Using an Apple AirTag to track your car keys is probably wise. But what if criminals hide an AirTag in your car with a view to stealing it later, because they’ll know where it is? CC-licensed photo by ajay_suresh on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 10 links for you. Projected onto your brain. I’m @charlesarthur on Twitter. Observations and links welcome.
Apple’s iPhone successor comes into focus • WSJ
Accomplishing full AR [augmented reality] in a lightweight, easily worn device is a technical challenge that has defeated all comers, but this won’t be the case forever, says Hugo Swart, vice president of XR and the metaverse at Qualcomm. (“XR” is an industry term that encompasses augmented, mixed and virtual reality.) In 10 years, we will be close to the “holy grail” of augmented-reality glasses that are both light enough for prolonged and everyday use, and as capable as today’s bulky AR and VR headsets, he adds.
Mr. Swart has a unique vantage point on the industry, since he oversees the division at Qualcomm that provides the microchips that power devices including Meta’s latest Oculus Quest 2 headset, Vuzix’s Shield glasses, Microsoft’s HoloLens 2, and Niantic’s forthcoming device, among others.
Mr. Swart thinks one solution for AR is to have a lot of the required computing happen on a device everyone already has—their smartphone—and connecting with the headset via the new Wi-Fi 6e standard. That could enable fast, high-bandwidth connection between the two that allows the phone to do most of the processing work.
Mr. Hanke says Niantic and other companies are working on such solutions, in order to bring full AR to a glasses-like form factor. “Doing this means a fair amount of mass and heat dissipation that doesn’t have to go on your head anymore,” he adds.
That approach also would play to Apple’s strengths, given the iPhone’s popularity. And, if Apple does opt to offload much of the necessary processing to the iPhone to keep its smart glasses svelte, it could further entrench the iPhone as the dominant mobile device in many markets, says Mr. Boland, the analyst. As growth in demand for smartphones slows, Apple’s strategy has been to sell more and more accessories, like watches and headphones, and adding smart glasses to that growing list just makes sense, he adds.
AR has been around for quite a while: I was trying AR ski goggles back in early 2012, and they were a lot more convenient than trying to operate a phone with ski gloves on. At the time, everyone thought AR glasses were just around the corner; turned out Google Glass was a bust (mostly), but batteries and chip efficiencies, especially Apple’s, have moved on a lot since then.
Best guess is a launch of some sort by the end of 2022 – though remember that the Apple Watch was announced but not released for months, and its v1 was dire. This could be the same: a slow burn to success.
unique link to this extract
Earth is getting a black box to record our climate change actions, and it’s already started listening • ABC News
When an aeroplane crashes, it’s left to investigators to sift through the wreckage to recover the black box. It’s hoped the recorded contents can be used to help others avoid the same fate.
And so it is with Earth’s Black Box: a 10-metre-by-4-metre-by-3-metre steel monolith that’s about to be built on a remote outcrop on Tasmania’s west coast.
Chosen for its geopolitical and geological stability, ahead of other candidates like Malta, Norway and Qatar, the idea is that the Tasmanian site can cradle the black box for the benefit of a future civilisation, should catastrophic climate change cause the downfall of ours.
If that sounds unhinged, it’s worth remembering that we’re currently on track for as much as 2.7C of warming this century. Ask any climate scientist what happens when warming breaches 2C, and they’ll almost invariably tell you it’s not worth thinking about. Plenty of past civilisations and empires have collapsed in the face of less.
So what is this black box? Artistic installation? Academic experiment? Or something else?
The project is completely non-commercial, and the guiding design principle is functionality, according to Jim Curtis from Clemenger BBDO. “Obviously it’s really a powerful concept when you say to someone, ‘Earth’s got a black box’. Because they’re like, ‘Why does it need a black box?'” said Mr Curtis, who’s collaborating on the project with University of Tasmania researchers, among others. “But first and foremost, it’s a tool.”
The box will be made from 7.5-centimetre-thick steel, cantilevered off granite, according to Jonathan Kneebone, co-founder of artistic collective the Glue Society, which is also involved. “It’s built to outlive us all,” he said. “If the worst does happen, just because the power grids go down, this thing will still be there.”
The box will be filled with a mass of storage drives and have internet connectivity, all powered by solar panels on the structure’s roof. Batteries will provide backup power storage. When the sun is shining, the black box will be downloading scientific data and an algorithm will be gleaning climate-change-related material from the internet.
The artist’s impression makes it look as though it fell from the sky. Good call not siting it in Malta or Qatar. That must have been a tough call, looking at their geopolitical and geological stability. Ahem.
unique link to this extract
China-based Covid disinformation operation pushed fake Swiss scientist, Facebook says • NBC News
China-based propagandists created an elaborate online disinformation campaign this year centered on an internet persona claiming to be a Swiss biologist to mislead the public about the origins of the coronavirus pandemic, Facebook researchers said Wednesday.
Going by the name Dr. Wilson Edwards, the persona wrote on Facebook that the U.S. was putting undue political pressure on the World Health Organization to blame China for the coronavirus. But Edwards isn’t a real person, which Switzerland’s embassy in Beijing made clear in August.
Facebook researchers said they found evidence that the person was the creation of a Chinese cybersecurity company.
Although the character got little attention in the West, he was credulously cited in Chinese state-sponsored media as a whistleblower on world health policy.
Facebook said it had traced that account’s creation to Sichuan Silence Information Technology, a company in central China. According to its website, Silence was founded in 2000 and offers a wide range of information security services — and it counts China’s Ministry of Public Security among its customers. An inquiry sent to an email address on the company’s website bounced back as undeliverable.
A spokesperson for China’s embassy in Washington, Liu Pengyu, said in an email that “China has shown a scientific, professional, serious and responsible attitude from the very beginning” in global efforts to research the origins of Covid-19, but did not address specifics about the Facebook account.
Other nonexistent people: the fake professor who died from Covid; the nonexistent columnist who wrote on geopolitics, part of a Middle East propaganda campaign.
unique link to this extract
Google contractor says she was fired for talking about pay • Protocol
A contractor at Google staffing firm Modis claims she was fired from her job for “ungoogley” behavior after asking about holiday pay at a meeting with management, according to a charge filed with the National Labor Relations Board by a lawyer for the Alphabet Workers Union.
Tuesday Carne said in an interview with Protocol that she was fired after just nine days of working in the data contracting facility in South Carolina. Carne’s termination letter (which Protocol reviewed) called her behavior at the meeting “unacceptable and ‘ungoogley'” and claimed that her behavior was the reason for her firing.
Modis Engineering faced a similar charge from former Google contractor Shannon Wait, who was terminated after posting on Facebook about pay and working conditions at a South Carolina data center in February. Modis almost immediately gave Wait her job back and was forced to settle the charges in April, agreeing to post large signs in the Berkeley County facility where she worked that said workers have the right to ask questions about and discuss pay and working conditions. Google relies heavily on temporary, vending or contract staff (TVCs) to fill positions in its data centers and has long received criticism from those workers, who feel as if they are treated like second-class Google citizens.
Yes, me too: WTH is “ungoogley” (or unGoogle-y) behaviour, exactly?
unique link to this extract
Welcome to Mars! Frequently Asked Questions • New Yorker
Nicky Guerreiro and Ethan Simon:
What do I do for work?
Like all Mars residents, you will be employed by The Corporation. You will enjoy an exciting career in a fast-paced and collaborative mine shaft.
I don’t want to work in a mine shaft.
Sounds like someone should have finished dental school.
Do I get paid?
Good news! As a utopia, Mars has no need for money. In exchange for the lithium you mine, The Corporation will provide you with a daily ration of gruel. The amount of gruel you receive will be determined by how much lithium you extract, and by whether you can curry favor with a small group of benevolent billionaires.
Is this slavery?
You worry too much.
Satire, but sometimes reality has a strange habit of getting on the same bus as satire.
unique link to this extract
Apple AirTags linked to increasing number of car thefts, Canadian police report • MacRumors
Apple’s AirTags are being used in an increasing number of targeted car thefts in Canada, according to local police.
As outlined in a news release from York Regional Police, investigators have identified a new method being used by thieves to track down and steal high-end vehicles that takes advantage of the AirTag’s location tracking capabilities. While the method of stealing the cars is largely conventional, the purpose of the AirTag is to track a high-end car back to a victim’s residence where it can be stolen from the driveway.
Since September 2021, police officers in York Region alone have investigated five incidents where suspects used AirTags in thefts of high-end vehicles. Thieves target any particularly valuable vehicles they find in public places and parking lots, placing an AirTag in an out-of-sight area, such as in the tow hitch or fuel cap, in the hope that it will not be discovered by the car’s owner.
Thieves have no way to disable Apple’s anti-tracking features that alert users when an unfamiliar nearby AirTag is tracking their location, but not all victims receive or act on the notification, or have an iPhone.
Clever – really, properly innovative! – use of AirTags, though there’s a lot more to it: from the York police release:
Thieves then track the targeted vehicles to the victim’s residence, where they are stolen from the driveway.
Thieves typically use tools like screwdrivers to enter the vehicles through the driver or passenger door, while ensuring not to set off alarms. Once inside, an electronic device, typically used by mechanics to reprogram the factory setting, is connected to the onboard diagnostics port below the dashboard and programs the vehicle to accept a key the thieves have brought with them.
“While ensuring not to set off alarms” covers a lot of ground there. John Gruber ponders the broader question: how do the police know that AirTags were used?
unique link to this extract
A mysterious threat actor is running hundreds of malicious Tor relays • The Record
Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users.
Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to 9,000-10,000.
Some of these servers work as entry points (guards), others as middle relays, and others as exit points from the Tor network.
Their role is to encrypt and anonymize user traffic as it enters and leaves the Tor network, creating a giant mesh of proxy servers that bounce connections between each other and provide the much-needed privacy that Tor users come for.
Servers added to the Tor network typically must have contact information included in their setup, such as an email address, so Tor network administrators and law enforcement can contact server operators in the case of a misconfiguration or file an abuse report.
However, despite this rule, servers with no contact information are often added to the Tor network, which is not strictly policed, mainly to ensure there’s always a sufficiently large number of nodes to bounce and hide user traffic.
But a security researcher and Tor node operator going by Nusenu told The Record this week that it observed a pattern in some of these Tor relays with no contact information, which he first noticed in 2019 and has eventually traced back as far as 2017.
Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.
Briefly and approximately: traffic arriving in the Tor network is encrypted by each successive server until it hits its target server, and then the encryption is unwound as the message pings back. Like layers of an onion (hence The Onion Router), each in theory unviewable by the previous one. But if you control a lot of the paths through, you can unwrap the encryption as you like. State actor, do we think?
unique link to this extract
Xinjiang: Twitter closes thousands of China state-linked accounts spreading propaganda • The Guardian
Twitter has shut down thousands of state-linked accounts in China that seek to counter evidence of human rights abuses in Xinjiang, as part of what experts called an “embarrassingly” produced propaganda operation.
The operations used photos and images, shell and potentially automated accounts, and fake Uyghur profiles, to disseminate state propaganda and fake testimonials about their happy lives in the region, seeking to dispel evidence of a years-long campaign of oppression, with mass internments, re-education programs, and allegations of forced labour and sterilisation.
The networks were found to share themes and content, but often used repurposed accounts dedicated to pornography or Korean soap operas with little engagement except when they were amplified by Chinese diplomats and officials. Twitter is banned inside China but officials frequently operate accounts overseas.
According to analysts at thinktank the Australian Strategic Policy Institute (ASPI), the content from the 2,160 accounts that Twitter closed down was often “embarrassingly” produced but provided a level of “implausible deniability” which muddied the waters around the issue.
The accounts linked to Chinese operations were in two sets, the largest being a network of 2,048 accounts amplifying the Chinese Communist party’s narratives related to Xinjiang, and the second set of 112 accounts connected to “Changyu Culture,” a private company that ASPI said appeared to be contracted by the Xinjiang regional authority to create videos of Uyghurs supporting the government.
‘Patience is crucial’: why we won’t know for weeks how dangerous omicron is • Science
a private lab called Lancet Laboratories had noticed that routine polymerase chain reaction (PCR) tests for SARS-CoV-2 were failing to detect a key target, the S gene, in many samples, a phenomenon previously seen with Alpha, another variant of concern. When Lancet sequenced eight of these viruses, it found out why: The genome was so heavily mutated that the test missed the gene.
Lancet shared the genomes with the Network for Genomics Surveillance in South Africa (NGS-SA), which called an urgent meeting on 23 November. “We were shocked by the number of mutations,” says Tulio de Oliveira, a virologist at the University of KwaZulu-Natal and NGS-SA’s principal investigator. After the meeting, de Oliveira says, he called South Africa’s director general of health and “asked him to inform the minister and president that a potential new variant was emerging.” The team sequenced another 100 randomly selected sequences from Gauteng in the next 24 hours. All showed the same pattern. After informing the government, de Oliveira and his colleagues presented their evidence at a press conference on the morning of 25 November. On 26 November, the World Health Organization (WHO) designated the virus a “variant of concern” and christened it omicron.
…One reason for concern about omicron is that sequenced samples indicate it has rapidly replaced other variants in South Africa. But that picture might be skewed. For one, sequencing might have been focused on possible cases of the new variant in recent days, which could make it appear more frequent than it is. PCR data provide broader coverage and a less biased view, but there, too, samples with the S gene failure indicate a rapid rise of Omicron.
The rising frequency could still be due in part to chance. In San Diego, a series of superspreading events at a university resulted in an explosion of one particular strain of SARS-CoV-2 earlier this year, [infectious disease researcher at Scripps Research, Kristian] Andersen says: “It was thousands of cases and they were all the same virus.” But the virus wasn’t notably more infectious. South Africa has seen relatively few cases recently, so a series of superspreading events could have led to the rapid increase of Omicron. “I suspect that a lot of that signal is explained by that and I desperately hope so,” Andersen says. Based on a comparison of different omicron genomes, Andersen estimates the virus emerged sometime around late September or early October, which suggests it might be spreading more slowly than it appears to have.
Exclusive: US State Department phones hacked with Israeli company spyware • Reuters
Christopher Bing and Joseph Menn:
The iPhones of at least nine US State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.
The hacks, which took place in the last several months, hit US officials either based in Uganda or focused on matters concerning the East African country, two of the sources said.
The intrusions, first reported here, represent the widest known hacks of US officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.
Reuters could not determine who launched the latest cyberattacks.
NSO Group said in a statement on Thursday that it did not have any indication their tools were used but canceled the relevant accounts and would investigate based on the Reuters inquiry.
“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” said an NSO spokesperson, who added that NSO will also “cooperate with any relevant government authority and present the full information we will have.”
NSO has long said it only sells its products to government law enforcement and intelligence clients, helping them to monitor security threats, and is not directly involved in surveillance operations.
Let’s figure out how this story appeared: the “four people” are in the US State Department or those who look after their phones, and this story didn’t leak accidentally; the implication in the story is that Apple told the State Department, which is as a result angry. The US is gunning for NSO now; the new export ban announced is probably at least in part the result of this.
unique link to this extract
Christmas shopping? You could do worse than getting yourself (or a friend; or both of you, why not?) a copy of Social Warming, my latest book, about how the incessant use of social networks is affecting society, politics and the media.
Errata, corrigenda and ai no corrida: we’re now at the stage where it’s not even worth bothering with a $150m cryptocurrency heist because you know there’ll be a bigger one along tomorrow.