Start Up: Russia’s fake Twitter news, Facebook for kids?, cracking iOS 11, Google v Amazon, and more

We don’t have a picture of data leaking from a database, so here’s the aquatic equivalent. Photo by THomas Good on Flickr.

A selection of 10 links for you. No, target=_blank to open the links in new windows/tabs isn’t implemented yet. Give it a day or so. I’m @charlesarthur on Twitter. Observations and links welcome.

How the Kremlin tried to pose as American news sites on Twitter • Bloomberg

Selina Wang:


The Kremlin-backed Russian Internet Research Agency operated dozens of Twitter accounts masquerading as local American news sources that collectively garnered more than half-a-million followers. More than 100 news outlets also published stories containing those handles in the run-up to the election, and some of them were even tweeted by a top presidential aide. These news imposter accounts, which are part of the 2,752 now-suspended accounts that Twitter Inc. has publicly disclosed to be tied to the IRA, show how the Russian group sought to build local communities of followers to disseminate messages.

Many of the news imposter accounts amassed their following by tweeting headlines from real news sites, while others sought to represent certain communities. They targeted a diverse set of regions across the political spectrum, including Chicago, Los Angeles, Seattle, San Francisco and Boston. Several of the accounts were impersonating local news outlets in swing states, like @TodayPittsburgh, @TodayMiami and @TodayCincinnati.


How soon before the US rules that Twitter is an agent of a foreign power?
link to this extract

A popular virtual keyboard app leaks 31 million users’ personal data • ZDNet

Zack Whittaker:


Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app’s developer failed to secure the database’s server.

The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world.

But the server wasn’t protected with a password, allowing anyone to access the company’s database of user records, totaling more than 577 gigabytes of sensitive data.

The database appears to only contain records on the app’s Android users.

The discovery was found by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet…

…The company also promises to “never share your data or learn from password fields,” but we saw one table containing more than 8.6 million entries of text that had been entered using the keyboard, which included private and sensitive information, like phone numbers, web search terms, and in some cases concatenated email addresses and corresponding passwords.

…”It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices,” [Kromtech head of communications Bob Diachenko] added.


It’s like Dirty Harry. “This is a multi-gigabyte server which could blow your passwords and typing all over the net. In all this excitement, I can’t remember whether I set a password on the server or not. Do you feel lucky, punk? Well, DO YA?”
link to this extract

Facebook ‘Messenger Kids’ lets under-13s chat with whom parents approve • TechCrunch

Josh Constine:


It’s important to understand that kids under 13 still can’t sign up for a Facebook account. Instead, parents download the Messenger Kids app to a child’s iPhone or iPad (Android coming soon). Once the parent has authenticated it with their own account, they set up a mini-profile with their kid’s name and photo. Then, using the Messenger Kids bookmark in the main Facebook app, parents can approve anyone who is friends with them as a contact for their kid, like aunts and uncles or godparents. Messenger Kids is interoperable with the main Messenger app, so adults don’t actually have to download the Kids app.

Kids still can’t be found through Facebook search, which protects their privacy. So if a child wants to be able to chat with one of their classmates, their parent must first friend that kid’s parent, and then will see the option to approve that adult’s child as a contact for their own kid. This is by far the most clumsy part of Messenger Kids, and something Facebook might be able to improve with a way for Messenger Kids to let children perhaps photograph a QR code on their playmate’s app to request that their parents connect…

…One thing that might surprise some people is that there’s no way for parents to secretly spy on what their kids are saying in their chats. Instead, parents have to ask to look at their kids’ screen, which Chung says is a more common behavior pattern. The exception is that if kids report a piece of objectionable content, their parents will be notified but still not shown the content in their own app.


Facebook did a ton of research with parents (including those in the military) to find out the best approach here. It found that kids already had access to hardware: 93% of 6-12 years olds in the US had access to a tablet or smartphone, 66% had their own device, and 60% of parents surveyed said kids under 13 used messaging apps, social media or both.

But at its core, it’s about getting people – even those under age – to use Facebook more. In the end, that’s not working out well for adults already. Why should it be any better for children? If they want to call the grandparents, there’s Skype or Facetime.
link to this extract

iOS 11 leaves iOS devices more vulnerable to edge-case attacks, says phone-cracking company ElcomSoft • 9to5Mac

Ben Lovejoy:


Anyone wanting to access private data from an iPhone used to face two challenges, says the company in a blog post (which was experiencing loading problems at the time of writing). First, they had to access the device itself, which usually requires knowing or cracking the passcode. Second, even with the passcode, you could not access all the data on the device unless you could also crack the password used for the encrypted backup of the device.

It is the encrypted backup that contains Keychain data, allowing you to easily access any account used by the phone’s owner, as well as application data and more. Indeed, in many cases, authorities and other attackers focus their efforts on cracking the backup rather than the device itself, as it provides easier access to more data.

Prior to iOS 11, if you made an encrypted backup to iTunes, the password protecting that backup was used every time in future, even if you switched Mac…

…Apple documents this process, so it’s clearly a deliberate decision rather than a bug.

It seems likely that Apple is balancing convenience against security here, taking the view that anyone who has the device passcode usually has legitimate access to the device. The new behavior would be helpful to anyone who forgot their encrypted backup password, as well as families of anyone who passed away but had shared their passcode with family members.

My personal view is that the change makes sense. The risk created by it is real edge-case stuff: someone has physical access to my device and knows my passcode. The benefit is that there’s an escape plan for the many people who forget rarely-used passwords – like, in this case, an encrypted backup password that is typically only needed when upgrading devices.


Elcomsoft has a point. Question is, how many people give up their passcode to those they shouldn’t?

link to this extract

Fun with Facebook ads? • ZGP

Don Marti:


Most of the ads that I was getting to start with were for free-to-play NSFW games, so I changed my profile to “female”. Jackpot! All of a sudden I started getting much more professional ads, including IT products and services for big companies, and training classes for online marketing skills (yes, including a Facebook ad for a class on how to advertise on Facebook). What I guess happened is that the more business-focused advertisers put in gender-neutral bids, and while I was “male” on the site, they got outbid by the game companies specifically targeting male users.

(Dudes, I highly recommend going “female” on Facebook if you haven’t already, especially if you might be embarrased about people seeing too much décolletage in the ads when they walk by. So there’s your personal infotainment tip for today.)

But what did I do? I had fixed a problem, so I broke it some more. I went ahead and stayed female, but increased my age to 88. Big mistake.


It’s quite remarkable what you then get.
link to this extract

Bitcoin could cost us our clean-energy future • Grist

Eric Holthaus:


As bitcoin grows, the math problems computers must solve to make more bitcoin (a process called “mining”) get more and more difficult — a wrinkle designed to control the currency’s supply.

Today, each bitcoin transaction requires the same amount of energy used to power nine homes in the U.S. for one day. And miners are constantly installing more and faster computers. Already, the aggregate computing power of the bitcoin network is nearly 100,000 times larger than the world’s 500 fastest supercomputers combined.

The total energy use of this web of hardware is huge — an estimated 31 terawatt-hours per year. More than 150 individual countries in the world consume less energy annually. And that power-hungry network is currently increasing its energy use every day by about 450 gigawatt-hours, roughly the same amount of electricity the entire country of Haiti uses in a year.

That sort of electricity use is pulling energy from grids all over the world, where it could be charging electric vehicles and powering homes, to bitcoin-mining farms. In Venezuela, where rampant hyperinflation and subsidized electricity has led to a boom in bitcoin mining, rogue operations are now occasionally causing blackouts across the country. The world’s largest bitcoin mines are in China, where they siphon energy from huge hydroelectric dams, some of the cheapest sources of carbon-free energy in the world. One enterprising Tesla owner even attempted to rig up a mining operation in his car, to make use of free electricity at a public charging station.

In just a few months from now, at bitcoin’s current growth rate, the electricity demanded by the cryptocurrency network will start to outstrip what’s available, requiring new energy-generating plants.


Though I linked to the data about bitcoin mining using so much energy, the fact of its exponential increase in demand had passed me by. Only if fewer people mine will the difficulty come down, and then the demand. But that’s only going to happen if the price drops precipitously.
link to this extract

YouTube is gone from Amazon Fire TV and Echo Show again, as Google vs Amazon heats up • BGR

Yoni Heisler:


In a bold strike against Amazon, Google earlier today pulled support for its YouTube app from both the Amazon Echo Show and the Fire TV. If this all sounds familiar, it’s because we previously went down a similar road this past September. Back then, Google explained that the Echo Show’s implementation of YouTube lacked integral features and created a broken experience for users. YouTube ultimately returned to the Echo Show in late November, though sources familiar with the matter tell TechCrunch that Amazon at the time implemented a workaround that wasn’t authorized by Google.

So now we’re back to square one, with Echo Show users left unable to access any YouTube content. Fire TV users, meanwhile, will lose access on January 1. In a statement on the matter, Google accused Amazon of refusing to sell certain Google branded products.

“We’ve been trying to reach agreement with Amazon to give consumers access to each other’s products and services,” Google said. “But Amazon doesn’t carry Google products like Chromecast and Google Home, doesn’t make Prime Video available for Google Cast users, and last month stopped selling some of Nest’s latest products. Given this lack of reciprocity, we are no longer supporting YouTube on Echo Show and FireTV. We hope we can reach an agreement to resolve these issues soon.”


It’s telling that Google’s (only available) reprisal for not having its hardware sold on a store is to make its services unavailable on that store’s hardware. Who do we think loses more here?
link to this extract

How brands secretly buy their way into Forbes, Fast Company, and HuffPost stories • The Outline

Jon Christian:


Interviews with more than two dozen marketers, journalists, and others familiar with similar pay-for-play offers revealed a dubious corner of online publishing in which publicists, ranging from individuals like Satyam to medium-sized “digital marketing firms” that blur traditional lines between advertising and public relations, quietly pay off journalists to promote their clients in articles that make no mention of the financial arrangement.

People involved with the payoffs are extremely reluctant to discuss them, but four contributing writers to prominent publications including Mashable, Inc, Business Insider, and Entrepreneur told me they have personally accepted payments in exchange for weaving promotional references to brands into their work on those sites. Two of the writers acknowledged they have taken part in the scheme for years, on behalf of many brands.

One of them, a contributor to Fast Company and other outlets who asked not to be identified by name, described how he had inserted references to a well-known startup that offers email marketing software into multiple online articles, in Fast Company and elsewhere, on behalf of a marketing agency he declined to name. To make the references seem natural, he said, he often links to case studies and how-to guides published by the startup on its own site.


I’ve heard about variants of this for a while, specifically around the Forbes “contributors” (who aren’t staff; in effect they’re outside bloggers). After I’d left the Guardian, I saw claims that there were similar paid links at The Guardian. I investigated them via those who claimed to have paid for links: they didn’t check out. (I think the middlemen selling links claimed it so they could charge more for the places where they could sell links.)

It’s an unsurprising wrinkle. Good journalism by Christian to pin it down.
link to this extract

Apple’s HomePod isn’t about Siri, but rather the future of home audio • Apple Insider

Daniel Eran Dilger:


Apple’s intent for HomePod isn’t just being a copy of Echo. Despite a dubious “tell-all” report for Bloomberg by Mark Gurman (the same person who likes to announce on camera how far ahead Amazon is over Apple in its Alexa voice app partnerships) that portrayed Apple’s HomePod as a disjointed, incompetently run skunkworks project, the reality is that HomePod is doing something very different than Amazon.

It does not appear that anyone at Bloomberg understands anything about Apple’s strategy, but rather only views the company through a distorted lens of other companies’ marketing nonsense. That explains why Gurman earlier insisted in 2015 that his sources had confirmed that the second generation of Apple Watch would get a low-quality camera just like Samsung’s failed Gear smartwatch. This made no sense at all for many reasons but was received and propagated by other outlets as reliable news, before being forgotten. Years later, there’s no camera on Apple Watch.

Like the original Mac, NeXT, iPhone and iPad, HomePod isn’t an attempt to merely clone the status quo, but rather an effort to take very expensive new technology and make it affordable to the mass market. HomePod is the pinnacle of Apple’s resurgent efforts to push advanced audio technology since its acquisition of Beats. It’s not just a wireless speaker with Siri.


HomePod is miles from “mass market”. Echo, Dot, Google Home: those are priced for the mass market. Trying to drive mass market purchasing of high-quality audio because it’s high-quality audio is doomed to failure. (CDs offered higher-quality audio, but it was their convenience that made them sell.)

There’s a legitimate question about how big and how useful the “smart speaker” market can be, but Apple’s definitely playing in it. Coming so late to the game, it doesn’t have the luxury of redefining the market.
link to this extract

HP, Asus announce first Windows 10 ARM PCs: 20 hour battery life, gigabit LTE • Ars Technica

Peter Bright:


Just shy of a year after announcing that Windows was once again going to be available on ARM systems, the first two systems were announced today: the Asus NovaGo 2-in-1 laptop, and the HP Envy x2 tablet.

Branded as Always Connected PCs, the new Windows on ARM systems are positioned as bringing together the best of PCs and smartphones. They have PC form factors, with the productivity enabled by a real keyboard, touchpad, and general purpose operating system capable of running regular Windows software, but they bring with them the seamless switching between LTE and Wi-Fi, instant on, multiple working day battery life, and slimline, lightweight packaging that we’re accustomed to on our phones.

The Asus laptop boasts 22 hours of battery life or 30 days of standby, along with LTE that can run at gigabit speeds. HP’s tablet offers a 12.3 inch, 1920×1280 screen, 20 hours battery life or 29 days of standby, and a removable keyboard-cover and stylus. Both systems use the Snapdragon 835 processor and X16 LTE modem, with HP offering up to 8GB RAM and 256GB storage to go with it…

…The emulator runs in a just-in-time basis, converting blocks of x86 code to equivalent blocks of ARM code. This conversion is cached both in memory (so each given part of a program only has to be translated once per run) and on disk (so subsequent uses of the program should be faster, as they can skip the translation). Moreover, system libraries—the various DLLs that applications load to make use of operating system features—are all native ARM code, including the libraries loaded by x86 programs. Calling them “Compiled Hybrid Portable Executables” (or “chippie” for short), these libraries are ARM native code, compiled in such a way as to let them respond to x86 function calls.

While processor-intensive applications are liable to suffer a significant performance hit from this emulation—Photoshop will work in the emulator, but it won’t be very fast—applications that spend a substantial amount of time waiting around for the user—such as Word—should perform with adequate performance.


Seems like a better approach than the first time round with ARM. That’s quite some battery life, too.
link to this extract

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.