Start Up: California’s privacy race, driving Amazon Flex, anthropomorphic keyboards, the $1bn digital heist, and more

It’s 0.4% the size of Google. So how does it make money? Photo by pixishared on Flickr.

A selection of 11 links for you. Back on track. I’m @charlesarthur on Twitter. Observations and links welcome.

California has 48 hours to pass this privacy bill or else • Gizmodo

Kashmir Hill:


Recent headlines have suggested that California lawmakers are considering a bill that would give Californians “unprecedented control over their data.” This is true but that is not the whole story.

What’s really happening is that California lawmakers have 48 hours to pass such a bill or the policy shit is going to hit the direct democracy fan. Because if lawmakers in the California Senate and House don’t pass this bill Thursday morning, and if California governor Jerry Brown doesn’t sign this bill into law Thursday afternoon, a stronger version of it will be on the state ballot in November. Then the 17 million or so people who actually vote in California would decide for themselves whether they should have the right to force companies to stop selling their data out the back door. Polls predict they would vote yes, despite the claims of tech companies that passage of the law would lead to businesses fleeing California. And laws passed via the ballot initiative process, rather than the legislative process, are almost impossible to change, so California would likely have this one on its books for a very long time.

This, more than, say, an urgent need to address the data scandals that have dominated the tech industry so far this year, is why lawmakers are scrambling to get a bill passed.


link to this extract

What is the revenue generation model for DuckDuckGo? • Quora

Gabriel Weinberg is the CEO of, a search engine that he says has been profitable since 2014 – without tracking users at all. So why don’t Google and Facebook give up trackers?


Google now deploys hidden trackers on 76% of websites across the web to monitor your behavior and Facebook has hidden trackers on about 25% of websites, according to the Princeton Web Transparency & Accountability Project. It is likely that Google and/or Facebook are watching you on most sites you visit, in addition to tracking you when using their products.

As a result, these two companies have amassed huge data profiles on individuals, which can include interests, past purchases, search, browsing and location history, and much more. This personal data is stored indefinitely and used for invasive targeted advertising that can follow you around the Internet.

This advertising system is designed to enable hyper-targeting, which has many unintended consequences that have dominated the headlines in recent years, such as the ability for bad actors to use the system to influence elections, to exclude groups in a way that facilitates discrimination, and to expose your personal data to companies you’ve never even heard of.

The operative question is, though, is all of this tracking necessary to make substantial profits? Is this the only way to run a profitable digital consumer focused service company? Not in my opinion. The fact is, these companies would still be wildly profitable if, for example, they dropped all of these hidden trackers across the web and limited the amount of data they keep to only what is most necessary.

Yes, this additional tracking probably helps them compete with each other and adds some incremental revenue, but I believe the vast majority of their revenue would still exist if the tracking dial was turned way down, and they backed far away from the creepy line.

The reason is simple: Google and Facebook are the undisputed champions of audience and reach across the internet, something advertisers will always pay for. Their business models don’t need to be this invasive.


DDG (which I use) now has 20m queries per day; in 2014 it went from 2.7m to 5.4m queries per day. It must be very profitable now with that much larger search volume. (Google handles more than 5bn search queries per day.)
link to this extract

The day I drove for Amazon Flex • The Atlantic

Alana Semuels:


On the surface, these jobs, like many others in the gig economy, seem like a good deal. But Flex workers get no health insurance or pension, and are not guaranteed a certain number of hours or shifts a week. They are not covered by basic labor protections like minimum wage and overtime pay, and they don’t get unemployment benefits if they suddenly can’t work anymore. And when workers calculate how much they’re pulling in on a daily basis, they often don’t account for the expenses that they’ll incur doing these jobs. “A lot of these gig-type services essentially rely on people not doing the math on what it actually costs you,” Sucharita Kodali, a Forrester analyst who covers e-commerce, told me.

One Amazon Flex driver in Cleveland, Chris Miller, 63, told me that though he makes $18 an hour, he spends about 40 cents per mile he drives on expenses like gas and car repairs. He bought his car, used, with 40,000 miles on it. It now has 140,000, after driving for Flex for seven months, and Uber and Lyft before that. That means he’s incurred about $40,000 in expenses—things he didn’t think about initially, like changing the oil more frequently and replacing headlights and taillights. He made slightly less than $10 an hour driving for Uber, he told me, once he factored in these expenses; Flex pays a bit better.

Miller’s wife has a full-time job with benefits, so his Flex earnings are helpful for paying off his family’s credit-card bills. But “if I were trying to make this work as a single guy on my own, it would be tough to do that,” he said. His costs might actually be lower than what most drivers spend: The standard mileage rates for use of a car for business purposes, according to the IRS, are 54.5 cents a mile in 2018.

I became an Amazon Flex independent contractor by downloading an app, going through a background check, and watching 19 videos that explained in great detail the process of delivering packages.


link to this extract

Two Keyboards at a Bar • Rands in Repose

Michael Lopp:


APPLE EXTENDED II sits at the bar nursing a Macallan 18. Next to him is MACBOOK PRO who has not taken a sip of his glass of water.

APPLE EXTENDED II: Lonely times, man. Lonely times. First, it was scissors then butterflies. Do you want to know what I miss? Electric Alps switches. That was the dream, right?

MACBOOK PRO (nervous, staring at the bar, napkins in both hands): Did you clean up before I sat down? It looks clean, but…

APPLE EXTENDED II (interrupting): Kids today. They don’t appreciate the reliable, credible haptic feedback of a single healthy keystroke. It’s all hunt, peck, and swipe swipe swipe.

TOUCHBAR (arrives): Hey! Nobody told me we were going out to drinks . This is great!

APPLE EXTENDED II: Wait, who invited him?

MACBOOK PRO: Sorry, we’re a package deal. It’s not…


Brilliant. Stemming, of course, from John Gruber’s wonderful set:
“The iTunes 5 Announcement From the Perspective of an Anthropomorphized Brushed Metal User Interface Theme” (2005)
“iLife ’06 From the Perspective of an Anthropomorphized Brushed Metal Interface” (2006) and
“An Anthropomorphized Brushed Metal Interface Theme Shows Up for the WWDC Preview Build of Mac OS X Leopard” (2007)
link to this extract

Yelp, The Red Hen, and how all tech platforms are now pawns in the culture war • Buzzfeed

Charlie Warzel:


Though the brigading of review sites and doxxing behavior isn’t exactly new, the speed and coordination is; one consequence of a never-ending information war is that everyone is already well versed in their specific roles. And across the internet, it appears that technology platforms, both big and small, must grapple with the reality that they are now powerful instruments in an increasingly toxic political and cultural battle. After years attempting to dodge notions of bias at all costs, Silicon Valley’s tech platforms are up against a painful reality: They need to expect and prepare for the armies of the culture war and all the uncomfortable policing that inevitably follows.

Policing and intervening isn’t just politically tricky for the platforms, it’s also a tacit admission that Big Tech’s utopian ideologies are deeply flawed in practice. Connecting everyone and everything in an instantly accessible way can have terrible consequences that the tech industry still doesn’t seem to be on top of. Silicon Valley frequently demos a future of seamless integration. It’s a future where cross-referencing your calendar with Yelp, Waze, and Uber creates a service that’s greater than the sum of its parts. It’s an appealing vision, but it is increasingly co-opted by its darker counterpart, in which major technology platforms are daisy-chained together to manipulate, abuse, and harass…

…The tech industry likes to talk, with increasing zeal, about the power of machine learning. Yet when it can’t prevent something simple, like a sudden influx of restaurant reviews from people hundreds or thousands of miles away (identifying users’ locations is trivial), it plays into the hands of those who want to wage information war.

Meanwhile, pro-Trump trolls, as well as supporters of Sanders and the administration, are accusing Yelp of “censoring” reviews. Kirk suggested that brigading restaurant reviews was a just consequence of refusing a diner service. “This is the market at work,” he tweeted (Kirk’s rationale knowingly misrepresents Yelp’s role as a site that should reflect customer experience, not the political opinion of any outraged bystander).


But, as Warzel also points out, it doesn’t have to be this way. (Though he doesn’t make suggestions, some sort of circuit-breaker – stopping reviews when too many come in, or they’re too low or high – would make sense.)
link to this extract

The biggest digital heist in history isn’t over yet • Bloomberg

Charlie Devereux , Franz Wild , and Edward Robinson:


Before WannaCry, before the Sony Pictures hack, and before the breaches that opened up Equifax and Yahoo!, there was a nasty bit of malware known as Carbanak. Unlike those spectacular attacks, this malware wasn’t created by people interested in paralyzing institutions for ransom, publishing embarrassing emails, or taking personal data. The Carbanak guys just wanted loot, and lots of it.

Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union’s law enforcement agency. The string of thefts, collectively dubbed Carbanak—a mashup of a hacking program and the word “bank”—is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that’s become the stuff of legend in the digital underworld.

Besides forcing ATMs to cough up money, the thieves inflated account balances and shuttled millions of dollars around the globe. Deploying the same espionage methods used by intelligence agencies, they appropriated the identities of network administrators and executives and plumbed files for sensitive information about security and account management practices. The gang operated through remotely accessed computers and hid their tracks in a sea of internet addresses. “Carbanak is the first time we saw such novel methods used to penetrate big financial institutions and their networks,” says James Chappell, co-founder and chief innovation officer of Digital Shadows Ltd., a London intelligence firm that works with the Bank of England and other lending institutions. “It’s the breadth of the attacks, that’s what’s truly different about this one.”


Sounds a bit like a nation-state player who decided to mint it.
link to this extract

Google criticised for push against EU copyright reform • Financial Times

Matthew Garrahan and Mehreen Khan:


Google has sparked criticism by encouraging news publishers participating in its Digital News Initiative to lobby against proposed changes to EU copyright law at a time when the beleaguered sector is increasingly turning to the search giant for help.

Google opposes the copyright directive, which it says would impede the free flow of information, and in a recent email to publishers suggested they contact members of the European Parliament to express their views.

The search engine has developed close ties with publishers via its DNI programme, which provides support for digital journalism as well as innovation grants from a €150m fund.

In the email to the members of the DNI working group — and which has been seen by the FT — Madhav Chinnappa, Google’s director of strategic relations, wrote that the “timing is urgent” and provided a link to a directory of MEPs. “If you feel strongly about this, please consider contacting the MEPs,” he said.

Jason Kint, chief executive of Digital Content Next, said the company had gone too far. “It’s outrageous that Google would once again be using a forum it publicly convened to help the publishing industry as a vehicle to lobby on behalf of Google’s own interests and confuse the market,” he said.


You can sort of understand Google’s position. But it wasn’t a clever move.
link to this extract

Oldest domains in the .com, .net, and .org TLDs •

Frederic Cambus:


As someone interested in DNS and Internet history, I’ve always been enjoying facts and articles about early registered domain names. Wikipedia has a page on the subject, but the list is extremely short for .net and .org domains.

Using the DDN NIC domain summaries, it shouldn’t be too difficult to extract a list of domains, perform whois queries to get registration dates, and sort the results. Let’s find out.

For the record, the oldest issue I could find, dating from December 1987, doesn’t list, the first .net domain ever registered. So I opted for the August 1995 edition to be on the safe side. While I could also find an issue from 1996, there are a lot more domains listed so the whois lookups would take a lot more time, for no evident benefit.


Looking through the dot-coms is quite the history lesson.
link to this extract

Europe’s first solar panel recycling plant opens in France • Reuters

Geert de Clercq:


The first ageing photovoltaic (PV) panels – which have lifespans of around 25 years – are just now beginning to come off rooftops and solar plants in volumes sufficiently steady and significant to warrant building a dedicated plant, Veolia said.

Up until now, ageing or broken solar panels have typically been recycled in general-purpose glass recycling facilities, where only their glass and aluminum frames are recovered and their specialty glass is mixed in with other glass. The remainder is often burned in cement ovens.

In a 2016 study on solar panel recycling, the International Renewable Energy Agency (IRENA) said that in the long term, building dedicated PV panel recycling plants makes sense. It estimates that recovered materials could be worth $450 million by 2030 and exceed $15 billion by 2050.

The robots in Veolia’s new plant dissemble the panels to recuperate glass, silicon, plastics, copper and silver, which are crushed into granulates that can used to make new panels.

A typical crystalline silicon solar panel is made up of 65-75% glass, 10-15% aluminum for the frame, 10% plastic and just 3-5% silicon. The new plant does not recycle thin-film solar panels, which make up just a small percentage of the French market.


link to this extract

Chinese group engaging in cyber espionage against US companies, report says • Fox News

Brooke Crothers:


One of the most disturbing attacks was directed at a satellite communications operator, Symantec said.

“The attack group seemed to be particularly interested in the operational side of the company, looking for and infecting computers running software that monitors and controls satellites, “Symantec said. “This suggests to us that Thrip’s motives go beyond spying and may also include disruption.” 

Another target was an organization involved in geospatial imaging and mapping. In this case, Thrip targeted computers running MapXtreme GIS (Geographic Information System) as well as machines running Google Earth Server and Garmin imaging software.

Other targets included three different telecoms operators, all based in Southeast Asia.

“In all cases…it appeared that the telecoms companies themselves and not their customers were the targets of these attacks,” Symantec added.

There was also a defense contractor that was targeted. When asked by Fox News, Symantec would not elaborate on the nature of the threat or the defense contractor’s identity.


This sort of stuff has been going on literally for years.
link to this extract

Why North Korea’s hacking should have been on the agenda at the Trump-Kim summit • Fast Company

Tim Bajarin:


Prevention of nuclear war needed to be a top priority in the five-hour meeting, but to ignore the hacking threat that North Korea poses is irresponsible. The harm that could be caused by cyber warfare may seem less immediate than that from nuclear war, but it’s a major threat that could easily escalate to more direct forms of warfare.

“The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber-war capacity,” a North Korean defector told the BBC in 2015. “Their cyber attacks could have similar impacts as military attacks, killing people and destroying cities.”

North Korean hackers attacked private ATM accounts in South Korea to steal money from private citizens, and, more recently, they have been taking aim at banks around the world, including the US Federal Reserve.

The Daily Beast reported that North Korea may also be planning to attack the US power grid, something that could paralyze our financial systems, and demobilize major cities around the country.


Bajarin mentions Wannacry, but not the possibility that somebody could have died due to the ransomware infections of hospitals in the UK. (No deaths have been ascribed to it as far as I know, but it was probably a close thing.) In that sense, North Korea’s cyber threat has already come much closer to killing people than its nuclear one.

By the way, I discuss North Korea’s focus on hacking as a nation state priority in my book Cyber Wars
link to this extract

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.