StreetView AI Protects Privacy of Canadian Sasquatch Statue
April 15, 2022
Here is an amusing AI edge case that could have benefitted from a helping human hand. The Vernon Morning Star reports, “Sasquatch Censored? Harrison’s Landmark Carving is Camera Shy in Google StreetView’s Eyes.” Writer Adam Louis tells us:
“Local Facebook groups were amused by a quirk of the interactive map-making technology that normally blurs the faces of people pictured in StreetView pictures. According to an observation originally posted on Twitter from CBC Vancouver municipal affairs reporter Justin McElroy, it seems the face-hiding feature also works on large wooden statues; the grinning face of the iconic Sasquatch statue that sits outside the welcome sign at the entrance of Harrison Hot Springs has also been blurred.”
Of course, automatically blurring human faces is StreetView’s default policy. It could be considered a complement to the sculptor that their work fooled the algorithm. Though that unnamed artist or other Sasquatch enthusiasts may want to see the mistake reversed, it seems to be set in stone. The write-up notes:
“While there is a link that allows users to report items for additional blurring – whether it’s a car, house or person – there does not appear to be a way to request a person or object to be un-blurred. Answers in Google Maps Help forums largely agree that once blurring is done, it’s permanent and irreversible.”
Curious readers need not travel to the Harrison River Valley to view the statue’s face, however. As of this writing, a photo of is featured at the top of the Sasquatch Trail web page.
Cynthia Murrell, April 15, 2022
Windows System Flaw Exploited In Ransomware
April 15, 2022
Will your Windows 11 set up result in losing your data? That’s a rumor. We learned that there may be other risks in the Microsoft ecosystem as well.
Microsoft Windows is the most deployed operating system in the world. It is also the easiest operating system to learn and, unfortunately, exploit. Tech Radar explains how bad actors hack Windows systems in the article, “Windows And LinkedIn Flaws Used In Conti Ransomware Attacks, Google Warns.”
The Conti ransomware group Exotic Lily work as initial access brokers to hack organizations, steal their digital data, and ransom it back to the rightful owners or sell access to the highest bidder. What is interesting is ransomware groups usually outsource their initial access efforts before taking over the attack, then deploying the malware. Google’s Threat Analysis Group research Exotic Lily and was surprised by the amount of advanced tactics and the large amount of grunt work it does. The Threat Analysis Group discovered that Exotic Lily works in the following way:
“The group would use domain and identity spoofing to pose as a legitimate business, and send out phishing emails, usually faking a business proposal. They would also use publicly available Artificial Intelligence (AI) tools to generate authentic images of humans, to create fake LinkedIn accounts, which would help the campaign’s credibility. After initial contact has been made, the threat actor would upload malware to a public file-sharing service, such as WeTransfer, to avoid detection by antivirus programs, and increase the chances of delivery to the target endpoint. The malware, usually a weaponized document, exploits a zero-day in Microsoft’s MSHTML browser engine, tracked as CVE-2021-40444. The second-stage deployment usually carried the BazarLoader.”
The Threat Analysis Group believes Exotic Lily is an independent operator and works for the highest bidder. It has used ransomware attacks based on Conti, Wizard Spider, and Dial. Exotic Lily targets healthcare, cyber security, and IT organizations, however, it has been expanding its victim base.
But is Google overstating, do some marketing, or trying to help out valued users?
Whitney Grace, April 11, 2022
NSO Group to US Supreme Court: Help!
April 14, 2022
The “real news” outfit the Associated Press ran an article called “NSO Turns to US Supreme Court for Immunity in WhatsApp Suit.” The main idea is that Zuckbook’s lawsuit has to go away. The legal dust up dates from 2019. Zuckbook alleges that NSO Group zapped more than 1,000 users of WhatsApp, a popular instant messaging service. WhatsApp delivers alleged end to end encrypted messaging (EE2E). Intercepting content WhatsApp users think is secure can deliver some high value intelligence if available to certain professionals. NSO Group’s idea is that it is a “foreign government agent.” As such, NSO Group cannot be hassled for its specialized software and services. Why is the issue at the US Supreme Court? The answer is that in previous legal proceedings, federal court rulings said, “Sorry. Zuckbook’s case goes forward.”
I am no attorney, but the sovereign immunity angle sounds good: Intelware, used by some US allies, and good at what it does. The reasoning of the courts is that the NSO Group is not going to get the sovereign “get out of jail free” card in this Monopoly game. Why? According to the information in the write up, NSO Group is software, not an “agent.”
Three observations:
- NSO Group is hoping the third time is a charm in US courts it seems.
- The company just cannot stay out of the newsfeeds. Maybe its management team should start a PR firm.
- The Supreme Court can be picky about what it takes on and when it does accept a case, the outcome can be surprising, very surprising.
Net net: The intelware sector is likely to find itself under more intense scrutiny as the endless barrage of NSO Group publicity flows.
Stephen E Arnold, April 14, 2022
Teams Tracking: Are You Working at Triple Peak?
April 14, 2022
I installed a new version of Microsoft Office. I had to spend some time disabling the Microsoft Cloud, Outlook, and Teams, plus a number of other odds and ends. Who in my office uses Publisher? Sorry, not me. In fact, I knew only one client who used Publisher and that was years ago. We converted that lucky person to an easier to use and more stable product.
We have tried to participate in Teams meetings. Unfortunately the system crashes on my Mac Mini, my Intel workstation, and my AMD workstation. I know the problem is obviously the fault of Apple, Intel, and AMD, but it would be nice if the Teams software would allow me to participate in a meeting. The workaround in my office is to use Zoom. It plays nice with my machines, my mostly secure set up, and the clumsy finger of my 77 year old self.
I provide the context so that you will understand my reaction to “Microsoft Discovers Triple Peak Work Day for Its Remote Employees.” As you may know, Microsoft has been adding features to Teams since the pandemic lit a fire under what was once a software service reserved for financial meetings and some companies that wanted everyone no matter what to be in a digital face to face meeting. Those were super. I did some work for an early video conferencing player. I think it was called Databeam. Yep, perfect for kids who wanted to take a virtual class, not a presentation about the turbine problems at Lockheed Martin.
Microsoft’s featuritis has embraced surveillance. I won’t run down the tools available to an “administrator” with appropriate access to a Teams’ set up for a company. I want to highlight the fact that Microsoft shared with ExtremeTech some information I find fascinating; to wit:
… when employees were in the office, it found “knowledge workers” usually had two periods of peak productivity: before lunch and after lunch. However, with everyone working from home there’s now a third period: late at night, right before bedtime.
My workday has for years begun about 6 am. I chug along until lunch. I then chug along until dinner. Then I chug along until I go to sleep at 10 pm. I like to think that my peak times are from 6 am to 9 am, from 10 am to noon, from 1 30 pm to 3 pm, and from 330 to 6 pm. I have been working for more than 50 years, and I am happy to admit that I am an old fashioned Type A person. Obviously Microsoft does not have many people like me in its sample. The morning, as I recall from my Booz, Allen & Hamilton days, the productive in the morning crowd was a large cohort, thousands in fact. But not in the MSFT sample. These are lazy dogs its seems.
Let’s imagine your are a Type A manager. You have some employees who work from home or from a remote location like a client’s office in Transnistia which you may know as the Pridnestrovian Moldavian Republic. How do you know your remotes are working at their peak times? You monitor the wily creatures: Before lunch, after lunch, and before bed or maybe to a disco in downtown Tiraspol.
How does this finding connect with Teams? With everyone plugged in from morning to night, the Type A manager can look at meeting attendance, participation, side talks, and other detritus sucked up by Teams’ log files. Match up the work with the times. Check to see if there are three ringing bells for each employee. Bingo. Another HR metric to use to reward or marginalize a human personnel asset.
I will just use Zoom and forget about people who do not work when I do.
Stephen E Arnold, April 14, 2022
Seniors Can Soon Experience Their Oats
April 14, 2022
If TikTok is for Gen Z, Facebook is the digital home for about half of Gen X, Baby Boomers, and whatever members of the Silent and Greatest Generations have made their way online. (For their part, Millennials seem to be everywhere.) According to a recent Pew survey, almost 72 million Americans over 50 use Facebook and, for many, it is the only social media platform they use. Now, though, there is an alternative made just for the grey-haired set. Ars Technica reports, “AARP-Backed Social Network Looks to Lure Older Users from Facebook.” We learn:
“The nonprofit funded the creation of Senior Planet Community, a social media network that encourages users to join pre-existing groups around shared interests, including gardening, travel, fitness, food, and technology. In that way, it feels more like a pared-down version of Reddit or a small collection of forums. The social network was developed by an AARP affiliate, Older Adults Technology Services. … Besides its focus on the 50-plus set, Senior Planet Community stands apart from Facebook in that it’s not commercial. The site has no advertising or membership fees. Unless the cost to run the site grows substantially, that probably won’t present much of a problem. AARP isn’t saying how much it has put into Senior Planet Community, but the organization is famously well-capitalized, with $2.3 billion in net assets and $1.7 billion in revenue in 2020. At present, the site is bare-bones when compared with Facebook. There’s no mobile app yet, though OATS says it hopes to develop one. The site is mobile-friendly at least, and all the requisite features are there, including groups, photo sharing, @-mentions, notifications, and direct messaging.”
Writer Tim De Chant points out the platform has a list of “house rules” meant to keep discussions both courteous and truthful. A more civilized atmosphere may indeed entice elders, but we have yet to learn how the site will handle moderation. Senior Planet Community spent a just month in private beta before recently opening to seniors everywhere, inviting them to “age with attitude.” Exactly how much attitude will be tolerated remains to be seen.
Cynthia Murrell, April 14, 2022
Googley Fact-Checking Efforts
April 14, 2022
Perhaps feeling the pressure to do something about the spread of falsehoods online, “Google Rolls Out Fact-Checking Features to Help Spot Misinformation” on developing news stories, reports Silicon Republic. The company’s product manager Nidhi Hebbar highlighted several of these features in a recent blog post. One is the search platform’s new resource page that offers suggestions for evaluating information. Then there is a new label within Google Search that identifies stories frequently cited by real news outfits. We also learn about the company’s Fact Check Explorer, which answers user queries on various topics with fact checks from “reputable publishers.” We are told Google is also going out of its way to support fact-checkers. Writer Leigh McGowran explains:
“Google has also partnered with a number of fact-checking organisations globally to bolster efforts to deal with misinformation. This includes a collaboration with the International Fact Checking Network (IFCN) at the non-profit Poynter Institute. This partnership is designed to provide training and resources to fact checkers and industry experts around the world, and Google said the IFCN will create a new programme to help collaboration, support fact checkers against harassment and host training workshops. Google is also working with the collaborative network LatamChequea to train 500 new fact checkers in Argentina, Colombia, Mexico and Peru.”
The problem of misinformation online has only grown since it became a hot topic in the mid-teens. The write-up continues:
“Events such as the Covid-19 pandemic and the US Capitol riots in January 2021 flung online misinformation into the sphere of public debate, with many online platforms taking action on misleading or inaccurate info, whether posted deliberately or otherwise. Misinformation has come to the fore again with the Russian invasion of Ukraine, as people have reported seeing misleading, manipulated or false information about the conflict on social media platforms such as Facebook, Twitter, TikTok and Telegram.”
Will Google’s resources help stem the tide?
Cynthia Murrell, April 14, 2022
NSO Group: Another Admission, This One Is Very, Very Negative
April 13, 2022
I don’t have much to say about the allegations in “NSO Confirms It Gave Israeli Police Access to Malware to Spy on Israelis.” The write up states:
The world’s foremost purveyor of zero-click exploits capable of completely compromising phones of targets is still in damage control mode. The damage can no longer be controlled, though. So, it’s basically just NSO admitting the nasty things said about have been mostly true.
The article does not pull punches:
If Hulio [a big wheel at NSO Group] wants to argue about the specifics of Israeli surveillance law, that’s one thing. But to claim that “listening in on calls” and turning phones into “listening devices” isn’t spying is absurd. Even in its weakened state, the spyware was completely capable of doing plenty of surveillance. And Hulio freely admits it was used to target Israelis. That is domestic surveillance. Lawful or not, that’s what happened and that’s what NSO enabled.
I believe that NSO Group manifested the confidence and “we can do what is possible”. Unfortunately the company’s management has created some challenges for the intelware sector. There’s the frightening aspect of spyware on a phone which embeds itself without the owner of the phone clicking, answering, or tapping. Then there’s the alleged link between the Pegasus and related technology and some unfortunate outcomes. (In my book, being killed is a Grade A unfortunate outcome.) Also less robust intelware outfits operating out of Israel have to check in with a den mother before following their sales instincts and closing some deals.
The disappointing facet of this very public discussion of NSO Group’s technology and business approach is that law enforcement may find that certain technology will not be sold or licensed by some vendors. Period. That’s not helpful in my opinion. The intelware sector is going to have to relearn the policies and procedures of low profile behavior and enforcing secrecy. Can these vendors learn some new tricks? Sure. But now with reporters chasing intelware developers and lawyer circling, has the once unlimited opportunity space been converted into a digital Shrinky Dink? (Don’t know about Shrinky Dinks? Click here.)
Stephen E Arnold, April 13, 2022
NSO Group Update: Surprise! We Knew Zippo
April 13, 2022
I find it interesting that Reuters in the midst of a war, a Covid thing, and economic craziness has the desire to recycle themes about the NSO Group. “Exclusive: Senior EU Officials Were Targeted with Israeli Spyware” reports that the intelware vendor is still snagged in brambles. The news story reports that Reuters’ reporters reviewed some documents which apparently reveal more interesting applications of Pegasus and possibly other specialized services provided by the Israeli company. The alleged spying popped up as a note from the very big, very privacy talking outfit Apple. I think it would be unnerving to receive a notice like “you may be targeted” instead of “Confirm your Apple payment information.”
The trusted news source (yes, that would be Thomson Reuters) included a statement from NSO Group that suggested the firm’s specialized software was not able to perform alleged spying on EU officials. The story points out that examination of mobile devices did not reveal a smoking gun or smoking bits as it were.
Several observations:
- Real journalists from Thomson Reuters are watching NSO Group and information about the firm. I interpret this attention to mean, “More stories about NSO Group will be coming down the information highway.”
- NSO Group continues to point out that the company is mostly in the dark when these allegations become real news.
- Legal eagles will flock and frolic in Brussels and then take off, head east, and drop bundles of assorted legal documents on the individuals still working at NSO Group.
- NSO Group will get a lot of booth traffic at the ISS Telestrategies Conference in Prague in a few weeks.
Net net: The amping up of public information about NSO Group in particular and intelware in general is not helpful to a number of agencies and companies. (I spoke with a US vendor of intelware as part of the research for my Spring lectures. A spokesperson for the company said on a Zoom call, “Please, do not mention our firm to those in your law enforcmeent audiences.” The reason: The company wants to sell to marketing firms, not government agencies. Too much risk.)
Stephen E Arnold, April 13, 2022
Is Tim Apple Worried: How Can Regulators Ignore What Apple Wants?
April 13, 2022
I know Apple and Tim are important. Fresh from a right to repair campaign and the cute move to make upgrades to the new and improved Mac Mini Studio, Tim Apple faces a poor report card. Tim Apple has failed Apple’s employee-acolyte examination. “Apple’s Tim Cook Warns of Unintended Consequences in App Store Antitrust Legislation” reports:
Apple CEO Tim Cook blasted regulatory proposals by Congress and in the European Union on Tuesday, arguing that legislation aimed at cracking open the company’s app store will hurt user security and privacy.
Are we talking Apple stalker gizmos? (This is my synonym for the Apple AirTag. Please, see “Apple AirTags Allegedly Being Used by Stalkers: Viral Twitter Thread.”
Nope. The idea that elected officials want to permit sideloading.
Let me translate: If an iPhone user wants to load an application without going through Apple’s online store, bad things will happen. Remember the good, old days of buying software in a box and installing it. That’s sideloading in my book.
Are we talking Apple compliance with rules in China and Russia (pre-Ukraine, of course)?
The write up continues:
Former top national security officials have sided with Apple, saying that requiring iPhones to accept apps that may lack sufficient security protections could ultimately endanger the country.
Are we talking Apple’s often decidedly un-snappy response to legitimate government requests? Nope. We are talking national security and the unnamed terrible things waiting to roar down the on ramp of the information highway to deliver (my goodness!) unintended consequences.
Several observations:
- Tense much, Mr. Apple?
- Are we talking about AirTags?
- Concerned about losing a revenue stream?
- Worried about regulation after decades of riding horses hard in the digital Wild West?
I would prefer more action related to the personnel issues which are smoking on the burning brush at the spaceship.
Stephen E Arnold, April 13, 2022
A Question about Robot Scientist Methods
April 13, 2022
I read “Robot Scientist Eve Finds That Less Than One Third of Scientific Results Are Reproducible.” The write up makes a big deal that Eve (he, her, it, them) examined in a semi automated way 12,000 research papers. From that set 74 were “found” to be super special. Now of the 74, 22 were “found” to be reproducible. I think I am supposed to say, “Wow, that’s amazing.”
I am not ready to be amazed because one question arose:
Can Eve’s (her, her, it, them) results be replicated. What about papers about Shakespeare, what about high energy physics, and what about SAIL Snorkel papers?
Answers, anyone.
I have zero doubt that peer reviewed, often wild and crazy research results were from one of these categories:
- Statistics 101 filtered through the sampling, analytic, and shaping methods embraced by the researcher or researchers.
- A blend of some real life data with synthetic data generated by a method prized at a prestigious research university.
- A collection of disparate data smoothed until suitable for a senior researcher to output a useful research finding.
Why are data from researchers off the track? I believe the quest for grants, tenure, pay back to advisors, or just a desire to be famous at a conference attended by people who are into the arcane research field for which the studies are generated.
I want to point out that one third being sort of reproducible is a much better score than the data output from blue chip and mid tier consulting firms about mobile phone usage, cyber crime systems, and the number of computers sold in the last three month period. Much of that information is from the University of the Imagination. My hunch is that quite a few super duper scholars have a degree in marketing or maybe an MBA.
Stephen E Arnold, April 13, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
