There’s lots of new information about Apple’s AirTags. Up to 16 per person, so your phone might look like a radar screen. CC-licensed photo by Antonio Zugaldia on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 9 links for you. Is that an AirTag in your pocket? I’m @charlesarthur on Twitter. Observations and links welcome.
• Why do social networks drive us a little mad?
• Why does angry content seem to dominate what we see?
• How much of a role do algorithms play in affecting what we see and do online?
• What can we do about it?
• Did Facebook have any inkling of what was coming in Myanmar in 2016?
Preorder Social Warming, my forthcoming book, and find answers – and more.
How Facebook failed to prevent “Stop The Steal” • Buzzfeed News
Craig Silverman, Ryan Mac and Jane Lytvynenko:
Employees were made aware of the original Stop the Steal Facebook group, which emerged on election night [Nov 3 2020], after it was “flagged for escalation because it contained high levels of hate and violence and incitement (VNI) in the comments.” By the time Facebook removed it, on Nov. 5, it had become a movement, amassing more than 300,000 members in a 24-hour span with more than a million people wanting to join. The group’s takedown and splintering into offshoot groups caused a major problem for Facebook, which took a “piecemeal” approach to enforcement and failed to see Stop the Steal as a wider, harmful movement, according to the internal report.
“Because we were looking at each entity individually, rather than as a cohesive movement, we were only able to take down individual Groups and Pages once they exceeded a violation threshold,” the report reads. “After the Capitol Insurrection [on Jan 6 2021] and a wave of Storm the Capitol events across the country, we realized that the individual delegitimizing Groups, Pages and slogans did constitute a cohesive movement.”
It was only after the violence of Jan. 6, according to the report, that Facebook teams realised they were dealing with a movement that “normalized delegitimization and hate in a way that resulted in offline harm and harm to the norms underpinning democracy.” And while the company spent months preparing for people to dispute election results, the report calls delegitimization a “new territory” in which “few policies or knowledge existed” prior to election night.
The document contradicts Zuckerberg’s statement to Congress about Facebook being “inhospitable” to harmful content about the election, and refutes chief operating officer Sheryl Sandberg’s January comment that the insurrection was “largely organized on platforms that don’t have our abilities to stop hate, don’t have our standards and don’t have our transparency.” It also shows that while Facebook said it was prepared for election destabilization and was monitoring signals for unrest, it failed to stop a movement that led to real-world harm.
Facebook is too big; it brings together too many people whose desires can be herded into malice. It really is classic social warming: put a lot of people together and then force them closer and watch the temperature rise. To, in this case, deadly effect.
Daily Mail owner sues Google over search results • BBC News
The owner of the Daily Mail newspaper and MailOnline website is suing Google over allegations the search engine manipulates search results.
Associated Newspapers accuses Google of having too much control over online advertising and of downgrading links to its stories, favouring other outlets. It alleges Google “punishes” publishers in its rankings if they don’t sell enough advertising space in its marketplace. Google called the claims “meritless”.
Associated Newspapers’ concerns stem from its assessment that its coverage of the Royal Family in 2021 has been downplayed in search results.
For example, it claims that British users searching for broadcaster Piers Morgan’s comments on the Duchess of Sussex following an interview with Oprah Winfrey were more likely to see articles about Morgan produced by smaller, regional outlets. That is despite the Daily Mail writing multiple stories a day about his comments around that time and employing him as a columnist.
Daily Mail editor emeritus Peter Wright told the BBC’s Today programme that the search engine’s alleged actions were “anti-competitive”. He suggested that the Daily Mail’s search visibility dropped after using online advertising techniques “which were allowing us to divert advertising traffic away from Google to other ad exchanges, which paid better prices – and this was their punishment. We think it’s time to call this company out,” he said.
The Daily Mail’s MailOnline site is one of the world’s most-read websites. It has 75 million unique monthly visitors in the US alone, according to the lawsuit, which was filed in New York on Tuesday.
Really looking forward to whatever becomes public from this. I wonder if the multiple stories just seem to Google’s algorithm like spam? (Also, Wright was never editor of the Daily Mail; he edited the Mail On Sunday.)
unique link to this extract
Apple’s AirTag tracker respects privacy and foils stalking • Fast Company
Apple designed the AirTag with one useful purpose in mind: helping people find lost objects. But the company also understands that bad actors may try to use any technology for nefarious purposes. An AirTag designed to track a backpack could also be used to track an unwitting person. AirTags are small, after all, and one could easily be slipped into someone’s purse or coat pocket without them realizing it.
That’s why Apple has built a number of powerful anti-stalking protections into the AirTag platform. If you’re an iPhone owner running iOS 14.5 or later and someone slips an AirTag into your possession in secret in order to track your movements, your iPhone will warn you this has happened by sending you an “AirTag Found Moving With You” notification. This notification will appear only when an AirTag is following you that is not paired with your Apple ID or another iPhone that is in your vicinity. That distinction is critical so that your iPhone won’t be notified of AirTags that, for instance, belong to other people on the same bus you’re riding. Tapping the notification will take you to the Find My app, where you can tell the AirTag that has been slipped into your possession to emit a sound so you can locate it.
But what about people who don’t own an iPhone? How would Android owners—or those without a smartphone at all—know if an AirTag was slipped into their possession by a stalker?
Apple thought of that too. After an AirTag has been away from its paired device for a certain amount of time, the AirTag will automatically emit a sound notifying those around it of its presence. Right now, the AirTag needs to be out of range of its paired device for three days for the sound to emit, but Apple could lengthen or shorten this time via a software update in the future.
And if you do find a strange AirTag in your possession, you can use any NFC-capable phone to scan it. Tapping the notification that appears in the NFC reader will take you to an Apple website with instructions on how to disable the AirTag and its tracking capabilities immediately—by simply removing its battery. On that same page, you’ll see the unique serial number of the AirTag, which is also printed on the AirTag itself. Though you wouldn’t be able to find out the owner of the AirTag from this serial number, Apple could determine the owner since the AirTag’s unique serial number is associated with an Apple ID during its initial Pair Lock setup.
The battery removal thing means that malicious actors who steal your luggage (say) would be able to inactivate it pretty fast. Hard to be sure that this is the most robust system. (Hide them really well?) Also: each Apple ID is limited to 16 trackers, or only $396 of spending (4-pack four times). Unusual for Apple to put a ceiling on how many you can buy.
unique link to this extract
Contractor that ruined 15M doses of J&J vaccine hiked price of another by 800% • Ars Technica
Things are not looking good for Emergent BioSolutions, the contract manufacturer that ruined 15 million doses of Johnson & Johnson’s one-shot COVID-19 vaccine and millions more doses of AstraZeneca’s COVID-19 vaccine at its production facility in Baltimore.
The Food and Drug Administration on Wednesday released a searing inspection report of the facility, finding a slew of significant violations and failings.
Meanwhile, federal lawmakers have opened a multi-pronged investigation into whether Emergent used ties to the Trump administration to get billions of dollars in federal contracts despite a history of failing to complete contracts. The investigation is also looking into inadequate staff training, persistent quality-control issues, and the company’s “unjustified” 800% price increase for an anthrax vaccine.
In a letter sent to Emergent’s top executives Tuesday, Rep. Carolyn Maloney, chairwoman of the House Committee on Oversight and Reform, and Rep. James Clyburn, chairman of the Select Subcommittee on the Coronavirus Crisis, laid out the investigation, writing:
Emergent received $628m in June 2020 to establish the primary US facility for manufacturing vaccines developed by Johnson & Johnson and AstraZeneca. Dr. Robert Kadlec, who served as Assistant Secretary for Preparedness and Response under President Trump and previously worked as a consultant for Emergent, appears to have pushed for this award despite indications that Emergent did not have the ability to reliably fulfill the contract.
It’s astonishing how much cleaning up is required following the wrecking ball of Trump’s administration. (Thanks G for the link.)
unique link to this extract
Wirecard employees removed millions in cash using shopping bags • Financial Times
Wirecard employees hauled millions of euros of cash out of the group’s Munich headquarters in plastic bags over a period of years, according to former employees, suggesting that the payments company was looted even more brazenly than previously known.
The once high-flying fintech, which at its peak was worth €24bn, went bust last summer in one of Germany’s biggest accounting frauds. It collapsed after discovering that €1.9bn of corporate cash did not exist and that parts of its business in Asia were a sham.
Former employees have told Munich police investigating the fraud that staff repeatedly removed large amounts of cash from Wirecard’s head office, people with direct knowledge of the matter told the Financial Times.
The practice started as early as 2012, and six-digit amounts of banknotes were often moved in Aldi and Lidl plastic bags, former employees told the police. The total amount, the current whereabouts of the cash and the purpose of removing it from the building are unclear.
Wirecard, whose main business was processing payments for merchants, owned its own bank but did not have branches. As demand for cash grew over time, Wirecard Bank bought a safe which was located in the group’s headquarters in a Munich suburb.
At one point in May 2017, €500,000 in cash was delivered at a time when the safe was full, according to emails seen by the FT and a person with knowledge of the transaction. Some of the cash needed to be hidden elsewhere in the offices.
“From an insurance point of view, that’s crap,” a Wirecard employee wrote in an internal email seen by the FT, urging that delivery and collection of cash needed to be organised on the same day.
Aldi and Lidl bags. Couldn’t they have done it in something more upscale?
unique link to this extract
Linux bans University of Minnesota for committing malicious code to kernel • Bleeping Computer
a major Linux kernel developer, Greg Kroah-Hartman, has banned the University of Minnesota (UMN) from contributing to the open-source Linux kernel project.
Kroah-Hartman also decided to revert all commits submitted from any UMN email address thus far.
The developer’s justification for taking this step is: “Commits from @umn.edu addresses have been found to be submitted in ‘bad faith’ to try to test the kernel community’s ability to review ‘known malicious’ changes. Because of this, all submissions from this group must be reverted from the kernel tree and will need to be re-reviewed again to determine if they actually are a valid fix. Until that work is complete, [we are removing] this change to ensure that no problems are being introduced into the codebase,” said Kroah-Hartman in a series of published emails.
In February 2021, UMN researchers published a research paper titled, “Open Source Insecurity: Stealthily Introducing Vulnerabilities via Hypocrite Commits.” The focus of this research was to deliberately introduce known security vulnerabilities in the Linux kernel, by submitting malicious or insecure code patches.
As seen by BleepingComputer, the researchers demonstrate many examples of instances where they introduced known vulnerabilities by making these “hypocrite” patch commits.
UMN researcher claimed that it was part of a new static analyzer (a method of analysing code for vulnerabilities). The Linux kernel team isn’t impressed. UMN has suspended the line of research and says it takes the situation “extremely seriously”.
unique link to this extract
Introducing Menuwhere: the menu where you are • Tales of a Running Bird
Say hello to Menuwhere, Many Tricks’ newest app. This handy $3 utility puts the frontmost app’s menu bar into a pop-up menu at your mouse’s location—say goodbye to those long trips to the menu bar; the main menu is now just a hot key away:
Once onscreen, you can navigate the menus by typing letters in the names of the menu items you wish to access (then pressing Enter), or by using the arrow keys and Enter, or even via the mouse.
If you’re a long-time Mac user, you’re probably aware of similar apps from the past…which is why we wrote Menuwhere, because those apps are all in the past. Menuwhere is here now, fully supported, 64-bit and Universal—it runs natively on Apple Silicon and Intel.
Personally I’m more of a keyboard shortcut person, but I can imagine that this might come in handy.
Apple’s M1 positioning mocks the entire x86 business model • ExtremeTech
If you want to buy a MacBook Air or MacBook Pro, Apple will sell you an M1. Want a Mac Mini? You get an M1. Interested in the iMac or the new iPad Pro? You get an M1. It’s possible that the M1 CPUs inside the iMac will have different thermal or clock behavior than those inside the systems Apple has already launched, but the company’s decision to eschew clock speed disclosures suggests that these CPUs differ only modestly. The iMac might have the same 3.2GHz base clock but hold its frequency better under load, for example.
But outside of that, Apple is selling a single CPU across a wider range of products than any competing Intel or AMD CPU is ever sold. This speaks volumes as to what Apple believes it has its hands on, namely: a CPU fast enough at the quad-core level — because, scaling-wise, the M1 is a quad-core chip, with four low-power cores to handle low-power workloads — to address a huge range of markets, while drawing so little power, it can also be sold in a laptop.
Part of the reason Apple can get away with doing this is that — and let’s be honest — it’s been selling badly underpowered systems at certain price points. The old 21.5in iMacs included a $1,099 option with a dual-core CPU and only a 3.6GHz (no turbo) quad-core at $1,299. Only the six-core iMac, at $1,499, had a CPU powerful enough to even arguably be shipping in a 2021 PC. That matters because, when these systems get reviewed, they’re going to be compared in part with the hardware they replaced. The M1 appears to be faster and more power-efficient than current x86 CPUs, regardless, but it’s going to compare particularly well when the other systems are underpowered relative to what a PC OEM would have been selling at the same price point.
But lopsided configurations are only part of the equation. Apple couldn’t position the M1 this way if it wasn’t an excellent CPU in its own right.
The “badly underpowered” nature of the previous systems was down to Intel, though, not Apple. As Hruska kinda-sorta acknowledges later, the reason why Apple can sell the M1 for these different machines (which have, let’s note, different thermal envelopes: the Air has no fan, while the mini, Macbook Pro and iMac do) is that its business model doesn’t rely on segmenting the market into tiny twitching pieces by using confusing nomenclature and SKUs.
unique link to this extract
Tesla’s Autopilot is ‘easily’ tricked into working without anyone in the driver’s seat • The Verge
Consumer Reports said Thursday it was “easily” able to trick Tesla’s Autopilot system to operate without anyone in the driver’s seat. The publication’s test came amid questions about the safety of the company’s advanced driver assist system in the aftermath of a fatal crash in Texas in which authorities said there was no one behind the steering wheel.
Using a weighted chain attached to the steering wheel to simulate the pressure of the driver’s hands, two Consumer Reports researchers were able to use the steering wheel dial on a Tesla Model Y to accelerate from a full stop, and then “drive” around on a closed-course test track for several miles — all while sitting in the passenger seat and backseat. They stopped the vehicle by again using the dial to bring the speed back down to zero.
Tricking the Tesla to operate without someone behind the wheel was as simple as keeping the driver’s seatbelt buckled, not opening the driver’s side door during the test, and using the weight to simulate hands on the steering wheel.
If Tesla moves to weight detection on the driver’s seat, people will put weights on it (though that starts to get complicated..). What’s next, face detection? Tesla isn’t liable, of course, for what people stupidly do. But the trouble with foolproof systems is that they keep making better fools.
unique link to this extract
Errata, corrigenda and ai no corrida: none notified