Start Up No.1679: UK proposes algorithm work regulation, Covid’s deer reservoir, Google’s double-edged cookie win, and more

What if Facebook is really more like a zillion channels, almost all of which have nothing on? CC-licensed photo by Kevin Dooley on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Not algorithmically chosen. I’m @charlesarthur on Twitter. Observations and links welcome.

Algorithmic tracking is ‘damaging mental health’ of UK workers • The Guardian

Dan Milmo:


An “accountability for algorithms act’” would ensure that companies evaluate the effect of performance-driven regimes such as queue monitoring in supermarkets or deliveries-per-hour guidelines for delivery drivers, said the all-party parliamentary group (APPG) on the future of work.

“Pervasive monitoring and target-setting technologies, in particular, are associated with pronounced negative impacts on mental and physical wellbeing as workers experience the extreme pressure of constant, real-time micro-management and automated assessment,” said the APPG members in their report, the New Frontier: Artificial Intelligence at Work.

The report recommends bringing in a new algorithms act, which it says would establish “a clear direction to ensure AI puts people first”. It warns that “use of algorithmic surveillance, management and monitoring technologies that undertake new advisory functions, as well as traditional ones, has significantly increased during the pandemic”.

Under the act workers would be given the right to be involved in the design and use of algorithm-driven systems, where computers make and execute decisions about fundamental aspects of someone’s work – including in some cases allocation of shifts and pay, or whether they get a job in the first place.

The report also recommended that corporations and public sector employers fill out algorithmic impact assessments, aimed at ironing out any problems caused by the systems, and expanding the new umbrella body for digital regulation, the Digital Regulation Cooperation Forum, to introduce certification and guidance for use of AI and algorithms at work.


Helen Lewis also did an excellent radio programme (free to listen) about this in February 2019. The topic of people essentially being ruled by an algorithm is quite weird.
unique link to this extract

As the UK nears elimination of cervical cancer, the US isn’t close • STAT

Angus Chen:


[Peter] Sasieni and his colleagues [at King’s College London] compared women in the UK who were offered the vaccine in school as teens and preteens against slightly older women who were not offered the shot, all under the age of 30.

The team found that women who were offered the vaccine at ages 12 to 13 had an 87% lower risk of cervical cancer than those who were not offered the vaccine at the same age. Their risk of an abnormal Pap smear, a screening test that detects signs of potential cervical cancer, was lower by 97%. That means, Sasieni said, cervical cancer “becomes a very rare cancer, instead of what was one of the most common cancers in young women.”

Based on their findings, Sasieni extrapolated that the vaccination will drive cervical cancer cases down to 50 per year among women under 30 in the U.K. from more than 400 per year before HPV vaccination.

In the US, the HPV vaccine has not had such success. Instead, it’s had to slog through a quagmire of social and economic objections since the day it was approved. Some pointed out that the shot was just plain expensive, making it hard for states to justify school vaccine mandates, but the greatest opposition to the vaccine has come because it became entwined with the subject of teen sex. Some advocacy groups opposed mandating HPV vaccines since HPV can be transmitted sexually, arguing instead that public health efforts be focused on keeping kids from having sex.

“I think the biggest mistake was the way this vaccine was introduced into this country,” Kempe said. “There was a lot of discussion about sexual activity. The focus was on sexual activity and getting it into early adolescents before sexual activity. That was a big mistake. Parents got concerned that this meant their child was sexually active or it would trigger sexual activity.”


Good old America – it would be free for children, but pricey ($360) for older women. And of course it got tied up in sex.
unique link to this extract

How SARS-CoV-2 in white-tailed deer could alter the course of the pandemic • NPR

Michaeleen Doucleff:


veterinarians at Pennsylvania State University have found active SARS-CoV-2 infections in at least 30% of deer tested across Iowa during 2020. Their study, published online last week, suggests that white-tailed deer could become what’s known as a reservoir for SARS-CoV-2. That is, the animals could carry the virus indefinitely and spread it back to humans periodically.

If that’s the case, it would essentially dash any hopes of eliminating or eradicating the virus in the U.S. — and therefore in the world — says veterinary virologist Suresh Kuchipudi at Penn State, who co-led the study.

“If the virus has opportunities to find an alternate host besides humans, which we would call a reservoir, that will create a safe haven where the virus can continue to circulate even if the entire human population becomes immune,” he says. “And so it becomes more and more complicated to manage or even eradicate the virus.”

In the study, Kuchipudi and his colleagues looked for the presence of the SARS-CoV-2 virus in the lymph nodes of nearly 300 white-tailed deer, including more than 100 wild deer. “So these deer were either roadkill or free-living deer that hunters had killed [to eat],” says veterinary microbiologist Vivek Kapur at Penn State, who also co-led the study.

What they found left Kapur and Kuchipudi dumbfounded. “It was actually quite stunning to us,” Kapur says. “We were very surprised to see such a high number of positive samples.”


See also: mink. (Thanks G for the link.)
unique link to this extract

Facebook’s vast wasteland: infinite channels and nothing on • Galaxy Brain

Charlie Warzel, newly installed at The Atlantic which is hosting his newsletter:


Some of the top links [on Facebook] make sense to me (a recipes website,, one link with 35.8 million views that Facebook won’t show, because “This link was removed by Facebook for violating Community Standards”). But most of the links just lead to spammy, clickbait-y content.

Many of the pages seem to simply repost screen-grabbed photos of recycled memes (a tactic that’s very popular among local-radio-station Facebook pages). The most popular pages include celebrity-gossip sites (People), various cooking blogs, mom-focused content, the Australian branch of the popular viral dude-content site LADbible, and, of course, the Falun Gong–backed newspaper The Epoch Times, which doubled down on publishing right-wing misinformation during the Trump era. The most popular individual posts are almost all text cards with prompt questions like “Who can honestly say they never had a DUI? I’ll wait.” (94.3 million views) and “Name something that a lot of people like, but you can’t stand?” (82.4 million views).

Clicking through these pages can feel like flipping through the channels during a programming dead zone. Some posts are truly vapid, recycled, or low budget, like the 2 a.m. channel scroll. Other posts approximate the feel of listless daytime channel surfing: lots of time killers and “on in the background” content sandwiched between melodrama.

Importantly, lots of this content is not offensive in any way. There’s some worrying misinformation and propaganda in Facebook’s list; there are also some legitimately helpful resource pages, too. But the bulk seems to be this quickly published, clickbait-y grist for the viral Facebook mills. It’s not quite spam, because people engage with it, but it is created and published much like spam by content merchants who throw as much shit at the wall as possible to see what sticks.


unique link to this extract

The question we’ve stopped asking about teenagers and social media • The New Yorker

Cal Newport:


For a particularly dispiriting case study of how long it sometimes takes to establish definitive causation between behaviors and negative outcomes, consider the effort involved in connecting smoking to lung cancer. The first major study showing a statistical correlation between cigarettes and cancer, authored by Herbert Lombard and Carl Doering of the Massachusetts Department of Public Health and the Harvard School of Public Health, was published in 1928.

I recently came across an article in the archives of The Atlantic from 1956—nearly thirty years later—in which the author was still trying to convince skeptics who were unhappy with the types of confounding factors that are unavoidable in scientific studies. “If it has not been proved that tobacco is guilty of causing cancer of the lung,” the article pleads, “it has certainly been shown to have been on the scene of the crime.”

So where does this leave us? If the science is not yet ready to give us a definitive answer about the impact of social media on teen-agers, then Amy Orben is right when she notes that, in her role as a scientist, she can’t tell you what to do with your kids. But this isn’t an issue that we need to fully defer to science. Unlike with the hard-to-detect development of lung-cancer cells, when it comes to the well-being of teen-agers, we can, as parents or educators, often clearly observe what seems to make a difference.

Even more directly, we can ask the teen-agers themselves. As Adam Alter noted, it doesn’t take much time chatting about social media with these groups before alarms begin to ring. In other words, you don’t need a specification-curve analysis to uncover the potential negative impacts of Instagram—just ask any teen-age girl.


unique link to this extract

It’s not just Facebook; all the social networks manipulate us. Read Social Warming, my latest book, and find out more.

Did Google’s victory in £3bn landmark Supreme Court case backfire? • Daily Mail (via MSN)

Mark Duell:


Google’s argument over third party cookies which it used to win its Supreme Court case contradicts another ongoing case on its ‘Privacy Sandbox’, it was alleged today.

An alliance of tech businesses, advertisers and publishers known as ‘Movement for an Open Web’ has claimed that Google said in the first case that third party cookies were no threat to privacy – but, in the second case, it says they are.

It comes after the UK’s highest court yesterday blocked a £3bn lawsuit against the US tech firm over claims it secretly tracked millions of iPhone users’ web activity. 

If the case had been successful, more than four million Britons would have received damages of up to £750 each for alleged breaches of the Data Protection Act. But the Supreme Court ruled former Which? director Richard Lloyd had failed to prove that ‘material damage or distress’ had been caused to individuals as a result. 

Now, Movement for an Open Web. also known as MOW, has claimed yesterday’s outcome at the Supreme Court was ‘not quite the triumph Google might claim’. It said the court held that a mere collection of data is not an invasion of privacy – so the mass claim could not proceed, in a finding that might look to benefit Google.

However, in reaching its decision, the UK’s highest court found Mr Lloyd had failed to prove an infringement of privacy law arising from the mere collection of data. And a MOW spokesman said today: ‘Put simply – it wasn’t clear that the setting of third-party cookies by Google involved any invasion of privacy contrary to law.’


This is the text of the Supreme Court decision, which – if I read it right – boils down to two problems: the Data Protection Act doesn’t offer damages for the correct use of data (and the argument with Google was over how it got the data, not what it did afterwards); and it wasn’t feasible to estimate the damages suffered by users because they varied so widely, meaning a class-action lawsuit (or UK equivalent) couldn’t succeed.
unique link to this extract

The republic of the metaverse • The Pull Request

Antonio García Martínez:


If you’re wondering why someone like Zuckerberg with such immense resources (including an estate on paradisiacal Kauaʻi) wants to blot out reality with a VR headset, then you need to understand the techie mindset. As one notable VC un-ironically told me in private: anything worth doing, can be done better via a screen. His (very successful) investment portfolio and lifestyle both reflect that view; while he himself still convenes in-person dinners, those ‘IRL’ events are now a luxury add-on (and reflection of) digital life rather than vice versa. He and others like him invest vast sums in people they’ve never physically met. The resulting companies have workforces who spend all day looking at each other via endless Zoom calls, but who never or rarely meet (I know, I’ve worked in them). The techies prefer intermediating reality and people via pixels and algorithms, and they’ve created the conditions such that the world meets them on their terms.

Not that we were very hard to convince.

While I find myself a bit skeptical of Zuckerberg’s Metaverse plan—virtual reality has been the perpetual technology of the future for longer than I can remember, and Facebook has gone a long time without a homespun product hit—the little ‘m’ metaverse is already here and firmly in place.


He also wrote an interesting thread on the topic, which in some ways is better.
unique link to this extract

Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating • Ars Technica

Dan Goodin:


About 10,000 enterprise servers running Palo Alto Networks’ GlobalProtect VPN are vulnerable to a just-patched buffer overflow bug with a severity rating of 9.8 out of a possible 10.

Security firm Randori said on Wednesday that it discovered the vulnerability 12 months ago and for most of the time since has been privately using it in its red team products, which help customers test their network defenses against real-world threats. The norm among security professionals is for researchers to privately report high-severity vulnerabilities to vendors as soon as possible rather than hoarding them in secret.

CVE-2021-3064, as the vulnerability is tracked, is a buffer overflow flaw that occurs when parsing user-supplied input in a fixed-length location on the stack. A proof-of-concept exploit Randori researchers developed demonstrates the considerable damage that can result.

“Our team was able to gain a shell on the affected target, access sensitive configuration data, extract credentials, and more,” researchers from Randori wrote on Wednesday. “Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally.”

Over the past few years, hackers have actively exploited vulnerabilities in a raft of enterprise firewalls and VPNs from the likes of Citrix, Microsoft, and Fortinet, government agencies warned earlier this year. Similar enterprise products, including those from Pulse Secure and Sonic Wall, have also come under attack. Now, Palo Alto Networks’ GlobalProtect may be poised to join the list.


The Twitter response to Randori was that it had done a Very Bad Thing not alerting everyone to this, and using the zero-day in its red team (permitted attack on clients) exercises. The CEO’s point was: zero-days exist, and so you need to be able to protect your organisation against them. So how well did these organisations they were red-teaming against cope? Put like that, it’s a bit more justifiable – realistic even.
unique link to this extract

Thanks for the bitcoin! How does it work? • The New Yorker

Ben McGrath:


Anthony Di Iorio, one of the co-founders of Ethereum, is a Toronto native, and, as it happens, is in the midst of a transition toward philanthropic endeavors that extend to combatting misinformation and other problems engendered by faulty business models. “We need media that is trustworthy,” he said. “Ninety-nine% of the stuff I’m reading? Grain of salt.” He dispatched some associates to help set the Phoenix up with a so-called cold wallet and later joined Bidini and his top editors for a Google Hangouts session to “whiteboard” strategies for growth, using a model that he calls his “perfect formula.”

They made at first for an awkward party, the cryptocurrency guru and the ink-stained journalists. Di Iorio sat in a futuristic white swivel chair with a couple of talismans hanging from chains around his neck, one of them given to him by the organizers of Burning Man and the other by a Costa Rican shaman. (“It stands for protection,” he said.) Between bites of salad, he spoke of scalability, disruption, utilization, stakeholders, and the importance of “empowering people to be in control of their digital lives.” Bidini, who likes to joke about his unfamiliarity with smartphone features, sat on a couch with his wife, Janet Morassutti (the managing editor and a co-founder of the paper), and their snoozing rescue dog, Sandy. He interrupted Di Iorio at one point to ask, “Can you just define what a stakeholder is?” He reverted to a music analogy to articulate his concerns about selling out. “I always use R.E.M. as an example. How do they go from ‘Murmur’ to ‘Losing My Religion,’ and they continue to be R.E.M.? They navigated it so beautifully.”

The Phoenix staff may have been short on data, but they were long on hunches—about, for instance, the efficacy of hot-pink lawn signs (“I Read the West End Phoenix”) in disseminating the word, compared with ads they were placing on the boards of local ice rinks, say, and with social media, where engagement was measurable but potentially in conflict with their ethos.


A lovely little story of worlds colliding.
unique link to this extract

Google caught hackers using a Mac zero-day against Hong Kong users • Vice

Lorenzo Franceschi-Bicchierai:


Google researchers caught hackers targeting users in Hong Kong exploiting what were at the time unknown vulnerabilities in Apple’s Mac operating system. According to the researchers, the attacks have the hallmarks of government-backed hackers. 

On Thursday, Google’s Threat Analysis Group (TAG), the company’s elite team of hacker hunters, published a report detailing the hacking campaign. The researchers didn’t go as far as pointing the finger at a specific hacking group or country, but they said it was “a well resourced group, likely state backed.” 

“We do not have enough technical evidence to provide attribution and we do not speculate about attribution,” the head of TAG Shane Huntley told Motherboard in an email. “However, the nature of the activity and targeting is consistent with a government backed actor.”

Erye Hernandez, the Google researcher who found the hacking campaign and authored the report, wrote that TAG discovered the campaign in late August of this year. The hackers had set up a watering hole attack, meaning they hid malware within the legitimate websites of “a media outlet and a prominent pro-democracy labor and political group” in Hong Kong. Users who visited those websites would get hacked with an unknown vulnerability—in other words, a zero-day—and another exploit that took advantage of a previously patched vulnerability for MacOS that was used to install a backdoor on their computers, according to Hernandez. 


There was also an iOS exploit, but they couldn’t recover it. Not hard to guess which government would be behind this.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.