Start Up No.1768: Facebook’s campaign against TikTok, the interop impossibility, Google snips (some) racy results, ask the idol!, and more

In Arizona, Lake Powell is at a record low due to the worst drought there in 1200 years, creating river and power management problems. CC-licensed photo by Reinhard Link on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Withdrawing, really? I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook paid Republican strategy firm to malign TikTok • The Washington Post

Taylor Lorenz and Drew Harwell:


Facebook parent company Meta is paying one of the biggest Republican consulting firms in the country to orchestrate a nationwide campaign seeking to turn the public against TikTok.

The campaign includes placing op-eds and letters to the editor in major regional news outlets, promoting dubious stories about alleged TikTok trends that actually originated on Facebook, and pushing to draw political reporters and local politicians into helping take down its biggest competitor. These bare-knuckle tactics, long commonplace in the world of politics, have become increasingly noticeable within a tech industry where companies vie for cultural relevance and come at a time when Facebook is under pressure to win back young users.

Employees with the firm, Targeted Victory, worked to undermine TikTok through a nationwide media and lobbying campaign portraying the fast-growing app, owned by the Beijing-based company ByteDance, as a danger to American children and society, according to internal emails shared with The Washington Post.

…One trend Targeted Victory sought to enhance through its work was the “devious licks” challenge, which showed students vandalizing school property. Through the “Bad TikTok Clips” document [a Google doc of “dubious local news stories citing TikTok as the origin of dangerous teen trends”], the firm pushed stories about the “devious licks” challenge in local media across Massachusetts, Michigan, Minnesota, Rhode Island and Washington, D.C.

That trend led Sen. Richard Blumenthal (D-Conn.) to write a letter in September calling on TikTok executives to testify in front of a Senate subcommittee, saying the app had been “repeatedly misused and abused to promote behavior and actions that encourage harmful and destructive acts.” But according to an investigation by Anna Foley at the podcast network Gimlet, rumours of the “devious licks” challenge initially spread on Facebook, not TikTok.


One amazing part of this is the targeting of local papers for stories and letters. As if kids would worry. But of course it’s the parents they’re targeting, who will bother politicians. And demonstrates Facebook’s raging envy of TikTok.
unique link to this extract

Google cuts racy results by 30% for searches like ‘Latina teenager’ • Reuters via Yahoo

Paresh Dave:


When U.S. actress Natalie Morales carried out a Google search for “Latina teen” in 2019, she described in a tweet that all she encountered was pornography.

Her experience may be different now.

The Alphabet Inc unit has cut explicit results by 30% over the past year in searches for “latina teenager” and others related to ethnicity, sexual preference and gender, Tulsee Doshi, head of product for Google’s responsible AI team, told Reuters on Wednesday.

Doshi said Google had rolled out new artificial intelligence software, known as BERT, to better interpret when someone was seeking racy results or more general ones.

Beside “latina teenager,” other queries now showing different results include “la chef lesbienne,” “college dorm room,” “latina yoga instructor” and “lesbienne bus,” according to Google.

“It’s all been a set of over-sexualized results,” Doshi said, adding that those historically suggestive search results were potentially shocking to many users.

Morales did not immediately respond to a request for comment through a representative. Her 2019 tweet said she had been seeking images for a presentation, and had noticed a contrast in results for “teen” by itself, which she described as “all the normal teenager stuff,” and called on Google to investigate.

The search giant has spent years addressing feedback about offensive content in its advertising tools and in results from searches for “hot” and “ceo.” It also cut sexualized results for “Black girls” after a 2013 journal article by author Safiya Noble raised concerns about the harmful representations.


So if she previously encountered all pornography, will she now just have 70% pornography? Of course porn has always been the bugbear of search engines, going back to their very earliest days (yes, before Google, even). Weeding porn out of search results is a colossal part of search engines’ work; in Google’s earliest days, it was pretty much all they did before they could release it to the public.
unique link to this extract

Apple and Meta gave user data to hackers who used forged legal requests • Bloomberg via Yahoo

William Turton:


Apple and Meta Platforms, the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter.

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

Snap received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the UK and the US. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft, Samsung and Nvidia, among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.


Most likely used to hack or doxx their rivals. Impressive that they managed to find the emergency data request blanks, or an already filed one; you’d have to guess those were electronically filed somewhere in Microsoft, Samsung or Nvidia, and they made a convincing copy. But where would you find them? Would you spelunk through a gigantic folder called LEGAL?

Also not in the story: how many people were targeted. Going to guess it’s fewer than 20.
unique link to this extract

Idol Words • Astral Codex Ten

“Scott Alexander” occasionally writes entertaining little short pieces, and this is one of them:


The woman was wearing sunglasses, a visor, a little too much lipstick, and a camera around her neck. “Excuse me,” she asked. “Is this the temple with the three omniscient idols? Where one always tells the truth, one always lies, and one answers randomly?”

The center idol’s eyes glowed red, and it spoke with a voice from everywhere and nowhere, a voice like the whoosh of falling waters or the flash of falling stars.

“No!” the great voice boomed.


It’s a lovely, silly story. What would you ask the three omniscient idols where one always tells the truth, one always lies and one answers randomly? (I think I know which one of the characters – not idols – I am.)
unique link to this extract

Lake Powell plunges past a level that water managers sought to protect • Arizona Central

Brandon Loomis:


Water levels at drought-stricken Lake Powell have dropped below an elevation water managers had fought to protect, dipping past a buffer meant to protect hydropower generation.

For the first time since water rose behind Glen Canyon Dam in the 1960s, the lake’s surface dropped below elevation 3,525 Tuesday, the U.S. Bureau of Reclamation said Wednesday morning. The dam can still produce electricity down to elevation 3,490, but shallower water reduces pressure and the power plant’s capacity, and further declines could damage the turbines.

The new low reflects the continuing dirty work of the region’s worst drought in 1,200 years, one that has deepened into a megadrought, according to scientists. High water demand from both a growing regional population and the effects of a warming climate promise to continue challenging water managers to shore up the Colorado River’s second-largest savings account.

Federal officials have set a goal of keeping the water higher than 3,525 feet above sea level, both for power production and for storage to safeguard Colorado River flows to Lake Mead and downstream users. The water is expected to rebound past that level when snow melts in the Rockies this spring, but Tuesday’s plunge marks one more in a series of troubling firsts — some foreboding and others already costly — for a river in decline.


Not a typo: 1,200 years. A millennium.
unique link to this extract

Interoperability without sacrificing privacy: Matrix and the Digial Markets Act •

Matthew Hodgson, at a company which “is an open standard for interoperable, decentralised, real-time communication over Internet Protocol”, on the DMA mandating interop between messaging clients:


if you were to actively interoperate between providers (e.g. if Matrix turned up and asked WhatsApp, post DMA, to expose an API we could use to write bridges against), then that bridge would need to convert between WhatsApp’s E2EE’d payloads and Matrix’s E2EE’d payloads. (Even though both WhatsApp and Matrix use the Double Ratchet, the actual payloads within the encryption are completely different and would need to be converted). Therefore such a bridge has to re-encrypt the traffic – which means that the plaintext is exposed on the bridge, putting it at risk and breaking the end-to-end encryption guarantee.

There are solutions to this, however:
• We could run the bridge somewhere relatively safe – e.g. the user’s client. There’s a bunch of work going on already in Matrix to run clientside bridges, so that your laptop or phone effectively maintains a connection over to iMessage or WhatsApp or whatever as if it were logged in… but then relays the messages into Matrix once re-encrypted. By decentralising the bridges and spreading them around the internet, you avoid them becoming a single honeypot that bad actors might look to attack: instead it becomes more a question of endpoint compromise (which is already a risk today).
• The gatekeeper could switch to a decentralised end-to-end encrypted protocol like Matrix to preserve end-to-end encryption throughout. This is obviously significant work on the gatekeeper’s side, but we shouldn’t rule it out. For instance, making the transition for a non-encrypted service is impressively little work, as we proved with Gitter. (We’d ideally need to figure out decentralised/federated identity-lookup first though, to avoid switching from one centralised identity database to another).
• Worst case, we could flag to the user that their conversation is insecure (the chat equivalent of a scary TLS certificate warning). Honestly, this is something communication apps (including Matrix-based ones!) should be doing anyway: as a user you should be able to tell what 3rd parties (bots, integrations etc) have been added to a given conversation. Adding this sort of semantic actually opens up a much richer set of communication interactions, by giving the user the flexibility over who to trust with their data, even if it breaks the platonic ideal of pure E2E encryption.


Or you could just use SMS. Alternatively, for security, RCS. Stop trying to justify it; the interop proposal is so terrible that it really, really needs to be junked as soon as possible. The DMA’s failure is that no tech company gets big by overhauling a rival in the exact same space. Google didn’t beat Microsoft in desktop operating systems. Facebook didn’t beat Google in search. TikTok didn’t beat Facebook in connecting people. DeepMind and Shazam ditto. The DMA creates the wrong incentives.

See also: “Forcing WhatsApp and iMessage to work together is doomed to fail” in Wired.
unique link to this extract

‘I can fight with a keyboard’: how one Ukrainian IT specialist exposed a notorious Russian ransomware gang • CNNPolitics

Sean Lyngaas:


As Russian artillery began raining down on his homeland last month, one Ukrainian computer researcher decided to fight back the best way he knew how – by sabotaging one of the most formidable ransomware gangs in Russia.

Four days into Russia’s invasion, the researcher began publishing the biggest leak ever of files and data from Conti, a syndicate of Russian and Eastern Europe cybercriminals wanted by the FBI for conducting attacks on hundreds of US organizations and causing millions of dollars in losses.

The thousands of internal documents and communications include evidence that appears to suggest Conti operatives have contacts within the Russian government, including the FSB intelligence service. That supports a longstanding US allegation that Moscow has colluded with cybercriminals for strategic advantage.

The Ukrainian computer specialist behind the leak spoke exclusively to CNN and described his motivation for seeking revenge after Conti operatives published a statement in support of the Russian government immediately after the invasion of Ukraine. He also described his desperate efforts to track down loved ones in Ukraine in recent weeks.

To protect his identity, CNN agreed to refer to him by a pseudonym: Danylo. “I cannot shoot anything, but I can fight with a keyboard and mouse,” Danylo told CNN.

The trove of data Danylo leaked in late February illustrates why cybersecurity has been such a fraught issue in US-Russia relations. It includes cryptocurrency accounts the Conti hackers used to allegedly reap millions of dollars in ransom payments, their discussions of how to extort US companies and their apparent targeting of a journalist investigating the poisoning of Kremlin critic Alexey Navalny.

But it also shows how hard it can be to disable ransomware operations. Despite Danylo unmasking their operations, the hackers continue to announce new victim organizations.


He also says that FBI got in touch and asked him to stop leaking because the group might abandon its current system and set up a new one. So he did. At least publicly.
unique link to this extract

China plans new restrictions in its booming live-streaming sector • WSJ

Keith Zhai and Liza Lin:


Live-streaming services in China, including those operated by social-media giants ByteDance Ltd., Kuaishou Technology and Huya Inc., are consumed by roughly 70% of the country’s internet users, according to the state-run China Internet Network Information Center, commanding an audience of more than 700 million last year.

Many live-streaming influencers earn commissions on products that they promote, but for many of them a key revenue stream comes in the form of tips and virtual gifts, ranging from the equivalent of 15 cents for a virtual beer to more than $1,100 for a virtual spaceship.

Popular live-streamers are backed by professional marketing teams and can earn tens of thousands of dollars each day in direct donations from fans. The most sought-after live-streaming hosts can earn millions in brand endorsements and sponsorships.

Any attempts to regulate this booming segment of the online world would follow in the footsteps of other efforts to clamp down and clean up behavior on the internet, particularly for younger people.

In the past year, China has cracked down on for-profit education providers, railed against the evils of what it described as a culture of celebrity worship and set strict limits on the amount of time minors can spend playing computer games.

These and other regulatory actions last year hit investor confidence in Chinese stocks, sparking steep selloffs in shares of e-commerce and gaming businesses.

…authorities were discussing a daily limit of 10,000 yuan, equivalent to about $1,570, on the amount of gifts that live-streaming hosts can accept. Chinese regulators worry that young people, drawn by the promise of lucrative earnings, would otherwise aspire to become live-streaming celebrities, the person said, adding that this was counter to the values that officials hoped to instill.


unique link to this extract

Climate groups say a change in coding can reduce bitcoin energy consumption by 99% • The Guardian

Dominic Rushe:


Without a change to the [bitcoin] code, the fundamental problem will remain that bitcoin’s code “incentivises maximum energy use”, said Chris Larsen, founder and executive chairman of crypto company Ripple and a climate activist. “The minute that there is the opportunity to go to something dirty, which is what you are seeing, that is going to happen.”

One “nightmare scenario”, he said, is that the world does get to a renewable future in China, the US and EU but countries rich in fossil fuel switch to bitcoin mining to keep their operations running.

“Imagine the Saudis sitting on all that oil, which has a cost of about ½ cent per kilowatt hour – no renewable can match that,” Larsen said. “Bitcoin mining could be this endless monetization engine for fossil fuels. That would be a nightmare.”

The campaign is launching with digital advertising in the Wall Street Journal, New York Times, Marketwatch, Politico, Facebook and other publications. Organizers are also taking legal action against proposed mining sites and using their large memberships to push bitcoin’s biggest investors and influencers to call for a code change. “In this world, with all these smart people, there has got to be a better solution,” said Larsen.


Ethereum is moving to “proof of stake”, though it always seems to be just slightly in the future. Jam tomorrow, all the time.
unique link to this extract

Farage lined up for €18.5m carbon windfall despite climate scepticism • Financial Times

Jim Pickard and Camilla Hodgson:


Former Brexit champion Nigel Farage is in line to gain up to €18.5m from share options in a carbon offsetting company despite launching a new campaign opposing the government’s “net zero” 2050 target.

Farage, former leader of the UK Independence Party, announced in March 2021 that he had become chair of the advisory board to Dutch Green Business, listed on Euronext Amsterdam.

He was introduced to the company by his friend John Mappin, a pro-Putin heir to a jewellery fortune, scientologist and anti-vaxxer, who together with his wife has a 30% stake in DGB, according to Bloomberg data.

Farage was granted 1mn share options at the general meeting of DGB’s shareholders in September 2021, with a “strike price” — the price he would pay for them — of €1.50.

But that same month his advisory position was put on hold owing to a dispute between the board of directors and Mappin and his wife, Irina Kudrenok-Mappin, over their shareholdings. “At the moment my relationship (with DGB) is in abeyance,” Farage told the FT.


Pity there isn’t a way to earn money by offsetting hypocrisy.
unique link to this extract

• Why do social networks drive us a little mad?
• Why does angry content seem to dominate what we see?
• How much of a role do algorithms play in affecting what we see and do online?
• What can we do about it?
• Did Facebook have any inkling of what was coming in Myanmar in 2016?

Read Social Warming, my latest book, and find answers – and more.

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.