Start Up No.1739: how NSO’s Pegasus was discovered, DeepMind controls fusion reactor, the trouble with AI transcription, and more

Has Covid become like smoking – a personally avoidable cause of illness and death? CC-licensed photo by Susan Jane Golding on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. In search of the missing link? I’m @charlesarthur on Twitter. Observations and links welcome.

How a Saudi woman’s iPhone revealed hacking around the world • Reuters via Yahoo

Joel Schectman and Christopher Bing:


A single activist helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world.

It all started with a software glitch on her iPhone.

An unusual error in NSO’s spyware allowed Saudi women’s rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers.

The discovery on al-Hathloul’s phone last year ignited a storm of legal and government action that has put NSO on the defensive. How the hack was initially uncovered is reported here for the first time.

Al-Hathloul, one of Saudi Arabia’s most prominent activists, is known for helping lead a campaign to end the ban on women drivers in Saudi Arabia. She was released from jail in February 2021 on charges of harming national security.

Soon after her release from jail, the activist received an email from Google warning her that state-backed hackers had tried to penetrate her Gmail account. Fearful that her iPhone had been hacked as well, al-Hathloul contacted the Canadian privacy rights group Citizen Lab and asked them to probe her device for evidence, three people close to al-Hathloul told Reuters.

After six months of digging through her iPhone records, Citizen Lab researcher Bill Marczak made what he described as an unprecedented discovery: a malfunction in the surveillance software implanted on her phone had left a copy of the malicious image file, rather than deleting itself, after stealing the messages of its target.


Again, the NSO Group’s work is – viewed without context – amazing. But the uses made of it are depressing.
unique link to this extract

Latest success from Google’s AI group: controlling a fusion reactor • Ars Technica

John Timmer:


Since setting the AI loose on actual hardware during the training process could be a disaster, the team started out with a tokamak simulator specific for the Swiss Plasma Center hardware. This was largely accurate, and they programmed limits into the AI that kept it from directing the plasma into a configuration where the simulator produced inaccurate results. DeepMind then trained a deep-reinforcement-learning program to reach a variety of plasma configurations by letting it control the simulator.

During training, an intervening layer of software provided a reward function that indicated how close the plasma’s properties were to the desired state. Another algorithm, termed a “critic,” learned the expected rewards for various changes to the tokamak’s control magnets. These were used by the actual control neural network to learn which actions it should take.

The critic was elaborate and computationally expensive, but it was only used during the training portion. When training was done, the control algorithm had learned which actions to take to reach a variety of states, and the critic could be discarded.

In order to allow real-time performance, the trained controller was bundled as an executable. The standard control software would be used to activate the tokamak and bring a plasma up to high energies. Once the plasma was stable, it handed off control to the AI.

The resulting software performed pretty much as you would want it to when set loose on actual hardware. The software could control experimental runs that targeted different conditions over time—in one test case, it ramped up the energy, held the plasma steady, then altered the plasma’s geometry, then relocated the plasma within the tokamak before ramping the energy back down. In another, it held two separate plasma structures in the same tokamak simultaneously.


Here’s the Nature paper on the work. Though isn’t the real target to let the AI find entirely new ways to do things, so it surpasses what humans can program directly (as with Go)? You want to trammel it so it doesn’t loose the plasma on the surroundings, but who knows what the right way to control a tokomak really is?
unique link to this extract

COVID is more like smoking than the flu • The Atlantic

Benjamin Mazer:


The pandemic’s greatest source of danger has transformed from a pathogen into a behavior. Choosing not to get vaccinated against COVID is, right now, a modifiable health risk on par with smoking, which kills more than 400,000 people each year in the United States. Andrew Noymer, a public-health professor at UC Irvine, told me that if COVID continues to account for a few hundred thousand American deaths every year—“a realistic worst-case scenario,” he calls it—that would wipe out all of the life-expectancy gains we’ve accrued from the past two decades’ worth of smoking-prevention efforts.

The COVID vaccines are, without exaggeration, among the safest and most effective therapies in all of modern medicine. An unvaccinated adult is an astonishing 68 times more likely to die from COVID than a boosted one. Yet widespread vaccine hesitancy in the United States has caused more than 163,000 preventable deaths and counting. Because too few people are vaccinated, COVID surges still overwhelm hospitals—interfering with routine medical services and leading to thousands of lives lost from other conditions. If everyone who is eligible were triply vaccinated, our health-care system would be functioning normally again. (We do have other methods of protection—antiviral pills and monoclonal antibodies—but these remain in short supply and often fail to make their way to the highest-risk patients.) Countries such as Denmark and Sweden have already declared themselves broken up with COVID. They are confidently doing so not because the virus is no longer circulating or because they’ve achieved mythical herd immunity from natural infection; they’ve simply inoculated enough people.


The US, by contrast, hasn’t, which is quite the example of how political polarisation and wilful refusal to understand things can hold a country back.
unique link to this extract

Mean screens • VideoWeek

Evan Shapiro:


The data shows pretty clearly that the era of “Connected TV Devices” is coming to an end, and the era of “Connected TVs ONLY” has started. Last year the largest growth for streaming content, by far, was on smart TVs, with direct connections to web-based apps. All but one of the connected TV devices lost streaming market share in 2021. Streaming devices, as a whole, lost two percentage points of the streaming share market last year, whereas CTVs as a group increased by 37%.

Yes, Roku includes dongles in their universe of 55 million CTV homes and commands a huge share of the streaming TV market, with 31.8% worldwide, 41% in the US, and 12% growth in 2021. But a good percentage of Roku’s streaming use comes from their Roku-powered TCL CTVs, which do not use the Roku dongle, but rather their operating system inside the TVs. Considering the overall loss of share among the device cohort, we can extrapolate that their increase was weighted heavily towards the CTVs.

Meanwhile, Samsung and LG CTVs saw substantial increases, and Android/Google TV garnered the largest increase at 42%. Consumers are buying new TVs, and each comes out of the box with the most-used apps pre-installed and ready to use. The downside of the inexpensive dongles sold in the last five years is that they are easily forsaken when a new, shiny TV arrives. Considering those 250 million sets sold every year, and the billion to come out by the end of 2025, this shift from dongles and devices to smart TVs and operating system platforms is quite likely not an anomaly, but a trend that will accelerate every month of each year.

Beyond this major development, though, there are some significant signs of major battle fronts in the screen wars. Roku’s partner TCL launched six new Google TVs in August 2021. Additionally, Sony launched a slew of Google TV powered sets last year. Chromecast saw zero% growth in 2021 and has been losing market share steadily for years. It seems quite clear that Alphabet has moved on from their dongle and is now focusing nearly exclusively on their CTV OS. I have spoken to regional CTV makers around the world, who emphatically confirm this strategy, reporting significant deals with Google, and huge increases in TV sales share for Google-powered sets.


unique link to this extract

The unreasonable math of Type 1 diabetes • Maori Geek

Graham Jenson:


In January 2022, our 18 month old son, Sam, was diagnosed with Type 1 Diabetes (T1D). This was stressful, sad, and scary as we spent 5 days in hospital with him while he recovered from Diabetic Keto Acidosis (DKA). Within an hour of him being diagnosed a wonderful diabetes nurse gave us a literal backpack filled with books and information we needed to learn to keep him alive. We started to read and try to understand what it takes to manage T1D. Immediately the massive cognitive overhead it takes to just survive with this condition hit us.

I find the best way to learn something is to try explain it to someone else. This post is me trying to explain the maths involved in managing T1D, with a few small rants about how crap it is.

Insulin is a molecule created by the pancreas that lets glucose from blood enter cells to be used as energy. T1D is an autoimmune disease where the immune system attacks the insulin creating cells until the pancreas stops creating insulin altogether. T1D means you have a faulty pancreas; there is no cure, no diet that fixes it and you don’t grow out of it. It is a lifelong condition that you have to manage 24 hours a day.

Glucose enters the blood when you eat basically anything, but especially carbohydrates. Without insulin glucose will build up in the blood, eventually causing your body to enter a state called Diabetic Keto Acidosis (DKA), then coma, then death. Insulin must be added to lower the amount of glucose in the blood. Too much insulin and your glucose level will go too low and you go Hypoglycaemic (hypo), then coma, then death.

Managing T1D is walking on a knifes edge between DKA and Hypoglycemia by balancing blood glucose levels with insulin.


He illustrates this by explaining how there are different units for all this, and you have to figure it out in a dynamic system where different foods are absorbed at different rates. Maddening. Unless…
unique link to this extract

FDA clears first smartphone app for insulin delivery • The Verge

Nicole Westman:


The Food and Drug Administration cleared a smartphone app from Tandem Diabetes Care to program insulin delivery for its t:slim X2 insulin pump, the company announced Wednesday. It’s the first phone app for both iOS and Android to able to deliver insulin, the company said in a statement. Previously, delivery had to be handled through the pump itself.

With this update, pump users will be able to program or cancel bolus doses of insulin, which are taken at mealtimes and are crucial in keeping blood glucose levels under control. “Giving a meal bolus is now the most common reason a person interacts with their pump, and the ability to do so using a smartphone app offers a convenient and discrete solution,” John Sheridan, president and CEO of Tandem Diabetes Care, said in a statement.

The change could be a big improvement for people who prefer not to have pumps out in pubic settings or attach them to undergarments like bras.


Impressive. Now all that needs to happen is for insulin prices in the US to be reduced.
unique link to this extract

New FBI unit will focus on cryptocurrency exploitation • Decipher


the FBI is forming a new unit dedicated to investigating abuses of cryptocurrencies, and the Department of Justice is launching a new International Virtual Currency Initiative to work with law enforcement, prosecutors, and cryptocurrency platforms to trace ransom payments and develop regulations and anti-money laundering legislation.

The new initiatives mark a further escalation of the U.S. government’s campaign against ransomware groups, which has accelerated quite a bit in the last year. In October, the Justice Department announced the formation of the National Cryptocurrency Enforcement Team (NCET), a group that now comprises 12 attorneys. On Thursday, Deputy Attorney General Lisa Monaco announced that Eun Young Choi, a highly experienced cybersecurity prosecutor, has been appointed the director of the NCET, which will work closely with the new Virtual Asset Exploitation unit at the FBI.

Monaco pointed to the department’s seizure last week of more than $3.6bn in Bitcoin that was stolen during the hack of Bitfinex several years ago as the type of work that the new teams can do.

“We’re focusing our collective efforts on the abuse of cryptocurrencies. A unified effort on things like money laundering requires our combined efforts and multiple eyes from law enforcement on these issues,” Monaco said during a keynote at the Munich Security Conference.

“Given what we did last week, we are sending the clear message that cryptocurrencies should not be considered a safe haven.”


There’s a good thread by Felix Salmon (on one page) about how the $3.6bn seizure was enabled by KYC/AML (know your customer/anti-money laundering) regulations that have been placed around the crypto exchanges which mean you can buy crypto, but selling it for fiat (especially dollars) is a different matter.
unique link to this extract

The EU’s AI rules will likely take over a year to be agreed • AI News

Ryan Daws:


Rules governing the use of artificial intelligence across the EU will likely take over a year to be agreed upon.

Last year, the European Commission drafted AI laws. While the US and China are set to dominate AI development with their vast resources, economic might, and light-touch regulation, European rivals – including the UK and EU members – believe they can lead in ethical standards.

In the draft of the EU regulations, companies that are found guilty of AI misuse face a fine of €30m or 6% of their global turnover (whichever is greater). The risk of such fines has been criticised as driving investments away from Europe.

The EU’s draft AI regulation classifies systems into three risk categories:

• Limited risk – includes systems like chatbots, inventory management, spam filters, and video games
• High risk – includes systems that make vital decisions like evaluating creditworthiness, recruitment, justice administration, and biometric identification in non-public spaces
• Unacceptable risk – includes systems that are manipulative or exploitative, create social scoring, or conduct real-time biometric authentication in public spaces for law enforcement.

Unacceptable risk systems will face a blanket ban from deployment in the EU while limited risk will require minimal oversight.

Organisations deploying high-risk AI systems would be required to have things like:

Human oversight; a risk-management system; record keeping and logging; transparency to users; data governance and management; conformity assessment; government registration.


One year is pretty rapid by EU standards. There’s a huge gap between the “limited” and “high” risk systems there. One wonders what the edge cases will be.
unique link to this extract

My journey down the rabbit hole of every journalist’s favorite app • POLITICO

Phelim Kine on, a fabulous transcription app that saves journalists huge amounts of time transcribing interviews:


“The fact that these AI-powered services exist and can turn a couple hours of audio into a reasonable written transcript often in a matter of minutes is a complete game changer,” Susan McGregor, researcher at Columbia University’s Data Science Institute, said of transcription apps. “These run on machine learning, which means that they expose your data to the algorithm that is both transcribing your text and almost certainly using your text and audio to improve the quality of future transcription.”

Otter and its competitors, which include Descript, Rev, Temi and the U.K.-based Trint, are digital warehouses whose advantages of speed and convenience are bracketed by what experts say can be lax privacy and security protections that may endanger sensitive text and audio data, the identities of reporters and the potentially vulnerable sources they contact.

Trint, Otter, Temi and Rev all claim compliance with all or part of the user data protection and storage standards of the European Union’s flagship data privacy law, the General Data Protection Regulation. But cybersecurity experts say that the sharing of user data with third parties creates privacy and security vulnerabilities.

Otter “shares your personal data with a whole host of people, including mobile advertising tracking providers, so it strikes me that there’s an awful lot of personal data and the potential for leakage of sources for journalists,” said Paul Rosenzweig, former deputy assistant secretary for policy in the Department of Homeland Security, and founder of Red Branch Consulting. “They also quite clearly say that they respond to legal obligation [law enforcement data requests], so any journalist who transcribes an interview with a confidential source and puts it up on Otter has got to live with the possibility that Otter will wind up giving that transcript to the FBI.”


But, as Otter also explained, it might do that for law enforcement in other countries. Caveat transcriptor.
unique link to this extract

• Why do social networks drive us a little mad?
• Why does angry content seem to dominate what we see?
• How much of a role do algorithms play in affecting what we see and do online?
• What can we do about it?
• Did Facebook have any inkling of what was coming in Myanmar in 2016?

Social Warming, my latest book, and find answers – and more.

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.