The Venetian Resort hotel in Las Vegas: its owner disparaged Iran in 2013. Its hacking response cost him over $40m. CC-licensed photo by Ken Lund on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 10 links for you. Used the first week well? I’m @charlesarthur on Twitter. Observations and links welcome.
Facebook says it won’t back down from allowing lies in political ads • The New York Times
Mike Isaac and Cecilia Kang:
»
The stance put Facebook, the most important digital platform for political ads, at odds with some of the other large tech companies, which have begun to put new limits on political ads.
Facebook’s decision, telegraphed in recent months by executives, is likely to harden criticism of the company heading into this year’s presidential election.
Political advertising cuts to the heart of Facebook’s outsize role in society, and the company has found itself squeezed between liberal critics, who want it to do a better job of policing its various social media platforms, and conservatives, who say their views are being unfairly muzzled.
The issue has raised important questions regarding how heavy a hand technology companies like Facebook — which also owns Instagram and the messaging app WhatsApp — and Google should exert when deciding what types of political content they will and will not permit.By maintaining a status quo, Facebook executives are essentially saying they are doing the best they can without government guidance and see little benefit to the company or the public in changing.
In a blog post, a company official echoed Facebook’s earlier calls for lawmakers to set firm rules.
“In the absence of regulation, Facebook and other companies are left to design their own policies,” Rob Leathern, Facebook’s director of product management overseeing the advertising integrity division, said in the post.
«
Facebook had a choice: leave things as they were and thus paint a big target on its back, or do something else and paint a big target on its back. The question, though, is which approach is the better one. Political ads just cause Facebook pain. Why not just ban them?
unique link to this extract
Ring fired employees for watching customer videos • VICE
Joseph Cox:
»
Amazon-owned home security camera company Ring has fired employees for improperly accessing Ring users’ video data, according to a letter the company wrote to Senators and obtained by Motherboard.
The news highlights a risk across many different tech companies: employees may abuse access granted as part of their jobs to look at customer data or information. In Ring’s case this data can be particularly sensitive though, as customers often put the cameras inside their home.
“We are aware of incidents discussed below where employees violated our policies,” the letter from Ring, dated January 6, reads. “Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data,” it continues. Ring explains that although each of these people were authorized to view video data, their attempted access went beyond what they needed to access for their job.
“In each instance, once Ring was made aware of the alleged conduct, Ring promptly investigated the incident, and after determining that the individual violated company policy, terminated the individual,” the letter adds.
«
“Once Ring was made aware” is suitably vague. Someone told on the staff? And there’s still the problem that it uses a simple email/password combination to log in to something intentionally accessible across the whole internet.
unique link to this extract
Meghan and Harry’s story is quite the drama, but it’s no abdication crisis • The Guardian
Marina Hyde:
»
this is not the abdication. Whatever the vicissitudes of Harry and Meghan’s new path, it’s probably going to be better than ending up in a Bois de Boulogne house, paying social calls on Adolf Hitler. On the downside, the jewellery collection is likely to be comparatively sparse.
So people may currently claim Harry and Meghan’s move is seismic. But, long-term, it will be most dangerous insofar as it feeds into what we might call the monarchy’s Charles III problem. The UK is in a time of huge national flux and turmoil, and the Queen, the last link with the postwar consensus, is 93. Waiting in the wings is a rather unloved and not especially admirable man. For all today’s sound and fury, the real looming crisis for the royal family is not the sixth in line to the throne – but the first.
«
In the past three months Prince Andrew has “stepped back”, and now Harry and Meghan. That “postwar consensus” is looking very frayed; the succession will be a disjoint that might be on a par with Brexit for the discomfort it causes society.
unique link to this extract
Amazon takes a swipe at Paypal’s $4bn acquisition • WIRED
Louise Matsakis:
»
“[The browser extension] Honey tracks your private shopping behavior, collects data like your order history and items saved, and can read or change any of your data on any website you visit,” the message [on Amazon’s site] read. “To keep your data private and secure, uninstall this extension immediately.” It was followed by hyperlink where users could learn how to do so. Screenshots of the warning were posted to forums and social media by Honey users, like Ryan Hutchins, an editor at Politico.
Honey isn’t some obscure browser extension from an unknown developer. Founded in 2012, the Los Angeles-based startup now boasts over 17 million users. It finds discount codes to save shoppers money at tens of thousands of online retailers, including Amazon. In November, PayPal agreed to purchase Honey for an eye-popping $4 billion, its largest deal ever. The acquisition was completed this week.
Amazon’s warning, which began appearing on December 20, confused and angered many of Honey’s users, some of whom complained on its official social media channels. The browser extension has been compatible with Amazon since it was founded, and is a significant part of Honey’s appeal. Amazon is one of the most popular retailers in the world and the place where most Americans begin when looking for a product online.
Amazon declined to explain why it decided to label Honey a security risk so suddenly last month. “Our goal is to warn customers about browser extensions that collect personal shopping data without their knowledge or consent,” a spokesperson for the company said in a statement. They declined to answer follow-up questions about the basis for that claim.
When people install the Honey extension in their browser, they consent to the company’s Terms of Use and Privacy and Security Policy. While these kinds of agreements can be dense and difficult for the average person to interpret, Honey doesn’t appear to be collecting consumer information without asking, as Amazon implied to WIRED. Its privacy policy states that it doesn’t “track your search engine history, emails, or your browsing on any site that is not a retail website.”
«
I’d guess that Amazon started doing this particularly over the Christmas period because that’s its biggest quarter, but also margins get squeezed.
unique link to this extract
E-scooter startup Lime shuts in 12 markets, lays off around 100 • Axios
Kia Kokalitcheva:
»
Scooter company Lime is laying off about 14% of its workforce (roughly 100 employees) and shuttering operations in 12 markets as it seeks to become profitable this year, the company tells Axios.
After two years of explosive growth, scooter companies have entered a new phase—survival of the fittest in a capital-intensive, money-losing industry.
Lime is not the first or only scooter company to make cuts.
Bird, Scoot, Lyft, and Skip have all held layoffs or retreated from certain markets over the past year. Lime too has made small cuts, as when it suspended operations and laid off workers in St. Louis in late 2018, though it emphasizes to Axios that it will continue to expand to new markets this year.
The companies have generated headlines for huge losses as they attempt to manage vehicle attrition, labor costs, and regulatory battles.
“We’re very confident that in 2020, Lime will be the first next-generation mobility company to be profitable,” Lime president Joe Kraus tells Axios.
«
The odd thing is that 11 of the 12 cities have warm weather, and thus scooters could work year-round.
unique link to this extract
U.S. funds free Android phones for the poor — but with permanent Chinese malware • Forbes
Thomas Brewster:
»
It all sounds ideal for those who don’t have the money to splash on fancy Apple or Google phones. But according to security researchers, there’s a catch: the Android phones come with preinstalled Chinese malware, which effectively opens up a backdoor onto the device and endangers their private data. One of the malware types is impossible to remove, according to the researchers.
Researchers at cybersecurity company MalwareBytes said that they had tried to warn Assurance Wireless, a Virgin Mobile company, they had received no response. So the devices likely remain vulnerable today. Forbes was also unable to get a response from the company. The FCC, which runs Lifeline Assurance, also hadn’t responded to requests for comment.
Senator Ron Wyden is now asking the FCC why such phones are being shipped under the program. “It is outrageous that taxpayer money may be going to companies providing insecure, malware-ridden phones to low-income families. I’ll be asking the FCC to ensure Americans that depend on Lifeline Assistance aren’t paying the price with their privacy and security.”
The affected device is a UMX phone shipped by Assurance Wireless and one of the preinstalled malware, according to MalwareBytes senior analyst Nathan Collier, is the creation of a Chinese entity known as Adups. Though the tool looks and operates as a Wireless Update program, it’s capable of auto-installing apps without any user consent, which it starts doing immediately, according to a MalwareBytes analysis of a device, shared with Forbes ahead of publication. Adups hadn’t responded to a request for comment at the time of publication.
«
Wyden is now asking the FCC to make sure the devices aren’t malware-riddled. Seems like a small request, doesn’t it?
unique link to this extract
August 2008: Why Apple doesn’t do “concept products” « counternotions
“Counternotions”:
»
Why would a commercial entity like Apple produce a concept product? Apple is likely generating more concept products and visions than any other technology company for internal use. When Apple wanted to get into retail stores, for example, Jobs had Ron Johson build a fully-functioning, real-size prototype and tore it down at the last minute to rebuild a new one. Why didn’t Apple release the “concept store” to the then-deeply-skeptical press in order to “demonstrate visionary leadership”? In a similar situation Microsoft likely would have.
Product design, above all, is a bet. Apple understands this better than any other company. In iPhone: The bet Steve Jobs didn’t decline, I explained just what a huge bet the iPhone project was to Apple in 2005. It was a bet-the-company kind of bet. One that Nokia, which has sold hundreds of millions of phones over many years, never took. Neither did Microsoft. They would just as well release annual concept products to the public in order not to go through the pain of taking a bet.
Apple bet the company to single handedly change the industrial design of mobile devices, how we interact with them, the balance between carriers and manufacturers, mobile application vending, etc. Indeed, it simply redefined what a mobile device is to become.
«
This was linked from John Gruber’s meditation on the “Concept Electronics Show”, which is also worth reading, but this is a great piece in its own right.
unique link to this extract
Guide to using reverse image search for investigations • bellingcat
Aric Toler:
»
Yandex is by far the best reverse image search engine, with a scary-powerful ability to recognize faces, landscapes, and objects. This Russian site draws heavily upon user-generated content, such as tourist review sites (e.g. FourSquare and TripAdvisor) and social networks (e.g. dating sites), for remarkably accurate results with facial and landscape recognition queries.
Its strengths lie in photographs taken in a European or former-Soviet context. While photographs from North America, Africa, and other places may still return useful results on Yandex, you may find yourself frustrated by scrolling through results mostly from Russia, Ukraine, and eastern Europe rather than the country of your target images.
To use Yandex, go to images.yandex.com, then choose the camera icon on the right.
From there, you can either upload a saved image or type in the URL of one hosted online.
If you get stuck with the Russian user interface, look out for Выберите файл (Choose file), Введите адрес картинки (Enter image address), and Найти (Search). After searching, look out for Похожие картинки (Similar images), and Ещё похожие (More similar).
The facial recognition algorithms used by Yandex are shockingly good. Not only will Yandex look for photographs that look similar to the one that has a face in it, but it will also look for other photographs of the same person (determined through matching facial similarities) with completely different lighting, background colors, and positions. While Google and Bing may just look for other photographs showing a person with similar clothes and general facial features, Yandex will search for those matches, and also other photographs of a facial match.
«
Useful primer (and probably a good one to bookmark for those times when you’re primed to repost/retweet something that looks remarkable, or you want to hunt down an FSB officer). There’s also a little “try this at home” series at the end.
unique link to this extract
Iran’s cyberattack on billionaire Adelson provides lesson on strategy • Yahoo
Alyza Sebenius, Kartikay Mehrotra and William Turton:
»
In October 2013, Sheldon Adelson, the casino magnate and prominent supporter of conservative politicians and Israel, appeared on a panel in New York in which he suggested that the US could send a message to Iran, regarding its nuclear ambitions, by detonating an American warhead in the middle of the Iranian desert.
“You want to be wiped out? Go ahead and take a tough position,” said Adelson, who later became a major supporter of President Donald Trump. His comments infuriated Iran’s Supreme Leader Ayatollah Ali Khamenei, who two weeks later said America “should slap these prating people in the mouth.”
Months later, in February 2014, hackers inserted malware into the computer networks of Adelson’s Las Vegas casino. The withering cyberattack laid waste to about three quarters of the company’s Las Vegas servers; the cost of recovering data and building new systems cost $40m or more.
A year after the attack, the top US intelligence official confirmed that Iran was behind it.
Now, as Iran vows revenge for the airstrike, the US faces an aggressive adversary in which digital warfare may be among its best options to strike directly at the American population. In the years since the Sands incident, Iranian hackers have continued their attacks, targeting a US presidential campaign, universities, journalists, and even a dam in suburban New York.
“I’m sure the Iranians are asking their hackers for a list of options,” said James Lewis, senior vice president at the Center for Strategic and International Studies in Washington, who oversees the policy research group’s cybersecurity program. “Cyberattacks can be tempting if they can find the right American target.”
«
This time around, Adelson didn’t want to comment. Funny, that. And there will be plenty of American targets. Iran can take its time and select its targets to cause maximum disruption, or the minimum visibility with maximum effect. (The JCPOA – aka the Iran nuclear deal – was signed in July 2015. I wonder if Adelson might want it back in effect after all.)
unique link to this extract
Grubhub considers strategic options including possible sale • WSJ
Maureen Farrell and Cara Lombardo:
»
Grubhub, which went public nearly six years ago, has a market value of roughly $5bn. That is down from its peak of more than $13bn just over a year ago, before competition from other delivery startups heated up and eroded the company’s market-share lead and results.
Grubhub shares rose as much as 19% on Wednesday after The Wall Street Journal reported on the review. They closed at $54.75, up nearly 13%.
Competition in the nascent food-delivery industry, which ferries takeout orders from restaurants to homes and businesses, has intensified as newcomers try to lure customers and grab market share with discounts and promotions. At the same time, restaurants are pushing back against the fees delivery companies charge, squeezing Grubhub and its competitors. Investors and analysts have said the industry needs consolidation, with many seeing room for little more than two major players.
Grubhub on Oct. 28 cut its revenue and profit forecasts amid slowing customer growth, sending the shares down 43% the following day and helping prompt the review. Its third-quarter adjusted per-share earnings dropped 40% from the year-earlier period. The stock had gained back most of that ground after Wednesday’s rise.
«
Proof if it were needed that just having a big tech backend doesn’t guarantee long-term success. Amazon had to work for it, and still does; people often forget that it saw off a lot of well-funded rivals.
Related: John Colley of Warwich Business School at The Conversation on Just Eat getting bought by Takeaway.com: “Take a closer look at the the business of online food delivery and it’s easy to wonder if anyone will ever make long-term significant returns.”
unique link to this extract
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 