In Germany, Wirecard seemed to be a huge success story – but there was a huge hole behind the facade. CC-licensed photo by Web Summit on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

The Overspill is going on a break for two weeks. See you next time on Monday 20 March.

It’s Friday, so there’s another post due at the Social Warming Substack at about 0845 UK time. It’s about Scott Adams.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. On Mastodon: https://newsie.social/@charlesarthur. Observations and links welcome.

We found 28,000 apps sending TikTok data. Banning the app won’t help • Gizmodo

Thomas Germain:

»

Joe Biden gave federal agencies 30 days to remove TikTok from government devices earlier this week. Until now, most politicians intent on punishing TikTok have focused solely on banning the app itself, but, according to a memo reviewed by Reuters, federal agencies must also “prohibit internet traffic from reaching the company.” That’s a lot more complicated than it sounds. Gizmodo has learned that tens of thousands of apps—many which may already be installed on federal employees’ work phones—use code that sends data to TikTok.

Some 28,251 apps use TikTok’s software development kits, (SDKs), tools which integrates apps with TikTok’s systems—and send TikTok user data—for functions like ads within TikTok, logging in, and sharing videos from the app. That’s according to a search conducted by Gizmodo and corroborated by AppFigures, an analytics company. But apps aren’t TikTok’s only source of data. There are TikTok trackers spread across even more websites. The type of data sharing TikTok is doing is just as common on other parts of the internet.

The apps using the TikTok SDK include popular games like Mobile Legends: Bang Bang, Trivia Crack, and Fruit Ninja, photo editors like VSCO and Canva, lesser-known dating apps, weather apps, WiFi utilities, and a wide variety of other apps in nearly every category. The developers for the apps listed above did not immediately respond to a request for comment.

“A simple ban on the TikTok app itself is not going to stop data flowing to TikTok,” said Daniel Kahn Gillmor, a senior staff technologist at the American Civil Liberties Union. “TikTok has software in other places, not to mention TikTok trackers spread across other parts of the web. I don’t have a TikTok account, but there are still plenty of ways the company can get data about me.”

«

unique link to this extract

Tweetbot and Twitterrific users can support the developers by declining subscription refunds • MacRumors

Juli Clover:

»

Tweetbot and Twitterrific, two of the most used Twitter clients, had subscription offerings and thousands of customers that paid for subscriptions on a yearly basis. With the apps unable to function, pro-rated refunds are set to be automatically issued to subscribers next month, which will heavily impact businesses that had no warning their income stream would be cut off.

Those refunds are going to be paid largely by Tweetbot and Twitterific rather than Apple. As John Gruber points out on Daring Fireball, this is akin to a person getting fired and then having to pay back their last six months of salary. It is a significant financial blow to app developers put out of business by Twitter’s snap decision.

Tweetbot and Twitterrific have teamed up to offer multiple options to customers who are due refunds, and customers who want to help need to do the following:

• Open Tweetbot or Twitterrific (or redownload the apps if they’ve been deleted and open them).
• Choose the “I don’t need a refund button.” Alternatively, for Tweetbot, choose to transfer the subscription over to the new Ivory app for Mastodon.

Because refunds are being issued automatically, Tweetbot and Twitterrific customers who have been happy with their service and want to help the developers out will have to manually opt out using this method.

«

Please do this if you subscribed to either app.
unique link to this extract

Honestly, it’s probably the phones • Noahpinion

Noah Smith on the argument about teen unhappiness in the US:

»

The first reason smartphones should be our prior is that the timing just lines up really well. The smartphone was invented in 2007, but it didn’t really become commonplace until the 2010s, exactly when teen happiness fell off a cliff.

Younger Americans adopted the technology more quickly than older ones; 2010-11 seems to have been an especially important moment. And of course the “killer app” for smartphones was social media. When you had to go to a computer to check Facebook or Twitter, you could only experience it intermittently; now, with a smartphone in your pocket and notifications enabled, you were on every app all the time.

Why would that make us unhappy? There’s an obvious reason: social isolation.

Pretty much everyone knows that social isolation makes people less happy, and research strongly backs this up. It’s known to be a suicide risk. The worst punishment in a prison is solitary confinement, which some view as a form of torture. In case you doubt that the relationship between social isolation and unhappiness is causal, you should recall that we recently ran a gigantic natural experiment on much of society in the form of Covid, and the results were clearly negative.

But why would devices that make people more connected lead to social isolation? Isn’t that backwards? Doesn’t having access to all of their friends and acquaintances at all times via a device in their pockets mean that kids are less isolated than before?

Well, no. As the natural experiment of the pandemic demonstrated, physical interaction is important. Text is a highly attenuated medium — it’s slow and cumbersome, and an ocean of nuance and tone and emotion is lost. Even video chat is a highly incomplete substitute for physical interaction. A phone doesn’t allow you to experience the nearby physical presence of another living, breathing body — something that we spent untold eons evolving to be accustomed to. And of course that’s even before mentioning activities like sex that are far better when physical contact is involved.

«

More and more I think I should publish my missing chapter about exactly this chapter as an Amazon Kindle special. (Advice welcomed.)

unique link to this extract

How the biggest fraud in German history unravelled • The New Yorker

Ben Taub:

»

on June 18, 2020, [fintech company] Wirecard announced that nearly two billion euros was missing from the company’s accounts. The sum amounted to all the profits that Wirecard had ever reported as a public company. There were only two possibilities: the money had been stolen, or it had never existed.

The Wirecard board placed [Austrian bank executive and COO of Wirecard, Jan] Marsalek on temporary leave. The missing funds had supposedly been parked in two banks in the Philippines, and Wirecard’s Asia operations were under Marsalek’s purview. Before leaving the office that day, he told people that he was going to Manila, to track down the money.

That night, Marsalek met a friend, Martin Weiss, for pizza in Munich. Until recently, Weiss had served as the head of operations for Austria’s intelligence agency; now he trafficked in information at the intersection of politics, finance, and crime. Weiss called a far-right former Austrian parliamentarian and asked him to arrange a private jet for Marsalek, leaving from a small airfield near Vienna. The next day, another former Austrian intelligence officer allegedly drove Marsalek some two hundred and fifty miles east. Marsalek arrived at the Bad Vöslau airfield just before 8 p.m. He carried only hand luggage, paid the pilots nearly eight thousand euros in cash, and declined to take a receipt.

Philippine immigration records show that Jan Marsalek entered the country four days later, on June 23rd. But, like almost everything about Wirecard, the records had been faked. Although Austrians generally aren’t allowed dual citizenship, Marsalek held at least eight passports, including diplomatic cover from the tiny Caribbean nation of Grenada. His departure from Bad Vöslau is the last instance in which he is known to have used his real name.

The rise of Wirecard did not occur in a vacuum. Rather, it reflected a convergence of factors that made the past half decade “the golden age of fraud,” as the hedge-fund manager Jim Chanos has put it.

«

This is the very wildest tale, involving spying on journalists that goes miles beyond the pale.
unique link to this extract

Snapchat releases ‘My AI’ chatbot powered by ChatGPT • The Verge

Alex Heath:

»

Named “My AI,” Snapchat’s bot will be pinned to the app’s chat tab above conversations with friends. While initially only available for $3.99 a month Snapchat Plus subscribers, the goal is to eventually make the bot available to all of Snapchat’s 750 million monthly users, Spiegel tells The Verge.

“The big idea is that in addition to talking to our friends and family every day, we’re going to talk to AI every day,” he says. “And this is something we’re well positioned to do as a messaging service.”

At launch, My AI is essentially just a fast mobile-friendly version of ChatGPT inside Snapchat. The main difference is that Snap’s version is more restricted in what it can answer. Snap’s employees have trained it to adhere to the company’s trust and safety guidelines and not give responses that include swearing, violence, sexually explicit content, or opinions about dicey topics like politics. 

It has also been stripped of functionality that has already gotten ChatGPT banned in some schools; I tried getting it to write academic essays about various topics, for example, and it politely declined. Snap plans to keep tuning My AI as more people use it and report inappropriate answers. (I wasn’t able to conjure any in my own testing, though I’m sure others will.)

After trying My AI, it’s clear that Snap doesn’t feel the need to even explain the phenomenon that is ChatGPT, which is a testament to OpenAI building the fastest-growing consumer software product in history. Unlike OpenAI’s own ChatGPT interface, I wasn’t shown any tips or guardrails for interacting with Snap’s My AI. It opens to a blank chat page, waiting for a conversation to start.

«

unique link to this extract

CNET is doing big layoffs just weeks after AI-generated stories came to light • The Verge

Mia Sato:

»

Just weeks after news broke that tech site CNET was quietly using artificial intelligence to produce articles, the company is doing extensive layoffs that include several longtime employees, according to multiple people with knowledge of the situation. The layoffs total around a dozen people, a CNET staffer says, or about 10% of the public masthead.

The layoffs began Thursday morning and were announced internally via email by Red Ventures, the private equity-backed marketing-turned-media company that bought CNET in 2020. In the email, a Red Ventures executive suggested the cuts were made to focus CNET on areas where the site can succeed at bringing in traffic on Google search — a top priority for the company.

…Under Red Ventures, former CNET employees say the venerated publication’s focus increasingly became winning Google searches by prioritizing SEO. On these highly trafficked articles, the company crams in lucrative affiliate marketing ads for things like loans or credit cards, cashing in every time a reader signs up.

In the email, [president of financial services and the CNET group at Red Ventures, Carlos] Angrisano said CNET would focus on consumer technology, home and wellness, energy, broadband, and personal finance — the sections Red Ventures could best monetize, a current staffer says.

“But those sections are shadows of what they once were, particularly home,” the staffer says. “If you want to do that section the right way, you don’t sell off your Smart Home, get rid of its video team and cripple your editorial staff.”

«

Tells you everything that Angrisano is in charge of both financial services and CNET. And which comes first. Only a matter of time before CNET is shut down or sold off again; this situation won’t improve.
unique link to this extract

ChatGPT and Whisper APIs debut, allowing devs to integrate them into apps • Ars Technica

Benj Edwards:

»

On Wednesday, OpenAI announced the availability of developer APIs for its popular ChatGPT and Whisper AI models that will let developers integrate them into their apps. An API (application programming interface) is a set of protocols that allows different computer programs to communicate with each other. In this case, app developers can extend their apps’ abilities with OpenAI technology for an ongoing fee based on usage.

Introduced in late November, ChatGPT generates coherent text in many styles. Whisper, a speech-to-text model that launched in September, can transcribe spoken audio into text.

In particular, demand for a ChatGPT API has been huge, which led to the creation of an unauthorized API late last year that violated OpenAI’s terms of service. Now, OpenAI has introduced its own API offering to meet the demand. Compute for the APIs will happen off-device and in the cloud.

OpenAI calls its new ChatGPT API model “gpt-3.5-turbo,” which supersedes its previous “best” LLM API, “text-davinci-003.” It is priced at $0.002 per 1,000 tokens (about 750 words), which OpenAI says is about 10 times cheaper than its existing GPT-3.5 models. “Through a series of system-wide optimizations, we’ve achieved 90% cost reduction for ChatGPT since December,” writes OpenAI on its API announcement page.

«

That’s quite the price drop, very rapidly.
unique link to this extract

OpenAI rival Aleph Alpha is in talks with investors over major funding • Business Insider

Callum Burroughs:

»

Aleph Alpha, a German generative AI startup, is in talks with investors over a new funding round, Business Insider has learned.

The startup, based in Heidelberg, Germany, is talking to a number of top-tier VC investors over a round that could be as much as $100m, four sources familiar with the matter told Insider.

It comes amid a wave of investor hype in the AI market after US startup OpenAI released ChatGPT, based on its GPT-3.5 language model which was trained on Azure, to the public in November.

Industry rivals quickly saw chatbots’ potential to transform online search, with Microsoft releasing its AI-powered Bing and Google internally testing its version, Bard.

Founded in 2019 by CEO Jonas Andrulis, a former machine-learning engineer at Apple, and Samuel Weinbach, Aleph Alpha researches and develops AI systems with a focus on enterprise customers.

Talks over its raise are thought to be at an early stage with term sheets set to be submitted soon.

«

unique link to this extract

Can publishing survive the oncoming AI storm? • Word Count

Suw Charman-Anderson:

»

It should surprise nobody that there’s now a boom in LLM-created books on Amazon, although its true extent is impossible to measure as there’s no requirement to flag LLM content in book metadata or descriptions, and quite a big incentive not to. Reuters’ Greg Bensinger writes: 

»

Now ChatGPT appears ready to upend the staid book industry as would-be novelists and self-help gurus looking to make a quick buck are turning to the software to help create bot-made e-books and publish them through Amazon’s Kindle Direct Publishing arm. Illustrated children’s books are a favorite for such first-time authors. On YouTube, TikTok and Reddit hundreds of tutorials have spring [sic] up, demonstrating how to make a book in just a few hours. Subjects include get-rich-quick schemes, dieting advice, software coding tips and recipes.

«

Bensinger quotes the Authors Guild’s Mary Rasenberger, who says, “This is something we really need to be worried about, these books will flood the market and a lot of authors are going to be out of work.” Yes. Yes they will. 

Books with small amounts of text are an obvious target – they’re easy to generate on an LLM and it’s easier to keep on top of things like plot and consistency. A children’s picture book only has between 500 and 1000 words, whilst a chapter book for ages 5 to 7 will have around 5,000 to 10,000 words. With a little coaxing, an LLM is perfectly capable of producing this amount of text in a very short space of time. You can then use Dall E, MidJourney and other image creation engines to provide the images. 

These books won’t be good – this LLM-written article on how to write a book in three days using LLMs shows just how bad a whole book of this stuff can be – but that doesn’t matter, as I’ll come on to later. 

Once there’s a strategy for creating 10,000 word chapter books, it’s easy enough to extend that to 15,000 or 20,000 word novellas, at which point LLMs collide head-on with an existing trend.

«

unique link to this extract

Meta’s metaverse: on this evidence, the future is a bleak, cumbersome nightmare • The New European

James Ball:

»

Each time I took the headset off, it turned itself into sleep mode, but each time I went to the laptop for help, it complained I’d left my safe zone, so I spent merry hours reading help pages, running to my safe zone, trying to remember a code that I am then supposed to enter by firing pretend lasers on to a floating virtual keyboard. With each failed attempt, I feel another small piece of my soul slide away, never to return.

The world turns, continental plates drift, years turn into aeons, and eventually I actually enter Horizon Worlds. I even convince it that as an “experienced gamer” I can be trusted to move myself around using a joystick on the controller, rather than teleporting about (recommended to new users). A loading screen showing bright characters, unicorns and more floating atop a serene lake is almost pretty, even if the graphics look like they’re from the PS2 era.

A mini “welcome world” is almost fun. I successfully pick up and throw a paper plane after a mere nine attempts. The next activity, using the controllers to shoot rings in the air, is quite fun too – turning your head to see stuff gets quite immersive.

Of course, immersive cuts both ways. Having turned myself to see where I should head next, I forget that while things with your arms are done by moving your arms, legs are different – legs are the joystick. I reflexively step forwards before realising my error, and trip over my coffee table. Another triumph.

That one is probably my fault, and the “welcome world” was almost momentarily fun. I try to have a better attitude – and then step into the weird, empty world of Horizon Worlds. Whenever I visit, there is almost no one there. I go to a game arcade and anything I try features me, solo, playing a game that would’ve been called dated in 1993.

«

unique link to this extract

Errata, corrigenda and ai no corrida: none notified

The carmaker Ford has filed a patent that could see vehicles with long overdue loans repossess themselves – or just drive to the scrapyard. CC-licensed photo by dave_7dave_7 on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

On Friday, there’s another post due at the Social Warming Substack at about 0845 UK time.

A selection of 10 links for you. Antitrustworthy. I’m @charlesarthur on Twitter. On Mastodon: https://newsie.social/@charlesarthur. Observations and links welcome.

Future Fords could repossess themselves and drive away if you miss payments • The Drive

Peter Holderith:

»

Average car payments have been rising for a while. Although auto loan delinquency rates have been down since the height of the pandemic, Ford applied for a patent to make the repossession process go smoother. For the bank, that is.

The patent document was submitted to the United States Patent Office in August 2021 but it was formally published Feb. 23. It’s titled “Systems and Methods to Repossess a Vehicle.” It describes several ways to make the life of somebody who has missed several car payments harder.

It explicitly says the system, which could be installed on any future vehicle in the automaker’s lineup with a data connection would be capable of “[disabling] a functionality of one or more components of the vehicle.” Everything from the engine to the air conditioning. For vehicles with autonomous or semi-autonomous driving capability, the system could “move the vehicle from a first spot to a second spot that is more convenient for a tow truck to tow the vehicle… move the vehicle from the premises of the owner to a location such as, for example, the premises of the repossession agency,” or, if the lending institution considers the “financial viability of executing a repossession procedure” to be unjustifiable, the vehicle could drive itself to the junkyard.

No other automakers have recently attempted to patent a similar system, and indeed the Ford patent doesn’t reference any other legal document for the sake of clarifying its idea. All of this being said, patent documents, especially applications like this one, do not necessarily represent an automaker’s intent to introduce the described feature, process, or technology to its vehicles. Ford might just be attempting to protect this idea for the sake of doing so. The document does go into a lot of detail as to how such a system might work, though.

«

You can imagine so many ways that this could, and surely will, go wrong.
unique link to this extract

Apple responds to EU’s decision to narrow antitrust case prompted by Spotify • MacRumors

Joe Rossignol:

»

The European Commission on Tuesday announced it has narrowed its antitrust investigation into Apple’s rules for streaming music apps. In a revised Statement of Objections sent to Apple, the Commission said it will no longer challenge Apple’s requirement for apps to use the App Store’s in-app purchase system for digital goods and services. The investigation began in 2019 after Spotify filed an antitrust complaint against Apple.

The investigation will now focus entirely on Apple preventing streaming music apps from informing iPhone and iPad users within the app that lower subscription prices are available when signing up outside of the App Store. Subscriptions can sometimes cost extra when initiated through the App Store compared to directly on an app’s website, as developers look to offset Apple’s 15% to 30% fee on in-app subscriptions.

The Commission’s preliminary view is that Apple’s rules equate to “anti-steering” and “unfair trading conditions,” in breach of EU antitrust law. The Commission added that the rules are “detrimental to users of music streaming services on Apple’s mobile devices” given they may end up paying more and “negatively affect the interests of music streaming app developers by limiting effective consumer choice.”

In a statement shared with MacRumors, an Apple spokesperson said the company is “pleased” that the Commission has narrowed its case

«

As Ben Thompson commented, the Commission seems to have realised that Apple’s going to take its 30% cut from apps that go through any sort of in-app purchase (example: dating apps in Holland), so now it’s going to focus on how Apple prevents apps telling you to just go to their website for a better deal.
unique link to this extract

Tokyo makes solar panels mandatory for new homes built after 2025 • Reuters

Kantaro Komiya:

»

All new houses in Tokyo built by large-scale homebuilders after April 2025 must install solar power panels to cut household carbon emissions, according to a new regulation passed by the Japanese capital’s local assembly on Thursday.

The mandate, the first of its kind for a Japanese municipality, requires about 50 major builders to equip homes of up to 2,000 square metres (21,500 square feet) with renewable energy power sources, mainly solar panels.

Tokyo Governor Yuriko Koike noted last week that just 4% of buildings where solar panels could be installed in the city have them now. The Tokyo Metropolitan Government aims to halve greenhouse gas emissions by 2030 compared with 2000 levels.

«

Why only Tokyo, though?
unique link to this extract

How ‘Bling Empire’ star Kelly Mi Li’s ex-husband Lin Miao pulled off a $130m cell phone scandal • Esquire

Mickey Rapkin:

»

If you had an Internet connection at any point in the aughts, you’ll likely remember a series of pop-up and banner advertisements designed to prey on the lonely and insecure, the gullible, and the vulnerable. These ads appeared all over social media and inside games like FarmVille, and they made bizarre promises. My Luv Crush informed users they had a secret admirer—and it was someone they knew. Text NOW to find out who before the message expires! Another ad promised to reveal a user’s IQ score if they would answer twenty questions like “What color is the ocean?” One promotion offered “Free Justin Bieber Tickets!”

These advertisements might have been annoying, but they appeared to be innocuous. In fact, they were at the center of one of the largest cybercrime rings ever assembled, and its story has been largely untold until now because one of the last perpetrators was only just sentenced after years of testifying against his co-conspirators. The crime: sneaking hard-to-cancel, recurring monthly payments onto cellphone bills, sometimes those of people who never even subscribed. The perpetrators: mostly college-age kids. The implications for the telecom industry, federal regulators, and your phone bill: incalculable.

The idea was pioneered by a Chinese immigrant named Lin Miao. Miao was brought to Salt Lake City at age 12 with no winter coat. He built his first computer with spare parts he found at garage sales. Then, in college, he co-founded an online advertising network that would eventually be valued at $130 million.

His story appeared in one of those Chicken Soup for the Soul books devoted to “extraordinary teens.”

With his success came private jets to Las Vegas, $400,000 monthly credit-card bills, and sugar babies—so many sugar babies. That all vanished in 2015, when a team of FBI agents greeted Miao as he got off a plane at LAX and arrested him on charges of wire fraud and money laundering. While he has testified in court, he has not spoken publicly about his crimes until now.

«

In a sense, he himself was conned by the whole ringtone business – which gave him a piece of the riches that the carriers were juicing from unsuspecting users 20 years ago. Except he got the threat of jail time.
unique link to this extract

COVID-19 pandemic ‘most likely’ started in Wuhan lab, FBI Director Christopher Wray says • USA Today via Yahoo

Candy Woodall:

»

 The COVID-19 pandemic “most likely” started after a Wuhan laboratory leak in China, FBI Director Christopher Wray said Tuesday.

He publicly confirmed the bureau’s assessment of the lab leak theory for the first time during an interview with Fox News.

“The FBI has for quite some time now assessed that the origins of the pandemic are most likely a potential lab incident in Wuhan,” Wray said. “Here you are talking about a potential leak from a Chinese government-controlled lab.”

Since the first case of COVID in the U.S. in January 2020, the Chinese government has tried to “thwart and obfuscate” investigations into the origin of the pandemic, Wray said.

The Wall Street Journal and CNN previously reported that the FBI had “moderate confidence” in the lab leak theory in 2021, a year after COVID-19 reached the U.S.

Wray’s admission marks the second government agency to publicly back the lab leak theory. The Department of Energy also has backed the assessment  that COVID began in a lab, but has labeled it with its “low confidence” rating. .

Other intelligence agencies are split or undecided on the origin, with some having “low confidence” that COVID-19 began naturally when the virus transmitted from an animal to a human.

However, all intelligence agencies agree COVID-19 wasn’t the result of biological warfare, according to the Wall Street Journal.

«

Ugh. OK, let’s do this. Two competing hypotheses: lab leak, or natural origin. Every other novel zoonosis (animal-human disease transmission) we’ve ever seen has come from natural origins, including the first SARS, which was finally traced to a bat cave in Yunnan, hundreds of miles away from where the first human case was observed, via another animal intermediary (civets).

This doesn’t make a lab leak impossible. It leaves it as a possibility. But without very clear evidence, which needs to be shared 🙄, it’s irresponsible of the FBI to say that it’s “most likely”. We don’t know, and quite possibly won’t ever know. But some people hate not knowing. They simply cannot bear saying “we don’t know, and perhaps never will.”
unique link to this extract

Twitter back after two-hour outage affected tweets • BBC News

»

Thousands of people around the world were unable to use Twitter for two hours on Wednesday after the social network suffered another outage.

The Following and For you feeds – which display tweets on the platform’s homepage – instead carried a notice reading “Welcome to Twitter”. 

The outage-tracking site DownDetector reported the issues at 10:00 GMT, but they appeared to be resolved by 12:00.

It came after Twitter reportedly laid off 200 staff members on Monday.

More than 5,000 people in the UK alone reported problems to DownDetector within half an hour of the fault appearing, with many more affected worldwide.

The For you feed, a collection of tweets from people similar to those they follow, seemed to be reinstated just an hour after the initial issue emerged, but the Following feed, which collects tweets from people who users are following on Twitter, took longer to be fixed.

The site’s search tool is also working again, after it briefly stopped displaying any tweets in the Latest tab.

…Alp Toker, director of internet outage tracker NetBlocks, said Twitter’s reliability issues have increased under Mr Musk’s tenure as CEO.

“It started shortly before the Musk takeover itself,” he said, but added: “The main spike has happened after the takeover, with four to five incidents in a month – which was comparable to what used to happen in a year.”

«

The campaign to Save The Fail Whale is succeeding.
unique link to this extract

TikTok will limit teens to 60 minutes of screen time a day • The Verge

Jess Weatherbed:

»

TikTok has announced a batch of new features intended to reduce screen time and improve the well-being of its younger users.

In the coming weeks, a daily screen time limit of 60 minutes will be automatically applied to every TikTok user under 18 years old. Teens that hit this limit will be asked to enter a passcode to continue watching. They can disable the feature entirely, but if they do so and spend more than 100 minutes on TikTok a day, they’ll be asked to set a new limit.

TikTok claims these prompts increased the use of its screen time management tools by 234% during the feature’s first month of testing. Teens will also be sent an inbox notification each week that recaps their screen time, allowing younger users to be aware of how much time they spend on the app and requiring that they make active decisions to extend the recommended screen time.

TikTok says it consulted current academic research and experts from the Digital Wellness Lab at Boston Children’s Hospital when deciding how long the time restriction should be.

“While there’s no collectively-endorsed position on how much screen time is ‘too much’, or even the impact of screen time more broadly, we recognise that teens typically require extra support as they start to explore the online world independently,” said Cormac Keenan, Head of Trust and Safety at TikTok, in a statement.

«

Though it’s not as if they’re being asked to write an essay or solve a differential equation to do this, are they? It’s not going to prevent the most determined, and they’re the ones who actually do need some sort of intervention. Sure, they consulted on “how long”, but not, apparently, on how to deter.
unique link to this extract

Microsoft’s implementation of Bing Chat AI on Windows 11 is complete trash • Windows Central

Zac Bowden:

»

Yesterday, Microsoft made a big hubbub about a new Windows 11 update that allegedly puts AI at the forefront of the Windows experience, via a “typable” search box that’s now found on the Taskbar by default. The company is headlining the update with this functionality, but the actual “feature” is nothing more than an advertisement for Bing.com.

Reading the Microsoft announcement for this new Windows 11 feature update, you’d be led to believe that Windows 11’s search experience is now powered by AI. But it isn’t. There’s no AI in Windows Search. Microsoft’s clever Bing Chat AI isn’t even integrated with any shell interface you might see within Windows. 

No, what Microsoft announced yesterday is the ability to quickly launch Bing.com’s new chat bot, without having to manually type “bing.com” into an address bar first. That’s literally all that this is. The Windows Search landing page now has a banner for Bing.com, and two suggested chat prompts that it recommends you try to get a feel for how Bing Chat works.

Clicking on any of the buttons and links related to Bing Chat will take you out of Windows Search and into Microsoft Edge, where you can continue using Bing Chat if you please. At no point is Windows doing anything AI related, because Microsoft hasn’t actually added AI to search on Windows 11 with this latest feature drop.

«

Oh well – if you can get enough people to believe it, then it must be true, right?
unique link to this extract

Revolut’s auditor warns 2021 revenues ‘may be materially misstated’ • Financial Times

Siddharth Venkataramakrishnan and Michael O’Dwyer:

»

Revolut’s auditor warned that the design of the fintech’s IT systems meant there was a risk that the bulk of its 2021 revenues were materially misstated even as it turned a profit for the first time that year.

The crypto boom helped Revolut report on Wednesday a net profit of £26mn in 2021 compared with a £223mn loss the previous year. Revenues in 2021 almost tripled to £636mn.

But the group’s auditor, BDO, issued a qualified opinion on Revolut’s overdue accounts because it had been unable to fully verify £477mn of revenues — including its foreign exchange and wealth department, which includes crypto.

Auditors said in their report into the accounts that they had been “unable to satisfy ourselves as to the completeness” of these revenues, meaning that references to the company’s revenues “may be materially misstated”.

Revolut has evolved from a low-fee money transfer service to offer bank accounts across Europe through its Lithuanian banking licence. It is also registered as an e-money institution in the UK. A funding round in the summer of 2021 valued the group at $33bn and ensured it did not have to return to the market as tech valuations crumbled last year.

Approximately a third of its revenues in 2021 came from its cryptocurrency trading business, Revolut said. The fintech first made a move into crypto in 2017, ahead of most of its rivals.

…Revolut was required to submit accounts for the year ending December 2021 to Companies House in September 2022. The fintech was then given an extension until the end of December — a deadline it had also failed to meet.

«

Smoke sighted, now seeking the fire.
unique link to this extract

Some personal user experiences • Vitalik Buterin

Buterin, in case you didn’t know, is the founder of Ethereum, the second-biggest cryptocurrency, behind bitcoin:

»

In 2013, I went to a sushi restaurant beside the Internet Archive in San Francisco, because I had heard that it accepted bitcoin for payments and I wanted to try it out. When it came time to pay the bill, I asked to pay in BTC. I scanned the QR code, and clicked “send”. To my surprise, the transaction did not go through; it appeared to have been sent, but the restaurant was not receiving it. I tried again, still no luck. I soon figured out that the problem was that my mobile internet was not working well at the time. I had to walk over 50 meters toward the Internet Archive nearby to access its wifi, which finally allowed me to send the transaction.

Lesson learned: internet is not 100% reliable, and customer internet is less reliable than merchant internet. We need in-person payment systems to have some functionality (NFC, customer shows a QR code, whatever) to allow customers to transfer their transaction data directly to the merchant if that’s the best way to get it broadcasted.

«

In the ten years since, do you think it’s got easier to do everyday transactions? He’s got some experiences to tell you about.
unique link to this extract

Errata, corrigenda and ai no corrida: The fatality rate for human drivers – including drunk drivers – is 1 per 100 million miles driven, at least in the US. Thanks Ken T for the update. Puts the Waymo data (1 fatality in 1 million miles) into perspective.

With a million miles under their wheels, Waymo’s cars have been involved in just two crashes. CC-licensed photo by zombieitezombieite on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

There’s another post coming this week at the Social Warming Substack on Friday at about 0845 UK time. Free signup.

A selection of 9 links for you. Use them wisely. I’m @charlesarthur on Twitter. On Mastodon: https://newsie.social/@charlesarthur. Observations and links welcome.

COVID-19 app saved estimated 10,000 lives in its first year, research finds • University of Oxford

»

A team of experts at the Pandemic Sciences Institute at the University of Oxford and Department of Statistics at the University of Warwick estimate the NHS COVID-19 app prevented around 1 million cases, 44,000 hospitalizations and 9,600 deaths during its first year.

The new research, published in Nature Communications, is the most comprehensive evaluation of the NHS COVID-19 contact tracing app to date.

Researchers analyzed the NHS COVID-19 app in England and Wales in the first year of its use—September 2020 to September 2021. They found that the app played an important role in reducing transmission of COVID-19 in England and Wales. The app experienced high user engagement, identified infectious contacts well, and helped to prevent significant numbers of cases, hospitalizations and deaths.

Professor Christophe Fraser, principal investigator at the Pandemic Sciences Institute at the University of Oxford’s Nuffield Department of Medicine and the paper’s senior author said, “Many of us will remember being ‘pinged’ by the NHS COVID-19 app at the height of the pandemic, and the impact that self-isolating had on our daily lives.”

“Our research shows that the NHS COVID-19 app worked, and it worked well. Through our analysis we estimate the app saved almost 10,000 lives in its first year alone.”

«

Not as many as the vaccines, but for a purely electronic system, which was introduced before the vaccines, impressive.
unique link to this extract

Hackers claim they breached T-Mobile more than 100 times in 2022 • Krebs on Security

Brian Krebs:

»

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

The conclusions above are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors that have been identified by security researchers as particularly active in and effective at “SIM-swapping,” which involves temporarily seizing control over a target’s mobile phone number.

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number.

All three SIM-swapping entities that were tracked for this story remain active in 2023, and they all conduct business in open channels on the instant messaging platform Telegram. KrebsOnSecurity is not naming those channels or groups here because they will simply migrate to more private servers if exposed publicly, and for now those servers remain a useful source of intelligence about their activities.

Each advertises their claimed access to T-Mobile systems in a similar way. At a minimum, every SIM-swapping opportunity is announced with a brief “Tmobile up!” or “Tmo up!” message to channel participants. Other information in the announcements includes the price for a single SIM-swap request, and the handle of the person who takes the payment and information about the targeted subscriber.

«

Which is why you don’t really want to do any authorisation through SMS. None at all.
unique link to this extract

A basic iPhone feature helps criminals steal your entire digital life • WSJ

Joanna Stern and Nicole Nguyen:

»

In the early hours of Thanksgiving weekend, Reyhan Ayas was leaving a bar in Midtown Manhattan when a man she had just met snatched her iPhone 13 Pro Max.

Within a few minutes, the 31-year-old, a senior economist at a workforce intelligence startup, could no longer get into her Apple account and all the stuff attached to it, including photos, contacts and notes. Over the next 24 hours, she said, about $10,000 vanished from her bank account.

Similar stories are piling up in police stations around the country. Using a remarkably low-tech trick, thieves watch iPhone owners tap their passcodes, then steal their targets’ phones—and their digital lives.

The thieves are exploiting a simple vulnerability in the software design of over one billion iPhones active globally. It centers on the passcode, the short string of numbers that grants access to a device; and passwords, generally longer alphanumeric combinations that serve as the logins for different accounts.

With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner’s Apple ID. This would lock the victim out of their account, which includes anything stored in iCloud. The thief can also often loot the phone’s financial apps since the passcode can unlock access to all the device’s stored passwords.

“Once you get into the phone, it’s like a treasure box,” said Alex Argiro, who investigated a high-profile theft ring as a New York Police Department detective before retiring last fall.

…An examination of the recent spate of thefts reveals a possible gap in Apple’s armor. The company’s defenses are designed around common attack scenarios—the hacker on the internet attempting to use a person’s login credentials, or the thief on the street looking to snatch an iPhone for a quick sale.

They don’t necessarily account for the fog of a late-night bar scene full of young people, where predators befriend their victims and maneuver them into revealing their passcodes. Once thieves possess both passcode and phone, they can exploit a feature Apple intentionally designed as a convenience: allowing forgetful customers to use their passcode to reset the Apple account password.

«

There’s also a discussion of this at Tidbits, with a simple suggestion for how to protect yourself against this. (Android phones have this vulnerability too.)
unique link to this extract

Elon Musk’s Twitter is a disaster for disaster planning • The Atlantic

Juliette Kayyem is faculty chair of the homeland security program at Harvard Kennedy School of Government:

»

Twitter was useful in saving lives during natural disasters and man-made crises. Emergency-management officials have used the platform to relate timely information to the public—when to evacuate during Hurricane Ian, in 2022; when to hide from a gunman during the Michigan State University shootings earlier this month—while simultaneously allowing members of the public to transmit real-time data. The platform didn’t just provide a valuable communications service; it changed the way emergency management functions.

That’s why Musk-era Twitter alarms so many people in my field. The platform has been downgraded in multiple ways: Service is glitchier; efforts to contain misleading information are patchier; the person at the top seems largely dismissive of outside input. But now that the platform has embedded itself so deeply in the disaster-response world, it’s difficult to replace. The rapidly deteriorating situation raises questions about platforms’ obligation to society—questions that prickly tech execs generally don’t want to consider.

…Four days after the company’s API announcement, a massive earthquake hit Turkey and Syria, killing at least 46,000 people. In an enormous geographic area, API data can help narrow down who is saying what, who is stuck where, and where limited supplies should be delivered first. Amid complaints about what abandoning free API access would mean in that crisis, Twitter postponed the restriction. Still, its long-term intentions are uncertain, and some public-spirited deployments of the API by outside researchers—such as a ProPublica bot tracking politicians’ deleted tweets—appear to be breaking down.

Meanwhile, Musk’s policy of offering “verified” status to all paying customers is making information on the platform less dependable. Twitter’s blue checks originally signified that the company had made some effort to verify an account owner’s identity. Soon after Musk made them available to Twitter Blue subscribers, an enterprising jokester bought a handle impersonating the National Weather Service.

«

unique link to this extract

Waymo’s driverless cars were involved in two crashes and 18 ‘minor contact events’ over 1 million miles • The Verge

Andrew Hawkins:

»

Waymo announced recently that its fully driverless vehicles in California and Arizona have traveled 1 million miles as of January 2023. To recognize this milestone, the Alphabet-owned company pulled back the curtain on some interesting statistics, including the number of crashes and vehicle collisions that involved its robot cars.

Waymo operates a fleet of driverless cars in Phoenix, San Francisco, and the Bay Area. Some of those trips include paying customers. The company also recently started testing its driverless vehicles in Los Angeles.

Over that 1 million miles, Waymo’s vehicles were involved in only two crashes that met the criteria for inclusion in the National Highway Traffic Safety Administration’s database for car crashes, called the Crash Investigation Sampling System (CISS). In general, these are crashes that were reported to the police and involved at least one vehicle being towed away. Of the two crashes that met the criteria, Waymo says its vehicle was rear-ended by another vehicle whose driver was looking at their phone while approaching a red light.

…Waymo says 10 of 18 of these minor contact events involved another driver colliding with a stationary Waymo vehicle, and two occurred at night. None of the events took place at intersections, where most vehicle crashes occur, nor did any involve pedestrians, cyclists, or other vulnerable road users.

«

That’s the sort of statistic that any human would be shouting from the rooftops. Although it depends on what sort of roads you’ve been driving on.
unique link to this extract

This model does not exist • Meet Ailice

»

Hey, I’m Ailice 👋

I do not exist, I was created by AI.

I post daily photos of my life on Instagram. Help me pick the photo of the day by upvoting your favorites. Every day, the best one gets posted on my Instagram.

«

Some of the pictures are weird, some are impressive. So many are in strange situations.
unique link to this extract

AI, ChatGPT, and Bing…Oh My. And Sydney too • Learning By Shipping

Steven Sinofsky:

»

Lots of 4-D chess predicting where things will go. Who will win or lose? How much a platform shift is “AI” or not? It’s too soon to know. If PC, phone, cloud, or internet are a guide — wary/pessimists will quickly fall behind because exponential growth is like that.

There are parallels to learn from and help guide us on how technology will evolve. Not the one path, but the sorts of paths that can follow. History rhymes. Why? Because both producers and consumers are humans and humans follow patterns, not precisely though.

First, in the next 6–12 months every product (site/app) that has a free form text field will have an “AI-enhanced” text field. All text entered (spoken) will be embellished, corrected, refined, or “run through” an LLM. Every text box becomes a prompt box.

This is a trivial add for most any product. Some will enhance with more bells & whistles. For example there might be an automatic suggestion (API costs aside) or several specific “query expansions” that take the text and guide the enhancement. Everyone will call the API.

This will be done to call attention to the new feature but also to add more surface area upon which to prove there is some depth to the work beyond just feeding what one types to the LLM.

This reminds me of the mundane example of spell-checking moved from a stand alone feature to integrated into word processing to suites and then 💥 it showed up in the browser. All of a sudden it wasn’t an app feature but every text box had squiggles.

«

Plenty more here, from the guy who saw Windows and Office go from idea to product.
unique link to this extract

The tech tycoon martyrdom charade • Anil Dash

Dash documents an intriguing example of, well, social warming:

»

I’ve been saying this for a few years now, but it’s worth recording here for the record: It’s impossible to overstate the degree to which many big tech CEOs and venture capitalists are being radicalized by living within their own cultural and social bubble. Their level of paranoia and contrived self-victimization is off the charts, and is getting worse now that they increasingly only consume media that they have funded, created by their own acolytes.

In a way, it’s sort of like a “VC Qanon”, and it colors almost everything that some of the most powerful people in the tech industry see and do — and not just in their companies or work, but in culture, politics and society overall. We’re already seeing more and more irrational, extremist decision-making that can only be understood through this lens, because on its own their choices seem increasingly unfathomable.

To be clear, there are still really thoughtful, smart people in positions of leadership in tech as executives, founders or investors, who aren’t participating in this mass delusion, but few of these good actors feel like they have the power to speak out against the rising extremism of the big tycoons. That power is especially coercive since even very established players rely on these newly-extremist figures for funding their companies or for business deals that they are dependent upon. And we know that, once reasonable voices stop speaking, only the most extreme ideas will dominate the conversation.

«

Absolutely classic pattern that will be familiar to anyone who’s read Social Warming: the research by Cass Sunstein about closed groups tending towards an extreme position applies all over. One of the most obvious examples was the targeting of the reporter Taylor Lorenz by VCs for doing her job – a job that they discovered wasn’t so simple.
unique link to this extract

LastPass says employee’s home computer was hacked and corporate vault taken • Ars Technica

Dan Goodin:

»

Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass officials wrote. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”

«

That “vulnerable third-party media software package” was Plex. An amazing chain of hacks to get into the target. But that’s how hackers work. LastPass really doesn’t look very clever now: developers working at home have computers that aren’t locked down?
unique link to this extract

Errata, corrigenda and ai no corrida: none notified