NCC April TikTok: Yeah, Not Good for Teenies
April 29, 2022
We wonder whether China will more aggressively exploit TikTok’s ability to influence. The New York Post describes “How TikTok Has Become a Dangerous Breeding Ground for Mental Disorders.” Apparently, tiktoks discussing mental health conditions are trending, especially among teen girls. This would be a good thing—if they were all produced by medical experts, contained good information, and offered guidance for seeking professional help when warranted. Instead influencers, many of whom are teenagers themselves, purport to help others self-diagnose their mental conditions. As one might imagine, this rarely goes well. Writer Riki Schlott tells us:
“After nearly two years of lockdowns and school closures, lonely teens are spending more time online, and many inevitably come across mental health content on TikTok. When they do, the platform’s algorithm kicks in, serving suggestible young girls even more videos on the topic. While mental health awareness is surely a good thing, well-meaning influencers are inadvertently harming young, impressionable viewers, many of whom seem to be incorrectly self-diagnosing with disorders or suddenly manifesting symptoms because they are now aware of them.”
The author continues, expanding her warning to include social media in general:
“Eating disorders have also been shown to spread within friend groups. As a member of Gen Z, I’ve watched firsthand what social media has done to a generation of young women — it even left behind self-harm scars on many of my peers’ wrists. I know a terrifying number of peers who have self harmed, many of whom were habitual social media users. Rates of depression have doubled among teen girls between 2009 and 2019, and self-harm hospital admissions have soared 100 percent for girls aged 10 to 14 during the rise of social media between 2010 and 2014, the most recently available data.”
Clearly a solution is needed, but Schlott knows where we cannot turn—politicians are too “clueless” to craft effective regulations and the platforms are too greedy to do anything about it. Instead it falls to parents to take responsibility for their teens’ media consumption, as difficult as that may be. Citing psychology professor and author on the subject Dr. Jean Twenge, the write-up advises a few precautions. First parents must recognize that, unlike playing age-appropriate games or texting friends on their devices, social media is completely inappropriate for children, tweens, and young teens. The platforms themselves officially limit accounts to those 13 and older, but Twenge suggests holding off until a child is 16 if possible. She also proposes a household rule whereby everyone, including parents, stops using electronic devices an hour before bedtime and leaves their phones outside their bedrooms at night. Yes, parents too—after all, leading by example is often the only way to convince teens to comply.
Cynthia Murrell, April 29, 2022
NCC April McKinsey: More Controversy
April 27, 2022
The real news outfit AP (once Associated Press) published “Macron holds 1st big rally; Rivals stir up ‘McKinsey Affair’.” [If this link 404s, please, contact your local AP professional, not me.] The main point of the news story is that the entity name “McKinsey” is not the blue chip, money machine. Nope. McKinsey, in the French context of Covid and re-election, means allegations of about the use of American consultants. What adds some zip to the blue chip company’s name is its association by the French senate with allegedly improper tax practices. The venerable and litigious AP uses the word “dodging” in the article. Another point is that fees paid to consulting firms have risen. Now this is not news to anyone with some familiarity with the practices of blue chip consulting companies. For me, the key sentence in the AP’s article is this sentence:
…the [French senate] report says McKinsey hasn’t paid corporate profit taxes in France since at least 2011, but instead used a system of ‘tax optimization’ through its Delaware-based parent company.
That’s nifty. More than a decade. Impressive enforcement by the French tax authority. I suppose the good news is that the tax optimization method did not make use of banking facilities in the Cayman Islands. Perhaps McKinsey needs to hire lawyers and its own business advisors. First the opioid misstep in the US and now the French government.
Impressive.
Stephen E Arnold, April 27, 2022
Were Some Party Goers at 10 Downing Street Targeted by NSO Group Technology?
April 26, 2022
The New Scientist (yes, the New Scientist for goodness sakes) published “UK Prime Minister’s Office Smartphones Targeted by Pegasus Spyware.” (You may have to pay to view this write up, gentle reader.) The main point of the write up is it seems to me:
Researchers claim to have uncovered cyber attacks using Pegasus software against 10 Downing Street and the Foreign and Commonwealth Office.
Is this the government office about which Euronews said that UK prime minister Boris Johnson was fined over Downing Street lockdown partiers? It sure looks like it to me.
The New Scientist story recycles the Citizen Lab reports about someone using NSO Group technology to snoop on individuals in the British government. I don’t know if the research is on the money. I described the University of Toronto’s interest in NSO Group as a Munk-ey on the poster child company.
Several observations:
- I am concerned that the recycling of information about NSO Group technology may have unintended consequences; for example, if I were a college computer science professor, I could envision asking students to check out the Pegasus software on GitHub and come up with similar functionality. But I am not a college prof yet there may be a professor in Estonia who comes up with a similar idea.
- The idea that a scientific research publication is focusing attention on an Israeli firm whose software was used by a government illustrates how information leakage can slosh around. Is this a click decision or a political decision or an ethical decision? I have no idea, but someone made a decision to recycle the Munk story.
- Companies pay big money to get their “brand” in front of eyeballs. NSO Group is clearly the brand champion in the intelware sector. Winner? Well, maybe.
Net net: This NSO Group buzz shows no sign of decreasing. That’s not good.
Stephen E Arnold, April 26, 2022
UAE Earns a Spot on Global Gray List
April 26, 2022
Forget Darkmatter. This is a gray matter.
Where is the best place to stash ill-gotten gains? The Cayman Islands and Switzerland come to mind, and we have to admit the US is also in the running. But there is another big contender—the United Arab Emirates. The StarTribune reports, “Anti-Money-Laundering Body Puts UAE on Global ‘Gray’ List.” Writer Jon Gambrell tells us:
“A global body focused on fighting money laundering has placed the United Arab Emirates on its so-called ‘gray list’ over concerns that the global trade hub isn’t doing enough to stop criminals and militants from hiding wealth there. The decision late Friday night by the Paris-based Financial Action Task Force [FATF] puts the UAE, home to Dubai and oil-rich Abu Dhabi, on a list of 23 countries including fellow Mideast nations Jordan, Syria and Yemen.”
Will the official censure grievously wound business in the country? Not by a long shot, though it might slightly tarnish its image and even affect interest rates. The FATF admits the UAE has made significant progress in fighting the problem but insists more must be done. Admittedly, the task was monumental from the start. We learn:
“The UAE long has been known as a place where bags of cash, diamonds, gold and other valuables can be moved into and through. In recent years, the State Department had described ‘bulk cash smuggling’ as ‘a significant problem’ in the Emirates. A 2018 report by the Washington-based Center for Advanced Defense Studies, relying on leaked Dubai property data, found that war profiteers, terror financiers and drug traffickers sanctioned by the U.S. had used the city-state’s boom-and-bust real estate market as a safe haven for their money.”
Is the government motivated to change its country’s ways? Yes, according to a statement from the Emirates’ Executive Office of Anti-Money Laundering and Countering the Financing of Terrorism. That ponderously named body promises to continue its efforts to thwart and punish the bad actors. The country’s senior diplomat also chimed in on Twitter, pledging ever stronger cooperation with global partners to address the issue.
Cynthia Murrell, April 26, 2022
Covid Info, Misinfo, Disinfo, and Reformed Info: The US Government Now Cares
April 25, 2022
In a long overdue move, reports Engadget, “US Surgeon General Orders Tech Companies to Reveal Sources of COVID-19 Misinformation.” In keeping with his declaration last year that health misinformation is an urgent threat, Surgeon General Vivek Murthy has appealed to tech companies to voluntarily reveal the sources and scale of misinformation that has crossed their platforms related to the disease itself and vaccinations. Writer S. Dent cites reporting from The Washington Post as he tells us:
“Murthy’s request pertains to social networks, search engines, crowd sourced platforms, e-commerce and instant messaging companies. To start with, he wants data and analysis on typical vaccine misinformation already identified by the Centers for Disease Control and Prevention. That includes falsities like ‘the ingredients in COVID-19 vaccines are dangerous’ and ‘COVID-19 vaccines contain microchips.’ The administration seeks to learn how many users have been exposed to such misinformation, and which demographic groups may have been disproportionally affected. On top of that, it’s looking for data about the major sources of COVID-19 misinformation, including individuals or businesses that sell unapproved COVID-19 products or services. Tech companies have until May 2nd to comply, though they won’t be penalized if they don’t.”
We recognize a strongly worded advisory is the limit of the Surgeon General’s regulatory power, but will these companies cough up the requested information voluntarily? Certain platforms make big bucks from circulating false information. They have shown time and again profits are more important than their reputations, so a public shaming is likely to be ineffective. Still, we suppose Murthy had to try. The advisory is part of the administration’s “COVID National Preparedness Plan.” (Preparedness? Hasn’t that ship sailed?)
Cynthia Murrell, April 25, 2022
TransUnion: Squeezing Juice from a 20-Year Regulatory Drought
April 21, 2022
I believe everything I read on the Internet. Some things I believe a whole lot, even though the information may be shaded. Navigate to “Feds sue TransUnion, Calling It Unwilling or Incapable of Operating Lawfully.” I noted this passage:
TransUnion tricked people into recurring payments after previously being fined for the activity, the consumer watchdog agency said…
The company’s position echoes the emissions from some high-technology firms:
TransUnion dismissed the claims as “meritless,” saying the allegations “in no way reflect the consumer-first approach we take to managing of our businesses.”
Let’s not regulate or let the financial information sector self regulate. Both are great ideas.
Now let’s think about a government which can manage a large firm operating within its borders. The allegation is that the estimable TransUnion ignored guidelines, suggestions, and rules. Why? Maybe too expensive or just annoying bureaucratic clap trap?
Several observations:
- What other firms have adopted the TransUnion approach to treating their customers in a fair and ethical way?
- Does the US government see the irony of a commercial enterprise doing what it wants and then having the government sue the company so that it modifies its behavior?
- Will TransUnion modify its executive incentive program and make obeying the guidelines, suggestions, and rules of a federal agency important?
I can answer all three questions. My answer: Nope.
Stephen E Arnold, April 21, 2022
Is This a Wake Up Call for Cyber Crime Experts?
April 20, 2022
Do you want to be an in-demand cyber expert? You can. You can learn what you need by watching, downloading, or paying for online courses. Then go for the real money: Consulting, training, and explaining to law enforcement, intelligence, and security professionals. Easy, right.
Just be selective about your customers.
“U.S. Hacker Sentenced to Five Years Following Crypto Lessons in North Korea” reports an actual factual situation involving “expert knowledge.” The write up states:
… crypto currency expert and hacker Virgil Griffith was sentenced to five years in prison this Tuesday for aiding North Korea in avoiding U.S. sanctions. The sentence comes in wake of his participation in a crypto currency-focused conference held in North Korea’s capital city, Pyongyang in April 2019, which the U.S. citizen attended even after being denied a travel permit for the purpose. Griffith pled guilty to conspiracy last year, which accelerated his sentencing.
The original article provides additional information. I just want to focus on the risks of not keeping information confidential and out of certain channels. The issues related to incidents associated with FinFisher, Hacking Team, NSO Group, and other companies have not had much impact on specialized software and services never intended for a nation state at odds with the US or not created for commercial use.
The cyber crime training sector is booming. But certain information can blow up in one’s face. One can recover after five years of rest I suppose. But where was the fabric of clear decision making? In a Pyongyang relaxation spa? Perhaps with McKinsey & Company in Paris, a fave destination for some North Koreans?
Stephen E Arnold, April 20, 2022
TikTok: A Murky, Poorly Lit Space
April 15, 2022
TikTok, according to its champions, is in the words of Ernie (Endurance) Hemingway:
You do not understand. This is a clean and pleasant café. It is well lighted. (Quote from “A Clean, Well-Lighted Place”)
No, I understand. If the information in “TikTok under US Government Investigation on Child Sexual Abuse Material” is on the money, the Department of Justice and the US Department of Homeland Security, TikTok may not be a “clean and pleasant café.”
The paywalled story says that TikTok is a digital watering hole for bad actors who have an unusually keen interest in young people. The write up points out that TikTok is sort of trying to deal with its content stream. However, there is the matter of a connection with China and that country’s interest in metadata. Then there is the money which just keeps flowing and growing. (Facebook and Google are now breathing TikTok’s diesel exhaust. Those sleek EV-loving companies are forced to stop and recharge as the TikTok tractor trailer barrels down the information highway.
For those Sillycon Valley types who see TikTok as benign, check out some of TikTok’s offers to young people. Give wlw a whirl. Oh, and the three letters work like a champ on YouTube. Alternatively ask some young people. Yeah, that’s a super idea, isn’t it. Now about unclean, poorly illuminated digital spaces.
Stephen E Arnold, April 15, 2022
Google Hits Microsoft in the Nose: Alleges Security Issues
April 15, 2022
The Google wants to be the new Microsoft. Google wanted to be the big dog in social media. How did that turn out? Google wanted to diversify its revenue streams so that online advertising was not the main money gusher. How did that work out? Now there is a new dust up, and it will be more fun than watching the antics of coaches of Final Four teams. Go, Coach K!
The real news outfit NBC published “Attacking Rival, Google Says Microsoft’s Hold on Government Security Is a Problem.” The article presents as actual factual information:
Jeanette Manfra, director of risk and compliance for Google’s cloud services and a former top U.S. cybersecurity official, said Thursday that the government’s reliance on Microsoft — one of Google’s top business rivals — is an ongoing security threat. Manfra also said in a blog post published Thursday that a survey commissioned by Google found that a majority of federal employees believe that the government’s reliance on Microsoft products is a cybersecurity vulnerability.
There you go. A monoculture is vulnerable to parasites and other predations. So what’s the fix? Replace the existing monoculture with another one.
That’s a Googley point of view from Google’s cloud services unit.
And there are data to back up this assertion, at least data that NBC finds actual factual; for instance:
Last year, researchers discovered 21 “zero-days” — an industry term for a critical vulnerability that a company doesn’t have a ready solution for — actively in use against Microsoft products, compared to 16 against Google and 12 against Apple.
I don’t want to be a person who dismisses the value of my Google mouse pad, but I would offer:
- How are the anti ad fraud mechanisms working?
- What’s the issue with YouTube creators’ allegations of algorithmic oddity?
- What’s the issue with malware in approved Google Play apps?
- Are the incidents reported by Firewall Times resolved?
Microsoft has been reasonably successful in selling to the US government. How would the US military operate without PowerPoint slide decks?
From my point of view, Google’s aggressive security questions could be directed at itself? Does Google do the know thyself thing? Not when it comes to money is my answer. My view is that none of the Big Tech outfits are significantly different from one another.
Stephen E Arnold, April 15, 2022
Is Tim Apple Worried: How Can Regulators Ignore What Apple Wants?
April 13, 2022
I know Apple and Tim are important. Fresh from a right to repair campaign and the cute move to make upgrades to the new and improved Mac Mini Studio, Tim Apple faces a poor report card. Tim Apple has failed Apple’s employee-acolyte examination. “Apple’s Tim Cook Warns of Unintended Consequences in App Store Antitrust Legislation” reports:
Apple CEO Tim Cook blasted regulatory proposals by Congress and in the European Union on Tuesday, arguing that legislation aimed at cracking open the company’s app store will hurt user security and privacy.
Are we talking Apple stalker gizmos? (This is my synonym for the Apple AirTag. Please, see “Apple AirTags Allegedly Being Used by Stalkers: Viral Twitter Thread.”
Nope. The idea that elected officials want to permit sideloading.
Let me translate: If an iPhone user wants to load an application without going through Apple’s online store, bad things will happen. Remember the good, old days of buying software in a box and installing it. That’s sideloading in my book.
Are we talking Apple compliance with rules in China and Russia (pre-Ukraine, of course)?
The write up continues:
Former top national security officials have sided with Apple, saying that requiring iPhones to accept apps that may lack sufficient security protections could ultimately endanger the country.
Are we talking Apple’s often decidedly un-snappy response to legitimate government requests? Nope. We are talking national security and the unnamed terrible things waiting to roar down the on ramp of the information highway to deliver (my goodness!) unintended consequences.
Several observations:
- Tense much, Mr. Apple?
- Are we talking about AirTags?
- Concerned about losing a revenue stream?
- Worried about regulation after decades of riding horses hard in the digital Wild West?
I would prefer more action related to the personnel issues which are smoking on the burning brush at the spaceship.
Stephen E Arnold, April 13, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
