Start Up: Uber covered up hack, HomePod’s slow lane, Google’s location tracking, the new AI jobs, and more

Don’t say you eat Sweetgreens salad if you work for HQ! Photo by monicamüller on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Yes, two Bloomberg links at the top, it’s how it goes. I’m @charlesarthur on Twitter. Observations and links welcome.

Uber paid hackers to delete stolen data on 57 million people • Bloomberg

Eric Newcomer:


Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing company ousted Joe Sullivan, chief security officer, and one of his deputies for their roles in keeping the hack under wraps.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.


Github to AWS processing of rider data. Uber broke all sorts of rules in keeping this quiet.


In January 2016, the New York attorney general fined Uber $20,000 for failing to promptly disclose an earlier data breach in 2014. After last year’s cyberattack, the company was negotiating with the FTC on a privacy settlement even as it haggled with the hackers on containing the breach, Uber said. The company finally agreed to the FTC settlement three months ago, without admitting wrongdoing and before telling the agency about last year’s attack.


And how do you really know that the hackers haven’t just kept a copy?
link to this extract

Why Apple’s HomePod is three years behind Amazon’s Echo • Bloomberg

Mark Gurman and Alex Webb:


Apple audio engineers had been working on an early version of the HomePod speaker for about two years in 2014 when they were blindsided by the Echo, a smart speaker from Inc. with a voice-activated assistant named Alexa. The Apple engineers jokingly accused one another of leaking details of their project to Amazon, then bought Echos so they could take them apart and see how they were put together. They quickly deemed the Echo’s sound quality inferior and got back to work building a better speaker.

More than two years passed. In that time Amazon’s Echo became a hit with consumers impressed by Alexa’s ability to answer questions, order pizzas and turn lights on and off. Meanwhile, Apple dithered over its own speaker, according to people familiar with the situation. The project was cancelled and revived several times, they said, and the device went through multiple permutations (at one point it stood 3 feet tall) as executives struggled to figure out how it would fit into the home and Apple’s ecosystem of products and services.

In the end, the company plowed ahead, figuring that creating a speaker would give customers another reason to stay loyal.


This is pretty much all the original (or useful) reporting in the piece. There’s a lot of filler.
link to this extract

Apple’s iPhone X assembled by illegal student labour • FT

Yuan Yang:


Apple’s main supplier in Asia has been employing students illegally working overtime to assemble the iPhone X, as it struggles to catch up with demand after production delays. 

Six high school students told the Financial Times they routinely work 11-hour days assembling the iPhone X at a factory in Zhengzhou, China, which constitutes illegal overtime for student interns under Chinese law.

The six said they were among a group of 3,000 students from Zhengzhou Urban Rail Transit School sent in September to work at the local facility run by Taiwan-based Apple supplier Hon Hai Precision Industry, better known as Foxconn.

The students, aged 17 to 19, said they were told that a three-month stint at the factory was required “work experience” that they had to complete in order to graduate…

…“We are being forced by our school to work here,” said Ms Yang, an 18-year-old student training to be a train attendant who declined to use her first name for fear of punishment. “The work has nothing to do with our studies.” She said she assembled up to 1,200 iPhone X cameras a day.

The school declined to comment.

When contacted about the students’ complaints, Apple and Foxconn acknowledged they had discovered cases of student interns working overtime and said they were taking remedial action. But both companies said the students were working voluntarily.


link to this extract

Google collects Android users’ locations even when location services are disabled • Quartz

Keith Collins:


Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

Quartz observed the data collection occur and contacted Google, which confirmed the practice.
The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

“In January of this year, we began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery,” the Google spokesperson said in an email. “However, we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID.”

It is not clear how cell-tower addresses, transmitted as a data string that identifies a specific cell tower, could have been used to improve message delivery. But the privacy implications of the covert location-sharing practice are plain.


Happens even if you use an Android device without a SIM card. Very reminiscent of the collection of Wi-Fi network data by Google Street View in 2010. That was blamed on a rogue engineer, even though the system had to be approved by a manager.
link to this extract

Intel Management Engine flaws leave millions of PCs exposed • WIRED

Lily Hay Newman:


Security researchers have raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible.

On Monday, the chipmaker released a security advisory that lists new vulnerabilities in ME, as well as bugs in the remote server management tool Server Platform Services, and Intel’s hardware authentication tool Trusted Execution Engine. Intel found the vulnerabilities after conducting a security audit spurred by recent research. It has also published a Detection Tool so Windows and Linux administrators can check their systems to see if they’re exposed.


Don’t worry, it’s only PCs, servers, and IoT devices. Demonstrated by researchers who found it can “run unsigned, unverified code”.
link to this extract

CEO of HQ, the hottest app going: if you run this profile, we’ll fire our host • Daily Beast

Taylor Lorenz:


Because of his status as a rising celeb, The Daily Beast reached out to [Scott] Rogowsky on Monday to write a lighthearted profile on his career and how his life has changed post-HQ fame.

Scott agreed to the interview and chatted with The Daily Beast on Monday afternoon. The Daily Beast simultaneously reached out to the HQ public relations email account and Yusupov, one of HQ’s founders, letting him know of our plans to write a story about the show’s host.

Several hours later, we received an email from Yusupov stating that HQ was “not making Scott available to discuss his involvement with HQ with the media/press.” The reporter informed Yusupov that we had already interviewed Scott and that the story was nearing publication, but encouraged him to call us with any concerns.

That’s when things went off the rails.

Yusupov, the CEO of HQ, called the reporter’s cell phone and immediately raised his voice. He said that we were “completely unauthorized” to write about Scott or HQ without his approval and that if we wrote any type of piece about Scott, he would lose his job.

Yusupov continued to threaten Scott’s job, even after The Daily Beast explained that the story was framed around Scott’s daily life and that he revealed no corporate information.

“You’re putting Scott’s job in jeopardy. Is that what you want?” Yusupov said. “Scott could lose his job.”

“Please read me your story word for word,” Yusupov said. “Or you can email it to me.” Although The Daily Beast does not typically share the contents of our pieces, the reporter shared quotes from Rogowsky, which were non-confrontational and shared no company secrets.

Yusupov’s objections began with the line, “Scott said that despite the attention, he’s still able to walk down the street and order his favorite salad from Sweetgreen without being accosted.”

“He cannot say that!” Yusupov shouted. “We do not have a brand deal with Sweetgreen! Under no circumstances can he say that.”

When asked to confirm that Rogowsky can’t say he personally enjoys eating at Sweetgreen, Yusupov said “he cannot say that,” inaccurately claiming that Scott had disclosed private company information by revealing his preference for a salad chain.


It’s as though he took himself hostage and threatened to shoot.
link to this extract

What I learned visiting my first live eSports tournament • Ars Technica UK

Kyle Orland:


At this point, I don’t have much patience for the argument that eSports fans should stop watching other people play video games and just play those games themselves.
For one, it’s an argument that few people make about spectator sports like basketball and football, where the skill difference between a pro and a novice is roughly the same as in eSports. For another, the thrill of watching a competitor at the top of his or her game is entirely distinct (and better in some ways) from competing yourself.

What I’ve never quite understood, though, is the concept of paying money for a ticket to watch a live eSports competition in person.

The appeal of the live experience for most sports is obvious. For all the convenience of a televised game, it can’t compare to the sense of scale and 3D perspective you get actually seeing professional sports in person, watching plays develop and players perform nearly superhuman feats right in front of you.

None of that really applies in eSports, where you’re basically going to a large room to watch a big screen that has the exact same game content you could see at home on Twitch, down to the pixel. Watching the eSports competitors themselves as they sit like statues and become part of the machine during a match hardly seems worth the price of admission, either.

Yet plenty of people pay that admission. The League of Legends World Finals alone filled 80 to 90,000 seats in the Beijing National Stadium this year. What were these people seeing that I wasn’t?


link to this extract

Kagan releases third quarter u.s. multichannel subscriber report • PR Newswire


Legacy multichannel customer defections accelerated in the quarter ended Sept. 30, 2017, coming in just shy of the 1.2-million mark to bring year-to-date losses to 2.9 million according to data compiled by Kagan, a group within S&P Global Market Intelligence.

The combined cable, Direct Broadcast Satellite (DBS) and telecommunications multichannel subscriptions fell to 94.9 million at the end of the period, including 91.7 million residential customers, for a 74.8% residential multichannel penetration.


These are “cable cutters”. It might not sound significant, but the figure is accelerating. Weirdly, people can end up paying more to drop cable because they then sign up for monthly TV packages from related companies.

Even so, there are long-term implications for the US TV industry. What happens if it accelerates to 5m per quarter or more?
link to this extract

Why blocking the AT&T-Time Warner merger might be right • The New York Times

Tim Wu (author of “The Kill Switch”, about the way that companies inevitably want to monopolise spaces, and that competition prevents that):


Time Warner, meanwhile, is threatened by the past decade’s shake-up of the TV and film industries, when new competitors, especially independent programmers like Netflix, Amazon and YouTube, leapt into the market. Facebook may soon join the field. Mergers that marry companies that produce content with those that distribute it create new ways to keep newcomers at bay. AT&T’s use of Time Warner content to defeat wireless competitors could force companies like Verizon to acquire their own content empires. The result might be a media industry like the film studios of the 1950s, which were vertically integrated and jointly resisted competition. (The studios were broken up by the Justice Department.)

There are numerous political and free speech concerns that come when those who control “the pipes” that distribute content also control the programming and news operations. Companies that controlled both the distribution and production of news programs could have enough power to influence elections. In theory, the F.C.C. should intervene to prevent such abuses, but the current commission has shown zero interest in what was once called “the public interest.”

In short, there are good reasons for the Justice Department to be concerned about this merger. Yes, the department over the past two decades has allowed many mega-mergers or taken tepid steps to restrict them through consent decrees. But the department is capable of learning from its mistakes, and the consensus now is that consent decrees don’t work.


You can read the DOJ complaint on its site.
link to this extract

Who’s hiring AI talent in America? • Glassdoor Economic Research

Andrew Chamberlain:


Aside from the top 15 most common open AI jobs [listed earlier in the post], we also found many surprising, albeit less common, AI roles that highlight the diversity of jobs being created by today’s booming AI industry. Here are few examples:

• AI copywriters, who are writing the copy used by AI customer service chatbots;
• Attorneys for AI groups, who are managing valuable AI intellectual property and legal issues;
• Technical sales directors; who are carrying AI innovations out into the field to connect these services with potential customers;
• AI analysts and strategy consultants, who are providing consulting and strategic advice for employers using and building AI technology;
• Marketing managers for AI groups, who are building awareness and a top-of-funnel customer base for companies offering AI technology as a product or service;
• User experience or “UX” designers for AI, who are creative talent tasked with building elegant and easy-to-use AI interfaces for customers; and
• AI journalists, covering news in the fast-moving deep learning and AI industry.

What this diverse set of jobs illustrates is that even today, growing AI is giving rise to unexpected new roles in non-tech sectors. These are jobs that would not likely have existed without the recent growth of AI. Just as AI is making some older jobs obsolete by automating things previously done by a person, AI is also opening up new business channels and creating new jobs along the way.


link to this extract

F.C.C. announces plan to repeal net neutrality • The New York Times

Cecilia Kang:


The Federal Communications Commission announced on Tuesday that it planned to dismantle landmark regulations that ensure equal access to the internet, clearing the way for companies to charge more and block access to some websites.

The proposal, put forward by the F.C.C. chairman, Ajit Pai, is a sweeping repeal of rules put in place by the Obama administration. The rules prohibited high-speed internet service providers from blocking or slowing down the delivery of websites, or charging extra fees for the best quality of streaming and other internet services for their subscribers. Those limits are central to the concept called net neutrality.

The action immediately reignited a loud and furious fight over free speech and the control of the internet, pitting telecom giants like AT&T against internet giants like Google and Amazon, who warn against powerful telecom gatekeepers. Both sides are expected to lobby hard in Washington to push their agendas, as they did when the existing rules were adopted.

“Under my proposal, the federal government will stop micromanaging the internet,” Mr. Pai said in a statement. “Instead, the F.C.C. would simply require internet service providers to be transparent about their practices so that consumers can buy the service plan that’s best for them and entrepreneurs and other small businesses can have the technical information they need to innovate.”


Just when you think they can’t do something more stupid than the last thing they did, they find a new layer in the barrel. However, there are already suggestions such a move would be challenged in the courts, and thus blocked for ages, because “conditions have not changed sufficiently” since the last rules were made.
link to this extract

US prosecutors charge Iranian in ‘Game of Thrones’ hack • Reuters

Jim Finkle:


US prosecutors have charged an Iranian national with hacking into cable TV network HBO and stealing episodes and plot summaries for unaired programs including “Game of Thrones,” then threatening to release the data unless he was paid $6m (£4.53m).

Behzad Mesri, also known as “Skote Vahshat,” was charged with the hack in a sealed indictment that was released on Tuesday by the U.S. Attorney’s office in Manhattan.

Acting US Attorney Joon Kim said at a news conference that Mesri was in Iran. He said Mesri would face consequences even though U.S. authorities could not immediately arrest him.

“He will never be able to travel outside of Iran without fear of being arrested and brought here,” Kim said.

Kim described Mesri as an “experienced and sophisticated hacker who has been wreaking havoc on computer systems around the world for some time.”

Prosecutors said Mesri had worked on behalf of Iran’s military to attack military systems, nuclear software systems and Israeli infrastructure.

They also alleged that he helped an Iranian hacking group, Turk Black Hat Security Team, deface hundreds of websites in the United States and other countries.


So was he moonlighting from his busy work on behalf of the military when he hacked HBO?
link to this extract

Keyboard shortcuts in Windows • Windows Help

I asked, and reader Richard responded. There’s a good number of them.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.