Can’t hack this – unlike the app called Voatz, which turns out to have huge security holes. CC-licensed photo by Keith Bryant on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

U.S. charges China’s Huawei with racketeering and conspiracy to steal US trade secrets in new indictment • The Washington Post

Jeanne Whalen:

»

The new charges accuse Huawei and its subsidiaries of a decades-long effort to steal intellectual property from U.S. tech companies, including by offering Huawei employees bonuses for obtaining confidential information, the U.S. Attorney for the Eastern District of New York said Thursday.

Huawei’s actions violated the Racketeer Influenced and Corrupt Organizations Act, or RICO, prosecutors said.

An indictment filed in federal court in Brooklyn also includes new allegations about the activities of Huawei and its subsidiaries in Iran and North Korea, countries subject to sanctions by the U.S., the European Union or the United Nations.

A Washington Post report last year detailed Huawei’s secret efforts to help the North Korean government build and maintain a wireless telecommunications network. Huawei is one of the world’s largest manufacturers of telecom equipment and smartphones.

Huawei didn’t provide an immediate comment Thursday.

The new indictment represents an escalation of a case announced last year, when federal prosecutors charged Huawei and its chief financial officer, Meng Wanzhou, with bank and wire fraud.

«

This is seriously ramping up the pressure on Huawei. No Google, and the aim here is to scare not just American companies, but others too away from working with it: if it’s put on the sanctions list for dealing with North Korea, things will get worse still.
unique link to this extract

---

A thorn in YouTube’s side digs in even deeper • The New York Times

Kevin Roose:

»

Rather than swearing off YouTube, [Carlos] Maza, who is a New York-based socialist, decided to seize the means of his own video production.

“I’m going to use the master’s tools to destroy the master’s house,” he said in an interview. “I want to build up an audience and use every chance I get to explain how destructive YouTube is.”

It’s not rare for YouTubers to criticize YouTube. (In fact, among top creators, it’s practically a sport.) But Mr. Maza’s critique extends to the traditional media as well. He believes that media outlets have largely failed to tell compelling stories to a generation raised on YouTube and other social platforms, and that, as a result, they have created a power vacuum that bigots and extremists have been skilled at filling.

“On YouTube, you’re competing against people who have put a lot of time and effort into crafting narrative arcs, characters, settings or just feelings they’re trying to evoke,” he said. “In that environment, what would have been considered typical video content for a newsroom — news clips, or random anchors generically repeating the news with no emotions into a camera — feels really inadequate and anaemic.”

…YouTube can be harsh terrain for a professional leftist. The site is nominally open to all views, but in practice is dominated by a strain of reactionary politics that is marked by extreme skepticism of mainstream media, disdain for left-wing “social justice warriors” and a tunnel-vision fixation on political correctness.
In recent years, some progressive YouTubers have tried to counter this trend by making punchy, opinionated videos aimed at left-wing viewers. BreadTube, a loose crew of socialist creators who named themselves after a 19th-century anarchist book, “The Conquest of Bread,” has made modest stars out of leftists like Natalie Wynn, a YouTube personality known as ContraPoints, and Oliver Thorn, a British commentator known as PhilosophyTube.

But these creators are still much less powerful than their reactionary counterparts. Mr. Maza attributes that gap to the fact that while a vast network of well-funded YouTube channels exists to push right-wing views, liberal commentary is still mainly underwritten by major news organizations, which have been slower to embrace the highly opinionated, emotionally charged style of content that works well on YouTube.

“People understand the world through stories and personalities,” he said. “People don’t actually want emotionless, thoughtless, viewpoint-less journalism, which is why no one is a Wolf Blitzer stan.”

«

(A “stan” is someone who’s a mad fan. It’s not short for “stand” – it’s from the Eminem song of the same name.)
unique link to this extract

---

NASA spots ‘potentially hazardous’ asteroid rapidly approaching Earth • IGN

Adele Ankers:

»

NASA has confirmed that an asteroid larger than the tallest man-made structure in the world is currently travelling towards Earth at a speed of almost 34,000 miles per hour. Thankfully, it’ll likely miss us by a few million miles.

According to International Business Times, NASA’s Center for Near-Earth Object Studies (CNEOS) identified that the “potentially hazardous” asteroid could come close to intersecting with our planet’s path on [Saturday] February 15, 2020, at 6:05 a.m. (EST).

“Potentially Hazardous Asteroids (PHAs) are currently defined based on parameters that measure the asteroid’s potential to make threatening close approaches to the Earth,” NASA said in a statement.

The colossal space rock, which is expected to pass over our planet from a distance of around 3.6 million miles, is estimated to have a diameter of around 3,250 feet, making it large enough to potentially “trigger a nuclear winter and mass extinction events” should it collide with Earth.

«

If you want to worry Bruce Willis and Ben Affleck, Nasa has a list of the PHAs. There’s one every day for the next few days. Just, you know, if that would help.
unique link to this extract

---

‘Sloppy’ mobile voting app used in four states has ‘elementary’ security flaws • VICE

Kim Zetter:

»

A mobile voting app being used in West Virginia and other states has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server, new research reveals.

An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday.

The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system.

The research was conducted by Michael Specter and James Koppel, two graduate students in MIT’s Computer Science and Artificial Intelligence Lab, and Daniel Weitzner, a research scientist with the lab.

Election security experts praised the research and said it shows that long-held concerns about mobile voting are well-founded.

«

Come on, a voting app called “Voatz”? It’s so cheesy. It’s like Steve Martin’s comic routine about what you call a bank. “You don’t call it ‘Fred’s Bank’. Nobody’s going to put their money in that. You call it ‘Security First Trust And Federal Reserve’.”
unique link to this extract

---

Brave uncovers widespread surveillance of UK citizens by private companies embedded on UK council websites • Brave

Johnny Ryan is chief policy officer at Brave, an independent browser:

»

“Surveillance on UK council websites”, a new report from Brave, reveals the extent of private companies’ surveillance of UK citizens when they seek help for addiction, disability, and poverty from their local government authorities.

None of the data collecting companies recorded in this study had received consent from the website visitor to lawfully process data. 

• Nearly all councils in the UK permit at least one company to learn about the behaviour of people visiting their websites
• People seeking information about disability, poverty, drugs and alcoholism services are profiled by data brokers on some council websites
• 198 council websites in the UK use the “real-time bidding” (RTB) form of advertising. Real-time bidding is the biggest data breach ever recorded in the UK. Though illegality is not in dispute, the UK Information Commissioner (ICO) has failed to act
• Google owns all five of the top embedded elements loaded by UK council websites, giving it the power to know what virtually anyone in the UK views on council sites
• Over of a quarter of the UK population is served by councils that embed Twitter, Facebook, and others on their websites, leaking data about what sensitive issues people read about to these companies.

«

Hard to believe that none of the companies had consent from the visitor; isn’t that why we’re always clicking cookie settings?
unique link to this extract

---

Mac malware is growing, but there are three important riders • 9to5Mac

Ben Lovejoy:

»

Macs are not generally vulnerable to what we traditionally classify as malware: that is, code which can do nasty things like delete files, or encrypt your drive for a ransomware attack. Apple’s protections against this type of attack are extremely strong.

Macs are mostly only vulnerable to so-called adware. This does things like redirect searches or load tabs automatically to earn ad revenue for the attacker.

This is something Malwarebytes itself acknowledges when you get into the detail:

»

Macs differ drastically from Windows in terms of the types of threats seen. Where we found several different categories and families in our top detections of Windows threats that classify as traditional malware , especially those aimed at businesses, most Mac threats, and certainly the most prevalent ones of 2019, are families of adware and potentially unwanted programs (PUPs) […]

Among the top 10 Mac threats (for both consumers and businesses) are a mix of PUPs and adware. The PUPs are a variety of mostly “cleaning” apps that have been determined as unwanted not just by Malwarebytes, but by the Mac user community at large, [two of the best-known examples being] MacKeeper and MacBooster.

«

Mac malware is growing mostly due to one app.

Until last year, the top two Mac adware apps had detected installations numbered in the low hundreds of thousands. In 2019, however, one new piece of adware was detected 30 million times! That’s your dramatic growth right there: one app.

«

The graphic (on p25 of the report) shows that two malware apps comprise about 66% of instances. NewTab is the worst, a browser extension that redirects and is delivered via junky apps. And the oldest piece of malware is six years old.
unique link to this extract

---

Popular preprint servers face closure because of money troubles • NAture

Smriti Mallapaty:

»

INA-Rxiv, ArabiXiv, AfricArxiv and IndiaRxiv are run by volunteers around the world, but the servers are hosted online by the non-profit Center for Open Science (COS), based in Charlottesville, Virginia. The centre’s platform hosts 26 repositories, including more than a dozen that are discipline-specific.

In December 2018, the COS informed repository managers that from 2020, it would be introducing fees, charged to repository managers, to cover maintenance costs. The charges, which were finalized last December, start at about US$1,000 a year, and increase as repositories’ annual submissions grow.

The costs can be significant, particularly for repositories run by volunteers in emerging economies. Dasapta Erwin Irawan, a hydrogeologist at the Bandung Institute of Technology who helped set up INA-Rxiv, says his repository received more than 6,000 submissions between July 2018 and June 2019, so the fees will come to about $25,000 per year, which he cannot afford. After unsuccessfully trying to raise money from the Indonesian government, he has decided to wind down the service and close it, although he has not yet set an end date.

INA-Rxiv is one of the most popular archives on the COS’s platform; it has drawn more than 16,500 submissions, including preprints and conference papers. Until INA-Rxiv closes, Irawan says, he will limit the number of submissions he accepts, to reduce costs.

«

Seems pricey for what seems like a low number of submissions.
unique link to this extract

---

Car ‘splatometer’ tests reveal huge decline in number of insects • The Guardian

Damian Carrington:

»

Two scientific studies of the number of insects splattered by cars have revealed a huge decline in abundance at European sites in two decades.

The research adds to growing evidence of what some scientists have called an “insect apocalypse”, which is threatening a collapse in the natural world that sustains humans and all life on Earth. A third study shows plummeting numbers of aquatic insects in streams.

The survey of insects hitting car windscreens in rural Denmark used data collected every summer from 1997 to 2017 and found an 80% decline in abundance. It also found a parallel decline in the number of swallows and martins, birds that live on insects.

The second survey, in the UK county of Kent in 2019, examined splats in a grid placed over car registration plates, known as a “splatometer”. This revealed 50% fewer impacts than in 2004. The research included vintage cars up to 70 years old to see if their less aerodynamic shape meant they killed more bugs, but it found that modern cars actually hit slightly more insects.

“This difference we found is critically important, because it mirrors the patterns of decline which are being reported widely elsewhere, and insects are absolutely fundamental to food webs and the existence of life on Earth,” said Paul Tinsley-Marshall from Kent Wildlife Trust. “It’s pretty horrendous.”

«

The problem is that there’s no way to know what we, the ordinary public, should do about this, apart from worry.
unique link to this extract

---

The chaos at Condé Nast • The New York Times

Katherine Rosman:

»

Since 2009, Condé Nast has gone from publishing 22 magazine brands (including one digital-only publication) to 16 magazine brands (six of which are digital only). In 2017, the company had about $120m in losses.

Mr. Peres’s reign seems to have epitomized the bloated pride before the fall. Founded by Annie Flanders as a scrappy downtown magazine in 1982, Details had gone through several iterations before being taken over by Fairchild, which was ultimately moved under the Condé Nast umbrella. With Mr. Peres as editor, the magazine was retooled as a manual for a metrosexual clinging to a certain frat boy quality, lest you call him gay.

Details had for a time what Tina Brown always used to call “buzz,” with cover models like Robert Downey Jr., Kevin Federline (twice!) and Ben Affleck. It was not so filled with ads that it was a doorstop, like the flagship magazines Vogue and Vanity Fair, but it was still robust.

Freelance journalists wanted to contribute to Details (I was one, reporting a profile of Patrick Kennedy for it in 2001), and the magazine won awards for its design.

Condé Nast, which also then regularly published the magazines Gourmet, Jane, Lucky and Domino, had become famous through shows like HBO’s “Sex and the City.” The company was known for around-the-block Town Cars filled with enigmatic editors who lunched at New York restaurants like the Four Seasons and enjoyed clothing expense accounts and interest-free mortgages provided by their employer.

After being summoned at 28 from Paris where he had worked as a writer and editor for W magazine and given the top job at Details, Mr. Peres lived subsidized for months in the Morgans Hotel. Once, he trashed his room because he couldn’t find his Vicodin; he blamed the housekeeper for stealing his drugs.

«

The amazing thing that emerges from this story is that everyone who ever worked at Conde Nast seems to be writing a memoir about how amazing it was and how much they miss it. You can see why they think that.
unique link to this extract

---

Apple Pay on pace to account for 10% of global card transactions • Quartz

John Detrixhe:

»

Apple’s mobile wallet is gobbling up a growing chunk of card payments around the world. As the service grows, it’s becoming a greater challenge to rivals like PayPal and attracting the attention of competition watchdogs.

Apple Pay accounts for about 5% of global card transactions and is on pace to handle 1-in-10 such payments by 2025, according to recent trend data compiled by Bernstein, a research firm. “There are indeed plenty of reasons to worry that Apple may attempt to disrupt the payments ecosystem,” Bernstein analysts, led by Harshita Rawat, wrote in a research note.

«

My initial reaction to this was “that’s got to be nonsense – someone at Bernstein has dropped a few zeros.” The story says digital payments are about $1trn in revenue, while Visa and Mastercard process more than $14trn annually, and growing.

But: assume 750m iPhone users globally (slightly under the figure estimated by Neil Cybart of Above Avalon, around the number that most people use for handy calculations). For Apple Pay to be 5% of the $1trn would make it the avenue for $50bn of transactions. Crazy? But that’s only $66 per iPhone per year paid by Apple Pay. Given its lack of payment limit, a few big spenders buying big-ticket items (such as iPhones on their Apple Credit Card, on which they get cashback) could easily make up for large numbers of non-Apple Pay users.

OK, what about the bigger, $14trn number? Well: 5% of $14trn is $700bn, or $933 per iPhone per year. Now you definitely need your big spenders to make up for those who don’t use Apple Pay, but it’s feasible: assume one user for every two non-users (so an Apple Pay user base of 250m), and it’s $2,800 per year, or a bit more than $50 every week. Some people spend that much on coffee per week. Little things add up.
unique link to this extract

---

Errata, corrigenda and ai no corrida: none notified