Subscribe? There are a number of dubious apps scamming people with pricey subscriptions that aren’t worth it on the App Store. CC-licensed photo by Dominic Smith on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 13 links for you. Go on then. I’m @charlesarthur on Twitter. Observations and links welcome.
Investigating some subscription scam iOS apps • Ivan Rodriguez’s blog
»
For some reason Apple allows “subscription scam” apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It’s called the freemium business model, except these apps ask you to subscribe for “X” feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe. By subscribing you get a number of “free days” (trial) and then they charge you weekly/monthly/yearly for very basic features like scanning QR Codes.
I’ve been trying to monitor apps that have these characteristics:
– They have In-App purchases for their subscriptions
– They have bad reviews, specially with words like “scam” or “fraud”
– Their “good” reviews are generic, potentially bot-generated.This weekend I focused on five apps from two different developers and to my surprise they are very similar, not only their UI/UX but also their code is shared and their patterns are absolutely the same. A side from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.
«
There’s nothing fishy in the actual code – all the bad behaviour is right there in front of you, with the scammy subscription stuff. Apps like this are skimming millions every year – probably every month – from Apple users, and Apple could, if it wanted, stop it in a couple of weeks. There’s the nanny state, and then there’s protecting people from exploitation. This is the latter.
unique link to this extract
Google shuts down Nest app for Apple Watch and Wear OS • The Verge
Chris Welch:
»
People take control of their smart thermostat from their wrist so infrequently that Google has decided to completely scrap its Nest app for both Apple Watch and the company’s own Wear OS platform. The smartwatch Nest app offered a quick way to adjust the thermostat’s target temperature or operating mode. But now it simply displays a “Nest is no longer supported on Wear OS” message when opened and instructs customers to uninstall it.
“We took a look at Nest app users on smartwatches and found that only a small number of people were using it,” a Google spokesperson told 9to5Google. “Moving forward our team will spend more time focusing on delivering high quality experiences through mobile apps and voice interactions.”
Is this some monumental loss? No, not really. You can still just pull out your phone and do those same things (and more) with the Nest mobile app on Android and iOS. Notifications from the Nest smartphone app will continue to show up on your watch.
«
No surprise. There are very few things you can usefully control from your wrist. It’s fine for receiving notifications, dictating short notes, starting exercise apps. But really, isn’t the idea of the Nest that you don’t need to control it?
unique link to this extract
What if life did not originate on Earth? • The New Yorker
Isaac Chotiner:
»
For almost seven years, Nasa’s Curiosity rover has been exploring the terrain of Mars. Two weeks ago, it made a stunning discovery: relatively large concentrations of methane gas. The rover also found methane in 2013, but the readings recorded this month—approximately twenty-one parts per billion—were about three times as concentrated. The reason this news registered among scientists is that methane is often a sign of life; although the gas can be produced by various chemical reactions, most of it comes from animate beings. Does this mean that we are on the verge of discovering life on Mars, and, if so, what kind of life is it likely to be?
To discuss these questions, I spoke by phone with Gary Ruvkun, a molecular biologist and professor of genetics at Harvard Medical School. Ruvkun has what he admits are somewhat unusual opinions about life’s origins, and about the possibility of finding life elsewhere. In short, he questions the common assumption that our form of DNA-based life began on Earth. What began as an interview about the methane discovery turned into a discussion about why he wants to send something called a DNA sequencer to Mars. (After our conversation, NASA announced that the methane concentrations had descended back to their usual levels, further confounding scientists.) During our conversation, which has been edited for length and clarity, we also discussed the ways in which scientific debates about the origins of life intersect with religious ones, the reasons he might be dead wrong, and what it feels like to hold a minority opinion in the scientific community.
«
Chotiner’s interviews are always worth reading: he has an exceptional ability to ask the right questions, and knowledge of the topic that helps to get deeper into it than the standard Q+A.
unique link to this extract
I Can’t Stop Winning! • Pinboard
Maciej Cieglowski:
»
Pinboard is ten years old! I launched the site in July 9, 2009 from a small kitchen in Botoșani, Romania. My very first support email angrily demanded a refund, setting the tone for the next ten years.
The Internet back then was different. HTTPS was a luxury good. You could buy products and services with Bitcoin. Things in the tech industry hadn’t consolidated down to an oligopoly—Yahoo was still a going concern, as was AOL and LiveJournal. The ‘big 3’ in tech were HP, IBM, and Motorola, with Microsoft the only software company in the top 10. Pillows were fluffier. Food tasted better.
Now that a decade has passed, I thought I would have some Yoda-like business wisdom to impart, but I don’t. It feels just like last year. The journey of 10,000 steps begins with 9,999 steps!
My grandpa sometimes said “you have to help your fate along,” and I always liked this worldview very much, for the way it bolted a work ethic onto fatalism. Things happen, but you can always take credit for tenacity.
A one-person business is an exercise in long-term anxiety management, so I would say if you are already an anxious person, go ahead and start a business. You’re not going to feel any worse. You’ve already got the main skill set of staying up and worrying, so you might as well make some money.
«
Cieglowski is definitely a force for good – especially in the way he helped fundraise for liberal causes, and secure politicians’ systems. If you could power servers with sardonic humour, he’d be set.
unique link to this extract
Instagram influencer engagement hovers near all-time lows, study says • Mobile Marketer
Robert Williams:
»
Instagram influencers have seen their engagement rates hover near all-time lows as the Facebook-owned app becomes over-crowded with sponsored posts, per a study that analytics firm InfluencerDB shared with Mobile Marketer. The engagement rate for sponsored posts fell to 2.4% in Q1 2019 from 4% three years earlier, while the rate for non-sponsored posts slid to 1.9% from 4.5% for the comparable periods.
The engagement rate for Instagram influencers with at least 10,000 followers is steady at about 3.6% worldwide. Influencers with 5,000 to 10,000 followers have an engagement rate of 6.3% and those with a following of 1,000 to 5,000 have the highest rate at 8.8%, per InfluencerDB.
The engagement rate for every industry category of influencer has declined in the past year. Travel influencers, who typically have the highest engagement rates, have seen an average drop to 4.5% this year from 8% in 2018. InfluencerDB also observed declines for influencers in beauty, fashion, food, lifestyle and sports and fitness.
«
A business in decline, feels like.
unique link to this extract
The lifetime of an Android API vulnerability • Light Blue Touchpaper
Daniel Carter, Daniel Thomas, and Alastair Beresford:
»
The specific vulnerability (CVE-2012-6636) affected Android devices and allowed JavaScript running inside a WebView of an app (e.g. an advert) to run arbitrary code inside the app itself, with all the permissions of app. The vulnerability could be exploited remotely by an attacker who bought ads which supported JavaScript. In addition, since most ads at the time were served over HTTP, the vulnerability could also be exploited if an attacker controlled a network used by the Android device (e.g. WiFi in a coffee shop). The fix required both the Android operating system, and all apps installed on the handset, to support at least Android API Level 17. Thus, the deployment of an effective solution for users was especially challenging.
When we published our paper in 2015, we predicted that this vulnerability would not be patched on 95% of devices in the Android ecosystem until January 2018 (plus or minus a standard deviation of 1.23 years). Since this date has now passed, we decided to check whether our prediction was correct.
«
LBT is the security team at Cambridge University’s computer lab. This vulnerability seems quite serious, doesn’t it? Took a while – as in years – to get fixed, though.
unique link to this extract
AT+T starts blocking robocalls automatically, no opt-in required • Android Police
Manuel Vonau:
»
Robocalls are a problem almost everyone in the US can relate to, and the fact that carriers weren’t allowed to block suspected spam calls without the explicit opt-in from customers for a long time hasn’t exactly improved the issue. An FCC ruling in June changed legislation around that, and AT+T was quick to act on it. The company is now automatically blocking calls it suspects as spam or fraud.
The service will be enabled for new customers right away and will roll out to existing lines “over the coming months.” In contrast to AT+T’s current Call Protect app, this upcoming blocking method doesn’t require you to install anything on your phone and will be provided on an opt-out basis, meaning users of the network should see a significant drop in spam calls going forward without having to take any action themselves.
«
Be interested to know how they identify the spam calls. There’s definitely a story to be written there, and in (in the UK) British Telecom’s efforts on this, because it seems to have made some progress in recent months preventing nuisance and spam calls.
unique link to this extract
Chinese air pollution dimmed sunlight enough to impact solar panels • Ars Technica
Scott Johnson:
»
China is easily number one in terms of new solar construction right now, accounting for over half of the world’s installs in 2017, for example. Between 2010 and 2017, China went from having less than 1 gigawatt of solar capacity to 130 gigawatts, and the country is headed for around 400 gigawatts by 2030. After a run of transformative economic growth powered by coal and other fossil fuels, China is dealing with choking air pollution that is a major driving factor in this solar push.
Recent research has compiled a record of solar radiation measurements around China going back to the late 1950s. The research shows a declining trend in solar radiation until about 2005, when it leveled off and began to tick back upward. That tracks the increasing particulate air pollution due to coal-burning power plants and manufacturing—as well as biomass burning—that has only recently been addressed.
A team led by Bart Sweerts at ETH Zürich took that record and fed it into generation models for China’s solar installations to calculate how much generation has been lost—and how much would be gained by cleaning up the air.
The researchers found that, over the entire record between about 1960 and 2015, the average potential solar generation declined by about 13%.
«
Huawei gets its breather, sort of • The New York Times
:
»
Larry Kudlow, the director of the National Economic Council, said that the U.S. had “relaxed a bit” the licensing requirements from the Commerce Department for companies that sell to Huawei.
Another top official suggested the move would allow chip makers to continue selling certain technology to Huawei.
That could be good news for some U.S. tech companies, including Broadcom, Intel and Qualcomm, who all sell microchips to Huawei. American businesses “have lobbied the administration, saying that the ban will cut them off from a major source of revenue, while doing little to hold back Huawei’s technological advancement,” Mr. Tankersley and Ms. Swanson write.
But the reprieve is not a broad amnesty. Mr. Ross, speaking at an export-control conference in Washington, said the administration would continue efforts to protect America’s advanced technologies. “It is wrong to trade sensitive I.P. or source codes for access to a foreign market,” he said, “no matter how lucrative that market might be.”
«
This sounds then like they’ll allow sales of smartphone components. But what about parts that go into networking gear? Are those OK if the gear isn’t sold in the US? I don’t think the US knows what its policy is in any detail.
unique link to this extract
Man’s DNA test helped police arrest his relative for UCF student’s death • ClickOrlando
Mike DeForest:
»
John Hogan had never heard of Christine Franke nor had he seen news reports detailing law enforcement’s inability to figure out who fatally shot the 25-year-old University of Central Florida student in her Orlando apartment in 2001.
But by submitting his DNA to a genealogy database, Hogan unwittingly helped detectives identify and arrest the killer, according to newly released police records obtained by News 6.
“When you told me that my DNA helped solve a 17-year cold case murder, I just couldn’t believe it,” said Hogan, who recently learned of his role in the homicide investigation when he was contacted by a News 6 reporter.
Using DNA extracted from semen found at the crime scene, detectives uploaded the suspected killer’s genetic data to GEDmatch, a free online database used by genealogists and amateur researchers to identify potential relatives.
Investigators soon discovered the suspect was genetically related to Hogan, police records show.
«
This is going to become completely commonplace in a year or so, and if people put information onto public databases then how do you stop the police using them too? It’s as if people were storing their CCTV camera data on publicly accessible sites.
unique link to this extract
Is Firefox better than Chrome? It comes down to privacy • The Washington Post
Geoffrey Fowler:
»
Seen from the inside, [Google’s] Chrome browser looks a lot like surveillance software.
Lately I’ve been investigating the secret life of my data, running experiments to see what technology really gets up to under the cover of privacy policies that nobody reads. It turns out, having the world’s biggest advertising company make the most popular Web browser was about as smart as letting kids run a candy shop.
It made me decide to ditch Chrome for a new version of nonprofit Mozilla’s Firefox, which has default privacy protections. Switching involved less inconvenience than you might imagine.
My tests of Chrome vs. Firefox unearthed a personal data caper of absurd proportions. In a week of Web surfing on my desktop, I discovered 11,189 requests for tracker “cookies” that Chrome would have ushered right onto my computer but were automatically blocked by Firefox. These little files are the hooks that data firms, including Google itself, use to follow what websites you visit so they can build profiles of your interests, income and personality.
Chrome welcomed trackers even at websites you would think would be private. I watched Aetna and the Federal Student Aid website set cookies for Facebook and Google. They surreptitiously told the data giants every time I pulled up the insurance and loan service’s login pages.
«
Inside Facebook’s information warfare team • Financial Times
Hannah Murphy:
»
Staff are quick to point to efforts to address these issues: Facebook has developed technology to better weed out fake accounts and it works with third-party fact-checkers. It also ran a pilot ahead of the US midterms to better secure the Facebook accounts of staff working on campaigns.
Meanwhile, the introduction of more transparency around political adverts has made it more arduous and expensive for bad actors to interfere.
But the team faces new challenges. One is the commercialisation of the space: organised and government-backed troll farms are now being replaced by marketing and PR companies offering manipulation-for-hire.
While the tactics used by these private companies are similar, their motivations — and the actual source of the campaign — are now harder to track.
One non-government domestic campaign in the Philippines, taken down by Facebook, was led by a marketing company with 45m followers. Ahead of the Brazilian elections, several social media marketing companies were behind campaigns, he added.
“The services they were offering were things like, ‘We will organise people and pay them to post . . . on your behalf, or we have a network of fake accounts, you pay us and then we’re going to use that network to go and comment on your behalf’,” he said.
“They’re doing it as a service and that in a way disperses the breadth of these type of activities, both geographically and the type of actors that are involved,” [David] Agranovich [who heads the threat review process] said.
«
Majority of UK Instagram influencers engage in fakery, says landmark new study • PR Week
Arvind Hickman:
»
More than half of UK Instagram accounts have been found to engage some form of fraudulent activity, including buying mass followers, likes or inauthentic comments and using engagement bots, a comprehensive global study has found.
The research, by Swedish e-commerce start-up A Good Company and analytics firm HypeAuditor, assessed 1.84 million Instagram accounts across 82 countries.
It exposes a platform where the majority of influencers artificially boost vanity metrics that marketers often use when choosing influencers, including followers and engagement. The Insta fraud is estimated to cost marketers close to $750m globally in wastage in a market now worth about $1.7bn.
In the UK, the study found nearly 10 million accounts are fake. The three markets with the most fakes are the US (49 million), Brazil (27 million) and India (16 million).
The proportion of accounts in the UK that have either bought followers, comments or used engagement bots is 54%, below the US (60%) and the world average (57%).
In addition to the quantitative analysis, the study carried out an anonymous survey of about 400 influencers to find out if the figures matched up with what influencers admit to doing.
These results showed that more than 60% admit to either using engagement pods, bought followers, likes or comments at some point, and that one in five intend to continue doing so.
A Good Company CEO and co-founder Anders Ankarlid told PRWeek: “Our numbers show that in the UK, as many as 10 million accounts are fake. This has significant implications on the de facto market value.”
«
That old saying about advertising – “half the money is wasted, we just don’t know which half” – remains true.
unique link to this extract
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 
re Firefox: Also, Firefox on Android supports all the usual privacy and adblock addons (and all other addons), on top of default privacy&block features that are almost OK. Chrome doesn’t, and iOS browsers aren’t allowed those features.
If you’re on Android, just switch already ! If you’re on iOS , there’s no point.