Start Up No.913: the crypto wild west, the Circle’s catfish game, Magecart strikes again, Nest looks to health, Google’s new tablet?, and more

Is note-taking app Evernote in a “death spiral”? Photo by Leif Harboe on Flickr.

A selection of 10 links for you. Get that ring of confidence. I’m @charlesarthur on Twitter. Observations and links welcome.

Time to regulate bitcoin, says Treasury committee report • The Guardian

Angela Monaghan:


Bitcoin and other cryptocurrencies are “wild west” assets that expose investors to a litany of risks and are in urgent need of regulation, MPs on the Treasury select committee have said.

The committee said in a report that consumers were left unprotected from an unregulated industry that aided money laundering, while the government and regulators “bumble along” and fail to take action.

The Conservative MP Nicky Morgan, the chair of the committee, said the current situation was unsustainable.

“Bitcoin and other crypto-assets exist in the wild west industry of crypto-assets. This unregulated industry leaves investors facing numerous risks,” Morgan said. “Given the high price volatility, the hacking vulnerability of exchanges and the potential role in money laundering, the Treasury committee strongly believes that regulation should be introduced.”


The report is on the Parliament site, and doesn’t pull its punches. How do you regulate? Introduce anti-money laundering measures – basically, get people to explain where large amounts of arriving (fiat) money come from.
link to this extract

Nest’s digital health ambitions revealed in records from secretive purchase of Seattle startup Senosis • GeekWire

Nat Levy and Todd Bishop:


Nest’s ambitions are revealed in internal communications and financial documents released by the University of Washington in response to a public records request related to the sale of Senosis Health, a UW spinout focused on smartphone-based health monitoring systems. GeekWire made the records request last year, shortly after breaking news of Google’s acquisition of Senosis, but received the documents only recently, after the university worked with Google officials and others to determine what could be released.

The documents show that Nest acquired Senosis to bolster its digital health capabilities, shedding new light on a deal that to this day hasn’t been acknowledged publicly. If it follows through on the plans, Nest would join a growing number of major tech brands moving into health technology.

RELATED: Google buys Seattle health monitoring startup Senosis, bolstering digital health push
The majority of the communication is between UW, Senosis and Google officials, and the search giant appears on many of the documents related to the acquisition. Financial information such as the purchase price and other sensitive details were redacted. However, the documents clearly show that Nest — which Google acquired in 2014 for $3.2 billion — was in fact the buyer of Senosis, which went by the legal name Bilicam LLC.

Nest has gone to great lengths to keep its involvement secret, records show, telling personnel not to utter the company’s name and barring UW from immediately publicizing the sale.


Oops! Also: the health space is starting to get crowded. Notable: Senosis is a smartphone-based product. Does that mean Nest rolling into Android? Or what?
link to this extract

John Hancock will include fitness tracking in all life insurance policies • VentureBeat


John Hancock, one of the oldest and largest North American life insurers, will stop underwriting traditional life insurance and instead sell only interactive policies that track fitness and health data through wearable devices and smartphones, the company said on Wednesday.

The move by the 156-year-old insurer, owned by Canada’s Manulife Financial, marks a major shift for the company, which unveiled its first interactive life insurance policy in 2015. It is now applying the model across all of its life coverage.

Interactive life insurance, pioneered by John Hancock’s partner the Vitality Group, is already well-established in South Africa and Britain and is becoming more widespread in the United States.

Policyholders score premium discounts for hitting exercise targets tracked on wearable devices such as a Fitbit or Apple Watch and get gift cards for retail stores and other perks by logging their workouts and healthy food purchases in an app.


Ever so faintly creepy.
link to this extract

Equifax IT staff had to rerun hackers’ database queries to work out what was nicked – audit • The Register

John Dunn:


Equifax was so unsure how much data had been stolen during its 2017 mega-hack that its IT staff spent weeks rerunning the hackers’ database queries on a test system to find out.

That’s just one intriguing info-nugget from the US Government Accountability Office’s (GAO) report, Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach, dated August but publicly released this month.

During that attack, hackers broke into the credit check agency’s systems, getting sight of highly personal information on roughly 150 million people in America plus 15 million Brits, and others.

Computer security breaches are rarely examined in this much detail, however, several departments of the US government are Equifax customers, which meant the Feds wanted the GAO to convince them it’s not going to happen again.

The cyber-break-in happened on May 13 when criminals started exploiting a vulnerability in the Apache Struts 2 framework running on Equifax’s online portal. The company didn’t clock it until July 29. However, the report confirmed that failing to patch this flaw earlier was not the only screw-up.


And yet they still had the chutzpah to offer people “one year’s free protection” on their accounts, chargeable after that. A great way to drum up business. (That bit wasn’t a screw-up. It was intentional greed.)
link to this extract

Pictures leak of the “Google Home Hub,” Google’s version of a smart display • Ars Technica

Ron Amadeo:


Google’s big hardware event is coming October 9, and we’re getting a clearer picture of what to expect from the show as the days go by. The event is promoted as the “Pixel 3 launch event,” but the company’s previous two hardware events featured five or more product announcements. Besides the Pixel 3, a Pixelbook 2 is a good option, and with the launch of Google’s Smart Display software on third-party hardware earlier this year, it seems inevitable that we’ll soon see a first-party Google Smart Display.

As luck would have it, today MySmartPrice has scored pictures of the “Google Home Hub,” a product that is clearly Google’s flagship hardware for its Smart Display software. The device has a 7-inch touchscreen and basically looks like a 16:9 tablet mounted to Google Home Max. Some of the pictures, which look like a leaked store listing, show a few more specs: 802.11ac Wi-Fi at 2.4 and 5GHz, Bluetooth, an “Ambient light and color sensor,” a “full-range speaker for crystal clear sound,” and “far-field voice recognition.” The listing shows the display available in two colors (“chalk” and “charcoal”), with Google’s traditional mute switch on the back and what looks to be a video chat camera on the front.


How is a device like this any different from a mounted tablet with a good speaker?
link to this extract

Trump’s tariffs won’t bite Apple, illustrating Tim Cook’s political sway • The Washington Post

Tony Romm and Damian Paletta:


Apple chief executive Tim Cook has been one of President Trump’s staunchest critics in Silicon Valley, opposing the White House on immigration, climate change and more.

But the 57-year-old tech leader has also become one of the technology industry’s savviest political operators — a behind-the-scenes Trump whisperer, able to shape some of the administration’s economic policies in ways that benefit Apple and some of its tech peers.

Those efforts seemed to pay off Monday, after Trump unveiled tariffs on roughly $200 billion in goods imported from China, the latest salvo in the trade war Washington is waging against Beijing. The initial list of imports the White House had threatened to penalize included some of Apple’s best-known products, the company said earlier this month, such as its recently updated Apple Watch smartwatch, HomePod home assistant and AirPods wireless headphones (but not the iPhone). On Monday evening, though, those products were spared. Thousands of other imports weren’t so lucky, and Americans could soon be paying more for such things as refrigerators and toys.


link to this extract

Magecart strikes again: Newegg in the crosshairs • Volexity


In another brazen attack against a major online retailer, the actors behind Magecart have struck the eCommerce operations of the popular computer hardware and electronics retailer Newegg. With this latest attack, joins the ranks of high-profile eCommerce websites that have fallen victim to the financial theft group. Based on findings recently published by RiskIQ, Magecart was identified as being responsible for a recently publicized breach claiming upwards of 380,000 victims that had used the British Airways website or mobile application. As it turns out, a nearly identical data theft campaign was being carried out against Newegg at the same time. In fact, it appears the Newegg compromise may have started nearly a week earlier.

Volexity was able to verify the presence of malicious JavaScript code limited to a page on presented during the checkout process at Newegg. The malicious code specifically appeared once when moving to the Billing Information page while checking out.  This page, located at the URL, would collect form data, siphoning it back to the attackers over SSL/TLS via the domain


I’m not sure I would call it “brazen” – it’s very subtle. “” was created on 13 August and the siphoning of data began three days later. These guys are very organised and very dangerous. The script was running on the site for a month; that’s a lot of lost data.

In brief: Javascript considered harmful.
link to this extract

The Circle says a lot more about the evils of reality TV than it does about social media • New Statesman

Mic Wright:


“What if phones, but too much.” Daniel Ortberg’s six-word description of Black Mirror ended up reflexively inspiring “Playtest”, an episode in the programme’s third season. That joke could also have been the entire pitch for Channel 4’s latest reality TV show dolled up in the clothes of a social experiment, The Circle, in which a collection of the usual reality TV stereotypes are placed in apartments and encouraged to catfish their fellow contestants in the hope of winning £50,000. The first episode, which went out last night, introduced us to the cast, which includes a digital marketer pretending to be an oncologist (“They didn’t even question it!” she crowed in delight) and a gay man pretending to be an odious straight lad, with a recently deceased dog (he also delighted when the others fell for this ruse).

The Circle’s hook is that unlike its reality TV antecedents, such as Big Brother, which is shivering its way to an overdue demise with a final series on Channel 5, face-to-face conflict isn’t on the menu. Instead, the participants are each sequestered in their own apartment and forced to communicate via a bespoke social network that comes off like the unholy love child of LinkedIn, Twitter and Instagram with an unpalatable pinch of Tinder thrown in. The conclusion of episode one ended with a particularly uncomfortable date conducted via private message between a barman from Norwich and what he thought was a pretty young woman, but was in fact another young guy using his girlfriend’s pictures to aid him in the quest for the cash.


Circles within circles: this sounds like the basic outline for a Black Mirror episode. No wonder Charlie Brooker is finding new episodes increasingly challenging to write: we’ve gone beyond navel-gazing to ourobouros to some place of infinitely reflecting mirrors.

Although I liked this detail:


The pacing is deathly slow, as contestants dictate their messages to the Circle (which we’re led to believe is voice-activated but is patently the work of put-upon researchers hunched over keyboards) and read out replies. All this as the moral is tediously repeated: You never know who you’re talking to online.


link to this extract

The Mirai botnet architects are now fighting crime with the FBI • WIRED

Garrett Graff:


Josiah White, Paras Jha, and Dalton Norman, who were all between 18 and 20 years old when they built and launched Mirai, pleaded guilty last December to creating the malware. Mirai, which hijacked hundreds of thousands of internet-of-things devices and united them as a digital army, began as a way to attack rival Minecraft videogame hosts, but it evolved into an online tsunami of nefarious traffic that knocked entire web-hosting companies offline. At the time, the attacks raised fears amid a presidential election targeted online by Russia that an unknown adversary was preparing to lay waste to the internet…

…In a separate eight-page document, the government lays out how, over the 18 months since the FBI first made contact with the trio, they have worked extensively behind the scenes with the agency and the broader cybersecurity community to put their advanced computer skills to noncriminal uses. “Prior to even being charged, the defendants have engaged in extensive, exceptional cooperation with the United States Government,” prosecutors wrote, saying that their cooperation was “noteworthy in both its scale and its impact.”

As it turns out, the trio have contributed to a dozen or more different law enforcement and security research efforts around the country and, indeed, around the globe. In one instance, they helped private-sector researchers chase what they believed was an “advanced persistent threat” from a nation-state hacking group; in another, they worked with the FBI in advance of last year’s Christmas holiday to help mitigate an onslaught of DDoS attacks. Court documents also hint that the trio have been engaged in undercover work both online and offline, including traveling to “surreptitiously record the activities of known investigative subjects,” and at one point working with a foreign law enforcement agency to “ensur[e] a given target was actively utilizing a computer during the execution of a physical search.”

The government estimates that the trio have already collectively logged more than 1,000 hours of assistance, the equivalent of half a year of full-time employment.


So that’s positive, sort of. More details at the US Justice Department site.
link to this extract

Evernote just slashed 54 jobs, or 15% of its workforce • TechCrunch

Connie Loizos:


It’s no secret that Evernote, the productivity app that lets people take notes and organize other files from their working and non-work life, has been trying to regain its former footing as one of the most popular apps in the U.S., and that doing so has been an ongoing struggle.

Just two weeks ago, we reported that Evernote had lost several of its most senior executives, including its CTO Anirban Kundu, CFO Vincent Toolan, CPO Erik Wrobel and head of HR Michelle Wagner.

Now, Chris O’Neill — who took over as CEO of Evernote in 2015 after running the business operations at the Google X research unit — is sharing more demoralizing news with employees. To wit, he’s firing dozens of them. At an an all-hands meeting earlier today, he told gathered staffers that Evernote has no choice but to lay off 54 people —  roughly 15% of the company’s workforce — and to focus its efforts instead around specific functions, including product development and engineering.

…a person who tipped TechCrunch off to the executive departures two weeks ago characterized Evernote as “in a death spiral,” saying that user growth and active users have been flat for the last six years and that the company’s enterprise product offering hasn’t caught on.


Also facing a funding crunch. The CEO letter says it serves “over 225 million people around the world” who have more than 9bn notes (that’s an average of 40 each, though I bet there’s a lot of 1-note tryouts there). O’Neill has a rather vague blogpost subsequent to this rather more detailed story.
link to this extract

Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

1 thought on “Start Up No.913: the crypto wild west, the Circle’s catfish game, Magecart strikes again, Nest looks to health, Google’s new tablet?, and more

  1. “How is a device like this any different from a mounted tablet with a good speaker?”

    Because it’s a smart speaker with an added screen ;-p

    People have weird little boxes in their brains and they assign devices to them. My sister has been using a Kindle + small smartphone for years, while I was parading and loudly advertising my ridiculously large phone on which I mostly read stuff. Suddenly last month, she went “But, I could read my books on my phone, if it were larger ?”.

    I’m guessing the screenspeaker is there to fill the smartspeaker box with something better because it also has a screen. I agree it’s probably better, except it doesn’t put people into “ears only” mode, they might end up tabletting on them.

    Also, techies wildly overestimate users’ awareness of features. My biggest hit this summer was showing people there is an assistant they can talk to in their phones and tablets, and that they can dictate instead of typing too. And that cut across premium/basic, young/old, and Android/iOS lines. Maybe one laptop per child was kinda right, only it’s one feature per device.

    Second biggest hit: showing iOS users how to shuffle their pics off to the cloud to get some free space on their phones ;-p

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.