Start Up (holiday bonus): Facebook redux, what the Uber car should have seen, the fake NHS pay rise, and more

That’s a forgery! But will the blockchain spot it? Photo by Yersinia pestis on Flickr.

Today’s is just a bonus, because honestly, there’s a lot of tech stuff that needs noting, isn’t there? But truly, I am on holiday as you read this. I just wasn’t when I wrote it.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Bitcoin will eventually be the single global currency: Twitter’s Jack Dorsey • CNBC

Ari Levy:


Jack Dorsey, the CEO of Twitter and Square, expects bitcoin to become the single global currency within the next decade, he told the Sunday Times newspaper.

Dorsey, a personal investor in bitcoin, expects the cryptocurrency to be used for simple things like coffee and said its ascendance to world’s currency will occur over 10 years, “but it could go faster,” the U.K.-based paper reported.

Square said in November that it would start enabling the buying and selling of bitcoin on its Cash app. Dorsey is also an investor in a star-up called Lightning Labs, which is developing technology to make bitcoin faster and easier to use.

When it first came into use, Bitcoin was touted as an alternative to the dollar and even gold. However, the cryptocurrency has been on a wild ride in recent months, soaring to a record near $20,000 before crashing below $8000 last month.

Dorsey told the Times that bitcoin is “slow and it’s costly, but as more and more people have it, those things go away.”


I’m perfectly happy to take the other side of that bet and come back in ten years. How about you, Jack?
link to this extract

Facebook scraped call, text message data for years from Android phones • Ars Technica

Sean Gallagher:


If you granted permission to read contacts during Facebook’s installation on Android a few versions ago—specifically before Android 4.1 (Jelly Bean)—that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017—the point at which the latest call metadata in Facebook users’ data was found. Apple iOS has never allowed silent access to call data.

Facebook provides a way for users to purge collected contact data from their accounts, but it’s not clear if this deletes just contacts or if it also purges call and SMS metadata. After purging my contact data, my contacts and calls were still in the archive I downloaded the next day—though this may be because the archive was still the same cache I had requested on Friday.

As always, if you’re really concerned about privacy, you should not share address book and call-log data with any mobile application. And you may want to examine the rest of what can be found in the downloadable Facebook archive, as it includes all the advertisers that Facebook has shared your contact information with, among other things.


Jelly Bean was released in September 2012, but it took until October 2013 for that version (or later) to be on more than 50% of Android phones.
link to this extract

Fact check: your call and SMS history • Facebook Newsroom


You may have seen some recent reports that Facebook has been logging people’s call and SMS (text) history without their permission.

This is not the case.

Opt-in features in Facebook Lite and Messenger
Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provide you with a better experience across Facebook. People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off in settings, or here for Facebook Lite users, and all previously shared call and text history shared via that app is deleted. While we receive certain permissions from Android, uploading this information has always been opt-in only.

We introduced this feature for Android users a couple of years ago. Contact importers are fairly common among social apps and services as a way to more easily find the people you want to connect with. This was first introduced in Messenger in 2015, and later offered as an option in Facebook Lite, a lightweight version of Facebook for Android.


Unsigned. Isn’t going to make it any more welcome. “Yeah, you agreed to that in the gazillion-page agreement. Remember? OK so it looked like something else. Get over it.”
link to this extract

How can I download a copy of my Facebook data? What is included – and what isn’t? • Big Brother Watch

You can download your information from your settings. To download your information:

1. Click at the top right of any Facebook page and select “Settings”
2. Click “Download a copy of your Facebook data” at the bottom of General Account Settings
3. Click “Start My Archive”
You will be prompted to confirm that you have requested the archive from your associated email account.

This archive will typically contain a large amount of very sensitive personal information, including contact information, addresses, photos and private messages (see below). You should be careful to store it securely.

I now have my Facebook archive. Where can I find the contact information it has stored about me?

See the ‘contact info’ tab under ‘html’. If you have closely controlled your privacy settings, you won’t see much here.

However, many people find comprehensive contact details from their phone and email accounts.

Some even find extensive call and text logs, likely to arise from app permissions that have been granted.

Why does my contacts list include people that are not on Facebook?

When you first sign up to Facebook, you are asked to hand over your contact lists and address books so Facebook can “Find Friends” for you.
link to this extract

‘Oh my God…It’s fake’: Far right falls for hoax about Broward County sheriff • POLITICO

Marc Caputo:


In the wake of the Marjory Stoneman Douglas High School massacre, the far-right fever swamps buzzed with false information and conspiracy theories about student “crisis actors” who were paid to lie about the mass shooting.

But ironically, conspiracy-minded conservatives fell for a political hoax involving a different kind of actor. The subject? Broward County’s Democratic sheriff, Scott Israel.

Israel for the past month has been assailed as everything from a “rapist” to a philanderer to a crooked cop thanks to three old YouTube videos in which a mystery woman accused him of impregnating her when she was 17 and forcing her to get an abortion. The videos together have been viewed almost 130,000 times since the Feb. 14 shooting.

But all of it was a lie, the woman and her attorney, Yechezkel Rodal, now tell POLITICO, which found her by combing internet videos and social media.

“I was paid to say these things. I didn’t even know what I was saying,” said the woman, who spoke with POLITICO on condition of anonymity because she fears political retribution from Internet trolls or from the sheriff’s office, which does not know her identity. “I’m sorry … It’s fake.”

The revelation comes amid growing concerns about the spate of conspiracy theories and “false flag” attacks surrounding recent mass shootings — especially in Florida — that are surfacing on right-wing and fringe media sites.


This happens at both extremes of political belief, of course.
link to this extract

Despite its mystique, Cambridge Analytica didn’t offer advertisers anything special • AdExchanger

James Hercher:


One agency found Cambridge Analytica was effective for campaigns with specific parameters and targets. The agency used Cambridge Analytica for a campaign heavy on earned media after it claimed it could drive new cycles and engagement.

“It worked, but we chose them because we knew we were targeting a Trump-like audience and they’d have models for that,” said the agency exec, who hasn’t worked with Cambridge Analytica since.

Cambridge Analytica was fairly effective, according to an executive from a news publisher that piloted a subscription campaign with the company, but the program was dropped because it was more expensive than similar optimization tech companies on the market.

Where Cambridge Analytica found success and longer-term work was in Washington, DC, where it positioned itself as an outside commercial option for Republican candidates losing the narrative on data and technology.

Besides need, the Republicans also presented opportunity. They had fewer vendors compared to the Democratic ecosystem, according to a former Cambridge Analytica executive and a digital media executive who worked closely with the company during the election.

“Republican candidates and committees had frankly been overpaying conservative vendors for a long time because really no competition was allowed,” said one political tech executive who worked closely with Cambridge during the campaign and refused to comment publicly due to a nondisclosure.

Cambridge Analytica’s technology may have been standard market fare, he said, but it was competing with overpriced platforms that had long attached big premiums to conservative media buys based on a vague sense that campaigns should have a more political-first media approach and, mostly, out of partisan loyalty.

“The truth is, Facebook or about any commercial DMP can do that better even if their employees want you to lose,” he said.


AdExchanger doesn’t want to tell us what DMP is. Jargon for “data management platform“, since you ask.
link to this extract

Indian agency denies security lapse in ID card project; ZDNet defends report • Reuters

Malini Menon:


Tech news site ZDNet said on Sunday it stood by its report that identified a security vulnerability in data-linked to Aadhaar – India’s national identity card project, after a semi-government agency that manages the database sought to discredit the report.

ZDNet reported that a data leak on a system run by a state-owned utility company could allow access to private information of holders of the biometric “Aadhaar” ID cards, exposing their names, their unique 12-digit identity numbers, and their bank details.

The Unique Identification Authority of India (UIDAI), which manages the Aadhaar program, said “there is no truth in this story,” in a statement late on Saturday.

ZDNet’s global editor-in-chief Larry Dignan said in an email to Reuters on Sunday the publication stood by its report. Dignan said they spent weeks compiling evidence and verifying facts.

“We spent weeks reaching out to the Indian authorities, specifically UIDAI, to responsibly disclose the security issue, and we heard nothing back — and no action was taken until after we published our story,” said Dignan.

UIDAI sought to downplay the report stating that even if the claims in the story were true, it would raise security concerns with the database of the utility company and not with the security of UIDAI’s Aadhaar database. UIDAI said it is “contemplating legal action against ZDNet”.


There have been so many reports of Aadhaar breaches that they can’t all be fake.
link to this extract

#PutinAtWar: trolls on Twitter • Medium

The Atlantic Council’s Digital Forensic Lab looks at how a poll about the Skripal poisoning by a British user was hijacked by a Russian account which spread it to others bots:


From Lisitsa, the retweet cascaded to dozens of other, primarily Russian-language accounts, forming the most substantial cluster of retweets throughout the scan.

None of these Russian accounts has an organic focus on, or interest in, UK politics; their content is dominated by pro-Kremlin messaging, mostly in Russian or English. Their purpose in retweeting the poll therefore seems to have been to spread it to a Russian audience which could be expected to vote against the UK government.

This intervention was small in itself, impacting one poll, from one account. However, the source account was an influential member of a politically vocal UK community; thus, by targeting it, the Russian accounts may have hoped to reinforce their message among UK opposition supporters.

If so, they succeeded. @Rachael_Swindon is not a member of this troll community; it has had no interactions with @malinka1102 or @rixstep, and does not post on hot-button Kremlin topics such as Crimea or MH17.

However, still on March 17, the account had a conversation with @ValLisitsa, at the end of which @Rachael_Swindon claimed, based on its own poll, that the “mood of the British public is starting to shift.”


If these researchers find it this easy to find Russian trolls, why can’t Twitter? Also, anyone who takes the slightest notice of a Twitter poll needs telling off.
link to this extract

Why you need an Untouchable day every week • Harvard Business Review

Neil Pasricha:


Now when I get home after work, I soak in time with my wife and two little boys. Nothing is or will ever be as precious to me, and I resist insight from anyone who isn’t making space for loved ones.  I realized that what I needed was a practical way to get more work done without taking more time. And, to be honest, I needed it fast. Why? Because in my first year as a full-time author, I actually started feeling my productivity slipping — even though I had quit my full-time job. It wasn’t just disheartening; it was also embarrassing. “So how’s the new book coming?” “Oh, now that I quit my job? Terribly!”

I finally found a solution that I feel has saved my career, my time, and my sanity. If you’re with me right now, I bet you need this solution too: I call it “Untouchable Days”.

These are days when I am literally 100% unreachable in any way…by anyone.

Untouchable Days have become my secret weapon to getting back on track. They’re how I complete my most creative and rewarding work. To share a rough comparison, on a day when I write between meetings, I’ll produce maybe 500 words a day. On an Untouchable Day, it’s not unusual for me to write 5,000 words.  On these days, I’m 10 times more productive.

How do I carve out Untouchable Days?

I look at my calendar sixteen weeks ahead of time, and for each week, I block out an entire day as UNTOUCHABLE. I put it in all-caps just like that, too. UNTOUCHABLE. I don’t write in all-caps for anything else, but I allow  UNTOUCHABLE days to  just scream out to me.

Why sixteen weeks ahead? The number of weeks isn’t as important as the thinking behind it. For me, that’s after my speaking schedule is locked in — but, importantly, before anything else is. That’s a magic moment in my schedule. It’s the perfect time to plant the Untouchable Day flag before anything else can claim that spot.


Not sure this works for those who aren’t authors who aren’t obliged to go to meetings and offices, but included just in case you’re looking for a new way to make your boss say “You’re WHAT?”
link to this extract

Police chief said Uber victim “came from the shadows”; don’t believe it • Ars Technica

Timothy B. Lee:


In this nighttime video, posted to YouTube by Brian Kaufman on Wednesday, the scene of the crash can be seen around 0:33. Features at the sides of the road—including curbs, signs, and bushes—are clearly visible. No pedestrians walk into the road during the video, but it seems clear that Herzberg would have been visible much earlier if the Uber video had been taken with this camera.

Mill Ave. at night.
Another YouTuber, Dana Black, posted this video. His camera work isn’t as good as Kaufman’s—the video is blurry and he doesn’t hold his camera steady. But his video supports the same basic conclusion. “It’s not as dark as that video made it look,” Black says in the video as he drives past the point in the road where Herzberg was hit (around 0:33). “My footage is from my Pixel XL and looks pretty similar to real life,” he writes in the YouTube description.

To be fair, there are a few other cars on the road in Black’s video, which might be adding some illumination. But Kaufman’s car appears to be the only vehicle on the road, and visibility is still much better than in Uber’s dashcam video.

It’s not surprising that the road was actually more brightly lit than the Uber video makes out. Think about it: the Uber car was going 38 miles per hour (61km/h), and people on pitch-black country roads drive faster than that all the time. That would be extremely reckless if—as the video implies—headlights can’t illuminate the road two seconds ahead at that speed.

The video implies that the Uber car’s headlights had a range under 110 feet (33 meters). For comparison, here’s a diagram from the Insurance Institute for Highway Safety showing headlight ratings for the car in question, a Volvo XC90:


IIHS shows the XC90 with a range just under 250 feet (76 meters) with “low beams” on. The car’s headlights are rated poorly by the IIHS compared with other cars on the market. Still, 250 feet is more than 4 seconds of illumination for a car driving 38 miles per hour. If the Uber car’s headlights really didn’t illuminate Herzberg until less than two seconds before the crash, there was something seriously wrong with them.


As I said previously, cameras don’t give you a good idea of how people see them, but the Uber dashcam really seems to be making it look a lot darker than it was. Uber doesn’t have an alibi.
link to this extract

Those eye-popping 6.5% to 29% NHS pay rises are a lie – and I can prove it •

Rachel Clarke is an NHS doctor, but used to be a journalist for ITV:


Pages 11-13 of the Framework Agreement purport to demonstrate, for each level of seniority of NHS staff, their “new” pay rise over three years. To expose the statistical sleights of hand deployed, take the example of staff on “point 24” of the payscale, screenshot below:

The total pay rise for a staff member on this point of the payscale would be, allegedly, 14.02% over three years. However, during that same three-year period, their pay would have risen anyway on the old payscale by 10.48% (from £29,626 to £32,731), as they received their annual incremental pay awards, reaching point “27” on the old payscale. In other words, their actual pay rise on the proposed new pay deal is a mere 3.54%, spread over three years.

That’s not even close to the promised minimum pay rise of 6.5%. It’s barely greater than 1% per annum.

Deploying the same simple arithmetic with the outlandish-sounding upper limit pay rises reveals, again, the dishonesty of the government’s figures. Let’s look at that alleged 29% pay rise. Here are those lucky individuals, on point “26” of the payscale:

But, once you deduct the increase in salary these staff members would have received anyway on the old payscale (from £31,696 to £35,577 = 12.24%), you find the headline figure of 29% shrinks down to an actual pay rise of 16.8%.

In short, the government – and the 13 unions who have agreed to sign up to these bogus figures, with the notable exception of the GMB – have misled NHS staff into thinking their pay rises over the next three years are vastly greater than they actually will be.


How surprising that the government would misrepresent a pay award in a way that favours it. Meanwhile I highly recommend Clarke’s book “Your Life In My Hands“.
link to this extract

This startup is using blockchain to fight art forgers • Bloomberg

Vivianne Rodrigues and Rob Urban:


Contemporary artist Philip Colbert, whose colorful, high-spirited art is finding buyers around the world, had been toying with the idea of creating his own catalog system to prove the authenticity of his expanding body of work.

“I had a dealer in Japan who had been telling me I needed to have better forms of certification for my artwork, because people are buying art as an investment,” said the British artist, who appropriates pop culture images in his paintings, fashion and furniture. “Art is a currency in a way; at the end of the day when they come to auction, the provenance is a very important element of their value.”

Then he met Rob Norton, the founder of Verisart, a U.S.-based startup that’s using blockchain, the ledger technology underlying Bitcoin, to verify the authenticity of artwork. It’s a problem as old as art itself, said Norton, and artists have long been unreliable when it comes to documenting their own work. As far back as the 17th century, Rembrandt’s dealer complained of his client’s poor record-keeping, Norton said.

Blockchain creates an immutable, traceable record of every transaction, whether it’s art changing hands or Bitcoin. Widespread adoption of the technology could give a boost to the market for art online, which has yet to explode…

…Colbert’s certificates, for example, contain small reproductions of the piece itself called “image hashes,” along with all of the relevant information about its creation, ownership and movement, such as whether it was part of an exhibition. He’ll have a show in Tokyo in September and Beijing next February.

Since Verisart uses the unaltered Bitcoin blockchain rather than a customized version, one risk may be that their effort can be easily replicated, since it brings little in the way of new technology. Some collectors, particularly those who buy and sell privately may also be reluctant to share their information in such a public way.

“The blockchain is a more efficient method of verification,” Colbert said. “You’re not worried about the authentic value of your work, because it’s all about locking down the time and place. Then all those fakes aren’t doing you any damage. All those fake Mona Lisas don’t do the Mona Lisa any harm.”


But how do you know that the image of the original thing that you hashed is authentic? Art faking often starts right at the point where the art enters the system. The first buyer thought it was a Monet; turns out it was a fake all along. Now do you do to the blockchain entry?
link to this extract

Errata, corrigenda and ai no corrida: none notified

1 thought on “Start Up (holiday bonus): Facebook redux, what the Uber car should have seen, the fake NHS pay rise, and more

  1. I’m not clear on what, exactly, is being proposed by the various players for blockchain and art. Obvious it won’t help if someone claims to have found a long-lost Rembrandt in a thrift shop. But even if the idea is forward looking – “The original Arthur paintings were thought lost forever after the Brexit War, but a cleaning-drone operator is said to have discovered them in an unexplored sub-basement of the Trump Bunker” – there’s still problems. How to tell that a possibly forged object matches the recorded data? If all that’s recorded is just ownership type information, that’s not much of a help. However, the hashing itself has an issue. Can any sort of feature extraction be made loose enough to match on various angles, lighting changes, color shifts due to natural aging, even possible damage – yet still detect a forgery? Those constraints would seem to require much more data than a mere hash. I’m not an expert, but my impression is that art forgers invent stories for filling-in a gap in the records anyway, at least at high levels.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.