Amazon: A Succulent Target for Criticism
November 23, 2018
Heads up, Amazon, not everyone loves your shopping service. One example is the profane bassoonist. Yeah, that type of person exists in Amazonland. The story of the bassoon strap, a subscription service, and other money grubbing methods employed by the digital superstore infuse “What If Amazon.com Actually…Is A Horrible Website?”
The key point for me was this statement:
And then there are the outright scams. Like the unimaginable shipping prices on a cheap shower drain cover, which could only possibly mean they hope someone accidentally hits two-day shipping so they can charge them $1,000.
If accurate, Amazon is big, so large that making the store a tidy, positive experience has been slipping away.
I am not surprised. In fact, I expect this type of carelessness or clever mindfulness to continue. I received an email from no-reply at amazon dot com informing me that my email address had slipped from the nickle and dime clutching fingers of the online ecommerce and policeware vendor.
I wasn’t surprised. I learned from this source that Amazon was suffering what was called “connection failures.” Not good for a cloud outfit. No connection, no cloud. Yeah, bad. Nothing like downtime when engaged in warfighting at a government agency.
Putting Amazon’s challenge in perspective, the bundle of services and functions assembled for Amazon’s policeware push will raise some eyebrows.
Certain behaviors are ingrained into the company.
Yeah, $1,000 shipping. An accident.
Stephen E Arnold, November 23, 2018
Dongles, Security, and Keys: A New but Familiar Tune
November 22, 2018
Part of Google’s new product lineup is the Titan Security Key, selling for only $50. The Hacker News shares more information on the Titan Security Key in the article, “Google ‘Titan Security Key’ Is Now On Sale For $50.” Google first announced the security key at the Google Cloud Next 2018 convention.
The Titan Security Key is similar to Yubico’s YubiKey. It offers hardware-based two factor authentication for online accounts with the highest level of protection from phishing. The full kit offers a USB security key, Bluetooth security key, USB-C to USB-A adapter, and USB-C to USB-A connecting cable. The Titan Security Key is based on the FIDO (Fast IDentity Online) Alliance, U2F protocol and uses Google developed secure element and firmware. It adds another security level on top of passwords, an idea similar to the Tor browser. It is compliant with many popular browsers, email services, social media, and cloud services.
As more aspects of people’s lives migrate online, security is more important than ever. Tools like the Titan Security Key provide an extra level of security at a nominal price:
“According to Google, the FIDO-compatible hardware-based security keys are thought to be more safe and efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than other 2FA methods requiring SMS, for example. This is because even if an attacker manages to compromise your online account credentials, log into your account is impossible without the physical key. Last month, Google said it started requiring its 85,000 employees to use Titan Security Keys internally for months last year, and the company said since then none of them had fallen victim to any phishing attack.”
The Google Titan Security Key appears to be a simple and cheap way to ensure more security for individuals. One of the problems people face with online security is the lack of understanding, cost, and finding an effective product. Google appears to have created a great solution, but the one problem is that China made the Titan Security Key. China has all the schematics for the device and China is a hotbed for phishing attacks.
Microsoft, another me too outfit, has jumped on the bandwagon for dongles. Microsoft now offers native FIDO key login for Windows 10. What about losing a dongle?
Back to square one?
Whitney Grace, November 22, 2018
Baidu May Force Google to Do Search the Chinese Way
November 22, 2018
China has famously strict internet policies. The world’s largest population also is known to have the world’s largest firewall, preventing net freedom. However, that doesn’t mean search there is stuck in the stone age. In fact, it’s quite profitable, as we discovered in a recent Quertime story, “The 20 Most Popular Search Engines in China.”
According to the story:
“The search engine market in China has maintained an overall stable growth. As a matter of fact, during the last quarter of 2012, various search engines have earned about $8 billion RMB. By the third quarter of 2014, it reached more than $15 billion RMB, which presented more than 50% increase in just a period of two years.”
Tops on their list was not Google, but Baidu. While you might have vaguely heard of it, it’s a name you should pay attention to. Baidu is mentioned in concert with other Chinese tech giants, like Alibaba. Recently, it was chosen as a strong stock to purchase alongside the Chinese Amazon, which should tell you quite a lot. There is undoubtedly a tech boom happening in Asia now and it’s the smart investor who can find a way to tap into a little of that magic while it is hot.
Patrick Roland, November 22, 2018
The Facebook Management Play: Not Much to Change
November 22, 2018
I read two articles this morning. I came away with the thought that Facebook is not eager to change.
The first article is “As Problems Pile Up, Mark Zuckerberg Stands His Ground in Exclusive CNN Business interview.” The main idea appears to be:
Zuckerberg resisted growing calls for changes to Facebook’s C-suite, reiterated Facebook’s potential as a force for good, and pushed back at some of the unrelenting critical coverage of his company after a year of negative headlines about fake news, election meddling and privacy concerns.
The second article is “The Punctured Myth of Sheryl Sandberg.” Yep, the lean in thinker and doer. The main idea struck me as:
Sandberg played a central role in nearly every misdeed at Facebook that’s described in the Times piece. Singularly focused on the company’s stock price and its advertising-based business model, she worked to minimize data abuse and election interference.
So what?
Three observations:
- Facebook is not likely to change without some outside encouragement
- Ethical behavior appears to be a dynamic concept. Expedient behavior may be a suitable synonym.
- A company founded on getting info about potential dates has morphed into an organization capable of taking down carefully constructed social assemblies.
Change may be difficult. Habit, momentum, and money can be barriers. We may have a digital turkey to monitor.
Stephen E Arnold, November 22, 2018
Big Companies Launch Open Source Safe Data Initiative
November 21, 2018
Huge corporations usually do not support open source code, because it harms their bottom line. Qrius shares how some of the biggest tech companies are behind a new initiative for an interesting change of pace, “Facebook, Google, Twitter, Microsoft To Launch Open Source Initiative For Safe Data Transfer.”
Facebook, Twitter, Microsoft, and Google have teamed up in an endeavor to make data transfer across various platforms easier and safer. The new initiative is called the Data Transfer Project (DTP) and it is an open source project that helps users seamlessly transfer data across multiple online services without facing privacy issues. It sounds like a fantasy superhero team up. How will the DTP will do:
“According to Damien Kieran, Data Protection Officer at Twitter, most of the online services we use right now do not interact with each other in a coherent and intuitive fashion. Formed in 2017, the DTP is expected to bridge this gap and introduce service-to-service data portability through its open-source platform.
The project is expected to roll out in phases, starting with ensuring data portability from one service to another with encrypted signups, said Steve Satterfield, Privacy and Public Policy Director at Facebook.”
The DTP is a great idea, because how many times do you need to upload, download, reupload, and change file formats with your data? Transfer fluidity across many platforms is a must, especially with mobile technology, but privacy is even more important as users share their data across a wider physical and digital expanse. There are also new data protection laws, such as ones introduced in the EU, and the DTP will hopefully write the necessary legal jargon to protect the user and prevent the companies from breaking the laws.
It is a great accomplishment that these four companies are working together. Hopefully it is for good and not the all mighty dollar.
Whitney Grace, November 21, 2018
—
Who Is a Low Risk Hire?
November 21, 2018
Last week, a person who did some contract work for me a year ago asked me if I would provide a reference. I agreed. I assumed that a caring, thoughtful human resources professional would speak with me on the telephone. Wrong. I received a text message asking me if I would complete questions. Get this. Each text message would contain a question about the person who sought a reference. After I hit, send, I would receive another text message.
Wrong.
I was then sent a link to an online form that assured me my information was confidential. “Https” was not part of this outfit’s game plan. I worked through a form, providing scores from one to seven about the person. The fact that I hired this person to perform a specific job for me was evidence that the individual could be trusted. I am not making chopped liver or cranking out greeting cards. We produce training information for law enforcement and intelligence professionals.
I worked through the questions which struck me as worrying more about appearing to be interested in the individual than actually obtaining concrete information about the person. Here’s an example of what the online test reveals:
Yeah, pretty much useless. I am not sure what “adaptability” means. I tell contractors what I want. The successful contractor does that task and gets paid. A contractor who does not gets cut out of the pool. This means in politically incorrect speak: Gets fired.
I read “Public Attitudes Toward Computer Algorithms” a couple of days after going through this odd ball way to get information about a person working on law enforcement and intelligence related work. The write up makes clear that other people are not keen on the use of opaque methods to figure out if a person can do good work and be trusted.
Well, gentle reader, get used to this.
Human resources want to cover their precious mortgage, make a car payment, or buy a new gizmo at the Amazon online store. The HR professionals are not eager to be responsible for screening individuals and figuring out what questions to ask a person like me. For good reason, I am not sure I would spend more than two minutes on the phone with an actual HR person. For the last 30 years, I have worked as an independent consultant. My only interactions with HR are limited to my suggesting that the individual stay away from me. Fill out forms or something. Just leave me alone, or you will be talking to individuals whom I pay to make you go away. I have a Mensa paralegal who can tie almost anyone in knots.
Several observations:
- Algorithms for hiring are a big, big thing. Why? Tail covering and document trails that say, “See, I did everything I could required by applicable regulations.” Forget judgment.
- The online angle is cheaper than having an actual old fashioned HR department. Outsource benefit reduction. Outsource candidate screening. Heck, outsource the outsourcing.
- No one wants to be responsible— for anything. Look at the high school science club management methods at Facebook. The founder is at war. Former employees explain that no one gave direction. Yada yada.
- The use of algorithms presumably leads to efficiencies; that is, lower costs, better, faster, cheaper, MBA and bean counter fits of joy.
Just as Apple’s Tim Cook sees nothing objectionable about taking Google’s money as Apple talks up its privacy / security commitment, algorithms make everything — including HR — much better.
Net net: I am glad I am old and officially cranking along at 75, not a hapless 22 year old trying to get a job and do a good job at a zippy de doo dah company.
Stephen E Arnold, November 21, 2018
Factualities for November 21, 2018
November 21, 2018
Believe ‘em or not.
- $1.17 million. Russian bank cash losses due to cyber attacks at Russian banks in the first eight months of 2018. Losses were down from $16.46 million in the same period in 2017. Source: Reuters
- 4,300. Number of blockchain start ups in the world. More than 200 are in Israel. Source: No Camels
- 35 million. Allegedly the number of US voter records for sale on the Dark Web. Source: TechRadar
- One. The number of Google pop up hardware stories in Bucktown, Illinois. Source: ABC 7 Chicago
- $2.2 billion. Size of the quantum computing market in 2025. Source: Site Pro News
- 33 percent. The percentage of university historians from ethnic minorities who experience discrimination. Source: Independent
Stephen E Arnold, November 21, 2018
Microsoft: Nibbling at Crime Fighting
November 20, 2018
Every year cyber crime is one the rise and digital security experts are always trying to stay one click ahead of their assailants. Microsoft is not the world’s leading expert in cyber security, but the company is investing in it. Fortune’s article, “Microsoft Pours Millions Into Startup That Nails Cybercriminals” explains more about the investment.
Microsoft invested $6.2 million in Hyas, a startup that specializes in identifying and taking down cybercriminals. Hyas’s CEO described his company’s mission as tracking down bad actors to their exact location so law enforcement can arrest them.
“In 2014, Davis founded Hyas, his third startup, out of his basement on Vancouver Island, Canada. The firm sells subscriptions to digital forensics software—called “Comox” after a town in the company’s home region of British Columbia—that helps security analysts investigate breaches.
We noted this statement:
‘Hyas is going beyond threat detection and providing the attribution tools required to actually identify and prosecute cybercriminals,’ said Matthew Goldstein, a partner at Microsoft’s M12, in a statement. He said that Hyas’s tech ‘will help take bad actors off the Internet, and lead to an overall decrease in cybercrime globally.’”
Hyas works based on its relationships with infrastructure providers and combining the insights it receives from the infrastructure providers with malware analysis, threat intelligence, and mobile data. Davis plans to use Microsoft’s investment to increase its new products and offer Hyas services to a more diverse clientele.
Whitney Grace, November 20, 2018
Data Science Gets Political
November 20, 2018
With the near ubiquitous use of big data science in every industry short of rock hunting, it was inevitable that there would be blowback. Recently, many tech companies began to feel some political heat due to their involvement with immigration agencies. We learned more from a recent Mercury News story, “Bay Area Cities May Boycott Tech Giants Contracting With ICE.”
According to the story:
“The policy comes as the local immigration debate shifts toward several prominent tech companies — including Palo Alto’s Palantir Technologies, Vigilant Solutions in Livermore and Amazon, which have been criticized for contracting with federal immigration agencies. Last week, advocates descended on Salesforce’s annual conference in San Francisco with an 14-foot-tall cage symbolizing ICE detention to protest the company’s contract with Customs and Border Protection.”
If this sounds a little farfetched or even unlikely, pay close attention to similar actions in Europe. There, when people pushed back against the intersection of politics and big data, it began to impact finances. And when pocketbooks begin to suffer, you can guarantee companies take notice. We don’t yet know if the same will happen in America, but we have a hunch this issue won’t vanish quietly.
Patrick Roland, November 20, 2018
DarkCyber for November 20, 2018, Now Available: Part Four, Amazon Poised for Policeware Growth
November 20, 2018
DarkCyber for November 20, 2018, is now available at http://www.arnoldit.com/wordpress and on Vimeo at https://vimeo.com/301440474.
In this week’s program (the fourth in the DarkCyber four part series about Amazon’s new services), Stephen E Arnold reveals how the sense making and analytics system will allow Amazon to expand its services into regulatory agencies in the US and in other countries.
Amazon’s push into policeware enables a broad market push. In addition to serving the US government, Amazon’s technology for advanced intelligence analysis allows the company to provide regulatory agencies with high value ways to fulfill their mission. The Securities & Exchange Commission and the Internal Revenue Service could become customers of the Amazon GovCloud based system.
Real time information processing and powerful analytics like cross correlation across disparate data sources can reduce costs and improve the efficiency of the agencies’ enforcement efforts.
Stephen E Arnold said, “Amazon’s push to provide services to a major US intelligence agency and to win the Department of Defense cloud computing contract worth about $5 billion are significant. Amazon’s apparent goal is to disrupt and then displace existing vendors of similar services. Amazon is well positioned to rework in a radical way the way city, county, state, and federal government agencies perform analytic and intelligence related work. Furthermore, Amazon’s platform reaches the UK law enforcement community, and it could migrate to Canada, New Zealand, and Australia as well. The impact of Amazon’s policeware is likely to be far more significant than a single JEDI contract.”
The final video in this DarkCyber series makes clear that Amazon has a strategic objective for its machine learning and advanced analytics platform.
In addition, commercial enterprises may seek to make sense of their business related data and information. Financial services firms and pharmaceutical companies are among the most information intensive businesses. Amazon could easily become a disruptive force in the traditional business intelligence market.
For more information about our for fee webinars about Amazon policeware, please, write benkent2020 at yahoo dot com.
Kenny Toth, November 20, 2018