Start Up: Myanmar’s fake news problem, Paris Hilton coins it, it’s Facebook’s web!, iOS cropping, and more

Your happiness with an app is often inversely related to the length of time you spend using it. Photo by CommScope on Flickr.

A selection of 13 links for you. Your mum did warn you. I’m @charlesarthur on Twitter. Observations and links welcome.

Myanmar conflict: Fake photos inflame tension • BBC News

Jonathan Head is the BBC’s South East Asia correspondent:


A recent surge in violence in the northern part of Myanmar’s Rakhine state has been accompanied by a slew of misleading images being shared on social media.

Photos and video purporting to be from the conflict have been circulated widely. Much of it is gruesome and inflammatory, and much of it is wrong.

Deep-seated mistrust and rivalry between Rohingya Muslims and the majority Buddhist population in Rakhine have led to deadly communal violence in the past. The Rohingya have faced decades of persecution in Myanmar where they are denied citizenship.

(Warning: This article contains images some people may find upsetting.)

Information is very sketchy and journalists have very limited access to this region. Even those who have managed to reach the area have found that the volatile situation and intense hostility towards the Rohingyas makes it very difficult to gather information.


Myanmar, remember, is a country which has gone from 10% mobile phone penetration at the end of 2013 among its 60 million population to 50% by mid-2015 to 80%; over 60% total have smartphones.

And guess what: fake news and radical hate groups have taken full advantage of that, in a country which has gone from barely any broad sharing of news to the uncontrolled form. (The linked article is from May 2017.)
link to this extract

App ratings • Time Well Spent


On average, comparing between “Happy” and “Unhappy” amounts of usage of the same apps, their unhappy amount of time is 2.4x the amount of happy time.

😊 22 mins per day on Facebook vs. ☹️ 59 mins.
😊 12 mins per day on CandyCrush instead of ☹️ 47 mins.
😊 29 mins per day on Reddit instead of ☹️ 57 mins.
😊 26 mins per day on Instagram instead of ☹️ 54 mins.


Data collected from a pool of 200,000 iPhone users – so this feels representative. It’s part of a project by Time Well Spent which is ” trying to bring attention to how big tech companies are designing their apps to capture as much of your attention as possible. Our goals with using these apps are not the same as their business goals.”

That graph showing how unhappy users spend more time in apps is dramatic.
link to this extract

Even an Apple store can’t prevent the death of a US mall • Quartz

Mike Murphy:


The American mall is dying, and not even Apple can save it.

While more brick-and-mortar stores are projected to close this year than during the 2008 recession, Apple remains the world’s most profitable retailer; according to market research, it generates $5,546 per square foot of retail space. Apple’s stores are so effective at bringing in foot traffic that they can lift an entire mall’s sales by 10%.

But nothing rose gold can stay: Apple blog 9to5Mac noticed on Sept. 1 that Apple’s store in Simi Valley, California (just north of Los Angeles), is shutting down on Sept. 15. It is the first Apple store to permanently close in the US.

9to5Mac postulates that the mall the store is in, the Simi Valley Town Center, faces declining traffic, as many other stores there have also been shuttering. Earlier this year, Macy’s said it would be closing one of two stores it operates in the mall—one of the 65 locations it plans to close across the US in 2017.


There’s another Apple store about 10 miles from the one that’s closing. But how strange if Apple’s retail march should be stymied by the collapse of other retailers.
link to this extract

Instagram Says Hack That Targeted Celebrities Was Wider Than Previously Thought – WSJ

Deepa Seetharaman:


Social-media app Instagram said a hack it disclosed earlier this week affected a larger number of users than it previously detected.

Instagram, owned by Facebook, earlier this week said hackers stole email addresses and phone numbers—but not passwords—tied to some celebrity accounts.

On Friday, the photo- and video-sharing app said the theft affected regular users as well and wasn’t just “targeted at high-profile users.” Instagram reiterated that no passwords were stolen.

The contact information was stolen after hackers exploited a bug in Instagram’s software that the company says has since been patched up.

Instagram, which has 700 million monthly users, said it doesn’t know which specific accounts were affected and said a “low percentage” of its users were affected, without providing more specific figures.


Email addresses and phone numbers. That’s calamitous. The article says “it typically takes a lot of work to gain control of a user’s phone number or email account without the help of a stolen password”. Perhaps they’re unaware of SIM fraud, which is an easy way to get those. But for celebrities (or anyone), having someone else get your phone number in this way is bad.
link to this extract

iOS cropping • All this

Dr Drang:


I’m pretty sure I’ve always been frustrated by the way cropping works in the iOS Photos app. It’s usually presented as being so easy—just drag the crop handles where you want—but that isn’t really how it works. Quite often, a handle you aren’t dragging moves too, screwing up your careful editing…

…There is a way around this, but it’s also unintuitive, and I often forget about it until my crop is ruined and I have to start over again.

Instead of dragging the crop handles at the corners of the image, touch and drag from the middle of an edge. For God knows what reason, cropping this way doesn’t change the position of the other crop handles.


I wasn’t particularly aware of this as an annoyance, but it clearly bugs him a lot. (Also, I don’t think it will change.)
link to this extract

Flat UI elements attract less attention and cause uncertainty • Nielsen-Norman Group

The usability testers compared “flat” and “slightly 3D” pages:


When we compared average number of fixations and average amount of time people spent looking at each page, we found that:
• The average amount of time was significantly higher on the weak-signifier versions than the strong-signifier versions. On average participants spent 22% more time (i.e., slower task performance) looking at the pages with weak signifiers.
• The average number of fixations was significantly higher on the weak-signifier versions than the strong-signifier versions. On average, people had 25% more fixations on the pages with weak signifiers.
(Both findings were significant by a paired t-test with sites as the random factor, p less than 0.05.)

This means that, when looking at a design with weak signifiers, users spent more time looking at the page, and they had to look at more elements on the page. Since this experiment used targeted findability tasks, more time and effort spent looking around the page are not good. These findings don’t mean that users were more “engaged” with the pages. Instead, they suggest that participants struggled to locate the element they wanted, or weren’t confident when they first saw it.


Even so, people are going to go with flat design, because it’s trendy. For a couple of years. Then it’ll be 3D buttons everywhere.
link to this extract

Paris Hilton backs an eyebrow-raising crypto project • FT Alphaville

Kadhim Shubber:


What is LydianCoin? Oh boy, you’re going to enjoy this.

LydianCoin is from a company called Gravity4, whose chairman and chief executive, Gurbaksh Chahal, pleaded guilty in 2014 to misdemeanour battery charges of domestic violence.

The digital advertising business claims to be “the world’s first A.I. big data marketing cloud” and is raising $100m (!!!) through the sale of Lydian “tokens” to finance the development of… well, nothing really:


100% of the proceeds raised by the sale of Lydian tokens will be held by LydianCoin Pte. (in fiat currency or cryptocurrency, as financial, security, and other considerations may demand) as reserves against the cost of services to be performed for Lydian token holders upon negotiation of the token back to Lydian.


If the whitepaper is to be believed, the whole idea here is that people will pay for Lydian tokens and use them to buy advertising campaigns from LydianCoin, which in turn licences its technology, products and services from Gravity4. The money won’t be used for anything. It will just sit there, covering the enormous balance sheet liability this ICO will create for LydianCoin.

We’ve often talked about how ICOs are like buying funfair tickets for a funfair that hasn’t been built yet. This is like buying tokens for rides at a funfair when you could just use your money to pay for the rides directly.


I think this is going to flop, because of the action taken in the next link.
link to this extract

China herds ICO cats • Bloomberg Gadfly

Tim Culpan on the decision by China to regulate (essentially, stop) “initial coin offerings” – the profusion of new cryptocurrencies, which are blooming like algae in a fetid pond:


Chinese policy makers have allowed bitcoin to flourish almost unchecked. To be sure, regulators had shown their concern over the digital currency aiding capital flight and money laundering by curtailing withdrawals earlier this year. Yet their general hands-off approach allowed China to become a global center of trading and mining (the process by which transactions are verified).

Libertarians decry the limited controls China has put on bitcoin, while others have argued that regulation equals legitimacy. Those who think the government has been heavy-handed need to take a look at the country’s foreign-exchange and capital controls.

Banning ICOs means regulators are taking a much firmer stance on this fundraising method than they ever had on bitcoin. Offerings were getting so out of hand that it was becoming a cliche. I’ve written before on why these new tokens are like penny stocks (and that’s a good thing), so I won’t belabor the point. But whereas bitcoin is just one crytpocurrency propped up by a demand narrative, the majority of new tokens issued this year are of zero value. Let me be clear: It’s not that most of these new coins are of low value; most of them have no value whatsoever.

About 10% of all money raised in ethereum-based ICOs has been stolen by cybercriminals, according to a recent estimate by Chainalysis. By August, cybercrime losses had tallied $225m, the digital currency analysts wrote. And that doesn’t take into account all the money flowing into tokens that weren’t stolen, but simply funded scams or projects with no future.


The ICO bubble is just astonishing. I really find it hard to believe that people are so credulous. But clearly some are.
link to this extract

Russian election hacking efforts, wider than previously known, draw little scrutiny • The New York Times

Nicole Perlroth, Michael Wines And Matthew Rosenberg:


The calls started flooding in from hundreds of irate North Carolina voters just after 7 a.m. on Election Day last November.

Dozens were told they were ineligible to vote and were turned away at the polls, even when they displayed current registration cards. Others were sent from one polling place to another, only to be rejected. Scores of voters were incorrectly told they had cast ballots days earlier. In one precinct, voting halted for two hours.

Susan Greenhalgh, a troubleshooter at a nonpartisan election monitoring group, was alarmed. Most of the complaints came from Durham, a blue [Democrat]-leaning county in a swing state. The problems involved electronic poll books — tablets and laptops, loaded with check-in software, that have increasingly replaced the thick binders of paper used to verify voters’ identities and registration status. She knew that the company that provided Durham’s software, VR Systems, had been penetrated by Russian hackers months before.

“It felt like tampering, or some kind of cyberattack,” Ms. Greenhalgh said about the voting troubles in Durham.

There are plenty of other reasons for such breakdowns — local officials blamed human error and software malfunctions — and no clear-cut evidence of digital sabotage has emerged, much less a Russian role in it. Despite the disruptions, a record number of votes were cast in Durham, following a pattern there of overwhelming support for Democratic presidential candidates, this time Hillary Clinton.

But months later, for Ms. Greenhalgh, other election security experts and some state officials, questions still linger about what happened that day in Durham as well as other counties in North Carolina, Virginia, Georgia and Arizona.


link to this extract

SharknAT&To • Nomotion Blog

J. Hutchins dug into the AT&T cable modem, as provided to millions of customers, and found tons of awful security holes:


It was found that the latest firmware update (9.2.2h0d83) for the NVG589 and NVG599 modems enabled SSH and contained hardcoded credentials which can be used to gain access to the modem’s “cshell” client over SSH. The cshell is a limited menu driven shell which is capable of viewing/changing the WiFi SSID/password, modifying the network setup, re-flashing the firmware from a file served by any tftp server on the Internet, and even controlling what appears to be a kernel module whose sole purpose seems to be to inject advertisements into the user’s unencrypted web traffic. Although no clear evidence was found suggesting that this module is actually being used currently, it is present, and vulnerable.


In other words, the superuser account has a hardcoded password. And it could insert ads into your internet browsing. Delightful.
link to this extract

Why 16% of the code on the average site belongs to Facebook, and what that means • Medium

Ben Regenspan:


According to data collected by, 6% of the top 10,000 most high-traffic sites load content from Facebook’s servers. For the vast majority of them, that content is likely Facebook’s Javascript SDK, a huge block of code that is needed to display such features as the Like button (as seen on many media sites) and Facebook comments widgets (also used on many big media sites, Buzzfeed among them). The SDK code is so big that it represents about 16% of the total size of all Javascript on the average web page.

One of the culprits behind modern websites taking so long to download
As a sizable and widely-used software library, the Facebook SDK is a nice way of illustrating some of the answers to the questions: just why is the average site today so big? And how much does size actually matter?

…If you want to use the Like button, stop and reconsider. Facebook no longer displays Likes of a page prominently (or, in most cases, at all) on user timelines. It’s better to use a simple custom Share button or link, and as a side benefit, doing so will prevent Facebook from tracking all visits to your page and interfering with the privacy of your users. Sites that have eliminated the Like button have failed to identify any negative impact of doing so when it comes to Facebook traffic referrals.


link to this extract

Donald Trump’s EPA is now attacking journalists [updated] • Gizmodo

Tom McKay:


On Saturday, Associated Press journalists Jason Dearen and Michael Biesecker reported at least five toxic, Houston-area Superfund sites in the path of Hurricane Harvey had been deluged with floodwater, potentially distributing the assorted nasty things contained within across a much larger geographical area. The AP report noted while its reporters were able to access the sites via boat, the Environmental Protection Agency was not on scene, and did not provide a timeline for when its staff would be able to visit them.

Now the EPA, which is under the control of Donald Trump appointee and longtime EPA hater Scott Pruitt, has fired back with one of the administration’s favorite tactics: smearing the messenger. In an extraordinary statement that appeared on the agency’s website on Sunday, the EPA called the AP report “misleading” and attacked Biesecker’s “audacity” and credibility.

“Here’s the truth: through aerial imaging, EPA has already conducted initial assessments at 41 Superfund sites—28 of those sites show no damage, and 13 have experienced flooding,” the EPA wrote.

Notably, the EPA tried to bury that its “initial assessment” was conducted with “aerial images,” not actual on-site assessments, and that the agency had failed to visit at least 11 possibly storm-damaged Superfund sites as of Saturday. That is completely in line with the original AP report.


The EPA tried to raise the stakes by claiming that Biesecker “has a history of not letting the facts get in the way of his story”. This is untrue; the EPA’s mouthpiece claimed it was untrue that Pruitt met DOW CEO Andrew Liveris before deciding not to ban a Dow-made pesticide. In fact, the meeting, as reported by Biesecker, did take place; but it was removed from the EPA’s schedule. The two certainly met, at an energy conference in Houston.

The pesticide, by the way, is reckoned by scientists to affect the brain development of foetuses and infants. But Pruitt decided to allow its sale to continue. Whose environment is the agency protecting, precisely?
link to this extract

*Insane state of today’s advertising part 3.* • Google+

Artem Russakovski:


Companies like Cedato and (now OneByAOL?) are the scum of the Internet. Ads like these make me so mad. Just look at this shit.

A static ad loads. Then behind the scenes thousands of requests continue to execute, absolutely destroying browser performance. And the worst part is nothing is even happening on the screen – the ad that is showing is completely static.

Currently reproducible here:
1. Open Chrome Dev Tools on desktop.
2. Load up
3. Disable your ad blocker on that page and reload.
4. Observe the sad state of today’s advertising hasn’t changed in years since I first brought it up here and here

Advertising companies that do this – you are the reason people use ad blockers. Greedy and incompetent.


Russakovski is founder of and; anything that drives people to use adblockers is bad news for him. As has emerged, what’s going on here is fraud – stuffing video preroll ads into static ads.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Website readers! You could sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam. (Aren’t you glad you had to hunt this out rather than having it take over the page?)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.