NSO Group: Media Pile On

February 3, 2022

A helpful person posted a link to a July 2021 story about NSO Group this weekend (January 29 – 30, 2022. The New York Times (that bustling digitally aware Gray Lady) published a New York Times Magazine story about NSO Group. But the killer item of PR appeared in Sputnik International (a favorite of some in Moscow) “India Bought Pegasus Spyware from Israel in an Alleged Deal Concerning Palestinians, Claims NYT.” I find this interesting because:

  1. The NSO Group continues to be a PR magnet. At this point, I am not sure the old adage “any publicity is good publicity.”
  2. Russian “real journalists” have wired together some click baity words: India, Israel, Palestinians, and the New York Times
  3. The intelware sector has a stiff upper lip, but the NSO Group – whether a viable business or not – has destabilized an entire industry sector.

Net net: A big problem which seems to be growing.

Stephen E Arnold, February 2, 2022

NordVPN: Mostly Ironclad Privacy

February 3, 2022

Panama-based VPN provider NordVPN swore in 2017 that it would refuse requests from any foreign government to release customer data. In the wake of what happened to VPNLab after its tussle with Europol, however, TechRadar Pro reports, “NordVPN Will Now Comply with Law Enforcement Data Requests.” The firm still promises privacy—unless and until the legal eagles appear. We learn NordVPN recently revised the original, 2017 blog post in which it promised unwavering privacy to reflect the new reality. Reporter Anthony Spadafora writes:

“Now though, the original blog post has been edited and the post now reads: ‘NordVPN operates under the jurisdiction of Panama and will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations.’ [Emphasis mine.] The revised blog post also goes a bit further in regard to NordVPN’s zero-logs policy by explaining that the company will log a user’s VPN activity if there is a court order to do so: ‘We are 100% committed to our zero-logs policy – to ensure users’ ultimate privacy and security, we never log their activity unless ordered by a court in an appropriate, legal way.’ Meanwhile, the company updated its privacy policy back in July of last year with a new section that contains further details on information requests. A NordVPN spokesperson explained in an email to TechRadar Pro that the sole reason it changed its blog post in the first place was to dissociate its company from bad actors following PCMag’s original article on the matter.”

Spadafora points out the now shuttered VPNLab mostly catered to cybercriminals—a very different outfit from NordVPN. He also emphasizes that, despite the new language, NordVPN still offers a no-logs VPN, so there would be little to no pre-existing data for the company to relinquish even if law enforcement did come knocking. At this point, such a request is purely hypothetical—the firm notes it has yet to receive a single national security letter, gag order, or warrant from government organizations asking for user information since it was founded in 2012. We suspect they hope that streak continues.

Cynthia Murrell, February 2, 2022

Microsoft Defender: Are There Other Winners?

February 1, 2022

I believe everything I read on the Internet, of course. One of the fascinating aspects of being old and doing the 21st century equivalent of clipping coupons is coming across “real” research studies. I read “Still Think Microsoft Defender Is Bad? Think Again, Says AV-TEST.”

The write up in Make Use Of Dot Com believes in Windows Defender. It article states:

A recent report by AV-TEST revealed that not only does Microsoft Defender perform well, it actually outperforms many highly-recommended antiviruses

The article included a link to the AV-Test December 2021 Report, and I downloaded it. The AV Test outfit is “the independent IT security institute.” The investment firm Triton owns Swiss IT Security, which is the outfit which “owns” AV-Test.

What does Swiss IT Security Group AG do? Security, consulting, the cloud, and related services.

What does the SITS Group care about Microsoft and its assorted products? With Microsoft’s wide use in organizations, SITS Group probably has an above average keenness for the Redmond wizards’ constructs.

What does this mean for the victory of the Windows Defender system in the AV-TEST Report? For me, I formulated several hypotheses:

  1. Windows Defender is now able to deal with the assorted threats directed at Microsoft operating systems? Rest easy. Malware popping up on a Windows device is obviously something that is unlikely to occur. Thank goodness.
  2. Cheerleading for Windows Defender probably makes Microsoft’s security team feel warm and fuzzy which will allow their efforts to deal with Exchange Server issues a more pleasant experience.
  3. Bad actors will have to rethink how to compromise organizations with Microsoft software. Perhaps some of these individuals will give up criminal activity and join the Red Cross or its equivalent.

For me, institutes which do not reveal their ownership are interesting outfits. But how many antivirus vendors achieved the lofty rank of Windows Defender, according to the report dated December 2021? Here they are:

Avira

Bull Guard

ESET

F Secure

Kaspersky

McAfee

Norton 360

Total Security

Viper.

Windows Defender makes 10 “winners.”

Now of these 10 which is the one that will make SolarWinds, ransomware, compromised Outlook emails, and Azure Cosmos excitement a thing of the past? Another question: “Which of these sort of work in the real world?” And, “If there is a best, why do we need the nine others?”

These are questions one can ask Triton / Swiss IT Security Group AG  / AV Test to answer?

Net net: Marketing.

Stephen E Arnold, February 1, 2022

NSO Group: Yes, Again with the PR Trigger

January 31, 2022

I have no idea if the write up “NSO’s Pegasus Spyware Used to Target a Senior Human Rights Watch Activist” is spot on. The validity of the report is a matter for other, more youthful and intelligent individuals. My thought when reading this statement in the article went in a different direction. Here’s the quote I noted:

In a tweet, Fakih showed a screenshot of a notification she received from Apple informing her she may have been the target of a state-sponsored attacker.

Okay, surveillance. Usually surveillance requires someone to identify something as warranting observation. the paragraph continues:

Though others versions of Pegasus software uses text messages embedded with malicious links to gain access to a target’s device, Fakih said she was the victim of a “zero-click attack” that is capable of infecting a device without the target ever clicking a link. Once a target is successfully infected, NSO’s Pegasus software allows the end-user to surveil the target’s photos, documents, and even encrypted messages without the target ever knowing.

The message is that NSO Group continues to get coverage in what might be called Silicon Valley real news media. Are there other systems which provide similar functionality? Why is a cloud service unable to filter problematic activities?

The public relations magnetism of the NSO Group appears to be growing, not attenuating. Other vendors of specialized software and services whose very existence was a secret a few years ago has emerged as the equivalent of the Coca-Cola logo, McDonald’s golden arches, or the Eiffel tower.

My view is that the downstream consequences of exposing specialized software and services may have some unexpected consequences. Example: See the Golden Arches. Crave a Big Mac. What’s the NSO Group trigger evoke? More coverage, more suspicions, and more interest in the methods used to snag personal and confidential information.

Stephen E Arnold, January 31, 2022

PR Professionals: Unethical?

January 28, 2022

Public relations campaigns shape the public’s perception. PR experts can flip a situation to make it negative or positive based on the desired outcome. Entrepreneur discussed how public relations campaigns challenge societal ethics and give a new meaning to Orwell’s doublethink: “Public Relations Bring Ethics Under The Spotlight.” PR experts have been accused for decades for shaping reality and the past few years have exploded with fake blogging, fake grassroots lobbying, and stealth marketing.

These nefarious PR tactics are only the tip of the iceberg, because controlling reality goes further with training spokespeople to remain silent in media interviews, monitoring their social media channels, and backtracking when necessitated. This goes against what the true purpose of PR:

“Monitoring and criticism from outside and inside the public relations industry keep a watch on the vast industry that public relations has become. This, in turn, makes practitioners and the industry responsive to what constitutes appropriate conduct. Ethical public relations should not aim merely to confuse or cause equivocation but should inform and honestly influence judgment based on good reasons that advance the community. A necessary precondition of professionalism is ethically defensible behavior. Such a framework derives from philosophical and religious attitudes to behavior and ethics, laws and regulations, corporate and industry codes of conduct, public relations association codes of ethics, professional values and ethics, training and personal integrity.”

Keeping ethics in the in PR practice appears to be a thing of the past, especially with the actions of many world governments before and after the COVID-19 pandemic hit.

There are three fundamental ethical practices: teleology, deontology, and Aristotle’s Golden Mean. Immanuel Kant is the founder of modern ethics and he developed a three step method to solve ethical dilemmas:

“1. When in doubt as to whether an act is moral or not, apply the categorical imperative, which is to ask the question: “What if everyone did this deed?”

2. Always treat all people as ends in themselves and never exploit other humans.

3. Always respect the dignity of human beings.”

PR experts are subject to the same demands as everyone else: they must make a living in order to survive. Unlike the average retail or office worker, they have skills that changes the public perception of an event, organization, or individual. PR experts usually respond to the demands of their clients, because the client is paying the bills. Saying no. Maybe not too popular at some firms?

Whitney Grace January 28, 2022

PR Dominance: NSO Group Vs Peloton

January 27, 2022

If you have followed the PR contrail behind the NSO Group, you probably know that the Israeli specialized software and services firm has become a household name at least among the policeware and intelware community. A recent example is reported in “Israel’s Attorney General Orders Probe of NSO Spyware Claims.” The write up explains:

Israel’s attorney general says he is launching an investigation into the police’s use of phone surveillance technology following reports that investigators tracked targets without proper authorization

Not good.

But there is a bright cloud on the horizon.

Second TV Show Emerges With Peloton Twist As A Plot Point” asserts:

Already reeling from its announcement last week that it is halting production of its connected fitness products as demand wanes, Peloton must now face another tv show that seems to indicate its devices may cause issues for a certain segment of the population.

Translating the muffy-wuffy writing, the idea is that a character in a US tv show rides a Peloton, suffers a heart attack, and dies. The alleged panini-zation of small creatures under one model’s walking belt was a definite negative. But not even NSO Group is depicted knocking off the talent in a program. Keep in mind that two shows use the Peloton as an artistic device a twist on the deus ex machina from high school English class required reading of Greek tragedies.

Will Peloton continue its climb to the top of the PR leader board? My hunch is that NSO Group hope that it does.

Stephen E Arnold, January 27, 2022

Meta Zuck: AIR SC Sort of Sketched Out

January 25, 2022

I read Facebook’s (Meta’s) blog post called “Introducing the AI Research SuperCluster — Meta’s Cutting-Edge AI Supercomputer for AI Research.” The AIR SC states:

Today, Meta is announcing that we’ve designed and built the AI Research SuperCluster (RSC) — which we believe is among the fastest AI supercomputers running today and will be the fastest AI supercomputer in the world when it’s fully built out in mid-2022.

Then this statement:

Ultimately, the work done with RSC will pave the way toward building technologies for the next major computing platform — the metaverse, where AI-driven applications and products will play an important role.

So the AIR SC is sort of real. The applications for the AIR SC are sort of metaverse. That’s not here either in my opinion.

So what’s going on? Here are my thoughts:

  1. Facebook wants to stake out conceptual territory claims as AT&T did with its non 5G announcements about the under construction 5G capabilities.
  2. Facebook wants to show that its AIR SC is bigger, better, faster, and more super than anything from the Amazon, Google, or other quasi-monopolies who want systems that will dominate the super computer league table for now and possibly forever unless government regulators or user behavior changes the game plan.
  3. Facebook believes the Silicon Valley marketing mantra, “Fake it until you make it” with a possible change. I interpret the announcement to say, “Over promise and under deliver.” I admit I have become jaded with the antics of these corporate giants who have been able to operate without meaningful oversight or what some might call ethical guidelines for a couple of decades.

In the old days, companies in the Silicon Valley mode did vaporware. The tradition continues? Sure, why not? There’s even a TikTok style video to get the AIR SC message across.

Stephen E Arnold, January 25, 2022

Google Identifies Smart Software Trends

January 18, 2022

Straight away the marketing document “Google Research: Themes from 2021 and Beyond” is more than 8,000 words. Anyone familiar with Google’s outputs may have observed that Google prefers short, mostly ambiguous phraseology. Here’s an example from Google support:

Your account is disabled

If you’re redirected to this page, your Google Account has been disabled.

When a Google document is long, it must be important. Furthermore, when that Google document is allegedly authored by Dr. Jeff Dean, a long time Googler, you know it is important. Another clue is the list of contributors which includes 32 contributors helpfully alphabetized by the individual’s first name. Hey, those traditional bibliographic conventions are not useful. Chicago Manual of Style? Balderdash it seems.

Okay, long. Lots of authors. What are the trends? Based on my humanoid processes, it appears that the major points are:

TREND 1: Machine learning is cranking out “more capable, general purpose machine learning models.” The idea, it seems, that the days of hand-crafting a collection of numerical recipes, assembling and testing training data, training the model, fixing issues in the model, and then applying the model are either history or going to be history soon. Why’s this important? Cheaper, faster, and allegedly better machine learning deployment. What happens if the model is off a bit or drifts, no worries. Machine learning methods which make use of a handful of human overseers will fix up the issues quickly, maybe in real time.,

TREND 2: There is more efficiency improvements in the works. The idea is the more efficiency is better, faster, and logical. One can look at the achievements of smart software in autonomous automobiles to see the evidence of these efficiencies. Sure, there are minor issues because smart software is sometimes outputting a zero when a one is needed. What’s a highway fatality in the total number of safe miles driven? Efficiency also means it is smarter to obtain machine learning, ready to roll models and data sets from large efficient, high technology outfits. One source could be Google. No kidding? Google?

TREND 3: “Machine learning is becoming more personally and communally beneficial.” Yep, machine learning helps the community. Now is the “community” the individual who works on deep dives into Google’s approach to machine learning or a method that sails in a different direction. Is the community the advertisers who rely on Google to match in an intelligent and efficient manner the sales’ messages to users human and system communities? Is the communally beneficial group the users of Google’s ad supported services? The main point is that Google and machine learning are doing good and will do better going forward. This is a theme Google management expresses each time it has an opportunity to address a concern in a hearing about the company’s activities in a hearing in Washington, DC.

TREND 4: Machine learning is going to have “growing impact” on science, health, and sustainability. This is a very big trend. It implicitly asserts that smart software will improve “science.” In the midst of the Covid issue, humans appear to have stumbled. The trend is that humans won’t make such mistakes going forward; for example, Theranos-type exaggeration, CDC contradictory information, or Google and the allegations of collusion with Facebook. Smart software will make these examples shrink in number. That sounds good, very good.

TREND 5: A notable trend is that there will be a “deeper and broader understanding of machine learning.” Okay, who is going to understand? Google-certified machine learning professionals, advertising intermediaries, search engine optimization experts, consumers of free Google Web search, Google itself, or some other cohort? Will the use of off the shelf, pre packaged machine learning data sets and models make it more difficult to figure out what is behind the walls of a black box? Anyway, this trend sounds a suitable do good, technology will improve the world that appears to promise a bright, sunny day even though a weathered fisherperson says, “A storm is a-coming.”

The write up includes art, charts, graphs, and pictures. These are indeed Googley. Some are animated. Links to YouTube videos enliven the essay.

The content is interesting, but I noted several omissions:

  1. No reference to making making decisions which do not allegedly contravene one or more regulations or just look like really dicey decisions. Example: “Executives Personally Signed Off on Facebook-Google Ad Collusion Plot, States Claim
  2. No reference to the use of machine learning to avoid what appear to be ill-conceived and possibly dumb personnel decisions within the Google smart software group. Example: “Google Fired a Leading AI Scientist but Now She’s Founded Her Own Firm
  3. No reference to anti trust issues. Example: “India Hits Google with Antitrust Investigation over Alleged Abuse in News Aggregation.”

Marketing information is often disconnected from the reality in which a company operates. Nevertheless, it is clear that the number of words, the effort invested in whizzy diagrams, and the over-wrought rhetoric are different from Google’s business-as-usual-approach.

What’s up or what’s covered up? Perhaps I will learn in 2022 and beyond?

Stephen E Arnold, January 18, 2022

Business Intelligence: Popping Up a Level Pushes Search into the Background

January 17, 2022

I spotted a diagram in this Data Science Central article “Business Intelligence Analytics in One Picture.” The diagram takes business intelligence and describes it as an “umbrella term.” From my point of view, this popping up a conceptual label creates confusion. First, can anyone define “intelligence” as the word is used in computer sectors. Now how about “artificial intelligence,” “government intelligence,” or “business intelligence.” Each of these phrases is designed to sidestep the problem of explaining what functions are necessary to produce useful or higher value information.

Let’s take an example. Business intelligence suggests that information about a market, a competitor, a potential new hire, or a technology can be produced, obtained (fair means or foul means), or predicted (fancy math, synthetic data, etc.) The core idea is gaining an advantage. That is too crude for many professionals who are providers of business intelligence; for example, the mid tier consulting firms cranking out variations of General Eisenhower’s four square graph or a hyperbole cycle.

Business intelligence is a marketing confection. The graph identifies specific “components” of business intelligence. Some of the techniques necessary to obtain high value information are not included; for example, running a fake job posting designed to attract employees who currently work at the company one is subject to a business intelligence process, surveillance via mobile phones, sitting in a Starbucks watching and eavesdropping, or using analytic procedures to extract “secrets” from publicly available documents like patent applications, among others.

Business intelligence is not doing any of those things because they are [a] unethical, [b] illegal, [c] too expensive, or [d] difficult. The notion of “ethical behavior” is an interesting one. We have certain highly regarded companies taking actions which some in government agencies find improper. Nevertheless, the actions continue, not for a week or two but for decades. So maybe ethics applied to business intelligence is a non-starter. Nevertheless, certain research groups are quick to point out that unethical information gathering is not the dish served as conference luncheons.

Here are the elements or molecules of business intelligence:

  • Data mining
  • Data visualization
  • Data preparation
  • Data analytics
  • Performance metrics / benchmarking
  • Querying
  • Reporting
  • Statistical analysis
  • Visual analysis

Data mining, data analytics, performance metrics / benchmarking, and statistical analysis strike me as one thing: Numerical procedures.

Now the list looks like this:

  • Numerical procedures
  • Data visualization
  • Data preparation
  • Querying
  • Reporting
  • Visual analysis

Let’s concatenate data visualization and visual analysis into one function: Producing charts and graphs.

Now the list looks like this:

  • Producing charts and graphs
  • Data preparation
  • Numerical procedures
  • Querying
  • Reporting.

Querying, in this simplification, has moved from one of nine functions to one of five functions.

What’s up with business intelligence whipping up disciplines? Is the goal to make business intelligence more important? Is it a buzzword exercise so consultants can preach doom and sell snake oil? Is it a desire to add holiday lights and ornaments to distract people from what business intelligence is?

My hunch is that business intelligence professionals don’t want to use the words spying, surveillance, intercepts, eavesdrop, or operate like a nation state’s intelligence agency professionals.

One approach is business intelligence which seems to mean good, mathy, and valuable. The spy approach is bad and could lead to an on one Lifetime Report Card.

The fact is that one of the most important components of any intelligence operation is asking the right question. Without querying, masses of data, statistics software, and online experts with MBAs would not be able to find an online ad using Google.

Net net: The chart makes spying and surveillance into a math-centric operation. The chart fails to provide a hierarchy based on asking the right question. Will the diagram help sell business intelligence consulting and services? The scary answer is, “Absolutely.”

Stephen E Arnold, January 14, 2022

Microsoft: Putting Teeth on Edge

January 11, 2022

Usually a basic press release for an update to Microsoft receives little discussion, but OS News recently posted a small quip: “Update For Windows 10 And 11 Blocks Default Browser Redirect, But There Is a Workaround” and users left testy comments. The sting fighting words were:

“It seems that Microsoft has quietly backported the block, introduced a month ago in a Dev build of Windows 11, on tools like EdgeDeflector and browsers from being the true default browser in Windows 10, with the change being implemented in Windows 11 too. Starting from KB5008212, which was installed on all supported versions of Windows 10 yesterday with Patch Tuesday, it is no longer possible to select EdgeDeflector as the default MICROSOFT-EDGE protocol.”

Followed by this sarcastic line: “They spent engineering resources on this.”

Users were upset because it meant Microsoft blocked other Web browsers from becoming a system’s default. It is a corporate strategy to normalize anti-competitive restrictions, but there are users who defended Microsoft’s move. They stated that blocking other Web browsers protected vulnerable users, like the elderly, from accidentally downloading malware and adware.

The comments then turned into an argument between tech-savvy experts and the regular users who do not know jack about technology. The discussion ended with semi-agreement that users need protection from freeware that forcefully changes a system, but ultimately users have the choice on their system settings.

In the end, the comments shifted to why Microsoft wants Edge to be the system default: money and deflecting attention from its interesting approaches to security.

Whitney Grace, January 11, 2022

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta