Start Up No.1,165: Apple’s China browsing problem, Turkey blocks social media, fracking means methane, blocking tech tax dodges, and more


NMR data for more than 100 scientific papers about cyanobacteria – seeking cancer cures – is in doubt due to a code glitch. CC-licensed photo by Dave Thomas on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Off and on again. I’m @charlesarthur on Twitter. Observations and links welcome.

How safe is Apple’s Safe Browsing? • A Few Thoughts on Cryptographic Engineering

Matthew Green:

»

This morning brings new and exciting news from the land of Apple. It appears that, at least on iOS 13, Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tencent. This is being done as part of Apple’s “Fraudulent Website Warning”, which uses the Google-developed Safe Browsing technology as the back end. This feature appears to be “on” by default in iOS Safari, meaning that millions of users could potentially be affected.

As is the standard for this sort of news, Apple hasn’t provided much — well, any — detail on whose browsing history this will affect, or what sort of privacy mechanisms are in place to protect its users. The changes probably affect only Chinese-localized users (see Github commits, courtesy Eric Romang), although it’s difficult to know for certain. However, it’s notable that Apple’s warning appears on U.S.-registered iPhones.

Regardless of which users are affected, Apple hasn’t said much about the privacy implications of shifting Safe Browsing to use Tencent’s servers. Since we lack concrete information, the best we can do is talk a bit about the technology and its implications. That’s what I’m going to do below.

«

This isn’t a good look for Apple. Event may have overtaken by the time this appears, but if not it’s setting itself up for another week of trouble. China is becoming Apple’s tar baby.
unique link to this extract


Dealing with China isn’t worth the moral cost • The New York Times

Farhad Manjoo:

»

There is a school of thought that says America should not think of China as an enemy. With its far larger population, China’s economy will inevitably come to eclipse ours, but that is hardly a mortal threat. In climate change, the world faces a huge collective-action problem that will require global cooperation. According to this view, treating China like an adversary will only frustrate our own long-term goals.

But this perspective leaves out the threat that greater economic and technological integration with China poses to everyone outside of China. It ignores the ever-steeper capitulation that China requires of its partners. And it overlooks the most important new factor in the Chinese regime’s longevity: the seductive efficiency that technology offers to effect a breathtaking new level of control over its population.

There was a time when Westerners believed that the internet would be the Communist regime’s ruin. In a speech in 2000 urging Congress to normalize trade relations with China, President Bill Clinton famously quipped: “There’s no question China has been trying to crack down on the internet. Good luck! That’s sort of like trying to nail Jell-O to the wall.” The crowd of foreign policy experts erupted in knowing laughter.

China proved them wrong. It didn’t just find a way to nail Jell-O; it became a Jell-O master carpenter. Through online surveillance, facial recognition, artificial intelligence and the propagandistic gold mine of social media, China has mobilized a set of tools that allow it to invisibly, routinely repress its citizens and shape political opinion by manipulating their feelings and grievances on just about any controversy.

«

We were so busy preventing the surveillance of ‘1984’ happening in the west that we didn’t think it would happen in the east. Blistering piece from Manjoo. (Thanks John Naughton for the link.)
unique link to this extract


China’s global reach: surveillance and censorship beyond the Great Firewall • Electronic Frontier Foundation

Danny O’Brien:

»

The Great Cannon is a large-scale technology deployed by ISPs based in China to inject javascript code into customers’ insecure (HTTP) requests. This code weaponizes the millions of mainland Chinese Internet connections that pass through these ISPs. When users visit insecure websites, their browsers will also download and run the government’s malicious javascript—which will cause them to send additional traffic to sites outside the Great Firewall, potentially slowing these websites down for other users, or overloading them entirely.

The Great Cannon’s debut in 2015 took down Github, where Chinese users were hosting anti-censorship software and mirrors of otherwise-banned news outlets like the New York Times. Following widespread international backlash, this attack was halted.

Last month, the Great Cannon was activated once again, aiming this time at Hong Kong protestors. It briefly took down LIHKG, a Hong Kong social media platform central to organizing this summer’s protests.

«

unique link to this extract


Turkish ISP blocks social media sites near Syrian border • WIRED

Paris Martineau:

»

Turkey restricted access to Facebook, Instagram, Twitter, and WhatsApp in at least three cities in the southern part of the country for about 48 hours earlier this week as it launched an attack on northern Syria, according to data collected by civil society group NetBlocks and reviewed by WIRED. Turkey moved against Kurdish forces in northern Syria Wednesday, launching an air and ground assault on a militia allied with the US days after President Donald Trump pulled US troops out of the area.

Turks close to the border rely on those social media services to access and share uncensored news.

NetBlocks tests suggest that beginning Wednesday at around 1 am UTC (9 pm Tuesday ET), users in the cities of Gaziantep, Şanlıurfa, and Hatay were blocked from accessing some popular social media platforms and message services while connected to Turkey’s leading internet service provider, Türk Telekom. Access appeared to be restored early Friday morning UTC, the data suggests. Türk Telekom is partially owned by Turkey’s government.

«

unique link to this extract


Mastercard, Visa, eBay drop out of Facebook’s Libra payments network • WSJ

AnnaMaria Andriotis and Peter Rudegeair:

»

The biggest financial companies that Facebook recruited to launch a world-wide cryptocurrency-based payments network have backed out of the project, threatening to derail an ambitious initiative to remake global finance before it ever gets off the ground.

Visa, Mastercard, Stripe and eBay said Friday they were withdrawing from the coalition of companies that had originally signed on to help launch the libra cryptocurrency, following PayPal, which dropped out of the Libra Association last week.

The moves came after lawmakers, central bankers and regulators expressed deep concerns about the libra project.

The loss of four of the largest payments companies in the world leaves Facebook without much of the muscle it assembled for libra, a digital currency it hoped would make it a player in e-commerce and global money transfers. The project now mostly hinges on smaller payments companies, telecommunications providers, venture-capital firms, e-commerce merchants and nonprofits.

“I would caution against reading the fate of Libra into this update,” David Marcus, the Facebook executive overseeing the project, wrote Friday on Twitter. “Of course, it’s not great news in the short term, but in a way it’s liberating…”

«

The reason they pulled out is because today (Monday) is when they’d have to formally sign up and hand over $10m to be a member of Libra, and they’ve all been leant on heavily by regulators and politicians who don’t like the idea.

I still wouldn’t write Libra (or libra) off. I suspect Facebook really wants this to happen. If it can get it close to getting off the ground, or figure a way through the regulatory thicket, then they’ll be back on board in a flash.
unique link to this extract


A code glitch may have caused errors in more than 100 published scientific studies • VICE

Maddie Bender:

»

Yuheng Luo, a graduate student at the University of Hawaiʻi at Mānoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria. The aim of the project was to “try to find compounds that are effective against cancer,” Williams said.

Under supervision of University of Hawaiʻi at Mānoa assistant chemistry professor Rui Sun, Luo used a script written in Python that was published as part of a 2014 paper by Patrick Willoughby, Matthew Jansma, and Thomas Hoye in the journal Nature Protocols. The code computes chemical shift values for NMR, or nuclear magnetic resonance spectroscopy, a common technique used by chemists to determine the molecular make-up of a sample.

Luo’s results did not match up with the NMR values that Williams’ group had previously calculated, and according to Sun, when his students ran the code on their computers, they realized that different operating systems were producing different results. Sun then adjusted the code to fix the glitch, which had to do with how different operating systems sort files.

Willoughby, the first author of the 2014 study who wrote the script, called the new study “a beautiful example of science working to advance the work we reported in 2014.”

«

Here’s the paper on discovering the glitch. Windows 10 and MacOS Mavericks (10.13) give the same result; Ubuntu 16 and MacOS Mojave (10.14) give results that don’t agree with the other two, or each other. The reason: the way they sort files. The script expects pairs of data files to process. If the file pairing goes wrong, the outputs are wrong.
unique link to this extract


More methane in atmosphere linked to more fracking • National Geographic

Stephen Leahy:

»

Scientists have measured big increases in the amount of methane, the powerful global warming gas, entering the atmosphere over the last decade. Cows or wetlands have been fingered as possible sources, but new research points to methane emissions from fossil fuel production—mainly from shale gas operations in the United States and Canada—as the culprit.

The “massive” increase in methane emissions occurred at the same time as the use of fracking for shale gas took off in the US, says Robert Howarth, an ecologist at Cornell University and author of the study published Aug 14 in the journal Biogeosciences.

“We know the increase is largely due to fossil fuel production and this research suggests over half is from shale gas operations,” Howarth says in an interview.

This big methane increase matters because methane heats up the climate over 80 times more than an equivalent amount of carbon dioxide (CO2) in the first 20 years after it is released into the atmosphere, according to the Intergovernmental Panel on Climate Change. After 20 years most of the methane becomes CO2, which can last for hundreds of years.

«

This is from August, but still relevant. And will be for hundreds of years.
unique link to this extract


Tech giants shift profits to avoid taxes. There’s a plan to stop them • The New York Times

Jim Tankersley:

»

[Last] Wednesday’s release brought an 18-page framework plan [from the OECD] that officials hope will form the basis of an international agreement on digital taxation as early as next year. That framework would fundamentally alter how and where companies that operated across national borders were taxed, though it leaves the details of those tax rates to future negotiators. It suggests new rules on where companies should pay taxes — largely based on where their sales occur — and on which profits are subject to taxation.

“In a digital age, the allocation of taxing rights can no longer be exclusively circumscribed by reference to physical presence,” the framework states. “The current rules dating back to the 1920s are no longer sufficient to ensure a fair allocation of taxing rights in an increasingly globalized world.”

The framework applies only to multinationals with annual revenues of about $825 million or higher. It excludes manufacturing suppliers and resource extraction companies, like oil companies.

As it stands, the framework appears to be a victory for large, consumption-heavy countries like the United States, China and much of Western Europe, and a loss for so-called tax havens, like Ireland. Advancing the negotiating process is a win for large multinationals, even though a final deal could put them on the hook to pay more in taxes, because the alternative appears to be a series of country-by-country digital taxes that could be expensive to comply with.

“Amazon welcomes the publication of these proposals by the OECD, which are an important step forward,” a spokeswoman said Wednesday in an email.

«

unique link to this extract


Underscores, optimization & arms races • Humane Tech on Medium

Anil Dash on the early days of the web (well, around 2004):

»

people wanted to have the whole title of their article show up in the web address. Part of this was just because it looked cool, but some folks had started to suspect that having those words in the address might help a blog post rank higher on Google. (Google was still a smaller player in the overall web search market at the time, but it was already by far the most popular search engine amongst internet geeks.)

But here’s the thing: web addresses can’t have spaces in them. To include a full title with spaces in a web address for a blog, the spaces would either have to be removed (ugly!) or converted into something equivalent. Since we were one of the first to encounter this issue, our team designed to have our content management system use underscores, based on the rationale that underscores were the character that most closely resembled a blank space.

The end result? Anybody who used our tools could write a a blog post entitled “My Great Cookie Recipe” and it would live at an address that looked like example.com/2005/04/my_great_cookie_recipe.html. By contrast, the WordPress team thought that hyphens looked better, so blog posts published on their tool would look more like example.com/2005/04/my-great-cookie-recipe. Sure, these different tools made slightly different choices about which character to use, but such a subtle distinction couldn’t be meaningful, right?

As it would turn out, we’d stumbled across a harbinger of how the entire web was about to change.

«

This was a harbinger of the whole gigantic industry of SEO – but also whether Google would follow the web, or vice-versa.
unique link to this extract


Nomad’s new Base Station Pro offers a taste of what Apple’s AirPower had promised • Techcrunch

Darrell Etherington:

»

This is pretty similar to what Apple’s AirPower promised, before its unfortunate demise. The hardware similarly makes use of a matrix of multiple charging coils, which interlink to offer charging capabilities across the surface of the Base Station Pro. Perhaps intentionally, Aira’s website URL is ‘airapower.com,’ one letter off from Apple’s shelved first-party accessory.

Nomad’s charger inherits the same aesthetics of the company’s existing chargers, which means you get a black soft leather surface for putting your devices on top of, and the surrounding frame is made of slate gray aluminum. The charger should look and feel very premium, if Nomad’s other Base Stations are any indication.

The Base Station Pro supports charging speeds of up to 5W each, which is not the max supported by the iPhone or other devices – but according to Aira co-founder Jake Slatnick, that’s not actually much of a limitation at all.

“An interesting detail that we’ve learned through benchmarking is that our 5W output charge time is comparable to other 10W advertised chargers,” Slatnick explained via email. “It turns out, as soon as the phone starts to heat up, the charge speed slows down significantly, usually below 5W. The 7.5W chargers seem to only last at those speeds for a few minutes. We think the performance right now is on par with everything else and that it shouldn’t be noticeable to most users.”

«

(Thanks Adewale Adetugbo for the link.)
unique link to this extract


Attacker pinpointed victim’s home from eye image • NHK WORLD-JAPAN News

»

A man who attacked a woman working as a so-called idol reportedly located her home by using an image reflected in her eyes in a photo on social media.

Twenty-six-year-old Hibiki Sato was indicted on Tuesday for attacking the woman in her 20s.

Sato allegedly covered the woman’s mouth from behind with a towel as she returned to her condominium in Tokyo on the night of September 1. He pulled her down, groped her, and injured her.

Sato said he was a big fan of the woman. He reportedly told investigators he got a clue to her address from the photo showing a train station reflected in her eyes.

Sato used Google’s Street View service to find the station, waited for her there and followed her.

Sato also found out where the woman lived by using videos she’d posted on social media that showed how her curtains were positioned and how lights shone through her windows.

«

What the whatting what.
unique link to this extract


Errata, corrigenda and ai no corrida: none notified

7 thoughts on “Start Up No.1,165: Apple’s China browsing problem, Turkey blocks social media, fracking means methane, blocking tech tax dodges, and more

  1. Do we know if the statement about using a train station reflection in the eyes does in fact reflect reality? As in, the offender saying that was the method used, doesn’t mean that was really the method used. Just to be a bit skeptical, if he did something illegal, like bribing someone to get personal information, he may not want to confess to that illegal action. Using a cover story about getting it from public social media material, means not risking further criminal charges. Sure, it’s a strange story, but it also sounds like a story one could pick up from fiction – exactly what makes it attractive. Listeners are inclined to believe it. If an investigator asks “which photo?”, he can simply say he deleted his copy since he didn’t need it any more, and can’t find the right one again among all the other photos out there.

  2. Re. Apple and China:

    1- Again, Google has nothing to do with this. There must be someone in a dark room at Apple’s PR dept whose job is, when Apple gets nabbed again being bad or idiotic, to make sure Google also appears in the headline or at least the article for some splash-over damage. People should stop lapping that up. Apple chose to send users’ browsing destinations to Tencent on top of sending it to Google. Google is as involved in this as Ford was in Volkswagen’s scandal.
    2- At minimum, it seems this gives Tencent regular updates on affected users’ IP address. At most, Tencent gets or can deduce a list of the sites you visit. Don’t forget, in China Apple’s servers are hosted by the government, so any traffic with Apple’s servers reveals your IP hence your location, so this probably doesn’t make a huge difference for Chinese users, they’ve already been sold out. Might impact non-China users though.

    The issue is not China, it’s Apple. There’s a huge disconnect between their PR and their actions, through partly greed, partly incompetence. And, please, Google is nowhere near this issue.

    On a related note, a “hollow issue” (those things that are noticeable not because they happen, but because they don’t) is Apple employees utter silence and inaction in all this. At pretty much all other companies involved in similar issues (Google, Blizzard, MS…), employees have weighed in, sometimes loudly. I’m not saying it’s right or wrong, efficient or useless, but it’s noticeable and maybe surprising that Apple employees are utterly silent and passive. Speaks to corporate culture / character.

    • We don’t know whether Apple employees are being silent and/or inactive. The absence of reports about it doesn’t mean there’s an absence of activity or discussion; Apple staff tend not to make a noise about things on social media. You may have noticed this in connection with other topics relating to Apple. The corporate culture is that things get discussed internally.

      The topics where Google staffers, for example, have been vociferous are those where they’ve felt Google is going against their ethics – notably over Andy Rubin and other execs accused of sexual misconduct, and over Google’s involvement with military projects. I’d imagine that there is actually a lot of back and forth inside Apple over this China topic. People will definitely have opinions about it.

      • I’m sure they’re having thoughts and discussions, to themselves and maybe amongst themselves. I’m sure everybody who does business in/with China, esp. in IT/surveillance/security/military does. Thoughts and words are not action though; some companies have seen words share externally, even actions, Apple hasn’t. There’s a clear difference.

        With a very top-down, PR-oriented company like Apple, possible muted internal soul-searching or grumbling is very close to nothing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.