Start Up No.1228: UN looks at Saudi hack of Bezos iPhone, Sonos amps up obsolescence, Vodafone exeunt Libra, why and when to encrypt iCloud, and more

This Puerto Rico factory owns $39bn of Microsoft’s intellectual property – at least, that’s what it told the US tax authorities. CC-licensed photo by Jose Izquierdo on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Don’t break them. I’m @charlesarthur on Twitter. Observations and links welcome.

UN experts call for investigation into allegations that Saudi Crown Prince involved in hacking of Jeff Bezos’ phone • OHCHR

Agnes Callamard and David Kaye, the UN special rapporteurs on extrajudicial killings and protection of free expression:


“The circumstances and timing of the hacking and surveillance of [Jeff] Bezos also strengthen support for further investigation by US and other relevant authorities of the allegations that the [Saudi] Crown Prince ordered, incited, or, at a minimum, was aware of planning for but failed to stop the mission that fatally targeted Mr. Khashoggi in Istanbul.

At a time when Saudi Arabia was supposedly investigating the killing of Mr. Khashoggi, and prosecuting those it deemed responsible, it was clandestinely waging a massive online campaign against Mr. Bezos and Amazon targeting him principally as the owner of The Washington Post.”

The two experts – who were appointed by the Human Rights Council – recently became aware of a 2019 forensic analysis of Mr. Bezos’ iPhone that assessed with “medium to high confidence” that his phone was infiltrated on 1 May 2018 via an MP4 video file sent from a WhatsApp account utilized personally by Mohammed bin Salman, the Crown Prince of the Kingdom of Saudi Arabia.

According to the analysis, the Crown Prince and Mr. Bezos exchanged phone/WhatsApp numbers the month before the alleged hack. The forensic analysis found that within hours of receipt of the MP4 video file from the Crown Prince’s account, massive and (for Bezos’ phone) unprecedented exfiltration of data from the phone began, increasing data egress suddenly by 29,156% to 126 MB. Data spiking then continued undetected over some months and at rates as much as 106,032,045% (4.6 GB) higher than the pre-video data egress baseline for Mr. Bezos’ phone of 430KB.

The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases, such as the NSO Group’s Pegasus-3 malware, a product widely reported to have been purchased and deployed by Saudi officials. This would be consistent with other information. For instance, the use of WhatsApp as a platform to enable installation of Pegasus onto devices has been well-documented and is the subject of a lawsuit by Facebook/WhatsApp against NSO Group.

The allegations are also reinforced by other evidence of Saudi targeting of dissidents and perceived opponents.


unique link to this extract

The IRS decided to get tough against Microsoft. Microsoft got tougher • ProPublica

Paul Kiel:


Eight years ago, the IRS, tired of seeing the country’s largest corporations fearlessly stash billions in tax havens, decided to take a stand. The agency challenged what it saw as an epic case of tax dodging by one of the largest companies in the world, Microsoft. It was the biggest audit by dollar amount in the history of the agency.

Microsoft had shifted at least $39bn in U.S. profits to Puerto Rico, where the company’s tax consultants, KPMG, had persuaded the territory’s government to give Microsoft a tax rate of nearly 0%. Microsoft had justified this transfer with a ludicrous-sounding deal: It had sold its most valuable possession — its intellectual property — to an 85-person factory it owned in a small Puerto Rican city.

Over years of work, the IRS uncovered evidence that it believed laid the scheme bare. In one document, a Microsoft senior executive celebrated the company’s “pure tax play.” In another, KPMG plotted how to make the company Microsoft created to own the Puerto Rico factory — and a portion of Microsoft’s profits — seem “real.”

Meanwhile, the numbers Microsoft had used to craft its deal were laughable, the agency concluded. In one instance, Microsoft had told investors its revenues would grow 10% to 12% but told the IRS the figure was 4%. In another, the IRS found Microsoft had understated revenues by $15bn.

Determined to seize every advantage against a giant foe, the small team at the helm of the audit decided to be aggressive.


And this is where the story really starts. Well, actually, they could have dropped in at any point. The 2003 decision to restructure Microsoft’s taxes around the “factory”. The manipulation of campaign-contributed and thus “friendly” politicians first to lobby, and then to change laws. It’s all so astonishingly greedy; people doing things because it means unimaginable, unspendable sums of money staying with them, rather than going to taxes where it could help more people.
unique link to this extract

Remember that Sonos speaker you bought a few years back that works perfectly? It’s about to be screwed for… reasons • The Register

Thomas Claburn:


Sonos is doubling down on its previously disclosed inclination to drop support for older products that aren’t profitable to support.

The Internet-of-Things speaker biz said on Tuesday that it will stop providing software updates for some legacy gear in May – some of which are barely five years old. The cessation of service doesn’t have any immediate consequences but it dooms older devices to stasis, insecurity, and potential incompatibility as software from Sonos or its partners change.

There is one caveat: customers with a mix of legacy and modern Sonos gear won’t be able to run both together once a future update moves modern kit to a new version of the Sonos software. So legacy gear will have to be quarantined on its own network, a capability Sonos intends to facilitate shortly.

Affected products include its original Zone Players (released in 2006), Connect, and Connect:Amp (sold between 2011 and 2015), its first-generation Play:5 (released in 2009), C200 (released 2009), and Bridge (released 2007)…

…the company’s recent financial filings explain that Sonos itself has planned for the obsolescence of its products and the discontent of customers.

“We expect that in the near term, this backward compatibility will no longer be practical or cost-effective, and we may decrease or discontinue service for our older products,” the manufacturer’s Q4 2019 10-K financial filing explains. “If we no longer provide extensive backward capability for our products, we may damage our relationship with our existing customers, as well as our reputation, brand loyalty and ability to attract new customers.”

This is the same tech outfit that celebrates its environmental and social responsibilities by encouraging customers to flip a kill switch on older products so they cannot be resold in order to trade-in their bricked kit for a 30% discount on new Sonos gear.


No word on the bricking. The idea that it’s getting too expensive to support the older products seems less likely than that it’s not practical – ie, they don’t have the processing power.
unique link to this extract

Vodafone snubs Libra in favour of M-Pesa •

Jamie Davies:


The main issue with digital currencies is that this is a segment which is largely unregulated, leading to the challenge which is being faced by Libra today. The European Commission and European Parliament has said no to the likes of Libra until rules have been written, while other regulatory bodies have expressed similar disapproval.

PayPal, Mastercard, Mercado Pago, eBay, Stripe, Booking Holdings and Visa are some of the names to have withdrawn support, seemingly due to the regulatory pressure. With support dwindling and regulatory expectations an unknown for the moment, it remains to be seen whether Libra will continue on its current launch trajectory.

Although Vodafone has left the door open for the future, it will drive its efforts towards M-Pesa, the highly success digital currency which is setting the tone in Africa.

Founded by Vodafone in 2007, M-Pesa is a mobile phone-based money transfer, financing and microfinancing service. Initially launched for Vodacom and Safaricom in Kenya and Tanzania, the initiative has spread across several markets in Africa, to India, the Middle East and Eastern Europe. There is momentum for the M-Pesa initiative, so it hardly comes as a surprise Vodafone has dropped the controversial Libra.

Many would view M-Pesa as an underexploited asset for the Vodafone Group, though this is likely to change over the coming months. The team plan on expanding the service in the seven African markets it currently operates in, and even plans to launch in Ethiopia, a market where it does not currently manage a mobile network.


If you were Vodafone’s board and the options were to pour money into Libra, or into M-Pesa, it would be a pretty easy decision. They can get back on board Libra any time it looks likely to get somewhere.
unique link to this extract

New ‘transformational’ code to protect children’s privacy online • BBC News


The code includes a list of 15 standards that companies behind online services are expected to comply with to protect children’s privacy.

Examples of online services which are included are toys which are connected to the internet, apps, social media platforms, online games, educational websites and streaming service.

Firms who design, develop or run such products must provide a “baseline” of data protection for children, the code says.

The standards also include:
• Location settings that would allow a child’s location to be shared should be switched off by default
• Privacy settings to be set to high by default and nudge techniques to encourage children to weaken their settings should not be used

“I believe that it will be transformational,” Ms Denham told the Press Association. “I think in a generation from now when my grandchildren have children they will be astonished to think that we ever didn’t protect kids online. I think it will be as ordinary as keeping children safe by putting on a seat belt.”

Ms Denham said the move was widely supported by firms, although added that the gaming industry and some other tech companies expressed concern about their business model.

She added: “We have an existing law, GDPR, that requires special treatment of children and I think these 15 standards will bring about greater consistency and a base level of protection in the design and implementation of games and apps and websites and social media.”


As Denham also points out, 20% of internet users in Britain are children. The hope is that this code will come into force in autumn of 2021. Fingers crossed.
unique link to this extract

Turn On The Subtitles


What if we told you that you that there was a way to dramatically improve the literacy levels of millions of children?

What if we also told you that it was free?

Turn On The Subtitles (TOTS) isn’t an organisation. It’s not a company either. We’re simply a group of people who think this is an idea whose time has come.

Extensive research across multiple countries has shown us a way to improve children’s literacy. It’s incredibly simple; just turn on the subtitles.

So now, along with our friends at a number of leading charities and universities, we’re on a mission to encourage broadcasters, policymakers and parents to Turn on the Subtitles.

Ultimately we’d like to see broadcasters turn on the subtitles for most children’s television, by default. We’d like some of the world’s largest technology platforms to do the same. If you’d like to find out more about our campaign, we’d like to hear from you. Just email us on


It would be great to turn it on for all childrens’ TV, though it would be a challenge for live events – not that that prevents it for news, where live transcription is available. Subtitles are also a benefit to people, not just children, with hearing problems: figuring out who has said what on TV can be enormously challenging to them.
unique link to this extract

More Apple products to have scissor switch keyboards • Digitimes


Apple reportedly is looking to adopt scissor switch keyboards in its new 13.3-inch MacBook Pro and new iPads slated to be available later in 2020 and the strategy should benefit their Taiwan-based component suppliers…

Apple is likely to extend the adoption of glowing scissor switch keyboards to its new iPad lineup, with prospects of continuing such design for the comprehensive lineups of its notebook and tablet products in the future, according to industry sources.


Demonstrates that Apple’s sourcing for keyboard switches is becoming monolithic: I’m not sure the world really needs glowing switches on iPad keyboards. I have to say that I find the (butterfly) ones on the current iPad keyboard absolutely perfect: robust, quiet, thin.

But equally, scissor switches on more laptops can only be a good thing.
unique link to this extract

Regarding Reuters’s report that Apple dropped plan for encrypting iCloud backups • Daring Fireball

John Gruber:


[the Reuters journalist who wrote the scoop, Joseph] Menn is a solid reporter and I have no reason to doubt what he is reporting. What I suspect though, based on (a) everything we all know about Apple, and (b) my own private conversations over the last several years, with rank-and-file Apple sources who’ve been directly involved with the company’s security engineering, is that Menn’s sources for the “Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud” bit were the FBI sources, not the Apple sources, and that it is not accurate.

It simply is not in Apple’s nature to tell anyone outside the company about any of its future product plans. I’m not sure how I could make that more clear. It is not in Apple’s DNA to ask permission for anything. (Cf. the theory that a company’s culture is permanently shaped by the personality of its founders.)

Encrypting iCloud backups would be perfectly legal. There would be no legal requirement for Apple to brief the FBI ahead of time. Nor would there be any reason to brief the FBI ahead of time just to get the FBI’s opinion on the idea. We all know what the FBI thinks about strong encryption…

…Surely there are hundreds, maybe thousands, of people every day who need to access their iCloud backups who do not remember their password. The fact that Apple can help them is a benefit to those users. That’s why I would endorse following the way local iTunes device backups work: make encryption an option, with a clear warning that if you lose your backup password, no one, including Apple, will be able to restore your data. I would be surprised if Apple’s plan for encrypted iCloud backups were not exactly that.


Gruber has been mulling over this, and points out that Google offers (optional?) encryption of backups of Android phones. And also that Tim Cook hinted in October 2018 that iCloud might move to encrypted backups.

Save people from their own mistakes, or save people from the FBI? It’s quite the balance. Ironic too that Google’s backups are the encrypted ones – but we don’t hear the FBI gnashing its teeth over those.
unique link to this extract

Facial recognition could help discover fate of Holocaust victims – Reuters

Rinat Harash:


Seeking clues to the past, Eli and Saul Lieberman turned to an Israeli research center, which hopes to match family pictures from around the time of World War Two with its database of tens of thousands of photos, many taken by German Wehrmacht soldiers.

Those German photos show the troops themselves as well as people in villages and towns with Jewish populations.

Shem Olam Holocaust Memorial Centre launched its “Face to Face” project in July, calling via social media for people to send in pictures for facial recognition scans.

The Lieberman brothers know few details of the horrors their late father, Joseph, endured during the Holocaust, in which six million Jews were killed. A survivor of the Auschwitz death camp, he did not speak with them about his experiences.

But a photograph taken somewhere in Europe after the war shows their father together with two cousins, and Eli, 50, and Saul, 61, sent it to the Shem Olam center in July. They are awaiting a match and clues about their family’s history.

“We live in a world that if you can’t provide the document or the picture, it doesn’t feel like it happened,” Saul Lieberman said. “People want to know where they came from, who they came from.”

So far, Shem Olam has received thousands of photos from the public but only several matches were made after further research and none was conclusive.


But I thought that facial recognition could only be a bad thing!?
unique link to this extract

Smart scale goes dumb as Under Armour pulls the plug on connected tech • Ars Technica

Kate Cox:


Today’s example of smart stuff going dumb comes courtesy of Under Armour, which is effectively rendering its fitness hardware line very expensive paperweights.

The company quietly pulled its UA Record app from both Google Play and Apple’s App Store on New Year’s Eve. In an announcement dated sometime around January 8, Under Armour said that not only has the app been removed from all app stores, but the company is no longer providing customer support or bug fixes for the software, which will completely stop working as of March 31.

Under Armour launched its lineup of connected fitness devices in 2016. The trio of trackers included a wrist-worn activity monitor, a smart scale, and a chest-strap-style heart rate monitor. The scale and wristband retailed at $180 each, with the heart monitor going for $80. Shoppers could buy all three together in a $400 bundle called the UA HealthBox.

Ars’ review at the time noted that none of the components, by itself, was revolutionary, but as a trio they talked to each other reasonably well. The linchpin of the whole operation was, instead, the software: the Under Armour Record app. Record tied all the data from all the hardware together into a comprehensive health, fitness, and wellness journal, allowing a user to see both high-level and granular data about their activity, weight, sleep, heart rate, and other metrics. Record also served as a one-stop shop for adjusting settings on any of the hardware.

In 2017, less than two years after launching the HealthBox line, the company gave up on the project.


Niiice. Sure going to rush to buy their next smart device!
unique link to this extract

Reminder: HP’s ‘Cheap’ Instant Ink program requires monthly payments, constant monitoring • ExtremeTech

Joel Hruska:


Instant Ink is HP’s idea of “Printing as a service.” Here’s how it works:

You choose a printing plan that suits your needs. If you print 15 or fewer pages per month, you don’t have to pay anything for Instant Ink. If you pay $3, you can print 50 pages, roll over up to 100 pages that you haven’t used, and buy the right to print 10 additional pages for just $1. This scales up to $20 for 700 pages. The ratio of pages per dollar is 16.6 at the $3 plan and 35 at the $20 plan. Anything with ink on it counts as a page.

There are some good points to Instant Ink, including:
• No contract (service is month to month)
• HP monitors printer ink levels and automatically ships new cartridges before you run out
• You can print in color for the same price-per-sheet as printing in black and white, not counting the cost of photo paper
• Less risk (at least in theory) of running out of ink at a critical moment. I suspect this is why the $19.99 plan comes with a spare set of cartridges — HP is aware that a company might suddenly need to print hundreds of pages
• It appears to be optional on every printer except the HP Tango, which requires Instant Ink in order to work. If you’re aware of other products that require it, sound off below. HP is pushing the idea hard but it doesn’t seem to have started making it mandatory across product lines just yet.

Here’s the downsides:
• The printer requires a constant internet connection in order for Instant Ink to work
• You cannot roll over pages you paid for indefinitely (you can adjust your plan)
• You’re literally paying someone an ongoing fee for the privilege of printing from a product you purchased at a store at full price
• Any amount of ink counts as a page. Need to print a test sheet? That’s a page. Accidentally wind up with one letter printed on an otherwise blank sheet? Still counts as a page
• Instant Ink only competes with printer ink costs if you print a lot of photos, and most people don’t
• Good photo paper is also more expensive than regular paper, which would eat into some of the savings
• The overage fee structure is insane. You’d need to manage your print volume carefully relative to your print plan in order to avoid them, because slapping an extra 5 to 10-cent tariff on a printer’s per-sheet cost ruins the benefits of this service.


It’s all downside, really. It’s the razor-razorblade-expensive-razorblade-delivery model.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

6 thoughts on “Start Up No.1228: UN looks at Saudi hack of Bezos iPhone, Sonos amps up obsolescence, Vodafone exeunt Libra, why and when to encrypt iCloud, and more

  1. “Ironic too that Google’s backups are the encrypted ones – but we don’t hear the FBI gnashing its teeth over those.”

    It’s not ironic, it’s what happens when you look at facts not PR. What’s ironic is that for all the privacy/security hoopla, key facts like this get so little press.
    And that’s a hint it’s not about the FBI. Think hard, which “more surveillance” state don’t Apple and Google have in common ?

  2. ” I have to say that I find the (butterfly) ones on the current iPad keyboard absolutely perfect: robust, quiet, thin.”

    In 2020, an Apple keyboard performing like all other premium keuboards has, apparently, become newsworthy 🙂

    I expect any keyboard above $40 tonje robust, quiet and thin. And, starting at $60, backlit.

  3. The entire printer business has become so irritating for consumers that the most enjoyable aspect of it, for me, was when I threw my old HP printer into a skip at the recycling centre. I did it with such gusto that I nearly wrenched my shoulder. Good riddance to unreliable hardware, crap software and ‘nozzle-cleaning’ routines that use up so much ink you may as well change the cartridge anyway.

    • I think there are still OK brands or at least lines from some brands, but you have to look for them. I haven’t In a while so can’t help right now, sorry. is usually a good place to start.

    • I got a weird error 5200 on my Canon printer that effectively bricked it. I wondered if it was because I was using ink from elsewhere? In anycase, customer support was useless (live chat and being ont he phone for over an hour and I never got to speak to a human being. Emails unanswered) and I’d just put $120 worth of fresh ink in it. It was so annoying I decided never to buy another Canon printer ever again (switched to Brother which has an ink model similar to Espon, which came with a year’s supply of ink). Such a pity. It was a great printer while it lasted but if you don’t offer proper support you’re not getting my money.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.