Start Up No.1636: Facebook’s VIP content exemption, fake Walmart crypto PR makes someone rich, new NSO iPhone exploit, your home on Pangaea!, and more

A village in Germany has discovered a data delivery system that’s faster than its local internet. CC-licensed photo by jerome delaunay on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Is there a vaccine passport in there, Mr Schrödinger? I’m @charlesarthur on Twitter. Observations and links welcome.

It’s the link to promote Social Warming, my latest book. You found it.

Facebook says its rules apply to all. Company documents reveal a secret elite that’s exempt • WSJ

Jeff Horwitz:


The program, known as “cross check” or “XCheck,” was initially intended as a quality-control measure for actions taken against high-profile accounts, including celebrities, politicians and journalists. Today, it shields millions of VIP users from the company’s normal enforcement process, the documents show. Some users are “whitelisted”—rendered immune from enforcement actions—while others are allowed to post rule-violating material pending Facebook employee reviews that often never come.

At times, the documents show, XCheck has protected public figures whose posts contain harassment or incitement to violence, violations that would typically lead to sanctions for regular users. In 2019, it allowed international soccer star Neymar to show nude photos of a woman, who had accused him of rape, to tens of millions of his fans before the content was removed by Facebook. Whitelisted accounts shared inflammatory claims that Facebook’s fact checkers deemed false, including that vaccines are deadly, that Hillary Clinton had covered up “pedophile rings,” and that then-President Donald Trump had called all refugees seeking asylum “animals,” according to the documents.

A 2019 internal review of Facebook’s whitelisting practices, marked attorney-client privileged, found favoritism to those users to be both widespread and “not publicly defensible.”

“We are not actually doing what we say we do publicly,” said the confidential review. It called the company’s actions “a breach of trust” and added: “Unlike the rest of our community, these people can violate our standards without any consequences.”


Presently covers 5.8 million people. Facebook’s PR said it was for “content that could require more understanding.” Facebook’s content moderation is already lax. This amplifies the harmful effects.

Honestly, I began the week intending not to link to stories about Facebook, but this is too big to ignore.
unique link to this extract

Walmart says crypto payments announcement is fake: Litecoin tumbles after spike • CNBC

Tanaya Macheel:


Cryptocurrency litecoin gave up a 20% gain and tumbled back to earth following a fake press release sent out by GlobeNewswire that referenced a partnership with Walmart.

Walmart spokesman Randy Hargrove confirmed the press release is not authentic. He also said the retailer has been in touch with the newswire company to investigate how the false press release got posted.

GlobeNewswire is owned by telecommunications company Intrado. It issued a “notice to disregard” the original release at 11:18 a.m. EST.

A number of media organizations, including CNBC, sent headlines on the announcement. Shares of Walmart had little movement on it. Litecoin was last about 2.2% down, according to Coin Metrics.

GlobeNewswire said that a fraudulent user account was used to issue the release.

“This has never happened before and we have already put in place enhanced authentication steps to prevent this isolated incident from occurring in the future,” said a spokesperson.


Except putting out fake news releases to spike or depress stocks has happened quite a few times. It might not have happened to GlobeNewswire, but that just made it more likely that it would. (Intrado is very solemn in a May 2019 blogpost about how what you really need for your PR strategy is “a credible newswire”. *crosses Intrado off list*) Anyhow, someone’s going to get their collar felt over this.
unique link to this extract

FORCEDENTRY: NSO Group iMessage zero-click exploit captured in the wild • The Citizen Lab



While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.

We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021.

The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”

Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge readers to immediately update all Apple devices.


Do take note and update: even if you’re not a Saudi activist, the exploit might reach script kiddies in time.
unique link to this extract

Revolt of the NYC delivery workers • NY Mag and The Verge

Josh Dzieza:


The Willis Avenue Bridge, a 3,000-foot stretch of asphalt and beige-painted steel connecting Manhattan and the Bronx, is the perfect place for an ambush. The narrow bike path along its west side is poorly lit; darkened trash-strewn alcoves on either end are useful for lying in wait. All summer, food-delivery workers returning home after their shifts have been violently attacked there for their bikes: by gunmen pulling up on motorcycles, by knife-wielding thieves leaping from the recesses, by muggers blocking the path with Citi Bikes and brandishing broken bottles.

“Once you go onto that bridge, it’s another world,” one frequent crosser said. “You ever see wildlife with the wildebeest trying to cross with the crocodiles? That’s the crocodiles over there. We’re the wildebeests just trying to get by.”

Lately, delivery workers have found safety in numbers. On a humid July night, his last dinner orders complete, Cesar Solano, a lanky and serious 19-year-old from Guerrero, Mexico, rode his heavy electric bike onto the sidewalk at 125th Street and First Avenue and dismounted beneath an overpass. Across the street, through a lattice of on-ramps and off-ramps, was the entrance to the Willis, which threads under the exit of the RFK Bridge and over the Harlem River Drive before shooting out across the Harlem River. Whatever happens on the bridge is blocked from view by the highway.

Several other workers had already arrived. The headlights of their parked bikes provided the only illumination. Cesar watched, his arms crossed, as his older cousin Sergio Solano and another worker strung a banner between the traffic light and a signpost on the corner. It read WE ARE ON GUARD TO PROTECT OUR DELIVERY WORKERS.

…Even before the thefts started, the city’s 65,000 delivery workers had tolerated so much: the fluctuating pay, the lengthening routes, the relentless time pressure enforced by mercurial software, the deadly carelessness of drivers, the pouring rain and brutal heat, and the indignity of pissing behind a dumpster because the restaurant that depends on you refuses to let you use its restroom. And every day there were the trivially small items people ordered and the paltry tips they gave — all while calling you a hero and avoiding eye contact. Cesar recently biked from 77th on the Upper East Side 18 blocks south and over the Ed Koch Queensboro Bridge, then up through Long Island City and over another bridge to Roosevelt Island, all to deliver a single slice of cake for no tip at all. And now he had to worry about losing his bike, purchased with savings on his birthday.


An amazing read about the reality of the gig economy in New York.
unique link to this extract

Uber drivers are employees, not contractors, says Dutch court • Reuters

Anthony Deutsch and Toby Sterling:


Uber drivers are employees, not contractors, and so entitled to greater workers’ rights under local labour laws, a Dutch court ruled on Monday, handing a setback to the U.S. company’s European business model.

It was another court victory for unions fighting for better pay and benefits for those employed in the gig economy and followed a similar decision this year about Uber in Britain.

The Amsterdam District Court sided with the Federation of Dutch Trade Unions (FNV), which had argued that Uber’s roughly 4,000 drivers in the capital are employees of a taxi company and should be granted benefits in line with the taxi sector.

Uber said it would appeal against the decision and “has no plans to employ drivers in the Netherlands”.

“We are disappointed with this decision because we know that the overwhelming majority of drivers wish to remain independent,” said Maurits Schönfeld, Uber’s general manager for northern Europe. “Drivers don’t want to give up their freedom to choose if, when and where to work.”


Seems like the “gig economy” is being chipped away piece by piece. Not sure what Uber means about having no plans to employ drivers – if it operates there, then by default it will be doing, according to the court.
unique link to this extract

Ireland fails to enforce EU law against Big Tech • Financial Times

Madhumita Murgia and Javier Espinoza:


Ireland is failing to apply the EU’s privacy laws to US Big Tech companies, with 98% of 164 significant complaints about privacy abuses still unresolved by its regulator.

Google, Facebook, Apple, Microsoft and Twitter all have their European headquarters in Dublin, making Ireland’s Data Protection Commissioner the lead EU regulator responsible for holding them to the law.

But the Irish DPC has been repeatedly criticised, both by privacy campaigners and by other EU regulators, for failing to take action.

An analysis by the Irish Council for Civil Liberties found that the vast majority of cases were still unresolved, and that Spain, which has a smaller budget than Ireland for data protection, produces 10 times more draft decisions.

Johnny Ryan, senior fellow at ICCL, said Ireland was the “worst bottleneck” for enforcement of the EU’s General Data Protection Regulation.

“GDPR enforcement against Big Tech is paralysed by Ireland’s failure to deliver draft decisions on cross-border cases,” he added, noting that the rest of the EU has to wait for Irish draft decisions before they are able to take their own action against the companies.


unique link to this extract

Find the location of your home… on Pangaea • Open Culture


Software engineer Ian Webster has created a website that lets you see how the land masses on planet Earth have changed over the course of 750 million years. And it has the added bonus of letting you plot modern addresses on these ancient land formations. Ergo, you can see where your home was located on the Big Blue Marble some 20, 100, 500, or 750 million years ago.


I recommend the 240 MYA period, when everywhere had really great land connections to, well, everywhere else. Presumably this pushed up house prices during the Pangaean era, and they’ve been rising ever since.
unique link to this extract

Italy data authority asks Facebook for clarifications on smart glasses • Reuters

Elvira Pollina:


The Italian authority said it wanted to be informed on measures Facebook has put in place to protect people occasionally filmed, in particular children, as well as on systems adopted to make data collected anonymous and features of the voice assistant connected to the glasses.

“We know people have questions about new technologies, so before the launch of Ray-Ban Stories we engaged with the Irish DPC to share how we’ve built privacy into the product design and functionality of the glasses to give both device owners and people around them peace of mind,” a Facebook spokesperson said in a statement.


Didn’t take long to attract regulators’ interest, naturally.
unique link to this extract

Apple fires senior engineering program manager Ashley Gjøvik for allegedly leaking information • The Verge

Zoe Schiffer:


Apple has fired senior engineering program manager Ashley Gjøvik for allegedly violating the company’s rules against leaking confidential information. For months, Gjøvik has been tweeting openly about allegations of harassment, surveillance, and workplace safety.

“When I began raising workplace safety concerns in March, and nearly immediately faced retaliation and intimidation, I started preparing myself for something exactly like this to happen,” she says. “I’m disappointed that a company I have loved since I was a little girl would treat their employees this way.”

Gjøvik has raised concerns that her office is in an Apple building located on a superfund site, meaning it requires special oversight due to historical waste contamination. She also says that she faced harassment and bullying from her manager and members of her team. More recently, she’s begun raising privacy concerns related to Apple’s policies on how it can search and surveil employees’ work phones.


Quite a lot of people mistake the “What’s happening?” box on Twitter’s interface for Harry Potter’s Cloak of Invisibility, and think it will make them immune from retribution (especially from any corporation that employs them). This turns out not to be the case.
unique link to this extract

Apple loses $85bn in value after App Store ruling • Bloomberg (via Yahoo)

Ryan Vlastelica:


Apple shares suffered their steepest selloff in months on Friday after a federal judge ordered the company to change the way it operates its App Store, which would hurt the profitability of that business unit.

The stock fell 3.3%, its biggest decline since May 4, erasing about $85bn from the iPhone maker’s market capitalisation. The size of the loss is bigger than all but 98 components of the S&P 500 Index.

A federal judge granted an injunction sought by Epic Games Inc. which would allow developers to steer consumers outside payment methods for mobile apps. It also ordered the game maker to pay damages to Apple for breach of contract.

Friday’s slump handed Apple its first weekly decline in three weeks. The stock remains up more than 12% so far this year.


So let’s see how well the market weighted that selloff. Yesterday I pointed to Mark Gurman (also of Bloomberg) suggesting that the judge’s ruling might wipe out about 1% of Apple’s annual revenues, ie $3.6bn for the most recent year; which I think would be about the same in profits. Can’t be that expensive to run the store.

Market capitalisation is (in theory) the net present value of all future earnings of the company. If Apple’s going to lose, say, $3.5bn per year, then a selloff of $85bn would encompass about 24 years’ lost earnings. Given that Apple is 45 years old, that suggests the market can see it going for at least another two decades. By then perhaps we’ll be talking about app stores in cars driven via AR goggles. Perhaps.
unique link to this extract

Daten von A nach B: wer ist schneller – pferd oder Internet? • WDR


In Schmallenberg-Oberkirchen hat das “WOLL-Magazin” ein ungewöhnliches Wettrennen gestartet: Wer bringt die Dateien schneller ans Ziel: ein Pferd oder das Internet?

Es geht um 4,5 Gigabyte Fotos, die Fotograf Klaus-Peter Kappest zu einer Druckerei schicken möchte. Bei sich zu Hause in Schmallenberg-Oberkirchen startet er einen Datentransfer über das Internet.


Just in case your school German (I learned most of mine from British war films, I think) isn’t up to it, “pferd” is “horse”. That’s right – they’re doing a tortoise-and-hare contest to see whether it’s quicker to send 4.5GB of photos on DVD by horse, or over the creaky internet in Schmallenberg-Oberkirchen.

Here’s the Google Translate page.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.