Start Up No.1234: Facebook pays up for facial recognition, Huawei chases Samsung, Avast dumps Jumpshot, is Google Wave-ing again?, and more

Do you really need one of these to protect yourself against “public Wi-Fi”? The EFF implies not. CC-licensed photo by Richard Patterson on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Why public Wi-Fi is a lot safer than you think • Electronic Frontier Foundation

Jacob Hoffman-Andrews:


If you follow security on the Internet, you may have seen articles warning you to “beware of public Wi-Fi networks” in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was.

The advice stems from the early days of the Internet, when most communication was not encrypted. At that time, if someone could snoop on your network communications—for instance by sniffing packets from unencrypted Wi-Fi or by being the NSA—they could read your email. They could also steal your passwords or your login cookies and impersonate you on your favorite sites. This was widely accepted as a risk of using the Internet. Sites that used HTTPS on all pages were safe, but such sites were vanishingly rare.

However, starting in 2010 that all changed. Eric Butler released Firesheep, an easy-to-use demonstration of “sniffing” insecure HTTP to take over people’s accounts. Site owners started to take note and realized they needed to implement HTTPS (the more secure, encrypted version of HTTP) for every page on their site…

…What about the risk of governments scooping up signals from “open” public Wi-Fi that has no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies. If that’s the case, it means the same information is commonly visible to the government whether they sniff it from the air or from the wires.

In general, using public Wi-Fi is a lot safer than it was in the early days of the Internet. With the widespread adoption of HTTPS, most major websites will be protected by the same encryption regardless of how you connect to them.

There are plenty of things in life to worry about. You can cross “public Wi-Fi” off your list.


This is why every time I’m listening to a podcast and hear an advert for a VPN which talks about “risks” and “credit cards” and “public Wi-Fi” I grind my teeth. As the EFF says, it’s nonsense (though they cleverly don’t mention VPNs or their advertising; but I think the reason for their writing this message now is clear). You’re not going to have your credit card details eavesdropped on public Wi-Fi. The only reasons I can think of to use a VPN are a) you need to connect to a work network which demands point-to-point security or b) you’re in a country where you really don’t trust the government or c) you want to evade geoblocking to access some content.

But VPNs are the new antivirus – a great way for third-party suppliers to coin it. And so much more profitable than antivirus, which actually needs updates. VPNs, you just rent some fibre and bang, job done.
unique link to this extract

Facebook to pay $550m to settle facial recognition suit • The New York Times

Natasha Singer and Mike Isaac:


Facebook said on Wednesday that it had agreed to pay $550m to settle a class-action lawsuit over its use of facial recognition technology in Illinois, giving privacy groups a major victory that again raised questions about the social network’s data-mining practices.

The case stemmed from Facebook’s photo-labeling service, Tag Suggestions, which uses face-matching software to suggest the names of people in users’ photos. The suit said the Silicon Valley company violated an Illinois biometric privacy law by harvesting facial data for Tag Suggestions from the photos of millions of users in the state without their permission and without telling them how long the data would be kept. Facebook has said the allegations have no merit.

Under the agreement, Facebook will pay $550m to eligible Illinois users and for the plaintiffs’ legal fees. The sum dwarfs the $380.5m that the Equifax credit reporting agency agreed this month to pay to settle a class-action case over a 2017 consumer data breach.

Facebook disclosed the settlement as part of its quarterly financial results, in which it took a charge on the case. The sum amounted to a rounding error for Facebook, which reported that revenue rose 25% to $21bn in the fourth quarter, compared with a year earlier, while profit increased 7% to $7.3bn.


I’m willing to bet that absolutely nobody in Illinois knew how long Facebook would keep the data. (Knew, not “was prepared to make a guess at”.) I’m willing to bet that Facebook didn’t know how long it would keep the data either; is “forever” too broad?
unique link to this extract

Scientists find record warm water in Antarctica, pointing to cause behind troubling glacier melt •



“Warm waters in this part of the world, as remote as they may seem, should serve as a warning to all of us about the potential dire changes to the planet brought about by climate change,” explains David Holland, director of New York University’s Environmental Fluid Dynamics Laboratory and NYU Abu Dhabi’s Center for Global Sea Level Change, which conducted the research. “If these waters are causing glacier melt in Antarctica, resulting changes in sea level would be felt in more inhabited parts of the world.”

The recorded warm waters—more than two degrees above freezing—flow beneath the Thwaites Glacier, which is part of the Western Antarctic Ice Sheet. The discovery was made at the glacier’s grounding zone—the place at which the ice transitions between resting fully on bedrock and floating on the ocean as an ice shelf and which is key to the overall rate of retreat of a glacier.

Thwaites’ demise alone could have significant impact globally.

It would drain a mass of water that is roughly the size of Great Britain or the state of Florida and currently accounts for approximately 4% of global sea-level rise. Some scientists see Thwaites as the most vulnerable and most significant glacier in the world in terms of future global sea-level rise—its collapse would raise global sea levels by nearly one meter, perhaps overwhelming existing populated areas.

While the glacier’s recession has been observed over the past decade, the causes behind this change had previously not been determined.


I often wonder whether if climate change were an asteroid heading towards earth which was going to have the same long-term effects, and we knew it was going to take time to prepare our response, we would take more immediate action.
unique link to this extract

Huawei overtakes Apple in annual race to Samsung’s smartphone crown • The Verge

Jon Porter:


Huawei overtook Apple to become the world’s second best selling smartphone manufacturer in 2019, according to reports from Strategy Analytics, Counterpoint Research, and Canalys. Over the course of the year, the Chinese manufacturer reportedly shipped around 240 million phones, compared to just under 200 million for Apple. Samsung retained its comfortable lead in first place, shipping just shy of 300 million devices. Xiaomi and Oppo rounded out the list of the top five manufacturers.

The jump is especially surprising given Huawei’s continued presence on the USA’s entity list, which prevents the company from installing Google’s apps and services on its new devices, limiting their appeal outside of China. As a result, Huawei’s main strength was in its home country. Counterpoint Research says China accounted for 60% of its sales, allowing its shipments worldwide to increase by 17% between 2018 and 2019 — though not in Q4 specifically.

However, tensions with the US still had an effect. Canalys notes that 2019 could have been the year that Huawei challenged Samsung for the number one smartphone spot, but ultimately this challenge never materialized. It’s unclear when the situation could change in the future.


As ever, it’s the squeeze on “Others” which tells us most about the market. There’s less and less room for smaller players, and most of them are in China – which is decelerating faster than pretty much anywhere. Expect more consolidation.
unique link to this extract

Kuo: Apple to launch AirTags, small charging mat, new iPads and Macs, high-end headphones, and more in first half of 2020 • MacRumors

Joe Rossignol on the latest forecast by well-connected forecaster Ming-Chi Kuo:


Our insight on these products:
• 4.7in iPhone: Apple is widely rumoured to be planning to release a new low-cost iPhone with a similar design as the iPhone 8, including a 4.7in LCD display and a Touch ID home button, but with a faster A13 chip and 3GB of RAM. The device is expected to launch by the end of March, with pricing predicted to start at around $399 in the United States.

• iPad Pro refresh: New models with a triple-lens rear camera system that supports 3D sensing for augmented reality are expected to be unveiled as early as March.

• MacBook Pro/Air refresh: It is unclear if Kuo is referring to the possibility of either a new MacBook Pro or MacBook Air or both, but previous rumours suggest that a 13in MacBook Pro with a scissor switch-based Magic Keyboard will launch in the first half of 2020, following in the footsteps of the 16in MacBook Pro last October. Apple last refreshed the MacBook Air in July 2019 with a True Tone display and a lower $1,099 starting price.

• Ultra Wideband tags: Last year, MacRumors uncovered evidence of Apple working on Tile-like item tracking tags in iOS 13 code, including a potential “AirTags” name. As with iPhone 11 models, Kuo believes the tags will support Ultra Wideband, which would likely make it possible to locate the tags with much greater accuracy than Bluetooth LE and Wi-Fi.

• High-end headphones: Kuo did not provide any details about these headphones beyond claiming that they will support Bluetooth. Bloomberg’s Mark Gurman previously reported that Apple-branded over-ear headphones were under development, but it is unclear if they were canceled, became the Beats Solo Pro, or otherwise. MacRumors has also uncovered evidence of Apple developing new Powerbeats4 headphones, but the existing Powerbeats3 are not considered high end.

• Small wireless charging mat: No further details were shared. Apple canceled its much-anticipated AirPower charging mat last year due to quality concerns. That mat would have been able to charge an iPhone, Apple Watch, and AirPods case simultaneously, regardless of where each device was positioned on the mat and with deep iOS integration.


If the MacBook Air gets scissor switches, Apple’s going to be happy. It sells like crazy, and with a retina screen and new keyboard would be a terrific purchase.
unique link to this extract

Huawei and 5G: UK had little choice but say yes to Chinese – here’s why

Greig Paul is the lead mobile networks and security engineer at the University of Strathclyde:


many 5G core functions may take place in the radio network, making it increasingly harder to define Huawei’s permitted area. And with base stations inherently connected to the network core, there is a limit to the isolation which can be put in place anyway.

Overall, however, the government seems to have been caught between a rock and a hard place: faced with wounding the UK network operators and slowing the 5G roll-out, it has sought a compromise.

To some extent, this is the consequences of deciding too slowly. Had the UK banned Huawei in 2018 like the US and Australia, the mobile operators’ 5G roll-out plans would have been at an earlier stage. The US also compensated some of its networks for the costs of equipment removal.

The UK government is instead looking to the future. Nicky Morgan, the culture secretary, told the House of Lords on January 28 that the government wants to attract established equipment vendors to the UK who are not already present, to support new disruptive entrants, and reduce barriers to market entry.

On established vendors, she may be referring to companies that make radio network equipment but don’t compete aggressively in this space: Samsung, for example. As for new entrants, there may be a hope of enticing players who supply different types of networks, such as Cisco or Juniper. There is also significant potential to innovate in 5G networks. The UK’s Testbeds and Trials programme is enabling this and will continue to do so.

For the time being, the government can hardly be enjoying the fallout from its decision.


So it turns out that kicking the can down the road in 2018 didn’t actually put off the decision; it cemented the decision that would have to be made. Paul calls the outcome “far from ideal”.
unique link to this extract

Avast Antivirus is shutting down its data collection arm, effective immediately • VICE

Jason Koebler:


[Motherboard/PC Mag’s] investigation found that Avast, through a subsidiary called Jumpshot, made millions of dollars following its users around the internet. Jumpshot told its clients, which include Microsoft, Google, McKinsey, Pepsi, Home Depot, Yelp, and many others that it could track “every search. Every click. Every buy. On every site.”

Avast CEO Ondrej Vlcek wrote in a public letter Thursday morning that he and the company’s board of directors have decided to “terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.”

Earlier Thursday, the company announced that it had agreed to buy back a 35% stake in Jumpshot that it sold to the data analytics and marketing company Ascential last year. In July, Avast said that the 35% stake in Jumpshot was worth $60.76m.

Vlcek, who became CEO of Avast seven months ago, said he has spent the first few months of his job “re-evaluating every portion of our business,” and that the Jumpshot revelations had eroded trust in the company: “I feel personally responsible and I would like to apologize to all concerned.”

“I came to the conclusion that the data collection business is not in line with our privacy priorities as a company in 2020 and beyond,” he wrote. “It is key to me that Avast’s sole purpose is to make the world a safer place, and I knew that ultimately, everything in the company would have to become aligned with that North Star of ours.”

Vlcek said that the decision to shut down Jumpshot “will regrettably impact hundreds of loyal Jumpshot employees and dozens of its customer [but] it is absolutely the right thing to do.”


They had hundreds of people working on Jumpshot? I’m guessing not a huge number of them were engineers.
unique link to this extract

Google developing new ‘unified’ communications app for businesses • The Information

Kevin McLaughlin:


Google is working on a mobile application for businesses that brings together the functions of several standalone apps the company already offers, including Gmail and its online storage service Drive. The move could help it compete more effectively with application suites from Microsoft and others, according to two people who have used the application and three people briefed about it.

The new mobile app, which is currently being tested internally at Google, also includes Hangouts Meet, Google’s video conferencing app and Hangouts Chat, a real-time message app, according to the people. Thomas Kurian, the CEO of Google’s cloud unit, discussed the new app at a conference held in mid-January for the unit’s salespeople and business partners, according to two of the people. The new app is expected to be part of G Suite, the collection of online productivity software that is overseen by the cloud unit, known as Google Cloud.


Some readers may not have heard of Google Wave, which is no surprise; Google launched it as a “collaboration and real-time communication” product in September 2009, and gave up on it in August 2010, making it the shortest-lived Google communications product ever, while also being as comprehensible as the Voynich manuscript.

Now it seems to be trying to reinvent it, or Lotus Notes, another appalling portmanteau comms offering. Did we mention that the new Google app will also be able to open your Calendar? Start your betting on how long this one will last.
unique link to this extract

How Amazon escapes liability for the riskiest products on its site • The Verge

Colin Lecher:


what happened next was the best-case scenario for [Wendy]Weintraub [whose house burned down after a hairdryer she bought from Amazon developed a fault]. While she had to leave her house, the insurance company paid for the reconstruction costs and for a rental house while contractors handled the repairs. She’s since been able to move back in. The insurance company, however, has sued both the hair dryer manufacturer and Amazon to recover the money, asking a court to order reimbursement of more than $850,000.

The suit has been tied up in court and may raise the question of what, exactly, Amazon is. For years, the online retail company has argued that many of its customers are simply passing through to use its platform — that the buyer and seller of the product are connecting, and Amazon is merely a passing intermediary.

The argument has given Amazon a crucial legal defense, allowing it to completely sidestep the liability that conventional retailers face. For the most part, courts have been satisfied by the claim, and Amazon has been able to expand its third-party seller business into hundreds of billions of dollars in sales.

Recently, though, that wall has shown signs of fracturing. Some courts and scholars have questioned exactly how far those protections should go, and whether Amazon is truly as hands-off a player as it would like to seem.

“They’re taking affirmative steps to lure the consumer into buying their products or their manufacturer’s products,” says Dennis Crawford, the attorney who is representing Weintraub’s insurance company in its case against Amazon.

The question is: who’s really at fault?


Key question as Amazon in particular becomes a larger and larger part of retail. Does that mean that decades of retail law simply gets thrown away? Even asking the question makes it clear how Amazon, and its Marketplace, is undermining consumer safety.
unique link to this extract

Congress urges Google to act against climate misinformation on YouTube • CNBC

Jennifer Elias:


Congressmembers are calling for Google to take action against climate disinformation.

The U.S. House Select Committee on the Climate Crisis wrote a letter addressed to Alphabet CEO Sundar Pichai, requesting the company take action against climate disinformation — specifically on its video platform, YouTube.

“YouTube has been driving millions of viewers to climate misinformation videos every day, a shocking revelation that runs contrary to Google’s important missions of fighting misinformation and promoting climate action,” wrote Kathy Castor, chair of the committee.′ “Last September, you proudly declared that ‘sustainability has become one of Google’s core values from our earliest days,’ and announced ‘the biggest corporate purchase of renewable energy in history.’”

Google did not immediately respond to requests for comment.

The letter comes as YouTube, which is one of Google’s largest businesses, faces scrutiny over the spread of hateful content and misinformation on its platform. In recent months, Google has updated policies to try and stem that – especially as the 2020 presidential elections near. The company delayed its reaction to curbing misinformation among political ads following backlash late last year.


I think Google might take issue with the idea that its missions including fighting misinformation. Even though they should.
unique link to this extract

With two weeks to go, Samsung’s Unpacked is already dead on arrival • SamMobile

“Danny D”:


Even if Samsung can ensure that nothing gets out from its facilities or that its employees don’t say a word about an unreleased device, it can do little to control what leaks from its suppliers’ factories, or what carrier executives who are briefed on new devices choose to reveal anonymously.

What it can do is control what multimedia content is sent to partners ahead of a flagship launch. If that were the case, we wouldn’t get to see high-resolution press renders of new devices weeks before they’re supposed to be unveiled at Unpacked. The consequence of this is that the element of surprise is taken away from Samsung. Anything that it shows off for the “first time” during its press event evokes a solid meh from the crowd and those watching at home because they’ve already seen it. This is the age of information. People consume more content online than ever before. Even those who don’t read news blogs will end up seeing a clickbaity YouTube video that rehashes the same stuff in a more entertaining format.

There used to be a time when people were actually excited about these product launch events. You would get to see products that you had only heard conflicting rumors about and hear all of their details straight from the company that made them. That has no longer been the case over the past few years. Not only high-resolution renders, but even entire spec sheets of new flagships have also leaked online weeks before launch…

…I have attended all Unpacked events ever since I started SamMobile, partly because of work and largely because as a fan it gave me great pleasure to see new devices being unveiled up close. Despite making all travel arrangements weeks in advance, I have now decided to skip the February 11 Unpacked, because with a full two weeks to go the event is already dead on arrival.


As Apple still knows: the element of surprise still has value, even in this saturated media world.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

8 thoughts on “Start Up No.1234: Facebook pays up for facial recognition, Huawei chases Samsung, Avast dumps Jumpshot, is Google Wave-ing again?, and more

  1. “Now it seems to be trying to reinvent it, or Lotus Notes, another appalling portmanteau comms offering. Did we mention that the new Google app will also be able to open your Calendar? Start your betting on how long this one will last.”

    This is probably a response to Microsoft Teams, which has already reinvented Google wave (except, not really) and is being pushed on many businesses. Some of them even use it.

    • We’re supposed to be using Teams in the office, but nearly everyone prefers to use Skype for business instead (I asked IT why they didn’t simply remove Skype and they said it was the easiest way to remotely check someone’s machine, as the other software they have didn’t work very well, so they didn’t want it to go). And there’s almost three different ways to comment on a word file in teams which is a completely different headache (as they are incompatible with each other).

  2. Other reasons to want a VPN:
    1- Secure your non-https traffic, such as app-specific traffic. Even if all the Web had moved to https (it hasn’t), remember all those reports about apps sending data in the clear that we still get about monthly ?
    2- Yes, that includes DNS traffic, ie the meta data about which sites/servers you visit/use if not the actual data those sites/servers send you. You seem to think only oppressive governments are tracking that ?
    3- Some VPNs bundle adblocking and trackblocking and malware scanning on top of the basic “change all my discrete, identifiable, maybe unencrypted requests to the servers I use to one single encrypted flow from me to the VPN” functionality.

    You’re welcome.

    • 1) there are criteria for sending credit card data: has to be encrypted. Apps that send sensitive data in the clear – can you specify some from the past year?
      2) DNS tracking: why should I worry about that if I’m on public Wi-fi? The VPN will be able to track that too; numerous hackers have been caught by VPN logs. And if I really want to use HTTPS over DNS, I don’t need a VPN.
      3) what they bundle is just an upsell. Adblocking is free, malware scanning is built into Windows, mostly unneeded on Mac.
      You haven’t made a case for what the adverts say is the risk: “bad people and somehow your credit cards”. Listen to the ads and realise that they’re selling a threat that doesn’t exist.

      • You’re assuming. I don’t listen to ads about VPNs. I don’t see them either. As FastCompany says, as VPN is …
        1- It’s not just about credit card data, but about everything. Https is fine for securing Web data, which is not all Internet data. A lot of data travels not over Http/Https, but directy from an app, or from a browser plug-in. From the first page of a Google search (lots of noise) :
        Why do you think companies pay for VPNs if they are pointless ? For fun ?
        2- Why shouldn’t we worry about any third party having access to your DNS (actually, not just DNS, DNS is just an intermediate step before connecting to a server’s IP adress) connections ? Just knowing which bank you use, or that you’re currently away, or that you visited an objectionable site (for various values of objectionable: political, religious, moral…) is misusable info. Yes DoH hides DNS traffic, though not the actual IP adresses you connect to so in the end doesn’t hide much just raises the bar to discover which sites/servers you connect to. Yes, the VPN knows all you’re doing that isn’t separately encrypted, so the choice of your VPN provider is key and free ones are of course the worst.
        3- Yes, a bundle is an upsell. Not sure why “just”, an upsell isn’t necessarily bad, see AC in cars, anti-skid used to be an upsell too. Adblocking isn’t free, at minimum it costs the price of a Rapberry Pi and a few hours, or of a reverse firewall/reverse proxy. You’re confusing “the Web” and “”the Internet”. Ad-blocking *in the browser* isn’t the same as system-wide adblocking, the difference is: all apps that aren’t the browser. Malware scanning would be needed on the Mac too, apparently 10% of mac users have just that one:

        In the end, when you’re on an unknown network, the choice is:
        1- No VPN. Unknowns can easily get the metadata oft every server you connect to, where you connect from, and any data that isn’t encrypted or that has faulty encryption. In the case of the Web, they get to see the sites you go to, though not the individual pages and not the actual content of the pages/webapps, unless an addon is leaking or a site is non or partially https. In the case of the non-Web Internet (ie ,all apps that aren’t a browser), it entirely depends on what each individual app is doing. Most are closed-source so we don’t know, and we get the fun camera hacks (say you connect to your unsafe home camera from an unsafe wifi… any listener now knows which camera you have and how to reach it)
        2- A VPN: None of that. Data and Metadata from any source (browser, app) are obfuscated. No one on that unsafe network can get any info about the sites/servers you connect to, nor any of the data that is exchanged no matter how unsecured that data is.

        That’s a huge difference from both the privacy and security angles. And that’s before taking into account that many trusted networks shouldn’t be, ISPs are reselling browsing metadata, inserting ads (rendered impossible by https, but still possible on anything that isn’t encrypted). And your traffic can still travel through unknown parts of the Internet, so whether at home or on a public wifi doens’t, in theory, make a huge iddference. A VPN provides benefits not just when on an unknown network, but also at home.

        I find this whole discussion weird. Are you bothered because I said any company serious about security and privacy would provide a VPN, and Apple doesn’t ?

      • “I don’t listen to ads about VPNs. I don’t see them either.”

        But you’re very happy to push your opinion of what you think ought to be in them, and ignore what the discussion is about, which is what the ads say. That’s what it’s about: what are the adverts telling people?
        Declining to research the topic, but throwing in your opinion – very Dunning-Kruger.

      • You think watching ads is research ? This explains a lo of our disagreements. I’ve read way more then average about networks and that includes VPNs, thank you. Sorry, not ads but books and articles, even a couple of classbooks.

        Also, what about addressing the points I make, instead of going for… I don’t know, this isn’t even ad hominem…

        The discussion isn’t about what the ads say. You made very specific, and very wrong, statements about what VPNs are good (or, rather, ungood) for.

        The EFF guy’s statements can be understood if we limit the context to web only. Your generalizations and assertions from that can’t be understood at all. See my points. Sorry they don’t come from ads.

      • I think listening to ads is research when the reference is to a quotation that reads “every time I’m listening to a podcast and hear an advert for a VPN which talks about “risks” and “credit cards” and “public Wi-Fi” I grind my teeth”.

        If you then blather on about what you can use a VPN for, you’re missing the point. And to then ask “Why do you think companies pay for VPNs if they are pointless” suggests you know nothing about intranets or their relative security compared to the wider web. If you think you were making a rhetorical point because you know the answer aaaaactualllllly, I’ll say: that form of rhetorical argument long ago became extremely tedious, because it lets idiots pretend to be educated when people then supply the answer and the idiot says “Yeah, I knew that, I was just trying to see if you knew.” If you know it, say it. But actually, don’t, because it’s not relevant to the topic which is what you hear in ads about VPNs.

        If you haven’t heard the ads, then you have no idea what I’m talking about, and should not post about it.

        This is the second time I’ve considered setting Akismet to automatically bin your comments. I don’t go past three.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.