Start Up No.1,090: YouTube’s sweary kid side, US ready to hack Russia’s grid, Gmail’s calendar flaw, the cost of (no) GPS, and more

Think of a song lyric and you’ll find it on Google. But where did the search engine get it from? CC-licensed photo by Diego Sideburns on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. For sale: empty podium, never used. I’m @charlesarthur on Twitter. Observations and links welcome.

Oh $h1t — there’s an awful lot of swearing on YouTube • Medium

Matt Reynolds:


Some of you may know that I have recently been working on developing an internet filter doodad that lets parents selectively filter what their children watch on YouTube.

One of the things the doodad does is a real-time analysis of the language used in YouTube videos. (It does this to determine an age-rating of PG, 12, 15, or 18 — any video that scores above the age you set for your child is blocked.)

One of the other things it does is it spits out just how much swearing there is in a given video — and it can also aggregate the amount of swearing across a channel. This is the analysis from PewPieDie — a YouTuber that I thought was just straightforwardly awful until I actually watched some of his videos and downgraded my expectations…

How about something more educational? Of 263 science videos, 3 of them contained the c-word. Because of course they did. Because what parent isn’t going to answer the question, “dad, can I watch a video on YouTube about science and technology” with “sure, go ahead!”

Here is a the analysis on one video that dropped the c-bomb. And it’s about fuc— freaking LEGO, and not even an unpopular type of LEGO. No, this is Avengers Endgame LEGO. Like, the most likely type of LEGO video you’re going to look for.

…YouTube has this singular problem that — as parents — we didn’t have growing up. The main broadcast channels had, you know, standards… Without any form of oversight, YouTube is always going to be a race to the bottom. I’ll be doing this analysis every month from now on — so at least we’ll know how fast we’re going.


Personally, I’d really like to know if it’s possible to completely disable the autoplay and “recommended” settings permanently. But this “doodad” looks like a useful start.
unique link to this extract

Lyrics site accuses Google of lifting its content • WSJ

Robert McMillan:


Genius said it notified Google as far back as 2017, and again in an April letter, that copied transcriptions appear on Google’s website. The April letter, a copy of which was viewed by the Journal, warned that reuse of Genius’s transcriptions breaks the terms of service and violates antitrust law.

“Over the last two years, we’ve shown Google irrefutable evidence again and again that they are displaying lyrics copied from Genius,” said Ben Gross, Genius’s chief strategy officer, in an email message. The company said it used a watermarking system in its lyrics that embedded patterns in the formatting of apostrophes. Genius said it found more than 100 examples of songs on Google that came from its site.

Starting around 2016, Genius made a subtle change to some of the songs on its website, alternating the lyrics’ apostrophes between straight and curly single-quote marks in exactly the same sequence for every song.

When the two types of apostrophes were converted to the dots and dashes used in Morse code, they spelled out the words “Red Handed.”

In a statement, Google said the lyrics on its site, which pop up in little search-result squares called “information panels,” are licensed from partners, not created by Google.


Classic Google; exactly the same as it was doing with Yelp back in 2013. Genius doesn’t actually own the lyrics, but it must own the copyright of the careful curation of the apostrophes.
unique link to this extract

Apple CEO Tim Cook: Technology companies need to take responsibility for chaos they create • CNBC

Kif Leswing:


Apple CEO Tim Cook warned that Silicon Valley companies needed to take responsibility for the “chaos” they create in a speech Sunday at Stanford University.

Although Cook did not mention companies by name, his commencement speech in Silicon Valley’s backyard mentioned data breaches, privacy violations, and even made reference to Theranos, a disgraced startup.

“Lately it seems this industry is becoming better known for a less noble innovation – the belief you can claim credit without accepting responsibility,” Cook said. “We see it every day now with every data breach, every privacy violation, every blind eye turned to hate speech, fake news poisoning out national conversation, the false miracles in exchange for a single drop of your blood.”

He continued: “It feels a bit crazy that anyone should have to say this, but if you built a chaos factory, you can’t dodge responsibility for the chaos.”


Plenty of easy pickings to be had on this front – though strangely he didn’t mention tax avoidance at contributing to the wider chaos of lowered tax takes in countries.
unique link to this extract

US escalates online attacks on Russia’s power grid • The New York Times

David Sanger and Nicole Perlroth:


In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.

Advocates of the more aggressive strategy said it was long overdue, after years of public warnings from the Department of Homeland Security and the FBI that Russia has inserted malware that could sabotage American power plants, oil and gas pipelines, or water supplies in any future conflict with the United States.

But it also carries significant risk of escalating the daily digital Cold War between Washington and Moscow.


Quite a thing, right? And now look at this little extra, buried wayyyy down the story:


Two administration officials said they believed Mr. Trump had not been briefed in any detail about the steps to place “implants” — software code that can be used for surveillance or attack — inside the Russian grid.

Pentagon and intelligence officials described broad hesitation to go into detail with Mr. Trump about operations against Russia for concern over his reaction — and the possibility that he might countermand it or discuss it with foreign officials, as he did in 2017 when he mentioned a sensitive operation in Syria to the Russian foreign minister.

Because the new law defines the actions in cyberspace as akin to traditional military activity on the ground, in the air or at sea, no such briefing would be necessary, they added.


Shall we tell the president? Nah, better not.
unique link to this extract

Amazon Spark, the retailer’s two-year-old Instagram competitor, has shut down • TechCrunch

Sarah Perez:


Amazon’s two-year-old Instagram competitor, Amazon Spark, is no more.

Hoping to capitalize on the social shopping trend and tap into the power of online influencers, Amazon in 2017 launched its own take on Instagram with a shoppable feed of stories and photos aimed at Prime members. The experiment known as Amazon Spark has now come to an end. However, the learnings from Spark and Amazon’s discovery tool Interesting Finds are being blended into a new social-inspired product, #FoundItOnAmazon.


Amazon had an Instagram competitor? For two years? I’ve literally never seen it.
unique link to this extract

New security warning issued for Google’s 1.5 billion Gmail and Calendar users • Forbes

Davey Winder:


users of the Gmail service are being targeted primarily through the use of malicious and unsolicited Google Calendar notifications. Anyone can schedule a meeting with you, that’s how the calendar application is designed to work. Gmail, which receives the notification of the invitation, is equally designed to tightly integrate with the calendaring functionality.

When a calendar invitation is sent to a user, a pop-up notification appears on their smartphone. The threat actors craft their invitations to include a malicious link, leveraging the trust that user familiarity with calendar notifications brings with it.

The researchers have noticed attackers throughout the last month using this technique to effectively spam users with phishing links to credential stealing sites. By populating the location and topic fields to announce a fake online poll or questionnaire with a financial incentive to participate, the threat actors encourage the victim to follow the malicious link where bank account or credit card details can be collected. By exploiting such a “non-traditional attack vector,” the criminals can get around the fact that people are increasingly aware of common methods to encourage link-clicking.

“Beyond phishing, this attack opens up the doors for a whole host of social engineering attacks,” says Javvad Malik, security awareness advocate at KnowBe4. Malik told me that in order to gain access to a building, for example, you could put in a calendar invite for an interview or similar face to face appointment such as building maintenance which, he warns “could allow physical access to secure areas.”


Google was told about this in 2017, and said that “making this change would cause major functionality drawbacks for legitimate API events with regards to Calendar.” But don’t worry! It scans for malicious links. Huh. Apple had a similar problem like this – spammy calendar invites being sent, mainly from China – in November 2016. Seems to have solved it.
unique link to this extract

The new wilderness • Idle Words

Maciej Cieglowski on the erosion of what he calls “ambient privacy” – the expectation that your interactions aren’t monitored or remembered:


Ambient privacy is particularly hard to protect where it extends into social and public spaces outside the reach of privacy law. If I’m subjected to facial recognition at the airport, or tagged on social media at a little league game, or my public library installs an always-on Alexa microphone, no one is violating my legal rights. But a portion of my life has been brought under the magnifying glass of software. Even if the data harvested from me is anonymized in strict conformity with the most fashionable data protection laws, I’ve lost something by the fact of being monitored.

One can argue that ambient privacy is a relic of an older world, just like the ability to see the stars in the night sky was a pleasant but inessential feature of the world before electricity. This is the argument Mr. Zuckerberg made when he unilaterally removed privacy protections from every Facebook account back in 2010. Social norms had changed, he explained at the time, and Facebook was changing with them. Presumably now they have changed back.

My own suspicion is that ambient privacy plays an important role in civic life. When all discussion takes place under the eye of software, in a for-profit medium working to shape the participants’ behavior, it may not be possible to create the consensus and shared sense of reality that is a prerequisite for self-government. If that is true, then the move away from ambient privacy will be an irreversible change, because it will remove our ability to function as a democracy.

All of this leads me to see a parallel between privacy law and environmental law, another area where a technological shift forced us to protect a dwindling resource that earlier generations could take for granted.


Always a must-read; easily comprehensible phrasing, but conveying deep meaning.

unique link to this extract

America’s renewable energy capacity is now greater than coal • CNN

Matt Egan:


“Coal has no technology path,” said Jeff McDermott, managing partner at Greentech Capital Advisors, a boutique investment bank focused on clean energy. “It’s got nowhere to go but extinction.”

The clean energy revolution is on the verge of a tipping point.

Also in April, the renewable energy sector was projected to have generated more electricity than coal, according to a separate report published by the Institute for Energy Economics and Financial Analysis. That transition was partially driven by seasonal issues.

At the same time, America has drastically cut back on its appetite for coal. Since peaking in 2008, US coal consumption has plunged 39% to the lowest level in 40 years, according to the US Energy Information Administration.

The milestones come despite President Donald Trump’s promise to prop up the coal industry by cutting environmental rules. Analysts say that’s because the shift toward renewables is being driven more by economics than regulation.

“The government can tap on the brakes or accelerate this movement – but this progress will continue moving forward,” said Matthew Hoza, senior energy analyst at consulting firm BTU Analytics.


A letter in The Observer on Sunday commented that the price of renewables is falling so fast that government spreadsheets can’t keep up (down?) with it.
unique link to this extract

Study finds that a GPS outage would cost $1bn per day • Ars Technica

Eric Berger:


According to the study, 90% of the technology’s financial impact has come since just 2010, or just 20% of the study period [which looks at 1984-2017]. Some sectors of the economy are only beginning to realize the value of GPS technology, or are identifying new uses for it, the report says, indicating that its value as a platform for innovation will continue to grow.

In the case of some adverse event leading to a widespread outage, the study estimates that the loss of GPS service would have a $1bn per-day impact, although the authors acknowledge this is at best a rough estimate. It would likely be higher during the planting season of April and May, when farmers are highly reliant on GPS technology for information about their fields.

To assess the effect of an outage, the study looked at several different variables. Among them was “precision timing” that enables a number of wireless services, including the synchronization of traffic between carrier networks, wireless handoff between base stations, and billing management. Moreover, higher levels of precision timing enable higher bandwidth and provide access to more devices. (For example, the implementation of 4G LTE technology would have been impossible without GPS technology).

In the case of an outage, there would be relatively minimal impacts over the first two days, but after that time, the wireless network would begin to degrade significantly. After 30 days, the study estimates that functionality would lie somewhere between 0% and 60% of normal operating levels. Landline phones would be largely unaffected.


That’s only for the US, of course. GPS costs about $1bn per annum to run. As economic multipliers go, that’s pretty dramatic. GPS was the example I kept reaching for when I was pushing the Free Our Data campaign: government funds it, private sector exploits it, but everyone benefits.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

1 thought on “Start Up No.1,090: YouTube’s sweary kid side, US ready to hack Russia’s grid, Gmail’s calendar flaw, the cost of (no) GPS, and more


    Interesting head-to-head on the probably 2 worthiest phones currently on the market: the $180ish Xiaomi Redmi Note 7 and the BBK/Oppo Realme 3 Pro.

    They’re mostly similar, with great performance (one step down current Android flasgships, so iPhone 6S-ish), good full-light camera (esp if used we Google’s gCam and not the OEM’s photo app), SD slot for all those offline moments, 2 day-ish battery life (that’s the thing I hear most praise about from ex-Applers even ex-Samsung people), nice LCD screen, OK sound, FM radio. Both are mostly unable to do good AR/VR and low-light pics, lack NFC and wireless charging.

    The Realme Unique Selling Proposition is that it can run Fortnite. Main drawback is lack of a notification light. Its ColorOS single original feature seems to be advanced screen color calibration, which is not much to fork Android over.

    The Redmi’s differentiators are very solid Android fork (dual apps, dual workspaces…Android reviewers seem to be looking for familiarity not added value and thus penalize Xiaomi’s MIUI, I mostly disagree about that), LED notification, IR blaster. Can’t run Fortnite, though PUBG runs OK.

    I’ll keep defaulting to the Redmi because of familiarity and track record, but teens will want Fortnite. Spending any more than what these 2 charge requires a darn good reason, especially if features (usually battery life, SD, FM, IR) get lost in the process.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.