Google and Privacy: Our Way, Please

October 25, 2019

Google has made its privacy stance known. The Register reports, “Google Takes Sole Stand on Privacy, Rejects New Rules for Fear of ‘Authoritarian’ Review.” The company’s solitary “no” vote halted a proposed charter revision at the W3C’s Privacy Interest Group (PING). The proposed revision would have slightly changed the charter to allow for recommendations to be made to groups that set processes, consult reviews, and approve the progression of standards, as well as require considering existing standards alongside new ones, according to PING member and author of the original charter, Nick Doty. The vote had to have been unanimous to pass, and Google says it put its foot down to avoid “unnecessary chaos.” Writer Thomas Claburn reveals:

“As The Register has heard, the issue for Google is that more individuals are participating in PING and there’s been some recent pushback against work in which Google has been involved. In other words, a formerly cordial group has become adversarial. The required context here is that over the past few years, a broad consensus has been building around the need to improve online privacy. Back in 2014, not long after Edward Snowden’s revelations about the scope of online surveillance transformed the privacy debate, the Internet Engineering Task Force published an RFC declaring that pervasive monitoring is an attack on privacy. That concern has become more widespread and has led to legislation like the California Consumer Privacy Act (opposed by Google) and efforts by companies like Apple, Brave, and Mozilla to improve privacy by blocking ad tracking. ‘The strategic problem for Google, with Apple, Brave, Mozilla, Samsung all blocking tracking, is how to preserve their business advantages and share price while appearing to be “pro privacy,”’ said Brendan Eich, CEO of Brave, in a message to The Register.”

In a move some called “privacy gas lighting,” Google proposed a “privacy sandbox,” their plan to change the very way cookies work to preserve privacy without sacrificing advertisers’ tracking ability. Why would they go there before PING got the chance to review other specifications? There are already browser-based privacy protections that need standardization, Eich emphasizes, and the W3C is obliged to do so. Google did not respond the Register’s request for comment.

Cynthia Murrell, October 25, 2019

Blockchains: A Role in Human Trafficking Investigations?

October 25, 2019

Human trafficking is one of the greatest evils in history as well as modern day. The Internet facilitates easy communication human traffickers, but they do not conduct their business in plain sight. They use the dark web to cover their sadistic business tracks. The Next Web explains that human traffickers might be easier to find than before in, “How A Blockchain-Based Digital ID System Could Help Tackle Human Trafficking.”

It is estimated that 20-40 million people are human trafficked, bringing in profits of $150 billion a year. Those are outrageous numbers! Emerging technologies such as data sharing and blockchain are becoming the favorable way to traffic people, but these technologies could also save the victims.

Digital IDs would be the key to blockchain technology. Human trafficking victims are denied resources that could help them escape, such as phones, computers, and other mobile technology. The victims are also stripped of any physical identification like passports or driver’s licenses. What if victims had a digital ID, made unique due to a fingerprint or eye scan, that cannot be stolen and would be easy to track?

“Once this is saved on a blockchain, the information is immutable and as such can not be forged, meaning traffickers wouldn’t be able to tamper it or change a victim’s identity. A strategy often used by traffickers to get their victims across border controls.

Importantly, blockchain technology is also decentralized, meaning that the embedded data is far more secure than it would be on a centralized server.

As a borderless technology, blockchain ID documentation and tracking can take place anywhere — so long as the parties involved are able to cooperate and collaborate while pledging to input the correct data.”

In other words, it is still the work of science fiction, but the possibility to make it a reality is not that far off.

Whitney Grace, October 25, 2019

Security Industry Blind Spot: Homogeneity

October 24, 2019

Push aside the mewlings about Facebook. Ignore Google’s efforts to quash employee meetings about unionization. Sidestep the phrase “intelligent cloud revenue.”

An possibly more significant item appeared in “Information Security Industry at Risk from Lack of Diversity.” The write up states:

The Chartered Institute of Information Security (CIISec) finds that 89 percent of respondents to its survey are male, and 89 percent over 35, suggesting the profession is still very much in the hands of older men.

Furthermore, the security industry is wallowing in venture funding. That easy money has translated into a welter of security solutions. At cyber security conferences, one can license smart monitoring, intelligent and proactive systems, and automated responses.

The problem is that this security country club may be fooling itself and its customers.

The write up quotes from the CIISec report, presenting this segment:

“If the industry starts to attract a more diverse range of people whilst spreading awareness of the opportunity available, we could be well on the way to truly modernizing the industry,” adds Finch. “Key to all this will be both organizations and individuals having a framework that can show exactly what skills are necessary to fulfill what roles. This will not only help hire the right people. It will also mean that it the routes to progress through an individual’s career are clearly marked, ensuring that individuals who enthusiastically join the industry don’t over time become jaded or burn out due to a lack of opportunity.”

Partially correct opines DarkCyber. The security offered is a me-too approach. Companies find themselves struggling to implement and make use of today’s solutions. The result? Less security and vendors who talk security but deliver confusion.

Meanwhile those bad actors continue to diversify, gain state support, and exploit what are at the end of a long day, vulnerable organizational systems.

Stephen E Arnold, October 24, 2019

Automating Machine Learning: Works Every Time

October 24, 2019

Automated machine learning, or AutoML, is the natural next step in the machine learning field. The technique automates the process of creating machine learning models, saving data scientists a lot of time and frustration. Now, InfoWorld reports, “A2ML Project Automates AutoML.” Automation upon automation, if you will.

An API and command-line tools make up the beta-stage open source project from Auger.AI. The company hopes the project will lead to a common API for cloud-based AutoML services. The API naturally works with Auger.AI’s own API, but also with Google Cloud AutoML and Azure AutoML. Writer Paul Krill tells us:

“Auger.AI said that the cloud AutoML vendors all have their own API to manage data sets and create predictive models. Although the cloud AutoML APIs are similar—involving common stages including importing data, training models, and reviewing performance—they are not identical. A2ML provides Python classes to implement this pipeline for various cloud AutoML providers and a CLI to invoke stages of the pipeline. The A2ML CLI provides a convenient way to start a new A2ML project, the company said. However, prior to using the Python API or the CLI for pipeline steps, projects must be configured, which involves storing general and vendor-specific options in YAML files. After a new A2ML application is created, the application configuration for all providers is stored in a single YAML file.”

Krill concludes his write-up by supplying this link for interested readers to download A2ML from GitHub for themselves.

Cynthia Murrell, October 24, 2019

Attorneys Are Getting Better at Tech But There Are Still Some Challenges

October 24, 2019

The best attorneys put bad actors in prison, but in order to do that they need to gather evidence to support their cases in court. With the plethora of data types and sources, attorneys must organize it for quick recall, but data also comes with its own mistakes. JD Supra reveals the, “Top Five Data Collection Mistakes” and ways to avoid them in the litigation process.

There are two main data types: traditional and nontraditional. Users create traditional data, organize and place it in workflows. Nontraditional workflows comes from sources there have few or no collection or processing procedures. These usually come from social media, chat applications, cloud platforms, and text messages. Attorneys need to determine what data types they are handling in litigation, but be aware of potential mistakes.

The easiest mistake to make is not realize that different data types require different collection methods. Extracting information from a computer requires knowledge about its operating system and manufacturer. Cell phone data has its own complications, such as if the data is backed up on a cloud or if the vendor must be contacted to retrieve metadata. Discovering who owns data is another issue. Data is stored on personal devices, the cloud, third party systems, and more. Ownership becomes questionable as well as if data must be shared if not physically owned. Governance policies, customer workflows, and data maps are necessary in order to address data ownership.

Proportionality cannot be ignored. A court could rule that retrieving data outweighs its usefulness. Any data, however, could change a case:

“As always, the success of this argument will depend on the specific facts of a case. For example, one federal court held that a request for text messages was disproportional to the burden of collecting and producing them even though they had been produced in a pre-litigation investigation because the text messages only added minimal evidentiary value to the case. Litigators must be able to clearly articulate a proportionality argument in order to successfully avoid the production of minimally relevant/useful data.”

Misunderstanding proportionality is understandable, but not recognizing data structure and storage is a beginner’s mistake. In order for eDiscovery algorithms to work, they need to be programmed to scan data from different database structures and storage devices. Programming the algorithm wrong is the same as expecting a US electric appliance to work in another country. Data structure and storage is not universal. Attorneys need to remember to cover all data points, search everything. Another amateur mistake is forgetting to collect data that does not provide context for raw data, it is like trying to decipher a secret code without the cipher key.

These are simple mistakes to make, but with new technology and data types new mistakes will develop. Keeping abreast of new trends, technology, communication methods, and data laws will prevent them from appearing.

Whitney Grace, October 24, 2019

The Google: We Are Supreme Because We Say So

October 23, 2019

The quantum supremacy PR stunt is aloft. Navigate to “What Our Quantum Computing Milestone Means.” The write up does not mention self-serving public relations. Nope. Here’s an example:

While we’re excited for what’s ahead, we are also very humbled by the journey it took to get here. And we’re mindful of the wisdom left to us by the great Nobel Laureate Richard Feynman: “If you think you understand quantum mechanics, you don’t understand quantum mechanics.”

Aw, shucks. Google is just plain folk.

And the write up has a reminder to IBM, an outfit somewhat troubled by the supremacy thing:

As we scale up the computational possibilities, we unlock new computations. To demonstrate supremacy, our quantum machine successfully performed a test computation in just 200 seconds that would have taken the best known algorithms in the most powerful supercomputers thousands of years to accomplish. We are able to achieve these enormous speeds only because of the quality of control we have over the qubits. Quantum computers are prone to errors, yet our experiment showed the ability to perform a computation with few enough errors at a large enough scale to outperform a classical computer.

And Google sees an upside too:

Quantum computing will be a great complement to the work we do (and will continue to do) on classical computers. In many ways quantum brings computing full circle, giving us another way to speak the language of the universe and understand the world and humanity not just in 1s and 0s but in all of its states: beautiful, complex, and with limitless possibility.

Yep, our work. Let’s see. That includes:

  • Online advertising
  • Me too mobile phones
  • Hiring Microsoft executives
  • Implementing interesting management methods related to personnel- executive interaction
  • Employees sleeping in their vehicles.

Great stuff. Quantum PR.

Stephen E Arnold, October 23, 2019

Dumais on Search: Bell Labs Roots Are Thriving

October 23, 2019

We just love a genuine Search guru, and Dr. Susan Dumais is one of the best. The illustrious Dr. Dumais is now a Microsoft Technical Fellow and Deputy Lab Director of MDR AI. If you wanted to know the history of information retrieval, she would be the one to hear tell about it—and now you can, courtesy of the Microsoft Research Podcast. Both the 38-minute podcast itself and a transcript are posted at, “HCI, IR and the Search for Better Search with Dr. Susan Dumais.” The good doctor describes what motivates her in her work:

“I think there are two commonalities and themes in my work. One is topical. So, as you said, I’m really interested in understanding problems from a very user-centric point-of-view. I care a lot about people, their motivations, the problems they have. I also care about solving those problems with new algorithms, new techniques and so on. So, a lot of my work involves this intersection of people and technology, thinking about how work practices co-evolve with new technological developments. And so thematically, that’s an area that I really like. I like this ability to go back and forth between understanding people, how they think, how they reason, how they learn, how they find information, and finding solutions that work for them. In the end, if something doesn’t work for people, it doesn’t work. In addition to topically, I approach problems in a way that is motivated, oftentimes, by things that I find frustrating. We may talk a little bit later about my work in latent semantic indexing, but that grew out of a frustration with trying to learn the Unix operating system. Work I’ve done on email spam, grew out of a frustration in mitigating the vast amount of junk that I was getting. So, I tend to be motivated by problems that I have now, or that I anticipate that our customers, and people will have in general, given the emerging technology trends.”

She and host Gretchen Huizinga go on to discuss the evolution of search technology over the last twenty years, beginning with the first HTML page crawlers that indexed but a couple thousand queries per day. They also cover Dumais’ work over the years to build bridges, provide context in search, and bring changing content into the equation. We hope you will check out the intriguing and informative interview for yourself, dear reader.

Cynthia Murrell, October 23, 2019

Quantum Baloney Spat: IBM Dismisses the GOOG over Supremacy

October 23, 2019

I am not holding my breath for quantum computers which do something semi-useful. Science club experiments are interesting but not something welcomed in Harrod’s Creek, Kentucky.

Not long ago a Googler announced that the GOOG was king and queen of the quantum hill. “IBM Upends Google’s Quantum Supremacy Claim” suggests that Google’s statement and subsequent removal of the document containing the claim was baloney. Hence, the quantum baloney spat.

The capitalist’s tool states:

Dario Gil, head of IBM quantum research, described the claim of quantum supremacy as indefensible and misleading. In a written statement, he said, “Quantum computers are not ‘supreme’ against classical computers because of a laboratory experiment designed to essentially implement one very specific quantum sampling procedure with no practical applications.”

Why believe IBM, the master of the Watson hot air balloon?

The answer:

Yesterday, IBM published a paper that backed up their claim. The paper points out that Google made an error in estimating that a classical computer would require 10,000 years to solve the problem.

There you go. Two self published papers. Real news.

Forbes included a useful point:

According to IBM’s blog, “an ideal simulation of the same task can be performed on a classical system in 2.5 days and with far greater fidelity.”  The blog post went on to say that 2.5 days is a worst-case estimate. Additional research could reduce the time even further. Google’s 10,000-year estimate was overstated because of an erroneous assumption. They believed that RAM requirements for running a quantum simulation of the problem in a classical computer would be prohibitively high.  For that reason, Google used the time to offset the lack of space, hence their estimate of 10,000 years.

Cheese with that baloney?

Stephen E Arnold, October 23, 2019

TikTok: True Colors?

October 22, 2019

Since it emerged from China in 2017, the video sharing app TikTok has become very popular. In fact, it became the most downloaded app in October of the following year, after merging with Musical.ly. That deal opened up the U.S. market, in particular, to TikTok. Americans have since been having a blast with the short-form video app, whose stated mission is to “inspire creativity and joy.” The Verge, however, reminds us where this software came from—and how its owners behave—in the article, “It Turns Out There Really Is an American Social Network Censoring Political Speech.”

Reporter Casey Newton grants that US-based social networks have their limits, removing hate speech, violence, and sexual content from their platforms. However, that is a far cry from the types of censorship that are common in China. Newton points to a piece by Alex Hern in The Guardian that details how TikTok has directed its moderators to censor content about Tiananmen Square, Tibetan independence, and the Falun Gong religious group. It is worth mentioning that TikTok’s producer, ByteDance, maintains a separate version of the app (Douyin) for use within China’s borders. This suppression documented in the Guardian story, then, is specifically for the rest of us. Newton writes:

“As Hern notes, suspicions about TikTok’s censorship are on the rise. Earlier this month, as protests raged, the Washington Post reported that a search for #hongkong turned up ‘playful selfies, food photos and singalongs, with barely a hint of unrest in sight.’ In August, an Australian think tank called for regulators to look into the app amid evidence it was quashing videos about Hong Kong protests. On the one hand, it’s no surprise that TikTok is censoring political speech. Censorship is a mandate for any Chinese internet company, and ByteDance has had multiple run-ins with the Communist party already. In one case, Chinese regulators ordered its news app Toutiao to shut down for 24 hours after discovering unspecified ‘inappropriate content.’ In another case, they forced ByteDance to shutter a social app called Neihan Duanzi, which let people share jokes and videos. In the aftermath, the company’s founder apologized profusely — and pledged to hire 4,000 new censors, bringing the total to 10,000.”

For its part, TikTok insists the Guardian-revealed guidelines have been replaced with more “localized approaches,” and that they now consult outside industry leaders in creating new policies. Newton shares a link to TikTok’s publicly posted community guidelines, but notes it contains no mention of political posts. I wonder why that could be.

Cynthia Murrell, October 22, 2019

NordVPN: An Insecure Security Service?

October 22, 2019

In 2016, one of the DarkCyber research team signed up for NordVPN. We wanted to test several of the companies offering enhanced security products. After filling out the form in April 2016, the service did not activate. We heard from a person calling herself “Christina.” She was a floundering professional. We explained the misfire. The we heard from Zack in 2017 who wanted us to renew the service which was not available to the DarkCyber professionals. We concluded that NordVPN was more trouble than it was worth, and the company could take money via a credit card, fail to deliver the service, yet spam DarkCyber for a renewal. Now that’s more than foundering. That’s either clumsy, misguided, or what the Wall Street crowd calls Black Edge behavior.

We thought about Christine and Zack when we read “NordVPN Confirms It Was Hacked.” If the write up is accurate, the security company NordVPN is not completely secure. The write up reports:

NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.

We are fascinated with VPN services. Some are free and some like NordVPN seem to collect money and leave their systems vulnerable.

What’s our recommendation? DarkCyber thinks ignoring NordVPN might be a pre-installation step to consider.

Oh, Christine, when you take money, you should deliver the product. And, Zack, no, DarkCyber will not renew.

Why?

Read the articles about NordVPN finding itself which may be the digital equivalent of a security soup from a questionable cafeteria.

Stephen E Arnold, October 22, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta