The internal email says there’s a car with its lights on – so should you click the link to the photo? CC-licensed photo by oatsy40 on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 11 links for you. Closer than ever. I’m @charlesarthur on Twitter. Observations and links welcome.
Phishing tricks: the top ten treacheries of 2020 • Naked Security
Paul Ducklin:
»
the Phish Threat team asked themselves, “Which phishing templates give the best, or perhaps more accurately, the worst results?”
Are business email users more likely to fall for sticks or carrots? For threats or free offers? For explicit instructions or helpful suggestions? For “you must” or “you might like”?
The answers covered a broad range of phishing themes, but had a common thread: not one of them was a threat.
Most of them dealt with issues that were mundane and undramatic, while at the same time apparently being interesting, important, or both.
Nothing on this list was truly urgent or terrifying, and they all sounded likely and uncomplicated enough to be worth getting out of the way quickly.
«
The examples here are so generic, yet brilliant: emails claiming to be new HR rules of conduct, tax summaries, “scheduled server maintenance”, “task assigned to you”, email tests, vacation policies, the utterly brilliant “car lights left on – I uploaded the picture *here*” (which leads to the malware), and more.
Don’t think you’ll be perfect. Some years back a military group which had been briefed to watch out for phishing all eagerly clicked on an attachment in an email which said “BIN LADEN KILLED BY SPECIAL FORCES”. (Before OBL was really killed, obviously.) Luckily for them it was just a test run by the security team to show how vulnerable people are.
unique link to this extract
Is Apple One a bargain? It’s complicated • The Verge
Chaim Gartenberg:
»
in most cases, Apple One only makes sense if you’re already subscribing to Apple’s most in-demand services: iCloud storage, which is essential for backing up most iPhones given Apple’s increasingly absurd (and stingy) 5GB allowance for new devices, and Apple Music. And at the end of the day, Apple One doesn’t make subscribing to those two key services dramatically cheaper — it just provides a discount for subscribing to Apple’s less popular services. It’s a good discount, mind you, but one that still results in most customers paying more than they are right now.
The hard numbers confirm this. According to Counterpoint Research, Apple Music had an estimated 68 million users by the end of 2019. Barclays Analysts estimated that the company had 170 million paid iCloud customers in 2018. Comparatively, Apple had just 10 million subscribers as of February 2020 for Apple TV Plus — many of whom were riding along on the free one-year trial that Apple offers for the service, which will coincidentally start to expire for the earliest customers next month. And while estimates for Arcade are harder to come by, it’s likely far below Apple Music and iCloud.
In other words: the number of customers who already subscribe to Apple services beyond Music and iCloud––the ones who would actually get the benefits of the discounted pricing––are far outnumbered by those that don’t. And that’s the real point of Apple One: not to save you money, but to get you to spend more on services like Apple Arcade and Apple TV Plus that you might not have been considering subscribing to before.
«
That numbers for iCloud customers is about one-fifth of the iPhone installed base. Apple clearly thinks there’s some room for expansion, particularly with the lowest-tier “Personal” offering as a way either to get people to sign up for Apple Music, or to get more iCloud storage. Something of a problem if they’re using Spotify, though.
unique link to this extract
Facebook to curb internal debate over sensitive issues amid employee discord • WSJ
Jeff Horwitz:
»
Facebook is moving to curb internal debate around divisive political and social topics, chief executive Mark Zuckerberg said Thursday, after a spate of disputes and criticism that has fueled discord among staff.
The steps will include delineating which parts of its internal company messaging platform are acceptable for such discussions, and careful moderation of the discussions when they occur, Mr. Zuckerberg told employees at a company meeting, according to a spokesman. Employees shouldn’t have to confront social issues in their day-to-day work unless they want to, the CEO said.
«
Kevin Roose of the NYT pointed out that this is due to Facebook using Facebook internally for its communications. Which means that all the amplification of polarising content happens same as it does for people outside. That’s really dogfooding. (In a followup tweet, Roose said “A FB employee told me once that they often made their Workplace posts sharper and more opinionated than their actual beliefs, so they’d have a better chance of appearing in managers’ feeds.”)
So the answer is “careful moderation”? Looking forward to that for the other billion-odd users. Separately, Facebook said it’s going to try harder to moderate Groups. Only a few years too late; Zuckerberg began promoting them in 2017 because he thought we were all too lonely. Turned out that included terrorists too.
unique link to this extract
When you browse Instagram and find former Australian Prime Minister Tony Abbott’s passport number • Mango
@mangopdf:
»
Tony Abbott is one of Australia’s many former Prime Ministers.
(For security reasons, we try to change our Prime Minister every six months, and to never use the same Prime Minister on multiple websites.)
This particular former PM had just posted a picture of his boarding pass on Instagram (Instagram, in case you don’t know it, is an app you can open up on your phone any time to look at ads).
The since-deleted Instagram post showing the boarding pass and baggage receipt. The caption reads “coming back home from japan 😍😍 looking forward to seeing everyone! climate change isn’t real 😌 ok byeee”
“Can you hack this man?” [came the request]
«
Entertaining post about how to discover a vulnerability that lets you capture personal information (and a lot more) while keeping out of trouble. Who knew that airline websites have so much data – including employee discussions about you – hung around your own boarding pass login.
unique link to this extract
Thread by @TubeTimeUS on Thread Reader App • Thread Reader App
»
This electrical transmission tower has a little problem. Can you spot it? Actually, it’s not a small problem–it cost us 16.65 *billion* dollars and caused the deaths of 85 people.
«
Thus (illustrated with a picture of what is technically known as a transposition tower, but looks to most people like an electricity pylon) begins a fascinating thread which reveals the creaking infrastructure of the US and how you need really strong financial incentives to keep utilities in line. You don’t need to be on Twitter to read it.
unique link to this extract
Facebook and Mark Zuckerberg need Trump even more than Trump needs Facebook • Bloomberg
Sarah Frier and Kurt Wagner:
»
after Republicans complained about the voter registration efforts, Facebook seemed to back off further, according to emails obtained by the Tech Transparency Project. The company had planned a two-day promotion over the July 4th holiday on Facebook, as well as on Instagram and Messenger, but then cut that down to a one-day push on Facebook alone.
Facebook has said that the suggestion that the company scaled down its voter registration plans for political reasons is “pure fabrication.” Another spokesman, replying to a Twitter user who suggested the same, responded with a picture of a woman in a tin foil hat.
The company, of course, knows lots about conspiracy theorists, who thrive on the site. There’s QAnon, a far-right movement that espouses a complex theory involving a cabal of elites engaged in child sex trafficking. The FBI deemed it a form of domestic terrorism in August 2019, but Facebook only started removing accounts in May. The company also initially ignored posts tied to a Kenosha, Wis., militia in which users discussed shooting Black Lives Matter protesters. The militia’s event page was flagged more than 400 times, but moderators allowed it to stay up, according to BuzzFeed. Not long after the posts began appearing, a 17-year-old with an assault rifle shot and killed two people at a protest in the city.
…Biden, meanwhile, has said he also favors removing Section 230 protections and holding executives personally liable. “I’ve never been a big Zuckerberg fan,” he told the New York Times in January. Zuckerberg seems keenly aware of the risks of a Trump loss. He’s told employees that Facebook is likely to fare better under Republicans, according to people familiar with the conversations.
«
TikTok accepts deal revisions as Trump prepares to review proposal • The New York Times
David McCabe, Erin Griffith, Ana Swanson and Mike Isaac:
»
Some Republican lawmakers, such as Senators Marco Rubio of Florida, Thom Tillis of North Carolina and John Cornyn of Texas, have criticized any deal that would leave ByteDance in control of TikTok’s code or algorithms as inadequate in addressing national security concerns. That has raised questions of whether Mr. Trump could face criticism for the Oracle-TikTok proposal while running for re-election.
…While rushing to secure a deal, TikTok is also hunting for a permanent chief executive to replace Kevin Mayer, who resigned in late August, citing the changing political pressures of the role. Vanessa Pappas, the general manager of TikTok in North America, took over in the interim.
Among those whom TikTok has talked to about the job is Kevin Systrom, a founder and former chief executive of Instagram, people briefed on the matter said. Talks are preliminary, and no final decisions have been made, they said.
The parties to a deal expect to name an American chief executive of the new TikTok entity, one person familiar with the matter said.
«
Criticism of Trump while he’s running for re-election? I thought he was running for that right now. And I could find plenty of people who are critical of him. As ever, the NYT manages to pretend that Trump is some sort of vaguely normal politician who cares what people think, rather than a corrupt real estate broker with narcissistic personality disorder.
Kevin Systrom would be a fascinating choice for TikTok’s CEO.
unique link to this extract
QArmyJapanFlynn (QAJF): the collective delusion is global • Medium
Geoff Golberg:
»
According to the account’s bio description, Eri is the “sole [Japanese] translator” for QMap, in addition to being the “founder” of QAJFlynn (aka QArmyJapanFlynn). Moreover, the official QAJF site is listed in the account’s bio description, as are three Twitter accounts that, in our research, have emerged as being central to QAnon (@StormIsUponUs, @GenFlynn, and @intheMatrixxx). The @StormIsUponUs account, aka JoeM, was one of the largest QAnon supporting accounts prior to its suspension on April 9th, 2020. At the time of suspension, @StormIsUponUs reflected having 273 thousand Followers.
Given Eri(QMapJapan)’s Followers count is approaching 80 thousand, it would be easy for one to conclude that QAnon is wildly popular among Japanese speakers.
Upon closer inspection, however, it becomes clear that the vast majority of accounts following @okabaeri9111 are fake accounts.
Twitter’s refusal to enforce their own rules not only results in advertisers like Rolex wasting their advertising dollars on useless inventory (i.e. Rolex is a victim of blatant ad fraud and where their brand appears adjacent QAnon), but also functions to create the illusion that QAnon has a massive following among Japanese speakers.
Social Forensics has contacted Mounia Mechbal, Rolex’s VP of Marketing and Communications, to inform her that Twitter is engaging in ad fraud that presents Rolex’s brand adjacent QAnon (we will update this post should we receive a response):
«
“Half of what I spend on advertising is wasted. I just don’t know which half,” goes the famous saying. With online advertising you know: more than half.
unique link to this extract
Exclusive: AT&T considers cellphone plans subsidized by ads • Reuters
Sheila Dang, Helen Coster, Krystal Hu, Kenneth Li:
»
AT&T is considering offering wireless phone plans partially subsidized by advertising as soon as a year from now, chief executive John Stankey said in an interview on Tuesday.
The consideration, which has not been previously disclosed, underscores AT&T’s commitment to the advertising business as the US phone carrier reviews its portfolio to identify assets to sell in order to reduce its debt load. AT&T is considering selling its advertising-technology unit Xandr, sources familiar with the matter have told Reuters.
“I believe there’s a segment of our customer base where given a choice, they would take some load of advertising for a $5 or $10 reduction in their mobile bill,” Stankey said.
«
I wonder if Stankey would be willing to suffer advertising that tracked and targeted him for the sake of a few dollars off his phone bill. You might say: of course not, and he doesn’t have to because he can afford to pay more. But if the CEO isn’t willing to use his own product, why should others have to tolerate having their privacy invaded and ads barked at them all the time?
I wonder too how many spam calls Stankey gets to his mobile number. If that number were to go up rapidly, perhaps AT&T would start figuring out how to block them more effectively. Again: it’s a matter of getting the CEO to use the product, not live in a bubble of exception.
unique link to this extract
Listen to an unheard Steve Jobs NeXT keynote from 1988 • Fast Company
Harry McCracken:
»
“The Macintosh architecture is going to peak next year sometime. And that means that there’s enough cracks in the wall already, and enough limitations to the architecture, that the Mac’s pretty much going to be everything it’s ever going to be sometime next year.”
A tech CEO is onstage helpfully explaining that the Mac’s expiration date is imminent. More important, he’s about to introduce us to a new computer designed for the next decade. I am in a distant seat among his audience of more than 2,000 at Boston’s Symphony Hall, where the anticipation in the air is thick enough to induce a contact high.
After all, we are among the lucky few who will hear about the NeXT computer directly from Steve Jobs himself.
What we were witnessing on the evening of November 30, 1988 wasn’t the NeXT launch event. That had happened seven weeks earlier at San Francisco’s Louise M. Davies Symphony Hall, before 3,000 invited developers, educators, and reporters. Jobs was now giving a second performance of the same basic presentation at the monthly general meeting of the Boston Computer Society. It was open to all members, and therefore a much more public affair than the exclusive San Francisco version.
«
What McCracken is excited about – and historians of computing will be excited about – is a huge trove of audio recordings of many of the big names from the dawn of personal computing speaking about important moments there. If that’s the sort of thing you like, you’ll like this.
unique link to this extract
Swedish consortium unveils mammoth wind-powered car carrier • The Driven
Joshua Hill:
»
A Swedish consortium including ship design firm Wallenius Marine has unveiled a modern-day sailing ship which will be capable of carrying 6-7,000 vehicles and be able to reduce emissions for the trans-Atlantic crossing by 90%.
The wPCC – wind Powered Car Carrier – is a Swedish collaborative project led and overseen by Wallenius Marine and including the KTH Royal Institute of Technology in Stockholm, and maritime consulting firm SSPA.
Heralded as a “Swedish project for truly sustainable shipping,” the wPCC is currently being developed by the consortium and is expected to be sailing by the end of 2024.
The world’s largest sailing vessel, the wPCC is billed as being able to reduce emissions by 90% as compared to other ocean-going freighters. A transatlantic crossing aboard the wPCC would take twelve days, instead of the current seven days it takes a conventional freighter.
Conversely, the current fleet of around 450 large car transporters currently use 40 tonnes of fossil fuel per day, opening the door for significant reductions to shipping emissions.
«
That’s splendid news! Although these, er, vehicles that you’re sail-shipping. What sort of fuel do they run on, precisely?
unique link to this extract
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 