Start Up No.1213: smartphone life 2010-style, Ring’s security holes, 2019’s top stories, part-time fact-checking?, bitcoin mansplaining, and more


Tory MPs are switching away from Signal to WhatsApp – claiming it’s because there are too many of them for a single group. CC-licensed photo by Tim Reckmann on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Nearly there. I’m @charlesarthur on Twitter. Observations and links welcome.

First, the smartphone changed. Then, over a decade, it changed us • WSJ

Joanna Stern:

»

The modern-day smartphone in all its rectangular touch screen beauty wasn’t invented in 2010. (The iPhone arrived in 2007.) But it was the year that so many of us began to ditch those aforementioned gadgets, and trade our phones—made for calls and the occasional text or email—for that single computer now in our pocket. It was also the year the biggest apps currently lining our homescreens began to arrive.

What we got was a device that changed what it means to be human. A gadget that as it gained functionality, fundamentally altered the way we navigate the world, our relationships, ourselves. But it also began to navigate us—in ways we sometimes didn’t even realize and probably shouldn’t have welcomed.

To see just how much the smartphone has changed the way we function in the world, I challenged myself to go on a trip to the past for 24 hours—using just 2010 technology, including my old BlackBerry. (Watch my video to see how well I survived my day in Hell, Michigan.)

At times I felt totally and completely lost—probably because, with a malfunctioning GPS, I actually was. I missed not being able to do so many things I now take for granted. And yet it was also strangely exhilarating. I felt more in control, more present and, maybe, more like myself.

«

Stern always has such fantastic setups for her pieces; choosing to do it in Hell is just the icing on the cake.
unique link to this extract


We tested Ring’s security. It’s awful • VICE

Joseph Cox:

»

It’s not so much being watched. It’s that I don’t really know if I’m being watched or not.

From across the other side of the world, a colleague has just accessed my Ring account, and in turn, a live-feed of a Ring camera in my apartment. He sent a screenshot of me stretching, getting ready for work. Then a second colleague accessed the camera from another country, and started talking to me through the Ring device.

“Joe can you tell I’m watching you type,” they added in a Slack message. The blue light which signals someone is watching the camera feed faded away. But I still couldn’t shake the feeling of someone may be tuning in. I went into another room.

My colleagues were only able to access my Ring camera because they had the relevant email address and password, but Amazon-owned home security company Ring is not doing enough to stop hackers breaking into customer accounts, and in turn, their cameras, according to multiple cybersecurity experts, people who write tools to break into accounts, and Motherboard’s own analysis with a Ring camera it bought to test the company’s security protections.

…Ring is not offering basic security precautions, such as double-checking whether someone logging in from an unknown IP address is the legitimate user, or providing a way to see how many users are currently logged in—entirely common security measures across a wealth of online services.

«

Email addresses and cracked passwords for various services are available all over the net; Amazon isn’t taking this seriously enough.
unique link to this extract


Chartbeat: 2019’s top stories

Chartbeat:

»

How we compiled the 2019 list.

We evaluated more than 54 million pieces of content, totalling 294 billion minutes of Engaged Time, which is the total amount of time visitors spent actively reading pages across our network. Stories are tagged by topics, reflecting the variety of coverage and ultimately favouring original narratives.

«

The top story turns out to be one that I didn’t link to, so you might need to go and visit to find out. Though as to Chartbeat’s claim that it’s “ultimately favouring original content”, there are a couple of rewrites of other articles in the list in there. And the Yahoo Japan content, in Japanese: who knows?
unique link to this extract


Exclusive: Facebook adding part-time fact-checkers to root out misinformation • Axios

Sara Fischer:

»

The reviewers are meant to be representative of everyday Facebook users, so they don’t have any sort of particular expertise in fact-checking.

This is done intentionally by Facebook because it wants the sources that they pass over to third-party fact-checkers to be unbiased, and akin to what an average Facebook user would find if they searched for news articles to assess the validity of a piece of information they found on Facebook.

Facebook wouldn’t say how many part-time contractors are being hired, but it says the number will vary as the pilot is evaluated and that Appen will be responsible for making staffing adjustments based on scaling needs.

As an additional safeguard, Facebook says it’s partnering with YouGov, a global public opinion and data company, to ensure that the pool of community reviewers represent the diversity of people on Facebook.

Facebook says that ahead of the pilot’s launch, YouGov has determined that the requirements Appen has used to select community reviewers will lead to a pool of people that is representative of the Facebook community in the U.S., and that it should reflect the diverse viewpoints on Facebook, including political ideology.

«

This has so much potential to go so, so wrong. Part-time non-expert fact-checkers. Like part-time non-expert airline pilots, maybe: responsible for a lot of people’s direction.
unique link to this extract


Tories switch to messaging app Signal after WhatsApp leaks • The Guardian

Jim Waterson:

»

The Conservative party has started using the secure messaging service Signal for its internal communications with Tory MPs, following years of leaks from WhatsApp groups.

Signal, which is an alternative to Facebook-owned WhatsApp, prides itself on its ultra-secure privacy features and has an option to make messages automatically disappear after a set period of time, making it harder to retrospectively leak conversations.

The nonprofit open source service, which is endorsed by the likes of Edward Snowden, promises highly encrypted ad-free communications and pledges to ensure no one can read user messages or see their calls. Earlier this year the co-founder of WhatsApp gave $50m (£38m) to Signal to help improve the service.

Jim Killock of the Open Rights Group, which campaigns on internet freedoms, suggested the Tories’ switch to using Signal for party communications is ironic given the party’s longstanding campaign to introduce a backdoor on such messaging services for the benefit of the authorities.

…A Conservative spokesperson said the real justification for their MPs to use Signal was operational, rather than for security reasons. With so many Tory MPs elected at the last election, it had become impossible to fit them all in a single WhatsApp group, because they are currently capped at 256 members.

…[Killock said:] “I guess Priti Patel must be quite confused and alarmed as her party votes with its feet for secure messaging platforms, while she’s campaigning to stop them from protecting these very same users.”

«

Yes, but for Priti Patel to have to worry about cognitive dissonance, she’d need to be able to hold two thoughts in her head. Also, there were more than 256 Tory MPs in the last Parliament; so that’s another lie.
unique link to this extract


Apple, Google, Amazon, Zigbee partner on smart home • CNBC

Todd Haselton:

»

Today, you might walk into a store and buy a smart lock for your home. But you’d have to figure out if you need to buy a lock that works with Amazon Echo (which uses various standards including Zigbee), Google Home or Apple HomeKit.

This same headache extends to the companies that build smart devices. They need to decide from the outset if they want to support various connectivity methods used by Amazon, Apple or Google and, if they do, they need to continue updating the device throughout its life so it’s secure across all platforms.

The new standard aims to fix those problems.

It’s called “Project Connected Home over IP” and it will work to create a new standard for the smart home so that people can buy products knowing that they’ll work with the systems they have at home, and that they’re secure. A logo on gadget boxes will let customers know if it’s built and supported by Project Connected Home over IP or not.

“The project is built around a shared belief that smart home devices should be secure, reliable, and seamless to use,” the companies said in a press release.

«

Alliances are nice, but tend to achieve little because the temptation to break away is so great for whoever is the market leader, no matter what stage the market is at.
unique link to this extract


InLink Limited limited: firm that puts up UK’s ad-supported phone booths enters administration • The Register

Matthew Hughes:

»

Phonebooth sprawl wasn’t the only problem. Many local authorities refused permission for the InLink booths due to their association with criminality — specifically the drug trade.

InLink kiosks allowed users to place phone calls to UK landline and mobile numbers. Because they did not require any prior registration, they were ideally suited for those wishing to make drug deals, for example.

According to a Metropolitan Police report from 2018, five InLink kiosks facilitated 20,000 drug-related calls over a 15-week period. This forced BT to disable calls on certain kiosks, including those located in deprived areas of London’s Whitechapel, Bethnal Green, and Commercial Road.

Across the sprawling borough of Tower Hamlets, which has a population of over 300,000, InLink briefly suspended calls to mobile numbers, while allowing calls to landlines.

Separately, InLinkUK started work earlier this year rolling out on an algorithm that would identify and block drug-related calls (PDF). This used a combination of police intelligence, alongside a consideration of the frequency of attempted and connected calls, as well as their length.

Despite these efforts, InLink Kiosks developed a bad name. This reputation stymied the rollout of InLink kiosks around the UK.

«

Kudos to Adrian Short, a privacy activist who demonstrated early on what a blight these things – essentially big advertising hoardings – would be. So much for the smart city ideas too. Google/Alphabet is somewhere back there in the ownership, too.
unique link to this extract


PlusToken scammers didn’t just steal $2+ billion worth of cryptocurrency. They may also be driving down the price of bitcoin • Chainalysis Blog

»

Scams are all too common in the cryptocurrency world, with our internal research suggesting bad actors bilked billions of dollars’ worth of funds from millions of victims in 2019. In addition to the monetary losses sustained by affected individuals, scams paint a negative picture of the industry and may scare off potential participants.

But in the case of one notable 2019 scam, the consequences may go beyond the direct victims. We believe that the criminals behind the PlusToken Ponzi scheme could be driving down the price of Bitcoin when they liquidate their stolen funds via OTC brokers.

Based in China, PlusToken presented itself as a cryptocurrency wallet that would reward users with high rates of return if they purchased the wallet’s associated PLUS cryptocurrency tokens with Bitcoin or Ethereum. The scammers claimed those returns would be generated by “exchange profit, mining income, and referral benefits.” PlusToken would go on to be listed on several Chinese exchanges and hit a peak price of $350 USD, raking in “investments” from millions of people. 

Chinese media reports that the scam attracted over $3 billion worth of cryptocurrency. We tracked a total of 180,000 BTC, 6,400,000 ETH, 111,000 USDT, and 53 OMG (OmiseGo) that went from scam victims to PlusToken wallets, equating to roughly $2bn. Either figure would make PlusToken one of the largest Ponzi schemes ever. 

«

And now they’re trying to cash out, in amounts so large it’s pushing down the price. But look again at that opening sentence: “Scams are all too common in the cryptocurrency world”. Mm. Avoid.
unique link to this extract


What do women want? Some crypto flavoured mansplaining, apparently • FT Alphaville

Jemima Kelly:

»

we were just thrilled to come across an article published on crypto news site Coindesk on Monday night under the headline “What Do Women Want? More Educational Materials Before Investing in Bitcoin”. Our attention was drawn to it via the medium of Twitter — specifically this truly eye-catching tweet:

(Just look at those poor, helpless, beautiful women! All they want is some educational materials to help them join the cause!)

The article, it turns out, was based on a survey of 1,100 people carried out earlier this year, some unknown proportion of whom were women. And that survey, it turns out, was carried out by Grayscale, a crypto and blockchain asset management firm owned by Digital Currency Group which, it turns out, owns… Coindesk. 

Coindesk mansplains explains (emphasis ours):

»

The survey found women were just as likely as men to see bitcoin’s high growth potential (56.2% of women, compared to 56.4% of men). They also understood bitcoin’s finite supply could drive future price increases (49.8% of women, 49.9% of men).

«

You see women aren’t silly. They understand something that is totally not grounded in any fact or evidence. They understand that even though we all know exactly how many bitcoins there will ever be in circulation (21 million, if you’re talking about the original bitcoin AKA BTC), that limit will nonetheless “drive future price increases”. Crypto markets — they’re so rational! And women, it turns out, can be the same kind of rational! 

«

Kelly wields the flamethrower of murder-that-crap just as you would expect her to, especially on the followup offering an “unbiased introduction” from “crypto enthusiasts”.
unique link to this extract


Errata, corrigenda and ai no corrida: none notified

1 thought on “Start Up No.1213: smartphone life 2010-style, Ring’s security holes, 2019’s top stories, part-time fact-checking?, bitcoin mansplaining, and more

  1. RE. Ring Security and smarthome heavyweight ‘CHIP’ alliance: one Ars comment said it best:
    The “S” in “CHIP” is for Security.

    I’m curious how we’ll end up. Regulation of process à la ISO 9xxx ? Regulation of outcome ie fines for breaches ? Centralization ie data and authentication info stored only by the gov/a few heavily-supervised partners (à la banks) ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.