Ephemeralism Is a Thing in E2EE Signal Messaging

August 27, 2021

Like that word ephemeralism. Great for some; not so great for law enforcement and intelligence professionals.

One of the worst things about the Internet is that nothing completely disappears on the Internet and stuff comes back to haunt people. Cancel culture rears its ugly head when politicians’ or celebrities’ old sexist or racist posts surface. Nothing ever exists in the moment anymore, especially when it comes to Internet conversations. Signal promises in its blog post, “Embrace Ephemerality With Default Disappearing Messages” to return the now to conversation.

Everything relating to human communication is not meant to last forever. Signal is a message designed with state of the art encryption to protect user privacy. It does not have ads, tracking, nor affiliate marketers. Signal is a non-profit organization, so it is not associated with corporations. It receives its funding from donations and grants. Signal has a new feature, where users can have their messages disappear after a set time:

“Disappearing messages provide a way to keep your message history tidy. When enabled for a conversation, messages will be deleted for the sender and recipients after the specified time. This is not for situations where your contact is your adversary — after all, if someone who receives a disappearing message really wants a record of it, they can always use another camera to take a photo of the screen before the message disappears. However, this is a nice way to automatically save storage space on your devices and limit the amount of conversation history that remains on your device if you should find yourself physically separated from it.”

Before this upgrade, disappearing messages need to be enabled for individual conversations, but now it can be set as the default. Signal also added custom timer durations.

Signal is an popular service for people who want to protect their privacy and manage space on their phones. Journalists and freedom fighters are benefit from Signal, because it allows them to protect their anonymity.

As expected, bad actors take advantage of Signal’s encryption features too. Law enforcement officials are unable to collect evidence on the bad actors and makes it difficult building a case against them.

Whitney Grace, August 27, 2021

Algolia: Now the Need for Sustainable, Robust Revenue Comes

August 27, 2021

We long ago decided Algolia was an outfit worth keeping an eye on. We were right. Now Pulse 2.0 reports, “Algolia: $150 Million Funding and $2.25 Billion Valuation.” The company closed recently on the Series D funding, bringing its total funding to $315 million. Putting that sum to shame is the hefty valuation touted in the headline. Can the firm live up to expectations? Reporter Annie Baker writes:

“This latest funding round reflects Algolia’s hyper growth fueled by demand for ‘building block’ API software that increases developer productivity, the growth in e-commerce, and digital transformation. And this additional investment enables Algolia to scale and serve the increased demand for the company’s Search and Recommendations products as well as fuel the company’s continued product expansion into adjacent markets and use-cases. … This new funding round caps a landmark year that saw significant growth and product innovation. And Algolia launched with the goal of creating fast, instant, and relevant search and discovery experiences that surfaced the desired information quickly. Earlier this year, the company had announced its new vision for dynamic experiences, advancing beyond search to empower businesses to quickly predict a visitor’s intent on their digital property in real time, in the session, and in the moment. And the business, armed with this visitor intent, can surface dynamic content in the form of search results, recommendations, offers, in-app notifications, and more — all while respecting privacy laws and regulations.”

Baker notes Algolia’s approach is a departure from opaque SaaS solutions and monolithic platforms. Instead, the company works with developers to build dynamic, personalized applications using its API platform. Over the last year and a half, Algolia also added seven new executives to its roster. Headquartered in San Francisco, the company was founded in 2012.

Cynthia Murrell, August 27, 2021

Big Tech Vows, Warrants, Commits, Guarantees, and Assures to Make Security Way Way Way Better

August 26, 2021

I had to laugh. I read some of the write ups explaining the pledges of big tech to the White House about security. The US is at or near the bottom when it comes to security. America plays offense. The defense thing is not what George Washington would do.

Here’s a representative write up: “Google, Microsoft Plan to Spend Billions on Cybersecurity after Meeting with Biden.” This triggered a chuckle and a snort:

IBM CEO Arvind Krishna told CNBC ahead of the meeting and outside the White House on Wednesday that cybersecurity is “the issue of the decade.” He said he hoped to see more coordination between the public and private sectors coming out of the meeting and said IBM would do its part to help skill workers in the space.

Why are adversaries of the US running exfiltration, ransomware, and intellectual property theft operations?

Let me count the ways:

  1. Systems from outfits like Apple and Microsoft can be compromised because security is an add on, an afterthought, or a function implemented to protect revenues
  2. Senior managers in many US firms are clueless about security and assume that our employees won’t create problems by selling access, clicking on scammer emails, or working from home on projects funded by bad actors
  3. Customers pay little or no attention to security, often ignoring or working around security safeguards when they exist. Hey, security distracts those folks from scrolling through Facebook or clicking on TikTok videos.

There are other reasons as well; for example, how about the steady flow of one off security gaps discovered by independent researchers. Where are the high end threat intelligence services. If a single person can find a big, gaping security hole, why are the hundreds of smart cyber security systems NOT finding this type of flaw? Oh, right. Well, gee. A zero day by 1,000 evil techies in China or Moldova is the answer. Sorry, not a good answer.

There is a cyber security crisis in America. Yes, Windows may be the giant piece of cheese for the digital rats. Why hack US systems? That’s where there are lots of tasty cheese.

Is there a fix which billions “invested” over five years can fix?

Nope.

Pipe dreams, empty words, and sheepish acquiescence to a fact that bad actors around the world find enervating.

More stringent action is needed from this day. That’s not happening in my opinion. Who created the cyber security problem? Oh, right the outfits promising do not do it again. Quick action after decades of hand waving. And government regulations, certification, and verification that cyber security systems actually work? Wow, that’s real work. Let’s have a meeting to discuss a statement of work and get some trusted consulting firm on this pronto.

I have tears in my eyes and not from laughing. Nothing funny here.

Stephen E Arnold, August 26, 2021

Googleland: A Strange Variant of English Indeed

August 26, 2021

I used the term “Googzilla” in my monograph the Google Legacy and I refer to everyone’s favorite mom-and-pop online ad service by this coinage in my lectures.

I overlooked the fact that Googzilla and its minion have a language beyond hissing, grunting, and snorting in courts around the world. An insightful person named allegedly Cyrus Shepard coined and trademarked the word “Googlespeak” for his article “Googlespeak TM How Google Limits Thought about Antitrust.” I would love to insert the required TM symbol when I use the word, but I don’t know how to pull this off in the two-bit editor I use to create blog posts in airports. Please, understand that Googlespeak is a trademarked word, and I do not want to trample on anyone’s rights. Will the Google be happy with the word Googlespeak? That I do not know. Who would have thought that Mickey Mouse ears would engender excitement or cause LexisNexis to become agitated by a personal grooming product named in a manner similar to Nexis. I am still afraid to write “Nexus”. Lawyers never sleep because billing…

The article explains that using a specific vocabulary with non-conventional meanings assigned to words has an impact on one’s thoughts. Go to Disneyland and you know what a Magic Kingdom is when you stand in line for a couple of hours and hand over enough money to support an individual living in a tent near the Bureau of Labor Statistics for a week, maybe more.

When in the country of Google, one obviously must speak the citizens’ language. Try out English in Andorra. Let me know how that works out for you. Same in Googleland. I learned:

Orwell observed that when you limit a person’s language, you can successfully limit their thoughts.

As it turns out, in order to turn a blind eye against growing antitrust concerns, Google has codified its own version of Newspeak and made it official company policy.

In documents obtained by The Markup, Google makes it obvious that certain words are taboo in both internal and external communication. The intent of these guidelines couldn’t be more obvious. One document, titled “Five Rules of Thumb for Written Communication,” spells it out clearly. “Words matter. Especially in antitrust law.”

If you live in Googleland, the information in Mr. Shepard’s write up will make no sense to you. For those who reside in other countries, the examples in the essay are likely to add to your understanding of the mom-and-pop outfit.

One problem: After a couple of decades most Googlers and Google users understand Googzilla quite well. Who wants to tangle with the big hypothetical monster. I don’t. I think the GOOG is just peachy keen. Antitrust? Is that a synonym for helping out folks like advertisers, users, Timnit Gebru, and 20 something employees working from home at reduced wage rates? Nope.

Stephen E Arnold, August 26, 2021

A Sporty Xoogler: True or False?

August 26, 2021

I am not sure about the “real” journalists laboring at the New York Post. One thing is certain. Those folks can craft an interesting headline; specifically: “Google Founder Admits He Created Revenge Site Against Estranged Wife.”

Larry the Kiwi recluse? Sergey the glass lover for a while? Or Scott Hassan?

Who?

The write up says:

Scott Hassan, 51, who wrote much of the original code that powers the search giant, is embroiled in a nasty divorce battle that has raged for seven years and involves millions of dollars, claims of treating his children unfairly — and even a shocking online revenge campaign.

The article points out some interesting life details:

“Without Scott, there would be no Google,” Adam Fisher, author of “Valley of Genius,” told The Post. “He was at Stanford and employed to write code for people who were big thinkers. He got to know Sergey and Larry, rewrote their code and convinced them that this was a product. They sold him founders’ stock. That worked out pretty well.”

Sporty. Sporty indeed.

The “real” news outfit’s report asserts:

After being accused by his ex, he has admitted to launching the site AllisonHuynh.com earlier this year, seeding it with links to positive articles written about his ex — but also links to court documents from three embarrassing lawsuits that involve her.

The write up includes images which appear to be “real” or took someone a bit of time to craft.

Now who’s is the testosterone-charged person in this legal matter. I noted this passage:

Within the documents posted are sexual allegations related to Huynh’s wrongful termination suit against her former employer Samuel Ockman and Penguin Computing in 2000. They claim that Huynh threatened to “kill [Ockman] and then herself” if he ever left her and “kept track of when Ockman was out with a new girlfriend,” according to the cross complaint filed by Ockman and his attorney in response to Huynh’s suit.

True? False? I don’t know, but I recognize sporty behavior when presented in the “real” news style of the estimable New York Post.

Stephen E Arnold, August 26, 2021

Let Us Now Consider Power: Rev That Bezos Bulldozer

August 26, 2021

I read a brief item which seems to go against the chatter I heard in DC several days ago; namely, Elon has smoked Jeffie. The “new” information appears Jeff Bezos Succeeded” online.

Here’s the passage catching my eye:

This Thursday, the United States Space Agency (NASA) voluntarily decided to suspend the contract it signed with Elon Musk’s company SpaceX to collaborate on the Artemis Moon mission, the project that seeks to bring humans to the Moon again. This as a result of the lawsuit filed by the aerospace company Blue Origin , owned by Jeff Bezos , alleging irregularities in the selection process.

How does one spell power? How about B E Z O S? There’s nothing quite like competition among interesting companies. Lawyers are outstanding when it comes to rocket science and rock star technologists.

A side note: At the same time as the bulldozer was packing ice around the Musk rocket ship, Mr. Bezos had a CVT Soft Serve ice cream maker in his home. Ice: No match for the Bezos machine.

Stephen E Arnold, August 26, 2021

TikTok Is Big and Growing Bigger

August 26, 2021

The Twitter of video is roiding up.

Why are we not surprised? Nikkei reveals results of its recent global survey of downloads in, “TikTok Overtakes Facebook as World’s Most Downloaded App.” Writer Rei Nakafuji reminds us:

“Some believe that personal information shared with TikTok is not secure. In 2020, former President Donald Trump called on the company to sell off its U.S. operations or be banned. The app’s popularity nevertheless grew during the pandemic, when it became the leading download in Europe, South America and the U.S. Joe Biden, Trump’s successor, withdrew the presidential executive order, but uncertainties remain elsewhere.”

Despite these uncertainties, it seems the sky is the limit for TikTok. The write-up reports that, in the US and UK, total viewing time for the app has surpassed that for YouTube. We notice there is even a service now, named Heepsy, that helps advertisers find influencers to promote their brands. Its description reads simply:

“Find TikTok influencers who fulfill your brand’s requirements in a matter of seconds. Filter by location, follower count, and engagement. Check out their location, engagement rate, follower count, and total number of videos.”

Are Facebook, LinkedIn, and YouTube getting nervous about TikTok’s ascendance? We are curious to see what countermeasures each will deploy.

Cynthia Murrell, August 26, 2021

IBM: The Company Will Telum Like It Could Be

August 25, 2021

I read “The Other IBM Big Iron That Is On The Horizon.” The write up mentions that the Telum processor is for System z mainframes. The outfit making the chip is … Samsung.

I also noted “IBM Unveils New Chip Designed to Detect Fraud with AI.” The article explains:

The chip is built to enable applications to run efficiently where the data resides, helping to overcome traditional enterprise AI approaches that tend to require significant memory and data movement capabilities. Telum’s on-chip acceleration is capable of running AI models during a transaction. This improves fraud detection in industries that hold valuable customer and business information.

The “is built” is interesting because the “IBM Big Iron” article makes this point:

We happen to think IBM had hoped to be able to ship the Telum processors and their System z16 machines before the end of 2021 and the transition from 10 nanometer to 7 nanometer processes at former foundry partner GlobalFoundries to 7 nanometer processes at current foundry partner Samsung has delayed the z16 introduction from its usual cadence. As it stands, the z16 chip will come out in early 2022, after the Power10 chips with fat cores (meaning eight threads per core and only 15 cores per chip) come to market. The skinny Power10 cores (four threads per core but 30 cores on a die) used in so-called “scale out” systems are not expected until the second quarter of 2022. It is rough to change foundries and processes and microarchitectures all at the same time, so a delay from the original plan for both z16 and Power10 are to be expected.

An AI chip. Really good at fraud detection. Requires a System z mainframe. Shipping in the future, maybe next year.

The new IBM outsources. The new IBM pre-announces. But what’s interesting is that as tasty as the descriptions are, the platform requires the “old” IBM; that is, a mainframe. Interesting because neither write up mentions Watson.

Stephen E Arnold, August 25, 2021

Fancy Code? Nope, Just Being Nice to Apple Customer Care

August 25, 2021

I continue to be fascinated by the number of cyber security companies reporting new exploits. If an exploit is a hot ticket, should not multiple cyber security threat identification services report a breach? Maybe, but the reality is that some expensive and often exotic smart software fumble the ball.

How do bad actors gain access to what these individuals perceive as high value targets? It is not a team of hackers sponsored by a rogue state or a tech-literate oligarch. The crime often is the anti-security action of a single individual.

Lone wolves being nice is a technique not captured by artificially intelligent, over-hyped platforms. “La Puente Man Steals 620,000 iCloud Photos in Plot to Find Images of Nude Women” may be an example of the methods which can penetrate the security of outfits which tout their concerns about privacy and take pains to publicize how secure their online systems, services, and products are.

The allegedly accurate write up states:

Chi, who goes by David, admitted that he impersonated Apple customer support staff in emails that tricked unsuspecting victims into providing him with their Apple IDs and passwords, according to court records. He gained unauthorized access to photos and videos of at least 306 victims across the nation, most of them young women, he acknowledged in his plea agreement with federal prosecutors in Tampa, Fla.

The “real” news report added some color to this action:

Chi said he hacked into the accounts of about 200 of the victims at the request of people he met online. Using the moniker “icloudripper4you,” Chi marketed himself as capable of breaking into iCloud accounts to steal photos and videos, he admitted in court papers. Chi acknowledged in court papers that he and his unnamed co-conspirators used a foreign encrypted email service to communicate with each other anonymously. When they came across nude photos and videos stored in victims’ iCloud accounts, they called them “wins,” which they collected and shared with one another.

What’s happening in this example?

  • Social engineering
  • Pretending to be a concerned professional at a big company
  • A distributed group of anti security types who don’t know one another too well
  • Victims.

Net net: Fancy security systems are indeed fancy. The security part is different from what bad actors are doing. That’s a bit of a problem for outfits like Microsoft and T-Mobile, among others.

Stephen E Arnold, August 25, 2021

Like Apple, Google Cares about Children

August 25, 2021

My question, “Why are large technology companies demonstrating a new interest in protecting children?” PR maybe? Impending regulation? A realization that their days of carefree unregulated behavior are coming to a close? I sure don’t know.

Well this took longer than it should have. What an innovation after 20 plus years… protecting children. BBC News reports, “Google Lets Parents Remove Children from Image-Search Results.” We learn:

“Parents will now be able to have images of their children removed from Google search results, the company has said. It came as Google announced a range of changes to child-safety measures across several of its products. It will also remove ‘overly commercial content’ from the children’s version of YouTube and change what kind of adverts can be targeted at under-18s. Several major technology companies have introduced such measures under scrutiny from governments and safety advocates.”

Ah, so the move was in response to pressure, not out of the goodness of Google’s conscience. What a surprise. The write-up notes Facebook-owned Instagram has made accounts of those under 16 private by default (they weren’t already?!) in an effort to placate critics of its plan to launch a children’s version.

Googley concessions within YouTube Kids include turning off autoplay as the default and removing “overly” commercial content. As for Google Search, in addition to the ability to remove children’s images from results, the company is making the following changes:

  • Stopping ad targeting based on children’s age, gender or interests
  • Preventing ‘age sensitive’ types of adverts being shown to younger users
  • Changing the default mode for uploaded videos, for children, to ‘the most private option’
  • Turning adult-filtering mode Safe Search on for minors
  • Preventing young people from using Location History, the feature that tracks and logs a phone’s location constantly
  • Adding new parental advice on the Google Play app store”

These measures seem like common sense, and one wonders if such fences should have been erected and maintained years, decades ago. Better late than never, we suppose. The article points out, though, that many kids lie about their age when they venture online. Are age verification measures, like the ones used for online sales of cigarettes and booze, on the way? They may be, at least in the UK, if that nation’s Online Safety Bill passes.

Apple and Google care about kids.

Cynthia Murrell, August 25, 2021

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta