CloudFlare Claims Most Activity from Tor Is Malicious
June 28, 2016
Different sources suggest varying levels of malicious activity on Tor. Tech Insider shared an article responding to recent claims about Tor made by CloudFlare. The article, entitled, Google Search has a secret feature that shouts animal noises at you, offers information about CloudFlare’s perspective and that of the Tor Project. CloudFlare reports most requests from Tor, 94 percent, are “malicious” and the Tor Project has responded by requesting evidence to justify the claim. Those involved in the Tor Project have a hunch the 94 percent figure stems from CloudFlare attributing the label of “malicious” to any IP address that has ever sent spam. The article continues,
“We’re interested in hearing CloudFlare’s explanation of how they arrived at the 94% figure and why they choose to block so much legitimate Tor traffic. While we wait to hear from CloudFlare, here’s what we know: 1) CloudFlare uses an IP reputation system to assign scores to IP addresses that generate malicious traffic. In their blog post, they mentioned obtaining data from Project Honey Pot, in addition to their own systems. Project Honey Pot has an IP reputation system that causes IP addresses to be labeled as “malicious” if they ever send spam to a select set of diagnostic machines that are not normally in use. CloudFlare has not described the nature of the IP reputation systems they use in any detail.”
This article raises some interesting points, but also alludes to more universal problems with making sense of any information published online. An epistemology about technology, and many areas of study, is like chasing a moving target. Knowledge about technology is complicated by the relationship between technology and information dissemination. The important questions are what does one know about Tor and how does one know about it?
Megan Feil, June 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Is the NSA Is Overwhelmed with Data?
June 28, 2016
US citizens are worried about their civil liberties being compromised by the National Security Agency. ZDNet reports they might not need to be worried anymore in the article, “NSA Is So Overwhelmed With Data, It’s No Longer Effective, Says Whistleblower.”
William Binney is a former official from the National Security Agency (NSA) with thirty years under his belt. Binney has been a civilian for fifteen years, but he is abhorred with the NSA. He said the NSA is so engorged with data that it has lost its effectiveness and important intelligence is lost in the mess. This is how the terrorists win. Binney also shared that an NSA official could run a query and be overwhelmed with so much data they would not know where to start.
” ‘That’s why they couldn’t stop the Boston bombing, or the Paris shootings, because the data was all there,’ said Binney. Because the agency isn’t carefully and methodically setting its tools up for smart data collection, that leaves analysts to search for a needle in a haystack. ‘The data was all there… the NSA is great at going back over it forensically for years to see what they were doing before that,’ he said. ‘But that doesn’t stop it.’”
The problems are worse across the other law enforcement agencies, including the FBI, CIA, and DEA. Binney left the NSA one month after 9/11 and reported that the NSA uses an intrusive and expensive data collection system. The mantra is “to collect it all”, but it is proving ineffective and expensive. According to Binney, it is also taking away half the Constitution.
Binney’s statements remind me of the old Pokémon games. The catchphrase for the franchise is “gotta catch ‘em all” and it was easy with 150 Pokémon along with a few cheat codes. The games have expanded to over seven hundred monsters to catch, plus the cheat codes have been dismantled making it so overwhelming that the game requires endless hours just to level up one character. The new games are an ineffective way to play, because it takes so long and there is just too much to do. The NSA is suffering from too many Pokémon in the form of data.
Whitney Grace, June 28, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
More Palantir Spotting
June 27, 2016
Trainspotting is a collection of short stories or a novel presented as a series of short stories by Irvine Welsh. The fun lovers in the fiction embrace avocations which seem to be addictive. The thrill is the thing. Now I think I have identified Palantir spotting.
Navigate to “Palantir Seeks to Muzzle Former Employees.” I am not too interested in the allegations in the write up. What is interesting is that the article is one of what appears to be of series of stories about Palantir Technologies enriched with non public documents.
The Thingverse muzzle might be just the ticket for employees who want to chatter about proprietary information. I assume the muzzle is sanitary and durable, comes in various sizes, and adapts to the jaw movement of the lucky dog wearing the gizmo.
Why use the phrase “Palantir spotting.” It seems to me that making an outfit which provides services and software to government entities is an unusual hobby. I, for example, lecture about the Dark Web, how to recognize recycled analytics algorithms and their assorted “foibles,” and how to find information in the new, super helpful Google Web search system.
Poking the innards of an outfit with interesting software and some wizards who might be a bit testy is okay if done with some Onion type or Colbert like humor. Doing what one of my old employers did in the 1970s to help ensure that company policies remain inside the company is old hat to me.
In the write up, I noted:
The Silicon Valley data-analysis company, which recently said it would buy up to $225 million of its own common stock from current and former staff, has attached some serious strings to the offer. It is requiring former employees who want to sell their shares to renew their non-disclosure agreements, agree not to poach Palantir employees for 12 months, and promise not to sue the company or its executives, a confidential contract reviewed by BuzzFeed News shows. The terms also dictate how former staff can talk to the press. If they get any inquiries about Palantir from reporters, the contract says, they must immediately notify Palantir and then email the company a copy of the inquiry within three business days. These provisions, which haven’t previously been reported, show one way Palantir stands to benefit from the stock purchase offer, known as a “liquidity event.”
Okay, manage information flow. In my experience, money often comes with some caveats. At one time I had lots and lots of @Home goodies which disappeared in a Sillycon Valley minute. The fine print for the deal covered the disappearance. Sigh. That’s life with techno-financial wizards. It seems life has not changed too much since the @Home affair decades ago.
I expect that there will be more Palantir centric stories. I will try to note these when they hit my steam powered radar detector in Harrod’s Creek. My thought is that like the protagonists in Trainspotting, Palantir spotting might have some after effects.
I keep asking myself this question:
How do company confidential documents escape the gravitational field of a comparatively secretive company?
The Palantir spotters are great data gatherers or those with access to the documents are making the material available. No answers yet. Just that question about “how”.
Stephen E Arnold, June 27, 2016
Does It Matter Who Writes an Article? Probably Not
June 27, 2016
I read “Google Has Stopped Using Authorship Completely, Even for In-Depth Articles.” The write up points out that “authorship is officially and completely dead.” What an outstanding development, assuming, of course, that the article is spot on.
Google seems to be able to figure out who wrote something from the text alone. The innovation should put to rest the question about Shakespeare’s plays. Also, when anonymous information appears on a pastesite, the Alphabet Google thing will “know” who wrote the upload, right?
As wonderful as the world’s largest derivative of GoTo / Overture technology is, I am not 100 percent confident in the authorship function. I am reasonably certain that the Googler making the pronouncement was speaking to the search engine optimization crowd which believes many things in my experience.
For those in the law enforcement and intelligence business, perhaps the best way to determine Google’s capability in authorship is to probe the pastesite content. Wouldn’t that make clear what Google can and cannot do with “authorship.”
My best guess is that Google’s technology might fall short of the mark for some real world applications. For now, knowing who wrote what remains a semi useful factoid. By the way, who writes those Google patents? The named individuals or a flock of legal eagles? If authorship is irrelevant, why do some Google patent applications present the names of numerous Alphabet Google wizards?
Oh, right, I forgot that authorship only applies to marketing type content for the purpose of objective, on point results for the purpose of selling ads. Got it. Students will have to know who wrote “Foresight and Understanding: An Inquiry into the Aims of Science” or “Go Add Value Someplace Else: A Dilbert Book.”
Stephen E Arnold, June 27, 2016
Google Results Now Include Animal Noise Audio
June 27, 2016
Ever wonder about the difference in the noise a bowhead whale makes versus a humpback whale? This is yet another query Google can answer. Tech Insider informed us that Google Search has a secret feature that shouts animal noises at you. This feature allows users to listen to 20 different animal sounds, but according to the article, it is not a well-known service yet. Available on mobile devices as well, this feature appears with a simply query of “what noise does an elephant make?” The post tells us,
“Ever wondered what noise a cow makes? Or a sheep? Or an elephant? No, of course you haven’t because you’re a normal adult with some grasp of reality. You know what noise a sheep makes. But let’s assume for a minute that you don’t. Well, not to worry: Google has got your back. That’s because as well as being a calculator, a tool for researching coworkers, and a portal for all the world’s information, Google has another, little-known feature … It’s capable of making animal noises. Lots of them.”
I don’t know if we would call 20 animal noises “a lot” considering the entirety of the animal kingdom, but it’s definitely a good start. As the article alludes to, the usefulness of this feature is questionable for adults, but perhaps it could be educational for kids or of some novelty interest to animal lovers of all ages. Search is always searching to deliver more.
Megan Feil, June 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Hacking Team Cannot Sell Spyware
June 27, 2016
I do not like spyware. Once it is downloaded onto your computer, it is a pain to delete and it even steals personal information. I think it should be illegal to make, but some good comes from spyware if it is in the right hands (ideally). Some companies make and sell spyware to government agencies. One of them is the Hacking Team and they recently had some bad news said Naked Security, “Hacking Team Loses Global License To Sell Spyware.”
You might remember Hacking Team from 2015, when its systems were hacked and 500 gigs of internal, files, emails, and product source code were posted online. The security company has spent the past year trying to repair its reputation, but the Italian Ministry of Economic Development dealt them another blow. The ministry revoked Hacking Team’s “global authorization” to sell its Remote Control System spyware suite to forty-six countries. Hacking Team can still sell within the European Union and expects to receive approval to sell outside the EU.
“MISE told Motherboard that it was aware that in 2015 Hacking Team had exported its products to Malaysia, Egypt, Thailand, Kazakhstan, Vietnam, Lebanon and Brazil.
The ministry explained that “in light of changed political situations” in “one of” those countries, MISE and the Italian Foreign Affairs, Interior and Defense ministries decided Hacking Team would require “specific individual authorization.” Hacking Team maintains that it does not sell its spyware to governments or government agencies where there is “objective evidence or credible concerns” of human rights violations.”
Hacking Team said if they suspect that any of their products were used to caused harm, they immediately suspend support if customers violate the contract terms. Privacy International does not believe that Hacking Team’s self-regulation is enough.
It points to the old argument that software is a tool and humans cause the problems.
Whitney Grace, June 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
What Microsoft Knows via LinkedIn
June 26, 2016
I suppose there will be a “wall” between the data LinkedIn has about employees and Microsoft, LinkedIn’s new owner. There is a possibility that there will be no wall or the wall will have those automatic doors which let folks into shopping malls. Oh, right. Shopping malls are struggling.
LinkedIn has information provided by its customers of the free and for fee service. Some of those customers provide a list of articles along with the usual résumé baloney: Who worked where, when, doing what, etc. Nifty link analyses will provide some useful insight into the relationships of LinkedIn “members.” Oh, timelines will darned useful as well.
To see how “real” journalists explain some of the Microsoft LinkedIn goodies, navigate to “Google Scoops, Keeps the Best Talent: LinkedIn Report.” I learned:
The high ranking of Google, Facebook and Apple are predictable, LinkedIn columnist Suzy Welch, who worked on the project for several months…
I did not know about employer “gravity”. I noted:
A firm’s own narrative — such as a founder’s story, or around creation of a revolutionary product or service — also can play a major role in building the gravitational force that attracts and retains workers…
But a Stanford wizard suggests the study is flawed. Maybe?
My view is that Microsoft gains a useful intelligence resource. How will those data and the tools designed for law enforcement and intelligence entities be applied? No information about this appears in the write. No big surprise.
Stephen E Arnold, June 26, 2016
Weakly Watson: Real Journalists May Be Remaindered
June 25, 2016
That IBM Watson is a versatile confection. I read “IBM’s Watson Tries Its Hand at Editing a Magazine.” Not only does software have a hand, the software is androgynous. In IBM’s quest for revenue and perceived leadership in smart software, the company has targeted journalism as a field of dreams.
The write up reports:
The Drum, a marketing site and publication, apparently allowed Watson to edit the latest issue of its magazine, effectively benching the human editor for an AI (at least in some respects).
I learned:
IBM’s David Kenny commented: “Right now AI is more about people querying machines. My dream is that Watson will ask us questions, giving computers abductive rather than deductive reasoning skills. Abductive reasoning will lead to conversation and dialogue with humans. “And that in turn will lead to more creative thinking, because machine learning means cognitive computing systems will become smarter over time on their own. We’re on that path now, but much work is ahead of us.”
“Abductive” means, I think, moving from an observation via a training set to a theory which accounts for the observation. I recall that Autonomy’s digital reasoning engine used a somewhat similar method in — when was it — about 1996.
Now about those revenues? Would IBM Watson evidence snappier performance if it were running on the world’s fastest supercomputers from China? Just asking. There are those computational issues and, in addition, the need for human ministration of the IBM Watson system.
Stephen E Arnold, June 25, 2015
Enterprise Search Vendors: A Partial List
June 24, 2016
I spoke with a confused and unbudgeted worker bee at a giant outfit this weekend. The stellar professional was involved in figuring out what to do about enterprise search. The story is one I have heard many times in the last 40 years. The system doesn’t meet the needs of the users. The system is over budget. The system does not index in real time. Yadda yadda yadda.
The big question was, “What are the enterprise search vendors offering a system which actually works, does not experience downtime, cost overruns, and user outrage. Note that this is not the word “outage.” The word is “outrage”.
I don’t know of such a system. As a helpful 72 year old, I rattled off a list of vendors who purport to offer Big Data capable, next generation semantic-linguistic-NLP systems. True to form, I repeated the list twice. I thought he would cry.
For those of you who want to know the vendors I plucked from my list of outfits in the search and content processing game, I reproduce the list. If you want upsides, downsides, license fees, gotchas, and other assorted details, I will provide the information. But since you are not likely to buy me dinner this evening, you will have to pay for my thoughts.
Here’s the selected list. Reader, start your browser:
- Attivio
- Coveo
- dtSearch
- Elasticsearch (Lucene)
- Fabasoft Mindbreeze
- IBM Omnifind
- IHS Goldfire
- Lookeen
- Lucid Works (Solr)
- Marklogic
- Maxxcat
- Polyspot
- Sinequa
- Solcara
- Squiz Funnelback
- Thunderstone
- X1
- Yippy
There are quite a few outfits whose systems do search like Palantir, but I trimmed the list to companies for my worried pal.
What’s interesting is that most of these outfits explain that their systems are much, much more than search and retrieval. Believe it or not as Mr. Ripley used to say.
Factoid: Most of these outfits have been around for quite a few years. Only Elasticsearch has managed to become a “brand” in the search space. What happened to Autonomy, Convera, Endeca, Fast Search & Transfer, and Verity since I wrote the first three editions of the Enterprise Search Report between 2003 and 2007? Ugly for some.
Search is a tough problem and has yet to deliver what users expect. Remember Google killed its search appliance. Ads are a better business because they spell money for Alphabet.
Stephen E Arnold, June 24, 2016
Forbes, News Coverage, and Google Love
June 24, 2016
Short honk: US news coverage has “faves.” I assume that the capitalist tool avoids bias in its admirable reporting about business.
Navigate to “Television As Data: Mapping 6 Years of American Television News.” The write up uses Big Data from television news to reveal what gets air time. When I read the article, I must admit I thought about the phrase “If it bleeds, it leads.”
The bottom line is not that countries and cities are used to characterize an event. For me the most interesting comment was the thanks bestowed on Google for assisting with the analysis.
I circled twice in honest blue this statement:
In the end, these maps suggest that the bigger story that is being missed in all the conversation about media fragmentation and bias is that media has always been biased geographically, culturally and linguistically.
Note the “all” and the “always.” Nifty generalizations from an analysis of six years of data.
Biased coverage? I cannot conceive of biased coverage. Film at 11.
Stephen E Arnold, June 24, 2016
-
- Subscribe to Beyond Search
Feature archive
News archive
-
