Washington Might Crack Down On Mobile Bidstream Data
November 4, 2020
Mobile devices siphon data from users and sell the data to third parties, mostly ad companies, to make a profit. The bidstream is mobile’s dirty secret that everyone knows about and the federal government might finally do something to protect consumers’ privacy says The Drum: “Mobile’s Dirty Little Data Secret Under Washington’s Microscope.”
“Bidstream” is the mobile industry jargon used for data mobile services collect from users then sell. The data is sold to advertisers who bid on ad space in real time exchange for targeted ads. Bidstream data could include demographics, personal hobbies and (even more alarmingly) real time coordinates for consumers’ current location.
The Interactive Advertising Bureau’s (IAB) executive vice president Dave Grimaldi stated that his organization has recently communicated a hundred times more with the federal government about the bidstream than the past two months. There are politicians worried that the bidstream could not only violated privacy, but could lead to deceptive business tactics (and maybe violent actions). There are currently no industry standards or rules from the IAB or the Mobile Marketing Association against bidstreams.
In June 2020, Mobilewalla released demographic information about BLM protestors under the guise of data analysis, while politicians called in surveillance. They want to know if Mobilewalla’s analysis along with the midstream violate the FTC act:
“The FTC won’t say whether it is probing bidstream data gathering, but its chairman did respond to lawmakers. ‘In order to fully address the concerns mentioned in your letter,’ wrote FTC Chairman Joseph Simons in a letter to Wyden obtained by The Drum, ‘we need a new federal privacy law, enforceable by the FTC, that gives us authority to seek civil penalties for first-time violations and jurisdiction over non-profits and common carriers.’… In questions sent separately to Mobilewalla, Senator Elizabeth Warren (D-MA) and other legislators asked the company to provide details of its “disturbing” use of bidstream data.‘Mobilewalla has and will respond to any request received from Congress or the FTC,’ a Mobilewalla spokesperson tells The Drum, declining to provide further detail.”
Those mobile phones are handy dandy gizmos, aren’t they?
Whitney Grace, November 4, 2020
The Purple Yahoo Verizon Mobile Device Innovation
November 2, 2020
I spotted a hard-hitting bit of “real” journalism in “Yahoo’s First Branded Phone Is Here. It’s Purple and Only $50.” One question, “Is the ring tone the Yaaaa-hoooooo yodel? The phone comes from the hard working folks at ZTE. This is a Chinese firm located in Shenzhen with clean, cheerful factories in several locations. The model has been around for a decade. The purple version available from the cheerful Verizon unit managed by Guru Gowrappan. Yep, “guru.” The write up points out that Guru Gowrappan allegedly said:
[You] may have the option to get free access to its Yahoo Finance Premium offering, while a Yahoo Sports fan would get free betting credits or promotions for the company’s sportsbook, assuming they are in a state where sports gambling is legalized.
Yaaaa-hoooooo.
Stephen E Arnold, November 2, 2020
Contact Tracing Apps: A Road Map to Next Generation Methods
October 30, 2020
I read “Why Contact-Tracing Apps Haven’t Lived Up to Expectations.” The article explains that the idea of using a mobile phone and some software to figure out who has been exposed to Covid is not exactly a home run. The reasons range from people not trusting the app or the authorities pushing the app, crappy technology, and an implicit message that some humans don’t bother due to being human: Sloth, gluttony, etc.
The write up appears to overlook the lessons which have been learned from contact tracing applications.
- The tracers have to be baked into the devices
- The software has to be undetectable
- The operation has to be secure
- The monitoring has to be 24×7 unless the phone is destroyed or the power source cut off.
These lessons are not lost on some government officials.
What’s this mean? For some mobile phone operations, the insertion of tracers is chugging right along. Other countries may balk, but the trajectory of disease and other social activities indicated that these “beacon” and “transmit” functions are of considerable interest in certain circles.
Stephen E Arnold, October 30, 2020
After Decades of the Online Revolution: The Real Revolution Is Explained
October 9, 2020
Years ago I worked at a fancy, blue chip consulting firm. One of the keys to success in generating the verbiage needed to reassure clients was reading the Economist. The publication, positioned as a newspaper, sure looked like a magazine. I wondered about that marketing angle, and I was usually puzzled by the “insights” about a range of topics. Then an idea struck me: The magazine was a summarizer of data and verbiage for those in the “knowledge” business. I worked through the write ups, tried to recall the mellifluous turns of phrase, and stuff my “Data to Recycle” folder with clips from the publication.
I read “Faith in Government Declines When Mobile Internet Arrives: A New Study Finds That Incumbent Parties Lose Votes after Their Citizens Get Online.” [A paywall or an institutional subscription may be required to read about this obvious “insight.”] Readers of the esteemed publication will be launching Keynote or its equivalent and generating slide decks. These are often slide decks which will remain unfindable by an organization’s enterprise search system or in ineffectual online search systems. That may not be a bad thing.
The “new study” remains deliciously vague: No statistical niceties like who, when, how, etc. Just data and a killer insight:
A central (and disconcerting) implication is that governments that censor offline media could maintain public trust better if they restricted the internet too. But effective digital censorship requires technical expertise that many regimes lack.
The statements raise some interesting questions for experts to explain; for example, “Dictatorships may restore faith in governments.” That’s a topic for a Zoom meeting among one percenters.
Several observations seem to beg for dot pointing:
- The “online revolution” began about 50 years ago with a NASA program. What was the impact of those sluggy and buggy online systems like SDC’s? The answer is that information gatekeepers were eviscerated, slowly at first and then hasta la vista.
- Gatekeepers provided useful functions. One of these was filtering information and providing some aggregation functions. The recipient of information from the early-days online information systems was some speed up in information access but not enough to eliminate the need for old fashioned research and analysis. Real time is, by definition, not friendly to gatekeepers.
- With the development of commercial online infrastructure and commercial providers, the hunger or addiction to ever quicker online systems was evident. The “need for speed” seemed to be hard wired into those who worked in knowledge businesses. At least one online vendor reduces the past to a pattern and then looks at the “now” data to trigger conclusions. So much for time consuming deliberation of verifiable information.
The article cited above has discovered downstream consequences of behaviors (social and economic) which have been part of the online experience for many years.
The secondary consequences of online extend far beyond the mobile devices. TikTok exists for a reason, and that service may be one of the better examples of “knowledge work” today.
One more question: How can institutions, old fashioned knowledge, and prudent decision making survive in today’s datasphere? With Elon Musk’s implants, who will need a mobile phone?
Perhaps the next Economist write up will document that change, hopefully in a more timely manner.
Stephen E Arnold, October 9, 2020
Quite an Emoji for 2020
September 28, 2020
DarkCyber does not use too many emojis. Sure, we put them in our DarkCyber video news program to add visual punctuation. Most days, words are okay or K in the lingo of the thumbtypers. One of the research team called attention to “These New Emojis Perfectly Sum Up This Dumpster Fire of a Year.” The image comes from an outfit called Emojipedia. We think this is the Oxford Dictionary updated for Gen X and Gen Y mobile messaging addicts.
Nifty and appropriate. Keep in mind that in about 12 weeks we can look back and reflect on the pandemic, economic erosion, social unrest, and the asteroid which will have collided with earth on or about the first week of November.
Does dumpster fire capture the spirit of this memorable year? The emoji does.
Stephen E Arnold, September 28, 2020
Listening to Mobile Calls: Maybe? Maybe Not
August 18, 2020
An online publication called Hitb.org has published “Hackers Can Eavesdrop on Mobile Calls with $7,000 Worth of Equipment.” Law enforcement and other government entities often pay more for equipment which performs similar functions. Maybe $7,000 is a bargain, assuming the technology works and does not lead to an immediate visit from government authorities.
According to the write up, you can listen to mobile calls using a method called “ReVoLTE”, a play on the LTE or long term evolution cellular technology. The article reports:
Now, researchers have demonstrated a weakness that allows attackers with modest resources to eavesdrop on calls. Their technique, dubbed ReVoLTE, uses a software-defined radio to pull the signal a carrier’s base station transmits to a phone of an attacker’s choosing, as long as the attacker is connected to the same cell tower (typically within a few hundred meters to few kilometers) and knows the phone number. Because of an error in the way many carriers implement VoLTE, the attack converts cryptographically scrambled data into unencrypted sound. The result is a threat to the privacy of a growing segment of cell phone users. The cost: about $7,000.
Ah, ha, a catch. One has to be a researcher, which implies access to low cost, highly motivated students eager to get an A. Also, the “researcher” words makes it clear that one cannot order the needed equipment with one click on Amazon’s ecommerce site.
How realistic is this $7,000 claim? DarkCyber thinks that a person interested in gaining access to mobile calls may want to stay in school. CalTech or Georgia Tech may be institutions to consider. Then after getting an appropriate degree, work for one of the specialized services firms developing software and hardware for law enforcement.
On the other hand, if you can build these devices in your bedroom, why not skip school and contact one of the enforcement agencies in the US or elsewhere. DarkCyber has a suggestion. Unlawful intercept can lead to some interesting learning experiences with government authorities. Too bad similar enforcement does not kick in for misleading headlines for articles which contain fluff. That sounds like I am pointing out flaws in Silicon Valley-style reporting. Okay, okay, I am.
Stephen E Arnold, August 18, 2020
TikTok: Exploiting, Exploited, or Exploiter?
August 12, 2020
I read “TikTok Tracked Users’ Data with a Tactic Google Banned.” [Note: You will have to pay to view this article. Hey, The Murdoch outfit has to have a flow of money to offset its losses from some interesting properties, right?]
The write up reveals that TikTok, the baffler for those over 50, tricked users. Those lucky consumers of 30 second videos allegedly had one of their mobile devices ID numbers sucked into the happy outfit’s data maw. Those ID numbers — unlike the other codes in mobile devices — cannot be changed. (At least, that’s the theory.)
What can one do with a permanent ID number? Let us count some of the things:
- Track a user
- Track a user
- Track a user
- Obtain information to pressure a susceptible person into taking an action otherwise not considered by that person?
I think that covers the use cases.
The write up states with non-phone tap seriousness, a business practice of one of the Murdoch progeny:
The identifiers collected by TikTok, called MAC address, are most commonly used for advertising purposes.
Whoa, Nellie. This here is real journalism. A MAC address is shorthand for “media access control.” I think of the MAC address as a number tattooed on a person’s forehead. Sure, it can be removed… mostly. But once a user watches 30-second videos and chases around for “real” information on a network, that unique number can be used to hook together otherwise disparate items of information. The MAC is similar to one of those hash codes which allow fast access to data in a relational structure or maybe an interest graph. One can answer the question, “What are the sites with this MAC address in log files?” The answer can be helpful to some individuals.
There are some issues bubbling beneath the nice surface of the Murdoch article; for example:
- Why did Google prohibit access to a MAC address, yet leave a method to access the MAC address available to those in the know? (Those in the know include certain specialized services support US government agencies, ByteDance, and just maybe Google. You know Google. That is the outfit which wants to create a global seismic system using every Android device who owner gives permission to monitor earthquakes. Yep, is that permission really needed? Ho, ho, ho.)
- What vendors are providing MAC address correlations across mobile app content and advertising data? The WSJ is chasing some small fish who have visited these secret data chambers, but are there larger, more richly robust outfits in the game? (Yikes, that’s actually going to take more effort than calling a university professor who runs a company about advertising as a side gig. Effort? Yes, not too popular among some “real” Murdoch reporters.)
- What are the use cases for interest graphs based on MAC address data? In this week’s DarkCyber video available on Facebook at this link, you can learn about one interesting application: Targeting an individual who is susceptible to outside influence to take an action that individual otherwise would not take. Sounds impossible, no? Sorry, possible, yes.
To summarize, interesting superficial coverage but deeper research was needed to steer the writing into useful territory and away from the WSJ’s tendency to drift closer to News of the World-type information. Bad TikTok, okay. Bad Google? Hmmmm.
Stephen E Arnold, August 12, 2020
More about India App Banning
July 23, 2020
India and China are not likely to hold a fiesta to celebrate the digital revolution in the next month or two. “Government Said to Ask Makers of 59 Banned Chinese Apps to Ensure Strict Compliance” explains that India has some firm ideas about the potential risks of Chinese-centric and Chinese-developed mobile applications. The risks include actions “prejudicial to sovereignty, integrity and security of the country.”
The write up states:
If any app in the banned list is found to be made available by the company through any means for use within India, directly or indirectly, it would be construed as a violation of the government orders…
It is not clear what action the Indian government can take, but obviously the issue is perceived as important; specifically, the accusation relates to the:
stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India.
Among the nearly 60 banned apps are:
- Club Factory
- TikTok
- UC Browser
- Xiaomi
Plus, some less high profile services:
- Bigo Live
- CamScanner
- Helo
- Likee
- Shein
There will be workarounds, of course. It is not clear if a citizen persists in using a Xiaomi phone and its baked in apps (some of which route interesting information through data centers in Singapore) what the consequences will be.
Censorship of the Internet is thriving and becoming an active measure in India and other countries. Why? Because Internet, of course.
Stephen E Arnold, July 23, 2020
Do It Huiwei, Please
July 9, 2020
Believe it or not.
Huawei is a mobile device brand not well known in the United States, but it provides an Android based device to millions of consumers in the eastern hemisphere. Huawai devices are manufactured in China and in May the company held its seventeenth annual analyst summit. Ameyaw Debrah shares the story in the article, “Huawei Analyst Summit: Security And Privacy In A Seamless AI Life-Only You Control Your Personal Data.”
The Vice President of Consumer Cloud Services Eric Tan delivered the keynote speech called “Rethink the Seamless AI Experience with the Global HMS Ecosystem” related to Huawei’s privacy and security related to the cloud, hardware, application development, and global certifications. Tan stated that Huawei abides by GDPR, GAPP, and local laws to guarantee privacy compliance.
Another speaker, Dr. Wang Chenglu spoke about “Software-Powered, Seamless AI Experiences and Ecosystems.” He stated how distributed security builds trust between people, data, and devices to protect user privacy and data:
“He explained that firstly, ensure that users are using the correct devices to process data and Huawei has developed a comprehensive security and privacy management system that covers smart phone chips, kernels, EMUI, and applications. This allows devices to establish trusted connections and transfer data based on end-to-end encryption.
Secondly, ensure the right people are accessing data and operating services via the distributed security architecture which makes coordinated, multi-device authentication possible. An authentication capability resource pool is established by combining the hardware capabilities of different devices. The system provides the best security authentication measures based on authentication requests and security level requirements in different business scenarios.”
Huawei stressed that privacy and security are its MO, but can one believe that “only you control your private life” when. a country-supported company is coding up a storm?”
Whitney Grace, July 9, 2020
Geospatial: Context and Opinions
June 24, 2020
DarkCyber spotted a sequence of tweets published by that well managed, completely coherent, and remarkable outfit Twitter. Twitter disseminated brief emissions from Joe Morrison who uses the handle “mouth of Morrison.” Love that Twitter thing!
The write up in Quibi style chunks is about geospatial technology. As it turns out, mobile devices and smart gizmos output geographic coordinates. These are useful to many.
The observations in the stream of tweets explain that geospatial is mostly a bad idea. DarkCyber says, “Ho, ho, ho.”
Two warrant highlighting, but you may find other faves in the list.
Let’s begin:
The most successful and ambitious mapping project of all time, Google Maps, is an advertising platform. There is no “geospatial industry,” only industries with spatial problems.
Yep, the Google. Nevertheless, one must give the GOOG credit for buying Keyhole, morphing an intelligence operation into a cog in ad sales, and then building a large scale geospatial data vacuum cleaner. Remember the comment about capturing Wi-Fi data: “Wow, no idea how that happened.” Does that help you jog down memory lane.
The second emission we noted is:
In geo, you either die a hero or live long enough to make the majority of your revenue from defense and intelligence.
This is sort of accurate. Including law enforcement might be a more accurate characterization of where the money is, however.
These earthworm emissions are amusing; for example, “ESRI is a petty, anti competitive bully”. Are any lawyers paying attention? Also, big companies use open source software and don’t give back. No kidding? Ever hear of code cost reduction?
Worth a look. More context, explanation, and details would add some muscle to the tweeter bones.
Stephen E Arnold, June 24, 2020