Email Marketers Get a Wake Up Call from Amazon
April 26, 2021
Email marketing. Decent business. Not too exciting. Wrong.
“Amazon Is Loosening Its Grip on Customers and Letting Some Sellers Reach Out to Them” suggests that some email marketing agencies either have a challenge or an opportunity. The write up states:
Amazon began piloting a tool that enables U.S. companies that are part of its Brand Registry program to email marketing materials to shoppers who have opted to “follow” their brands. These companies can then notify those shoppers when they launch a new product or promotion.
A small and logical start. However, a question not frequently asked is:
How many email addresses does Amazon have?
Amazon does not say, but it does have some information flows which can be filtered to provide email addresses. The metadata for each “object” can provide the type of hooks of interest to those needing to do direct marketing.
I will review some of Amazon’s sources of data in my lecture on April 28, 2021, at the National Cyber Crime Conference. I have a diagram assembled from open source information. Combined with the AWS cross correlation capability, Amazon’s email baby step could lead to a marathon runner’s stride. I offer a for fee, non law enforcement/intelligence professional version of this lecture. You can inquire about the information by writing benkent2020 at yahoo dot com. Just put Amazon in the subject line.
Stephen E Arnold, April 26, 2021
Digital 2021: Lots of Numbers
April 23, 2021
One of the Beyond Search team called my attention to the We Are Social / Hootsuite “Digital 2021 April Global Statshot Report.” The original link did not resolve. After a bit of clicking around, we did locate the presentation on the outstanding SlideShare service. No, the SlideShare search function did not work for us, but we know that it will return to its glory soon. Maybe real soon perhaps?
The report with the numbers is located at this link. If that doesn’t work, there is an index located at this link. If these go dead, you can give the We Are Social / Hootsuite explainer at this Datareportal link.
After that bit of housekeeping, what is the “Digital 2021 April Global Statshot Report”? The answer is that it is:
All the latest stats, insights, and trends you need to make sense of how the world uses the internet, mobile, social media, and ecommerce in April 2021. For more reports, including the latest global trends and in-depth local data for more than 240 countries and territories around the world, visit https://datareportal.com
As readers of this blog have heard, “all” is a trigger word. I want to know how many Dark Web encrypted message services are operated by state actors, not addled college students. Did I find the answer? Nope. So the “all” is baloney.
The report does provide assorted disclaimers and numerous big numbers; for example, 55.1 percent of 7,850,000,000 people are active social media users. Pretty darned exact. When I was on a trip to Wuhan, China, I was told by our government provided guide, “No one is sure how many people live in Wuhan. There are different methods of counting.” If China can’t deal with counting, I am curious how precise numbers are generated for a global report. Eastern Asia (possibly China?) accounts for 25.1 percent of global Internet users by region. Probably doesn’t matter in the context of a 200 page report in PowerPoint format.
Other findings which jumped out at me as I flipped through the deck which has taken its inspiration from Mary Meeker’s Internet Trends Report last seen in 2019.
- Mobile users are 92.8 percent of the total number of Internet users and mobile phones account for 54.18 percent of Web traffic
- The zippiest Internet is located in the UAE
- Google’s search market share is 92.4 percent. Qwant, which allegedly caused Eric Schmidt to lose sleep, does not appear in the search engine market share table
- 98 percent of Internet users visit or use social networks
- TikTok is the 7th most used social platform but the data come from TikTok, an outfit which is probably the gold standard in reliable information.
The reportal document does not explain what these data mean.
Here’s my take: The data provide many numbers which make clear three points:
- Mobile is a big deal
- Facebook and Google are bigger deals
- Criminal activity within these data ecosystems warrants zero attention.
The reportal’s data are free too.
Stephen E Arnold, April 23, 2021
The Internet Archive Dons a Scholar Skin
April 23, 2021
Some of today’s biggest social faux pas are believing everything on the Internet, clicking the first link in search results, and buying items from questionable Internet ads. It is easy to forget that search engines like Google and Bing are for-profit search engines that put paid links at the top of search results. What is even worse is scientific and scholarly information is locked behind expensive paywalls.
Wikipedia is often believed to be a reliable source, but despite the dedication of wiki editors the encyclopedia is not 100% accurate. There are free scholarly databases and newspapers often have their archives online, but that information is not widely known.
Thankfully the Internet Archive is fairly famous. The Internet Archive is a non-profit digital library that provides users with access to millions of free books, music, Web sites, videos, and software. They also allow users to peruse old Web sites with the Wayback Machine.
The Internet Archive recently introduced a brand new service that is sheer genius: Internet Archive Scholar. It is described as:
“This full text search index includes over 25 million research articles and other scholarly documents preserved in the Internet Archive. The collection spans from digitized copies of eighteenth century journals through the latest Open Access conference proceedings and pre-prints crawled from the World Wide Web.”
Why did no one at the Internet Archive think of doing this before? It is a brilliant idea that localizes millions of scholarly articles and other information without paywalls, university matriculation, or a library card. Most of the information available through the Internet Archive Scholar would otherwise remain buried in Google search results or on the Web, like old books gathering dust on library shelves.
Internet Archive Scholar is still in the beta phase and enhancements are a positive step.
Whitney Grace, April 23, 2021
Alphabet: Another PR Hit Related to Raising Prices and Changing the Google Rules?
April 23, 2021
Here in Harrod’s Creek, everyone — and I mean everyone, including my phat, phaux phrench bulldog — loves Google. After reading “Why I Distrust Google Cloud More Than AWS or Azure” it is quite clear that the post in iAsylum.net is authored by someone who would find our Harrod’s Creek perception off base.
The write up contains some salty language. On the other hand, there are a number of links to information supportive of the argument that Google cannot be trusted. Now trust, like ethics, is a slippery fish. In fact, I am not sure my trust checkbook has much value today.
The main point of the iAsylum write up is that Alphabet Google cannot be trusted. The principal reasons are that Google changes prices and acts in capricious ways. Examples range from Google Map fees to the GOOG’s approach to developers.
The most painful point for us lovers of all things Google was the question in the essay:
Will Google Cloud even exist a decade from now?
That’s a difficult question to answer. Some companies are predictable. Amazon’s Bezos bulldozer moves in quite specific directions. True, it can swerve to avoid a large rock, but for the most part, the Bezos bulldozer’s actions are not much of a surprise. Got a hot product? Amazon may just happen to have one too. No surprises.
Google is unpredictable. There’s the HR and ethics mess in the AI unit. There’s the spate of legal challenges about the firm’s approach to advertising. There’s the search service which returns some darned interesting results, often not related to the query the user submitted.
For those of us in Harrod’s Creek, worries about the future should be factored into our lives. But for now, we love those Google mouse pads. Our last remaining mouse pad is now yellowed and cracking. But it once was a spiffy thing.
Let me rephrase the iAsylum question:
Will Google Cloud evolve like my Google mouse pad?
Stephen E Arnold, April 23, 2021
US Fights Digital Taxes With Import Taxes
April 23, 2021
The United Kingdom, Spain, Italy, Turkey, Austria, and India are six countries levying a digital service tax own social media companies, search engines, and online retailers. Most of these companies are American. The Office of the US Trade Representative (USTR) conducted a six-month investigation and decided the new digital tax “unreasonable, or discriminatory and burdens or restricts US commerce.” Roll Call explains how the Biden Administration plans to handle the digital tax: “US Confronts ‘Digital Dagger’ From Overseas Aimed At Top Tech Companies.”
The Biden administration plans to leverage a 25% tariff on imported goods from the six countries. The European Union, Indonesia, Brazil, and the Czech Republic might adopt similar taxes. Trump’s administration had the USTR investigate France’s digital taxes and came to the same conclusion, but did not respond following an ongoing investigation with Organization of Economic Cooperation (OECD) and Development and the G-20 group.
The USTR wants to develop a solution with the OECD, but it comes with tons of baggage:
“The friction between the United States and its top tech companies and the rest of the world stems from how the global economy has shifted toward a model in which companies based in one country earn profits from delivering services to citizens of another country without establishing a physical presence, said Clete Willems, a partner in the law firm of Akin, Gump, Strauss, Hauer & Feld LLP who served in the White House as a top trade adviser during the Trump administration. The OECD has been discussing how to determine taxing rights when companies have no physical presence in a country and which companies should be considered digital entities…”
American companies feel targeted because they are reaping the profits of their handwork, but the foreign countries are not getting needed tax revenue to fund their own economies. It is not a digital dagger, but a double edge sword.
Whitney Grace, April 23, 2021
Signal and Cellebrite: Raising Difficult Questions
April 22, 2021
Signal published an summary of its exploration of the Cellebrite software. Founded in Israel and now owned by the Japanese company Sun Corporation, Cellebrite is a frequent exhibitor, speaker, and training sponsor at law enforcement and intelligence conferences. There are units and subsidiaries of the company, which are not germane to this short blog post. The company’s main business is to provide specialized services to make sense of data on mobile devices. Yes, there are other use cases for the company’s technology, but phones are a magnet at the present time.
“Exploiting Vulnerabilities in Cellebrite UFED and Physical Analyzer from an App’s Perspective” makes clear that Cellebrite’s software is probably neither better nor worse than the SolarWinds, Microsoft Exchange Server, or other vendors’ software. Software has bugs, and once those bugs are discovered and put into circulation via a friendly post on a Dark Web pastesite or a comment in a tweet, it’s party time for some people.
Signal’s trope is that the Cellebrite “package” fell off a truck. I am not sure how many of those in my National Cyber Crime 2021 lectures will find that explanation credible, but some people are skeptics. Signal says:
[Cellebrite’s] products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.
The write up then points out vulnerabilities. The information may be very useful to bad actors who want to configure their mobile devices to defeat the Cellebrite system and method. As readers of this blog may recall, I am not a big fan of disclosures about specialized software for certain government entities. Others — like the Signal analysts — have a different view point. I am not going to get involved in a discussion of this issue.
What I want to point out is that the Signal write up, if accurate, is another example of a specialized services vendor doing the MBA thing of over promising, overselling, and over marketing a cyber security solution.
In the context of the cyber security threat intelligence services which failed to notice the not-so-trivial SolarWinds, Microsoft Exchange Server, and Pulse Secure cyber missteps — the Signal essay is important.
Let me express my concern in questions:
What if the cyber security products and services are not able to provide security? What if the indexes of the Dark Web are not up to date and complete so queries return misleading results? What if the auto-generate alerts are based on flawed methods?
The cyber vendors and their customers are likely to respond, “Our products are more than 95 percent effective.” That may be accurate in some controlled situations. But at the present time, the breaches and the Signal analysis may form the outlines of a cyber environment in which expensive cyber tools are little more than plastic hammers and saws. Expensive plastic tools which break when subjective to real world work.
Stephen E Arnold, April 22, 2021
Did You Know You Had a LexID? No. Worth Checking Maybe
April 22, 2021
With ICE’s contract with Thomson Reuters’ CLEAR expiring, The Intercept reports, “LexisNexis to Provide Giant Database of Personal Information to ICE.” Apparently the company could not resist the $16.8 million contract despite downplaying its ties to the agency in the past. Once focused on providing data to legal researchers and law firms, reduced sales compelled LexisNexis to branch into serving law enforcement. The firm will be supplying Homeland Security agents with billions of records that aggregate data from sources both public and private, like credit histories, bankruptcy records, license plate photos, and cell phone subscriber info. Naturally, these profiles also come with analytics tools. Reporter Sam Biddle writes:
“It’s hard to wrap one’s head around the enormity of the dossiers LexisNexis creates about citizens and undocumented persons alike. While you can at least attempt to use countermeasures against surveillance technologies like facial recognition or phone tracking, it’s exceedingly difficult to participate in modern society without generating computerized records of the sort that LexisNexis obtains and packages for resale. The company’s databases offer an oceanic computerized view of a person’s existence; by consolidating records of where you’ve lived, where you’ve worked, what you’ve purchased, your debts, run-ins with the law, family members, driving history, and thousands of other types of breadcrumbs, even people particularly diligent about their privacy can be identified and tracked through this sort of digital mosaic. LexisNexis has gone even further than merely aggregating all this data: The company claims it holds 283 million distinct individual dossiers of 99.99% accuracy tied to ‘LexIDs,’ unique identification codes that make pulling all the material collected about a person that much easier. For an undocumented immigrant in the United States, the hazard of such a database is clear.”
Biddle notes that both LexisNexis and Thomson Reuters are official data partners of Palantir, which insists it is not, itself, a data company. It is, however, a crucial partner to law enforcement agencies at all levels across the US, as well as the security departments at several corporations. The firm supplies its clients, including ICE, with huge datasets, analysis tools, and consultants to help organizations track anyone of interest. Despite these partnerships, both Thomson Reuters and LexisNexis have largely escaped the controversy that has surrounded Palantir.
Biddle has trouble reconciling LexisNexis’ new contract with its insistence it is actually on the side of detainees because it supplies them with access to an e-library of legal materials. For its part, the firm takes pains to note the contract complies with President Biden’s Executive Order 13993, which revised immigration enforcement policies and DHS interim guidelines. We are reminded, though, that despite the new occupant of the Oval Office, those running ICE remain the same. It is their hands into which this astounding trove of personal data is being delivered.
Cynthia Murrell, April 22, 2021
Confirmed: Deloitte Cooperated with the DOJ on HPE Autonomy Case
April 22, 2021
The ghost of Arthur Andersen appeared I think.
Now we know why HPE (formerly HP) stopped making noise about suing auditing firm Deloitte for its role in the decision to buy Autonomy in 2011, which HPE famously came to regret. Forced to write down Autonomy’s value by $8.8 billion in 2012, HPE claimed the software firm and auditors at Deloitte had misrepresented its value. There were questions of whether HPE did its own due diligence before making its purchase, but the firm proceeded to take those it blamed to court. Autonomy’s CFO Sushovan Hussain was sentenced to five years in jail in 2019, and the case against CEO Mike Lynch is (oh so slowly) proceeding. Now The Register reveals, “Deloitte Settled HPE’s Autonomy Lawsuit for $45m Back in 2016 and Agreed to Cooperate with US DOJ.” Writer Gareth Corfield tells us:
“The amount of the settlement is less than 1 per cent of the $5bn for which HPE is pursuing Lynch and Hussain. Although HPE and Deloitte signed a confidentiality agreement over the $45m, its main details were hiding in plain sight inside the last ever accounts filed by Autonomy Corporation Ltd (ACL) before it was merged away into HPE’s corporate structure, becoming known as ACL Netherlands BV. A letter previously sent by HPE’s lawyers to Deloitte in 2014 alleged ‘there is evidence that Deloitte was complicit in aspects of the misstatements in Autonomy’s published information’. That allegation would never be tested in court, though Britain’s accounting regulator eventually found it proven. Public knowledge of the settlement sum also sheds light on why Deloitte was never a co-defendant with Lynch and Hussain in the High Court, despite the auditor being an obvious target for HPE following allegations of false accounting at Autonomy.”
When HPE filed its suit against Lynch and Hussain in 2015, it left open the option to include Deloitte but mysteriously withdrew that potential the next year. Now Corfield confirms that, as suspected, those at Deloitte who had worked on the account signed an agreement to cooperate with the Department of Justice. It specified that Deloitte admitted no wrongdoing or liability, and the firm granted HPE’s lawyers complete access to its Autonomy audit papers and emails. It is suspected that the court would have ruled against Deloitte had it not cooperated, and that by doing so the firm avoided damage to its reputation. Perhaps. But consider—whom do you want as your tax advisor?
Cynthia Murrell, April 22, 2021
Verizon in Baby Bell Mode
April 22, 2021
When most users have already moved on, why bother to fix what’s broken? We suspect that is what Verizon is thinking as we read the piece, “Of Course Yahoo Answers Is Shutting Down—Just Look at Its Vile ‘Trending’ Section’” at TNW. We learn that Yahoo Answers will completely shut down by May 4, and users have until April 20 to post any questions or answers. Users’ data will be downloadable until June 30. Reporter Ivan Mehta writes:
“It’s not hard to guess why the site is shutting down. Over the years, it has lost relevance and people have moved to other question-answer platforms such as Quora [and Reddit]. As The Verge and USA Today noted, Yahoo Answers has become a home for far-right conspiracies. In a note sent to its users, Yahoo admitted that the site has ‘become less popular over the years as the needs of our members have changed.’ Take a look at the current trending section and question suggestions. It’s filled with hateful garbage trying to rile up people. And the answers to those questions read like they’ve been generated by a trolling bot farm.”
See the write-up for its sample of said hateful garbage. Better moderation may have saved the site, but that ship has sailed. Mehta muses that the current kerfuffle around Section 230 may have helped convince Verizon to shutter the site. Best to avoid being entangled in that turmoil, especially if one’s site is awash in problematic content.
Cynthia Murrell, April 22, 2021
Financial Warfare: Another View of FinTech
April 21, 2021
I usually ignore articles about big finance and international wheeling and dealing. I did read “China’s Digital Yuan Displaces the Dollar.” The headline struck me as misleading and somewhat deceptive. You will have to read the original write up and make your own decision.
I am not going to walk through the argument and the facts supporting the point of view in the essay. I will cite one interesting passage:
The $16 trillion of offshore dollar deposits at international banks won’t turn into the equivalent amount of Chinese Yuan. Instead, that $16 trillion will shrink to a small fraction of its present volume, because the Big Tech/fintech revolution will make them redundant. Instead, as Morgan Stanley analysts explained this week, “banks will lose their deposit base” as digital currencies replace their most basic functions.
Let’s assume that this assertion is correct.
From an intelligence perspective, consider these questions:
- What’s the impact of the US printing dollars to cover Covid et al?
- What happens if China takes direct action to add Taiwan to its collection of entities?
- What happens if Russia annexes Ukraine?
- What happens if these events occur at the same time?
I try to stick to online information in this blog. Therefore, one final question:
What happens if the cyber attacks based on SolarWinds, Exchange Server, Pulse Secure, and similar entities move into a new phase of active aggression?
Maybe Texas power problems on steroids? Thumbtyping and sucking down YouTube and TikTok content might become problematic. ATMs are online devices and possibly vulnerable.
Stephen E Arnold, April 21, 2021