Start Up No.1372: how TikTok circumvented Android to track users, remote workers v spyware, how Facebook keeps QAnon alive, and more


Quake! But Android users will get an early warning. CC-licensed photo by Ant %26 Carrie Coleman on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Unshaken, unstirred. I’m @charlesarthur on Twitter. Observations and links welcome.

Android is now the world’s largest earthquake detection network • Ars Technica

Ron Amadeo:

»

Back in 2016, Ars reported on an interesting use for the bundle of sensors we carry around every day in our smartphones—earthquake detection. The accelerometers in your phone make a passable-enough seismometer, and together with location data and enough users, you could detect earthquakes and warn users as the shocks roll across the landscape. The University of California-Berkeley, along with funding from the state of California, built an app called “MyShake” and a cheap, effective earthquake detection network was born, at least, it was born for people who installed the app.

What if you didn’t need to install the app? What if earthquake detection was just built in to the operating system? That’s the question Google is going to answer, with today’s announcement of the “Android Earthquake Alerts System.” Google is going to build what it calls “the world’s largest earthquake detection network” by rolling earthquake detection out to nearly every Google Play Android phone. Here’s the meat of the announcement:

»

All smartphones come with tiny accelerometers that can sense earthquakes. They’re even sensitive enough to detect the P-wave, which is the first wave that comes out of an earthquake and is typically much less damaging than the S-wave which comes afterward. If the phone detects something that it thinks may be an earthquake, it sends a signal to our earthquake detection server, along with a coarse location of where the shaking occurred. The server then combines information from many phones to figure out if an earthquake is happening. We’re essentially racing the speed of light (which is roughly the speed at which signals from a phone travel) against the speed of an earthquake. And lucky for us, the speed of light is much faster!

«

That “race” often works out to only a minute or so of warning, but that’s usually enough to duck and cover if you catch the notification.

«

This is very much in line with what I recall Marissa Mayer describing wayyy back when I interviewed her in July 2009:

»

Q: Things like the sensors in the phones that say “here we are” and buildings that can say “this is my temperature” – how do you think it will start integrating into search?

Mayer: I think that some of the smartphones of today are doing a lot of the work for us: by having cameras, they already have eyes; by having GPS, they know where they are; by having things like accelerometers, they know how you’re holding them.

«

This is a (very big, potentially lifesaving) extension of that idea.
unique link to this extract


TikTok tracked user data using tactic banned by Google • WSJ

Kevin Poulsen and Robert McMillan:

»

TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.

The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn’t disclosed to TikTok users. TikTok ended the practice in November, the Journal’s testing showed.

The findings come at a time when TikTok’s Beijing-based parent company, ByteDance Ltd., is under pressure from the White House over concerns that data collected by the app could be used to help the Chinese government track U.S. government employees or contractors. TikTok has said it doesn’t share data with the Chinese government and wouldn’t do so if asked.

The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes. The White House has said it is worried that users’ data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage.

…The security hole is widely known, if seldom used, [cofounder of AppCensus, Joel] Reardon said. He filed a formal bug report about the issue with Google last June after discovering the latest version of Android still didn’t close the loophole. “I was shocked that it was still exploitable,” he said.

Mr. Reardon’s report was about the loophole in general, not specific to TikTok. He said that when he filed his bug report, the company told him it already had a similar report on file. Google declined to comment.

TikTok collected MAC addresses for at least 15 months, ending with an update released Nov. 18 of last year, as ByteDance was falling under intense scrutiny in Washington, the Journal’s testing showed.

«

Blackmail? Via data on TikTok? Whaaaat?
unique link to this extract


Trump advisers Mnuchin and Navarro fought over the fate of TikTok inside the Oval Office • The Washington Post

Ellen Nakashima, Elizabeth Dwoskin, Jeff Stein and Jay Greene:

»

Last week, as leaders in Silicon Valley, China and Washington raced to seal the fate of one of the world’s fastest-growing social media companies, a shouting match broke out in the Oval Office between two of President Trump’s top advisers.

In front of Trump, trade adviser Peter Navarro and other aides late last week, Treasury Secretary Steven Mnuchin began arguing that the Chinese-owned video-sharing service TikTok should be sold to a U.S. company. Mnuchin had talked several times to Microsoft’s senior leaders and was confident that he had rallied support within the administration for a sale to the tech giant on national security grounds.

Navarro pushed back, demanding an outright ban of TikTok, while accusing Mnuchin of being soft on China, the people said, speaking on the condition of anonymity to discuss private discussions freely. The treasury secretary appeared taken aback, they said.

The ensuing argument — which was described by one of the people as a “knockdown, drag-out” brawl — was preceded by months of backroom dealings among investors, lobbyists and executives. Many of these stakeholders long understood the critical nature of establishing close connections with key figures in the Trump administration.

But over the past few weeks, they also were reminded of the unpredictable and precarious nature of business dealings under a Trump-led government — and how the winner of a heated debate in front of the president could help decide the fate of a multibillion-dollar deal that may reshape the technology business landscape for years to come.

«

I doubt the Oval Office hasn’t heard some knock-down dragged-out rows before. The article is a long read (which could do with a lot of cutting down) but boils down to: Navarro, who has been wrong on pretty much everything, wanted TikTok banned; Mnuchin wanted it sold. Trump didn’t know. He just watched.
unique link to this extract


Bosses started spying on remote workers. Now they’re fighting back • WIRED UK

Alex Christian:

»

As working from home has flourished, so too has employee monitoring software. Programs such as Time Doctor, ActivTrak, Teramind and the dystopian-sounding StaffCop have all seen huge upticks in demand. Remote teams are now watched through their webcams via always-on video services like Sneek. In the office-free world, bosses can now clandestinely scan screenshots, login times and keystrokes at will to ensure their workforce is keeping its focus and productivity.

But some remote workers are fighting back against the tide of company scrutiny. “My employer sent me a laptop running with all their corporate spyware on it,” says one Florida-based programmer. “Right next to it is my own computer for all my personal stuff. Can they detect when I haven’t touched the laptop for an hour? Possibly. But I’m not being paid by the hour.”

Methods of avoiding employers’ prying eyes range from the sublime to the ridiculous. With surveillance software hard to evade (employers will likely notice if it’s been switched off), the tech-minded are downloading virtual machines. That means they can ring-fence offending programs – and their work – from the rest of their computer. “If you have a hefty enough PC, you can work in one window and game in another without them ever knowing,” explains the programmer.

Anti-surveillance software is experiencing a boom, too: Presence Scheduler, which can set your Slack status as permanently active, doubled in sales and traffic in the first two months of lockdown – until Slack clamped down and closed the coding loophole. “I believe my site caused the policy changes,” says developer Wesley Henshall. “But there was a further spike in interest once I emailed users that we’d adapted to the changes.”

«

unique link to this extract


QAnon groups have millions of members on Facebook, documents show • NBC News

Ari Sen and Brandy Zadrozny:

»

An internal investigation by Facebook has uncovered thousands of groups and pages, with millions of members and followers, that support the QAnon conspiracy theory, according to internal company documents reviewed by NBC News.

The investigation’s preliminary results, which were provided to NBC News by a Facebook employee, shed new light on the scope of activity and content from the QAnon community on Facebook, a scale previously undisclosed by Facebook and unreported by the news media, because most of the groups are private.

The top 10 groups identified in the investigation collectively contain more than 1 million members, with totals from more top groups and pages pushing the number of members and followers past 3 million. It is not clear how much overlap there is among the groups.

The investigation will likely inform what, if any, action Facebook decides to take against its QAnon community, according to the documents and two current Facebook employees who spoke on the condition of anonymity because they were not authorized to speak publicly on the matter. The company is considering an option similar to its handling of anti-vaccination content, which is to reject advertising and exclude QAnon groups and pages from search results and recommendations, an action that would reduce the community’s visibility.

«

Given the support by a number of wingnut Republicans for this particular strain of idiocy, how long before we get a report about Joel Kaplan interfering in any move to restrain this bunch?

Also:

»

There are tens of millions of active groups, a Facebook spokesperson told NBC News in 2019, a number that has probably grown since the company began serving up group posts in users’ main feeds.

«

Facebook’s News Feed: one of the most effective recruiting mechanisms that extremist groups of all sorts have ever discovered.
unique link to this extract


News+ privacy on Big Sur • Lapcat Software

Jeff Johnson looked into claims that Apple’s paid-for News Plus subscription service is somehow calling Apple when you click on a link in Safari (or some other apps) to see whether to open it in Safari, or News Plus (terrible name):

»

From a privacy perspective, it would be very disturbing if Apple’s operating system were “phoning home” to Cupertino when you opened a URL to a non-Apple web site. Fortunately, this is not the case, at least on macOS Big Sur. (I haven’t installed or tested the iOS 14 beta, but I would assume it behaves the same as Big Sur in this respect.) This is easy to test yourself, if you think about it. Today I signed up for a free 1 month trial of Apple News+ (note to self: cancel in 4 weeks). Then I got the URL of an article from The Wall Street Journal, a publisher who participates in News+. I disconnected my internet by turning off my MacBook Pro’s Wi-Fi. Finally, I opened the Terminal app and entered the following command:

open "https://www.wsj.com/articles/commercial-properties-ability-to-repay-mortgages-was-overstated-study-finds-11597152211"

Sure enough, it opened the News app. Of course the article failed to open in News, since my internet was off, and then as a fallback the News app opened Safari, which failed to load the article for the same reason. As a further test, I also tried a fake, nonexistent article URL:

open "https://www.wsj.com/articles/blahblah"

Same result, opens the News app! So I think we can say with confidence that Big Sur is checking an offline list of URL domains rather than checking online with Apple. Your privacy is still protected here.

For those who are interested in more technical details, it’s the LaunchServices framework, located on disk at /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework, which determines which app should open any given URL.

«

Once again for those at the back: this only happens if you choose to sign up with News Plus AND you click on a link to something in that service in Apple’s NOT yet released OSs.
unique link to this extract


New conversation settings, coming to a Tweet near you • Twitter blog

»

Here’s how it works. Before you Tweet, choose who can reply with three options: 1) everyone (standard Twitter, and the default setting), 2) only people you follow, or 3) only people you mention. Tweets with the latter two settings will be labeled and the reply icon will be grayed out for people who can’t reply. People who can’t reply will still be able to view, Retweet, Retweet with Comment, share, and like these Tweets.

Since we started testing this in May, people have used it to host interviews and panels, share what’s on their mind, and make announcements. We’ve learned a lot from usage, feedback interviews, and surveys. These settings help some people feel safer and could lead to more meaningful conversations, while still allowing people to see different points of view. Here’s more on what people shared with us. ⬇️
These settings help some people feel safer.

People tell us they feel more comfortable Tweeting and more protected from spam and abuse.

Problematic repliers aren’t finding another way – these settings prevented an average of three potentially abusive replies while only adding one potentially abusive Retweet with Comment. And, we didn’t see any uptick in unwanted Direct Messages.

People who face abuse find these settings helpful – those who have submitted abuse reports are 3x more likely to use these settings.

It’s a new method to block out noise – 60% of people who used this during the test didn’t use Mute or Block.

The change could lead to more meaningful conversations on Twitter.

«

Although it’s also a bit more mental load. Usually companies don’t try to increase the cognitive load associated with using their products.
unique link to this extract


Sea life around Mauritius dying as Japanese ship oil spill spreads • Reuters

Duncan Miriri:

»

Mauritian volunteers fished dead eels from oily waters on Tuesday as they tried to clean up damage to the Indian Ocean island’s most pristine beaches after a Japanese bulk carrier leaked an estimated 1,000 tonnes of oil.

The ship, MV Wakashio, owned by Nagashiki Shipping and operated by Mitsui OSK Lines Ltd, struck a coral reef on Mauritius’ southeast coast on July 25 and began leaking oil last week, raising fears of a major ecological crisis.

Activists told Reuters that dead eels were floating in the water and dead starfish were marked by the sticky black liquid. Crabs and seabirds are also dying.

“We don’t know what may happen further with the boat, it may crack more,” said clean up volunteer Yvan Luckhun.

The MV Wakashio is still holding some 2,000 tonnes of oil and it is expected to eventually break up, Prime Minister Pravind Jugnauth said late on Monday, warning that the country must brace for the worst.

Tourism is a leading part of the Mauritius economy. The government, which declared an emergency on Friday due to the spill, is working with former colonial ruler France to try to remove the oil.

«

But the shipowners are liable, right? They have to pay some gigantic whack of a penalty, surely? Mauritius is such a beautiful place; this sort of damage can be repaired but there must be reparation.
unique link to this extract


Qualcomm lobbies US to sell chips for Huawei 5G phones • WSJ

Asa Fitch and Kate O’Keeffe:

»

The American chip company Qualcomm is lobbying the Trump administration to roll back restrictions on the sale of advanced components to the Chinese telecom giant Huawei Technologies, wading into the intensifying technology battle between the US and China.

Qualcomm is telling US policy makers their export ban won’t stop Huawei from obtaining necessary components and just risks handing billions of dollars of Huawei sales to the US firm’s overseas competitors, according to a presentation reviewed by The Wall Street Journal that the San Diego-based company has been circulating around Washington.

Qualcomm is lobbying to sell chips to Huawei that the Chinese company would include in its 5G phones, which use the new standard for superfast telecommunications. US chip makers need a license from the Commerce Department to ship many such components to Huawei after the federal government placed the company on an export blacklist and imposed other limits.

With those restrictions, the US has handed Qualcomm’s foreign competitors a market worth as much as $8bn annually, the company said in the presentation.

«

Those competitors mostly being Samsung and MediaTek of Taiwan.
unique link to this extract


Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.