Tor Friendly ISP Takes a Break

October 17, 2022

I usually do not post “real news.” I am making an exception today because two Tor friendly ISPs have taken a break. Usually when law enforcement takes down a Dark Web centric outfit, there are news releases, news stories, and reports about sentencing (if the “owners” are convicted).

Our routine check of the 24 Tor friendly ISPs we track, Ablative have either “paused” sign ups or disappeared. We are working to track down the individuals who have played a role in these companies. That’s not the easiest task for my team. There are some nifty obfuscation techniques available and creating personas (what some call sock puppets) is easy. Plus, the technique of paying a person in need of cash to set up an account without revealing how that account will be used is easier than ever. (Just check out the folks using free WiFi at a public library, a coffee shop near a university or methadone clinic, or individuals loitering near a food disbursement point.

Stephen E Arnold, October 18, 2022

Metazuck: An All Too Common Response in Silicon Valley Land

October 17, 2022

“How TikTok Ate the Internet” is a business school write up which contains some interesting data; for example:

The web’s most popular app [TikTok] has reshaped American culture, hypnotized the world and sparked a battle between two global superpowers…TikTok’s website was visited last year more often than Google. No app has grown faster past a billion users, and more than 100 million of them are in the United  States, roughly a third of the country. The average American viewer watches TikTok for 80 minutes a day — more than the time spent on Facebook and Instagram, combined.

I think this means is that TikTok is the next big thing… after almost a decade in the gloomy bedrooms of teens.

Fortune Magazine explains “Mark Zuckerberg admits he missed a social networking trend that led to the TikTok boom.” How is this possible? Easy. Facebook or the Zuckbook just missed the next big thing. Money and legal woes can distract I suppose.

Now the Zucker wants to catch up. One article has the interesting title “Meta Has Burned $15 billion Trying to Build the Metaverse — And Nobody’s Saying Exactly Where the Money Went.” The write up focuses on using money to leap frog the next big thing. Okay, that may work, but I don’t think tech gurus on the way down can buy their way back up.

What’s my view of the Zucker’s situation? Think about a person watching a hauspex chop out a goat’s liver. The spectacle and the solemnity of the event fuels the hope that the desired outcome will be foretold. Sure it is.

In terms of Silicon Valley, the idea is that money divines the future. How does one deal with TikTok and a decided lack of enthusiasm for spending time in a cartoon without legs or a way to send a text?

Money.

Let’s take a helicopter to 3,000 feet and check out the lay of the Silicon Valley method.

  1. Spending money to “apply” technology is the best way to fix a problem. Is the logic, “Hey, this worked for the iPhone, and it will work in the TikTok situation.”
  2. The mental frame for solving problems ignores soft factors like users who want and need to use the TikTok content experience. Social graphs and knock off service. Thank you, no.
  3. The cloud of misperception is “a certain blindness” which is touchingly centered in Silicon Valley it seems from my helicopter.

Is the problem China and super algorithms?

First, TikTok’s method is not that sophisticated based on our examination of the system. Sure, the surveillance stuff is good, but that’s old hat in the intelware game. Everyone attributes technological wizardry to TikTok. Some influence? Sure. But the drip of digital anesthesia is easier and more fun when administered in the somewhat negative post Covid world.

Second, the Chinese government is not exactly the world’s most progressive institution. Bureaucrats recognized an opportunity to inject content and took it.

Third, the Silicon Valley mindset arrived late and the high speed train had departed the station. Buying a train does not deliver a way to catch up. What about building a rocket ship?

Net net: Long shot.

Stephen E Arnold, October 17, 2022

Want a Cyber Security Job But Know Zero? Will a Fake LinkedIn Profile Help You?

October 17, 2022

LinkedIn has unwittingly become a vector for the spread of false information. Krebs on Security reports, “Fake CISO Profiles on LinkedIn Target Fortune 500s.” A slew of fake LinkedIn profiles mysteriously appeared for Chief Information Security Officers purportedly serving at high-profile companies. Some were entirely original fabrications, but at least one lifted a description from the actual CISO’s profile. See the write-up for screenshots of a few offending profiles.

Who is fooled? Organizations looking for cybersecurity professionals. And not just on LinkedIn. Apparently other sources unwittingly perpetuated the lies, sources like Google Search, Apollo.io, Signalhire, Cybersecurity Ventures, and Cybercrime Magazine’s CISO 500 list. Whoever is behind the effort must have been delighted. It was apparently Honeywell’s former CISO Rich Mason who first noticed the trend and sounded the alarm. Krebs notes:

“Again, we don’t know much about who or what is behind these profiles, but in August the security firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at crypto currency firms. None of the profiles listed here responded to requests for comment (or to become a connection). In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down.”

We are sure they are. The article suggests some ways the site could make things easier on themselves in the future. Maybe even catch and remove such fabrications before they make it to other media channels. We are told:

“LinkedIn could take one simple step that would make it far easier for people to make informed decisions about whether to trust a given profile: Add a ‘created on’ date for every profile. Twitter does this, and it’s enormously helpful for filtering out a great deal of noise and unwanted communications. The former CISO Mason said LinkedIn also could experiment with offering something akin to Twitter’s verified mark to users who chose to validate that they can respond to email at the domain associated with their stated current employer. … Mason said LinkedIn also needs a more streamlined process for allowing employers to remove phony employee accounts.”

It is unlikely that we’ve seen the last of this tactic. LinkedIn should bolster its safeguards and streamline its reporting process. Meanwhile, other sources must learn to verify information they find on the site. Safeguarding one’s reputation for accurate data should be worth the effort.

Cynthia Murrell, October 17, 2022

Silicon Valley Follies: Fodder for a Video Series

October 14, 2022

Quite an interesting few days.

First, Microsoft demonstrated “meta” thinking in two ways. The friendly company bonded with the real Meta (the Zuckbook in my lingo) to put the legless electronic game thing in Teams. Yeah, cool. Read more in “Meta Platforms: Microsoft Partnership and New VR/AR Device.” The Softies announced a consulting chestnut. Microsoft moved from selling Word (a standalone app), to flogging Office (a bundle of apps which contained Word), and now to Office 365 (a subscription to a collection of apps). That in consultant speak is “popping up a level” or a meta-move (not to be confused with Zuck think, please). Read more about this thinking and branding play in “Microsoft Office Will Be Replaced by Microsoft 365 As Part of Its Ongoing Refresh.”

A second interesting development was Google’s illustration of tightly integrated coordination among its operating units. The company killed Stadia, the earth shaking online gaming platform. You can read about one incisive strategic move in “When Stadia Dies, It’s Taking Its Platform-Exclusive Game Outcasters with It.” Then Google announced Chromebooks set up for online gaming.” You can read about this easy-to-understand complement to the termination of Stadia in “Google Introduces Chromebooks Geared for Cloud Gaming.” Definitely a clever chess move.

But the highlight for me was management acumen at Amazon and Google. “Google Datacenter Contractors Claim Retaliation for Talking Workers’ Rights” reports:

Amazon has also been fending off attempts by its workers to unionize. It stands accused of harassing union organizers, according to a consolidated complaint filed earlier this month for which it was due to lodge a response last week. The workers allege that in the months before the failed unionization attempt at its LDJ5 warehouse on Staten Island in May, they were harassed for displaying pro-union material in their downtime, among other things. Amazon told us at the time: “These allegations are completely without merit and we look forward to showing that through the process.”

And the Google followed what appears to be a similar management playbook. The article says:

The union is claiming that when Allied Universal was brought in as a replacement for a previous security contractor for Google Data Centers, workers were allegedly told they were no longer entitled to the minimum standard of benefits Google guarantees for all extended workers. Google uses the term “extended workforce” to refer to contractors, contract workers, and independent companies who work for the search giant.

True or false? Who knows. I enjoy the discussion of these management-staff and management-contractor interactions. Slick stuff.

The spirit of the science club (the metaverse avatars will have legs soon) and the thirst for power (monopolies anyone?) are alive and well. Despite the downturn in Silicon Valley’s fortunes, the spirit of the mythical land of unicorns is thriving.

Stephen E Arnold, October 14, 2022

Twitter: Gee, It Is Great Just Broken Like Humpty Dumpty

October 14, 2022

I read “Elon Musk Can’t Fix Twitter Because No One Can.” Fascinating. A service much-loved by “real” journalists, pundits, LinkedIn haters, and content savvy glitterati is broken. When I see the word “broken,” I think about Humpty Dumpty, the anthropomorphic gamete.

The “fail whale” broken? Isn’t that one of the cute error messages the “tweeter” — a word coined by a brilliant elected official in the US, I believe — was offline.

The write up asks:

Meanwhile. Here’s a thought experiment: What happens if Twitter goes offline tomorrow, for good?

I know my answer. Ready? Nothing. For those who need to output content, there are numerous options; for example, Reddit, HackerNews, free blogs, TikTok, and my personal fave, Substack-like services. These are ideal for outputters: A publishing medium without an editor! For those with big bucks, a motivated quasi expert can create a social media start up or just download some open source software and go, go, go.

The write up includes some data; for example:

just 23 percent of American teens say they use the service now, down from 33 percent in 2014.

I wonder what percentage of Vox-type professionals rely on Twitter? Possible more than the dismal teen user percentage I would guess.

The write up explains what Twitter is:

Twitter is simply the top layer of social media, mainly because it’s quite searchable, especially compared to TikTok (for now). It’s a guide to the rest of the internet, not a hangout.

Why have some tweeters abandoned the Twitter outputter?

Too much hassle, not enough upside.

Interesting. How will the Silicon Valley type “real” news content reach “users”?

Why not start a subscription-only information service? Those work really well because the endnote to this impassioned analysis of the tweeter says this:

Now is not the time for paywalls. Now is the time to point out what’s hidden in plain sight (for instance, the hundreds of election deniers on ballots across the country), clearly explain the answers to voters’ questions, and give people the tools they need to be active participants in America’s democracy. Reader gifts help keep our well-sourced, research-driven explanatory journalism free for everyone. By the end of September, we’re aiming to add 5,000 new financial contributors to our community of Vox supporters. Will you help us reach our goal by making a gift today?

Yep, begging for dollars in a message longer than many tweets.

Stephen E Arnold, October 15, 2022

Internet Archive: Maybe a Goner?

October 14, 2022

We conceptualize the Internet is an unobstructed entity. The Internet relies on a high-tech, interconnected network of servers and wires that requires an unknown amount of energy. If there are any power outages or the servers breaks, then the Internet is gone. Unfortunately, it could mean the Internet Archive, an online archive of digital media, could disappear due to a lawsuit brought on by authors and publishers.

Slate explains why authors and publishers are upset with the Internet Archive in: “Could The Internet Archive Go Out Like Napster?” In March 2020, the Internet Archive allowed users to check out more than one item from its scanned book collection due to the COVID-19 pandemic. The event was called the National Emergency Library, but publishers and authors claimed this was piracy and harmed their profits. Lawsuits were filed and the National Emergency Library was shut down. The lawsuits are still ongoing, but authors, librarians, and other organizations are worried the Internet Archive could disappear:

“One thing hasn’t changed: fears that the vagaries of this case could cripple the archive and, subsequently, the myriad services it offers the 1.5 million people who visit it every day. In addition to lending books digitally, the Internet Archive hosts the Wayback Machine, a tool that has chronicled internet history since 1996; the concern is that if legal costs drain the archive of its funds, all of its services could be affected. Users of the site and digital archivists have compared the potential loss of the archive’s services to the burning of the Library of Alexandria. Yet book companies also view the stakes here as existential for their business model; the International Publishers Association stated that this case is of “global significance” to its members.”

If the problem was only about the National Emergency Library, then the lawsuits would be over. The bigger picture surrounds how publishers want to block controlled digital lending. There are many ways libraries allow users to check out digital media, popular methods include securing licenses through an app like Libby. Publishers and some authors want to block controlled digital lending, because they only make profits from the first purchase. The use of ebook loans, however, allows them to charge per read. Librarians love controlled digital lending, because it would save them money.

The Internet Archive uses controlled digital ending and states its book collection falls under fair use. The Internet Archive allows users access to a multitude of books that are in copyright limbo: they are out of print, no one knows who owns the copyright, or physical copies are scarce.

Publishers could work with the Internet Archive, but profits always win over the decency of keeping a non-profit (that actually does something good) up and going. So much for the free, digital utopia, the Internet was supposed to be.

Whitney Grace, MLS, October 14, 2022

China Plans to Promote, and Regulate, Digital Humans

October 14, 2022

We learn from Rest of World that “Beijing Will Regulate ‘Digital Humans’ in the Metaverse and Beyond.” Because of course it will. The proclamation was issued in the government’s four-year Action Plan, a document that indicates to businesses what it expects of them in the near future. The Chinese seem quite taken with “digital humans,” from virtual idols to game avatars, and President Xi Jinping is eager to capitalize on the trend. Reporter Meaghan Tobin specifies:

“The plan envisions huge growth in the next few years, projecting that by 2025, revenue will hit $7.3 billion in the capital city alone — and expecting that virtual humans will assist with online banking, shopping, and travel services within the next few years.”

Though the growing virtual idol industry has a real problem with overworked employees, that is not a focus of the plan. It has two main priorities: One, naturally, is to promote the “healthy and orderly development of society.” Aka censorship. The other is the security of personal information. That sounds like a good thing—until one considers the government seeks to secure this data for its own purposes. Protecting users from criminals may be just a side benefit. Citing Hanyu Liu, an analysis of China’s gaming and metaverse industries, Tobin continues:

“The plan also signals that Beijing will take a more active role in handling the personal data generated by these platforms. Some of the directives outlined in the plan require any user-facing aspect of the digital human industry to be subject to rules that protect information about and generated by platform users, while also treating user data as a resource to be traded on the country’s new data exchanges. As is the case on almost all user-facing tech platforms in China today, Liu noted, any users of metaverse or gaming platforms that could be considered part of the digital human industry will likely be required to tie their online personas to their real-life identification documents.”

So we should not expect to see a wave of virtual protestors in China any time soon. According to Qiheng Chen, who has analyzed China’s tech policies, this push is an effort to garner talent and funds that will support its larger goal—making the country more self-sufficient in related industries like semiconductors and artificial intelligence. Those do sound a bit more strategic than simply embracing the whimsy of digital pop stars.

Cynthia Murrell, October 14, 2022

Microsoft Teams and Sensitive Information

October 13, 2022

I read a somewhat unusual analysis of Microsoft Teams security. “Microsoft Teams Users Are Using It for a Really Bad Reason, So Stop Now” presents some data about Teams’ users and their sending information over the system. Now the purpose of Teams and similar conferencing software is to exchange information. Therefore, access to Teams sessions and the data exchanged while using the using may have some value to certain individuals if such access were available.

Okay, now let’s look at some of the numbers in the write up:

  • 45 percent of those in the sample (who knows how many were in the sample by the way?) “admit to sending confidential and sensitive information frequently via Microsoft Teams.” Now let’s think about this. Does this mean that 55 percent of those using Teams do not provide “confidential or sensitive information”? Is this a measure of productivity which Teams enhances?
  • 51 percent were found to be “sharing business critical information.” I am not sure I understand the distinctioin between “sensitive” and “business critical. The idea that half of those using Teams don’t share important data.
  • 56 percent believe training is needed.

Net net: Microsoft may have to do more than silence Teams’ blowhards. See “Microsoft Is Working Hard to Shut Up the Egotistical Blowhard on Your Team.”

Stephen E Arnold, October 15, 2022

Google Pixel: A Microcosm of the Company Itself

October 13, 2022

The reliable technology cheer squad tries to do one thing and delivers another. Let me explain my perception. I read “Why Google Pixels Aren’t As Popular As iPhones and Samsung Galaxy Phones.” The article tries quite hard to be an objective discussion of Google losing out in the hardware game.

The article describes several issues; to wit:

  • Early missteps with distribution
  • Silicon Valley supporters’ efforts fall short as Google played catch up
  • Hardware was just okay
  • Cameras were behind the cats in Cupertino’s gizmos
  • Google lacked and lacks a “strong identity”

The write up focuses on Google’s mobile efforts. However, these issues — strategic and tactical failures — are those which have plagued many of Alphabet’s efforts. There’s the wonderful “solving death” effort, the amusing creation of the glasshole meme, and the total craziness of Google Maps in its present incarnation.

What’s the point? We have an outfit which was greatly influenced by Yahoo, GoTo, and Overture and these firms’ approach to online advertising. We have an acquired product YouTube which challenges the GDP of many nations with its engineering costs, bandwidth costs, legal costs, and content moderation (such as it is) costs. We have a management approach which if it were not harmful to careers of those who disagree with senior management like something out of a Marx Brothers’ film.

Why aren’t Pixel popular? For starters, the phone is in the Google fractal. Each iteration mirrors the initial algorithm’s starting point. Clever? You bet. The cheerleaders have expressed a core truth: Gimme a C, gimme an H, gimme an A, gimme an O, gimme an S. What’s it spell? Chaos. Rah Rah Rah.

Stephen E Arnold, October 13, 2022

TikTok and Adderall: A Combo of Interest

October 13, 2022

The pandemic has made it challenging to access healthcare in a timely fashion. Virtual visits can help—if done properly. That is why the Department of Health and Human Services began allowing providers to skip in-person evaluations before prescribing controlled substances. It was an emergency measure, but it is difficult to imagine ever stuffing that genie back in its bottle. Naturally, some entities have seized this opportunity to rake in profits at the expense of vulnerable, mostly younger, patients. Vox reports, “‘Scary Easy. Sketchy as Hell.’ How Startups Are Pushing Adderall on TikTok.” Reporter Sara Morrison writes:

“Due to a combination of the pandemic and the rise of telehealth startups, it’s never been easier to come across social media content that will convince you that you might have ADHD, or services that will prescribe meds for it if they determine that you do. But that content isn’t always coming from health care professionals. Much of the TikTok content can be considered inaccurate or misleading. Meanwhile, it’s especially important that ADHD assessments are careful and thorough so that health care professionals can rule out other conditions with the same or similar symptoms as ADHD, look for coexisting conditions, and screen for people who are seeking ADHD meds like Adderall to abuse. Diagnosing someone with a condition they don’t have — and prescribing meds to treat it — means they aren’t getting diagnosed and treated for whatever condition or conditions they do have. And ADHD meds aren’t effective when taken by people who don’t have ADHD, but they can be addictive and abused. … Between the beginning of 2020 and the end of 2021, prescriptions for Adderall and its generic equivalents increased by nearly 25 percent during the pandemic for the 22-44 age group, a trend that health care analytics firm Trilliant Health attributed to ‘the emergence of digital mental health platforms.'”

Accurate diagnoses can be made online, but only if providers dedicate ample time to each assessment—preferable about two hours. These TikTok opportunists allot much less time. The aptly named Done, for example, offers 30-minute assessments with 15-minute follow-ups. Even some of the patients, though eager for a solution, report feeling rushed. Public scrutiny does seem to have curbed the trend somewhat. But Morrison notes Done, for one, is not slowing down its prescription gravy train. See the write-up for more details, but basically Done has partnered with several influencers to push its brand and, it seems, convince TikTok users they need its services. Then, of course, the platform’s algorithm feeds more and more of this content, much of it inaccurate, to users who express any interest in ADHD.

In general, telehealth can be a real boon for those who need healthcare during this time of chronic staff shortages. Too bad some shady companies are seizing this moment profit at all costs.

Cynthia Murrell, October 13, 2022

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta