The Atlas of Surveillance: An Interesting First Attempt
July 22, 2020
Here is an interesting resource. The digital privacy organization Electronic Frontier Foundation has published an “Atlas of Surveillance: Documenting Police Tech in Our Communities.” Here one can find information on law-enforcement tech across the US, like drones, body cameras, automated license place readers, and facial recognition tools. Compiled by over 500 students and volunteers, the project incorporates datasets from public and non-profit sources. The Methodology page specifies:
“The data contained in the Atlas of Surveillance is open-source intelligence, or OSINT. This is a term used to describe gathering information that already exists online—from news stories, social media posts, press releases, or documents buried in government websites, often turned up through using advanced search engine techniques.”
Specifically, they use a combination of crowdsourcing and data aggregation. To crowdsource, the team built a software tool that auto-distributes short (20-30 minute) research assignments to students and volunteers, who then report their findings. Many of these assignments are derived from GovSpend’s database of government procurement records. The project’s data aggregation component brings in public datasets from journalists, non-profit organizations, government agencies, and even surveillance vendors. They admit their atlas is not perfect:
“First, the information is only as good as the source: sometimes government agencies withhold information and sometimes journalists misinterpret information. It’s possible that while there is information about a technology being adopted, the technology was later abandoned, and no reporters wrote about it. With thousands of data points to go through, it is impossible to exhaustively fact-check each one, despite the multiple reviews by students and staff. In particular, documenting the use of face recognition has proven challenging because of the changing policy landscape that has resulted in local governments abruptly freezing or abolishing the use of biometric identification software. The Atlas should not be interpreted as an inventory of every technology in use. It only represents what our team documented after a year and a half of research.”
With that caveat, the collection of data does give a broad overview of the surveillance technology now available to law enforcement agencies. Anyone who has not been keeping up is in for a startling surprise.
Cynthia Murrell, July 22, 2020
Untangling Streaming: Responses to a Huge Web Search Fail
July 22, 2020
More and more users rely on a patchwork of internet streaming services for their video entertainment. Anyone who subscribes to several of these knows the time-wasting tedium of combing through different menus, each with a different UI, just to find something to watch. With even more proprietary streaming services on the horizon, it seems that problem is poised to grow. However, there are at least two apps that provide viable solutions—Reelgood and JustWatch. “These Two Underdog Apps Have Solved Streaming TV’s Biggest Headache,” Fast Company observes. Writer Jared Newman reports:
“Instead of making you bounce between disparate apps, both services can tell you what’s available on practically any streaming service. You can then add movies and shows to a watch list, get more suggestions based on your viewing habits, and even load their apps on your television to use as a centralized streaming menu. Compared to the app overload of most streaming devices, the universal guides offered by JustWatch and Reelgood seem like the ideal way to watch TV in the streaming era.”
Sounds helpful. But why does it take “underdog” apps to do what common sense suggests devices like Roku and Amazon Fire TV should already offer? There are several business reasons, we’re told, like Netflix’s resistance to the aggregation of its content or the fact that streaming services pay for placement on those platforms. As for Reelgood and JustWatch, they each have their own business models. It comes as no surprise that each involves user data. Newman writes:
“JustWatch says that … about 70% of its revenue comes from targeting users with movie trailers based on their viewing habits. For every movie or TV show users click on, JustWatch builds up a taste profile, then separates users into anonymized groups based on what they might like. Movie studios such as Universal and Paramount then give JustWatch a budget to target users with relevant video trailers on sites like Facebook and YouTube. … Reelgood, meanwhile, started from more of a Silicon Valley mindset of building up the product first and finding ways to monetize it later. Sanderson, a former ad product manager at Facebook, initially thought that would take the shape of recommendation-style targeted ads within the service, but lately the company’s been leaning more into selling access to its data.”
See the write-up for more on the business considerations and plans for each of these entities, big and small. There are other notable players in this arena, including TV Time, Simkl, Watchworthy, Wander, and VUniverse. It will be interesting to see where the market, and the technology, go from here.
Cynthia Murrell, July 22, 2020
Jargon Alert: Direct from the Video Game Universe
July 22, 2020
I scanned a write up called “Who Will Win the Epic Battle for Online Meeting Hegemony?” The write up was a rah rah for Microsoft because, you know, it’s Microsoft.
Stepping away from the “epic battle,” the write up contained a word from the video game universe. (It’s a fine place: Courteous, diverse, and welcoming.)
The word is “upleveled” and it was used in this way:
Upleveled security and encryption. Remote work sites, especially home offices, have become a prime target for a surge in cybersecurity attacks due to their less hardened and secure nature.
A “level” in a game produced the phrase “level up” to communicate that one moved from loser level 2 to almost normal level 3. That “jump” is known as a “level up.”
Now the phrase has become an adjective as in “leveled up.”
DarkCyber believes that the phrase will be applied in this way:
That AI program upleveled its accuracy.
Oh, and the article: Go Microsoft Teams. It’s an elephant and one knows what elephants do. If you are near an elephant uplevel your rubber boots. Will natural language processing get the drift?
Stephen E Arnold, July 22, 2020
Data Flow: Getting More Expensive and Non Real Time
July 22, 2020
DarkCyber does not have a dog in this fight. We want to point you to “Top EU Court Ditches Transatlantic Data Transfer Deal.” The write up states:
Europe’s highest court ruled on Thursday [July 16, 2020] that a transatlantic data transfer deal is invalid because of concerns about US surveillance in a decision that could disrupt thousands of companies that rely on the agreement. The ruling effectively ends the privileged access companies in the United States had to personal data from Europe and puts the country on a similar footing to other nations outside the bloc, meaning data transfers are likely to face closer scrutiny.
There are work arounds; however, these add bureaucratic friction and mean that real time data access may be less real time. “Old” data is often “useless” data.
Stephen E Arnold, July 22, 2020
A Twitch Tale: Modern Life, a Debit Card, and Cluelessness
July 21, 2020
DarkCyber spotted an item in one of our feeds because the word “fraud” appeared in the document. The content object was “Teenager Takes $20,000 of Parents’ Money, Gives It to Twitch Streamers.” The write up explains:
the minor spent years of savings in just 17 days using a debit card. The boy paid for subscriptions, which can go as high as $24.99 per month, bought Bits—virtual goods used to Cheer in chat messages—and made uncapped donations to various streamers. Speaker to Dot Esports, the mother said that $19,870.94 was charged to a debit card between June 14 and 30.
Banks view this type of activity as a type of chargeback fraud. A consumer makes a purchase and then requests a chargeback after receiving the product or service.
One question is, “What about those parents?” Another is, “Should Twitch have a more fine grained system in place to prevent those under a certain age from spending above a threshold?”
The Twitch question could be answered with an algorithm or a simple rule based system. The gain for the Twitchers who received some financial love from a follower is good news… for them. For the parents, bad news. Perhaps the alleged adults should look into the concept of a pre-paid debit card with a hard limit? For now, it is hasta la vista $20K. For the teen? Probably back online and absorbing video streams.
And Amazon Twitch? Just another day of “good enough” safeguards for users, their parents, and talent formerly known as Dr. Disrespect, whose name has a certain je ne sais quoi.
Stephen E Arnold, July 21, 2020
Facebook: Grudgingly Takes Steps Toward Adulthood
July 21, 2020
I read “FB Says Open to Be Held Accountable over Users’ Data.” The write up reports:
Admitting that it does not have all the answers when it comes to ensuring data privacy, Facebook has said there are many opportunities for businesses and regulators to embrace modern design methods and collaborate to find innovative ways to hold organizations, including itself, accountable.
Interesting. Facebook was founded in 2004. Sixteen years old and ready for a drivers license. Baby steps are good.
Stephen E Arnold, July 21, 2020
A Survey of Prices from the Dark Web
July 21, 2020
The Dark Web may not be the giant repository of badness that some popularizers of sci-fi assert, but it is a challenge for some enforcement professionals.
As important as our personal and financial information is to each of us, it can come as a surprise how cheaply some hacked data can be purchased on the Dark Web. After considerable research, Privacy Affairs illustrates this point in its “Dark Web Price Index 2020.” Reporter Miguel Gomez writes:
“The privacy offered by software such as TOR creates an environment where criminals can sell their wares on the dark web without the worry of law enforcement. What’s more, many will have heard the horror stories of people’s bank accounts being cleaned out, or their identity stolen and turning up in custody in Mexico. Again, not unjustified horror. You might be asking yourself, just how easy is it to obtain someone else’s personal information, documents, account details? We certainly were. Whilst there are many marketplaces on the dark web, there are even more forum posts warning of scammers. This makes verified prices difficult to obtain without ordering the items to find out, which of course we didn’t. Our methodology was to scan dark web marketplaces, forums, and websites, to create an index of the average prices for a range of specific products. We were only interested in products and services relating to personal data, counterfeit documents, and social media.”
The researchers compiled eye-opening lists of products and going rates; interested readers should navigate there to view the entire roster. A few examples: credit card details for an account with a balance of up to $5,000 for just 20 bucks; a hacked Twitter account for $49; a 24-hour-long DDoS attack against an unprotected website, at 10-50k requests per second, for $60. Considerably more expensive, though, are passports from the US, Canada, or Europe at $1,500 or quality malware attacks at 1,000 for $1,400 – $6,000.
The article includes a few interesting details alongside the prices, like the fact that vendors usually guaranteed 8 out of 10 stolen credit cards would pay off as advertised. Also, PayPal account details were very common and cheap, but actual transfers from a hacked account were more pricy. And apparently counterfeit bills are extremely common, with the highest quality ones costing about 30% of their fake value. They even come with a “UV pen test guarantee.” See the write-up for more curious, if concerning, details.
Cynthia Murrell, July 21, 2020
Twitter Adulting: Copyright and the President of the United States
July 21, 2020
Imagine. Twitter has procedures which automate a portion of its copyright vigilance. (DarkCyber is not so sure about Twitter’s hiring practices and the internal security of its system, but the copyright function may be working.)
“Twitter Disables Trump Tweet over Copyright Complaint” presents as accurate and “real” news this statement:
Twitter removed the video, which Trump had retweeted from White House social media director Dan Scavino, after it received a Digital Millennium Copyright Act notice from Machine Shop Entertainment, according to a notice posted on the Lumen Database which collects requests for removal of online materials. Machine Shop is a management company owned by the rock band Linkin Park, according to its LinkedIn page.
DarkCyber hopes that Twitter will bring similar diligence to its security, management, and governance of a firm which occupies an interesting, if not secure, place in the pantheon of social media luminaries.
As Linkin Park sang:
Go, stop the show
Choppy words…
Indeed, but the DarkCyber team would substitute the word “tweety” for choppy. But we are not song writers or exceptional tweeters.
Stephen E Arnold, July 21, 2020
Need Global Financial Data? One Somewhat Useful Site
July 21, 2020
If you need a financial number, you may not have to dig through irrelevant free Web search results or use your Bloomberg terminal to find an “aggregate” function for the category in which you have an interest. Yippy.
Navigate to “All of the World’s Money and Markets in One Visualization.” As you know, my skepticism filter blinks when I encounter the logical Taser “all.” I also like to know where, when, how, and why certain data are obtained. The mechanism for normalizing the data is important to me as well. Well, forget most of those questions.
Look at the Web page. Pick a category. Boom. You have your number.
Accurate? Timely? Verifiable?
Not on the site. But in a “good enough” era of Zoom meetings, a number is available. Just in a picture.
Stephen E Arnold, July 21, 2020
Shoploop: An Advertisingly Mash Up of Mobile, Influencers, Amazon, and TikTok
July 20, 2020
Google has a secret laboratory. It’s not the moon shot outfit. It’s not the Camelot of 20 percent time. Don’t tell anyone, please. The real hot stuff comes from Area 120.
The innovators have developed a completely original mobile application, which will be arriving on desktops soon.
Google has blended short videos with product demonstrations. A dash of Google Local makes the innovation come alive, or as alive as short videos can be.
Yes, there was a Shoploop Web site and even a Facebook page. The secret name of the Area 120 innovation is not exactly original.
According to Google, Shoploop is an entertaining new way to shop online.
“Google’s New Video-Shopping App Is Like a Telemarketing Channel for Influencers” reports:
It’s no secret that Google has a tight grip on the online shopping market. From its Shopping section in Search, and its large ad network, to numerous product reviews on YouTube, the company has become a staple of online consumerism. And now the company wants to capitalize on its dominance in the market with a new shopping app.
Those are bold statements. DarkCyber’s inflows of information suggest that online shopping has undergone a bit of a shift in the last 24 months; namely, Amazon’s share of product searches has continued to increase. One source hinted that Google’s product search traffic has dropped by double digits in the last six months. Perhaps DarkCyber’s source has missed the email that Google has a “tight grip on the online shopping market”?
The write up explains:
Enter Shoploop, a video shopping platform for discovering, evaluating, and buying products all in one place. It’s basically like a social media platform built around product reviews and affiliate links. Users will be able to save products to check out later, or simply follow creators for more content.
Google, it seems, has invented a way to use people with YouTube traffic, product demos, short form videos, and a recycled name “Shoploop” to break through the boundaries of Japanese 20 something explaining how she spends her evening after work. Each of the food ingredients, slippers, and household objects can be purchased by a viewer.
A video Sears & Roebuck catalog!
The write up clarifies the insight:
Google says the idea for Shoploop came after its research showed that people often follow a very specific path to buying products. Once they come across something that catches their eye, they’ll often seek reviews from real people on other platforms like YouTube, and then circle back to an online shop to complete the purchase.
Gentle reader, you too can create videos, sell products, and ride the energy beam that will vaporize Amazon eCommerce. The write up reports:
At launch, the app will mainly focus on “categories such as makeup, skincare, hair and nails.” Google is also limiting access solely to content creators, publishers, and online store owners, but if you fit that description you can apply to be an exclusive creator by clicking here.
Imagine thousands of Twitch streamers abandoning the Amazon platform to create 90 second product demos. Think of the revenue flowing to Google if just a small percentage of Facebook users start making Shoploop videos. The curves in the Google Excel clone would make an MBA weep tears of joy.
DarkCyber believes that Shoploop is a revolutionary product in the manner of Stadia, not a bold move like Google Glass. You remember Google Glass, right?
Shoploop: Home shopping TV in TikTok format on a mobile device.
And advertising? DarkCyber did not overlook advertising. Everything Google does seems to focus on finding ways to put advertising in front of eyeballs.
But innovations like Shoploop can only emerge bright young minds combine ideas in Eureka! moments.
Oh, wait, a moment. Doesn’t Amazon offer videos like this one:
Yikes, Doesn’t Facebook do video too; for instance:
Area 120 has figured out the “me too” approach to innovation that’s evident. I definitely need a way to learn how to use male oriented cosmetics.
Stephen E Arnold, July 20, 2020