Start Up No.1716: Safari’s privacy leak, UK to subsidise energy suppliers?, the wrath of Cummings, the end of Covid, and more


Nobody would stump up huge amounts of money (or “money”) to buy a book they couldn’t do anything with – except crypto enthusiasts after a ‘Dune’ bible. CC-licensed photo by deepskyobjectdeepskyobject on Flickr.

A selection of 9 links for you. Not an element of public service broadcasting. I’m @charlesarthur on Twitter. Observations and links welcome.


Safari 15 bug can leak your recent browsing activity and personal identifiers • The Verge

Emma Roth:

»

A bug in Safari 15 can leak your browsing activity, and can also reveal some of the personal information attached to your Google account, according to findings from FingerprintJS, a browser fingerprinting and fraud detection service (via 9to5Mac). The vulnerability stems from an issue with Apple’s implementation of IndexedDB, an application programming interface (API) that stores data on your browser.

As explained by FingerprintJS, IndexedDB abides by the same-origin policy, which restricts one origin from interacting with data that was collected on other origins — essentially, only the website that generates data can access it. For example, if you open your email account in one tab and then open a malicious webpage in another, the same-origin policy prevents the malicious page from viewing and meddling with your email.

FingerprintJS found that Apple’s application of the IndexedDB API in Safari 15 actually violates the same-origin policy. When a website interacts with a database in Safari, FingerprintJS says that “a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session.”

This means other websites can see the name of other databases created on other sites, which could contain details specific to your identity. FingerprintJS notes sites that use your Google account, like YouTube, Google Calendar, and Google Keep, all generate databases with your unique Google User ID in its name. Your Google User ID allows Google to access your publicly-available information, such as your profile picture, which the Safari bug can expose to other websites.

«

You can try it out at the safarileaks website. The Google Analytics cookies already do this sort of tracking, as does Facebook. And they’re absolutely everywhere. Yet apparently Apple’s Safari team has already merged some fixes for this, so they’ll presumably be in the next point release.
unique link to this extract


UK looks at payments to energy suppliers to shield consumers from high bills • Financial Times

George Parker, Nathalie Thomas and Jim Pickard:

»

The UK is exploring a radical intervention in the power market under which the state would make payments to energy suppliers when wholesale gas prices rise sharply in a bid to soften the blow to consumers

The proposal, which is being promoted by energy companies, is described by government insiders as “plausible” and “logical”, but they admit there are also many downsides to such a step.

Under the initiative, energy suppliers would receive payments from government when wholesale gas prices exceeded a certain threshold so they would not then have to pass the hike on to consumers.

Some suppliers say the proposal — known as a temporary price stabilisation mechanism — could be self-funding over the course of several years as energy companies would have to return money to the government when wholesale prices traded below the agreed level.

Rishi Sunak, chancellor, accepts this could leave the taxpayer heavily exposed if wholesale prices remain high, but he has been discussing with Boris Johnson, the prime minister, ways to mitigate a cost of living crisis, officials say.

Without action by Downing Street, a price cap on household energy bills could rise from £1,277 a year to over £1,900 in April — fuelling inflation — and coming at the same time as tax rises take effect.

«

Contrast this with what it won’t do for the BBC, where the licence fee has been frozen for at least two years, and there’s no viable path to another model that would be as effective. The cost of living rises on the lowest-paid, or those on benefits, have been imposed by the government – cutting Universal Credit, refusing free school meals, withdrawing free TV licences for those over 75. This will be hugely expensive, with nothing at all to show for it – unlike, say, a comprehensive program to shift to air source heat pumps.
unique link to this extract


Dominic Cummings, ‘Partygate’ and the campaign to unseat Boris Johnson • Financial Times

Jim Pickard and George Parker:

»

[Former chief adviser to PM Boris Johnson, Dominic] Cummings… revealed the far more damaging details of another gathering in the Number 10 garden on May 20 2020. It involved around 40 people, including Johnson, and was arranged by a senior civil servant with a memo advising invitees to “bring your own booze”.

Cummings added that he and a colleague had warned in writing that the event appeared to break lockdown rules and should not take place, but “we were ignored”. Further details of the party emerged in the Sunday Times just days later. In a blog post published on Monday he said he “would swear under oath” that Johnson not only knew about the May 20 drinks party but “agreed that it should go ahead”.

The former Number 10 chief of staff’s [Overspill ed: Cummings wasn’t CoS. It’s a title he explicitly rejected] criticism of Johnson’s lockdown breaches is not without irony. He was at the centre of another furore in the summer of 2020 after he was found to have broken the rules by driving his family 270 miles from London to Durham, despite thinking they had been exposed to coronavirus. He then made a 60-mile round trip to Barnard Castle to “see if I could drive safely”.

Johnson subsequently defied a wave of public outrage to stand behind his adviser, who had been the brains behind the successful “Vote Leave” Brexit campaign in 2016.

“Dom first got involved in anti-EU campaigning in around 2000: that’s 16 years in which he never gave up, kept fighting, and he is now bringing that level of persistence to taking out Johnson,” said one friend.

«

I doubt it’s going to take him 16 years to get rid of Johnson. 16 months would be closer to it. 16 weeks if the May local elections are bad, and why shouldn’t they be? Cummings is clearly the worst possible person to have as an enemy. And the worst possible person to have as a friend.
unique link to this extract


This DAO ‘bought’ Alejandro Jodorowsky’s Dune bible—but it doesn’t own it yet • Decrypt

Jeff Benson and Jason Nelson:

»

Here’s a quick conundrum. Does the person paying the mortgage own the house, or is it really the property of the bank? Here’s another one: Do viewers own the rights to digital movies they purchase online?

And, finally, who really owns filmmaker Alejandro Jodorowsky’s “Dune Bible”? Is it the DAO (decentralized autonomous organization) that raised $750,000 to bid on it at Christie’s auction house, or the DAO’s co-founder who used his own funds to purchase it separately—and then spearheaded a fundraising drive for other contributors to buy it back from him?

That’s the curious question being raised this week by Spice DAO (formerly DuneDAO), the latest decentralized community formed to purchase real-world items—just as ConstitutionDAO attempted for a copy of the U.S. Constitution and Krause House aims to do for an NBA team.

DuneDAO was co-founded by Soban Saqib, who goes by “Soby,” along with a friend to raise money and bid on storyboards for the planned (but never filmed) 1970s film adaptation of Frank Herbert’s novel “Dune.” Though the $750,000 in Ethereum they raised via community funding site Juicebox was far more than Christie’s estimated value of €25,000-35,000, it was far below what was needed to win the auction last week. More than that, it was in the wrong type of currency—the auction’s seller wasn’t accepting Ethereum.

Watching the drama unfold, Soby put down his own cash—€2,660,000 ($3,010,750), not including fees—to avoid the fate of the unsuccessful ConstitutionDAO, which raised $45 million but decided the auction fees and storage costs of the centuries-old constitution would be too costly.

“No one wants to fail, no one wants to raise all this money and not win, so I did it,” he told Decrypt. Soby added he was a little worried about bidding that much money but knew the community would support him.

Ever since, he says he’s been looking for a way to transfer the Dune Bible to the DAO, the idea being for it to effectively reimburse him. Soby told Decrypt he’s unsure how much his own investment in the manuscript will total when all is said and done; the cash bid has complicated things.

«

It’s just astonishing how stupid these people are. Do they own any copyright in the book? No. Can they do anything with the contents of the book? Only what copyright allows. They’re in alternative realities.
unique link to this extract


Coronavirus: game over • Tomas Pueyo

Pueyo is the non-biologist who appeared on Channel 4 News at the start of the pandemic rolling his eyes at the “herd immunity” plan of the British advisor, and was subsequently proved right on everything – our inability to understand exponential growth, how herd immunity was a bad idea (then), and so on:

»

In Coronavirus: Why You Must Act Now, I sounded the alarm on COVID.
In Coronavirus: The Hammer and the Dance, I explained what we had to do about it.

Today, in Coronavirus: Game Over, I’d like to explain why this means the end of the pandemic phase, and the beginning of the end(emic) phase.

On the 10th of March 2020, the world had not realized what was coming. It was important to share how what had happened to Italy and Iran was going to happen everywhere else if they didn’t shut down their countries. That proved to be true.

One week later, when I published The Hammer and the Dance, I explained why we needed to apply shutdowns: to buy ourselves time, so we could

• Prepare the healthcare system
• Learn to do testing and tracing
• Produce masks we needed at scale (and other things, like ventilators)
• Understand the virus
• Understand the cost-benefits of tackling it
• Find treatments
• Get vaccines
• Check, check, check, check, check, check, check.

After the Omicron wave, we’ll be in a world where most people will have some sort of immunity, either through natural infections, vaccines, or both. We now know how to get vaccines fast (we should approve them faster for new variants), and we have treatments too. The value of time for learning has dropped: we know most of what we need to know about it. So the benefits of social measures to stop COVID are much lower.

«

Basically, good news, at least according to Pueyo, who I personally rate as a smart person.
unique link to this extract


US airline officials warn of ‘catastrophic’ crisis in aviation with new 5G service • The Guardian

Edward Helmore and agencies:

»

“Unless our major hubs are cleared to fly, the vast majority of the traveling and shipping public will essentially be grounded,” the letter, signed by the chief executives of American Airlines, Delta Air Lines, United Airlines, Southwest Airlines and Jet Blue, as well as freight and parcel carriers UPS and FedEx, said.

They warned new C-Band 5G technology could interfere with critical airplane instruments such as radio altimeters – which judge the distance from the ground to the bottom of the flying vessel – and have an impact on low-visibility operations.

“This means that on a day like yesterday, more than 1,100 flights and 100,000 passengers would be subjected to cancellations, diversions or delays,” the letter cautioned, adding a call for urgent action to be taken.

“To be blunt, the nation’s commerce will grind to a halt,” the executives said.

Airlines for America, the lobbying group that organized the letter, and government agencies were not immediately available for comment.

In a letter dated 4 January, the group thanked Buttigieg, Dickson and Deese for “reaching the agreement with AT&T and Verizon to delay their planned 5G C-band deployment around certain airports for two weeks and to commit to the proposed mitigations”.

“Safety is and always will be the top priority of US airlines,” it said. “We will continue to work with all stakeholders to help ensure that new 5G service can coexist with aviation safely.”

«

I recall airlines being terrified about Wi-Fi. Then Bluetooth. (Maybe both at once.) And also mobile phones. And 3G. And 4G. Look, I’m not saying that the cry wolf over every mobile network innovation, but I’m struggling to think of one where they said “this is absolutely fine, go ahead.” (Maybe UWB?)
unique link to this extract


Crypto.com suspends withdrawals after ‘unauthorized activity’ • Bloomberg via LA Times

Emily Nicolle:

»

Several users had reported on social media that their cryptocurrencies, at times equating to tens of thousands of dollars, had disappeared from their Crypto.com accounts in recent days. A spokesperson from Crypto.com didn’t respond to a request for comment.

Technical issues on crypto trading platforms have become commonplace as the hype surrounding digital assets grows. Providers such as Coinbase, Binance and Kraken have all suffered widespread outages at times of peak demand in the last year, causing trouble for investors who were prevented from making withdrawals or liquidating their positions amid volatile trading periods.

Crypto.com has more than 10 million customers and is one of the most prominent platforms in the US, having recently secured naming rights to take over from Staples as the title sponsor of the Los Angeles sports center. The $700-million deal accompanied a major marketing push starring Crypto.com investor and Hollywood actor Matt Damon.

Crypto influencer and podcast host Ben Baller said in a tweet on Monday that around 4.28 Ether, which equates to roughly $14,000, had been “stolen out of nowhere” from his account, a move that would have required a potential hacker to surpass two-factor authentication security measures.

«

People having money hacked from their accounts?? Must be a day ending with a “y”.
unique link to this extract


Citation needed? Wikipedia bibliometrics during the first wave of the COVID-19 pandemic • BiorXriv

Benjakob, Aviram and Sobel (Israel-based academics) did an academic study into Wikipedia during the pandemic:

»

Investigating if and how Wikipedia remained up to date and in line with science is key to formulating strategies to counter misinformation. Using citation analyses, we asked: which sources informed Wikipedia’s COVID-19-related articles before and during the pandemic’s first wave (January-May 2020).

Results: We found that coronavirus-related articles referenced trusted media sources and high-quality academic research. Moreover, despite a surge in COVID-19 preprints, Wikipedia had a clear preference for open-access studies published in respected journals and made little use of preprints.

Building a timeline of English COVID-19 articles from 2001-2020 revealed a nuanced tradeoff between quality and timeliness. It further showed how preexisting articles on key topics related to the virus created a framework for integrating new knowledge. Supported by a rigid sourcing policy, this “scientific infrastructure” facilitated contextualization and regulated the influx of new information. Lastly, we constructed a network of DOI-Wikipedia articles, which showed the shifting landscape of pandemic-related knowledge on Wikipedia and how academic citations create a web of shared knowledge supporting topics like COVID-19 vaccine development.

Conclusions: Understanding how scientific research interacts with the digital knowledge-sphere during the pandemic provides insight into how Wikipedia can facilitate access to science. It also reveals how, aided by what we term its “citizen encyclopedists”, it successfully fended off COVID-19 disinformation and how this unique model may be deployed in other contexts.

«

Wikipedia’s ability to resist any sort of partisan capture in general is remarkable. It’s been attacked again and again, but in general it self-corrects. And that’s always a cause for relief.
unique link to this extract


July 2013: Bitcoin: man charged over alleged multimillion-dollar Ponzi fraud • The Guardian

Nearly nine years ago I wrote about a ripoff preying on the credulous:

»

The digital currency Bitcoin may have its own Bernie Madoff. An investment scheme promising a 7% weekly return was in fact a fraudulent “Ponzi” scheme, in which a Texas man used new investors’ money to pay interest to existing ones, according to charges filed by the US Securities and Exchange Commission.

Trendon T Shavers, from KcKinney in Texas, was the founder and operator of “Bitcoin Savings and Trust” (BTCST), allegedly raised a total of 700,000 Bitcoins in 2011 and 2012 – then worth about $4.5m – for his scheme, claiming that he made his profits on market arbitrage.

Using online handles such as “Pirate” and “pirateat40”, Shavers sold “investments” to people around the US. He claimed that “I have yet to come close to taking a loss on any deal” and that the “risk is almost 0” when challenged. He also said that he couldn’t reveal his investment strategy: “If I told you, then I couldn’t do what I do,” he once wrote.

«

Shavers subsequently got 18 months’ prison time. I bet he’s looking at all the NFTs and junkcoins and seeing an opportunity. It’s hardly as if the number of credulous dolts has gone down. Quite the opposite.
unique link to this extract


Social unrest stirred up by social media postings? It’s still a problem. Social Warming, my latest book, explains why, and what we – and governments – can do about it.


You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

1 thought on “Start Up No.1716: Safari’s privacy leak, UK to subsidise energy suppliers?, the wrath of Cummings, the end of Covid, and more

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.