Start Up: the fake follower factory, OnePlus isn’t snitching, bitcoin follows you!, solving Travelling Salesmen, and more

“Yeah, opsec is really important. That’s what it says on my Fitbit when it uploads to the cloud.” Photo by the US Army on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. It’s all done by magic, which sometimes doesn’t work. I’m @charlesarthur on Twitter. Observations and links welcome.

The follower factory • The New York Times

Nicholas Confessore, Gabriel J.X. Dance, Richard Harris and Mark Hansen with an amazing, in-depth piece about the people who buy fake followers and one of the (many) companies, Devumi, that sells them:


Over two years, the Democratic public relations consultant and CNN contributor Hilary Rosen bought more than a half-million fake followers from Devumi. Ms. Rosen previously spent more than a decade as head of the Recording Industry Association of America. In an interview, she described the purchases as “an experiment I did several years ago to see how it worked.” She made more than a dozen purchases of followers from 2015 to 2017, according to company records.

Other buyers said they had faced pressure from employers to generate social media followers. Marcus Holmlund, a young freelance writer, was at first thrilled when Wilhelmina, the international modeling agency, hired him to manage its social media efforts. But when Wilhelmina’s Twitter following didn’t grow fast enough, Mr. Holmlund said, a supervisor told him to buy followers or find another job. In 2015, despite misgivings, he began making monthly Devumi purchases out of his own pocket.

“I felt stuck with the threat of being fired, or worse, never working in fashion again,” said Mr. Holmlund, who left in late 2015. “Since then, I tell anyone and everyone who ever asks that it’s a total scam — it won’t boost their engagement.” (A Wilhelmina spokeswoman declined to comment.)

Several Devumi customers acknowledged that they bought bots because their careers had come to depend, in part, on the appearance of social media influence. “No one will take you seriously if you don’t have a noteworthy presence,” said Jason Schenker, an economist who specializes in economic forecasting and has purchased at least 260,000 followers.

Not surprisingly, Devumi has sold millions of followers and retweets to entertainers on the lower and middle rungs of Hollywood, such as the actor Ryan Hurst, a star of the television series “Sons of Anarchy.” In 2016 and 2017, he bought a total of 750,000 followers, about three-quarters of his current count. It cost less than $4,000, according to company records. Mr. Hurst did not respond to multiple requests for comment.


It’s worth viewing this in a desktop browser to get the full effect, which is amazing. (Devumi denied it sold fake followers. Uh-huh.) There’s a great deal of “did not respond to requests for comment”. And it prompted Paul Hollywood to delete his account, it seems. Martha Lane Fox, a Twitter board member, is also caught in the net. And one Breitbart bureau chief’s followers are almost all bots, each priced about 2 cents each.

Makes it clear that Twitter really doesn’t have a handle on what’s going on. But it would also be hard as hell.
link to this extract

No, OnePlus is still not sending your clipboard data to China • Android Police

Ryan Whitwam:


The apparent misunderstanding comes down to a file in the OxygenOS beta called badwords.txt. You can get a rundown of what it contains in this tweet. In the resulting Reddit thread, most everyone was happy to hop on the bandwagon and blame OnePlus.

This time, the company is wasting no time issuing a clear explanation of the situation. Here’s the official statement.


There’s been a false claim that the Clipboard app has been sending user data to a server. The code is entirely inactive in the open beta for OxygenOS , our global operating system. No user data is being sent to any server without consent in OxygenOS.

In the open beta for HydrogenOS, our operating system for the China market, the identified folder exists in order to filter out what data to not upload. Local data in this folder is skipped over and not sent to any server.


The allegation is that OP uses this file to identify data to upload to a Chinese server. According to OnePlus, badwords.txt is actually a blacklist file—it tells the OS not to monitor matching data for its smart clipboard service. You’re probably not familiar with that feature because it’s only used in China as part of HydrogenOS. It was originally developed as a way to get around blocking of competitor links in Chinese messaging services like WeChat, and there’s no reason to do that in the US. So, the code is inactive in OxygenOS.

So, it sounds like OnePlus’ only mistake here was including files from HydrogenOS in the OxygenOS beta. The code is inactive, but it’s bound to confuse people. Everyone is watching OP closely right now and ready to believe the worst, but the company didn’t do anything shady with your clipboard data. It’s also important to remember this is beta software.


link to this extract

Map showing where today’s countries would be located on Pangea • Open Culture


The map’s creator is Massimo Pietrobon, someone who playfully describes himself as “a famous explorer and cartographer of Atlantis,” and who has taken on other experiments with maps in the past. When someone claimed that the scale of certain countries wasn’t exactly right, Massimo was quick to confess on his blog, “Yes, it’s just a trial, it can be better.” But it’s a creative start.


I don’t think the US would like those neighbouring countries. Then again, flights to Europe would be cheap.
link to this extract

U.S. soldiers are revealing sensitive and dangerous information by jogging • The Washington Post

Liz Sly:


An interactive map posted on the Internet that shows the whereabouts of people who use fitness devices such as Fitbit also reveals highly sensitive information about the location and activities of soldiers at U.S. military bases, in what appears to be a major security oversight.

The Global Heat Map, published by the GPS tracking company Strava, uses satellite information to map the location and movements of subscribers to the company’s fitness service over a two-year period, by illuminating areas of activity. 

Strava says it has 27 million users around the world, including people who own widely available fitness devices such as Fitbit, Jawbone and Vitofit, as well as people who directly subscribe to its mobile app. The map is not live — rather, it shows a pattern of accumulated activity between 2015 and September 2017.

Most parts of the United States and Europe, where millions of people use some type of fitness tracker, show up on the map as a blaze of light, because there is so much activity. 

In war zones and deserts in such countries as Iraq and Syria, the heat map becomes almost entirely dark — except for scattered pinpricks of activity. Zooming in on those areas brings into focus the locations and outlines of known U.S. military bases, as well as of other unknown and potentially sensitive sites — presumably because American soldiers and other personnel are using fitness trackers as they move around.


So many people are going to be in such trouble. But once your opsec is breached, it’s gone.
link to this extract

Your sloppy bitcoin drug deals will haunt you for years • WIRED

Andy Greenberg:


Researchers at Qatar University and the country’s Hamad Bin Khalifa University earlier this week published findings that show just how easy it may be to dredge up evidence of years-old bitcoin transactions when spenders didn’t carefully launder their payments. In well over 100 cases, they could connect someone’s bitcoin payment on a dark web site to that person’s public account. In more than 20 instances, they say, they could easily link those public accounts to transactions specifically on the Silk Road, finding even some purchasers’ specific names and locations.

“The retroactive operational security of bitcoin is low,” says Qatar University researcher Husam Al Jawaheri. “When things are recorded in the blockchain, you can go back in history and reveal this information, to break the anonymity of users.”

Bitcoin’s privacy paradox has long been understood by its savvier users: Because the cryptocurrency isn’t controlled by any bank or government, it can be very difficult to link anyone’s real-world identity with their bitcoin stash. But the public ledger of bitcoin transactions known as the blockchain also serves as a record of every bitcoin transaction from one address to another. Find out someone’s address, and discovering who they’re sending money to or receiving it from becomes trivial, unless the spender takes pains to route those transactions through intermediary addresses, or laundering services that obscure the payment’s origin and destination.


link to this extract

Is this the society we really want? • NewCo Shift

John Battelle:


Do we really want to buy our food at automated, faceless Amazon stores? Do we really want to cleanse all human contact from what is now one of our most human and most social activities — the gathering of our sustenance? When did society collectively decide that we no longer value the produce guy, the butcher, or the cashier who knows our kids and asks how our mother in law is faring?

My first take on Amazon Go is this: F*cking A, do we really want eggplants and cuts of meat reduced to parameterized choices spit onto algorithmized shelves? Ick. I like the human confidence I get when a butcher considers a particular rib eye, then explains the best way to cook that one cut of meat. Sure, technology could probably deliver me a defensibly “better” steak, perhaps even one tailored to my preferences as expressed through reams of data collected through means I’ll probably never understand.

But come on.

Sometimes you just want to look a guy in the eye and sense, at that moment, that THIS rib eye is perfect for ME, because I trust that butcher across the counter. We don’t need meat informed by data and butchered by bloodless algorithms. We want our steak with a side of humanity. We lose that, we lose our own narrative.


It is the trend in cities – but Battelle is right: human interaction is essential. Else you’re in some vaguely dystopian Black Mirror episode.
link to this extract

Now even YouTube serves ads with CPU-draining cryptocurrency miners • Ars Technica

Dan Goodin:


On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google’s DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain.

The ads contain JavaScript that mines the digital coin known as Monero. In nine out of 10 cases, the ads will use publicly available JavaScript provided by Coinhive, a cryptocurrency-mining service that’s controversial because it allows subscribers to profit by surreptitiously using other people’s computers. The remaining 10% of the time, the YouTube ads use private mining JavaScript that saves the attackers the 30% cut Coinhive takes. Both scripts are programmed to consume 80% of a visitor’s CPU, leaving just barely enough resources for it to function.

“YouTube was likely targeted because users are typically on the site for an extended period of time,” independent security researcher Troy Mursch told Ars. “This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.” Mursch said a campaign from September that used the Showtime website to deliver cryptocurrency-mining ads is another example of attackers targeting a video site.


link to this extract

Using self-organizing maps to solve the Traveling Salesman Problem •

Diego Vicente:


To evaluate the implementation, we will use some instances provided by the aforementioned National Traveling Salesman Problem library. These instances are inspired in real countries and also include the optimal route for most of them, which is a key part of our evaluation. The evaluation strategy consists in running several instances of the problem and study some metrics:

• Execution time invested by the technique to find a solution.
• Quality of the solution, measured in function of the optimal route: a route that we say is “10% longer that the optimal route” is exactly 1.1 times the length of the optimal one.

The parameters used in the evaluation are the ones found by parametrization of the technique, by using the ones provided in previous works 2 as a starting point. These parameters are:

• A population size of 8 times the cities in the problem.
• An initial learning rate of 0.8, with a discount rate of 0.99997.
• An initial neighbourhood of the number of cities, decayed by 0.9997.

These parameters were applied to the following instances:

Qatar, containing 194 cities with an optimal tour of 9352.
• Uruguay, containing 734 cities with an optimal tour of 79114.
• Finland, containing 10639 cities with an optimal tour of 520527.
• Italy, containing 16862 cities with an optimal tour of 557315.


It gets pretty close to the ideal – within 10% on a couple. (Worse on others.) The GIF above is for Uruguay, where it hit 7.5% of the ideal.
link to this extract

Why open matters • Sonos Blog

It’s possible this is authored by Patrick Spence, CEO of Sonos:


With Sonos, we promise you’ll never hit a dead end. That’s because our smart speaker system is designed to tap into just about any piece of sonic culture you can imagine. Since our early days, we’ve been agnostic about the sources of music and audio you can hear on Sonos, preferring to stay open-minded and let you make the choices. If it’s not available on big tech music subscription services, try Spotify, TuneIn or some of the other music services on Sonos.

And if your current itch is too obscure for any of our more than 80 streaming partners to scratch, you can always hook up your turntable or stereo directly to Sonos using a Connect. Whether it’s music, movies, podcasts, or any other sliver of sonic culture, you can use Sonos to pipe it through any room in your home in clear, superior quality.

This spirit of openness is as crucial to us and our products as it is to the free flow of creativity and culture in general. Just like the open, neutral architecture of the Web helps fuel a new creative, musical renaissance, the same principles will help Sonos and its customers explore the true depth of the sonic internet for years to come.

It’s not just about having dozens of music streaming options, either. We’re busy extending the Sonos platform to other partners and integrations as well.


Sonos has stuck to this philosophy since its inception – it’s all about making it possible for any service to stream through its devices. But of course, the reason for pointing this out now is because of Apple’s HomePod, which is about to go on sale and takes Sonos on at the “audio quality” end of its capabilities.

Very reminiscent also of Google’s “open systems win” memo from 2009, when it was about to launch Android:


“At Google we believe that open systems win. They lead to more innovation, value, and freedom of choice for consumers, and a vibrant, profitable, and competitive ecosystem for businesses.”


link to this extract

Dell considers return to stock market • FT

Richard Waters and James Fontanella-Khan:


Michael Dell is considering a return to the stock market, a little over four years after he took his PC company private in a highly contentious $25bn buyout, followed by the $67bn purchase of storage company EMC in the tech industry’s biggest deal.

The company’s board is set to consider the idea of an initial public offering for Dell Technologies, now one of the world’s largest IT companies, along with other potential transactions, according to two people familiar with the company’s deliberations.

According to one of the people, if Dell opts to go public it is likely to pursue a direct listing or a full merger with VMware, the publicly traded data centre technology company that it already controls.

News of the deliberations pushed shares of VMware up by nearly 9% on Friday, lifting its value to $60bn. However, a separate class of “tracking” shares that Dell issued and which are theoretically tied to VMware’s performance slumped by nearly 5%.

The divergence in price appeared to reflect a belief that even if Dell bought out VMware’s ordinary shares, the tracker would continue to trade — and that Dell might even issue more of those shares to help pay for the deal.


Basically, needs some money to help pay down the debt. Michael Dell probably doesn’t want to come back to the market except for that requirement.
link to this extract

You can now watch Nicolas Cage play James Bond • The Outline

Jon Christian:


It was only a matter of time. Users on Deepfakes, a subreddit where people use deep learning technology to face swap celebrities’ likenesses onto footage of porn performers, are turning their skills to a new purpose: inserting the much-memed actor Nicolas Cage into roles he never played.

Back in December, Motherboard discovered a Reddit user who was using a neural network to swap the faces of celebrities including Gal Godot and Taylor Swift onto the bodies of porn performers. Just weeks later, another Redditor used the same algorithm to create a user-friendly program called FakeApp which streamlines the process, letting users plug in a database of images to create new videos without much technical know-how about deep learning technologies. In the wake of FakeApp, Motherboard reported, the phenomenon exploded — the Deepfakes subreddit, for instance, now has more than 30,000 followers.

And now, in what seems to be the natural progression of things on the internet, the subreddit is turnings attention to Cage, an actor known for leading roles in “Raising Arizona,” “Lord of War” and “Face/Off.” In spite of — or perhaps because of — Cage’s uneven critical reception, he’s also become a timeless internet meme. Internet humorists have long remixed his strange performance in the 2006 remake of “The Wicker Man,” photoshopped him into surreal situations, and, most of all, plastered his face onto other people.


link to this extract

The dirty war over diversity inside Google • Wired

Nitasha Tiku:


In interviews with WIRED, 15 current Google employees accuse coworkers of inciting outsiders to harass rank-and-file employees who are minority advocates, including queer and transgender employees. Since August, screenshots from Google’s internal discussion forums, including personal information, have been displayed on sites including Breitbart and Vox Popoli, a blog run by alt-right author Theodore Beale, who goes by the name Vox Day. Other screenshots were included in a 161-page lawsuit that Damore filed in January, alleging that Google discriminates against whites, males, and conservatives.

What followed, the employees say, was a wave of harassment. On forums like 4chan, members linked advocates’ names with their social-media accounts. At least three employees had their phone numbers, addresses, and deadnames (a transgender person’s name prior to transitioning) exposed. Google site reliability engineer Liz Fong-Jones, a trans woman, says she was the target of harassment, including violent threats and degrading slurs based on gender identity, race, and sexual orientation. More than a dozen pages of personal information about another employee were posted to Kiwi Farms, which New York has called “the web’s biggest community of stalkers.”

Meanwhile, inside Google, the diversity advocates say some employees have “weaponized human resources,” by goading them into inflammatory statements, which are then captured and reported to HR for violating Google’s mores around civility or for offending white men.

Engineer Colin McMillen says the tactics have unnerved diversity advocates and chilled internal discussion. “Now it’s like basically anything you say about yourself may end up getting leaked to score political points in a lawsuit,” he says. “I have to be very careful about choosing my words because of the low-grade threat of doxing. But let’s face it, I’m not visibly queer or trans or non-white and a lot of these people are keying off their own white supremacy.”


Alt-right folk are in general stupid, but they’re good at playing the angles to others’ disbenefit.
link to this extract

Errata, corrigenda and ai no corrida: if you’re signed up for the daily email, you won’t have received it on Friday. This turns out to be because my appalling home broadband lost a crucial bit during the upload on Thursday night, and so the RSS feed (used to generate the email) was empty. So no email. I hope this is now fixed; you might have received two emails. I’m sorry about that too, but that’s how machines are.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.