Useful TikTok History: An Honest Mirror
April 21, 2022
I rejected an example of TikTok psychological nudging for my upcoming National Cyber Crime Conference. The example focuses on what is called “wlw.” If you are not familiar with this three letter designation, you can test it in a number of apps popular with young people. One interesting application of the designator is YouTube. A young person can enter “wlw” and quickly be offered a playlist of “women loving women” videos. YouTube repackaging TikTok videos? No big deal.
The write up explains the logic of TikTok too:
“Chinese tech culture is not the enemy. Chinese tech culture is an honest mirror.”
The write up “TikTok’s Parent, ByteDance, Made Fake Accounts with Content Scraped from Instagram and Snapchat, Former Employees Say.” The essay does not talk about “wlw” or related videos. What it does explain is the building blocks of the TikTok mechanism for identifying magnetic content and how that magnetic content can be used to keep users engaged.
I spotted several interesting statements in the write up; to wit:
How to train for maximum American user appeal: “the scraped content was used to train ByteDance’s powerful “For You” personalization algorithm on US-based content so that it would better reflect the preferences of US users.”
The role of the mimic tactic: “an employee lays out the reasons that the company used “fake accounts” and scraped content; among them were that the accounts could be used to test which content performed best on the platform, and that current users could mimic the scraped content to improve their own popularity.”
Jazzing creators: “…the company manipulated like and video view counts displayed in the app to make creators believe they were more popular than they were.”
The influence of the US tech cowboy culture: “”The US public and US media often attribute unethical growth strategies practiced by Chinese tech companies to ‘Chinese tech culture,’ when very often those tactics are directly copied from FAANG companies…”
TikTok’s current posture: “While we disagree with the assertions, rather than go through lengthy litigation, we’d like to focus our efforts on building a safe and joyful experience for the TikTok community.”
Interesting insight into TikTok, an online service which some in Sillycon Valley think is innocuous, good clean fun, and not set up to nudge young people’s behavior. “Wlw”? No big deal, right? YouTube emulates TikTok; TikTok emulates American models. Synergistic indeed.
Stephen E Arnold, April 21, 2022
TransUnion: Squeezing Juice from a 20-Year Regulatory Drought
April 21, 2022
I believe everything I read on the Internet. Some things I believe a whole lot, even though the information may be shaded. Navigate to “Feds sue TransUnion, Calling It Unwilling or Incapable of Operating Lawfully.” I noted this passage:
TransUnion tricked people into recurring payments after previously being fined for the activity, the consumer watchdog agency said…
The company’s position echoes the emissions from some high-technology firms:
TransUnion dismissed the claims as “meritless,” saying the allegations “in no way reflect the consumer-first approach we take to managing of our businesses.”
Let’s not regulate or let the financial information sector self regulate. Both are great ideas.
Now let’s think about a government which can manage a large firm operating within its borders. The allegation is that the estimable TransUnion ignored guidelines, suggestions, and rules. Why? Maybe too expensive or just annoying bureaucratic clap trap?
Several observations:
- What other firms have adopted the TransUnion approach to treating their customers in a fair and ethical way?
- Does the US government see the irony of a commercial enterprise doing what it wants and then having the government sue the company so that it modifies its behavior?
- Will TransUnion modify its executive incentive program and make obeying the guidelines, suggestions, and rules of a federal agency important?
I can answer all three questions. My answer: Nope.
Stephen E Arnold, April 21, 2022
Google: Struggles with Curation
April 21, 2022
Should Google outsource Play store content curation to Amazon’s Mechanical Turk or Fiverr?
Sadly, one cannot assume that because an app is available through Google Play it is safe. Engadget reports, “Google Pulls Apps that May Have Harvested Data from Millions of Android Devices.” Writer S. Dent reveals:
“Google has pulled dozens of apps used by millions of users after finding that they covertly harvested data, The Wall Street Journal has reported. Researchers found weather apps, highway radar apps, QR scanners, prayer apps and others containing code that could harvest a user’s precise location, email, phone numbers and more. It was made by Measurement Systems, a company that’s reportedly linked to a Virginia defense contractor that does cyber-intelligence and more for US national-security agencies. It has denied the allegations.”
Naturally. We find it interesting that, according to the report, the firm was after data mainly from the Middle East, Central and Eastern Europe and Asia. The write-up continues:
“The code was discovered by researchers Serge Egelman from UC Berkeley and the University of Calgary’s Joel Reardon, who disclosed their findings to federal regulators and Google. It can ‘without a doubt be described as malware,’ Egelman told the WSJ. Measurement Systems reportedly paid developers to add their software development kits (SDKs) to apps. The developers would not only be paid, but receive detailed information about their user base. The SDK was present on apps downloaded to at least 60 million mobile devices. One app developer said it was told that the code was collecting data on behalf of ISPs along with financial service and energy companies.”
So how did these apps slip through the vetting process? Maybe the app review methods are flawed, not applied rigorously, not applied consistently. Or perhaps they are simply a bit of PR hogwash? We don’t know but the question is intriguing. Google has removed the apps from the Play store but of course they still lurk on millions of devices. In its email to the Wall Street Journal, Measurement Systems not only insists its apps are innocent, but it also asserts it is “not aware” of any connection between it and US defense contractors.
And what about the quantumly supreme Google smart software?
Cynthia Murrell, April 21, 2022
Google Web Search Quality
April 20, 2022
The cat is out of the bag. The Reddit threat “Does Anyone Else Think Google Search Quality Has Gone Downhill Fast?” provides an interesting series of comments about “quality.”
The notion of “search quality” in the good old days involved gathering a corpus of text. The text was indexed using a system; for example, Smart or maybe Personal Bibliographic software. Test queries would be created in order to determine how the system displayed search results. The research minded person would then examine the corpus and determine if the result set returned the best matches. There are tricks those skilled in the art could use to make the test queries perform. One would calculate precision and recall. Bingo metrics. Now here’s the good part. Another search system would be used to index the content; for example, something interesting like the “old” Sagemaker, the mainframe fave IBM STAIRS III, or Excalibur. The performance of the second system would be compared to the first system. One would do this over time and generate precision and recall scores which could be compared. We used to use a corpus of Google patents, and I remember that Perfect Search (remember that one, gentle reader) outperformed a number of higher profile and allegedly more advanced systems.
I am not sure Reddit posts are into precision and recall, but the responses to the question about degradation of Google search quality is fascinating. Those posting are not too happy with what Google delivers and how the present day Googley search and retrieval system works. Thank you, Prabhakar Raghavan, former search wizard executive at Verity (wow, that was outstanding) and the individual who argued with a Bear Stearns’ managing director and me about how much better Yahoo’s semantic technology was that Google’s. Raghavan was at Yahooooo then and we know how wonderful Yahoo search was!)
Hewer’s a rundown of some of the issues identified in the Reddit thread:
- From PizzaInteraction: “always laugh when I enter like 4 search terms and all the results focus on just one of the terms.”
- Healthy-Contest-1605: “Every algorithm is being gamed to have their trash come out in top.”
- Cl0udSurfer: “the usual tricks like adding quotes around required words, or putting a dash in front of words that should be excluded don’t work anymore.”
Net net: This is the Verity-Yahoo trajectory. Precision and recall? Ho ho ho. What about disclosing when a source was indexed and updated? What about Boolean operators? What about making as much money as possible so one can go to a high school reunion and explain the wonderfulness one’s cleverness? What happened to Louis Monier, Sanjay Ghemawat, and the Backrub crowd?
Stephen E Arnold, April 20, 2022
The Munk-ey on the Back of NSO Group
April 20, 2022
The Munk School at the University of Toronto has a keen interest in the NSO Group. I read “CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru.” (I wish someone would ask me about the candiru at a dinner party. I really want to answer using my own style of expressing myself. Ah, you don’t know about the penis centric creature? Knowing can be helpful before a dip in certain South American rivers and streams.)
Back to munk-ey on NSO Group’s back.
The write up states:
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware. At least 63 were targeted or infected with Pegasus, and four others with Candiru. At least two were targeted or infected with both. Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations. Family members were also infected in some cases.
What’s interesting is that the Munk folks want to prevent a government from performing certain actions. How’s that working out for those who want to influence Mr. Putin. A commercial enterprise sells to a government agency, how exactly is the vendor supposed to prevent a nation state from doing what it wants?
The write up focuses on political issues, and the NSO Group’s technology is not an interesting system with useful functions. The platform becomes the equivalent of Darth Vader’s favorite light saber. How will the Munk experts control an entity its researchers deem Darth Vader pretenders?
Yeah, how would that play out?
The write up is interesting and reveals quite a bit of research.
However, the more significant issue is one which is ignored. Technology can be placed in a context. The context then defines the technology. Our present context is that technology facilitates weaponization. The ethical underpinnings of behavior, in my opinion, have been torn or removed.
Thus, the Munk team is talking about technology and seems to be disinterested in what is allowing outfits like NSO Group become a ping pong ball. Without a net, there is no game.
Perhaps the net is a thing which can be put front and center? Legacies of Roman rule, control of national state officials, and the inherent badness of core mobile phone functions are a way to let off emotional steam?
What about no click exploits for Android devices? Perhaps that is next up on the Munk agenda?
Stephen E Arnold, April 20, 2022
Enterprise Search Vendors: Sure, Some Are Missing But Does Anyone Know or Care?
April 20, 2022
I came across a site called Software Suggest and its article “Coveo Enterprise Search Alternatives.” Wow. What’s a good word for bad info?
The system generated 29 vendors in addition to Coveo. The options were not in alphabetical order or any pattern I could discern. What outfits are on the list? Here are the enterprise search vendors for February 2022, the most recent incarnation of this list. My comments are included in parentheses for each system. By the way, an alternative is picking from two choices. This is more correctly labeled “options.” Just another indication of hippy dippy information about information retrieval.
AddSearch (Web site search which is not enterprise search)
Algolia (a publicly trade search company hiring to reinvent enterprise search just as Fast Search & Transfer did more than a decade ago)
Bonsai.io (another Eleasticsearch repackager)
Coveo (no info, just a plea for comments)
C Searcher(from HNsoft in Portugal. desktop search last updated in 2018 according to the firm’s Web site)
CTX Search (the expired certificate does bode well)
Datafari (maybe open source? chat service has no action since May 2021)
Expertrec Search Engine (an eCommerce solution, not an enterprise search system)
Funnelback (the name is now Squiz. The technology Australian)
Galaktic (a Web site search solution from Taglr, an eCommerce search service)
IBM Watson (yikes)
Inbenta (A Catalan outfit which shapes its message to suit the purchasing climate)
Indica Enterprise Search (based in the Netherlands but the name points to a cannabis plant)
Intrasearch (open source search repackaged with some spicy AI and other buzzwords)
Lateral (the German company with an office in Tasmania offers an interface similar to that of Babel Street and Geospark Analytics for an organization’s content)
Lookeen (desktop search for “all your data”. All?)
OnBase ECM (this is a tricky one. ISYS Search sold to Lexmark. Lexmark sold to Highland. Highland appears to be the proud possessor of ISYS Search and has grafted it to an enterprise content management system)
OpenText (the proud owner of many search systems, including Tuxedo and everyone’s fave BRS Search)
Relevancy Platform (three years ago, Searchspring Relevancy Platform was acquired by Scaleworks which looks like a financial outfit)
Sajari (smart site search for eCommerce)
SearchBox Search (Elasticsearch from the cloud)
Searchify (a replacement for Index Tank. who?)
SearchUnify (looks like a smart customer support system, a pitch used by Coveo and others in the sector)
Site Search 360 (not an enterprise search solution in my opinion)
SLI Systems (eCommerce search, not enterprise search, but I could be off base here)
Team Search (TransVault searches Azure Tenancy set ups)
Wescale (mobile eCommerce search)
Wizzy (the name is almost as interesting as the original Purple Yogi system and another eCommerce search system)
Wuha (not as good a name as Purple Yogi. A French NLP search outfit)
X1 Search (from Idea Labs, X1 is into eDiscovery and search)
This is quite an incomplete and inconsistent list from Software Suggest. It is obvious that there is considerable confusion about the meaning of “enterprise search.” I thought I provided a useful definition in my book “The Landscape of Enterprise Search,” published by Panda Press a decade ago. The book, like me, is not too popular or well known. As a result, the blundering around in eCommerce search, Web site search, application specific search, and enterprise search is painful. Who cares? No one at Software Suggest I posit.
My hunch is that this is content marketing for Coveo. Just a guess, however.
Stephen E Arnold, April xx, 2022
Is This a Wake Up Call for Cyber Crime Experts?
April 20, 2022
Do you want to be an in-demand cyber expert? You can. You can learn what you need by watching, downloading, or paying for online courses. Then go for the real money: Consulting, training, and explaining to law enforcement, intelligence, and security professionals. Easy, right.
Just be selective about your customers.
“U.S. Hacker Sentenced to Five Years Following Crypto Lessons in North Korea” reports an actual factual situation involving “expert knowledge.” The write up states:
… crypto currency expert and hacker Virgil Griffith was sentenced to five years in prison this Tuesday for aiding North Korea in avoiding U.S. sanctions. The sentence comes in wake of his participation in a crypto currency-focused conference held in North Korea’s capital city, Pyongyang in April 2019, which the U.S. citizen attended even after being denied a travel permit for the purpose. Griffith pled guilty to conspiracy last year, which accelerated his sentencing.
The original article provides additional information. I just want to focus on the risks of not keeping information confidential and out of certain channels. The issues related to incidents associated with FinFisher, Hacking Team, NSO Group, and other companies have not had much impact on specialized software and services never intended for a nation state at odds with the US or not created for commercial use.
The cyber crime training sector is booming. But certain information can blow up in one’s face. One can recover after five years of rest I suppose. But where was the fabric of clear decision making? In a Pyongyang relaxation spa? Perhaps with McKinsey & Company in Paris, a fave destination for some North Koreans?
Stephen E Arnold, April 20, 2022
Google Responds to Amazon Product Search Growth
April 20, 2022
Here is a new feature from Google, dubbed Lens, we suspect was designed to win back product-search share from Amazon. TechCrunch reveals, “Google’s New ‘Multisearch’ Feature Lets You Search Using Text and Images at the Same Time.” The mobile-app feature, now running as a beta in the US, is available on Android and iOS. As one would expect, it allows one to ask questions or refine search results for a photo or other image. Writer Aisha Malik reports:
“Google told TechCrunch that the new feature currently has the best results for shopping searches, with more use cases to come in the future. With this initial beta launch, you can also do things beyond shopping, but it won’t be perfect for every search. In practice, this is how the new feature could work. Say you found a dress that you like but aren’t a fan of the color it’s available in. You could pull up a photo of the dress and then add the text ‘green’ in your search query to find it in your desired color. In another example, you’re looking for new furniture, but want to make sure it complements your current furniture. You can take a photo of your dining set and add the text ‘coffee table’ in your search query to find a matching table. Or, say you got a new plant and aren’t sure how to properly take care of it. You could take a picture of the plant and add the text ‘care instructions’ in your search to learn more about it.”
Malik notes this feature is great for times when neither an image nor words by themselves produce great Google results—a problem the platform has wrestled with. Lens employs the company’s latest ready-for-prime-time AI tech, but the developers hope to go further and incorporate their budding Multitask Unified Model (MUM). See the write up for more information, including a few screenshots of Lens at work.
Cynthia Murrell, April 20, 2022
Tim Apple and Unintended Consequences: AirPods?
April 19, 2022
Apple in my opinion emphasizes privacy. (How about the iPhone and the alleged NSO Group Pegasus functionality?) “Ukrainians Are Tracking the Movement of Russian Troops Thanks to One Occupier Looter with AirPods.” I am not sure if the write up is accurate. The source says “truth.” But…
The tracking thing is interesting; for example, Phone home malware on an iPhone, an AirTag hidden on a Russian T-14 Armata, or AirPods. Head phones? Yep.
The cited article reports:
A Russian soldier stole [a Ukrainian’s] AirPods (wireless headphones) when looting [the Ukrainian’s] apartment while Russian occupying forces were in Gostomel. Russian soldiers withdrew, but thanks to the technology on Apple devices, Ukrainians can keep track of where their headphones are. Find My technology on Apple devices lets you find the location of a lost device on the map if it’s near Bluetooth smartphones or connected to Wi-Fi.
What can one do with the help geo-location functions? One idea is to use the coordinates as a target for a semi-smart missile. (This is not a criticism of smart software. It is part of the close enough for horseshoes methods which can often deliver the payload somewhere unintended.)
Now about that Tim Apple privacy thing? Pravda or falsehood?
Stephen E Arnold, April 19, 2022
The Value of the NSO Group? Probably More Than Zero
April 19, 2022
The Financial Times published “NSO Group Deemed Valueless to Private Equity Backers.” The orange newspaper stated that a consulting firm studied the intelware outfit and provided information with this startling number. There’s a legal dust up underway, and my hunch is that legal eagles will flock to this situation: Alleged misuse of the Pegasus system, financial investments, and the people involved in assorted agreements. The story points out that NSO Group is “not a party” to this particular lawsuit. The folks funding the legal eagles are a consulting outfit called Berkeley Research Group. An outfit called Novalpina Capital convinced some to put money into the cyber gold mine. Then the PR spotlight illuminated NSO Group and a torrent flowed downhill knocking down some once impregnable structures. Plus the FT’s article references to an outfit called Integrity Partners who, according to the Financial Times, are willing to buy NSO Group for several hundred million dollars. Is this a good deal? In my opinion, something is better than zilch.
An unnamed NSO Group spokesperson indicated that the NSO Group’s system was of interest to many customers. If this is true, wasn’t the most recent license deal inked in mid 2021 for the platform? My thought is that the company’s proprietary technology would be of interest to other intelware firms interested in obtaining the licensee base and the platform which might benefit from newer, more sophisticated geo-spatial functionality which I will describe in my OSINT lecture at the US National Cyber Crime Conference on April 26, 2022. Sorry, the info is not for a free blog, gentle reader.
In my opinion, the referenced write up presents a fairly chaotic snapshot of the players, the valuation, and the legal trajectory for this matter. We need to bear in mind that NSO Group is hitting up the US Supreme Court and dealing with its Tim Apple issues.
One thing is crystal clear to me: The NSO Group’s misstep is now sending out concentric pulses which are extremely disruptive to entities rarely in the public spotlight. This is unfortunate and underscores why the Silicon Valley Tel Aviv style is not appreciated in some upscale social circles.
Stephen E Arnold, April 19, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
