Start Up No.1,028: a US DNA database by stealth?, Uber’s Aussie spyware, AI to draw for you, Nunes v cow, and more

Meet the new instrument that can detect Parkinson’s Disease decades before symptoms appear. CC-licensed photo by Bradley Gordon on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Flexible, extensible. I’m @charlesarthur on Twitter. Observations and links welcome.

Consumer genetic testing is creating a de facto national DNA database • Slate

Natalie Ram:


Imagine the federal government enacted a law requiring all US residents to provide law enforcement with their DNA profile so police could solve more crimes. Would you be OK with such a system?

Imagine instead that the federal government established a database for which people could volunteer genetic profiles—but that the decision about whether to volunteer your DNA belonged not to you, but to your third cousin. Would you be OK with that?

Whether you like it or not, the United States has effectively already adopted this second system. Since April 2018, law enforcement investigations stemming from DNA searches in consumer genetics databases have led to nearly three dozen arrests. In every case, those ultimately arrested did not actually upload their own genetic profiles to any database. Rather, they were identified through partial matches between crime scene DNA samples and the genetic profiles of often-distant relatives shared on consumer platforms like GEDmatch or FamilyTreeDNA. By one estimate, more than 60% of Americans of European descent are already identifiable through the DNA of a third cousin or closer on one of these platforms, and nearly all such Americans may be findable soon. Meanwhile, Parabon Nanolabs, the leading private company selling genetic genealogy services to law enforcement, claims that it can identify criminal suspects out to ninth-degree relatives (e.g., fourth cousins)—widening the genetic web of indirect database inclusion still further.


It’s a DNA database by accident, rather as the tech companies created mass government surveillance by accident – their systems became so pervasive and comprehensive that they could then be exploited by the PRISM system, which ran on secret FISA court rulings.

Also, it’s really unlikely that it will go away. Law enforcement will lobby endlessly to get loopholes to use private data. (Thanks Nic for the link.)

Uber used secret spyware to try to crush Australian start-up GoCatch • ABC News (Australian Broadcasting Corporation)

Sean Nicholls, Peter Cronau and Mary Fallon:


GoCatch was a major competitor to Uber when the US company launched in Australia in 2012. At the time, both companies were offering a new way to book taxis and hire cars using a smartphone app.

Surfcam was developed in Uber Australia’s head office in Sydney in 2015.

A former senior Uber employee has told Four Corners that the idea behind the use of the Surfcam spyware was to starve GoCatch of drivers.

“Surfcam when used in Australia was able to put fledgling Australian competitors onto the ropes,” the former employee with direct knowledge of the program said on the condition of anonymity.

“Surfcam allowed Uber Australia to see in real time all of the competitor cars online and to scrape data such as the driver’s name, car registration, and so on”.

It allowed Uber to directly approach the GoCatch drivers and lure them to work for Uber.

“GoCatch would lose customers due to poaching of its drivers draining their supply. With fewer and fewer drivers, GoCatch would eventually fold,” the former Uber employee said.


Uber really had a particular charm in those days. Though the company insisted that it was a “rogue employee” and that when they found out, he was told to stop. Choose your own adventure on whether you believe them.

London schoolchildren to monitor air quality with backpacks • UKAuthority


Children from five London primary schools will carry monitors in their backpacks for a week as part of research into the city’s air quality.

The 1kg monitors, designed to fit into lightweight backpacks with room for school equipment, measure PM2.5 and PM10 particulates and nitrogen dioxide levels. 250 children from schools in Southwark, Richmond, Greenwich, Haringey and Hammersmith and Fulham will take part.

The sensors have been developed by manufacturer Dyson with King’s College London, whose scientists will analyse the results to see where and when children are most exposed to pollution and make recommendations on reducing this.

The project was launched by London mayor Sadiq Khan at Haimo primary school in Greenwich, one of the five schools involved, on 19 March. The school already provides pupils with walking route maps and the Royal Borough of Greenwich closes the road outside to traffic at the start and end of the day, leading to 35% fewer parents driving children to school.


The difference with these is that they’re monitoring the air the children are breathing – unlike monitors that sit on poles well above the ground.

A ‘super smeller’ sniffed Parkinson’s Disease before symptoms even appeared • Inverse

Sarah Sloat:


Joy Milne has an incredible sense of smell, which she credits to her synaesthesia. But in late 1986, her fantastic nose picked up on something less than lovely: An earthy, musky scent that suddenly radiated from her husband. When her husband was diagnosed with Parkinson’s Disease in 1994, Milne had an aha moment and approached researchers at the University of Manchester.

“Joy motivated us,” explains Perdita Barran, Ph.D., one of the researchers, to Inverse. “She came to my collaborator Tilo Kunath and directly asked him why he or anyone wasn’t working on the fact that people with Parkinson’s disease have a distinct smell.”

That useful conversation led to a study, in 2017, that confirmed the observation was worth pursuing. The latest study on the smell of Parkinson’s definitively ties scent to the neurodegenerative disorder. On Wednesday, Barran, a professor of mass spectrometry, and her team reported in ACS Central Science that they had identified the specific compounds that make up the odor of the disease.

They hope that, in the future, scent can be used as a diagnostic tool. While Parkinson’s disease is a widely studied condition that affects more than 10 million people worldwide, there are currently no reliable tests to diagnose it.


This is just the most amazing story you’ll read all week. The paper itself is open access. Could lead to earlier diagnosis, and because of that treatment, and because of that better lives.

Nvidia’s latest AI software turns rough doodles into realistic landscapes • The Verge

JAmes Vincent:


The software generates AI landscapes instantly, and it’s surprisingly intuitive. For example, when a user draws a tree and then a pool of water underneath it, the model adds the tree’s reflection to the pool.

Demos like this are very entertaining, but they don’t do a good job of highlighting the limitations of these systems. The underlying technology can’t just paint in any texture you can think of, and Nvidia has chosen to show off imagery it handles particularly well.

For example, generating fake grass and water is relatively easy for GANs [generative adversarial networks, a form of neural network] because the visual patterns involved are unstructured. Generating pictures of buildings and furniture, by comparison, is much trickier, and the results are much less realistic. That’s because these objects have a logic and structure to them that humans are sensitive to. GANs can overcome this sort of challenge, as we’ve seen with AI-generated faces, but it takes a lot of extra effort.

Nvidia didn’t say if it has any plans to turn the software into an actual product, but it suggests that tools like this could help “everyone from architects and urban planners to landscape designers and game developers” in the future.


Goats, cows and Devin Nunes’ mom: how a Republican’s Twitter lawsuit backfired • The Guardian

Vivian Ho, on Tuesday:


The US congressman Devin Nunes sent the Twitterverse spiraling into hilarity late on Monday with his lawsuit listing the purported crimes of Twitter users “Devin Nunes’ Mom” and “Devin Nunes’ Cow”.

In the lawsuit against Twitter and a handful of users, the California Republican claims to be the victim of vicious internet trolls, as well as the victim of selective censorship by the social media company. He is alleging that by “shadow-banning” his account, Twitter allowed for the selective amplification of “defamers” such as “Devin Nunes’ Mom” and “Devin Nunes’ Cow”.

(Shadow-banning, a term used for when certain users are not visible in automatic search results, has repeatedly been debunked as an effort to silence conservatives. Twitter has changed the way it algorithmically ranks users, based on their behavior, but the company has maintained that it is content-neutral.)

But in filing the lawsuit, Nunes ultimately fell victim to the Streisand effect: when an attempt to censor something ends up bringing more attention to it.

In suing these Twitter users, Nunes listed some of their tweets, thus ensuring thousands, if not millions, more people saw what the lawsuit characterized as “defamation”. By the time Nunes filed the lawsuit, Twitter had already suspended Devin Nunes’ Mom. Devin Nunes’ Cow had more than 1,200 followers.


*hand to earpiece* and this just in: @devincow now has more Twitter followers than Nunes himself. A richly deserved pisstaking on an idiot who helped debase the Republicans during Trump’s first two years in office by acting as a bag-carrier of nonsense between White House, Congress and Fox News.

The US government is using the most vulnerable people to test facial recognition software • Slate

Os Keyes, Nikki Stevens, and Jacqueline Wernimont:


If you thought IBM using “quietly scraped” Flickr images to train facial recognition systems was bad, it gets worse. Our research, which will be reviewed for publication this summer, indicates that the U.S. government, researchers, and corporations have used images of immigrants, abused children, and dead people to test their facial recognition systems, all without consent. The very group the U.S. government has tasked with regulating the facial recognition industry is perhaps the worst offender when it comes to using images sourced without the knowledge of the people in the photographs.

The National Institute of Standards and Technology, a part of the U.S. Department of Commerce, maintains the Facial Recognition Verification Testing program, the gold standard test for facial recognition technology. This program helps software companies, researchers, and designers evaluate the accuracy of their facial recognition programs by running their software through a series of challenges against large groups of images (data sets) that contain faces from various angles and in various lighting conditions…

…Through a mix of publicly released documents and materials obtained through the Freedom of Information Act, we’ve found that the Facial Recognition Verification Testing program depends on images of children who have been exploited for child pornography; US visa applicants, especially those from Mexico; and people who have been arrested and are now deceased. Additional images are drawn from the Department of Homeland Security documentation of travellers boarding aircraft in the US and individuals booked on suspicion of criminal activity.


We’re discovering that these systems are built on the systems equivalent of native burial grounds.

Is there a limit to the number of devices I can link to my account? • Dropbox Help


Basic users have a three device limit as of March 2019. [Emphasis added – CA]

Plus and Professional users can link more than three devices.

Business users can link unlimited devices, but Advanced and Enterprise Dropbox Business admins can limit the number of devices that their teams can link.

If you’ve reached your device limit, you can change which three devices are linked to your account. To do so, unlink devices you don’t want on your account (down to less than three), and then link the devices that you do want. Learn how to link and unlink devices. 

If you’re a Basic user and you linked more than three devices prior to March 2019, all of your previously linked devices will remain linked, but you can’t link additional devices.

To get unlimited linked devices, upgrade your Dropbox account.


So now we find out how Dropbox is going to start nudging more people towards paying for it. As a business, it’s edging towards formal profitability, and added more than a million users (12.7m by end 2018, up from 11m at end 2017) in a year. Only takes a few to tip over into paying and it’s happy.

Guardian Mobile Fireweall aim to block the apps that grab your data • Fast Company

Glenn Fleishman:


A New York Times report in December focused on location data being shared with third-party organizations and tied to specific users; in February, a Wall Street Journal investigation reported that app makers were sharing events as intimate as ovulation cycles and weight with Facebook. But no matter how alarmed you are by such scenarios, there hasn’t been much you could do. Mobile operating systems don’t let you monitor your network connection and block specific bits of data from leaving your phone.

That led Strafach and his colleagues at Sudo Security Group aim to take practical action. “We are aware of almost every active tracker that is in the App Store,” he says. Building on years of research, Sudo is putting the finishing touches on an iPhone app called Guardian Mobile Firewall, a product that combines a virtual private network (VPN) connection with a sophisticated custom firewall managed by Sudo.

It looks like Guardian will be the first commercial entry into a fresh category of apps and services that look not only just for malicious behavior, but also what analysis shows could be data about you leaving your phone without your explicit permission. It will identify and variably block all kinds of leakage, based on Sudo’s unique analysis of App Store apps.

Sudo is taking preorders for the app in the Apple Store and plans a full launch no later than June. It will debut on iOS, and required some lengthy conversations with Apple’s app reviewers as Sudo laid out precisely what part of its filtering happens in the app (none of it) and what happens at its cloud-based firewall (everything). The price will be in the range of a high-end, unlimited VPN—about $8 or $9 a month. Sudo plans an expanded beta program in April, followed by a production release that will be automatically delivered to preorder customers.


You’d need to be pretty worried about data grabs to pay that amount, wouldn’t you? That’s nearly a music subscription. Is your data *that* valuable? Wouldn’t an adblocker be a lot cheaper?

Antitrust: Commission fines Google €1.49bn for abusive practices in online advertising • European Commission



Google is an intermediary, like an advertising broker, between advertisers and website owners that want to profit from the space around their search results pages. Therefore, AdSense for Search works as an online search advertising intermediation platform.

Google was by far the strongest player in online search advertising intermediation in the European Economic Area (EEA), with a market share above 70% from 2006 to 2016. In 2016 Google also held market shares generally above 90% in the national markets for general search and above 75% in most of the national markets for online search advertising, where it is present with its flagship product, the Google search engine, which provides search results to consumers.

It is not possible for competitors in online search advertising such as Microsoft and Yahoo to sell advertising space in Google’s own search engine results pages. Therefore, third-party websites represent an important entry point for these other suppliers of online search advertising intermediation services to grow their business and try to compete with Google.

Google’s provision of online search advertising intermediation services to the most commercially important publishers took place via agreements that were individually negotiated. The Commission has reviewed hundreds of such agreements in the course of its investigation and found that:

• Starting in 2006, Google included exclusivity clauses in its contracts. This meant that publishers were prohibited from placing any search adverts from competitors on their search results pages. The decision concerns publishers whose agreements with Google required such exclusivity for all their websites.
• As of March 2009, Google gradually began replacing the exclusivity clauses with so-called “Premium Placement” clauses. These required publishers to reserve the most profitable space on their search results pages for Google’s adverts and request a minimum number of Google adverts. As a result, Google’s competitorswere prevented from placing their search adverts in the most visible and clicked on parts of the websites’ search results pages.
• As of March 2009, Google also included clauses requiring publishers to seek written approval from Google before making changes to the way in which any rival adverts were displayed. This meant that Google could control how attractive, and therefore clicked on, competing search adverts could be.


Errata, corrigenda and ai no corrida: perhaps you’ve noticed that the “link to this extract” links have gone? They created confusion, only worked in the blogpost, and I didn’t see them being used in that form. So I’ve removed them. Sorry, Richard.

3 thoughts on “Start Up No.1,028: a US DNA database by stealth?, Uber’s Aussie spyware, AI to draw for you, Nunes v cow, and more

  1. re. Guardian firewall: Browser-addon adblockers only catch ads within the browser, and are limited by what the browser allows addons to do. And PlayStore rules (and I’m sure AppStore rules) and technical sandboxes prevent apps from interfering with other apps.

    So only a VPN allows you to
    1- catch web/Internet traffic that’s from apps not from the browser.
    2- I’m not sure about iOS, but you probably need a VPN to catch system webview traffic too. You do on Android
    3- since filtering is handled by independent servers, you can do a lot more of it on a VPN than directly on the phone (say, code and traffic analysis instead of just white/blacklisting IPs)

    That’s on top of regular VPN functionality of encrypting + obfuscating traffic between the client and the VPN, and then obfuscating between the VPN and the server). Especially on iOS, that’s distinctly more than what you can do with an local adblocker. On Android you an do all the blocking w/o a VPN, but none of the obfuscating.

    So, if you’re concerned about safety and privacy, this seems a sensible way to do it. The only sensible way, actually. As I said before, OEMs that pretend to care about privacy and security should have this as a baseline feature.

  2. Isn’t Google’s game streaming stuff something different, more participative gaming or interactive broadcasting (and vice-versa) ? The more details come in, the more it seems more about sharing an experience than about playing anytime, anywhere.

    And it opens up a nice monetization opportunity: pay to play with or against X, which at a Fortnite 100 vs 100 could make sense at a relatively low price. Which would enable a very on point acronym for our Hispanic friends: PaGa ! Or BrIn, in hommage to Sergei.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.