Start Up: FBI zaps Russian botnet, don’t listen Alexa!, the quiet location scandal, a fresh dating site hell, and more

An Uber self-driving car: its emergency response isn’t ideal. Photo by zombieite on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Non-negotiable, but call me to check. I’m @charlesarthur on Twitter. Observations and links welcome.

Cyberwars small A reminder: you can buy my book Cyber Wars, published in the UK and due out in the US later this week. It investigates hacking incidents such as the Sony Pictures hack, the TalkTalk hack, ransomware, the Mirai IoT botnet, the TJX hack, and more. It looks at how the people in those organisations responded to the hacks – and takes a look at what future hacks might look like.

“A terrifying analysis of the dark cyber underworld.” – Aleks Krotoski

Buy it via Amazon UK (Kindle or paperback)

Buy it via Amazon US (Kindle or paperback)

Exclusive: FBI seizes control of Russian botnet • Daily Beast

Kevin Poulsen:


FBI agents armed with a court order have seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers, The Daily Beast has learned. The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow’s ability to reinfect its targets.

The FBI counter-operation goes after  “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim’s Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The FBI has been investigating the botnet since at least August, according to court records, when agents in Pittsburgh interviewed a local resident whose home router had been infected with the Russian malware. “She voluntarily relinquished her router to the agents,” wrote FBI agent Michael McKeown, in an affidavit filed in federal court. “In addition, the victim allowed the FBI to utilize a network tap on her home network that allowed the FBI to observe the network traffic leaving the home router.”


That was quick.
link to this extract

The LocationSmart scandal is bigger than Cambridge Analytica. Here’s why no one is talking about it • Slate

Will Oremus:


Motherboard reported last week that Securus had been hacked, with the credentials of 2,800 authorized users stolen, most or all of them presumably working in law enforcement or at prisons. (Securus’ main business involves helping prisons crack down on inmates’ cellphone use.) It’s a safe bet that some of those users had access to the same location-tracking tools that the Missouri sheriff abused.

So how was Securus getting all that data on the locations of mobile-phone users across the country? We learned more last week, when ZDNet confirmed that one key intermediary was a firm called LocationSmart. The big U.S. wireless carriers—AT&T, Verizon, Sprint, and T-Mobile—were all working with LocationSmart, sending their users’ location data to the firm so that it could triangulate their whereabouts more precisely using multiple providers’ cell towers. It seems no one can opt out of this form of tracking, because the carriers rely on it to provide their service.

It gets worse. A Carnegie Mellon researcher poking around on LocationSmart’s website found that he could use a free trial service to instantly pinpoint the location of, well, just about anyone with a mobile phone and wireless service from one of those major carriers. He did this without any permission or credentials, let alone a warrant.


And why is it not a big story? Oremus thinks because it’s not about Trump getting elected, unlike the Cambridge Analytica story. I disagree: I think it’s because we’re so used to tracking each other that it has become ordinary. What isn’t ordinary – with the Cambridge Analytica story – is foreign interference and dark media aimed at changing peoples’ minds.
link to this extract

Pray for the souls of the people sucked into this dating site hell • Gizmodo

Kashmir Hill:


Earlier this year, the media got very excited about, a site for the pro-Donald set that promised to “make dating great again.” Much of the media coverage was critical: The site only allowed users to conduct heterosexual searches; the male-half of the couple originally featured on the homepage had a child sex conviction; and its creator didn’t seem to actually exist.

Despite all this, the site attracted over 250,000 members, according to its media liaison, Sean McGrossler. He told me over email that 15% of those members paid for accounts, starting at $24.99 per month, which would mean the site has made a not immodest $1m over the last few months.

Perhaps it’s no surprise, then, that launched weeks later. It got its own round of news articles, despite being founded by a “political startup” called the “American Liberal Council” that only seems to exist on Facebook, where it mostly posts liberal memes in the style of a Russian misinformation account. (The account hasn’t posted since March and did not respond to messages.)

Intrigued by the attention these sites were getting, Alexandra Mateescu, a researcher at Data & Society Research Institute, decided to sign up, not to date a political partisan but to see who was actually on the sites. When she began looking for single men in New York City, where she lives, the results immediately struck her as odd. According to the site, there were lots of Trump supporters in her liberal hometown, and they were racially and ethnically diverse, which surprised her. Few of them referred to Trump in their profiles, though, which seemed strange given the site they’d joined. She wanted to find out more about these people, but she couldn’t message them without purchasing a membership, which she didn’t want to do, so she and a few friends tried to find the members elsewhere on the web, by using a tried-and-true method of many an online dater: reverse image-searching profile photos to see where else they appeared.

This led Mateescu to people who were not the ones described in the profiles.


It turns out both sites used a “turnkey dating solution” which claims to do dating sites for “almost any niche”. (She tried but was blocked from doing one for journalists.) It all looks reaallly sketchy.
link to this extract

What happened to Velib, Paris’s glitchy bikeshare system? • CityLab

Feargus O’Sullivan:


The problems started last May, when management for the Velib system was taken over by a new contractor that, in a classic burst of nonsensical Franglais, goes by the name Smovengo. As part of an ambitious new upgrade, Smovengo promised that a third of the 14,000-plus fleet of bikes would be battery assisted e-bikes, forming part of a new more online-and-app-friendly fleet that would make managing and using the system more streamlined. This move required a complete overhaul of the network’s 1,200-plus docking stations. That’s where things went pear shaped. By the end of last summer, only half the replacement docks had been created, with those left unfinished creating ramshackle mini-eyesores across the French capital.

Those that have actually come into service, meanwhile, have been glitchy in the extreme. Some have electricity supply problems that have required contractors to temporarily wire up the stations to batteries. These not uncommonly run out of juice, meaning that many bikes are blocked for use by afternoon. To cap it all, Velib employees went on strike last month, frustrated by a decline in working conditions and benefits since Smovengo took over the Velib concession from previous operator JCDecaux.

With functioning docks scarce, the number of Velib subscribers plummeted from 290,000 to 190,000. The number of daily shares dropped by April to just 10,000 daily—from an all-time high of 100,000 daily. For the world’s first large-scale bikeshare service, this was quite a tumble. The free bike plan is thus less a bold move to fully liberate the system than an effort to mollify frustrated customers. If the problems continue into June, the free bike offer will continue into the summer.


A sign of the times that a bike sharing scheme going wrong becomes important.
link to this extract

Look (what you made me do): I illustrated 10 of my professional sins • Medium

Xaquín González Veira:


The #distractedBoyfriend meme was such a low hanging fruit. I wasn’t expecting the 3.5K likes. I can’t handle the fame.

So, I decided to really exhaust the meme by doing enough infographic-related variations that nobody in their right mind would want to be this silly again. I’m doing the industry a favor.


Such as this splendid one:
link to this extract

Preliminary report released for crash involving pedestrian, Uber Technologies test vehicle • NTSB


The report states data obtained from the self-driving system shows the system first registered radar and LIDAR observations of the pedestrian about six seconds before impact, when the vehicle was traveling 43 mph. As the vehicle and pedestrian paths converged, the self-driving system software classified the pedestrian as an unknown object, as a vehicle, and then as a bicycle with varying expectations of future travel path. At 1.3 seconds before impact, the self-driving system determined that emergency braking was needed to mitigate a collision. According to Uber emergency braking maneuvers are not enabled while the vehicle is under computer control to reduce the potential for erratic vehicle behavior. The vehicle operator is relied on to intervene and take action. The system is not designed to alert the operator.

In the report the NTSB said the self-driving system data showed the vehicle operator engaged the steering wheel less than a second before impact and began braking less than a second after impact. The vehicle operator said in an NTSB interview that she had been monitoring the self-driving interface and that while her personal and business phones were in the vehicle neither were in use until after the crash.

All aspects of the self-driving system were operating normally at the time of the crash, and there were no faults or diagnostic messages.


It doesn’t do emergency braking when it’s under computer control, but it doesn’t alert the “driver” either. That’s all sorts of wrong. It’s a pity that someone had to die for this huge error to become apparent.
link to this extract

Four serious questions about Elon Musk’s silly credibility score • Poynter

Alexios Mantzarlis:


Musk’s suggestion of a “credibility score” is worth discussing because building one is actually a pretty popular idea — especially among Silicon Valley types.

Some, like the Credibility Coalition, are trying to frame the problem thoughtfully, but most are imbued with the same techno-utopianism that has defined Musk’s public persona. In the past few months alone I received at least four different pitches for a system that uses artificial intelligence (of course) to rate the credibility of the entire internet.

The vision that one easy hack can fix media bias and massive online misinformation is pervasive among certain quarters. But it’s fatally flawed.

Other well-heeled journalism projects have promised to upend fact-checking by either injecting the crowd in it (WikiTribune) or developing a universal credibility score (NewsGuard). In WikiTribune’s case, the jury is still out, but the fact-checking work to date hardly seems paradigm-shifting. NewsGuard has raised $6m but has yet to launch.

Still, it’s clear that the status quo needs reform. Fact-checking might need to be blown up and reinvented. So rather than dunk on Musk, we should debate the underlying challenges of a genuine credibility score for the internet.


He goes through this effectively. There’s no way of doing this.
link to this extract

Woman says her Amazon device recorded private conversation, sent it out to random contact • KIRO-TV

Gary Horcher:


Every room in her family home was wired with the Amazon devices to control her home’s heat, lights and security system.

But Danielle [who declined to give her last name] said two weeks ago their love for Alexa changed with an alarming phone call. “The person on the other line said, ‘unplug your Alexa devices right now,'” she said. “‘You’re being hacked.'”

That person was one of her husband’s employees, calling from Seattle.

“We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house,” she said. “At first, my husband was, like, ‘no you didn’t!’ And the (recipient of the message) said ‘You sat there talking about hardwood floors.’ And we said, ‘oh gosh, you really did hear us.'” Danielle listened to the conversation when it was sent back to her, and she couldn’t believe someone 176 miles away heard it too.

“I felt invaded,” she said. “A total privacy invasion. Immediately I said, ‘I’m never plugging that device in again, because I can’t trust it.'” Danielle says she unplugged all the devices, and she repeatedly called Amazon. She says an Alexa engineer investigated.

“They said ‘our engineers went through your logs, and they saw exactly what you told us, they saw exactly what you said happened, and we’re sorry.’ He apologized like 15 times in a matter of 30 minutes and he said we really appreciate you bringing this to our attention, this is something we need to fix!”


Amazon later confirmed that this happened. But how? Unclear.
link to this extract

Wearables market up 35% in Q1 2018 as Apple and Xiaomi maintain lead • Canalys


Apple Watch shipments stabilized after a record quarter for the company and it matched its Q1 2017 number. “Key to Apple’s success with its latest Apple Watch Series 3 is the number of LTE-enabled watches it has been able to push into the hands of consumers,” said Canalys Senior Analyst Jason Low. “Operators welcome the additional revenue from device sales and the added subscription revenue for data on the Apple Watch, and the list of operators that sell the LTE Apple Watch worldwide is increasing each month.” Apple represents 59% of the total cellular-enabled smartwatch market. “While the Apple ecosystem has a strong LTE watch offering, the lack of a similar product in the Android ecosystem is glaring. If Google decides to pursue the opportunity with a rumored Pixel Watch, it would jump-start much needed competition in this space.”

Garmin is now the second largest smartwatch vendor after Apple, with 1 million smartwatches shipped in the last quarter. “Garmin’s transition to smartwatches has been swift as it focuses its GPS expertise on catering to endurance athletes and outdoor enthusiasts,” said Vincent Thielke, Research Analyst at Canalys. “It brought much needed improvements by adding features such as Garmin Pay to the Forerunner and vívoactive series, and now offers onboard music storage on the latest Forerunner 645.


Very weird to still be mixing fitness bands with smartwatches. They’re really not comparable. And the WearOS space looks more and more anaemic.
link to this extract

StumbleUpon is calling it quits after 16 years • The Next Web

Abhimanyu Ghoshal:


I fondly remember the StumbleUpon browser button: one click, and you were instantly transported to a randomly selected webpage from its vast database, with an almost certain guarantee of spotting something of interest. The company, which was once owned by eBay, gave birth to (and eventually sunsetted) an excellent video discovery tool called 5by, and had once surpassed Facebook as the #1 source of social media traffic in the US back in 2011.

But that was then, and this is now, when ‘random’ isn’t good enough, and even our ‘serendipitous’ content discoveries are closely connected to our interests, thanks to cookies that follow us around, platforms that task us with tagging all the things online, and clever algorithms that learn what we’re into.

Garrett Camp, the founder of StumbleUpon, wants fans to transition over to his other project, Mix, which he began building back in October 2015, as something like Pinterest for content.

It works well enough when you tell the site what you like – but after spending several minutes on there, I can tell you that it doesn’t quite recreate the magic of the SU button.


I never used StumbleUpon, though the death of a little bit of serendipity is always sad. Garrett Camp, who devised it, writes on Medium that “we’ve learned from SU that while simplicity and serendipity is important, so is enabling contextual curation (ie. ‘cool space photos’) instead of just clicking ‘I like it’.”
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: ZTE counts the cost, cutting the wrong red tape, the Apple news ecosystem, Uber drives out of Arizona, and more

Hey mum, why is your smartphone more interesting than me? Photo by Marco Djallo on Flickr.

A selection of 11 links for you. Not in binary. I’m @charlesarthur on Twitter. Observations and links welcome. But first this message!

Cyberwars small A reminder: you can buy my book Cyber Wars, published in the UK and due out in the US later this week. It investigates hacking incidents such as the Sony Pictures hack, the TalkTalk hack, ransomware, the Mirai IoT botnet, the TJX hack, and more. It looks at how the people in those organisations responded to the hacks – and takes a look at what future hacks might look like.

“A terrifying analysis of the dark cyber underworld.” – Aleks Krotoski

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

ZTE estimates at least $3bn in losses from US ban • Bloomberg


ZTE Corp. is estimating losses of at least 20bn yuan ($3.1bn) from a US technology ban that’s halted major operations as clients pull out of deals and expenses mount, people familiar with the matter said.

The telecoms gear and smartphone maker however is hopeful of striking a deal soon and already has a plan in place – dubbed “T0” – to swing idled factories into action within hours once Washington agrees to lift its seven-year moratorium on purchases of American chips and components, said the people, who asked not to be identified talking about private negotiations. The company declined to comment.

Shenzhen, China-based ZTE depends on US components, such as chips from Qualcomm, to build its smartphones and networking gear. The ban, for breaching terms of a settlement over sanction-breaking sales to Iran, has all but mothballed China’s second-largest telecoms gear maker and become entangled in a trade dispute between the world’s two largest economies. On Tuesday, President Donald Trump said he’s reconsidering US penalties as a favor to Chinese President Xi Jinping and may instead fine the company more than $1bn.

The US action has spooked potential clients during the crucial first-half IT spending season and even prompted some to renege on agreed deals, the people said. ZTE’s shelling out an estimated 80m to 100m yuan in daily operational expenses alone while most of its 75,000 employees sit idle, the people said.


Meanwhile, the US Congress has blocked any move to let ZTE back in. The limbo continues; the losses so far wipe out ZTE’s net income over the past 12 years.

link to this extract

Republicans can’t even cut red tape correctly • The New York Times

Brink Lindsey and Steven Teles:


there are huge opportunities for growth that are being hamstrung by rules that protect existing companies at the expense of new ones. A bonfire of regulations like this would be entirely wholesome for the American economy and also help to eat away at some of the hyper-inequality that is generated by these forms of crony capitalism.

Unfortunately, this is not the kind of regulation that the Trump administration has been attacking. Instead, it has been sharpening its knives for precisely the kinds of regulation that, far from distorting markets, help to improve them. In particular, regulation is often necessary to a properly functioning market when, in its absence, businesses can make a profit by pushing costs onto others, in effect forcing others to subsidize their bottom line. In two areas, the environment and finance, these are exactly the sorts of market-improving regulation that the administration has put in its cross hairs, with the effect of increasing profits via freeloading.

The classical justification for environmental regulation is that without properly designed rules, businesses do not have to pay the true costs of their economic activity (what economists call “externalities”). If a company was making money by parking vehicles in all our driveways without paying, it would be obvious, and individuals would have a remedy in the form of trespass laws. But the costs that companies generate through pollution are widespread and hard to trace. Environmental regulations, by making companies absorb the costs they would otherwise impose on the rest of us, reduce market-distorting subsidies to polluters.

One recent example of wrongheaded deregulation is the Bureau of Land Management’s proposed loosening of Obama-era rules on methane leaks from oil pipelines. Methane is a particularly nasty contributor to global warming, but pipeline companies have insufficient incentives to prevent leaks adequately. Without regulation, their profitable move is to pad their bottom lines at the expense of the global climate. In this case, deregulation is just another word for the protection of ill-gotten gains.


This has been the Trump admin all over: protect existing companies and strip the wrong regulations away. Coal, environment, solar – the moves have all been retrograde.
link to this extract

I wish mum’s phone was never invented • BBC News

Georgina Rannard:


What if children told you exactly how your WhatsApping, Instagramming, emailing and news-reading makes them feel?

“I hate my mum’s phone and I wish she never had one,” is what one primary school child wrote in a class assignment.

American school teacher Jen Adams Beason posted the comment on Facebook, and revealed that four out of 21 of her students said they wished mobile phones had never been invented…

…”I would say that I don’t like the phone,” one child wrote.

“I don’t like the phone because my parents are on their phone every day. A phone is sometimes a really bad habit.” The student completed the work with a drawing of a mobile phone with a cross through it and a large sad face saying “I hate it”.


I often wonder what babies think of their mothers’ indifference as they are being walked around in prams or in shops or anywhere. There’s a whole generation growing up being ignored.
link to this extract

‘A fun adventure, not a business’: The Weather Channel stopped publishing video on Facebook • Digiday

Sahil Patel:


The Weather Channel is no longer publishing videos to Facebook.

“[Facebook video] hasn’t been beneficial,” said Neil Katz, global head of content and engagement at The Weather Channel, during a speech at the Digiday Video Summit in Scottsdale, Arizona. “It has been good for Facebook, but it hasn’t been good for us.”

Over the past few years, The Weather Channel built up a network of six pages on Facebook that grew to 500 million video views per month by last May, according to Katz. (For comparison, The Weather Channel’s main page was down to 1.8 million views on Facebook in April, according to Tubular Labs.) The Weather Channel’s Facebook presence included its main page as well as “weather-adjacent” science, nature and travel verticals such as Rockets Are Cool, Crazimals and United States of Awesome.

“We went along for the ride every single step of the way,” Katz said. “But we noticed, over the course of two years, that we were being paid in all types of currencies — followers, shares, views — that did not feel like money.”


Such old thinking. Then again, looks like it’s time for the pivot away from video. Where now?
link to this extract

Hackers infect over 500,000 routers with potential to cut off internet • CNET

Alfred Ng:


More than half a million routers and network devices in 54 countries have been infected with sophisticated malware, researchers from Cisco’s Talos Intelligence Group warn.

The malware, which the security researchers are calling VPNFilter, contains a killswitch for routers, can steal logins and passwords and can monitor industrial control systems. 

An attack would have the potential to cut off internet access for all the devices, William Largent, a researcher with Talos, said Wednesday in a blog post

Attacks on routers hit a sensitive spot not only because they can halt internet access, but because hackers can use the malware to monitor web activity, including password use. In April, US and UK officials warned about Russian hackers targeting millions of routers around the world, with plans to carry out massive attacks leveraging the devices. In that announcement, the FBI called routers a “tremendous weapon in the hands of an adversary.”

“Quite anything is possible, this attack basically sets up a hidden network to allow an actor to attack the world from a stance that makes attribution quite difficult,” Craig Williams, Talos’ director, said in an email.  


At any given time, there are huge botnets built around devices which people don’t normally interact with directly. Routers sometimes, video recorders others. Even heat pumps.
link to this extract

The Apple Watch has found a surprisingly useful home with everyone that works on their feet • Quartz

Mike Murphy:


You might’ve noticed that the person who took your order at the bar, brought you the shoes you wanted to try on, or perhaps even patted you down at the airport security line, is sporting an Apple Watch, which starts at $329 for the newest Series 3 watch. And there’s a pretty simple explanation: Many service-industry jobs where employees have to be on their feet all day don’t allow workers to check their phones while they’re on the clock. But that rule doesn’t necessarily apply to a piece of unobtrusive jewelry that happens to let you text your friends and check the weather.

Quartz spoke with airline attendants, bartenders, waiters, baristas, shop owners, and (very politely) TSA employees who all said the same thing: The Apple Watch keeps them in touch when they can’t be on their phones at work. Apple has increasingly been pushing the watch as a health device, and seems to have moved away from marketing it as one that offers more basic utility, as Apple continues do with the iPhone. But given that roughly 23% of the US labor force works in wholesale or retail operations, perhaps it’s a market Apple should reconsider.


I don’t think Apple is “not considering” the market of people who aren’t meant to be standing around looking at their phones. Though it might consider some adverts targeting them.
link to this extract

Uber to close self-driving operations in Arizona after fatal crash • AZ Central

Ryan Randazzo:


Uber is shutting down its self-driving car tests in Arizona, where one of the cars was involved in a fatal crash with a pedestrian in March, the company said Wednesday.

The company notified about 300 Arizona workers in the self-driving program that they were being terminated just before 9a.m. Wednesday. The shutdown should take several weeks.

Test drivers for the autonomous cars have not worked since the accident in Tempe, but Uber said they continued to be paid. The company’s self-driving trucks have also been shelved since the accident.

Uber plans to restart testing self-driving cars in Pittsburgh once federal investigators conclude their inquiry into the Tempe crash. The company also said it is having discussions with California leaders to restart testing.

Uber has engineering hubs in Pittsburgh and San Francisco, and the company said it is easier to test vehicles near those workers. Engineers from those hubs frequently traveled to Arizona to work on the testing project here.


That’s pretty harsh on the 300 workers. Here one day, gone the next.
link to this extract

Above Avalon subscriptions turn three • Above Avalon

Neil Cybart, whose $100/year 4x/week newsletter is entering its fourth year, looks at what is changing in the Apple coverage space:


Apple rumor / scoop industry has dried up and consolidated. Ten years ago, there were a number of news publications that were in a legitimate position to break the next Apple scoop (some of which were likely controlled leaks from Apple). Today, there are only two or three sites that even publish Apple scoops. The consolidation in Apple scoops has been driven by Apple ramping up the amount of secrecy regarding unannounced projects. In addition, Apple “scoops” have increasingly come from research firms paying for confidential information coming out of Apple’s supply chain. One byproduct of this rumor consolidation has been a relatively high degree of turnover among Apple reporters.

Ad-supported business models are struggling. It is becoming more difficult to find ad-supported business models on the web. While there are likely a few reasons for this change, one includes ad dollars being funneled away from blogs and into podcasts and videos. This explains what appears to be an exodus of resources away from written blogs and into podcasts and video-focused efforts. Unfortunately, my suspicion is this won’t end well for many as increased competition in the podcast and video space will tend to push sponsors to those with the largest followings. Such an environment would make it increasingly difficult for independent ventures to find sustainability by chasing scale.

Paid news sites boost independents. Most news publications have embraced paid subscriptions as another way of boosting revenues. While a paid subscription to a multinational news organization may make sense for many readers, the value / price tradeoff becomes murky for readers interested in specific topics and niches. For example, the average news publications will only write about Apple once a week (if that much). This environment provides an even greater amount of oxygen to independent sites that can give the time and attention to niche subjects.

Donation / support route isn’t promising. The transition from ad-supported business models to subscription-based models hasn’t been easy for many independent sites. Going from a scenario in which all content was public to one in which only a fraction of content is public can be jarring. Most sites have handled this transition by keeping content free and instead giving paid subscribers a very marginal amount of exclusive content. In essence, sites are treating subscriptions and memberships like donations. This is not sustainable for, or attractive to, subscription-based models.


That point about ad-supported models is one to note. If GDPR does scare away ad-tech companies in Europe, that is going to lead to some substantial concentration.
link to this extract

YouTube Music is great for record labels, but bad for music lovers • WIRED UK

Katia Moskvitch:


Facebook doesn’t have a good enforcement technology yet, he adds, but “is about to become a major player”. Apple Music and Spotify together count 125 million subscribers – although they are mere bit players considering the success of YouTube. Google’s baby now sports more than 1.8 billion users every month, not least thanks to the fact that it is free – not just for consumers, but also the artists themselves. “It’s the number one place where artists get discovered and hits are made,” says [MIDiA Research analyst Mark] Mulligan, and “that’s true for every single market”.

The success, however, does not translate into massive payments to the music industry. YouTube labels itself as a platform, not a music distributor, and as a result gets away with sharing less of its profits. Because of its dominance, YouTube pushes down the profits for the music industry as a whole, claims a recent study commissioned by the International Confederation of Authors and Composers Societies (CISAC), a body representing royalty-collecting societies around the world.

The launch of YouTube Music will not be a game changer, though. Mulligan believes that the subscription-based service is “not quite a sop to the record labels, but it’s not far off”. Google simply wants to show “that it’s a good partner to the record labels… rather than needing to be in the premium business”.

Profit margins are further under pressure because of the deep fragmentation of the distribution end of the music industry. Spotify, YouTube and Apple may be digital giants, but they are jostling for space with many smaller local music streaming services around the world, plus thousands of terrestrial and digital radio and TV networks.


link to this extract

Google beats Amazon to first place in smart speaker market • Canalys


Smart speakers continue to be the world’s fastest-growing consumer technology segment, with year-on-year growth in Q1 2018 of 210% as shipments reached 9m units. Google took the top spot, beating Amazon for the first time, shipping 3.2m of its Google Home and Home Mini devices, against the 2.5m Echo devices shipped by Amazon. The US market share fell below 50% for the first time, partly due to Google and Amazon’s focus on expanding beyond their home markets, but also because of the increased traction that the technology is seeing with new vendors in markets such as China and South Korea.

Vendors shipped 1.8m smart speakers into the channel in Q1 2018 in China, while Korea overtook the UK to become the third largest market with 730,000 shipments.

Alibaba finished third overall and retained its number one position in China with 1.1 million Tmall Genie speaker shipments in Q1 2018… China’s smart speaker market is growing, with shipments up sequentially by more than 60%. Xiaomi, whose main business is selling smartphones, shipped over 600,000 of its Xiao AI speakers to China in Q1, coming a distant second after Alibaba’s Tmall Genie. “Awareness of smart speakers and their uses is growing steadily among Chinese consumers. But competition is building quickly for Alibaba, as IPO-hopeful Xiaomi takes to the smart speaker segment with much vigor in 2018.”


Apple’s HomePod went on sale in February; doesn’t make the top five on Canalys’s reckoning. Strategy Analytics, another research company, has its own analysis which gives Amazon 4m, Google. 2.4m, Alibaba 0.7m and Apple 0.6m. Neil Cybart, of Above Avalon, reckons Apple sold between 0.5m and 1.0m HomePods.

So one has Google on top and Apple nowhere, another has Amazon on top and Apple somewhere. Be lovely if these companies provided some clear figures sometime.
link to this extract

Environmentalists criticize Xiaomi ahead of billion-dollar IPO • Sixth Tone

Sixth Tone:


Two environmental groups are accusing Xiaomi of poor oversight of its supply chain after the Chinese tech giant earlier this month filed for an IPO with the Hong Kong Stock Exchange, according to a joint report released Tuesday.

On May 12, the environmentalists found that a Jiangsu factory which manufactures components for Xiaomi was discharging copper-contaminated wastewater into a nearby river. According to the report, coauthored by the Institute of Public and Environmental Affairs (IPE) and the Lüse Jiangnan Public Environment Concerned Center (PECC), tests conducted on May 12 confirmed the contamination.

The factory, owned by Taiwan-headquartered Ichia Technologies, had previously been fined 117,000 yuan ($18,000) by the provincial environmental bureau in March for the same offense. Sixth Tone’s calls to the factory went unanswered on Tuesday.

The report also accuses four other companies said to manufacture screens, casings, and other parts for Xiaomi cellphones of having past environmental violations.

On May 3, Xiaomi filed for an IPO on the Hong Kong Stock Exchange, aiming for a $100 billion valuation that would make it the largest listing of the year. But the environmental groups say that the tech company did not disclose the supply chain environmental lapses in its prospectus — contravening the exchange’s full disclosure requirement.

When reached by phone on Tuesday, a Xiaomi PR representative told Sixth Tone that he was not at liberty to comment, as the company was still ascertaining the situation.


By “still ascertaining the situation” the spokesman meant “still ignoring the situation, which has been brought to Xiaomi’s notice multiple times over multiple suppliers in the past four years”.

But nobody much cares about environmental responsibility, unless it offers a chance to bash Apple.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: US phone slump, make a faster MacBook, Trump’s phone (in)security, Yelp v Google (again), and more

If you wanted headphones, why get them on a crowdfunding site? Photo by Lubomir Panak on Flickr.

Cyberwars small A reminder: you can buy my book Cyber Wars, published in the UK and due out in the US later this week. It investigates hacking incidents such as the Sony Pictures hack, the TalkTalk hack, ransomware, the Mirai IoT botnet, the TJX hack, and more. It looks at how the people in those organisations responded to the hacks – and takes a look at what future hacks might look like.

“A terrifying analysis of the dark cyber underworld.” – Aleks Krotoski

A selection of 11 links for you. A real news source! I’m @charlesarthur on Twitter. Observations and links welcome.

‘Too inconvenient’: Trump goes rogue on phone security • POLITICO

Eliana Johnson, Emily Stephenson and Daniel Lippman:


The president, who relies on cellphones to reach his friends and millions of Twitter followers, has rebuffed staff efforts to strengthen security around his phone use, according to the administration officials.

The president uses at least two iPhones, according to one of the officials. The phones — one capable only of making calls, the other equipped only with the Twitter app and preloaded with a handful of news sites — are issued by White House Information Technology and the White House Communications Agency, an office staffed by military personnel that oversees White House telecommunications.

While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was “too inconvenient,” the same administration official said.

The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump’s call-capable phones, which are essentially used as burner phones, are swapped out.

President Barack Obama handed over his White House phones every 30 days to be examined by telecommunications staffers for hacking and other suspicious activity, according to an Obama administration official.

The White House declined to comment for this story, but a senior West Wing official said the call-capable phones “are seamlessly swapped out on a regular basis through routine support operations. Because of the security controls of the Twitter phone and the Twitter account, it does not necessitate regular change-out.”


Security experts reckon that for sure those are hacked by now. Trump’s number is not secret to those who want to know it. The model of phone is known. There are exploits. What’s stopping them?
link to this extract

North Korea targeting defectors with Android malware attacks • ExtremeTech

Ryan Whitwam:


North Korea has been caught tinkering with Android malware again, but this time it’s using both Facebook and Google Play to target North Korean defectors living in South Korea.

According to McAfee, North Korea’s Sun Team hackers perpetrated the attack over the last several months. They likely infected around 100 targets, which isn’t a huge number compared with most malware campaigns. However, these were all highly targeted infiltrations to gather intelligence on political opponents. There are currently around 30,000 North Korean defectors living in the south. 

The hackers used Facebook to distribute links to the malicious apps, focusing on populations and individuals who would have information about defectors. They created convincing fake profiles, often using images stolen from South Korean users as profile photos. Their posts asked the targets to download and test some Android apps hosted in the Play Store. These apps, however, were not what they appeared.

McAfee researchers found three apps uploaded by Sun Team hackers: 음식궁합 (Food Ingredients Info), Fast AppLock, and AppLockFree. All three were listed as “unreleased” in the Play Store, which kept them from garnering unwanted attention. The hackers only wanted to send specific targets to the listings. Upon installation, the apps would ask for access to contacts, SMS data, and local files before sending it all to the malware operators. This data could lead to more targets for future malware attacks, including both defectors and those who help them escape North Korea. McAfee tied the apps together as part of a single attack from the use of identical developer accounts, emails, and IP addresses.


A bit amateurish, that last bit.
link to this extract

Trump denies reaching deal with China on ZTE • The New York Times

Ana Swanson, Jim Tankersley and Raymond Zhong:


The fate of ZTE has quickly become a key sticking point in negotiations with China, with lawmakers and others concerned that the administration would ease restrictions on the company after Mr. Trump’s suggestion in a Twitter message on May 13 that he was working with China’s president, Xi Jinping, to give ZTE “a way to get back into business, fast.”

“Too many jobs in China lost. Commerce Department has been instructed to get it done!” Mr. Trump added in the tweet.

That statement, and reports that the administration had discussed easing the penalties during a visit by Chinese trade negotiators last week, have sparked a backlash from lawmakers across the political spectrum. On Tuesday, senators took steps to limit Mr. Trump’s ability to ease restrictions on ZTE, voting to approve an amendment to pending legislation that would block the president from pardoning the company without first confirming to Congress that it was no longer violating the law.

In a 23-2 vote, lawmakers approved the amendment, which will now be included in a bill related to foreign investment controls that was offered by Senator Chris Van Hollen, Democrat of Maryland. The amendment would require the president to certify that the company was no longer violating United States law, had not done so for a year and was fully cooperating with investigators before changing its penalties. The bill is expected to come to a vote this summer.

Senator Marco Rubio, a Florida Republican, blasted the idea of a deal with ZTE, saying on Twitter: “Here is #ZTE timeline: Violated U.S. sanction laws & got caught lying & covering up. Paid $1billion fine & agreed to discipline employees. But then lied again & instead of discipline gave those employees bonuses. Now we are offering same deal of fine & employee discipline?”


Thought exercise: same situation, but Obama (or Clinton) is president, and is negotiating with China about trade, including ZTE. What would s/he do differently? I suspect much would be the same – except for the tweets, which undermine the US’s position. Even so, it’s contradictory: ZTE broke sanctions on Iran. Which Trump doesn’t like.
link to this extract

Amazon teams up with law enforcement to deploy dangerous new face recognition technology • ACLU of Northern CA


Marketing materials and documents obtained by ACLU affiliates in three states reveal a product that can be readily used to violate civil liberties and civil rights. Powered by artificial intelligence, Rekognition can identify, track, and analyze people in real time and recognize up to 100 people in a single image. It can quickly scan information it collects against databases featuring tens of millions of faces, according to Amazon.

Amazon is marketing Rekognition for government surveillance. According to its marketing materials, it views deployment by law enforcement agencies as a “common use case” for this technology. Among other features, the company’s materials describe “person tracking” as an “easy and accurate” way to investigate and monitor people. Amazon says Rekognition can be used to identify “people of interest” raising the possibility that those labeled suspicious by governments — such as undocumented immigrants or Black activists — will be seen as fair game for Rekognition surveillance. It also says Rekognition can monitor “all faces in group photos, crowded events, and public places such as airports” — at a time when Americans are joining public protests at unprecedented levels.

Amazon’s Rekognition raises profound civil liberties and civil rights concerns. Today, the ACLU and a coalition of civil rights organizations demanded that Amazon stop allowing governments to use Rekognition.


I think this horse has long since left the stable. If not Amazon, then it will be Facebook; or a Chinese company; or someone else. We’re already in the age of facial recognition; it’s just going to get better.
link to this extract

10,200 people gave this Kickstarter start-up for 3-D headphones nearly $3m. They have nothing to show for it. • The Washington Post

Rachel Siegel:


In a letter to backers on its Kickstarter page, the tech company Ossic wrote that it was shutting down and would not deliver any remaining orders for Ossic X headphones. The company said it had explored other financing options over the past 18 months but would still need more than $2 million more to complete mass production.

Ossic’s flameout also highlighted the challenges faced by tech companies in mass producing innovative products — from robots to smartwatches to 3-D printers — through crowdfunding sources, even as experts say platforms such as Kickstarter can be effective tools for getting a company off the ground.

“Hardware is particularly seductive in a lot of ways,” said Ethan Mollick, professor of management at the University of Pennsylvania’s Wharton School. “[Backers] see an example of the thing, and it feels safer preordering. Those all come together to make these things seem easier than they might be.”

A video on Ossic’s Kickstarter page showed people testing out prototypes of what the company dubbed the “first 3D audio headphones.” The company told backers on Saturday that it had completed 250 of them and began deliveries to some Kickstarter backers. But as of Saturday, Ossic was out of money and shutting down “effective immediately.” It was unclear whether backers would be refunded.


Ossic said “OSSIC X is the world’s first headphone that instantly calibrates to your anatomy for the most accurate and immersive 3D audio”. This stuff is overplayed. (I got some nura headphones via Kickstarter. They’re ok, but too heavy to wear for any length of time, which is a drawback in headphones.) And honestly? You can buy good headphones anywhere. Avoid “stuff you can get elsewhere” on crowdfunding sites.
link to this extract

Yelp files new EU complaint against Google over search dominance

Rochelle Toplensky and Hannah Kuchler:


Yelp has filed a complaint with the EU’s antitrust watchdog against Google, arguing that the search company has abused its dominance in local search and pressuring Brussels to launch new charges against the tech giant.

European antitrust authorities fined Google €2.4bn in June 2017 for favouring its own shopping service over rival offerings in its search results. Google denied wrongdoing and has appealed that decision.

Now Yelp, which provides user ratings, reviews and other information about local businesses, wants Margrethe Vestager, the EU Competition Commissioner, to take action against Google for similar alleged abuse in the local search market, according to a copy of the complaint seen by the Financial Times…

…Yelp wrote the new complaint to make the case for local search services, arguing that Google is harming both competitors and consumers by giving preferred placement to its own offerings over rivals’. It said the search giant displays Google Local Search information at the top of the results page, while links to Yelp, TripAdvisor and other services are displayed further down, where they are rarely clicked.

The company is requesting quick action to remove the alleged favouritism, which could enable it to reopen its division in Europe.

Local search services were originally covered by a European antitrust probe launched in 2010, over how Google treated its own services in search results versus links to rivals. That investigation covered a number of specialist search services, including travel, local business and price comparison. But in 2015, Ms Vestager focused her charge sheet on price comparison services culminating in last summer’s fine.

Google declined to comment on the most recent complaint.


I don’t have much confidence that Vestager will act quickly on this. Not because she won’t think that it’s important or merited, but because her office is astonishingly slow to act. The fine over shopping was a start, but Google’s response has been to do exactly what complainants said would harm them, and Vestager hasn’t done a thing.
link to this extract

News Lit Quiz • News Literacy Project


Which is Legit?

Test your ability to recognize and distinguish “fake news” sites from those of legitimate, standards-based news organizations.


10 pairs of fake and real sources; a turn-based quiz. Dive in. As much as anything, reveals how important it is to be able to parse a URL.
link to this extract

Overall Q1 US smartphone sales dip 11% YoY, Apple grows a record 16% YoY • Counterpoint Research


Research Director Jeff Fieldhack said, “Dips in sales coming off a holiday period are to be expected, however there are several other factors that make this the weakest Q1 in recent years. For one, postpaid device promotions were not as enticing in the first quarter—most requiring a new line.  In addition, prepaid did not receive its usual February and Q1 bump as prepaid service promos cooled. The ramp-down of government subsidized ‘Lifeline’ programs have cut into prepaid device volumes. BYOD and refurbished devices also continue to impact new device sales.”

Exhibit 1: Monthly market pulse – OEM & market sales growth (YoY %) Trends

• Apple growth percentage is declining during launch periods. However, it has gained overall US market share because of its increasing installed base and B2B and prepaid channel improvements
• Samsung growth curve is slipping. There is increased difficulty maintaining momentum through product lifecycles
• During periods of prepaid [PAYG] weakness, ‘others’ performance declines. “Others” saw a drastic dip during the first quarter.
• The overall US market growth is on a downward slope outside of Apple launch periods.


Down to 38.7m in the first quarter; the first time it has been below 40m for three years. The peak has passed.
link to this extract

The Verge [cryptocurrency] hack, explained • The Abacus

Daniel Goldman on a cryptocurrency hack where a hacker began spoofing the time on “blocks”, suggesting they’d happened earlier than they had:


The algorithm that Verge [the crryptocurrency, unrelated to the tech news website] uses to calculate the current difficulty [of mining] is known as Dark Gravity Wave; it involves taking a weighted average of the rate of block confirmations over a moving two-hour window. It’s a bit complex, and the details don’t really matter here — what matters is this: mining difficulty is a function of recent block frequency, and running calculations on block frequency naturally involves looking at blocks’ timestamps.

And hence the problem: if enough faulty timestamps are getting created, all bets are off. And this is what the hacker did — examining the blockchain data reveals that throughout the duration of the hack(s), every other block was submitted with a timestamp roughly one hour before the present time, tragically confusing the protocol’s mining adjustment algorithm. If the protocol were sentient and fluent in English, it would be saying something like “Oh no! Not enough blocks have been submitted recently! Mining must be too difficult — let’s make it easier!” Since timestamps were continuously being spoofed, the protocol continuously lowered the difficulty, until mining got laughably easy. To give a general idea, the average difficulty in the hours before the initial attack was 1393093.39131, while during the attack, it got as low as 0.00024414, a decrease in difficulty of over 99.999999%. Lower difficulty in submitting a block means more blocks get submitted— in this case, roughly a block every second.
The cleverness of this attack is in how it circumvents the barrier of mining difficulty instead of attempting to burst through it. If the security provided by mining power is a gate surrounding the network — a gate that’s far too strong to break through and too high to climb over — this hack gets past it by finding a way to lower it so close to the ground that it can be stepped over.

If it isn’t already obvious, this is, in and of itself, bad news.


Yeah, it was obvious. It’s also obvious that there’s no obvious way to fix this (though it’s more complicated just than this; there’s also an algorithmic attack). Anyone determined enough can do the exact same hack again – though the hacker here clearly got a lot of ducks in a row.
link to this extract

The $299 Razer Core X is the cheapest way to give your MacBook the graphics card it deserves • BGR

Chris Mills:


The obvious solution [to the MacBook’s lack of graphics power] is to use an external graphics card, which is now feasible thanks to software changes in recent versions of macOS, and the magic of the Thunderbolt 3 connectors that are fast and flexible enough to allow for external graphics. Razer’s Core (and the newly updated Core V2) are some of the most popular enclosures around, but they don’t come cheap: the Core V2 is $499, and you still have to supply your own graphics card, which can be hundreds of dollars more. Luckily, there is now a cheaper way.

The Razer Core X is exactly the same concept as the Core V2 — a big box into which you can stuff your graphics card — but with a few key differences. Mostly, it’s $299 rather than $499, which makes it a much more palatable option as an accessory. There’s also a slightly more powerful 650W power supply and space for a bigger graphics card. Best of all, the Core X can supply 100W of power over the USB-C cable to a connected laptop, meaning one cable charges your laptop and connects you to the external graphics. The Core V2 supplied power as well, but that maxed out at 65W, below the 80-85W that some laptops require.

That said, you do lose something, specifically the USB-A and Ethernet ports that the Core V2 had.


That’s a graphics card which has a SIX HUNDRED AND FIFTY WATT power adapter. Run it for two hours and you’ve used more than a kilowatt. That’s crazy, given that the MacBook adapter is around 80W max. The tail is wagging the dog, power-wise. Although if you needed to edit video in specific locations, yet also wanted something light to take around, it could fit the bill.
link to this extract

A new look inside Theranos’ dysfunctional corporate culture • WIRED

John Carreyrou, with another extract from his book Bad Blood:


The biggest problem of all was the dysfunctional corporate culture in which it was being developed. [CEO and founder Elizabeth] Holmes and [COO Sunny] Balwani regarded anyone who raised a concern or an objection as a cynic and a nay-sayer. Employees who persisted in doing so were usually marginalized or fired, while sycophants were promoted.

Employees were Balwani’s minions. He expected them to be at his disposal at all hours of the day or night and on weekends. He checked the security logs every morning to see when they badged in and out. Every evening, around 7:30, he made a flyby of the engineering department to make sure people were still at their desks working.

With time, some employees grew less afraid of him and devised ways to manage him, as it dawned on them that they were dealing with an erratic man-child of limited intellect and an even more limited attention span. Arnav Khannah, a young mechanical engineer who worked on the miniLab, figured out a surefire way to get Balwani off his back: answer his emails with a reply longer than 500 words. That usually bought him several weeks of peace because Balwani simply didn’t have the patience to read long emails. Another strategy was to convene a biweekly meeting of his team and invite Balwani to attend. He might come to the first few, but he would eventually lose interest or forget to show up.

While Holmes was fast to catch on to engineering concepts, Balwani was often out of his depth during engineering discussions. To hide it, he had a habit of repeating technical terms he heard others using. During a meeting with Khannah’s team, he latched onto the term “end effector,” which signifies the claws at the end of a robotic arm. Except Balwani didn’t hear “end effector,” he heard “endofactor.” For the rest of the meeting, he kept referring to the fictional endofactors. At their next meeting with Balwani two weeks later, Khannah’s team brought a PowerPoint presentation titled “Endofactors Update.” As Khannah flashed it on a screen with a projector, the five members of his team stole furtive glances at one another, nervous that Balwani might become wise to the prank. But he didn’t bat an eye and the meeting proceeded without incident. After he left the room, they burst out laughing.


This is just the light relief, though; there’s plenty of refusal to engage with basic reality too.
link to this extract

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

Start Up: OnePlus 6 reviewed, Google used on Safari (again), getting the internet inside, MoviePass’s fatal flaw, and more

An octopus: visitor from an alien race? Photo by damn_unique on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Should have been eight, right? I’m @charlesarthur on Twitter. Observations and links welcome.

A controversial scientific study suggests octopuses came from outer space • Quartz

Ephrat Livni on a bizarre speculative paper published in “Progress in Biophysics and Molecular Biology”:


The octopus, for example, is traditionally considered to come from the nautiloid, having evolved about 500 million years ago. But that relationship doesn’t explain how these odd cephalopods got all their awesome characteristics or why octopuses are so very different, genetically speaking, from their alleged nautiloid ancestors. The paper states:


The genetic divergence of Octopus from its ancestral coleoid sub-class is very great … Its large brain and sophisticated nervous system, camera-like eyes, flexible bodies, instantaneous camouflage via the ability to switch color and shape are just a few of the striking features that appear suddenly on the evolutionary scene.


The transformative genes leading from the consensus ancestral nautilus to the common cuttlefish to squid to the common octopus can’t be found in any pre-existing life form, the authors say.

So far, so good. But then the paper gets highly speculative. The researchers continue, “It is plausible then to suggest they [octopuses] seem to be borrowed from a far distant ‘future’ in terms of terrestrial evolution, or more realistically from the cosmos at large.”


Nope. Nope nope nope. Though the signatories might be prestigious, this is not a “scientific study”; it’s a bit of handwaving. Just because you don’t know how the genes came to be present doesn’t mean that they’re alien, because they’re not. Or else everyone is alien, which gets us back to square one.
link to this extract

OnePlus 6 Review—A series of downgrades is saved by the low price • Ars Technica

Ron Amadeo:


The OnePlus 6 is a worse phone than the OnePlus 5T. The new SoC is nice, but other than that we get downgrades in the form of a higher price, a switch from metal to glass, and a smaller, harder-to-use fingerprint reader. I guess it speaks to just how good of a phone the OnePlus 5T was, then, that OnePlus can throw a round of downgrades at the design and still end up with a phone that can stand up to the competition. I feel like the company could have done a much better job than this, but at the end of the day the phone is still $300 cheaper than the competition for similar specs.

OnePlus is hesitant to stand behind its products with a solid support policy, which makes me just as hesitant to recommend them. The company won’t commit to a support timeframe for major OS updates, and it doesn’t provide consistent, stable monthly security updates. This is something you’d get from almost any other flagship phone manufacturer and something Nokia/HMD provides even on lower-end phones. If you’re the type that doesn’t mind getting your hands dirty and flashing OS upgrades yourself from a third-party, then OnePlus’ shaky support isn’t as much of a concern.

If the 6 was $800, it would be a completely forgettable, generic device, like the LG G7. It’s not $800, though; it’s way cheaper than that.


A weird idea: the new phone is a downgrade from the older, but cheaper. If OnePlus can make a profit this way, good luck to it.
link to this extract

Google sued for ‘clandestine tracking’ of 4.4m UK iPhone users’ browsing data • The Guardian


Google is being sued in the high court for as much as £3.2bn for the alleged “clandestine tracking and collation” of personal information from 4.4 million iPhone users in the UK.

The collective action is being led by former Which? director Richard Lloyd over claims Google bypassed the privacy settings of Apple’s Safari browser on iPhones between August 2011 and February 2012 in order to divide people into categories for advertisers.

At the opening of an expected two-day hearing in London on Monday, lawyers for Lloyd’s campaign group Google You Owe Us told the court information collected by Google included race, physical and mental heath, political leanings, sexuality, social class, financial, shopping habits and location data.

Hugh Tomlinson QC, representing Lloyd, said information was then “aggregated” and users were put into groups such as “football lovers” or “current affairs enthusiasts” for the targeting of advertising.

Tomlinson said the data was gathered through “clandestine tracking and collation” of browsing on the iPhone, known as the “Safari Workaround” – an activity he said was exposed by a PhD researcher in 2012.


OK, this is quite weird. It’s exactly the same incident that I wrote about back in 2012/3 (here’s a Josh Halliday article on it). Yet no reference in this to that? Or by anyone? Whatever happened to institutional memory?
link to this extract

Free app brings iPhone X gesture navigation to Android phones without Android P • BGR

Zach Epstein:


Google announced during its Google I/O 2018 keynote presentation that gesture controls will be coming to the Android platform later this year when Android P is released. There’s already a public beta of Android P available for people with certain smartphones, but everyone else will have to wait until sometime later this year or in 2019 when Android P updates finally start rolling out to phones. Some smartphone makers don’t want to wait for Android P, so they’re adding their own take on the iPhone X’s gesture navigation. OnePlus is a good example, though gesture navigation on the OnePlus 6 is kind of terrible.

There are already a few different apps out there that let you add gesture-based navigation to an Android phone. The problem with these apps is they require you to root your Android device. Not everyone wants to bother rooting their phones, and there are also security implications that many people aren’t comfortable with. Don’t worry though, because we have some good news: There’s a new free app that brings the iPhone X’s gestures to Android without the need for root access.

The app is called Navigation Gestures, and it was built by an admin from xda-developers. It’s currently available for free in the Play store. The app can be installed on any modern Android phone, and it doesn’t require users to first root their devices. There is one small caveat though. Navigation Gestures uses an API that is only accessible by granting a special permission, and you’ll need to connect your Android device to a Windows or Mac computer in order to grant that permission. It’s quite easy, and XDA provides a video that walks you through the process.


Seems fairly clear that in four years or so, the majority of phones will be working on gestures and have no bezels.
link to this extract

Teen phone monitoring app leaked thousands of user passwords • ZDNet

Zack Whittaker:


The mobile app, TeenSafe, bills itself as a “secure” monitoring app for iOS and Android, which lets parents view their child’s text messages and location, monitor who they’re calling and when, access their web browsing history, and find out which apps they have installed.

Although teen monitoring apps are controversial and privacy-invasive, the company says it doesn’t require parents to obtain the consent of their children.

But the Los Angeles, Calif.-based company left its servers, hosted on Amazon’s cloud, unprotected and accessible by anyone without a password.

Robert Wiggins, a UK-based security researcher who searches for public and exposed data, found two leaky servers.

Both of the servers was pulled offline after ZDNet alerted the company, including another that contains what appears to be only test data.

“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” said a TeenSafe spokesperson told ZDNet on Sunday.


Yet there’s never any comeback on companies which behave in such an amazingly sloppy manner. No fines, and of course no way to retrieve the data.
link to this extract

How the internet gets inside us • The New Yorker

Terrific essay by Adam Gopnik:


things that were once external and subject to the social rules of caution and embarrassment—above all, our interactions with other people—are now easily internalized, made to feel like mere workings of the id left on its own. (I’ve felt this myself, writing anonymously on hockey forums: it is easy to say vile things about Gary Bettman, the commissioner of the N.H.L., with a feeling of glee rather than with a sober sense that what you’re saying should be tempered by a little truth and reflection.) Thus the limitless malice of Internet commenting: it’s not newly unleashed anger but what we all think in the first order, and have always in the past socially restrained if only thanks to the look on the listener’s face—the monstrous music that runs through our minds is now played out loud.

A social network is crucially different from a social circle, since the function of a social circle is to curb our appetites and of a network to extend them. Everything once inside is outside, a click away; much that used to be outside is inside, experienced in solitude. And so the peacefulness, the serenity that we feel away from the Internet, and which all the Better-Nevers [ie people who say things have never been better than now, with the internet] rightly testify to, has less to do with being no longer harried by others than with being less oppressed by the force of your own inner life. Shut off your computer, and your self stops raging quite as much or quite as loud.

It is the wraparound presence, not the specific evils, of the machine that oppresses us. Simply reducing the machine’s presence will go a long way toward alleviating the disorder. Which points, in turn, to a dog-not-barking-in-the-nighttime detail that may be significant. In the Better-Never books, television isn’t scanted or ignored; it’s celebrated. When William Powers, in “Hamlet’s BlackBerry,” describes the deal his family makes to have an Unplugged Sunday, he tells us that the No Screens agreement doesn’t include television: “For us, television had always been a mostly communal experience, a way of coming together rather than pulling apart.” (“Can you please turn off your damn computer and come watch television with the rest of the family,” the dad now cries to the teen-ager.)

Yet everything that is said about the Internet’s destruction of “interiority” was said for decades about television, and just as loudly.


This is from 2011, but could have been written yesterday. Absorb it at length. (Also worth reading for one paragraph’s punchline: “next thing you knew there wasn’t a hot bath or a good book for another thousand years.”)
link to this extract

Team Trump’s ‘deep state’ paranoia fans conspiracy theories • FT

Gideon Rachman:


The US president rages about the “greatest witch-hunt in American history”. He has also frequently accused members of his own government of conspiring against him, tweeting darkly that this is “Big stuff. Deep State ”.

This accusation — that there is a “deep state” of government employees and agencies determined to destroy the Trump presidency — has become standard stuff among the president’s most ardent supporters. Two recent best-selling books have popularised the idea and the phrase: The Plot to Destroy Trump by Ted Malloch and Roger Stone; and Killing the Deep State by Jerome Corsi. The president’s closest supporters and relatives have also embraced this notion. His son, Donald Jr, tweeted: “The Deep State is real, illegal and endangers national security.”

The Trump world’s accusations about a “deep state” plot to destroy the president are now increasing in volume, with the revelation that the FBI used an informant to probe connections between the Trump campaign and Russia. Mr Trump himself has greeted this news as further confirmation of an establishment plot to undermine him.

But the fact that a theory is popular does not make it true. There is no evidence that the FBI, nor the “deep state”, was intent on destroying the Trump campaign. On the contrary, the FBI director, James Comey, did Mr Trump a favour by publicly re-opening an inquiry into Hillary Clinton’s mishandling of official emails — while keeping quiet about FBI suspicions of links between the Russian state and the Trump campaign. The fact that an FBI informant was probing evidence of these links is not, as Mr Trump would have it, the “all time biggest political scandal”. It is exactly what an intelligence service should be doing.

The “deep state” controversy may be phoney. But it is still significant. For it reveals the extent to which paranoid fantasy has now entered the mainstream of American political discourse — fanned by the president himself.


The Trump campaign was shot through with people who were working for outside states, or interested in doing so – Paul Manafort being only the most prominent. But all this gonzo noise will keep eroding Americans’ trust in their systems. This will take a lot of fixing, after Trump.
link to this extract

These 299 MacOS apps are so buggy, Apple had to fix them in AppKit • Worth Doing Badly

Zhuowei Zhang:


Looking through the list of apps tells a lot about what apps Apple considers essential to the Mac platform: after all, they put special effort to make them work on newer system versions. So what apps do Apple consider important?

• Productivity apps from large companies:
most of the Adobe suite; the Microsoft Office suite; Autodesk’s AutoCAD and Maya; Matlab; Ableton Live; Intuit Quicken/QuickBooks; TurboCAD; VMWare Fusion

• Communication apps:
Google Chrome; Opera Browser; Twitter for Mac; Tencent QQ, WeChat; AOL Messenger; Citrix GoToMeeting; Cisco Spark; HipChat; Sketch; Spotify; Evernote; Dropbox

• A surprisingly high number of games. I suspect there are even more IDs in game-specific libraries such as OpenGL.

Blizzard’s games: installer, Diablo 3, Heroes of the Storm, Starcraft 2, World of Warcraft, Hearthstone, and Battle.NET; Grid 2 Reloaded; Dragon Age 2 (of course)

• Open-source apps:
Firefox; VLC; Blender; Eclipse; AquaMacs (an Emacs port); OpenJDK; Textual IRC…


It’s a remarkable list – in many cases, Apple puts in fixes so that the apps (older or newer versions) won’t crash immediately, or at some random point. (See? All those feedback notes you send when the apps crash do have some effect.)

Now try to guess how many of these patches there are for UIKit, Apple’s iOS foundation to which first- and third-party apps are written.
link to this extract

How two million people loved MoviePass nearly to death • Bloomberg

Kyle Stock:


Since paying the $9.95 monthly fee for the movie-a-day service in January, Hannah Wolfe has seen Black Panther and most of the Academy of Motion Picture Arts and Sciences’ Best Picture nominees. Twelve films in total, at no additional cost to her. “It seemed a little too good to be true, especially in New York where movies cost like $16 each,” she says. “It feels like I haven’t paid for the ticket.”

In a way, she hasn’t. Wolfe has paid MoviePass about $50, and in turn the company would have likely shelled out almost $200 to theaters to cover the full ticket prices. To make matters worse, Wolfe has been recruiting everyone she knows—and some are getting even more out of the service. Her roommate rarely went to movies before and recently saw five in a week. Her father, a retired teacher, is on pace to see 40 films this year.

Eight months after slashing its price and expanding membership past two million users, MoviePass is now at risk of going bust. The parent company, Helios & Matheson Analytics Inc., which now owns 92% of MoviePass, said last week that it had just $15.5m in cash at the end of April and $27.9m on deposit with merchant processors. MoviePass has been burning through $21.7m per month. A US Securities and Exchange Commission filing last month revealed that the company’s auditor has “substantial doubt” about its ability to stay solvent. Michael Pachter, an analyst at Wedbush Securities Inc., warns that MoviePass may not survive the summertime run of blockbusters.

On Tuesday, Helios reported the performance of MoviePass for the three months ending on March 31. The company lost $107m, earning just over $1m from marketing deals and $47m from subscriptions. Helios shares have fallen to decade lows of less than $1 after peaking at $32.90 in October, alongside the MoviePass hype.


There’s disruption, and then there’s stupid. This is the latter one. The wonderful irony is that Helios is owned by Ted Farnsworth, former owner of a psychic hotline. Don’t need one to know how this story ends.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: smart luggage drops out, a Pixel Watch?, two Steve Jobs questions, Gates on Trump, and more

Landsat photo showing the plume from Hawaii’s Kilauea. Free – but for how long? Photo by Stuart Rankin on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Isn’t that how it’s meant to work? I’m @charlesarthur on Twitter. Observations and links welcome.

US government considers charging for popular Earth-observing data • Nature

Gabriel Popkin:


The ongoing melt of Alaska’s Columbia glacier is revealed in these images captured by the US government’s Landsat satellites in 1986, 1999 and 2017.Credit: Landsat/EO/NASA

The US government is considering whether to charge for access to two widely used sources of remote-sensing imagery: the Landsat satellites operated by the US Geological Survey (USGS) and an aerial-survey programme run by the Department of Agriculture (USDA).

Officials at the Department of the Interior, which oversees the USGS, have asked a federal advisory committee to explore how putting a price on Landsat data might affect scientists and other users; the panel’s analysis is due later this year. And the USDA is contemplating a plan to institute fees for its data as early as 2019.

Some scientists who work with the data sets fear that changes in access could impair a wide range of research on the environment, conservation, agriculture and public health. “It would be just a huge setback,” says Thomas Loveland, a remote-sensing scientist who recently retired from the USGS in Sioux Falls, South Dakota.


There were charges until 2008; then the USGS made the data available for free, and use increased 100-fold, and there have been dramatic discoveries.

The free data principle applies: the government collects it, people pay for the government, the government should make it free to the people. The benefits to the people and the economy are far greater than revenues minus the cost of administration.

link to this extract

Raden is the second startup to bite the dust after airlines ban some smart luggage • The Verge

Sean O’Kane:


Smart luggage startup Raden announced today that it has shut down and can no longer handle “returns, exchanges or repairs.” It’s the second dedicated smart luggage company to go under this month (following Bluesmart, which ceased operations May 1st) after major US airlines imposed strict rules on suitcases with batteries earlier this year.

The policies that airlines like Delta and American put in place earlier this year most aggressively targeted luggage with non-removable batteries, like the kinds Bluesmart sold. (Bluesmart shut down, but it sold its intellectual property to luggage giant TravelPro.) Raden, meanwhile, sold suitcases with removable batteries, which are still fine to check on most airlines as long as fliers carry the battery in the cabin with them. The company says the companion app — which lets users check the weight of their bag and was supposedly going to enable an ambitious mesh-network style tracking system — will continue to work, too. But the ban, and perhaps the change in sentiment toward smart luggage, will still hit Raden hard, according to the company.


It’s the lithium-ion batteries; these companies were living on borrowed time (for check-in luggage) as soon as there were problems with Li-ion overheating in luggage. The rest of the story details problems that people who bought Away bags (another brand) have been having.

It was a great idea, sadly screwed by chemistry.
link to this extract

Pixel Watch investigation: everything we know, and what it needs to succeed • Wareable

Husain Sumra:


Multiple reports have said Google is prepping a Pixel-branded smartwatch for this year, but what will it look like and what features will it host? That much is still up in the air, but we can certainly start the speculation. Here’s what we know so far, and what we’re hoping to see…

A smartwatch with a better Google Assistant means a more proactive assistant. Dennis Troper, head of product for Wear OS, told Wareable that Google wants Assistant on Wear OS to anticipate how it can help before a command is issued. Think of this like the Pixel’s song identification feature. If there’s a song playing in the background, the song and artist will pop up automatically on your homescreen – no need to Shazam it.

You can likely expect a Pixel Watch to show off how helpful Assistant can be on the wrist, setting an example for the rest of the Wear OS partners. It’d be nice if Google could use Assistant, Google Maps and a new health focus to do things like track runs, or recommend running spots or food places or whatever else from your wrist.

The other thing Google really wants to improve is how Wear OS handles fitness. Troper says we can expect more on this from the Wear OS team this year, and we’re willing to bet a Pixel Watch is where these features will get their big debut.

One of the things Google is working on is proactive coaching, helping with wellbeing and motivating users to stay more active. You can likely expect a Pixel Watch to have at least a heart rate sensor.


I’d have thought Google would want to pack everything it could in – LTE, GPS, heart rate sensor, any thing it can.
link to this extract

Google’s Selfish Ledger is an unsettling vision of Silicon Valley social engineering • The Verge

Vlad Savov, who got hold of an internal Google concept video from 2016 which builds on the “selfish gene” concept to offer the “selfish ledger” idea of huge amounts of data collection about you:


Building on the ledger idea, the middle section of the video presents a conceptual Resolutions by Google system, in which Google prompts users to select a life goal and then guides them toward it in every interaction they have with their phone. The examples, which would “reflect Google’s values as an organization,” include urging you to try a more environmentally friendly option when hailing an Uber or directing you to buy locally grown produce from Safeway.

An example of a Google Resolution superimposing itself atop a grocery store’s shopping app, suggesting a choice that aligns with the user’s expressed goal.

Of course, the concept is premised on Google having access to a huge amount of user data and decisions. Privacy concerns or potential negative externalities are never mentioned in the video. The ledger’s demand for ever more data might be the most unnerving aspect of the presentation.

Foster envisions a future where “the notion of a goal-driven ledger becomes more palatable” and “suggestions may be converted not by the user but by the ledger itself.” This is where the Black Mirror undertones come to the fore, with the ledger actively seeking to fill gaps in its knowledge and even selecting data-harvesting products to buy that it thinks may appeal to the user. The example given in the video is a bathroom scale because the ledger doesn’t yet know how much its user weighs. The video then takes a further turn toward anxiety-inducing sci-fi, imagining that the ledger may become so astute as to propose and 3D-print its own designs. Welcome home, Dave, I built you a scale.

Foster’s vision of the ledger goes beyond a tool for self-improvement. The system would be able to “plug gaps in its knowledge and refine its model of human behavior” — not just your particular behavior or mine, but that of the entire human species. “By thinking of user data as multigenerational,” explains Foster, “it becomes possible for emerging users to benefit from the preceding generation’s behaviors and decisions.” Foster imagines mining the database of human behavior for patterns, “sequencing” it like the human genome, and making “increasingly accurate predictions about decisions and future behaviours.”


Soooper creepy. Only a concept, of course.
link to this extract

What is the most sophisticated piece of software/code ever written? • Quora

Answer from John Byrd, CEO of Gigantic Software, formerly at Sega and Electronic Arts:


Buckle in.

The most sophisticated software in history was written by a team of people whose names we do not know.

It’s a computer worm. The worm was written, probably, between 2005 and 2010.

Because the worm is so complex and sophisticated, I can only give the most superficial outline of what it does.

This worm exists first on a USB drive. Someone could just find that USB drive laying around, or get it in the mail, and wonder what was on it. When that USB drive is inserted into a Windows PC, without the user knowing it, that worm will quietly run itself, and copy itself to that PC. It has at least three ways of trying to get itself to run. If one way doesn’t work, it tries another. At least two of these methods to launch itself were completely new then, and both of them used two independent, secret bugs in Windows that no one else knew about, until this worm came along.

Once the worm runs itself on a PC, it tries to get administrator access on that PC. It doesn’t mind if there’s antivirus software installed — the worm can sneak around most antivirus software. Then, based on the version of Windows it’s running on, the worm will try one of two previously unknown methods of getting that administrator access on that PC. Until this worm was released, no one knew about these secret bugs in Windows either.

At this point, the worm is now able to cover its tracks by getting underneath the operating system, so that no antivirus software can detect that it exists. It binds itself secretly to that PC, so that even if you look on the disk for where the worm should be, you will see nothing. This worm hides so well, that the worm ran around the Internet for over a year without any security company in the world recognizing that it even existed.


I hope you’ve figured out what it is, but it’s still worth reading the rest of his answer just for the jawdropping details of what this software did – or does.
link to this extract

GDPR emails highlight variable advice ahead of new data regime • FT

Barney Thompson:


the thousands of organisations emailing customers asking them to click a box for permission to keep sending them messages are wasting their time — and could inadvertently be damaging their businesses.

Email marketing is covered by a separate piece of legislation — derived from a 16-year-old EU directive on electronic privacy — rather than GDPR. Provided regular messages include an “unsubscribe” option there is unlikely to be any need to contact customers at all.

“In the majority of cases there is no need to send an email to people on your database,” said Eduardo Ustaran, co-director of privacy and cyber security at Hogan Lovells, the law firm. “If they are your customers and you have collected their data in order to provide services, you are entitled to keep sending them emails . . . Some marketing departments are going to be pretty unhappy when they find out that they didn’t need to massively reduce their marketing databases after all.”

This problem is particularly acute for some small and medium-sized enterprises. Matthew Howett, founder of Assembly Research, a telecoms and digital sector analyst, said the advice from the UK’s Information Commissioner’s Office was “not easy to understand”.

Assembly had emailed clients, he added, but only if they had supplied email addresses on business cards, rather than filling in an online form. Less than one-third of about 700 people had responded so far, which he called “disappointing”.

By asking regular customers for their consent to send more emails, businesses may also have actually made it technically illegal for them to keep in regular contact with those who have not replied.

“If you say ‘we need your consent’ and you don’t get it, the argument must be that you can no longer contact that individual,” said Rohan Massey, a data protection and privacy lawyer at Ropes & Gray.


I’m fine with that.

link to this extract

Steve Jobs’ secret for eliciting questions, overheard at a San Francisco cafe • Medium

Andy Raskin overheard a “famous CEO” (from a famous-brand internet company) talking to a Young CEO who was puzzled by why people said he wasn’t open to being questioned, when he insisted he was. Turns out that saying “Any questions?” is the wrong question:


“In the early 2000s,” Famous CEO said, “Jobs was splitting his time between Apple and Pixar. He would spend most days at Apple, but then he would parachute into Pixar. He would have to figure out where his attention was needed really fast, so he would arrange sessions with all the different teams—the Cars team, the technology team, whatever—so there were a dozen or so people in each one. Then he would point to one person in each session and say:

Tell me what’s not working at Pixar.

Famous CEO continued: “That person might offer something like, ‘The design team isn’t open to new technology we’re building.’ Jobs would ask others if they agreed. He would then choose someone else and say:

Tell me what’s working at Pixar.

According to Famous CEO, Jobs would alternate between the two questions until he felt like he had a handle on what was going on.

Famous CEO said he ran sessions like these with his own teams every few months. He advised Young CEO to “never invite VPs” (i.e., team leaders) to the sessions, since subordinates might feel intimidated and share less freely. Instead, Famous CEO would commit, after collecting issues, to discussing them with the VP in charge, who would be responsible for following up.


I’ve also heard that Bill Gates would insist that everyone who came to him should bring at least some bad news. He didn’t want to hear just about what was going well; he wanted to know the trouble too.
link to this extract

Bill Gates: Trump twice asked me the difference between HIV and HPV • The Guardian

David Smith:


Gates himself met Trump for the first time in New York in December 2016, he recalled: “So when I first talked to him it was actually kind of scary how much he knew about my daughter’s appearance. Melinda [Gates’s wife] didn’t like that too well.”

They met again in March last year at the White House. Gates continued: “In both of those two meetings, he asked me if vaccines weren’t a bad thing because he was considering a commission to look into ill-effects of vaccines and somebody – I think it was Robert Kennedy Jr – was advising him that vaccines were causing bad things. And I said no, that’s a dead end, that would be a bad thing, don’t do that.

“Both times he wanted to know if there was a difference between HIV and HPV so I was able to explain that those are rarely confused with each other.”


So perhaps we have Gates to thank that Trump didn’t start an ill-advised anti-vaccination investigation that would have led to the death and/or disability of children as a result of credulous parents.

As to the HIV/HPV thing – the first time is understandable; the second time, with the same person, suggests someone with poor retention.
link to this extract

I don’t know how to waste time on the internet anymore • NY Mag

Dan Nosowitz:


After college, when I had a real job, with health insurance and a Keurig machine, I would read blogs, funny people talking about nothing in particular with no goal besides being entertaining for a three- to eight-minute block. These were evolutions of the Seanbaby type of writers. Their websites were comparatively elegant, set up for ease of reading. Gawker, Videogum, the Awl, the A.V. Club, Wonkette, various blogs even less commercial than those. There was one that just made fun of Saved by the Bell episodes. I never even watched Saved by the Bell, but I loved that one.

I started a Twitter account, and fell into a world of good, dumb, weird jokes, links to new sites and interesting ideas. It was such an excellent place to waste time that I almost didn’t notice that the blogs and link-sharing sites I’d once spent hours on had become less and less viable. Where once we’d had a rich ecosystem of extremely stupid and funny sites on which we might procrastinate, we now had only Twitter and Facebook.

And then, one day, I think in 2013, Twitter and Facebook were not really very fun anymore. And worse, the fun things they had supplanted were never coming back. Forums were depopulated; blogs were shut down. Twitter, one agent of their death, became completely worthless: a water-drop-torture feed of performative outrage, self-promotion, and discussion of Twitter itself. Facebook had become, well … you’ve been on Facebook.

In the decade since I took that computer class, the web browser has taken over the entire computing experience. There is nothing to “learn” about computers, really, except how to use a browser; everything you might want to do is done from that stupid empty address bar.


This piece could have been called “Requiem for Wasted Time”.
link to this extract

The gun-law loophole that entices tycoons and criminals to play cop • Bloomberg Businessweek

Zachary Mider, with an amazing piece about a loophole that lets people sign up as police for tiny places – and then carry concealed weapons all around the US:


In Oakley, a village of about 300, the police department charged $1,200 to become a cop. It tried to keep the names of some 150 volunteers confidential by saying they could be targeted by Islamic State jihadis. When a list of applicants became public a few years ago, it included out-of-town lawyers and businessmen, a pro football player and the musician Kid Rock.

Action-movie star Steven Seagal got a badge from Hudspeth County Sheriff Arvin West. So did at least five people linked to a civilian Navy unit in Virginia that became the focus of an unrelated corruption investigation, the Washington Post reported. According to 2016 testimony in the case, members of the Navy unit helped direct $14,000 worth of radio equipment to the sheriff’s office and used their shields to travel the country armed, including on commercial airlines. 

Neither West nor the former Oakley police chief responded to requests for comment.

To qualify for the concealed-carry perk, known as H.R. 218 after the House version of the bill, officers must be authorized to make arrests and carry a gun on duty. An unarmed dispatcher or records clerk doesn’t meet that standard. But in some states, volunteers can carry weapons and make arrests without completing the rigorous certification process required of most full-time cops. In these states, police chiefs and sheriffs can award the privileges to pretty much anyone they want.

That’s partly why nobody knows how big the badge market is. There’s little state or federal oversight, and some localities keep their volunteer rosters secret. 

“This is widespread and widely abused,” said David LaMontaine, a retired deputy sheriff and union official who pushed for state oversight of volunteers in Michigan. Now federal lawmakers, he said, should “close that loophole.”

The risks of policing with volunteers became national news in 2015, when a 73-year-old reservist and donor to the Tulsa, Oklahoma, sheriff’s office accidentally shot and killed an unarmed suspect during an arrest. The reservist was convicted of manslaughter, and the sheriff later pleaded no contest to a misdemeanor for covering up an internal report alleging preferential treatment for the donor.

Lake Arthur points to a different problem: men with badges who aren’t doing much police work at all.


If you have a system, it will be abused. If the system lets you carry deadly weapons, its abuse will kill people.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: bitcoin v renewables, porn boost for UK newsagents?, Chinese phone OEM settles with FTC, and more

Google says its Duplex assistant called a real hair salon. Did it, though? Photo by Saffy on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

What Google isn’t telling us about its AI demo • Axios

Dan Primack:


What’s suspicious?

When you call a business, the person picking up the phone almost always identifies the business itself (and sometimes gives their own name as well). But that didn’t happen when the Google assistant called these “real” businesses:

When the hair salon picks up, a woman says: “Hello, how can I help you?”

When the restaurant picks up, a woman says: “Hi, may I help you?”

Axios called over two dozen hair salons and restaurants — including some in Google’s hometown of Mountain View — and every one immediately gave the business name.

There also does not seem to be ambient noise in either recording, such as hair dryers or plates clattering. We heard that in most of the businesses we called, but not in all.

Finally, neither the hair salon nor the restaurant ask for the customer’s phone number or any other contact information.

Axios asked Google for the name of the hair salon or restaurant, in order to verify both that the businesses exist and that the calls were not pre-planned. We also said that we’d guarantee, in writing, not to publicly identify either establishment (so as to prevent them from receiving unwanted attention).

A longtime Google spokeswoman declined to provide either name.

We also asked if either call was edited, even perhaps just cutting the second or two when the business identifies itself. And, if so, were there other edits? The spokeswoman declined comment, but said she’d check and get back to us. She didn’t.

So we sent a new message, this time also copying another member of Google’s communications team. The spokeswoman replied by saying she’d get right back to us.

That was more than a day ago.


I didn’t link to stuff about Google Duplex previously, because demos– well, you can do anything with a demo. But Google claimed that it was calling local businesses. Primack is doing the essential work of saying “can we just check this?”. And suddenly Google clams up. Pichai said “What you’re going to hear is the Google assistant actually calling a real salon to schedule an appointment for you.”

Some more to come on this, I think. That’s probably a Google employee or similar answering the phone, and we’ll learn that Pichai’s script shouldn’t have said “real businesses”.
link to this extract

Youtube is going to charge more to see ad-free shows like ‘Cobra Kai’ • Recode

Peter Kafka:


Two years ago, YouTube launched YouTube Red, a service that gave subscribers an on-demand music service, more or less similar to Spotify or Apple Music — as well as access to original programming created just for the service. YouTube Red also removed ads from the world’s largest video service.

All of that cost $10. But now that’s changing.

Next week, YouTube is launching YouTube Music — a revamped version of its existing music service that is functionally the same, but comes with extra bells and whistles like personalized playlists based on your YouTube history and other usage patterns.

That service, which is supposed to soft-launch on Tuesday, will cost $10 a month after a trial period. (That same service will eventually also replace Google Play Music, a rival music service Google has inexplicably operated at the same time it was trying to get YouTube Music off the ground.)

Now YouTube intends to charge $2 more for the other parts of YouTube Red, which will be renamed YouTube Premium — but will require you to also pay for YouTube Music.

That is: If you want to watch ad-free, YouTube original shows like “Cobra Kai,” which appears to have a bit of buzz and four million views, you’re now going to have to pay $12 a month instead of $10 a month.


Google launches subscription music/video services in the way it launches chat services – they get thrown out there under different names with no obvious differentiation. Rather than putting more things under a single name (Apple with iTunes: was music, added music videos, then video and TV) it throws the same thing out. Confusing as hell, and suggestive of warring product teams with nobody coordinating them all.
link to this extract

Bitcoin’s energy use got studied, and you libertarian nerds look even worse than usual • Grist

Eric Holthaus:


Bitcoin’s energy footprint has more than doubled since Grist first wrote about it six months ago.

It’s expected to double again by the end of the year, according to a new peer-reviewed study out Wednesday. And if that happens, bitcoin would be gobbling up 0.5% of the world’s electricity, about as much as the Netherlands.

That’s a troubling trajectory, especially for a world that should be working overtime to root out energy waste and fight climate change.

By late next year, bitcoin could be consuming more electricity than all the world’s solar panels currently produce — about 1.8% of global electricity, according to a simple extrapolation of the study’s predictions. That would effectively erase decades of progress on renewable energy.

Although the author of the study, Alex de Vries, an economist and data consultant based in the Netherlands, has shared these calculations publicly before, this is the first time that an analysis of bitcoin’s energy appetite has appeared in a peer-reviewed journal.

Bitcoin continues to soar in popularity — mostly as a speculative investment. And like any supercharged speculative investment, it swings wildly. Within the past 18 months, the price of bitcoin has soared ten-fold, crashed by 75%, only to double again, all while hedge funds and wealthy libertarians debate the future of the virtual currency.


Jeez, this is depressing. Libertarian idiots will literally be the death of us all.
link to this extract

Newsagents to sell ‘porn passes’ to visit X-rated websites anonymously under new government plans • The Independent

Colin Drury:


High street newsagents are to sell so-called “porn passes” that will allow adults to visit over-18 websites anonymously.

The 16-digit cards will allow browsers to avoid giving personal details online when asked to prove their age.

Instead, they would show shopkeepers a passport or driving licence when buying the pass.

The UK’s film censor, the British Board of Film Classification, carried out a public consultation ahead of age-verification laws that are to be introduced this year that will require viewers to prove they are over 18 when viewing certain sites.

The legislation is designed to stop children accessing online pornography.

But there are concerns that asking adults to hand over passport or driving licence details to view adult material could leave them open to data-hacking and blackmail.

Some 56% of British adults admitted to watching pornography in a 2014 study carried out by The Observer.

David Austin, chief executive with the BBFC, told The Daily Telegraph that such a process would be “simpler than people think” to create.


Well, that’s one way to keep local newsagents alive, I guess, and would return them to their traditional role in British society as the gatekeeper to young boys’ first experiences with scantily clad ladies.
link to this extract

ICE just abandoned its dream of ‘extreme vetting’ software that could predict whether a foreign visitor would become a terrorist • Washington Post

Drew Harwell:


Immigration and Customs Enforcement officials told tech-industry contractors last summer they wanted a system for their “Extreme Vetting Initiative” that could automatically mine Facebook, Twitter and the broader Internet to determine whether a visitor might commit criminal or terrorist acts or was a “positively contributing member of society.”

But ICE dropped the machine-learning requirement from its request in recent months, opting instead to hire a contractor that can provide training, management and human personnel who can do the job. Federal documents say the contract is expected to cost more than $100m and be awarded by the end of the year.

After gathering “information from industry professionals and other government agencies on current technological capabilities,” ICE spokesperson Carissa Cutrell said, the focus of what the agency now calls its Visa Lifecycle Vetting program “shifted from a technology-based contract to a labor contract.”


Crouching ovation for this one. You know they’re going to do much the same, but with humans. The reality is that predicting how (a tiny number of) people will become radical or dangerous is difficult; the best indicator, at present, seems to be a record of domestic violence. But that doesn’t fit narratives.
link to this extract

Blu phone maker settles with FTC over data privacy • CNet

Jessica Dolcourt:


The company behind low-priced, top-selling phones on Amazon has reached a settlement with the US Federal Trade Commission over privacy practices.

After security researchers discovered in 2016 that Blu’s phones were sending personal data — including text messages, contact lists and locations — to servers in China, the Florida-based company said it would update the software to fix the “mistake.” Eight months later, the same security researchers found that Blu phones were still siphoning off the same data to Chinese servers.  

The issue is tied to preinstalled software from a company called Shanghai Adups Technology. The software, which Blu uses to help update phones, mined data and couldn’t be removed. Blu didn’t tell consumers their phones were sending that data to Chinese servers, according to the FTC.

On Monday, the FTC announced that it has reached a settlement with Blu, in which the company agrees to a security plan regarding security risks with all its devices, both new and old. Blu will also be required to undergo third-party checks every two years for the next 20 years. Blu and its president, Samuel Ohev-Zion, will also be prohibited from misleading the public about how it protects people’s privacy. 

Blu didn’t respond to a request for comment.


Low price always comes with a price.
link to this extract

Trump can’t afford to admit his failures with North Korea • The Atlantic

David Frum:


Throughout his career, Trump has coped with failure by brazenly misrepresenting failure as success.

In 1995, for example, Trump presided over the sale of the Plaza Hotel for $75m less than he had paid for it in 1988. His ownership stake had long since been extinguished, and by then he was little more than a front for the syndicate of creditors who actually controlled what remained of Trump’s portfolio after 1990, when he faced bankruptcy in all but name. Yet Trump insisted of the Plaza purchaser, “I put him through the wringer and made a great deal.”

We should probably expect the Plaza Hotel treatment for the coming Kim-Trump summit. Secretary of State Mike Pompeo has demanded “complete, verifiable, irreversible denuclearization,” or CVID in the argot of the negotiators. That will not be forthcoming. But perhaps something else will: a testing pause, maybe, or some other interim measure that can somehow be upgraded into the promised “great deal.”

The administration may have little choice by now but to carry on the pretense that it is scoring a great success in its Korea negotiations, and for two reasons.

First, US options in the Korean peninsula depend heavily on the cooperation of South Korea. Trump has now thoroughly frightened and alienated South Korean opinion. South Korea’s dovish president, Moon Jae In, was elected with only 41% of the vote. Polls now show his approval rating in the mid-70s, because of his success in drawing Trump away from “fire and fury” and toward negotiations. As Robert Kelly of Pusan National University in South Korea observes, revulsion against Trump has consolidated a dovish consensus in South Korea.

Much of the work of snookering Trump into the Kim summit has actually been done by South Koreans, not North Koreans. It was President Moon who slyly insinuated that Trump deserved a Nobel Prize for the summit—bait that Trump swallowed like a credulous guppy. In fact, it was a South Korean delegation that first put the summit idea into Trump’s head back in March. It was the South Koreans who immediately announced Trump’s impulsive “yes” answer at the very entrance to the West Wing, thus effectively locking the door behind the president before he understood the full implications of what he had done—and before he could be dissuaded by his staff and secretary of state.


Frum, in common with many professional politicians, is signally unimpressed by Trump’s “dealmaking” skills.
link to this extract

Trump administration wants to end Nasa funding for the International Space Station by 2025 • The Verge

Loren Grush:


The Trump administration is preparing to end support for the International Space Station program by 2025, according to a draft budget proposal reviewed by The Verge. Without the ISS, American astronauts could be grounded on Earth for years with no destination in space until NASA develops new vehicles for its deep space travel plans.

The draft may change before an official budget request is released on February 12th. However, two people familiar with the matter have confirmed to The Verge that the directive will be in the final proposal. NASA says it won’t comment on the request until it’s released. “NASA and the International Space Station partnership is committed to full scientific and technical research on the orbiting laboratory, as it is the foundation on which we will extend human presence deeper into space,” a NASA spokesperson said in a statement to The Verge. “We will not comment on any leaked or pre-decisional documents prior to the release of the President’s FY19 budget, which is scheduled for February 12.”

Any budget proposal from the Trump administration will also be subject to scrutiny and approval by Congress. But even announcing the intention to cancel ISS funding could send a signal to NASA’s international partners that the US is no longer interested in continuing the program. Many of NASA’s partners still have yet to decide if they’d like to continue working on the station beyond 2024.

The International Space Station has been an ongoing program for more than two decades. It costs NASA between $3 to $4bn each year, and represents a more than $87bn investment from the US government. It’s become a major hub for conducting both government and commercial experiments in microgravity, as well as testing out how the human body responds to weightlessness.


If the US really is interested in going to Mars – though talking about it might be different from “really interested” – then not having the space station seems remiss. It can’t all be funded by dot-com billionaires. It makes everything feel like the opening scenes of a not particularly good dystopian sci-fi film.
link to this extract

How Ireland’s abortion referendum became a battleground in the dark digital culture war • The i

Karl McDonald:


Facebook is grappling with its political influence problems already and prepping transparency tools for US midterm elections – but they weren’t ready for Ireland. “I don’t want Ireland to be the last case study in bad practices,” says Senator Higgins.

Liz Carolan, one of the founders of the volunteer Transparent Referendum Initiative, says part of the problem is that we don’t know why the big tech companies, both of which have European HQs in Dublin, have made the decisions.

On the question of whether the dark money has been favouring one side over the other, she told i: “We don’t know. Facebook has this information, and not just in the sense of booking ads from a company in New York. They’ve got their own information on whether a page that’s buying an ad has overseas connections.”

This vote in particular is on a moral issue that comes with its own very motivated constituencies around the world, she says, and that leads to different challenges. “This referendum is symbolically important to folks outside of Ireland,” says Carolan.

“This is very different to the allegations about the US election where a foreign power, Russia, was trying to influence the result. This is a proxy war. Private companies and individuals in other countries are trying to influence the outcome.”

Young voters also back [the Yes side] strongly: a recent poll showed 67% support among 18- to 24-year-olds.

The No side didn’t take kindly to the changes, calling a press conference to cry foul.

“Anything that has to be done to get this thing passed, clearly will be done,” communications director John McGuirk tweeted after the restrictions on Facebook and Google advertising were announced. “This is rigged.”


The latter reaction gives a clue about which side has been supported by foreign money funding dark ad spending.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: what Apple knows about you, Sonos’s patent play, Iran hackers get played, Trump’s second ZTE U-turn, and more

Hokkaido, by night: the number of lights is correlated with GDP. Photo by Stuart Rankin on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Nearly Friday! I’m @charlesarthur on Twitter. Observations and links welcome.

I asked Apple for all my data. Here’s what was sent back • ZDNet

Zack Whittaker:


What’s interesting about the data is what Apple has – and what it doesn’t.

The zip file contained mostly Excel spreadsheets, packed with information that Apple stores about me. None of the files contained content information – like text messages and photos – but they do contain metadata, like when and who I messaged or called on FaceTime.

Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn’t turn over your content which is largely stored on your slew of Apple devices. That’s set to change later this year when the tech giant will allow customers to download their data archives, largely to comply with new European data protection and privacy rules. And, of the data it collects to power Siri, Maps, and News, it does so anonymously – Apple can’t attribute that data to the device owner.

My entire set of data can be perused in less than an hour – at most.

One spreadsheet – handily – contained explanations for all the data fields, which we’ve uploaded here. Not all the spreadsheets contained information referencing these fields, but it shows you what kind of data Apple can collect on you…

…As insightful as it was, Apple’s treasure trove of my personal data is a drop in the ocean to what social networks or search giants have on me, because Apple is primarily a hardware maker and not ad-driven, like Facebook and Google, which use your data to pitch you ads.


In short, it doesn’t tell very much about you. (Side note: the comments. 🙄)
link to this extract

How Sonos played patent hardball to strike Google deal • The Information

Aaron Tilley starts out by explaining how Sonos waved a patent on tuning speakers to rooms to get Google to put Assistant on Sonos products, but this is where it gets more interesting:


Sonos was founded in 2002. Despite being located far from Silicon Valley in Santa Barbara, it managed to become an influential player in the tech industry and has grown to $1bn in revenue in 2017.

Along the way, it built up a portfolio of roughly 1,300 patents and pending applications, around features like how music can be streamed to speakers from phones or servers in the cloud, how antennas are laid out on a device or how the speaker can automatically be tuned. Starting in 2016, Sonos has also begun filing more patents around how voice assistants work with its speaker system, said Mr. Triplett.

Sonos’ patents are ranked number two in the electronics industry, behind only Apple, according to Patent Power ranking in IEEE Spectrum, an engineering magazine. The ranking takes into account not the number of patents, but how often they are cited in other company patents and how influential they are.

“Sonos’ patents are highly cited by other companies,” including the likes of Google, Apple and Bose, said Patrick Thomas, co-founder of 1790 Analytics, the intellectual property firm that conducts the Patent Power ranking every year. “It suggests that these companies are looking at Sonos’ technology and saying this is state of the art and how can we improve it.”

Sonos’ most influential patent was filed in 2004 and describes a method for controlling its sound system across multiple speakers. New speaker systems from Apple and Google include a similar feature.

“This is the key patent in their portfolio,” said Mr. Thomas. “It underpins their technology.”

…Sonos appears to have considered, and then mostly abandoned, trying to make money by licensing. Last year, it hired its first chief licensing officer with Tanya Moore, a veteran patent lawyer used to working out massive patent licensing deals at Microsoft and IBM.

Licensing its patents could generate royalty revenue, but would open up competition for Sonos, making it a short-term approach. Sonos appears to have realized that. Ms. Moore left Sonos earlier this year and the company said it doesn’t plan to hire a replacement.


That point about licensing being a problem is worth noting.
link to this extract

Vigilante hacks government-linked cyberespionage group • Motherboard

Joseph Cox:


Somewhere, government-linked hackers might be panicking. A digital vigilante has struck back against what researchers believe is a cyberespionage group connected to a nation state. The hacker has allegedly stolen, rather ironically, a cache of data that the government-linked hackers lifted from their own victims across the Middle East.

The news provides a rare instance of someone targeting a so-called advanced persistent threat, or APT, as well as an opportunity for a behind-the-scenes look at a government hacking campaign.

“10 minutes of effort; intel on Iranian APTs,” the anonymous hacker told Motherboard in an online chat, saying which nation they believe may be linked to the hacking group. Some cybersecurity experts tentatively agreed. But Kaspersky, which originally reported on the hacking group it dubbed “ZooPark” earlier this month, told Motherboard it could not currently link the outfit to a known actor.

The stolen data the hacker provided to Motherboard though is noteworthy. It includes text messages, emails, and GPS locations seemingly swept up by ZooPark’s tools; audio recordings apparently captured by the malware of people speaking; and the hacker said they found another related server hosted in Tehran, Iran during their spree.


An Android hacking campaign which had victims in Egypt, Jordan, Morocco, Lebanon and Iran. Feels like an Iranian nation-state group.
link to this extract

Trump links ZTE rescue to larger trade talks with China, contradicting top aides • The Washington Post

Damian Paletta:


President Trump on Wednesday said for the first time that he would allow a rescue of embattled Chinese telecommunications company ZTE only if China agrees to a range of trade concessions, contradicting several of his top advisers who had said that the firm would be dealt with separately.

Trump’s comments, made in morning Twitter posts, mark the most direct linkage he has made between helping ZTE and extracting concessions from Chinese leaders on trade.

But the Twitter posts also included statements that appear at odds with what he or his aides had asserted in recent days about ZTE and the status of trade talks with China.

The biggest discrepancy came over whether ZTE would be dealt with individually or as part of a larger trade package with China.

“Nothing has happened with ZTE except as it pertains to the larger trade deal,” Trump wrote Wednesday in posts that also criticized CNN and The Washington Post for their coverage of the issue.


Their coverage of the issue, where they’d been trying to work out what on earth his strategy was, partly based on his tweets, which seemed conciliatory. And of course from talking to his Commerce Secretary and others. The White House doesn’t know what it’s doing from room to room.
link to this extract

‘I lost it’: the boss who banned phones, and what came next • WSJ

John Simons:


Mr. Hoopes put his convictions into practice at group gatherings when he took over a team of about 25 people at the aerospace defense company three years ago. “Every time someone’s phone went off, they had to stand for the rest of the meeting,” he says. Before long, he asked the group to leave their phones at their desks when two or more people got together.

Over time, he says, he has noticed not only an improvement in the quality of conversation and ideas in meetings, but also that his people seem to show more respect and appreciation for one another’s work.

Mat Ishbia, CEO of United Wholesale Mortgage, banned technology from meetings about two years ago and recently asked that his executive team and other managers not check their phones as they walk to and from meetings.

“Don’t act like we’re too important to say hello,” he says he told them. “Make eye contact with people.”

Mr. Ishbia is now piloting another solution to phone addiction. A group of about 250 workers are part of an experiment in which they refrain from all personal phone use at their desks. If they want to use their devices they must go to a common area designated for phone use and socializing. Forty-five days into the trial run, workers are checking their phones a lot less, he said.


So we’re moving back towards the point where we use our phones sensibly.
link to this extract

If solar and wind hit 50% of generation, US wholesale energy prices could fall 25% or more • Greentech Media

Emma Foehringer Merchant:


In a world where wind and solar resources make up 40% to 50% of generation, wholesale energy prices will drop by as much as $16 per megawatt-hour, according to a study released Wednesday from a group of researchers at Lawrence Berkeley National Laboratory.

Modeling 2030 scenarios in which CAISO, NYISO, SPP and ERCOT reach combined wind and solar penetration at or above 40%, the researchers found electricity prices will fall — but price fluctuations may increase and the number of peak net-load hours will spread to a greater number of days.  

According to co-author Joachim Seel, the study offers a “holistic” analysis of price formation in a decarbonizing market. He said that data is not generally available to the public. 

Researchers hope the results, part of a three-part study stretching into the next several years, will offer policymakers, utilities and grid authorities a long-range view of how current choices could impact their future ability to cope with changes in the electric sector.


That’s quite a fall – though it would also be a dramatic rise in PV/wind generation.
link to this extract

Microsoft reportedly working on $400 Surface tablets to compete with the iPad • The Verge

Chaim Gartenberg:


Microsoft is working on a new line of budget Surface tablets to better compete with Apple’s low-cost iPad options, according to a report from Bloomberg.

According to the report, the new Surface tablets won’t just be smaller, cheaper Surface Pros. Rather, Microsoft is said to be completely redesigning the devices, with 10in screens instead of the 12in size currently found on the Surface Pro, rounded corners that more resemble an iPad than the more rectangular Surface design, and USB-C for charging. Most importantly, priced at $400, they will be more in line with Apple’s cheaper tablets, too.

Bloomberg also claims that the new models will be around 20% lighter than the current Surface Pro, although that reduced weight comes at the cost of around four hours fewer of battery life. Like the full-size Surface, the new budget Surface computer will feature Intel processors and graphics, and run the full version of Windows 10 Pro. (No word on whether or not S Mode will be enabled by default, which may make sense given the budget nature of the device.) And like the iPad, Microsoft is said to be planning on models that offer LTE connectivity.


A discussion on Twitter between Tom Warren (longtime Microsoft watcher) and Steve Sinofsky (ex-Surface creator) drew the conclusion that this is more about competing with Chromebooks than the iPad. You’re not going to get people to switch from the iPad to a Surface.
link to this extract

Satellite data strongly suggests that China, Russia and other authoritarian countries are fudging their GDP reports • The Washington Post

Christopher Ingraham:


China, Russia and other authoritarian countries inflate their official GDP figures by anywhere from 15 to 30% in a given year, according to a new analysis of a quarter-century of satellite data.

The working paper, by Luis R. Martinez of the University of Chicago, also found that authoritarian regimes are especially likely to artificially boost their gross domestic product numbers in the years before elections, and that the differences in GDP reporting between authoritarian and non-authoritarian countries can’t be explained by structural factors, such as urbanization, composition of the economy or access to electricity.

Martinez’s findings are derived from a novel data source: satellite imagery that tracks changes in the level of nighttime lighting within and between countries over time…

“The key question that the paper tries to tackle is whether the checks and balances provided by democracy are able to constrain governments’ desire to manipulate information or, more specifically, their desire to exaggerate how well the economy is doing,” Martinez said via email. “The way I try to answer the question above is by comparing GDP (a self-reported indicator, prone to manipulation) and nighttime lights (recorded by satellites from outer space and much harder to manipulate) as measures of economic activity.”

Research published in 2012 by economists from Brown University and the National Bureau of Economic Research showed how changes in nighttime lighting closely tracked with changes in economic activity. “Consumption of nearly all goods in the evening requires lights,” that paper explained. “As income rises, so does light usage per person, in both consumption activities and many investment activities.”


The paper leans a lot on others’ data, so it’s hard to see quite how reliable this is. One can think of lots of confounding factors. But it’s an interesting point.
link to this extract

UK police use of facial recognition technology a failure, says report • The Guardian

Vikram Dodd:


Some in policing see facial recognition as the next big leap in law enforcement, akin to the revolution brought about by advances in DNA analysis. Privacy campaigners see it as the next big battleground for civil liberties, as the state effectively asks for a degree of privacy to be surrendered in return for a promise of greater security.

But for now the Big Brother Watch report says the benefits are missing, because the technology does not work.

The Met used facial recognition at the 2017 Notting Hill carnival, where the system was wrong 98% of the time, falsely telling officers on 102 occasions it had spotted a suspect.

The technology failed to pick out any suspects during the Met’s trial at the previous carnival.

South Wales police have been given £2.1m by the Home Office to test the technology, but so far it gets it wrong 91% of the time. It was used at at a festival to celebrate Elvis, a Kasbian concert in Cardiff, a royal visit by Prince Harry and a Liam Gallagher concert, among other deployments.

On 31 occasions police followed up the system saying it had spotted people of concern, only to find they had in fact stopped innocent people and the identifications were false.


So how long until it is good enough, a la Facebook tagging you in photos? A few years? Many years? Never?
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: Facebook’s spam blast, White House zaps cyber czar, that meme explained, HTC’s blocky phone, and more

If you don’t recognise this scene, get a kid to explain it to you. Photo by BagoGames on Flickr.

A selection of 11 links for you. No, you broke up the negotiations. I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook closed 583m fake accounts in first three months of 2018 | Technology | The Guardian

Alex Hern and Olivia Solon:


Facebook said the overwhelming majority of moderation action was against spam posts and fake accounts: it took action on 837m pieces of spam, and shut down a further 583m fake accounts on the site in the three months. But Facebook also moderated 2.5m pieces of hate speech, 1.9m pieces of terrorist propaganda, 3.4m pieces of graphic violence and 21m pieces of content featuring adult nudity and sexual activity.

“This is the start of the journey and not the end of the journey and we’re trying to be as open as we can,” said Richard Allan, Facebook’s vice-president of public policy for Europe, the Middle East and Africa.

The amount of content moderated by Facebook is influenced by both the company’s ability to find and act on infringing material, and the sheer quantity of items posted by users. For instance, Alex Schultz, the company’s vice-president of data analytics, said the amount of content moderated for graphic violence almost tripled quarter-on-quarter…

…Facebook also managed to increase the amount of content taken down with new AI-based tools which it used to find and moderate content without needing individual users to flag it as suspicious. Those tools worked particularly well for content such as fake accounts and spam: the company said it managed to use the tools to find 98.5% of the fake accounts it shut down, and “nearly 100%” of the spam.

Automatic flagging worked well for finding instances of nudity, since, Schultz said, it was easy for image recognition technology to know what to look for. Harder, because of the need to take contextual clues into account, was moderation for hate speech. In that category, Facebook said, “we found and flagged around 38% of the content we subsequently took action on, before users reported it to us”.


That’s pretty good work by the AI, though of course we don’t know how many fake accounts it missed.
link to this extract

Russian troll farm hijacked American teen girls’ computers for Likes • Daily Beast

Kevin Poulsen:


The Kremlin-linked Russian troll farm known as the Internet Research Agency took an ominous detour into malware distribution in the middle of the 2016 presidential campaign, targeting teenage girls in the US with a Chrome plug-in that pulled their browsers into a crude botnet, according to an analysis by The Daily Beast and outside security experts.

The app, called FaceMusic, was billed as an embedded music player that would allow users to listen to free tunes while browsing Facebook. The Internet Research Agency purchased Facebook ads promoting the app in May 2016 through one of its fraudulent profiles, “Stop All Invaders,” which normally pushed xenophobic anti-immigration memes in support of the Donald Trump campaign.

Facebook data released by Congress last week shows the FaceMusic ads garnered 24,623 impressions from 107 ads, but only 85 clicks in all. The most successful single ad run, with 28 clicks, used Facebook’s targeting system to go after female users in the United States between 14 and 17 years old. (In total, more than 13,000 machines were likely infected by the FaceMusic malware, according to a Daily Beast analysis.)

Google has since removed the malicious app from the Chrome store, and the public FaceMusic website at fbmusic[.]com is now defunct. But an examination of an archived copy of the code, coupled with an analysis of its web traffic, shows it packed hidden functionality that was active even when the victim wasn’t on Facebook.


Despite passing Google’s review before going on the Chrome Web Store, it could connect to a server and silently connect to web addresses it was told to. Considering what Chrome extensions can do, that’s unlikely to have attracted attention. But it’s a basis for clickfraud and botnets. Time to reconsider Chrome extensions, as it once was for ActiveX on IE6?

link to this extract

Qualcomm’s new smartwatch chips launch soon – what do they mean for Wear OS? • Wareable

Hugh Langley:


Wear OS is in an awkward spot. Having recently rebranded the smartwatch OS formerly known as Android Wear, Google hopes the number of iPhone users buying Wear smartwatches will continue to swell – but the bedrock on which these wearables are built is starting to fossilise.

Over the last few years Google has assembled an all-star cast of fashion and technology brands to build Wear OS smartwatches, but they’re all being held back by technology that feels antiquated – and is rapidly falling behind the competition. Qualcomm’s Snapdragon Wear 2100 system-on-chip was announced at the start of 2016 and – some software improvements aside – hasn’t been refreshed since, while the Apple Watch and even Samsung’s Tizen smartwatches have bounded ahead.

That will change when Qualcomm unveils its new silicon later this year, said Pankaj Kedia, Qualcomm’s senior director of wearables. The new platform will be announced this autumn alongside a lead smartwatch, he revealed, and by the holidays several partners will have Wear OS smartwatches with the new chipset on the market. Sadly a lot of the specifics will remain under wraps until Qualcomm is ready for a more formal announcement, but in a discussion with Wareable, Kedia and Dennis Troper, Wear OS director of product, confirmed the new platform is coming and gave us a taste of what it will look like.


This all feels to me like digital media players in the iPod age. One company made the hardware, another the software, and the content (apps, here) came from another place – though on watches, at least, there’s less demand for third-party apps. The problem with the modular (Microsoft) model, though, is that it can’t move as fast as the vertical one. In this case, the laggard element is Qualcomm, which hasn’t seen enough demand to make it worth updating those smartwatch chips. If the next lot don’t sell – as seems likely – it could be a few years before it updates them again.
link to this extract

Justice Department and FBI are investigating Cambridge Analytica • The New York Times

Matthew Rosenberg and Nicholas Confessore:


The Justice Department and the FBI are investigating Cambridge Analytica, the now-defunct political data firm, and have sought to question former employees and banks that handled its business, according to an American official and other people familiar with the inquiry.

Prosecutors have questioned potential witnesses in recent weeks, telling them that there is an open investigation into Cambridge Analytica — which worked on President Trump’s election and other Republican campaigns in 2016 — and “associated U.S. persons.” But the prosecutors provided few other details, and the inquiry appears to be in its early stages, with investigators seeking an overview of the company and its business practices.

The investigation compounds the woes of a firm that has come under intense scrutiny from lawmakers and regulators in the United States and Britain since The New York Times and Observer in London reported in March that it had harvested private data from more than 50 million Facebook profiles, and that it may have violated American election laws. This month, Cambridge Analytica announced that it would shut down and declare bankruptcy, saying that negative press and cascading federal and state investigations had driven away customers and made it impossible for the firm to remain in business.


This is what is known in British football manager lingo as “squeaky bum time”.
link to this extract

Is this a pigeon? The story behind the internet’s new favorite meme • The Guardian

Sam Wolfson:


The image comes from a scene in the show where an android is trying to convince a police detective that he is human. He’s a long way from Westworld standards of artificial intelligence, however, and keeps wrongly identifying the objects around him. He thinks roses are violets, and asks if a butterfly is a pigeon…

…Finding an image that can tell a story so perfectly isn’t easy, but “is this a pigeon?” fits the bill, which is likely why it remerged. It also helps that anyone with the most slapdash editing skills can give it a go, even me.


Thank you, Sam. (There are some great other examples in there, though sadly the four-frame biker-father-and-son one has already been forgotten.)
link to this extract

A DC think tank uses fake Twitter accounts and a shady expert to reach the NSA, FBI, and White House • Buzzfeed

Craig Silverman:


Earlier this year, leaders from the Marine Corps, the Department of Homeland Security, NASA, the NSA, the White House, and the FBI gathered at a Ritz-Carlton in Virginia to discuss the latest in cybersecurity and information warfare.

The event was organized by the Institute for Critical Infrastructure Technology, a nonprofit think tank founded just a few years ago that quickly established itself as a convener of well-attended cybersecurity events, a facilitator of Capitol Hill briefings, and the beneficiary of hundreds of thousands of dollars in sponsorships from top private sector security vendors.

The day’s closing session featured James Scott, ICTI’s senior fellow and cofounder, discussing Russian cyberinfluence operations and his new book about information warfare. What audience members from intelligence and law enforcement agencies didn’t know is that Scott and ICIT have been running their own deceptive information operation.

BuzzFeed News identified a network of at least 45 fake Twitter accounts being used to amplify ICIT content and Scott’s book, as well as a group of fake YouTube accounts that upload and like ICIT videos and frequently post adoring comments about Scott on content featuring him.

Reporting by BuzzFeed News has also established that Scott, ICIT’s top expert, previously sold spammy and fake social media engagement services, has a history of manufacturing flattering articles about himself and his ventures using dubious SEO techniques, and ran companies that are magnets for online complaints about dishonest business practices. His background in information security also primarily consists of self-published books on the topic that he only began publishing in 2013.


Scott has been emailing me (I notice) since early 2016. I haven’t actioned any of it, though the ICIT seems to generate some legitimate-looking content.

link to this extract

White House eliminates top cyber adviser post • POLITICO

Eric Geller:


The Trump administration has eliminated the White House’s top cyber policy role, jettisoning a key position created during the Obama presidency to harmonize the government’s overall approach to cybersecurity policy and digital warfare.

POLITICO first reported last week that John Bolton, President Donald Trump’s new national security adviser, was maneuvering to cut the cyber coordinator role, in a move that many experts and former government officials criticized as a major step backward for federal cybersecurity policy.

According to an email sent to National Security Council staffers Tuesday, the decision is part of an effort to “streamline authority” for the senior directors who lead most NSC teams. “The role of cyber coordinator will end,” Christine Samuelian, an aide to Bolton, wrote in the email to NSC employees, which POLITICO obtained from a former U.S. official.

The NSC’s cyber team has two senior directors, Samuelian wrote, and thus “cyber coordination is already a core capability.”

…“I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats,” Senate Intelligence ranking member Mark Warner (D-Va.) tweeted Tuesday.


If they’re not being listened to (and can you believe they were?) it probably doesn’t make any difference if they’re there or not.
link to this extract

How Fortnite captured teens’ hearts and minds • The New Yorker

Nick Paumgarten on the huge hit, which (if you didn’t know) is like a cross between the Hunger Games and Minecraft; 100 of you start, only one can survive:


It was hard to do homework on a night like this; Gizzard Lizard returned to the game. He played on a PC he’d built at school. It didn’t have a graphics card. He’d never been a big gamer—his parents were fairly strict about screens and had never consented to an Xbox or even a Wii—though he’d played Minecraft for a while. This level of obsession was something new. He saw on his find-your-friends bar that a bunch of schoolmates were playing, so he FaceTimed one who goes by ism64. They teamed up and hit Lucky Landing. Gizzard Lizard wore an earbud under a set of earphones, so that he could talk with ism64 while listening for the sound of approaching enemies. From a distance, it appeared that he was talking to himself: “Let’s just build. Watch out, you’re gonna be trapped under my ramp. I’m hitting this John Wick. Oh my God, he just pumped me. Come revive me. Build around me and come revive me. Wait, can I have that chug jug? Thank you.”

I’d been struck, watching Gizzard Lizard’s games for a few days, by how the spirit of collaboration, amid the urgency of mission and threat, seemed to bring out something approaching gentleness. He and his friends did favors for one another, watched one another’s backs, offered encouragement. This was something that I hadn’t seen much of, say, down at the rink. One could argue that the old arcade, with the ever-present threat of bullying and harassment and the challenge of claiming dibs, exposed a kid to the world—it’s character-building!—but there was something to be said for such a refuge, even if it did involve assault rifles and grenades.

And then the John Wick was upon him. “Oh God! Oh God!” Foiled again.

A John Wick was an accomplished player who had earned a skin that bears a resemblance to the character played by Keanu Reeves in the “John Wick” movies. (Officially, the skin is called the Reaper, presumably to avoid licensing fees, but players call it John Wick.) It was available to anyone who had attained all hundred tiers of the game in Season 3—a combination of achievement and experience which would have required playing for between seventy-five and a hundred and fifty hours.


link to this extract

HTC Exodus: Blockchain powered smartphone for decentralized networks • Business Insider

Zoë Bernard:


On Tuesday, HTC unveiled the HTC Exodus — a phone that it’s describing as “the world’s first native blockchain phone.”

The HTC Exodus, will be similar to HTC’s other Android smartphones. The difference is that will be designed to support for blockchain-based distributed apps, and feature what the company describes as “built-in secure hardware.”

Details, including price, are currently scant. The big-picture idea, says HTC, is that this is a phone for the privacy-minded user. By using blockchain tech, HTC promises that the Exodus can give privacy-minded users control over their data, without having to rely on the major technology companies for cloud storage.

Furthermore, the phone will come with a built-in cryptocurrency wallet. Ultimately, HTC says that each Exodus will act as a node for the bitcoin and ethereum blockchains — so that every phone increases the overall size and scope of the network.


“The folks in marketing have had another brainwave. Yeah, I know. No, this one doesn’t involve paying huge sums to Robert Downey Jr…”
link to this extract

Wisconsin’s voter-ID law suppressed 200,000 votes in 2016; Trump won by 22,748 • The Nation

Ari Berman:


Prior to the 2016 election, Eddie Lee Holloway Jr., a 58-year-old African-American man, moved from Illinois to Wisconsin, which implemented a strict voter-ID law for the first time in 2016. He brought his expired Illinois photo ID, birth certificate, and Social Security card to get a photo ID for voting in Wisconsin, but the DMV in Milwaukee rejected his application because the name on his birth certificate read “Eddie Junior Holloway,” the result of a clerical error when it was issued. Holloway ended up making seven trips to different public agencies in two states and spent over $200 in an attempt to correct his birth certificate, but he was never able to obtain a voter ID in Wisconsin. Before the election, his lawyer for the ACLU told me Holloway was so disgusted he left Wisconsin for Illinois.

Holloway’s story was sadly familiar in 2016. According to federal court records, 300,000 registered voters, 9% of the electorate, lacked strict forms of voter ID in Wisconsin. A new study by Priorities USA, shared exclusively with The Nation, shows that strict voter-ID laws, in Wisconsin and other states, led to a significant reduction in voter turnout in 2016, with a disproportionate impact on African-American and Democratic-leaning voters. Wisconsin’s voter-ID law reduced turnout by 200,000 votes, according to the new analysis.

Donald Trump won the state by only 22,748 votes…

…It’s important to note that this study was conducted by a Democratic Party–affiliated group and has not been peer-reviewed or gone through the typical academic vetting process. While some studies have shown big reductions in turnout among minority voters because of voter-ID laws, others have not. But the Priorities USA study is consistent with a 2014 study by the Government Accountability Office, which found that strict voter-ID laws in Kansas and Tennessee reduced turnout by 2%, enough to swing a close election, with the largest drop-off among newly registered voters, young voters, and voters of color.


You won’t be surprised to hear that those disadvantaged by this tended to be African-American, and tended to be Democrat voters.

link to this extract

Twitter will start hiding tweets that “detract from the conversation” • Slate

Will Oremus:


Are you the sort of person who annoys, frustrates, and offends lots of people on Twitter—but manages to avoid technically violating any of its policies on abuse or hate speech? Then Twitter’s newest feature is for you. Or, rather, it’s for everyone else but you.

Twitter is announcing on Tuesday that it will begin hiding tweets from certain accounts in conversations and search results. To see them, you’ll have to scroll to the bottom of the conversation and click “Show more replies,” or go into your search settings and choose “See everything.” Think of them as Twitter’s equivalent of the Yelp reviews that are “not currently recommended” or the Reddit comments that have a “comment score below threshold.”

But there’s one difference: When Twitter’s software decides that a certain user is “detract[ing] from the conversation,” all of that user’s tweets will be hidden from search results and public conversations until their reputation improves. And they won’t know that they’re being muted in this way; Twitter says it’s still working on ways to notify people and help them get back into its good graces. In the meantime, their tweets will still be visible to their followers as usual and will still be able to be retweeted by others. They just won’t show up in conversational threads or search results by default.

You’ve heard of Twitter jail? Let’s call this Twitter purgatory. (Note: This is not Twitter’s preferred nomenclature, as the company’s representatives made clear to me when I suggested the term in a phone call Monday. “That kind of makes me cringe,” a spokesperson said.)


“Twitter purgatory” is a neat way to put it. The company blogpost is here; it’s the first work I know that Del Harvey has been involved in since she returned from maternity leave. And it’s good.
link to this extract

Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up: ticketing by face?, stop that PGP email, the man whose blood saved millions of babies, MFPs: the last word, and more

ZTE: the new phoenix? Photo by Bycroft Boy on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. One hand washes the other. I’m @charlesarthur on Twitter. Observations and links welcome.

Trump’s ZTE reversal flouts warnings from top national security officials • The Washington Post

Derek Hawkins:


The head of the FBI and other intelligence chiefs in congressional testimony this year urged American citizens to steer clear of products from ZTE and its Chinese rival Huawei. And just two weeks ago, the Pentagon banned the companies’ phones from being sold on military bases, saying they “may pose an unacceptable risk to Department’s personnel, information and mission.”

As my colleagues Tony Romm, Damian Paletta and Steven Mufson report, the Commerce Department last month said it would bar U.S. firms for seven years from exporting critical microchips and other parts to ZTE, as punishment for violating a sanctions settlement over illegal shipments to Iran and North Korea. On Wednesday, ZTE said it would shut down its global business but was “actively communicating with the relevant U.S. government departments in order to facilitate the [order’s] modification or reversal.”

Trump appeared receptive to the idea, sending shockwaves through the national security establishment by tweeting Sunday that he and Chinese President Xi Jinping were working to give ZTE “a way back into business, fast”.

“It’s striking that he is overruling the judgment of his own national security apparatus in order to help a Chinese company succeed,” Abraham Denmark, director of the Asia Program at the Woodrow Wilson International Center for Scholars, told me. “There’s often tension between economic issues and national security issues, and this tweet seems to suggest in this case the economic issues won out.”

Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, called Trump’s instruction to his Commerce Department to assist ZTE “highly unusual, given the intelligence community has given several unambiguous warnings about using ZTE and Huawei products.”


Everyone is puzzled as hell about this. ZTE was caught bang to rights evading a US ban on selling telecoms equipment to Iran – even after it was warned not to. Iran is a country that Trump, apparently, doesn’t like anyone doing business with, so the Iran nuclear deal got ripped up. ZTE relies on US suppliers, but they were banned from selling to ZTE.

So why help ZTE? One suggestion: China has made that conditional if Trump wants its help in the North Korea talks. Another suggestion: a Chinese state-owned construction firm has put up to $500m into an Indonesian project with Trump-brand buildings. When the White House (deputy) spokesman was asked if the latter didn’t violate the US’s emoluments (foreign bribes) rules, he said you’d have to ask the Trump Organisation.

So the rules just don’t apply any more. Want to trade with Iran? Depends what your country has over Trump. (Thanks Mark C for the Indonesia link.)
link to this extract

Ticketmaster could replace tickets with facial recognition – The Verge

Jacob Kastrenakes:


“We will continue investing in new technologies to further differentiate Ticketmaster from others in the ticketing business,” Live Nation wrote in a note to investors last week. It added that Blink’s technology could let you “ associate your digital ticket with your image, then just walk into the show.”

While that sounds convenient, it also means that concert venues would have to be outfitted with surveillance equipment. And on perhaps an even worse note, it means that Ticketmaster — a company everyone hates more with each new convenience fee tacked onto their bill — would need to develop a database of all its concertgoers’ faces, which a lot of people aren’t going to be comfortable with.

For now, there don’t appear to be actual plans to put this tech into place. It’s not even clear that Blink’s tech works as effectively as the company describes. But it’s clearly something Ticketmaster is thinking about.


Oh, by the way, sure to include an extra booking fee.
link to this extract

Blood, sweat and tears in biotech — the Theranos story • Nature

Eric Topol reviews John Carreyrou’s new book (“Bad Blood: Secrets and Lies in a Silicon Valley Startup”) on you-know-who:


I met Holmes twice and conducted a video interview with her in 2013, for the medical-information website Medscape. At the time, I gave a fingerstick nanotainer blood sample and within 30 minutes received my results for many routine tests — allegedly showing, for instance, normal glucose and lipid levels in accordance with previous testing. Little did I know that they were run on a standard Siemens machine (I was not allowed to see the lab area) in the back room of Theranos, and had nothing to do with the miniLab. Like so many others, I had confirmation bias, wanting this young, ambitious woman with a great idea to succeed. The following year, in an interview with The New Yorker, I expressed my deep concern about the lack of any Theranos transparency or peer-reviewed research.

Near the end of Bad Blood, Carreyrou describes how, in 2015, litigator David Boies — then Theranos’s legal counsel — attempted to prevent The Wall Street Journal from publishing Carreyrou’s reportage. For instance, Boies accused the paper of publishing Theranos trade secrets and making false and defamatory statements. Despite the $125 million invested in Theranos by Murdoch, the newspaper’s owner, the pieces were published. We also learn about Carreyrou’s tipster, a pathologist and blogger, along with so many employees who were rightfully afraid of hurting patients with fraudulent lab results. The combination of these brave whistle-blowers, and a tenacious journalist who interviewed 150 people (including 60 former employees) makes for a veritable page-turner.


Though as he points out, there’s little reflection about how willing people were to put money into something with no independent validation or scientific enquiry.
link to this extract

How a smartwatch literally saved this man’s life and why he wants more people to wear one • South China Morning Post

Cathy Hilborn Feng:


Gaston D’Aquino did not wait for the priest’s final blessing before he left Easter Sunday mass in Hong Kong on April 1. He went directly to Adventist Hospital to learn why the alarm on his Apple Watch had gone off during the service, alerting him to a spike in his heart rate.

“I had read about these cases before, so I knew it was something that was serious,” the semi-retired diamond trader says, adding he skipped family Easter lunch because “I thought that going to the hospital was that important. It was a strong signal, not ambiguous. It said I had an elevated heart rate.” That decision probably saved his life.

“I told the doctor I don’t know why I’m here, but my watch tells me I have an elevated heart rate. He says, ‘Are you feeling anything?’ I said no, I feel fine, I’m feeling all right, nothing’s wrong.”

Hooked up to an electrocardiograph machine – which records the heart’s electrical activity – he learned something was wrong. He was immediately referred to cardiologists.

“I told them about the Apple Watch giving me this reading, and they told me that the watch gives pretty accurate readings,” says D’Aquino. After batteries of tests over the next three days, “they told me that out of the three main coronary arteries, two were completely blocked, and one was 90% blocked.”


Plenty of these examples, but they’re never boring. (Also: heart trouble doesn’t look like the movies. I feel some sort of trend here.)
link to this extract

He donated blood every week for 60 years and saved the lives of 2.4 million babies • CNN

Doug Criss:


Harrison’s remarkable gift of giving started when he had major chest surgery when he was just 14, the Australian Red Cross Blood Service said.

Blood donations saved his life, so he pledged to become a blood donor. A few years later, doctors discovered his blood contained the antibody which could be used to create Anti-D injections, so he switched over to making blood plasma donations to help as many people as possible.

Doctors aren’t exactly sure why Harrison has this rare blood type, but they think it might be from the transfusions he received when he was 14, after his surgery. He’s one of no more than 50 people in Australia known to have the antibodies, the blood service says.

“Every bag of blood is precious, but James’ blood is particularly extraordinary. His blood is actually used to make a life-saving medication, given to moms whose blood is at risk of attacking their unborn babies. Every batch of Anti-D that has ever been made in Australia has come from James’ blood.” Falkenmire said. “And more than 17% of women in Australia are at risk, so James has helped save a lot of lives.”

Anti-D, produced with Harrison’s antibodies, prevents women with rhesus-negative blood from developing RhD antibodies during pregnancy. More than three million does of Anti-D have been issued to Australian mothers with negative blood types since 1967.

Even Harrison’s own daughter was given the Anti-D vaccine. “That resulted in my second grandson being born healthy,” Harrison said. “And that makes you feel good yourself that you saved a life there, and you saved many more and that’s great.”

The discovery of Harrison’s antibodies was an absolute game changer, Australian officials said.
“In Australia, up until about 1967, there were literally thousands of babies dying each year, doctors didn’t know why, and it was awful. Women were having numerous miscarriages and babies were being born with brain damage,” Jemma Falkenmire, of the Australian Red Cross Blood Service, told CNN in 2015.


Anti-D, or Rho(D), still has to be extracted from blood plasma; it isn’t made via genetic engineering of bacteria (as Factor 8 clotting agent is). I was ready to dispute the maths in the headline, but there have been 14.7m live births in Australia since 1958, so he’s not the only contributor, and the 2.4m figure is possible.
link to this extract

Favstar Pro is no longer for sale • Favstar

Tim Haines, owner and operator of Favstar (which shows who’s doing best on the “liked” – previously “faved” – tweets):


At Favstar’s peak it was serving over 50 million visits a month. Not bad for a site operated from a single web-server by a single person.

During December 2017 Twitter stated that on June 19th 2018 they will be shutting down the method that Favstar and other third-party Twitter apps use to receive your Tweets, Likes, and Retweets. You can read more about this on Apps of a Feather.

Twitter wrote that they’ll be replacing this with another method of data access, but have not been forthcoming with the details or pricing. Favstar can’t continue to operate in this environment of uncertainty.

Favstar will go offline on June 19th 2018.

Favstar Pro is no longer for sale. Anyone who has a Favstar Pro Membership beyond June 19th will receive a refund.


More collateral damage from this change of Twitter’s, about which third-party developers still seem to be in the dark.

link to this extract

If you use PGP, you should probably stop • NY Mag

Brian Feldman:


If you use PGP encryption to protect your email, you might want to disable it for the time being. A team of European researchers have discovered vulnerabilities — they’re calling them “EFAIL” — which “might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.” In the meantime, the researchers and the Electronic Frontier Foundation are recommending that users disable PGP plug-ins for popular email clients like Thunderbird and Apple Mail.

PGP (Pretty Good Privacy) is a popular encryption scheme in which a sender encrypts an email with the recipient’s public key, and the recipient decrypts it with their private key. Email client plug-ins can make this decryption process automatic, and an attacker can exploit that in concert with the way in which emails are rendered using HTML (similar to a web page).


The advice of “just stop using PGP for email” is good enough. Doesn’t matter whether there’s a problem with it. Layering encryption on top of email is like giving a lawnmower a fridge – especially when these days there are so many other end-to-end encrypted communications systems. Email isn’t encrypted, and just isn’t going that way. Or, as Wendy Grossman put it in 2011:


There are so many details you can get wrong to mess the whole thing up that if this stuff were a form of contraception, desperate parents would be giving babies away on street corners.


link to this extract

The nine minutes that almost changed America • Buzzfeed

Kate Nocera and Lissandra Villa:


At around 7:06 a.m., a man in a blue T-shirt approached the field and fired 62 7.62x39mm rounds through a lawfully purchased Century International Arms SKS-style semiautomatic assault rifle. The shooting was, Alexandria’s elected prosecutor concluded, “an act of terrorism” that was “fueled by rage against Republican legislators.” The day was one in a continuum of violent, surreal days over the past year, from mass shootings to Charlottesville.

You may love them, or you may disagree with almost everything they stand for, but that morning, the roughly two dozen people on that field just tried to stay alive. Those nine minutes were a near miss of modern American history, between the dark aftermath of a deadly, mass political assassination and our own reality, in which most people don’t think very often about June 14, 2017, the difference between everything changing and almost nothing changing at all.


It’s a remarkable retelling of the attack on the US congressional baseball team practice. They were very lucky in many ways, notably that there was a senior member there who had a security detail – who then engaged the shooter.

It’s notable for its detail about the physical and medical effects of being shot (it’s not like in the films), and the confusion of trying to work out where a shooter is. Also for this:


Some of the players don’t want to talk about the man who opened fire on them, or even think he should be discussed. None say the shooting changed what they thought about gun control, except that if Washington had different gun laws and they could carry weapons, maybe some of them would have had guns in their cars.

But many lawmakers are mad, or frustrated, or saddened, at how quickly the story disappeared from the headlines given that the shooter, James T. Hodgkinson, targeted Republicans. The FBI concluded the shooting wasn’t politically motivated — suicide by cop, they told members after an investigation.


So they’re angry not about his ability to get a gun and almost kill them, but because they didn’t stay in the headlines for longer? Talk about taking home the wrong lesson.
link to this extract

Digital copiers, faxes and MFP’s and their hard drives • Adventures in systems land

Mark Cathcart with the last word (for now) on these devices and their hard drives:


Copiers that are lightly used often have a lifecycle of 10-15 years. If you buy rather than lease, it’s quite possible you still have one that doesn’t include encryption of the internal hard drive. Even with a encrypted drive, there is still potential to hack the device software and retrieve the key, although pretty difficult.

The surprise thing is that many modern Multi-function Printers (MFP) also have local storage. While in modern models it is not an actual hard drive, it is likely to be some form of onboard flash memory ala cell phone memory, either part of the system board or via an embedded SD card. It’s worth remembering that these machines are Fax, copier, printers, and scanners all in one machine.

The US Federal Trade Commision has a web page that covers all the basics, in plain language.

Whatever the device, it is still incumbent on the owner to ensure it is wiped before returning it, selling it, or scrapping it. PASS IT ON!

For those interested in how you can get data from a copier/MFP type device, Marshall University Forensic Science team has a paper, here.


As they used to say in newspaper letters columns, this correspondence is now closed.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up: music’s “unacceptable behaviour”, Iran’s hackers are back, Skype’s update problem, and more

When you drown, it doesn’t look like what you probably think drowning looks like. Photo by Simon Huggins on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Apple Music and Pandora have pulled R. Kelly’s music from curated playlists • The Verge

Andrew Liptak:


Pitchfork reported that Apple quietly began to pull R. Kelly from some of its curated playlists prior to Spotify’s announcement in light of renewed reports about his behavior from a number of women. However, other artists, like XXXTentacion, who was also pulled from Spotify’s playlists, remains on Apple’s promoted playlists.

Similarly, Pandora has reportedly been working for “months” to update its policies on artists who have exhibited questionable behavior, according to Blast. Like Spotify, it has removed Kelly from its playlists. The service told Blast that its “policy is to not actively promote artists with certain demonstrable behavioral, ethical or criminal issues. We approach each of these scenarios on a case–by–case basis to ensure we address components true to Pandora’s principles while not overreaching and avoiding censorship.”

Spotify told The Verge earlier this week that R. Kelly’s music remains on the various services: the service just won’t promote it to users through its playlists. The same appears to be true for Apple and Pandora: the companies aren’t pulling their music from their catalogs, and are simply exercising some editorial control over who goes on the curated lists.


So this is tricky. None of these artists has actually been found guilty of anything. The services are free to do as they like with content, but if they are actually taking action over accusations of past behaviour (as is clearly the case) are they also going to pay the artist back all the money they took as their cut? After all, they clearly don’t want to benefit from “undesirable” behaviour. Doesn’t that apply to behaviour that occurred in the past too, then? (And the lack of proven built is quite apart from the question of how you’re going to set fences around “acceptable” and “questionable” behaviour in the music business.)
link to this extract

Drowning doesn’t look like drowning • Soundings Online

Mario Vittone wrote this article perhaps a decade ago; now he’s republishing it in the hope that ahead of summer, people learn its lessons. Please read the whole thing:


The new captain jumped from the deck, fully dressed, and sprinted through the water. A former lifeguard, he kept his eyes on his victim and headed straight for a couple who were swimming between their anchored sportfish and the beach. “I think he thinks you’re drowning,” the husband said to his wife. They had been splashing each other, and she had screamed, but now they were just standing neck-deep on a sandbar. “We’re fine, what is he doing?” she asked, a little annoyed. “We’re fine!” the husband yelled, waving him off, but his captain kept swimming hard toward him. “Move!” he barked as he sprinted between the stunned owners. Directly behind them, not 10 feet away, their nine-year-old daughter was drowning. Safely above the surface in the arms of the captain, she burst into tears and screamed, “Daddy!”

How did this captain know — from 50 feet away — what the father couldn’t recognize from just 10? Drowning is not the violent, splashing call for help that most people expect. The captain was trained to recognize drowning by experts and years of experience. The father, on the other hand, learned what drowning looks like by watching television.

If you spend time on or near the water (hint: that’s all of us), then you should make sure that you and your crew know what to look for when people enter the water. Until she cried a tearful, “Daddy,” the owner’s daughter hadn’t made a sound. As a former Coast Guard rescue swimmer, I wasn’t surprised at all by this story. Drowning is almost always a deceptively quiet event. The waving, splashing and yelling that dramatic conditioning (television) prepares us to look for is rarely seen in real life…

…if a crewmember falls overboard and everything looks okay, don’t be too sure. Sometimes the most common indication that someone is drowning is that they don’t look as if they’re drowning. They may just look as if they are treading water and looking up at the deck. One way to be sure? Ask them, “Are you alright?” If they can answer at all, they probably are. If they return a blank stare, you may have less than 30 seconds to get to them. And parents — children playing in the water make noise. When they get quiet, you need to get to them and find out why.


I was once walloped by three waves in the surf about 10 metres off Bondi Beach on a busy day. I couldn’t catch my breath before each one, and realised that if I didn’t get clear of the next wave, I would drown – even though there were people all around me. As he says, drowning doesn’t look like films/TV suggest. Less drama, more crisis.
link to this extract

Is ‘SimCity’ homelessness a bug or a feature? • Motherboard

Emanuel Maiberg:


SimCity players have discussed a variety of creative strategies for their virtual homelessness problem. They’ve suggested waiting for natural disasters like tornadoes to blow the vagrants away, bulldozing parks where they congregate, or creating such a woefully insufficient city infrastructure that the homeless would leave on their own.

You can read all of these proposed final solutions in Matteo Bittanti’s How to Get Rid of Homelessness, “a 600-page epic split in two volumes documenting the so-called ‘homeless scandal’ that affected 2013’s SimCity.”

“I started to find the discussion about homeless in SimCity way more interesting than SimCity itself because people were talking about the issue in a very—how can I say, not racist, not classist, but definitely peculiar way,” said Bittanti, a visiting professor at IULM University in Milan who spent seven years teaching in the Bay Area.

Bittanti collected, selected, and transcribed thousands of these messages exchanged by players on publisher Electronic Arts’ official forums, Reddit, and the largest online SimCity community Simtropolis, who experienced and then tried to “eradicate” the phenomenon of homelessness that “plagued” SimCity.

SimCity’s homeless people are represented as yellow, two-dimensional, ungendered figures with bags in tow. Their presence makes SimCity residents unhappy, and reduces land value. Like many other players, Bittanti discovered the online discussions when he was searching for a way to deal with them.


A metaphor for San Francisco. Pay more in taxes, people. It’s the price of good weather. (There’s still plenty of discussion on this.)

By the way, this article is from January 2015.
link to this extract

Without nuclear deal, US expects resurgence in Iranian cyberattacks • The New York Times


Within 24 hours of Mr. Trump announcing on Tuesday that the United States would leave the deal, researchers at CrowdStrike, the security firm, warned customers that they had seen a “notable” shift in Iranian cyberactivity. Iranian hackers were sending emails containing malware to diplomats who work in the foreign affairs offices of United States allies and employees at telecommunications companies, trying to infiltrate their computer systems.

And security researchers discovered that Iranian hackers, most likely in an intelligence-gathering effort, have been quietly examining internet addresses that belong to United States military installations in Europe over the last two months. Those researchers would not publicly discuss the activity because they were still in the process of warning the targets.

Iranian hackers have in recent years demonstrated that they have an increasingly sophisticated arsenal of digital weapons. But since the nuclear deal was signed three years ago, Iran’s Middle Eastern neighbors have usually been those hackers’ targets.

Now cybersecurity experts believe that list could quickly expand to include businesses and infrastructure in the United States. Those concerns grew more urgent on Thursday after Israeli fighter jets fired on Iranian military targets in Syria, in response to what Israel said was a rocket attack launched by Iranian forces.

“Until today, Iran was constrained,” said James A. Lewis, a former government official and cybersecurity expert at the Center for Strategic and International Studies in Washington. “They weren’t going to do anything to justify breaking the deal. With the deal’s collapse, they will inevitably ask, ‘What do we have to lose?’”

Mr. Lewis’s warnings were echoed by nearly a dozen current and former American and Israeli intelligence officials and private security contractors contacted by The New York Times this week.


Iran is a “second-tier” hacking nation: not quite at the level of the US/UK/China/Russia, but adept. (As much as anything it’s about resources.) This development is predictable enough; they want to know what the discussion is around sanctions. It’s pure intelligence. The only surprise is if they haven’t had silent malware in there to monitor it for some time, given that Trump’s intent has been clear for months.
link to this extract

Don’t Skype me: how Microsoft turned users against its beloved video-chat program • LA Times

Dina Bass and Nate Lanxon:


The company hasn’t updated the number of Skype users since 2016, when it put the total at 300 million. Some analysts suspect the numbers are flat at best, and two former employees describe a general sense of panic that they’re actually falling. The former Microsoft workers, who requested anonymity to discuss confidential statistics, say that as late as 2017 they never heard a figure higher than 300 million discussed internally.

Chief Executive Satya Nadella has repeatedly said he wants the company’s products to be widely used and loved. By turning Skype into a key part of its lucrative Office suite for corporate customers, though, Microsoft is threatening what made it appealing to regular folks in the first place. “It is like Tim Tebow trying to be a baseball player,” Malik said. “The product is so confusing, kludgey and unusable”…

…Skype has tried to be all things to all people, “and almost all those things are executed better elsewhere,” says Matthew Culnane, a user experience and content strategist at the U.K.’s Open University.

It doesn’t help that Microsoft keeps overhauling the app. A redesign last summer sent ratings plunging. In a scorching Twitter commentary, security journalist Brian Krebs said that finding basic buttons was a pain and that the recent update was “probably the worst so far.” The tweet — and retweets — got the attention of Skype’s social network team. “Brian, we’re sorry to hear this,” a representative replied. “Would love to hear more feedback and see if there’s anything we can help with.”

“There was a demographic that loved Skype for what it was; it was clean and simple,” says Carolina Milanesi, an analyst at Creative Strategies. “That’s no longer the case.” Milanesi once paid for a Skype subscription for her mother in Italy. Then her mother got an iPad, and now they talk on Apple Facetime. Millions do the same, despite the fact that Skype apps are a download away on iPhone and Android smartphones and tablets.


The redesign is really appalling. Not broken? Don’t fix. The only thing that keeps people using Skype (for podcasts and so much else) is that you can record it relatively easily: the security of apps like Signal actually works against them for things like that.
link to this extract

Apple hit with class action suit over MacBook, MacBook Pro butterfly switch keyboard failures • Apple Insider

Mikey Campbell:


Lodged in the Northern District Court of California, the complaint levels multiple claims targeting MacBook models manufactured from 2015 and MacBook Pro models produced from 2016. Both laptops feature the company’s butterfly keyboard mechanism, an ultra low-profile switch advertised as both more responsive and robust than traditional scissor-type components.

According to the filing, “thousands” of MacBook and MacBook Pro owners have experienced some type of failure with Apple’s butterfly keyboard, thus rendering the machine useless. Specifically, the suit claims the design is such that small amounts of dust or debris impede normal switch behavior, causing keystrokes to go unregistered.

In extreme cases, the key fails, forcing owners to take their laptop in for service at a Genius Bar or authorized Apple repair facility, a trip that could cost hundreds of dollars if the machine is out of warranty.

One named plaintiff, Zixuan Rao, purchased a new 15-inch MacBook Pro in January and began to experience problems with the laptop’s “B” key about a month later. After attempting to clean out the key on his own, Rao ultimately sought help from the Apple store in April. Representatives were unable to fix the issue and suggested repair under Apple’s gratis one-year warranty.

Not able to wait the one week it would take to fix the machine, and unconvinced that a repair would permanently solve the issue, Rao declined the offer and purchased an external keyboard.


As Nati Shochat said on Twitter, this was inevitable. The challenge will be to show that Apple has been negligent and to find enough people who agree, I think.
link to this extract

Cryptocurrency has been great for GPU makers—that might change soon • Ars Technica

Timothy Lee:


Cryptocurrency values have been falling in recent months, and graphics cards have been following along with it. GPUs haven’t quite returned to “normal” values last seen a year ago, but they’re a lot cheaper than they were earlier this year.

On Thursday, Nvidia said it was projecting next quarter’s cryptocurrency-specific revenue to be a third what it was in the first quarter.

AMD didn’t provide a specific projection for blockchain-related revenues in the second quarter, but a company spokesman said last month that he expected blockchain revenue to be a “mid-to-high single-digit percentage” of revenue for all of 2018—again, suggesting that the rest of the year will be significantly below the first-quarter sales.

If cryptocurrency prices continue to fall, that could have dire consequences for GPU makers. If cryptocurrency prices fall low enough, we won’t just see miners stop buying new GPUs. We could start to see them selling the graphics cards they already have on the secondary market. The resulting graphics-card glut could push graphics-card values well below MSRP, which would be great news for gamers but bad news for companies trying to sell new GPUs.

But in last month’s earnings call, AMD president Lisa Su said she wasn’t worried about this scenario. “There are multiple currencies being used,” she said. “People who are mining do go from one currency to another depending on what’s happening.”


At the time of writing, bitcoin (and so naturally the other cryptocurrencies) are having a minor crash, lying below $8500. Everything about it is unsustainable, but as they say, the market can stay irrational longer than you can stay solvent. (If, that is, you put money into it. I haven’t.)
link to this extract

What data can be recovered from a MFP (multifunction printer) hard drive? • Spiceworks

Anon user, in 2013:


My company has a Sharp 4101N MFP and it leases it and we do not plan to renew it. We were reminded by Sharp support to wipe any data from it before returning it. We do not have the “Data security kit” that Sharp offers to wipe the data. The frustrating thing is that they want to charge $500.00 for the Data Security Kit to be used or $500.00 to take the hard drive out and give it to us. I know that there are proven free utilities that can wipe a hard drive successfully such as Darik’s Boot and Nuke which is commonly used with Hiren’s disc.

Does anyone know if there is actually detailed data from scans, faxes, and print jobs that can be recovered or would it more or less just be basic print job files which I would not think would contain a whole lot?


SO ANYWAY. Last Friday’s link about MFPs (printer-copier-scanners) having hard drives which store everything turned out to be a CBS News story from 2010. My mistake for not noticing.

Except that nothing seems to have changed since then. If you want to wipe that drive, you’ll have to access the factory settings menu; you probably won’t have been warned about it. Or your company might, as above, be charged $500 for something you didn’t realise would be needed.

So, to sum up: this is still a problem, and might be an even bigger problem with GDPR.
link to this extract

Microsoft’s Joe Belfiore on the future of Windows and connecting phones to PCs • The Verge

Tom Warren interview Belfiore and Shilpa Ranganathan about Microsoft’s forthcoming “Your Phone” Windows 10 program:


While Microsoft has used Cortana for linking SMS and notifications to PCs in the past, this new app will be the primary way phones connect to Windows 10 PCs. Microsoft has shown off messages, notifications, and photo sharing at the moment, but not all of these features will necessarily work on both iOS and Android.

“We will actually have photos on iOS and notifications as well,” explains Shilpa Ranganathan. “Apple does make it a tad harder for messages, but we’re very willing to work with Apple.” A number of third-party apps use workarounds to support messages, but Microsoft’s vision is essentially to bring iMessage to Windows inside its Your Phone app. “I want to do this in a supported way with a respect for the ecosystem we’re building on and at the same time make it a delightful experience,” says Ranganathan. “Messages is one where we’re not currently where we need to be compared to Android, but we need to work with Apple.”

That work with Apple has not started, and Microsoft has not yet approached the company to see if it’s willing to work with Microsoft. It seems very unlikely that it will be able to convince Apple to partner on such a project, so Your Phone will likely ship with better features on Android. Still, Microsoft is also looking at other features for the app. “I know people have asked for calling and dialing as well, that’s something that has been on our radar as well,” reveals Ranganathan. Microsoft is also investigating clever features like providing directions based on text message information, or surfacing relevant contact information through the app. It’s still early for Your Phone, but Microsoft is clearly committed to making this a powerful part of Windows 10.


Apple’s not going to let Microsoft touch iMessage. Not while it can get platform leverage by making it available only on Macs. Of course there are more Android users on Windows than iOS users on Windows (because there are more Android users overall), so Microsoft might not lose out that heavily.
link to this extract

IBM employees banned from using all removable storage • ExtremeTech

Joel Hruska says it’s an easy edict, but it’s not real-world viable:


But — and boy is there a but, here — it’s also precisely the kind of decision that plays great in the C-suite and causes merry hell in the rank and file. There are going to be times and cases when servicing a machine or helping a customer with software deployment is going to require distributing patches via USB stick. Not every system or server is automatically configured for external internet support. Not every business makes their corporate Wi-Fi available for guests. IBM’s argument is that its employees can simply switch to using its Sync’n’Share service for such needs. To be fair to IBM, that’s probably true — to a point.

But if you’ve ever done any kind of IT work, you know that real life adores these kinds of rigid policies, precisely so it can fling you curveballs that suddenly become problems. I had to hang on to a 1.44-inch floppy drive long after they’d stopped shipping in new PCs, for example. First, Windows XP (the dominant OS of the time) didn’t support loading storage drivers off anything but a floppy, unless they were slipstreamed into the OS image on the CD. Second, BIOS updates of the day couldn’t be run off anything but floppy disks, either. This eventually improved, but it wasn’t unusual to have a BIOS flash utility that was only compatible with FAT16 or FAT32 devices, while you had an NTFS partition on the primary drive. How often did I use that floppy drive? Almost never. Most of the time, there were ways to get around driver issues. Most motherboards didn’t need a flash. But it’s the “almost” in “almost never” that made me keep the stupid thing around, long after it should’ve outlived its usefulness. Hell, I think I’ve still got one sitting in the garage.

Of course, it’s possible IBM has perfectly programmed its systems, built the perfect cloud sync system, conceived of every possible circumstance in which its employees might need to access said system, and taken every step to make certain nobody on a service call winds up not being able to access necessary files due to network permissions or firewalls.

But you know, I kind of doubt it.


He’s right; word is that IBM is already offering that there can be extenuating circumstances when USB sticks could be allowed for software updates. Which is exactly the sort of problem you’re trying to prevent, of course: Stuxnet, the worm that delayed Iran’s nuclear ambitions, was spread via USB sticks.
link to this extract

Errata, corrigenda and ai no corrida: last Friday’s link about the hard drives on multi-function printers was from 2010. See above (if you’ve skipped) for a link about what still seems to be the case.