Start Up No.1259: Clearview’s life as a secret toy, Folding@Home fights Covid-19, the brain’s sleep-rinse cycle, Apple out of SXSW, and more

Ten years after this, Facebook has removed misleading “census” ads by the Trump campaign – but only after external pressure CC-licensed photo by Chris on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Now wash your hands. I’m @charlesarthur on Twitter. Observations and links welcome.

Before Clearview became a police tool, it was a secret plaything of the rich • The New York Times

Kashmir Hill:


One Tuesday night in October 2018, John Catsimatidis, the billionaire owner of the Gristedes grocery store chain, was having dinner at Cipriani, an upscale Italian restaurant in Manhattan’s SoHo neighborhood, when his daughter, Andrea, walked in. She was on a date with a man Mr. Catsimatidis didn’t recognize. After the couple sat down at another table, Mr. Catsimatidis asked a waiter to go over and take a photo.

Mr. Catsimatidis then uploaded the picture to a facial recognition app, Clearview AI, on his phone. The start-up behind the app has a database of billions of photos, scraped from sites such as Facebook, Twitter and LinkedIn. Within seconds, Mr. Catsimatidis was viewing a collection of photos of the mystery man, along with the web addresses where they appeared: His daughter’s date was a venture capitalist from San Francisco.

“I wanted to make sure he wasn’t a charlatan,” said Mr. Catsimatidis, who then texted the man’s bio to his daughter.

Ms. Catsimatidis said she and her date had no idea how her father had identified him so quickly. “I expect my dad to be able to do crazy things. He’s very technologically savvy,” Ms. Catsimatidis said. “My date was very surprised.”

…for more than a year before the company became the subject of public scrutiny, the app had been freely used in the wild by the company’s investors, clients and friends.

Those with Clearview logins used facial recognition at parties, on dates and at business gatherings, giving demonstrations of its power for fun or using it to identify people whose names they didn’t know or couldn’t recall.


Once you hear about this, it totally makes sense: a secret toy for the rich. Hill has done amazing journalism on this.
unique link to this extract

How to stop ‘god mode’ abuse • OneZero

Owen Williams:


because impersonation tools provide little value to users, they can be the last tools to be improved or restricted as a growing company scrambles to keep customers happy. Though many companies do appropriately lock down access to user accounts as they grow, it’s not uncommon for impersonation tools to be left in their uncontrolled or companywide default for years until a security incident like Uber’s causes the company to change the way it’s implemented.

While large companies like Facebook have said they now have “rigorous administrative, physical, and technical controls in place to restrict employee access,” it’s telling that as a user of the service, there’s no way to actually know when someone internally accesses your account. While abusing such tools is the “easiest way to get fired” from the company, according to VentureBeat, such processes are invisible, and we must trust that Facebook actually audits this.

There are easy ways to make impersonation tools safer for customers. Some services require the user to specifically invite administrators in before they can access an account. Others, including Uber after the God mode scandal, require employees to make a request for access to security staff, with detailed notes, which is manually granted and logged internally.

If development frameworks were to take a stance on this, it would change the way services are built from the very beginning.


One tends not to think about this, but it’s so important. Uber and Twitter (where there were Saudi Arabian infiltrators) are the classic examples.
unique link to this extract

Folding@home takes up the fight against COVID-19 / 2019-nCoV • Folding@home

Greg Bowman:


We need your help! Folding@home is joining researchers around the world working to better understand the 2019 Coronavirus (2019-nCoV) to accelerate the open science effort to develop new life-saving therapies. By downloading Folding@Home, you can donate your unused computational resources to the Folding@home Consortium, where researchers working to advance our understanding of the structures of potential drug targets for 2019-nCoV that could aid in the design of new therapies. The data you help us generate will be quickly and openly disseminated as part of an open science collaboration of multiple laboratories around the world, giving researchers new tools that may unlock new opportunities for developing lifesaving drugs.


So now that SETI@Home is shuttered, here’s a new thing to do with those spare computing cycles.
unique link to this extract

Facebook allows Trump campaign to run deceptive census ads [UPDATED] • Popular Information

Judd Legum:


As the real 2020 Census approaches, media coverage stresses the importance of participating in the 2020 Census. The Trump ad exploits this sense of civic duty to collect American’s personal information. 

After filling out the form, users are asked to make a donation to the Trump campaign.

This ad campaign appears to be a direct violation of Facebook’s stated policy. That policy bans “misleading information about when and how to participate in the census.” These ads deliberately mislead users into believing they can fill out the 2020 Census by clicking this Facebook ad. 

But a Facebook spokesperson told Popular Information that the Trump campaign Census ads do not violate its policy. Why? According to Facebook, it is clear the Trump campaign ads are not about the official Census because the ads also reference his campaign.

Vanita Gupta, president of The Leadership Conference on Civil and Human Rights, a coalition of 200 civil rights groups, helped Facebook create its Census policy. She strongly disagreed with Facebook’s decision.

Gupta told Popular Information that Trump campaign ads violate Facebook’s policy, and the company has an obligation to remove them.


And now read on… (or just read Legum’s whole, updated, post).
unique link to this extract

Facebook removes Trump campaign ads, citing census interference policy • WSJ

Emily Glazer and Janet Adamy:


Facebook removed Trump campaign ads that referred to a census, saying they violated a company policy aimed at preventing disinformation and other interference with the nationwide 2020 census, which goes online next week.

The ads, which began running on the social network this week, asked people to take the “Official 2020 Congressional District Census” and then directed users to a website for fundraising to support Mr. Trump’s reelection. “The information we gather from this survey will help us craft our strategies for YOUR CONGRESSIONAL DISTRICT,” the ads said.

Facebook said Thursday that it was the first time the company removed a Trump campaign ad for violating its census interference policy. “There are policies to prevent confusion around the U.S. Census, and this is an example of those being enforced,” a Facebook spokesman said.

The ads were paid for by Trump Make America Great Again Committee, a joint fundraising committee of Donald J. Trump for President Inc. and the Republican National Committee. Spokespeople for Mr. Trump’s reelection effort didn’t respond to requests for comment.


So there are limits to the lies you can tell in political ads on Facebook. It’s not a big step from here to getting ads pre-approved. After all, how many people have seen these? Since it doesn’t pre-approve ads, what would have happened if Legum hadn’t alerted them? What happens if Trump’s team try to do the same ads, tweaked? What wording is acceptable?

Facebook has been blithely playing with fire on political advertising for years. It’s had four years to think about what it got wrong, and yet Zuckerberg is carrying on as though everything’s fine. It really isn’t.
unique link to this extract

Discovering the brain’s nightly “rinse cycle” • NIH Director’s Blog



Getting plenty of deep, restful sleep is essential for our physical and mental health. Now comes word of yet another way that sleep is good for us: it triggers rhythmic waves of blood and cerebrospinal fluid (CSF) that appear to function much like a washing machine’s rinse cycle, which may help to clear the brain of toxic waste on a regular basis.

The video uses functional magnetic resonance imaging (fMRI) to take you inside a person’s brain to see this newly discovered rinse cycle in action. First, you see a wave of blood flow (red, yellow) that’s closely tied to an underlying slow-wave of electrical activity (not visible). As the blood recedes, CSF (blue) increases and then drops back again. Then, the cycle—lasting about 20 seconds—starts over again.

The findings, published recently in the journal Science, are the first to suggest that the brain’s well-known ebb and flow of blood and electrical activity during sleep may also trigger cleansing waves of blood and CSF. While the experiments were conducted in healthy adults, further study of this phenomenon may help explain why poor sleep or loss of sleep has previously been associated with the spread of toxic proteins and worsening memory loss in people with Alzheimer’s disease.

In the new study, Laura Lewis, Boston University, MA, and her colleagues at the Martinos Center for Biomedical Imaging, Massachusetts General Hospital, Boston. recorded the electrical activity and took fMRI images of the brains of 13 young, healthy adults as they slept. The NIH-funded team also built a computer model to learn more about the fluid dynamics of what goes on in the brain during sleep.


But how long do we need, and how much cleansing needs to go on? No info on that.
unique link to this extract

Jack Dorsey is reconsidering Africa move amid coronavirus and activist investor threats • The Verge

Nick Statt:


Twitter CEO Jack Dorsey is reevaluating his plans to spend part of the year in Africa, telling a crowd at a Morgan Stanley conference on Thursday that he may no longer be traveling to the continent amid on the ongoing coronavirus outbreak and what Dorsey worded as “everything else going on.”

That “everything else” is likely the open threat to his removal from activist investor Elliott Management Corporation, which last week purchased a 4% share in the company with the intention of nominating four members to its board and replacing Dorsey as CEO.

Dorsey now characterizes announcing the Africa decision without any proper context as a “mistake.” He went on to clarify that, as one of the most populated continents over the next few decades, Africa will be a “huge opportunity” for young people to join the platform and that Twitter will be exploring options in Africa in the future. But it sounds like the plan to move there for part of the year is far less likely now.


Better late to be sensible than never.
unique link to this extract

Congress introduces EARN IT Act limiting websites’ Section 230 shield • The Verge

Ari Robertson:


Senators have proposed a law requiring websites to actively fight child exploitation or risk losing legal protections. The bill, Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act, was introduced by Sens. Lindsey Graham (R-SC), Josh Hawley (R-MO), Dianne Feinstein (D-CA), and Richard Blumenthal (D-CT) today. It would establish a new government commission composed of administration officials and outside experts, who would set “best practices” for removing child sexual exploitation and abuse material online.

The principles are theoretically voluntary, but if companies don’t comply, they can be held legally responsible for that content — losing some protections provided by Section 230 of the Communications Decency Act. They can maintain immunity if they establish that they have “other reasonable practices” in place.

A draft of the EARN IT Act circulated in late January, and it was met with alarm by privacy advocates and some tech companies. The draft bill gave the committee wide latitude to make rules governing online platforms, and it gave the Justice Department substantial influence over the committee. It was widely seen as an attack on encryption since the “best practices” could include a backdoor giving law enforcement access to users’ private conversations.


unique link to this extract

Apple pulls out of SXSW 2020 over coronavirus concerns • Variety

Todd Spangler:


Apple is no longer participating in the SXSW 2020 festival, as concerns heighten over the spread of the coronavirus (COVID-19), Variety has confirmed.

The tech giant had been set to premiere three new Apple TV Plus originals at the 2020 SXSW Film Festival, including Spike Jonze’s documentary film “Beastie Boys Story,” and also was scheduled to host a discussion of Apple’s “Little America” with docuseries creators Kumail Nanjiani and Emily V. Gordon. Those have now been cancelled.

Apple joins others that have backed out of attending this year’s SXSW, including Amazon Studios, Facebook, Twitter, TikTok, Mashable and Intel.

Organizers of SXSW continue to say the annual music, technology and entertainment festival in Austin, Texas, is still on for March 13-22. On Wednesday, officials for the city of Austin said the festival will still go forward. “Right now there’s no evidence that closing South by Southwest or other activities is going to make this community safer,” Mark Escott, the interim medical director and health authority for Austin Public Health said a press conference per CNN, adding, “We’re constantly monitoring that situation.”


It’s only a week away; the question is whether it will sneak under the wire, or whether it’ll somehow be a rolling disaster.
unique link to this extract

Pesticides impair baby bee brain development •


Imperial College London researchers used micro-CT scanning technology to reveal how specific parts of bumblebee brains grew abnormally when exposed to pesticides during their larval phase.

Most previous studies have tested the effects of pesticide exposure on adult bees because these individuals directly collect pesticide-contaminated nectar and pollen. However, this study shows that baby bees can also feel the effects of the contaminated food brought back to the colony, making them poorer at performing tasks later in life.

Lead researcher Dr. Richard Gill, from the Department of Life Sciences at Imperial, said: “Bee colonies act as superorganisms, so when any toxins enter the colony, these have the potential to cause problems with the development of the baby bees within it.

“Worryingly in this case, when young bees are fed on pesticide-contaminated food, this caused parts of the brain to grow less, leading to older adult bees possessing smaller and functionally impaired brains; an effect that appeared to be permanent and irreversible.”


unique link to this extract

is it canceled yet?


Want to know if that conference is cancelled? Just scroll down.


I like “TED conference” being “uh oh” (which turns out to be “delay or go digital”). But, at the same time, there’s a lot of money being lost here which won’t be seen by those organisers.
unique link to this extract

2020.02.29 CAA Rechecking Bug • Let’s Encrypt Community Support

“Josh” is the ISRG executive director at Let’s Encrypt:


We announced the plan to revoke because even though the vast majority of the certificates in question do not pose a security risk, industry rules require that we revoke certificates not issued in full compliance with specific standards. These rules exist for good reasons. We work hard to comply with them and have an excellent track record for doing so.

Since that announcement we have worked with subscribers around the world to replace affected certificates as quickly as possible. More than 1.7 million affected certificates have been replaced in less than 48 hours. We’d like to thank everyone who helped with the effort. Our focus on automation has allowed us, and our subscribers, to make great progress in a short amount of time. We’ve also learned a lot about how we can do even better in the future.

Unfortunately, we believe it’s likely that more than 1 million certificates will not be replaced before the compliance deadline for revocation is upon us at 2020-03-05 03:00 UTC (9pm U.S. ET tonight). Rather than potentially break so many sites and cause concern for their visitors, we have determined that it is in the best interest of the health of the Internet for us to not revoke those certificates by the deadline.

Let’s Encrypt only offers certificates with 90 day lifetimes, so potentially affected certificates that we may not revoke will leave the ecosystem relatively quickly.


This feels a bit like the object lesson of “do not make idle threats”: if you threaten to revoke all the certificates but nobody takes any notice, suddenly it’s your reputation at stake, not theirs.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.