Start Up No.979: Alexa reveals too much, Fortnite’s hackers cash in, K-Cup inventor regrets, and more


Could your smart speaker find this local pop-up shop? Or play the album? CC-licensed photo by Vladimir on Flickr.

This is the last Start Up (and probably Overspill entry) of the year. Have a wonderful break and we’ll meet again on 14 January 2019. In a few weeks we’ll cross the 1,000 mark. Exciting!


It’s charity time: ahead of Christmas, I’m encouraging readers to make a donation to charity; a different one each day.
Once again, we’re urging you to donate to
Shelter, the charity which aims to help the homeless.

Readers in the US can donate to any of the many related charities. Please give as generously as you feel you can.


A selection of 11 links for you. The last of the year! I’m @charlesarthur on Twitter. Observations and links welcome.

The Amazon Alexa eavesdropping nightmare came true • Gizmodo

Jennings Brown on how a German citizen requested their Alexa data under GDPR – and got someone else’s instead, which they shared with C’t magazine:

»

C’t magazine listened to many of the files and was able “to piece together a detailed picture of the customer concerned and his personal habits.” It found that he used Alexa in various places, has an Echo at home, and has a Fire device on his TV. They noticed that a woman was around at times. They listened to him in the shower.

»

We were able to navigate around a complete stranger’s private life without his knowledge, and the immoral, almost voyeuristic nature of what we were doing got our hair standing on end. The alarms, Spotify commands, and public transport inquiries included in the data revealed a lot about the victims’ personal habits, their jobs, and their taste in music. Using these files, it was fairly easy to identify the person involved and his female companion. Weather queries, first names, and even someone’s last name enabled us to quickly zero in on his circle of friends. Public data from Facebook and Twitter rounded out the picture.

«

Using the information they gathered from the recordings, the magazine contacted the victim of the data leak. He “was audibly shocked,” and confirmed it was him in the recordings and that the outlet had figured out the identity of his girlfriend. He said Amazon did not contact him.

«

link to this extract


Annual smart speaker IQ test • Loup Ventures

Gene Munster (of “Apple will make a TV!” fame) and Will Thompson:

»

We asked each smart speaker the same 800 questions, and they were graded on two metrics: 1. Did it understand what was said? 2. Did it deliver a correct response? The question set, which is designed to comprehensively test a smart speaker’s ability and utility, is broken into 5 categories:

• Local – Where is the nearest coffee shop?
• Commerce – Can you order me more paper towels?
• Navigation – How do I get to uptown on the bus?
• Information – Who do the Twins play tonight?
• Command – Remind me to call Steve at 2 pm today.

…Google Home continued its outperformance, answering 86% correctly and understanding all 800 questions. The HomePod correctly answered 75% and only misunderstood three, the Echo correctly answered 73% and misunderstood eight questions, and Cortana correctly answered 63% and misunderstood just five questions.

«

You’d seriously ask a speaker in your home where the nearest coffee shop is? And how to get “uptown” (?) on the bus? What about “Will you send my data to the wrong person?” And I’d rather test it with something like “Play the Arctic Monkeys’ latest album”. (A command I highly recommend, by the way.)
link to this extract


Fortnite teen hackers ‘earning thousands of pounds a week’ • BBC News

Joe Tidy, BBC cybersecurity reporter:

»

Children as young as 14 are making thousands of pounds a week as part of a global hacking network built around the popular video game Fortnite.

About 20 hackers told the BBC they were stealing the private gaming accounts of players and reselling them online.

Fortnite is free to play but is estimated to have made more than £1bn through the sale of “skins”, which change the look of a character, and other add-ons. This fuels a growing black market. Hackers can sell player accounts for as little as 25p or hundreds of pounds, depending on what they contain.

The items are collected as in-game purchases but are purely cosmetic and do not give gamers any extra abilities. Fortnite-maker Epic declined to comment on the investigation but said it was working to improve account security. The game has more than 200 million players.

One British hacker said he got involved at the age of 14 earlier this summer, when he himself became the victim of a hack. Speaking from his bedroom via a video chat, wearing a baseball cap and bandana to hide his identity, the teenager said he had spent about £50 of his pocket money to build up a collection of skins, when he had woken up to a message that changed everything.

“The email said that my password had been changed and two-factor authentication had been added by someone else. It felt horrible,” he recalled.

«

Noted in passing: the BBC now has a cybersecurity reporter. Bet he’s busy.
link to this extract


K-Cup creator John Sylvan regrets inventing Keurig coffee pod system • CBC News

»

As the man who invented them, Sylvan might have been pleased with their popularity. But he left the company in 1997, selling his ownership of the product for $50,000.

To this day, he still doesn’t understand why people like them. “I find them rather expensive,” he said.

So, how does he make coffee? “I make a pot of coffee in the morning into a thermal carafe,” he says. “Before I go to bed … I put the coffee and water in, and when I wake up there’s a pot of coffee,” he deadpans. “We throw away a lot of coffee but it’s so cheap on a per-cup basis.”

Canadian coffee firm takes Keurig to court in pod spat
Coffee starts to deteriorate the minute it comes in contact with oxygen, which is why at grocery stores, coffee is typically either sold in a foil bag or an aluminum tin, because both are impervious to air.

Plastic doesn’t have the same properties, but the K-Cup basically achieves the same thing, while being able to be heated with hot water, by incorporating four different layers and types of plastic. That’s problematic for recycling, because the process requires different recyclable materials to be separated into different groups.

For its part, Keurig Green Mountain pledges to have fully recyclable K-Cups by 2020, but by the company’s own admission, the cups aren’t recyclable at the moment.

«

link to this extract


Does AI make strong tech companies stronger? • Benedict Evans

»

We can’t actually describe all of the logical steps we use to walk, or to recognise a cat. With machine learning, instead of writing rules, you give examples (lots of examples) to a statistical engine, and that engine generates a model that can tell the difference. You give it 100,000 pictures labelled ‘cat’ and 100,000 labelled ‘no cat’ and the machine works out the difference. ML replaces hand-written logical steps with automatically determined patterns in data, and works much better for a very broad class of question – the easy demos are in computer vision, language and speech, but the use cases are much broader. Quite how much data you need is a moving target: there are research paths to allow ML to work with much smaller data sets, but for now, (much) more data is almost always better.  

Hence the question: if ML lets you do new and important things and ML is better the more data you have, then how far does that mean that companies that are already big and have lots of data get stronger? How far are there are winner-takes-all effects? It is easy to imagine virtuous circles strengthening a winner: ‘more data = more accurate model = better product = more users = more data’. From here it’s an easy step to statements like ‘Google / Facebook / Amazon have all the data‘ or indeed ‘China has all the data’ – the fear that the strongest tech companies will get stronger, as will countries with large populations and ‘permissive’ attitudes to centralised use of data.   

Well, sort of.

«

Always worth reading.
link to this extract


Slack bans Iranian academic living in Canada because of sanctions • Motherboard

Joseph Cox:

»

The spokesperson added that Slack determines these violations by banning users who use IP addresses from banned countries.

“Our systems may have detected an account and/or a workspace owner on our platform with an IP address originating from a designated embargoed country. If our systems indicate a workspace primary owner has an IP address originating from a designated embargoed country, the entire workspace will be deactivated,” the statement read.

It is not clear if Abdi did connect from an Iranian IP address; he did not respond to requests for comment. He did tweet that he cannot rule out the possibility of Slack connecting when he travelled to Iran earlier in the year.

Regardless, experts say determining which users have violated based on IP address is not the best way to enforce sanctions.

“If they looked into the account, saw where they are employed/where their bank accounts are and realize there is no flow of money between Iran and US/Canada because of this login, they surely would have no reason to do this,” Mahsa Alimardani, a researcher with freedom of expression organisation Article 19 and a doctoral student at the Oxford Internet Institute, told Motherboard in an online chat.

«

Tricky. The US is aggressive with its sanctions enforcement, and if someone has used an Iranian IP address, you can bet a company is going to block that account. Better safe than sorry in the current climate: Slack won’t want to end up before a judge being fined.
link to this extract


Apple to pull some iPhones in Germany as Qualcomm extends global wins • Reuters

Jörn Poltz and Stephen Nellis:

»

Qualcomm’s win in Germany comes weeks after it secured a court order to ban sales of some iPhone models in China. Apple, which is contesting both rulings, has continued to offer its iPhones in China but made changes to its iOS operating system in the wake of the Chinese order.

The German victory may affect only a few million iPhones out of the hundreds of millions that Apple sells each year. Still, it is a small but clear win in a complex legal battle that will spin into overdrive in the coming months as antitrust regulators and Apple both take Qualcomm to court in the United States…

…Qualcomm is not pursuing the software patents in the Chinese case in other jurisdictions and suffered an early loss while pursuing a US sales ban on the US version of the hardware patent at issue in Germany.

«

The phones being pulled are the iPhone 7 and 8. It feels like a rerun of 2010, with the Samsung bickering.
link to this extract


He tried to fake his way to fame and got caught red-handed. Or did he? • BBC News

Jessica Lussenhop on Threatin, the band (really one person) who faked a fanbase to get a European tour:

»

As he explained his tactics, Jered [Threatin] was relaxed, confident – not the slightest bit embarrassed. But that’s because he had something he was eager to show me – a series of emails that he said he sent out under yet another alias, a Gmail account belonging to “E. Evieknowsit”.

“URGENT: News tip,” the subject line read.

“The musician going by the name Threatin is a total fake. He faked a record label, booking agent, facebook likes, and an online fanbase to book a European tour. ZERO people are coming to the shows and it is clear that his entire operation is fake,” he wrote, including links to all his phoney websites.

“Please don’t let this man fake his way to fame… Please Expose him.”

The first such message he showed me was dated 2 November, a day into the Breaking the World Tour, and a week before the first news reports were published. He says he sent the messages out to a database of reporters’ emails he keeps in a massive Excel spreadsheet on his laptop – to outlets like the Huffington Post, Spin, Consequence of Sound, Rolling Stone, The Guardian, Pitchfork, New York Times, MetalSucks and, yes, the BBC. Although it was unclear if the tips directly resulted in coverage, some of the emails appear to have predated articles.

During the tour, when the bandmates weren’t looking or in another room, Eames claimed he was on his phone on Facebook under his various aliases, stoking the controversy.

«

Long read. You start wondering, is this one of those things where they say portentously “It’s ART, you see.”
link to this extract


John Giannandrea named to Apple’s executive team • Apple

»

John Giannandrea has been named to the company’s executive team as senior vice president of Machine Learning and Artificial Intelligence Strategy. He joined Apple in April 2018.

Giannandrea oversees the strategy for AI and Machine Learning across all Apple products and services, as well as the development of Core ML and Siri technologies. His team’s focus on advancing and tightly integrating machine learning into Apple products is delivering more personal, intelligent and natural interactions for customers while protecting user privacy. 

“John hit the ground running at Apple and we are thrilled to have him as part of our executive team,” said Tim Cook, Apple’s CEO. “Machine learning and AI are important to Apple’s future as they are fundamentally changing the way people interact with technology, and already helping our customers live better lives. We’re fortunate to have John, a leader in the AI industry, driving our efforts in this critical area.” 

«

Only taken seven years, but Siri now has his/her own veep. And note the points about ML/AI being “important”. Not “essential”?
link to this extract


Did Google intentionally cripple Edge’s YouTube performance? • Medium

Jeremy Noring:

»

Recently this article has been making the rounds on Slashdot and other tech sites. The TL;DR of the article is a Microsoft intern insinuates that Google may have intentionally crippled Edge video rendering performance on YouTube:

»

I very recently worked on the Edge team, and one of the reasons we decided to end EdgeHTML was because Google kept making changes to its sites that broke other browsers, and we couldn’t keep up. For example, they recently added a hidden empty div over YouTube videos that causes our hardware acceleration fast-path to bail (should now be fixed in Win10 Oct update). Prior to that, our fairly state-of-the-art video acceleration put us well ahead of Chrome on video playback time on battery, but almost the instant they broke things on YouTube, they started advertising Chrome’s dominance over Edge on video-watching battery life. What makes it so sad, is that their claimed dominance was not due to ingenious optimization work by Chrome, but due to a failure of YouTube. On the whole, they only made the web slower.

«

My initial reaction to this wasn’t “gee, that’s suspicious…” but more along the lines of “wait a minute… I’m pretty sure I’ve written that exact code?”

«

He suggests it’s more the collision between accessibility and the way that Edge interacts with HTML5 video. In general, go with Hanlon’s Law.
link to this extract


I’m an expert on negotiations, and I have some advice for Theresa May • NY Times

Deepak Malhotra is a professor who has sat in on and advised many negotiations:

»

Mrs. May should do what she has resisted so far: announce her intention to hold a second Brexit referendum if she cannot get enough support for her deal. This is a one-two punch. First, it presents a credible threat to reluctant conservative members of Parliament who would prefer nearly anything to holding another referendum and, potentially, having Remain win. If this threat somehow fails to move enough votes, and Mrs. May’s deal is dead, the second punch follows through on the threat and lets voters vote again — having now witnessed the reality of Brexit — whether to leave or remain in the European Union. When all else fails, this helps avoid Mrs. May’s least preferred option: no deal.

«

I thought this would be nonsense, but the logic (of which this is the conclusion – it’s to get her deal through, not to have a another referendum) is powerful.
link to this extract


Errata, corrigenda and ai no corrida: the link in yesterday’s set to risks of vaping was from 2015. The UK government apparently hasn’t updated its advice since then.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

2 thoughts on “Start Up No.979: Alexa reveals too much, Fortnite’s hackers cash in, K-Cup inventor regrets, and more

  1. Re. Smart speakers: they did test media playing, they’ve test 5 separate categories.

    And uptown vs downtown is a funny quirk. French has some weird usage of “going down to” and “going up to”, based on south vs north (because, on a map…), altitude, and social standing. So if you live in the Alps you go up to Paris even though it’s much lower because it’s north and richer, but you go down to Lille which is further north but poorer… or not,it’s bit random.

  2. Re: Apple’s bad quarter. I’m experiencing mild Schadenfreude. The news is not *that* bad, but most of the iCheerleaders seem to be overlooking 2 things:

    1- this bad quarter comes after an unprecedented sales push and discount/trade-ins from Apple. They not only failed to meet their targets for the first time in a decade, but failed after creating and advertising unprecedented discounts. I’ve seen precious little analysis about that, whether short-term impact on numbers or long-term fragility of Apple’s image, value proposition, and resale value. I’d go as far as drawing an analogy between offering trade-in deals and stuffing the channel: the sales they triggered over christmas by increasing trade-in prices are just moved-ahead sales that now won’t happen later, not new sales.

    2- The Services narrative is iffy
    – Apple’s services sales only happen on Apple hardware (contrary to Google, FB, Amazon, even MS), so services only exist as an add-on to Apple’s installed base – ultimately as an add-on to Apple’s device sales since those drive the installed base. Even if they create new services services, increase their uptake and their prices, ultimately Apple’s services sales = devices park x some coefficient, so device sales are still the key metric that drives everything in the long term. GM was making billions financing car purchases, until their cars stopped selling.
    – Apple’s services are nowhere near as good as their hardware. Siri just graduated from “worst” to “second best mostly because music” assistant. That’s not a reason to choose the Apple ecosystem, it might even be a reason to leave it, especially if services are priced so much higher than the competition. People can buy a whole ne phone for the price of 2yrs of AppleCare or a replacement screen.
    – We’ve heard that services narrative before, from IBM, Novell, Dell… It’s not a growth story, it’s a milking story that basically means “we’ve run out of ideas and can’t compete, especially against commoditization”. And Apple is a Consumer business, where the Services lever is probably weaker.

    On the other hand, ASPs even on the Android side is still climbing, so my “flagships are doomed especially Apple’s” view is wrong, and I’m at a loss to understand why. Around me ASP is cratering, but I might have a blind spot in the late teens/young adults demos, I’ve got mostly kids middle-age and seniors around me. Not a lot of high-end gaming, selfies, or even social media creation (only lurking).

    Oh, and I still don’t know what Greater China means, I’d love to be enlightened. The cynic in me thinks that phrase was used because it makes it sound a better excuse than just “China”… “Greater China” is obviously more ponderous. All those sales in Tibet…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.