Amazon and Counterfeit Products: Are They Really Are Here to Stay?

June 9, 2022

Counterfeit products once took some effort to locate. A quick trip to Orchard Street in lower Manhattan might yield some interesting finds. How about a $10 Rolex. A jaunt through a side street in Wuhan? A visit to a certain store in a shopping center in Bangkok? A journey to a jeweler located in a suburb of San Antonio?

But the Disneyland of counterfeits is the wonderful, clickable world of ecommerce. And who is the ageing Big Daddy of ecommerce?

Yep, Amazon, it seems to me, adopts the policy of Big Daddy Pollitt in Cat on a Hot Tin Roof: “I don’t want to talk about that.”

However, “Amazon Sees Dip in Sellers Signing Up to Sell Counterfeits” makes it clear that Amazon is talking or possibly PR’ing.

The article states:

Amazon said it ramped up investments in 2021 to keep counterfeit products off its retail site and saw signs its efforts are working, according to an annual brand protection report it released Wednesday [June 8, 2022].  The company spent more than $900 million on its anti-counterfeit programs and employed over 12,000 people focused on the problem in 2021. That’s up from $700 million and 10,000 people in the prior year.

But the important point in my opinion appears in this statement:

The increasing investment of money and manpower from Amazon is necessary, said Mary Beth Westmoreland, vice president of technology at Amazon.  “That unfortunately speaks to the fact the problem of counterfeit isn’t going away,” Westmoreland said, adding, “it’s an industry-wide problem.”

The PR-ish write up explains that Amazon is using smart software and lines of communication so bad actors can be … what? … Well, Amazon sues and it relies on Chinese authorities to raid a warehouse with fraudulent good.

Does Amazon’s posture indicate that persistent crime is now part of the Amazon experience. I recall the fascinating process of explaining to Amazon that one of its “merchants” shipped me a pair of big red panties instead of an AMD 5900x cpu. Yep, lines of communication. Fraud.

Perhaps Amazon should step away from its third party merchants with made up words, vendors identified by customers as shipping interesting but mostly faux products, and deals with aggregating merchants working from apartments in Hong Kong, Shanghai, and other exotic locations?

Just a thought because the PR’ing seems to be similar to certain big tech companies’ thanking senators for a question.

Stephen E Arnold, June 9, 2022

NFT Fakery? No! Impossible!

June 2, 2022

It is smart to never believe everything you watch or read on the Internet, especially when it comes to non-fungible tokens (NFTs). If you were not aware, NFTS are digital pieces of property with a value determined by their scarcity and creator. Weird ape portrait NFTs went viral when they made their creator a billionaire. We believed the ape NFTs had drifted into meme history, when a news story about an ever weirder dating app surfaced. Buzzfeed explains the details in, “The Bored Ape Dating That Shut Down Because No Women Signed Up Was Just a Prank, Folks.”

The Twitter user @y4kxyz tweeted that the dating app for owners of Bored Ape Yacht Club NFTs was shut down because of the disproportional amount of men to women who signed up. It perpetuated the idea that NFTs are only valued by stereotypical lonely males and it was funny. The entire dating app was a joke, but it appeared real enough that some news outlets ran the story:

“Sadly, it isn’t true. It was all a joke. The app never existed in the first place, so it couldn’t have been shut down because there were no women. It was a funny prank — a good joke, a great one, even. The confirmation bias that NFTs are for sad men is strong enough that this tricked a few news outlets into reporting it as if it were real.”

The Buzzfeed article author believed the NFT dating app was a fake and contacted the creator for information. A few months passed, then the joke story about the app shutting down went viral. The dating app creator and the author spoke with the former more or less confirming the entire thing was a prank.

NFT fans were not the only targets. The others were people with a “right-clicker mentality,” referring to how Windows users can simply right click on an image to save a copy.

The Bored Ape Yacht Club dating app was not a bad prank. No one was hurt. It did not start a social justice warrior war. It did not break the Internet and one rioted in the street.

Whitney Grace, June 2, 2022

App Tracking? Sure, Why Not?

May 4, 2022

Big tech companies, including Google, Facebook, and Apple, are supposed to cut back on the amount of data they collect from users via apps. Despite the lip service to users, apps are still collecting data and it appears these companies will not stop anytime soon. Daiji World explains how much data apps are still gathering in: “Apps Still tracking Users’ Data On Apple App Store.”

A University of Oxford research term investigated 1759 Apple IOS apps in the United Kingdom App Store. The team monitored these apps before and after Apple implemented new tracking policies that supposedly make it harder to track users. Unfortunately, these apps are still tracking users as well as collecting user fingerprinting. The team found hard evidence of user tracking:

“The researchers found real-world evidence of apps computing a mutual fingerprinting-derived identifier through the use of “server-side code” — a violation of Apple’s new policies and highlighting the limits of Apple’s enforcement power as a privately-owned data protection regulator. ‘Indeed, Apple itself engages in some forms of user tracking and exempts invasive data practices like first-party tracking and credit scoring from its new privacy rules,’ claimed Konrad Kollnig, Department of Computer Science, University of Oxford.”

Apple’s Privacy Nutrition Labels are also inaccurate and are in direct conflict with Apple’s marketing claims. It is a disappointment that Apple is purposely misleading its users. Enforcing user privacy laws is sporadic, and tech companies barely follow what they set for themselves. Apple has its own OS, so they have a closed technology domain that they control:

“ ‘Apple’s privacy efforts are hampered by its closed-source philosophy on iOS and the opacity around its enforcement of its App Store review policies. These decisions by Apple remain an important driver behind limited transparency around iOS privacy,” [the research team] emphasised.”

Does this come as a surprise for anyone? Nope.

Apple can d whatever it wants because it is a prime technology company and it develops everything in-house. The only way to enforce privacy laws is transparency, but Apple will not become crystal clear because it will mean the company will lose profits.

Whitney Grace, May 4, 2022

Apple and Stalking? The Privacy Outfit?

May 3, 2022

Here is a tale of unintended, though not unanticipated, consequences. Engadget tells us “Police Reports Suggest a Larger Pattern of AirTag Stalking.” A few isolated cases of bad actors using Apple AirTags to facilitate stalking or car theft have come to light since the device was released in April 2021. To learn how widespread the problem is, Motherboard requested any records mentioning the technology from dozens of police departments around the country. Writer K. Holt summarizes:

“Motherboard received 150 reports from eight police departments and found that, in 50 cases, women called the cops because they received notifications suggesting that someone was tracking them with an AirTag or they heard the device chiming. (An AirTag will chime after it has been separated from its owner for between eight and 24 hours.) Half of those women suspected the tags were planted in their car by a man they knew, such as a current or former romantic partner or their boss. The vast majority of the reports were filed by women. There was just one case in which a man made a report after suspecting that an ex was using an AirTag (which costs just $29) to stalk him. Around half of the reports mentioned AirTags in the contexts of thefts or robberies. Just one instance of AirTag-related stalking would be bad enough. Fifty reports in eight jurisdictions in eight months is a not insignificant number and there are likely other cases elsewhere that haven’t been disclosed.”

Apple was aware the product had the potential to be abused, which is why the alerts cited by victims were built into it from the start. The company has since made some tweaks to make it more obvious if its product has been slipped into one’s belongings, like chiming sooner or making those notification messages clearer. At first the notifications only worked on iOS devices, leaving Android users in the dark. An Android app has since been released, but those users must be aware of the problem, and remember to manually scan for potential AirTag-alongs, for it to be of any use. Google is reportedly working on OS-level detection, which would be some consolation.

And the bad actors? Probably beavering away.

Cynthia Murrell, May 3, 2022

Infrared Tags Hide Information Like Magic: Will Bad Actors Respond?

April 26, 2022

A trope in fantasy stories is when an object is enchanted with information and will only reveal it to the “chosen hero” or under specific circumstances. A famous example of this trope is from Tolkien’s The Hobbit when Elrond reads the Thrór’s Map at Rivendell. Humans have found ways to hide information for centuries using chemistry, physics, and physical/pictorial illusions.

These hiding tricks are described as magical, but it is really human ingenuity that casts the true spell. Wonderful Engineering explains a new way to render information invisible: “These New Infrared Tags Can Embed ‘Invisible’ Info Within 3D-Printed Objects.”

Ph.D. candidate Mustafa Doga Dogan heads a MIT team working on “Infrared Tags.” Essentially these Infrared Tags will contain all the same information as a barcode, but instead of being unattractive or coming off an item they are hidden. The Infrared Tags are invisible to human eyesight, but are visible with an infrared camera. The Infrared Tags can be printed within any object and can be manufactured in two ways:

“MIT team has developed the tags, that seem like regular barcodes, using an infrared-transmitting filament interspersed with air gaps. Such filament appears opaque in visible light but looks translucent in Infrared Light. It was printed inside the walls of the 3D object. One approach involves carving a pattern of tiny air gaps out of a layer of plastic, covered with a smooth protective layer. These gaps represent ones and zeroes, so they can be read like binary code by an IR Camera. There is another approach as well. It involves the utilization of a second plastic. Such plastic is opaque to IR light to create more traditional QR codes. These are covered with an outer layer of the main plastic.”

The Infrared Tags are actually built into the item. It makes an object more appealing, because a barcode is not printed on it. The tags are also more durable as they cannot be removed through physical means.

If mobile devices are built with infrared cameras, then these tags would return design to pre-barcode days. Barcodes contain an extraordinary amount of information, especially for entertainment mediums, retail, and organization systems. What would it mean if they were rendered invisible? The proper magical device may inspire bad actors. The digital sword of Damocles is swinging.

Whitney Grace, April 26, 2022

Dark Patterns and Possible Digital Roach Motels

April 22, 2022

Online subscriptions are a convenient way to receive goods and services, from streaming media to household staples. They are easy to sign up for and, as long as there are adequate funds in one’s account, easy to continue enjoying month after month without lifting a finger. Ending a subscription, on the other hand, can be a calculated nightmare. CNet examines how and why “Canceling Online Subscriptions is Confusing, Difficult, and Absurd… by Design.”

Reporter Attila Tomaschek begins with the saga of cancelling his family’s meal-kit subscription, an ordeal that, he writes, involved a confusing maze of “surveys, guilt trips, oversized green buttons prompting me to stay on board and tiny gray cancellation confirmation links that I had to scroll seemingly endlessly to find.” Such tactics rely on customer retention through exasperation, and they are part of a devious set of techniques called dark patterns. The term refers to steering or tricking users into taking certain actions, like divulging personal data or agreeing to charges one never intended to incur. Or abandoning the quest to cancel a subscription, a sub pattern known as the roach motel. Tomaschek notes:

“And it’s not just the small-time players that are resorting to these tactics. Have you ever tried canceling your Amazon Prime account? Good luck figuring out how to do it — and actually getting through the process without wanting to tear all your hair out. Want to cancel your New York Times subscription? Make sure you have 8 minutes to spare as you wait for a live chat representative to do it for you. This type of dark pattern is sometimes referred to as a roach motel — a design that makes it easy to sign up for a service but outrageously difficult to cancel that service. The cancellation funnel is typically a multi-step process that includes intentionally confusing language and ambiguous navigation buttons. Companies may also sprinkle in cancellation buttons that say things like ‘I don’t care about losing premium features,’ or ‘I don’t like saving money,’ for good measure — preying on the fear of missing out to keep their customers. Then, once the customer has finally navigated the cancellation funnel, they’ll often have to call a phone number or send an email or contact a support agent via chat to finalize the process, adding yet another step to an already lengthy process.”

Not all online subscription providers stoop to this level. Some make the cancellation process easy and transparent, relying on customer satisfaction for customer retention. Imagine that! The hugely successful streaming service Netflix and popular online collaboration platform Basecamp are two examples. For those that do treat would-be former users like roaches, a scant few have faced legal consequences. Examples include the children’s learning platform ABCmouse and weight loss app Noom. Those cases are not the norm, though, as legislation has yet to catch up to the very concept of dark patterns. Until it does, Tomaschek suggests readers examine a company’s cancellation procedure before subscribing to any online service. If it is clear as mud, one would be wise not to set foot in that potential labyrinth.

Cynthia Murrell, April 22, 2022

Is This a Wake Up Call for Cyber Crime Experts?

April 20, 2022

Do you want to be an in-demand cyber expert? You can. You can learn what you need by watching, downloading, or paying for online courses. Then go for the real money: Consulting, training, and explaining to law enforcement, intelligence, and security professionals. Easy, right.

Just be selective about your customers.

U.S. Hacker Sentenced to Five Years Following Crypto Lessons in North Korea” reports an actual factual situation involving “expert knowledge.” The write up states:

… crypto currency expert and hacker Virgil Griffith was sentenced to five years in prison this Tuesday for aiding North Korea in avoiding U.S. sanctions. The sentence comes in wake of his participation in a crypto currency-focused conference held in North Korea’s capital city, Pyongyang in April 2019, which the U.S. citizen attended even after being denied a travel permit for the purpose. Griffith pled guilty to conspiracy last year, which accelerated his sentencing.

The original article provides additional information. I just want to focus on the risks of not keeping information confidential and out of certain channels. The issues related to incidents associated with FinFisher, Hacking Team, NSO Group, and other companies have not had much impact on specialized software and services never intended for a nation state at odds with the US or not created for commercial use.

The cyber crime training sector is booming. But certain information can blow up in one’s face. One can recover after five years of rest I suppose. But where was the fabric of clear decision making? In a Pyongyang relaxation spa? Perhaps with McKinsey & Company in Paris, a fave destination for some North Koreans?

Stephen E Arnold, April 20, 2022

TikTok: A Murky, Poorly Lit Space

April 15, 2022

TikTok, according to its champions, is in the words of Ernie (Endurance) Hemingway:

You do not understand. This is a clean and pleasant café. It is well lighted. (Quote from “A Clean, Well-Lighted Place”)

No, I understand. If the information in “TikTok under US Government Investigation on Child Sexual Abuse Material” is on the money, the Department of Justice and the US Department of Homeland Security, TikTok may not be a “clean and pleasant café.”

The paywalled story says that TikTok is a digital watering hole for bad actors who have an unusually keen interest in young people. The write up points out that TikTok is sort of trying to deal with its content stream. However, there is the matter of a connection with China and that country’s interest in metadata. Then there is the money which just keeps flowing and growing. (Facebook and Google are now breathing TikTok’s diesel exhaust. Those sleek EV-loving companies are forced to stop and recharge as the TikTok tractor trailer barrels down the information highway.

For those Sillycon Valley types who see TikTok as benign, check out some of TikTok’s offers to young people. Give wlw a whirl. Oh, and the three letters work like a champ on YouTube. Alternatively ask some young people. Yeah, that’s a super idea, isn’t it. Now about unclean, poorly illuminated digital spaces.

Stephen E Arnold, April 15, 2022

Google Hits Microsoft in the Nose: Alleges Security Issues

April 15, 2022

The Google wants to be the new Microsoft. Google wanted to be the big dog in social media. How did that turn out? Google wanted to diversify its revenue streams so that online advertising was not the main money gusher. How did that work out? Now there is a new dust up, and it will be more fun than watching the antics of coaches of Final Four teams. Go, Coach K!

The real news outfit NBC published “Attacking Rival, Google Says Microsoft’s Hold on Government Security Is a Problem.” The article presents as actual factual information:

Jeanette Manfra, director of risk and compliance for Google’s cloud services and a former top U.S. cybersecurity official, said Thursday that the government’s reliance on Microsoft — one of Google’s top business rivals — is an ongoing security threat. Manfra also said in a blog post published Thursday that a survey commissioned by Google found that a majority of federal employees believe that the government’s reliance on Microsoft products is a cybersecurity vulnerability.

There you go. A monoculture is vulnerable to parasites and other predations. So what’s the fix? Replace the existing monoculture with another one.

That’s a Googley point of view from Google’s cloud services unit.

And there are data to back up this assertion, at least data that NBC finds actual factual; for instance:

Last year, researchers discovered 21 “zero-days” — an industry term for a critical vulnerability that a company doesn’t have a ready solution for — actively in use against Microsoft products, compared to 16 against Google and 12 against Apple.

I don’t want to be a person who dismisses the value of my Google mouse pad, but I would offer:

  • How are the anti ad fraud mechanisms working?
  • What’s the issue with YouTube creators’ allegations of algorithmic oddity?
  • What’s the issue with malware in approved Google Play apps?
  • Are the incidents reported by Firewall Times resolved?

Microsoft has been reasonably successful in selling to the US government. How would the US military operate without PowerPoint slide decks?

From my point of view, Google’s aggressive security questions could be directed at itself? Does Google do the know thyself thing? Not when it comes to money is my answer. My view is that none of the Big Tech outfits are significantly different from one another.

Stephen E Arnold, April 15, 2022

Amazon: Is the Company Losing Control of Essentials?

April 11, 2022

Here’s a test question? Which is the computer product in the image below?



panty on table cpu

If you picked [a], you qualify for work at TopCharm, an Amazon service located in lovely Brooklyn at 3912 New Utrecht Avenue, zip 11219. Item [b] is the Ryzen cpu I ordered, paid for, and expected to arrive. TopCharm delivered: Panties, not the CPU. Is it easy to confuse a Ryzen 5900X with these really big, lacy, red “unmentionables”? One of my team asked me, “Do you want me to connect the red lace cpu to the ASUS motherboard?”

Ho ho ho.

What does say about this location””?

This address has been used for business registration by Express Repair & Towing Inc. The property belongs to Lelah Inc. [Maybe these are Lelah’s underwear? And Express Repair & Towing? Yep, that sounds like a vendor of digital panties, red and see-through at that.]

One of my team suggested I wear the garment for my lecture in April 2021 at the National Cyber Crime Conference? My wife wanted to know if Don (one of my technical team) likes red panties? A neighbor’s college-attending son asked, “Who is the babe who wears that? Can I have her contact info?”

My sense of humor about this matter is officially exhausted.

Several observations about this Amazon transaction:

  1. Does the phrase “too big to manage” apply in this situation to Amazon’s ecommerce business?
  2. What type of stocking clerk confuses a high end CPU with cheap red underwear?
  3. What quality assurance methods are in place to protect a consumer from cheap jokes and embarrassment when this type of misstep occurs?

Has Amazon lost control of the basics of online commerce? If one confuses CPUs with panties, how is Amazon going to ensure that its Government Cloud services for the public sector stay online? Quite a misstep in my opinion. Is this cyber fraud, an example of management lapses, a screwed up inventory system, or a perverse sense of humor?

Stephen E Arnold, April 11, 2022

Next Page »

  • Archives

  • Recent Posts

  • Meta