Google: Being Responsible
July 29, 2019
Individual states have been legalizing or decriminalizing marijuana left and right, but the federal government still considers it an illegal substance. That is why, according to 9to5Google, “Google Immediately Bars All Marijuana Delivery Apps from the Play Store.” Google wouldn’t want to run afoul of the Feds, now would it? Reporter Damien Wilde writes:
“The updated policy now states that applications that help users buy or allow users to order marijuana products will now be removed. Here is the updated marijuana policy, as per the Play Store developer guidelines:
‘Here are some examples of common violations:
‘Allowing users to order marijuana through an in-app shopping cart feature.
‘Assisting users in arranging delivery or pick up of marijuana.
‘Facilitating the sale of products containing THC.’
“In a statement to Android Police, Google stated that applications like the popular Eaze and Weedmaps will only need to remove the shopping cart flow from within their applications to comply with the new rules. These apps simply need to move the shopping cart flow outside of the app itself to be compliant with this new policy. We’ve been in contact with many of the developers and are working with them to answer any technical questions and help them implement the changes without customer disruption.”
An update to the article reports Eaze has complied, requiring users to navigate to its own website to make a purchase. We imagine Weedmaps will soon follow, reducing both apps to window-shopping platforms. What, then, is the point? Perhaps they anticipate a time when federal law catches up to states’ decisions.
Cynthia Murrell, July 29, 2019
Need a Summary of a Web Page?
July 28, 2019
DarkCyber prefers to read articles. There are people like MBAs, engineers, and accountants who have a need for getting information fast. Minimal words, maximum optimization.
No poetry for these specialists. If you find yourself pressed for eyeball time, navigate to the Hacker Yogi. Paste your url or text in the appropriate box and the free service will spit out a usable abstract. We tried it on some of our DarkCyber posts. Worked well. We plugged in a paywall WSJ article, and the Hacker Yogi refused to summarize the content.
Useful for those who want a summary.
Stephen E Arnold, July 28, 2019
The Googler Who May Become the First Xoogler of Algorithmic Bias
July 27, 2019
I read Project Veritas’ article “Current Sr. Google Engineer Goes Public on Camera: Tech Is “Dangerous,” “Taking sides.”
This is an interesting assertion. Why would a person who allegedly works at Google make such a statement? DarkCyber does not know. The person who made the alleged assertion is now kicking back, watching YouTube, and contemplating what “administrative leave” means we assume.
Real info or fake info?
Google haters will say, “Real info, by golly.”
Google lovers will say, “Not my Google.”
DarkCyber is neutral. Let’s look at some of the statements made by the Googler who is, it seems, unable to chow down in a Google cafeteria. Here are three of the PhD’s “real” assertions:
Point 1: Bias. Tech is taking sides in a political content. DarkCyber believes that it is very easy to shape the content displayed in response to a query. It is also easy to filter out Web sites or specific content. If the statements made by a PhD Googler (moving toward official Xoogler status) are accurate, those with access to lists of prohibited words or sites, algorithm threshold settings, or algorithm weighting controls — injecting some subjectivity into how the plumbing works is easy. Therefore, it is just possible that an individual or a couple of people with appropriate access, could make the content and ads displayed do a Zumba routine, not a waltz. Just a hypothesis, of course, of course.
Point 2: Data Are Used. Services like Google Assistant don’t have a bias. DarkCyber thinks that the PhD Googler (on the path to Xooglerdom) is naive. Data gathered by any Google log will feed into the “system” and be available for assorted processes. Armed with trivial data points, the Google system may be more robust and capable; for example, an action sent to Google Assistant could have an impact on outputs to that Google user. Stateful is as stateful does.
Point 3. Transparency. Google is not transparent. What a surprise! Even for those who work at Google, information seems to be compartmentalized. Google seems to function in the manner of a government agency in Eastern Europe in the 1940s. There’s a hierarchy, and it mostly works. If not, who is going to complain? Not DarkCyber. Who wants to be a serfs not allowed to serve food at the barons’ banquet?
The interview and video are interesting. Are they true and real? DarkCyber is on the fence, not at home wishing for a cube, a Foosball game, and a trip to the Google cafeteria.
Stephen E Arnold, July 27, 2019
Open Source: No Handcuffs, Freedom, and Maybe Problems
July 26, 2019
DarkCyber has noted the use of open source technology in policeware (software and systems for law enforcement) and in intelware (software and systems for intelligence professionals). The reasons mentioned to me when I get a demonstration include avoiding the handcuffs clicked on when one licenses proprietary software, the ability to get bug fixes and enhancements without waiting for the proprietary software vendor to get around to these adjustments, and a bigger pool of technical talent from which to draw. “12 Challenges Businesses face when Using Open-Source Software” does a good job of identifying some issues to consider when adopting open source code.
Let’s look at three of these which I have encountered in the last few months. I won’t name the vendors of the policeware and intelware systems, and if you want the other nine “challenges”, please, navigate to the original article.
Here are the three “challenges”, which in some cases may be deal breakers:
Cost. Note that the article pegs cost last in the list of 12 issues. My thought is that cost in the number one consideration. I have heard, “Our software is more value centric because we use open source software.” My response is, “So the license fees is reduced, but what about the cost of support, training, and coding special widgets to get the system working to meet our specifications?” No policeware or intelware system is “cheap.” Less expensive than another product, sure. But in terms of headcount, direct and indirect system costs, and time — vendors often understate costs and licensees say “Wow, I’ll go with you.”
Compatibility. Because a chunk of code or a system is open source and perceived as open, the software may not be compatible with one’s existing code. More problematic, the assumption that open source can happily ingest whatever “common” or “database” content one wants to have the open source software process. Think in terms of finding, licensing, or writing “filters,” “import routines,” or “file conversion” routines. Vendors of proprietary software may not have what you need, but you can buy filters from a cheerful sales professional or directly from the company. Working out “compatibility” can be expensive and slow down the process.
Mystery Sources. Open source is perceived as one way for a developer to demonstrate his open sourciness and his expertise. However, intelligence agencies in some countries create or contribute code to open source projects. Assuming that what looks like a benign tool may prove to be somewhat problematic. How problematic? Data about compromised open source software are elusive. In the US, third parties who use open source software for projects sub contracted by a prime contractor can be a vector for backdoors, exploits, and malware. Paranoiac project managers and contracting officers may wish to ponder this issue. Legalese will not reduce the aperture for fancy dancing.
Is open source inherently more risky than proprietary solutions? No, risk is about equal. Proprietary software is fraught with problems. So is open source. That’s a point of fact that is often glossed over.
Stephen E Arnold, July 26, 2019
Toronto Questions Google and Its Smart City
July 26, 2019
We heard a rumor that Google wanted a piece of the tax money to push forward with its Toronto Smart City project. That may have been a rumor. Nevertheless, the project continues and is attracting attention.
Sidewalk Labs, a division of Alphabet (Google’s parent company), is eager to get into the smart-city business, beginning with Toronto. Perhaps too eager, some say, relegating important privacy considerations to afterthoughts. IT Business Canada reports, “Sidewalk Labs Decision to Offload Tough Decisions on Privacy to Third Party is Wrong, Says Its Former Consultant.” Now we know why Ann Cavoukian is their former consultant—she left the advisory role when Sidewalk Labs refused to follow her advice. Reporter Alex Coop writes:
“After over two years of controversy, Sidewalk Labs finally presented a 1,500-page draft master smart city plan for a government-owned stretch of Toronto’s eastern waterfront, but critics immediately pointed out how it doesn’t include an independent group overseeing all digital innovations or strict guidelines that force proposed projects to de-identify personally identifiable data when collected. Alphabet Inc.’s subsidiary has gotten an earful in recent months about privacy concerns surrounding the proposed facelift to the waterfront property. … Sidewalk Labs is proposing a non-profit data trust, but those details, the company said in the NIDP, will be determined based on input from government, the community, and researchers.”
After Sidewalk made the plan public, Cavoukian spoke out, insisting the company take more responsibility for privacy protections. We learn:
“Cavoukian resigned from her advisory role with Sidewalk Labs last October amid rising concerns that the organization wasn’t going to force companies to de-identify collected personal information at the source. This process is used to prevent a person’s identity from being connected with information gathered by the smart city’s chattering devices. Sidewalk Labs encourages this philosophy throughout the MIDP and said it will push the yet-to-be created data trust to abide by it as well. But Cavoukian said this actually leaves the door open, even if it’s a tiny bit, for incoming companies to potentially sidestep the rules.”
The Canadian Civil Liberties Association is also concerned, and urged government officials to hit the brakes in an open letter. Currently, Toronto has placed more than 11,000 digital devices, like Wi-Fi access points, cellular nodes, environmental sensors, and traffic cams, around the city. Of course, the idea is to make life easier for the city residents, but we all know what they say about good intentions.
Did Google select the wrong city for its project? Would Scarberia been a wiser choice?
Cynthia Murrell, July 26, 2019
Zippy New Media Outfit Criticized
July 26, 2019
I have read a lot of news on Medium and have come to regard it as a reasonable outlet for news. There is bad news on the horizon for the Medium as a blogging medium says The Web Design Report in the article, “Is Medium In A Downward Spiral?” Professional bloggers, businesses, and others have used Medium as a choice blogging platform for promotion. Content blogging is a surefire way for an individual or organization to establish their authority no matter what the field. Medium is beloved because it is simple to use, has decent presentation, curates audiences within the platform, and is free.
Medium is an easy platform to use from writing to publishing content, but it is hardly something professionals should use. When content is published on Medium, the entire post screams Medium rather than the actual content. There are subscribe buttons and annoying pop-up ads. Readers are ceaselessly barraged with Medium advertising, even if they tell it to go away. This is the problem:
“Why do we do content marketing in the first place? To educate readers, of course. But to what end? We want them to see us for the authority that we are. By providing them with valuable insights they can’t get on their own, we demonstrate what a great asset we would be. But how are you supposed to do that when most traces of your brand are gone? It’s not that Medium doesn’t give you an opportunity to share a bio for yourself or to enable readers to follow you. The problem is with the way Medium positions your content on the site. “
Medium does absolutely nothing, but promotes itself. Your brand, expertise, and search engine presence will not exist on the Medium blogging platform.
Another negative is how Medium publishes its posts. Formats for videos and images are not only basic, but creators do not have any control how they are formatted.
The best way to build traffic for your brand is to create your own Web site, where you control the content, design, ads, and traffic flow. It takes time to gain Google’s attention, but the organic growth its better than having Medium steal traffic from you Web site. Think of it like growing a garden. You plant the seeds, water, the sun shines, and the seed slowing grows into a mature, healthy plant. If you overwater, fertilize, or do not pay attention to the amount of sun the seed receives, the plant will never grow. If a helpful gardener comes along, a tiny shoot can be dug up and transplanted in a more appropriate environment.
Whitney Grace, July 26, 2019
Facebook: Running Out of Users? No, Just Nibbling on Its Foot
July 25, 2019
About that Facebook growth? The US may be saturated, and FBF or Facebook fatigue may be kicking. Rumors about “phantom” Facebookers in far flung countries won’t die. The regulators are flocking with legal eagles, and some countries see Facebook as a piggy bank filled with easy money.
What else could go wrong?
According to Information (no, that’s the name of an online publication), quite a bit. “Facebook Secret Research Warned of ‘Tipping Point’ Threat to Core App” discloses allegedly confidential information that doom approaches with a Like icon. (We will take a look at secrets let loose in our August 6, 2019, “DarkCyber” video program.)
What’s the Facebook secret?
…if enough users started posting on Instagram or WhatsApp instead of Facebook, the blue app could enter a self-sustaining decline in usage that would be difficult to undo. Although such “tipping points” are difficult to predict…
Here’s a Venn diagram (remember those you algebra lovers?) to prove this “secret”:
These could be Facebook’s five circles of social hell. Source: Information (that’s a great name when searching!)
To simplify, Facebook is cannibalizing itself. Without a flow of “real,” honest to goodness users of “old” Facebook, it’s possible for the core service to shrink and maybe die.
No, no, no, howls one group of FB Likers. Yes, yes, yes, shout another group which collectively dislikes Facebook.
Several observations:
- Monopolies do what they do, steered by the invisible hand of digital leprosy
- Reversing the cannibalism is going to take more than high school science club management methods, apologies, and writing checks to assorted nation states
- A weakened Facebook can fall prey to the MySpace disease, the digital pneumonia which thrives in poorly managed social spaces.
Net net: Worth watching. Get your popcorn, kick back, and think how certain government agencies will obtain high value information from a weakened Facebook.
Stephen E Arnold, July 25, 2019
YouTube: Keep on Clicking
July 25, 2019
YouTube wants you to watch videos. The more videos you watch, the more advertising space it can sell. In order to keep you engrossed, YouTube recommends videos that its algorithms think will appeal to you based on your viewing history. Sometimes the recommendations score, other times they sink faster than a flash in the pan viral video. Make Use Of explains how you can take control of your YouTube recommendations so they score every time: “YouTube Gives Viewers More Control Over Content.”
YouTube wants to give viewers more control over curating their video experience and they debuted brand new features to put viewers in “the driver’s seat.” YouTube wants to “help viewers find new interests and passions” and this comes from understanding what viewers like. In order for YouTube to know what to recommend, viewers need to tell YouTube so its content algorithms can do their magic. Here is how YouTube is “placing viewers in the driver’s seat” (although it’s really the illusion of control):
“Explore Topics on the Homepage and Up Next: YouTube is making it easier to explore topics and related videos. You’ll see these topics both at the top of your homepage (when you scroll up) and on the Up Next section below the video you’re currently watching.
Stop Certain Channels Being Recommended: On the flipside, you can now tell YouTube to stop recommending videos from particular channels. Just tap the three-dot menu next to a video and select “Don’t recommend channel” from the dropdown menu.
Discover Why YouTube Is Recommending Videos: YouTube is also explaining why it’s recommending particular content. When YouTube recommends videos based on what other viewers have watched, you’ll see an information box underneath the video.”
The last feature about “discovering why YouTube recommends a video” is a real show of AI intelligence, unless the algorithm is similar to what Amazon Prime, Netflix, and Hulu use to make similar recommendations. It is neat at first, then becomes passé unless there is flashy cover art. These updates were made, because YouTube’s old algorithms sent viewers down endless rabbit holes. For example, if a viewer watches a single anti-vaccination video, suddenly all of their recommendations were about anti-vaccinations. The only way to wipe out the recommendation was to clear the viewing history or watch a bunch of videos on another topic.
YouTube wants to retain ands gain viewers. Giving its viewers more control and understanding what they like with smarter AI will keep the video platform relevant.
Whitney Grace, July 25, 2019
Facebook: Fine, We Are Cooperative
July 25, 2019
Other than sharing fake news, being a hotspot for senior citizens, and causing more drama than a family reunion, Facebook is known to not cooperate with authorities. As a private business, Facebook chooses its own autonomy but the French are fed up and Facebook might comply. A story from Reuters shares that it is an “Exclusive: In A World First, Facebook To Give Data On Hate Speech In French Courts.”
Facebook is notorious for not protecting its users’ privacy, because they sell it to advertisers. However in an odd turn of non-self-serving events, Facebook complied with French courts to turn over information on users that post hate speech. French Minister for Digital Affairs Cedric O is a big supporter of French President Emmanuel Macron and has advised him on numerous issues related to technology companies.
Macron wants France to exhibit model behavior:
“The decision by the world’s biggest social media network comes after successive meetings between Zuckerberg and Macron, who wants to take a leading role globally on the regulation of hate speech and the spread of false information online. So far, Facebook has cooperated with French justice on matters related to terrorist attacks and violent acts by transferring the IP addresses and other identification data of suspected individuals to French judges who formally demanded it.”
Facebook already turns over information related to terrorism and violent actions, but the inclusion of hate speech will allow French judicial processes to run as intended. O maintains connections with Facebook executives. Since O took office, he has made it a priority to target hate speech. O is also not against US tech companies buying smaller, promising French startups.
Facebook has not revealed hate speech users’ information in the past, because the company says it upholds freedom of speech and does not want other governments misusing that power.
Facebook may be a freed of speech champion, but we known they are ruled by the almighty dollar or, in this case, euro. Or is it eur O?
Whitney Grace, July 25, 2019
Cyber Threats from Semi Insiders
July 24, 2019
I was thrilled to learn that the New York Times (which quoted me on Sunday, July 21, 2019) concluded that I had no work for the last 40 years. Well, I least I don’t rely on a SNAP card, sleep under the overpass, and hold a sign which says, “Will analyze data for food.”
What did I do in those four decades which the NYT fact checkers couldn’t find? I worked as a rental. Yep, a contractor. A semi insider.
I did what I was paid to do, delivered by now routine “This is what I think, not what you want me to think” reports, and muddled forward.
For some outfits for which I worked, I was a regular. I did projects for years, decades even. For some government agencies, it may seem as if I never left because my son is working on the projects now.
I suppose the phrase “semi insider” explains this relationship. One is “around” long enough that people assume you are part of the furniture or the break room.
I thought of this “semi insider” phrase when I read “Siemens Contractor Pleads Guilty to Planting Logic Bomb in Company Spreadsheets.” The guts of the write up strikes me as:
But while Tinley’s files worked for years, they started malfunctioning around 2014. According to court documents, Tinley planted so-called “logic bombs” that would trigger after a certain date, and crash the files. Every time the scripts would crash, Siemens would call Tinley, who’d fix the files for a fee.
So the idea was sell more work.
My view is that this practice is more widespread than may be recognized.
How does one deal with a situation in which a company’s management and regular “professionals” are so disconnected from the semi insiders’ work that no one knows there’s a scheme afoot?
How does a zip zip zip modern outfit hire individuals who can be trusted, often over a span of years?
How does an organization verify that its semi insiders have not planted a bug, malware, or some other malicious “thing” in a system?
The answer is that today’s cyber security tools will not be much help. Most organizations lack the expertise and resources to verify that what semi insiders do is a-okay.
There’s a lot of chatter about identifying and tracking insider threats. The story makes clear that semi insiders are a risk as well. Considering that Snowden and others who have acted improperly and outside the bounds of their secrecy and other agreements makes crystal clear:
Semi insider threats are a significant risk.
And as the “expertise” of many technical professionals decreases, the risks just go up.
In short, today’s cyber security solutions, cyber governance methods, and day to day management techniques are ineffective, not addressed by cyber security solutions which are essentially reactive, and not well understood.
Siemens may have gotten the memo. It only took two years to arrive.
Stephen E Arnold, July 23, 2019