledge of Python. If you know what’s the difference between methods and attributes, then you’re good to go.

«

If you’re into Python and graphs, this is what you want.
link to this extract


Taxi medallions, once a safe investment, now drag owners into debt • The New York Times

Winnie Hu:

»

Owning a yellow cab has left Issa Isac in deep debt and facing a precarious future.

It was not supposed to turn out this way when Mr. Isac slid behind the wheel in 2005. Soon he was earning $200 a night driving. Three years later, he borrowed $335,000 to buy a New York City taxi medallion, which gave him the right to operate his own cab.

But now Mr. Isac earns half of what he did when he started, as riders have defected to Uber and other competitors. He stopped making the $2,700-a-month loan payment on his medallion in February because he was broke. Last month, it was sold to help pay his debts.

“I see my future crashing down,” said Mr. Isac, 46, an immigrant from Burkina Faso. “I worry every day. Sometimes, I can’t sleep thinking about it. Everything changed overnight.”

Taxi ownership once seemed a guaranteed route to financial security, something that was more tangible and reliable than the stock market since people hailed cabs in good times and bad. Generations of new immigrants toiled away for years to earn enough to buy a coveted medallion. Those who had them took pride in them, and viewed them as their retirement fund.

Uber and other ride-hail apps have upended all that.

«

The New York taxi medallion business is crashing, hard. Difficult not to see this as people who happened to be looking in the wrong direction when the articulated lorry of technological change came down the road.
link to this extract


Our entire credit bureau system is broken • The Verge

Russell Brandom:

»

It’s easy to point to Equifax [the credit reference agency which was thoroughly hacked] as the problem, and its poor handling of the breach (and possible insider trading) certainly doesn’t help. But the problem is bigger than any single company. In a world flooded with information, we’re still relying on a tiny set of sensitive data to protect us from fraud, and putting the burden on the average consumer when that data leaks out. We treat data as private when it’s already been exposed in breach after breach. This system has reached its breaking point. It’s time to burn it all down and start over.

In the most basic terms, credit bureaus work as a reputation service. You submit someone’s name and get back a report on all the money they’ve borrowed over the years and how it’s been repaid. That’s valuable information if you’re deciding whether to lend someone money, so businesses (or their customers) are often willing to pay for it. In that situation, the biggest risk to the lender is an impostor who runs up someone else’s tab and then skips town. So along the way, credit bureaus have become an identity service, too. Along with the potential client’s name, they ask for a Social Security number, and if those things don’t match, they know they’re dealing with fraud.

This is a terrible way to manage identity. From afar, a Social Security number looks kind of like a password. But you can change a password, and you shouldn’t use the same one with every service. To get slightly more technical, you can hash passwords, which lets services verify your identity without keeping your exact password easily available. Right now, I could count the number of places my Gmail password exists anywhere on one hand, whereas I’ve been writing my Social Security number on forms since I was 12. By now, hundreds of organizations have it, from old jobs to old dentists. That number was never going to be safe from scammers. The system was set up for failure from the very beginning.

«

Powerful, and spot-on, piece.
link to this extract


Massive genetic study shows how humans are evolving • Nature News & Comment

Bruno Martin:

»

A huge genetic study that sought to pinpoint how the human genome is evolving suggests that natural selection is getting rid of harmful genetic mutations that shorten people’s lives. The work, published in PLoS Biology1, analysed DNA from 215,000 people and is one of the first attempts to probe directly how humans are evolving over one or two generations.

To identify which bits of the human genome might be evolving, researchers scoured large US and UK genetic databases for mutations whose prevalence changed across different age groups. For each person, the parents’ age of death was recorded as a measure of longevity, or their own age in some cases.

“If a genetic variant influences survival, its frequency should change with the age of the surviving individuals,” says Hakhamanesh Mostafavi, an evolutionary biologist at Columbia University in New York City who led the study. People who carry a harmful genetic variant die at a higher rate, so the variant becomes rarer in the older portion of the population.

Mostafavi and his colleagues tested more than 8 million common mutations, and found two that seemed to become less prevalent with age. A variant of the APOE gene, which is strongly linked to Alzheimer’s disease, was rarely found in women over 70. And a mutation in the CHRNA3 gene associated with heavy smoking in men petered out in the population starting in middle age. People without these mutations have a survival edge and are more likely to live longer, the researchers suggest.

This is not, by itself, evidence of evolution at work. In evolutionary terms, having a long life isn’t as important as having a reproductively fruitful one, with many children who survive into adulthood and birth their own offspring. So harmful mutations that exert their effects after reproductive age could be expected to be ‘neutral’ in the eyes of evolution, and not selected against.

But if that were the case, there would be plenty of such mutations still kicking around in the genome, the authors argue.

«

link to this extract


Google appeals against EU’s €2.4bn fine over search engine results • The Guardian

Daniel Boffey:

»

Google is appealing against the record €2.4bn (£2.2bn) fine imposed by the European Union for its abuse of its dominance of the search engine market in building its shopping comparison service.

The world’s most popular internet search engine has launched its appeal after it was fined by the European commission for what was described as an “old school” form of illegality.

The Luxembourg-based general court, Europe’s second-highest, is expected to take several years before ruling on Google’s appeal, which had been widely expected. The Silicon Valley giant had responded to the fine at the time of its announcement by saying that it “respectfully” disagreed with the legal argument being pursued.

«

But still has to stop boosting its shopping service in contravention of EC rules; has until 28 September to comply. The EC is looking at its proposal on this, apparently.
link to this extract


May 2011: Facebook: exempt us from federal election commission rules • POLITICO

Jennifer Epstein, in May 2011:

»

Facebook, the company that has helped put so much of what was once private out in open on the web, is looking for a sort of corporate privacy setting of its own — the company is looking to ensure that it is exempt from federal election rules requiring campaign advertisements to include disclosures of who paid for them.

In a request to the Federal Election Commission made late last month, lawyers for the social networking powerhouse argued that the small ads on Facebook’s website should not have to include disclosures because of the limited amounts of room for text.

While it’s easy to include disclosures on a television ad, billboard or email, Facebook argues, it’s more difficult with the tiny ads posted along the side of its webpages. “With some mediums … – e.g. bumper stickers, buttons, pens, T-shirts, concert tickets, and text messages – it is inconvenient or impracticable to include a disclaimer,” three lawyers from the Washington office of the firm Perkins Coie write in their request for an advisory opinion from the FEC.

The company says it has made a conscious decision to keep the ads on its site small and less obtrusive to the user experience, and does not want to take away from that experience or penalize campaign advertisers. “Facebook gives a wide range of candidates and causes a voice where they would otherwise not be able to afford one through more traditional political advertising,” spokesman Andrew Noyes said in a statement to POLITICO. “We encourage the FEC to consider these benefits and other fundamental differences between some online ad formats and newspaper and TV advertising.”

«

Facebook was in effect claiming that its ads – including the political ones – are the equivalent of skywriting (which doesn’t need disclosure about who paid for it). The FEC agreed. This, of course, turns out to have been a significant turning point, even though nobody saw it at the time.

Imagine if all the political ads on Facebook in the 2016 election had had to declare who bought them. The discourse around the company would be very different. (Twitter too have used this get-out, I believe.)
link to this extract


A beginner’s guide to using My Get Me There • Medium

Susil Nash on “Manchester’s hilarious attempt at reinventing London’s Oyster” (the latter, for Americans, is an RFID system which can be used to pay contactlessly for trips on buses and underground; it’s worked, pretty much perfectly, since 2004:

»

The first of the new system’s fun quirks is that My Get Me There isn’t just a card. It’s an app too. Now, you might think that’s to be expected — it’s a convenient way to manage your card, right? The two work together in harmony, right? Wrong. The app and the (presumably ironically-named) ‘Smart Card’ are two completely separate systems that work entirely independently of one another.

Your first decision is therefore whether to opt for the app, the Smart Card or, as will be the case for most travellers, both. The app is certainly less tricky to get hold of (more on that in a moment) but the significant downside is that it can only be used on Metrolink — Manchester’s tram network. Which means no smartphone fun for Team Bus or the vehicle-agnostics, but app-tastic news for all tram devotees.
Having said that, there are a couple of things that even you dedicated Metrolinkers should watch out for before ditching the paper tix. Firstly, know that you’ll need to make sure you’re not low on battery when heading out the door because, if your phone gives up mid-travels, you could be hit with a £100 fine. Secondly, you’ll need to remain online… ish. The reason for the ‘ish’ is that you don’t actually need web access to use the app once you’ve bought your ticket. However, any tickets on your phone will expire if that device “has not been connected to the internet for a long period” (that’s literally the timescale specified on their website).

So do make sure your phone has a plenty of juice and has been connected to the internet at least once in the most recent ‘long period’.

«

Even worse: it’s not a top-up scheme. It’s a “specific tickets for specific journeys” system. And you have to be over 16. It’s as if they wanted to keep cash forever.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: video game gamblers collared, ethics of machine learning, Wi-Fi tube maps, and more


Hurricane Irma has caused devastation through the Caribbean – but been a boon for a walkie-talkie app. Photo by anttilipponen on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 14 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Video game influencers settle FTC complaint over endorsement • Rolling Stone

Brian Crecente:

»

Two well-known social media influencers have reached a tentative agreement with the Federal Trade Commission over charges that they deceptively endorsed gambling site CSGOLotto – and paid others to do so – without disclosing that they owned the company itself.

CSGOLotto owners Trevor “TmarTn” Martin and Thomas “Syndicate” Cassel agreed to a deal in which they promise to report all of their activity to the FTC and disclose connections with endorsers. While the deal doesn’t require the two to admit any culpability nor does it include a fine, future infractions could cost more than $40,000 per violation, according to an FTC spokesperson who spoke with Glixel about the case.

Under the FTC Act, according to the spokesperson, the commission typically can’t assess civil penalties on the first violation. Today’s consent agreement will be subject to public comment until October 10th, at which point the commission will decide whether to make the order final…

…”The goal of the FTC isn’t to be a punitive or draconian agency,” FTC spokesman Mitchell J. Katz says. “We are here to educate consumers about new markets.”

«

Come on. Does anyone seriously think these two believed it was all above board to do this? And as for the FTC: maybe rethink that mission statement. Especially when it comes to gambling – which can quickly turn into ruinously addictive behaviour – it’s entirely correct to be punitive and draconian. And when you have gambling mixed with deception, it’s hammer time.
link to this extract


Is this research ethical? • Light Blue Touchpaper

Professor Ross Anderson:

»

The Economist features face recognition on its front page, reporting that deep neural networks can now tell whether you’re straight or gay better than humans can just by looking at your face. The research they cite is a preprint, available here.

Its authors Kosinski and Wang downloaded thousands of photos from a dating site, ran them through a standard feature-extraction program, then classified gay vs straight using a standard statistical classifier, which they found could tell the men seeking men from the men seeking women. My students pretty well instantly called this out as selection bias; if gay men consider boyish faces to be cuter, then they will upload their most boyish photo. The paper authors suggest their finding may support a theory that sexuality is influenced by fetal testosterone levels, but when you don’t control for such biases your results may say more about social norms than about phenotypes.

Quite apart from the scientific value of the research, which is perhaps best assessed by specialists, I’m concerned with the ethics and privacy aspects. I am surprised that the paper doesn’t report having been through ethical review; the authors consider that photos on a dating website are public information and appear to assume that privacy issues simply do not arise.

Yet UK courts decided, in Campbell v Mirror, that privacy could be violated even by photos taken on the public street, and European courts have come to similar conclusions in I v Finland and elsewhere.

«

Anderson, as ever, raises important questions. (The privacy topic will probably get ignored until someone – a famous model? – brings a big case. Then the boilerplate on the dating site or whatever will be changed to force you to give up your rights. Or the dating site will sue the maker of the AI for some of the profits.)
link to this extract


i

London Underground Wifi tracking: here’s everything we learned from TfL’s official report • Gizmodo UK

James O’Malley on the findings from TfL’s Wi-Fi pilot tracking scheme:

»

TfL was also able to see how disruptions impacted stations too: Apparently when mega-congested, the walk times increased from 3 minutes to more than ten minutes. Which creates a whole array of second-order problems for the poor staff on the ground trying to squeeze everyone in.

The wifi data also enables TfL to generate more accurate data on crowding in stations. The above graph compares the number of Oyster touch-ins with wireless device detections over the course of the day.

Previously, how busy a station was could only be measured using Oyster touch in data but there’s a fairly big flaw in using this: There’s a fairly hard limit on how many people can use a set of ticket barriers at any one time. So measuring it by touch-ins doesn’t account for hundreds or thousands of grumpy commuters in the queue.

«

This is going to be enormously useful for planning. You can see how it might also be helpful for buses; offering free Wi-Fi on buses would serve some of the same purposes. (If you offered it at bus stops, though, you’d get people who didn’t intend to get on the bus..)
link to this extract


Amazon was tricked by fake law firm into removing hot product, costing seller $200K • CNBC

Eugene Kim:

»

Shortly before Amazon Prime Day in July, the owner of the Brushes4Less store on Amazon’s marketplace received a suspension notice for his best-selling product, a toothbrush head replacement.

The email that landed in his inbox said the product was being delisted from the site because of an intellectual property violation. In order to resolve the matter and get the product reinstated, the owner would have to contact the law firm that filed the complaint.

But there was one problem: the firm didn’t exist.

Brushes4Less was given the contact information for an entity named Wesley & McCain in Pittsburgh. The website wesleymccain.com has profiles for five lawyers. A Google image search shows that all five actually work for the law firm Brydon, Swearengen & England in Jefferson City, Missouri…

…The owner of Brushes4Less agreed to tell his story to CNBC but asked that we not use his name out of concern for his privacy. As far as he can tell, and based on what CNBC could confirm, Amazon was duped into shutting down the seller’s key product days before the site’s busiest shopping event ever.

“Just five minutes of detective work would have found this website is a fraud, but Amazon doesn’t seem to want to do any of that,” the owner said. “This is like the Wild Wild West of intellectual property complaints.”

«

I’m hearing more and more complaints about how Amazon behaves, both here and through its promotions. Once more, the problem is: what alternative do you have?
link to this extract


Tesla extended the range of some Florida vehicles for drivers to escape Hurricane Irma – The Verge

Andrew Liptak:

»

As Hurricane Irma bears down on Florida, Tesla issued an over-the-air update to drivers in the state that unlocks the full battery capacity of its 60 and 70 kilowatt-hour Model S and X vehicles. The update provides those trying to escape the path of the storm with an additional 30 to 40 miles above the typical range of the vehicle, according to Electrek.

Tesla’s 60 and 60D vehicles offer a range of just above 200 miles on a charge. Faced with an order to leave, one Tesla owner contacted the company, saying that they needed an additional 30 miles of range to get out of the mandatory evacuation zone they were in. In response, the company issued an update to other drivers in the state, providing them with the full 75 kWh capacity of their vehicles through September 16th. One driver posted a screenshot of his app, which showed off the new extended range. A Tesla spokesperson confirmed that the company’s 70kWh vehicles also received the update.

«

So what’s to stop someone trying to figure out what the software update does, and applying that to their battery firmware? (Maybe it’s signed with a Tesla cryptographic key?) This seems really strange – that the only difference is a few lines of code, and that the low-end car is intentionally hobbled not through physics but software. And what Tesla can give, it can take away. That’s scary too.
link to this extract


As Hurricane Irma devastates, walkie talkie app Zello adds six million users in a week • Buzzfeed

Alex Kantrowitz:

»

Zello is used almost exactly like a walkie talkie, except it relies on wifi and cell service, so it can support big groups of people in dispersed locations. When Harvey caused widespread devastation in and around Houston, volunteers leaned on Zello to coordinate search and rescue efforts. And people in the path of Irma seem to believe they can put the app to similar uses in this storm too.

Zello has added six million new registered users since Monday, the company’s CEO, Bill Moore, told BuzzFeed News, and is now the top free app on the iOS App Store. The app is supporting a few massive groups dedicated to Irma relief, including the 1,800+ member South Florida Hurricane Irma channel.

“With the crush of new users and emergency situations, most of the Zello team is working long days either maintaining capacity or helping with customer support,” Moore said.

As Zello’s usage grows, it risks getting overloaded and becoming less useful to rescuers. The South Florida group, for instance, seemed to contain a mixture of useful information and chaos Saturday evening. “We’re not Google, we’re not the National Weather Service,” one administrator told the group after a number of requests for weather updates.

«

Question is, will anyone use it in a month’s time?
link to this extract


Hurricane Irma and tax havens • Progressive Economics Group

Richard Murphy:

»

Although it will take time for the full impact of Hurricane Irma to become apparent, it is clear that it will create significant damage in the British Overseas Territories of Anguilla, The British Virgin Islands and Turks and Caicos Islands. It has already done that on Antigua and Barbuda and may also do so to The Bahamas, both of which are Commonwealth states to which the UK has at least a moral obligation.

There is also risk to Bermuda and St Kitts and Nevis, which are also British Overseas Territories.  It is thought that well over half of all buildings in Barbuda have been subject to substantial hurricane inflicted damage.

It is beholden on the UK to provide all aid necessary to restore normal life in its Overseas Territories, without delay. There are good reasons for suggesting that it should provide similar assistance to affected Commonwealth States. That said, there is no reason why this support should be supplied unconditionally. 

All the places mentioned are secrecy jurisdictions (tax havens) as indicated by the Tax Justice Network’s influential Financial Secrecy Index. What this means is that these places, without exception, have deliberately created regulation for the primary benefit and use of people who are not resident in those islands, and knowing that that regulation in question will be used to undermine the legislation or regulation of another jurisdiction. 

«

You can probably guess what comes next, but I won’t spoil the surprise.
link to this extract


Partisanship, propaganda, and disinformation: online media and the 2016 US presidential election • Berkman Klein Center

»

In this study, we analyze both mainstream and social media coverage of the 2016 United States presidential election. We document that the majority of mainstream media coverage was negative for both candidates, but largely followed Donald Trump’s agenda: when reporting on Hillary Clinton, coverage primarily focused on the various scandals related to the Clinton Foundation and emails. When focused on Trump, major substantive issues, primarily immigration, were prominent. Indeed, immigration emerged as a central issue in the campaign and served as a defining issue for the Trump campaign.

We find that the structure and composition of media on the right and left are quite different. The leading media on the right and left are rooted in different traditions and journalistic practices. On the conservative side, more attention was paid to pro-Trump, highly partisan media outlets. On the liberal side, by contrast, the center of gravity was made up largely of long-standing media organizations steeped in the traditions and practices of objective journalism.

Our data supports lines of research on polarization in American politics that focus on the asymmetric patterns between the left and the right, rather than studies that see polarization as a general historical phenomenon, driven by technology or other mechanisms that apply across the partisan divide.

«

And yes, Facebook and Twitter are in there.
link to this extract


Seriously, Equifax? Why the credit agency’s breach means regulation is needed • The New York Times

Farhad Manjoo is angry:

»

If a bank lost everyone’s money, regulators might try to shut down the bank. If an accounting firm kept shoddy books, its licenses to practice accounting could be revoked. (See how Texas pulled Arthur Andersen’s license after the Enron debacle.)

So if a data-storage credit agency loses pretty much everyone’s data, why should it be allowed to store anyone’s data any longer?

Here’s one troubling reason: Because even after one of the gravest breaches in history, no one is really in a position to stop Equifax from continuing to do business as usual. And the problem is bigger than Equifax: We really have no good way, in public policy, to exact some existential punishment on companies that fail to safeguard our data. There will be hacks — and afterward, there will be more.

Experts said it was highly unlikely that any regulatory body would shut Equifax down over this breach. As one of the nation’s three major credit-reporting agencies, which store and analyze consumers’ financial history for credit decisions, it is likely to be considered too central to the American financial system; Equifax’s demise would both reduce competition in the industry and make each of the two survivors a bigger target. Raj Joshi, an analyst at Moody’s, said in a note to investors that Equifax was likely to be fine, as “the impact of the security breach will only modestly erode its solid credit metrics and liquidity.”

The two regulators that do have jurisdiction over Equifax, the Federal Trade Commission and the Consumer Financial Protection Bureau, declined to comment on any potential punishments over the credit agency’s breach.

«

Too critical to fail. And you can’t stop Equifax from getting more of your data. This, and antitrust, are two examples where the law, and punishment, just isn’t up to the problems that can follow – which are outsourced to all the company’s users, instead of the company.
link to this extract


Equifax breach response turns dumpster fire • Krebs On Security

Brian Krebs:

»

Yesterday’s story here pointed out the gross conflict of interest in Equifax’s consumer remedy for this breach: Offering a year’s worth of free credit monitoring services to all Americans via its own in-house credit monitoring service.

This is particularly rich because a) why should anyone trust Equifax to do anything right security-wise after this debacle and b) these credit monitoring services typically hard-sell consumers to sign up for paid credit protection plans when the free coverage expires.

I have repeatedly urged readers to consider putting a security freeze on their accounts in lieu of or in addition to accepting these free credit monitoring offers, noting that credit monitoring services don’t protect you against identity theft (the most you can hope for is they alert you when ID thieves do steal your identity), while security freezes can prevent thieves from taking out new lines of credit in your name.

Several readers have written in to point out some legalese in the terms of service the Equifax requires all users to acknowledge before signing up for the service seems to include legal verbiage suggesting that those who do sign up for the free service will waive their rights to participate in future class action lawsuits against the company.

KrebsOnSecurity is still awaiting word from an actual lawyer who’s looking at this contract, but let me offer my own two cents on this.

Update, 9:45 p.m. ET: Equifax has updated their breach alert page to include the following response in regard to the unclear legalese:

“In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.”

Original story:

Equifax will almost certainly see itself the target of multiple class action lawsuits as a result of this breach, but there is no guarantee those lawsuits will go the distance and result in a monetary windfall for affected consumers.

«

link to this extract


U.S. spies think the FBI is botching the Kaspersky investigation • Cyberscoop

Patrick Howell O’Neill:

»

U.S. spies believe FBI agents have mismanaged the ongoing counterintelligence investigation into Moscow-based cybersecurity company Kaspersky Lab, current and former senior U.S. officials familiar with the matter tell CyberScoop.

Officials tell CyberScoop they believe the FBI has engaged in deliberate media leaks and overblown classified congressional briefings to build the case around Kaspersky. These officials also say the FBI should be more covert in its efforts to persuade private companies to uninstall Kaspersky software. A quieter operation would help avoid putting the rest of the intelligence community — especially agencies engaged in cyber-operations — in the crosshairs for retaliation, the officials say.

The FBI has briefed private sector companies across several industries, urging them to cut ties with Kaspersky on security grounds, CyberScoop reported last week. On some occasions, the FBI’s outreach efforts in the U.S. have been successful. At least one major American energy firm recently opted against signing a significant business deal with Kaspersky due in large part to the bureau’s briefings. Larger, brand-name technology giants have generally been less receptive and cooperative with the FBI.

The reaction from inside the U.S. intelligence community to the FBI’s work on Kaspersky has been mixed and, at times, disapproving. While there is general agreement among the intelligence agencies that Kaspersky is connected to and works with Russian spies, senior U.S. intelligence officials disapprove of the bureau’s handling of the years-long issue.

«

The Kaspersky aspersions had passed me by, but this is pretty amazing. Kaspersky denies any connection with the Russian government.
link to this extract


Samsung sees its best Note preorders with the new Galaxy Note8 • Samsung Newsroom

»

Samsung Electronics America announced today [Sept 8] that more people in the US have purchased the Galaxy Note8 than previous Samsung Note phones during the same time period. Introduced on August 23, the Galaxy Note8 — featuring the largest ever screen in a Note device, an enhanced S Pen1, and the world’s first smartphone with two 12MP rear cameras with Optical Image Stabilization (OIS) on both the wide-angle and telephoto lenses — will be available in stores on September 15.

“We’re thrilled to see the strong consumer response to the next level Note,” said Tim Baxter, president and chief executive officer, Samsung Electronics North America. “Today’s consumers want to do bigger things in work and life, and Note helps make that possible. We built the Galaxy Note8 for people who desire a device that lets them be productive and allows for self-expression.”

«

The Note 7 was actually introduced a few days earlier last year, on August 19. You don’t have to think too hard to realise why the Note 8 would have record orders, though. Everyone who wanted to have a Note 7 last year couldn’t get one (or if they did get one, had to get it back). They’ve had to make do with something else, but they probably really wanted the Note 7, as indicated by the low defection rate from Samsung when it was recalled. So there’s a ton of wanted-to-be-Note-7 owners who will dump their existing phones for this.

And then there’s all the people who would have upgraded anyway; perhaps they own the Note 5, or something else, and would have been in line to get it (while in the alternative universe where the Note 7 didn’t catch fire, Note 7 owners hung on to their devices).

In other words, it would almost be surprising if there weren’t record orders for the Note 8; I’d expect this story to be repeated around the globe. It’s good news for Samsung, whose financials compared to last year will look Godzilla-like.
link to this extract


Worldwide brand motherboard shipments continue to fall • Digitimes

Monica Chen and Joseph Tsai:

»

Worldwide brand motherboard shipments are expected to reach only 45m units in 2017 and may drop further in 2018 as related demand continues shrinking, according to sources from the upstream supply chain.

Worldwide brand motherboard shipments were 75m units in 2013, but slipped below 50m units in 2016. Since motherboard demand from China, which had been the main growth driver in the past few years, is dropping significantly, shipments are expected to remain in decline in 2017.

Gigabyte Technology is also expected to see its motherboard shipments drop below 13m units in 2017. In addition to China’s weakening demand, competition from Asustek has also grown fiercer, the sources noted.

«

These figures roughly track the decline in the overall PC market (2013: 315m; 2016: 261m), and are also a declining ratio of that number. Building your own PC was always a minority sport; now it looks endangered.
link to this extract


Errata, corrigenda and ai no corrida: none notified

Start Up: the rehab scammers, ultrasonic hacking, India’s biometric nightmare, HTC breaks up?, and more


Winning nuclear standoffs mostly consists of not getting into nuclear standoffs. Photo by vaXzine on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Satisfied? I’m @charlesarthur on Twitter. Observations and links welcome.

How disreputable rehabs game Google to profit off patients • The Verge

Cat Ferguson:

»

Leasha Ali had been drunk for the last two days, but she didn’t want to be anymore. The 39-year-old math teacher and mother of two was in a spiral familiar to anyone who’s struggled with addiction. A difficult event — a hospitalization, thanks to lingering symptoms from a birth defect — had stressed her to the breaking point, and then she’d gotten home and found herself alone in her house, depressed and unable to sleep. After a few days without drinking, she gave in, and spent the next 48 hours on a bender.

On the second night, January 8th of this year, she got an email from the hospital. Her liver enzymes had been dangerously high — even before the days of abuse. The birth defect that put her in the hospital had already left her with several damaged organs. Afraid of hurting another, she searched the test results in Google. Right there at the top was an ad for rehab.

“I thought to myself, ‘Oh my God, even Google knows I need rehab,’” Ali told me.

It’s hard to say exactly who was on the other end, when, just before 11PM, Ali called the number in the ad. The 800 number was ephemeral. It’s missing from Yellow Pages listings, social media, and even sites for complaints about telemarketers and spam, and it was disconnected by the time I called it. The untraceability is frustrating, but not surprising. Google offers advertisers unique “tracking” phone numbers that forward to a company’s phones, so they can understand which ads are bringing in the most clients. The phone numbers only stay up as long as the ad does…

…Open another tab, and Google “alcohol rehab near me.” Take a look at the ads up top. (If you have an ad blocker, you’ll have to turn it off.)

If you’re in Arizona, and you click on the top ad, you’ll cost that advertiser around $221. If you’re in Colorado, that click costs the site $230. Sorry, New Yorkers, your click is only worth $43 — but if you searched “drug treatment centers,” you’d go for around $121. (These are estimated averages from April this year, provided to The Verge by advertising analytics company SEMrush.)

That’s assuming you don’t live in a city with a high percentage of Medicaid recipients. In New Jersey, the statewide cost for ads on “best alcohol rehab centers” searches is $190 per click, but that’s an average. Smart marketers tell Google they don’t want their ads showing up in any searches from Trenton, Camden, or other low-income cities. It’s also good practice, if you’re hoping to attract well-heeled (or at least well-insured) clients, to keep your ads away from searches with words like “free” and “Medicaid.”

Of course, there are other ways to prevent poor people from calling your hotline.

«

link to this extract


A simple design flaw makes it astoundingly easy to hack Siri and Alexa • FastCo Design

Mark Wilson:

»

Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear.

The researchers didn’t just activate basic commands like “Hey Siri” or “Okay Google,” though. They could also tell an iPhone to “call 1234567890” or tell an iPad to FaceTime the number. They could force a Macbook or a Nexus 7 to open a malicious website. They could order an Amazon Echo to “open the backdoor” (a pin would also be required, an August spokesperson clarifies). Even an Audi Q3 could have its navigation system redirected to a new location. “Inaudible voice commands question the common design assumption that adversaries may at most try to manipulate a [voice assistant] vocally and can be detected by an alert user,” the research team writes in a paper just accepted to the ACM Conference on Computer and Communications Security.

In other words, Silicon Valley has designed human-friendly UI with a huge security oversight. While we might not hear the bad guys talking, our computers clearly can. “From a UX point of view, it feels like a betrayal,” says Ame Elliott, design director at the nonprofit SimplySecure. “The premise of how you interact with the device is ‘tell it what to do,’ so the silent, surreptitious command is shocking.”

«

We’ve had something similar previously, though that was in the audible spectrum. The problem is that some of these devices use ultrasonic frequencies for pairing.
link to this extract


How to win a nuclear standoff • FiveThirtyEight

Oliver Roeder:

»

Imagine you’re Trump or Kim Jong Un, essentially playing a game of chicken. You’re driving at high speed directly toward your opponent who’s also racing toward you. Neither of you wants to chicken out and veer away, but neither wants to die, either. Your best strategy? Rip off your steering wheel, make sure your opponent knows you’ve done so, and hit the gas.

That’s the terrifying thing about game theory: Sometimes the most rational choice can feel like the most dangerous. And that’s a problem when there are nukes involved. In the old days, if my country had better archers than yours, you’d keep that in mind when you felt like going to war with me. But nuclear weapons don’t work like archers. They decouple raw military strength from a state’s ability to win a war. That’s why North Korea, a country smaller than Mississippi with a GDP roughly equal to Wyoming’s, gets to compete alongside a superpower like the U.S. “What matters is if they can launch ICBMs to destroy Los Angeles or Chicago or Washington or wherever,” James Fearon, a political scientist at Stanford, told me.

Either you have nukes or you don’t. Either you use nukes or you don’t. It’s not a competition with arms or battlefields any more. It’s a competition in risk taking.

Fearon is the author of a 1995 paper called “Rationalist Explanations for War.” A modern classic in its field, it begins: “The central puzzle about war, and also the main reason why we study it, is that wars are costly but nonetheless wars recur.” In the paper, Fearon argues that there are two main reasons why wars break out. First, players have private information, and incentives to misrepresent that information. Second, the players have commitment problems.

Our $100 game [in which two players write a number from 0 to 100; the higher number wins, but the lower number is used to calculate the percentage risk that both players must burn $10,000 of their own money; so if you write 100 and your opponent 99, there’s a 99% chance you both burn the cash], which Fearon teaches to his undergraduates, revolves around those two ideas. My private information is my appetite for risk. How much of it am I willing to take on to try and win the $100? You have no idea, and vice versa. And neither of us can really commit to a peaceful or bellicose strategy and make the other side believe it. The secret envelope and our unceasing self-interest stops that. That’s a commitment problem.

In our $100 game and in nuclear standoff, there’s no easy way to rip out the steering wheel.

«

Fearon says that with North Korea, people aren’t sure what its $100 would be. (People aren’t thinking hard enough. For North Korea, the $100 is easier trade.)
link to this extract


TalkTalk plans to bail on mobile in major shake-up for beleaguered biz • The Register

Kat Hall:

»

Beleaguered UK comms provider TalkTalk is set to go against the received “wisdom” of having multiple services to flog as it plans to pull out of the mobile market entirely.

The move is a fairly significant change of tack given that not so long ago it had targeted four million mobile customers. TalkTalk now has just 913,000 SIM customers. Chief exec Tristia Harrison said the company wants to refocus on its core strength as a “fixed-line business” and reassess its mobile strategy.

No doubt she hopes concentrating on broadband will help boost the company’s lacklustre results, with revenues continuing to decline by 3% to £1.7bn for the full-year 2016/17.

The plans are part of a shake-up following founder Charles Dunstone’s return as chair after chief exec Dido Harding resigned earlier this year.

«

Likely buyer for those mobile customers is Three, the smallest of the UK carriers.
link to this extract


India’s biometric database is a massive achievement and a dystopian nightmare • VICE News

David Gilbert:

»

Seven years ago nearly 400 million people in India did not exist in the eyes of the government. They were “ghosts” who had no identity and no way of getting one, says Sahil Kini, one of the architects of India’s controversial Aadhaar database. In a country trying to modernize on the fly and take its place among the world’s superpowers, this massive yet unknown population presented a huge problem.

So the Indian government set out on an ambitious course to build Aadhaar, the world’s largest biometric database, which would not only allow these people to participate more fully in society but also become a shining beacon of technological achievement for the rest of the world.

“What’s forgotten is that before Aadhaar was built there were 400 million people in India that did not have any form of identity; they were ghosts in the system,” Kini told VICE News. “So if you had to give them any kind of subsidy, you couldn’t, because they didn’t exist on paper.”

But as the database grew to include almost all of India’s 1.3 billion citizens, cracks began to appear, and in recent months those cracks have become chasms. Now more and more Indians say they worry that what the government actually created in Aadhaar is an all-seeing surveillance apparatus that has serious holes in its security and can be used to monitor all aspects of their lives.

«

Remarkable piece of research and journalism. Aadhaar is the results of good intentions gone wrong.
link to this extract


Donald Trump is the first white president • The Atlantic

Ta-Nehisi Coates:

»

To Trump, whiteness is neither notional nor symbolic but is the very core of his power. In this, Trump is not singular. But whereas his forebears carried whiteness like an ancestral talisman, Trump cracked the glowing amulet open, releasing its eldritch energies. The repercussions are striking: Trump is the first president to have served in no public capacity before ascending to his perch. But more telling, Trump is also the first president to have publicly affirmed that his daughter is a “piece of ass.” The mind seizes trying to imagine a black man extolling the virtues of sexual assault on tape (“When you’re a star, they let you do it”), fending off multiple accusations of such assaults, immersed in multiple lawsuits for allegedly fraudulent business dealings, exhorting his followers to violence, and then strolling into the White House. But that is the point of white supremacy—to ensure that that which all others achieve with maximal effort, white people (particularly white men) achieve with minimal qualification. Barack Obama delivered to black people the hoary message that if they work twice as hard as white people, anything is possible. But Trump’s counter is persuasive: Work half as hard as black people, and even more is possible.

For Trump, it almost seems that the fact of Obama, the fact of a black president, insulted him personally. The insult intensified when Obama and Seth Meyers publicly humiliated him at the White House Correspondents’ Dinner in 2011. But the bloody heirloom ensures the last laugh. Replacing Obama is not enough—Trump has made the negation of Obama’s legacy the foundation of his own.

«

Powerful essay. Trump is the anti-Obama, in so many ways.
link to this extract


Google reportedly in final stages of buying HTC’s smartphone business • Digital Trends

Christian de Looper:

»

The Google Pixel was one of the best-loved phones of 2016, and according to recent reports, it looks like the company could be set to seriously bolster its smartphone business. How? By buying someone else’s smartphone business. According to a recent report, from Commercial Times, Google and HTC have entered the final stages of discussions that could ultimately lead to Google buying out HTC’s smartphone business.

It’s important to note that Google won’t buy HTC as a whole — just its smartphone business. The HTC brand will still live on, and the report noted that the company may refocus its attention on virtual reality after selling off its mobile arm.

Of course, this isn’t the first time Google has made such a purchase. The company bought out Motorola back in 2012 for a whopping $12.5bn, and at the time it was suspected that the company could end up merging the Android and Motorola teams. In the end, that didn’t happen — and instead, a few years later, Google sold the Motorola brand to Lenovo at a pretty huge loss.

This time around, however, things could be different.

«

Things will be different inasmuch as HTC is nowhere near as big as Motorola. Not mentioned: HTC made the first Android phone, the G1. Hard to see HTC being profitable on the VR side, though. Volumes too low, unit price too high, competition too fierce.
link to this extract


When the truth is messy and hard • Context: By New America

Anne-Marie Slaughter, chief executive of New America, which …let go Barry Flynn and the Open Markets team after Flynn praised the EC’s fine of Google:

»

We tell all of our donors that they cannot control the results of what they fund; we do not do contract research. But we also develop and maintain relationships with our donors as does any nonprofit institution.

So there’s the tension. In practice, with an employee who had already surprised his colleagues unpleasantly — and many would say dishonestly — in the past, it meant that I wanted to see a press release before it went out. That is the reason that the Open Markets statement went up and then was taken down. It was posted before I had a chance to give it a final review. Indeed, I was talking to Barry about it on the phone when it went up. I have never — nor would I ever — censor anything, but I might ask questions about accuracy or tone.

And, in this case, I wanted to give the funder a heads up that it was coming and send it over ourselves. That seems like a defensible minimum courtesy that an institution can offer its funders: we’re about to do something you are really not going to like, but at least we are telling you about it. I recognize that the best journalists operate on a different principle — notice seems to imply interference. But we are not a newspaper, yet we try to uphold the best journalistic standards in our writing.

«

She’s wrong about the “notice seems to imply interference”. Journalists are generally obliged to put accusations or claims to organisations which are accused of things in news reports. (Hence how Slaughter was quoted in the NYT article about Lynn being dumped.) In opinion pieces, like Flynn’s, that’s not the case. That’s because they’re opinions. News organisations don’t send people who are about to be criticised in opinion pieces a copy seeking a response. Slaughter has it exactly backwards.
link to this extract


A furious think-tank boss, Google, and an academic ‘fired’ for criticizing ads giant • The Register

Kieren McCarthy takes the above post to the ethical cleaners:

»

Slaughter defends her right to see and sign off on public statements from employees before she defends their independence. And she paints Lynn’s failure to give her advance notice of his critical statement as a sign that he has breached loyalty.

She even makes it plain that she was prepared to insist on changes to Lynn’s statement before giving approval for publication – which no doubt is precisely why Lynn felt he needed to “publish and be damned,” knowing that any strong claim that the US authorities need to dig into Google’s businesses was liable to meet interference from Slaughter.

And that is almost the textbook definition of how soft power works: by ensuring self-censorship.

The fact is that if the financial relationship with Google and Schmidt wasn’t there, and if Slaughter wasn’t an old friend of Schmidt’s, there would not have been any concern over Lynn’s statement in the first place. It was, after all, a personal statement from a think tank: hardly draft legislation or anti-trust charges.

That Lynn felt the need to push his statement out without going through Slaughter, and the fact that she had such a strong reaction when he didn’t, combined with the virtual certainty that Schmidt called soon after to express his annoyance, is as clear an example of soft money influence as you will ever find.

«

link to this extract


How Verrit’s “authentication codes” expose Peter Daou’s continuing ineptitude • Medium

Jon Hendren is unimpressed by Verrit, a site which has quotes with “authentication codes” and is the latest idea from Daou, who is a big noise in the US Democratic party:

»

Let’s pretend for a minute that the concept of Verrit were a good one. No, really, just play along. If you must have a “code” to accompany a quote or a blurb, then the code should be something — anything — that can be used even in some small part outside of Verrit.com. Perhaps first, an identifier of the person or entity being quoted (Hillary would be #000001, obviously), a date code for when it was uttered, and a few more digits as an index in case the person said many quotable things that day. Now when I want to verify that Bernie (identifier #000666 perhaps) said “I’m going to give away ponies” on whatever-the-hell day — I can then look that up in a thousand places that aren’t a WordPress installation on Verrit.com. (Wait, I think I just invented sourcing one’s quotes.)

Or how about a checksum of the quote? Or if you want to get really fancy, do some steganography on those social images and build a validator so people can upload suspected images they found online to see if they are legitimately from Verrit and not from one of the thousands of people making fun of Verrit.

You can nerd this up in a number of ways that are actually useful, maybe. Hell, you want to validate a continuing series of accurate statements? Get the blockchain in here, that’s what it’s for.
I get what Daou and others believe they are marketing toward — there really is a population out there that is confused about how the content they are reading is created. There are certainly voters who don’t know how to tell real news from fake, and this authentication scheme is a grab at making those people feel a little better about what they read and share.

But when the authentication mechanism is meaningless, backed by nothing but a post on a WordPress blog, you very dangerously redefine what “authentic” means…

«

link to this extract


Errata, corrigenda and ai no corrida: none notified